improve signature probe avoid repeated code (#3169)

README_zh_CN.md

@@ -92,7 +92,7 @@ make
 添加一个或多个S3兼容的服务，请参考下面说明。`mc`将所有的配置信息都存储在``~/.mc/config.json``文件中。
 
 ```
-mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> <API-SIGNATURE>
+mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]
 ```
 
 别名就是给你的云存储服务起了一个短点的外号。S3 endpoint,access key和secret key是你的云存储服务提供的。API签名是可选参数，默认情况下，它被设置为"S3v4"。
@@ -101,21 +101,21 @@ mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY
 从MinIO服务获得URL、access key和secret key。
 
 ```
-mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4
+mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v4
 ```
 
 ### 示例-Amazon S3云存储
 参考[AWS Credentials指南](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)获取你的AccessKeyID和SecretAccessKey。
 
 ```
-mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4
+mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v4
 ```
 
 ### 示例-Google云存储
 参考[Google Credentials Guide](https://cloud.google.com/storage/docs/migrating?hl=en#keys)获取你的AccessKeyID和SecretAccessKey。
 
 ```
-mc config host add gcs  https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v2
+mc config host add gcs  https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v2
 ```
 
 注意：Google云存储只支持旧版签名版本V2，所以你需要选择S3v2。

cmd/config-host-add.go

@@ -26,6 +26,7 @@ import (
 	"github.com/fatih/color"
 	"github.com/minio/cli"
 	"github.com/minio/mc/pkg/probe"
+	"github.com/minio/minio-go/v6"
 	"github.com/minio/minio/pkg/console"
 	"golang.org/x/crypto/ssh/terminal"
 )
@@ -166,39 +167,44 @@ func probeS3Signature(accessKey, secretKey, url string) (string, *probe.Error) {
 		Insecure:  globalInsecure,
 		AccessKey: accessKey,
 		SecretKey: secretKey,
-		Signature: "s3v4",
 		HostURL:   urlJoinPath(url, probeBucketName),
 		Debug:     globalDebug,
 	}
 
-	s3Client, err := S3New(s3Config)
-	if err != nil {
-		return "", err
-	}
-
-	if _, err = s3Client.Stat(false, false, false, nil); err != nil {
-		switch err.ToGoError().(type) {
-		case BucketDoesNotExist:
-			// Bucket doesn't exist, means signature probing worked V4.
-		default:
-			// Attempt with signature v2, since v4 seem to have failed.
-			s3Config.Signature = "s3v2"
-			s3Client, err = S3New(s3Config)
-			if err != nil {
-				return "", err
-			}
-			if _, err = s3Client.Stat(false, false, false, nil); err != nil {
-				switch err.ToGoError().(type) {
-				case BucketDoesNotExist:
-					// Bucket doesn't exist, means signature probing worked with V2.
-				default:
-					return "", err
-				}
-			}
+	probeSignatureType := func(stype string) (string, *probe.Error) {
+		s3Config.Signature = stype
+		s3Client, err := S3New(s3Config)
+		if err != nil {
+			return "", err
 		}
+
+		if _, err := s3Client.Stat(false, false, false, nil); err != nil {
+			e := err.ToGoError()
+			if _, ok := e.(BucketDoesNotExist); ok {
+				// Bucket doesn't exist, means signature probing worked successfully.
+				return stype, nil
+			}
+			// AccessDenied means Stat() is not allowed but credentials are valid.
+			// AccessDenied is only returned when policy doesn't allow HeadBucket
+			// operations.
+			if minio.ToErrorResponse(err.ToGoError()).Code == "AccessDenied" {
+				return stype, nil
+			}
+
+			// For any other errors we fail.
+			return "", err.Trace(s3Config.Signature)
+		}
+		return stype, nil
 	}
 
-	return s3Config.Signature, nil
+	stype, err := probeSignatureType("s3v4")
+	if err != nil {
+		if stype, err = probeSignatureType("s3v2"); err != nil {
+			return "", err.Trace("s3v4", "s3v2")
+		}
+		return stype, nil
+	}
+	return stype, nil
 }
 
 // BuildS3Config constructs an S3 Config and does

docs/zh_CN/minio-client-complete-guide.md

@@ -110,7 +110,7 @@ mc.exe --help
 #### 使用
 
 ```
-mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> <API-SIGNATURE>
+mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]
 ```
 
 别名就是给你的云存储服务起了一个短点的外号。S3 endpoint,access key和secret key是你的云存储服务提供的。API签名是可选参数，默认情况下，它被设置为"S3v4"。
@@ -120,21 +120,21 @@ mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY
 
 
 ```
-mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4
+mc config host add minio http://192.168.1.51 BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v4
 ```
 
 ### 示例-Amazon S3云存储
 参考[AWS Credentials指南](http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html)获取你的AccessKeyID和SecretAccessKey。
 
 ```
-mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v4
+mc config host add s3 https://s3.amazonaws.com BKIKJAA5BMMU2RHO6IBB V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v4
 ```
 
 ### 示例-Google云存储
 参考[Google Credentials Guide](https://cloud.google.com/storage/docs/migrating?hl=en#keys)获取你的AccessKeyID和SecretAccessKey。
 
 ```
-mc config host add gcs  https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 S3v2
+mc config host add gcs  https://storage.googleapis.com BKIKJAA5BMMU2RHO6IBB V8f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12 --api s3v2
 ```
 
 注意：Google云存储只支持旧版签名版本V2，所以你需要选择S3v2。