2023-01-16 18:38:15 -05:00
|
|
|
// Copyright (c) 2015-2023 MinIO, Inc.
|
2021-04-18 15:41:13 -04:00
|
|
|
//
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2019-10-23 01:59:13 -04:00
|
|
|
|
|
|
|
package cmd
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2021-11-10 13:01:32 -05:00
|
|
|
"context"
|
2019-10-23 01:59:13 -04:00
|
|
|
"encoding/json"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
2019-11-05 09:18:26 -05:00
|
|
|
"strconv"
|
2019-12-04 18:32:37 -05:00
|
|
|
"strings"
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2023-06-19 20:53:08 -04:00
|
|
|
"github.com/minio/madmin-go/v3"
|
2021-06-01 17:59:40 -04:00
|
|
|
"github.com/minio/minio/internal/config"
|
|
|
|
"github.com/minio/minio/internal/config/cache"
|
|
|
|
"github.com/minio/minio/internal/config/etcd"
|
|
|
|
xldap "github.com/minio/minio/internal/config/identity/ldap"
|
|
|
|
"github.com/minio/minio/internal/config/identity/openid"
|
2022-05-26 20:58:09 -04:00
|
|
|
idplugin "github.com/minio/minio/internal/config/identity/plugin"
|
2022-05-10 20:14:55 -04:00
|
|
|
polplugin "github.com/minio/minio/internal/config/policy/plugin"
|
2021-06-01 17:59:40 -04:00
|
|
|
"github.com/minio/minio/internal/config/storageclass"
|
2023-02-27 11:35:36 -05:00
|
|
|
"github.com/minio/minio/internal/config/subnet"
|
2021-06-01 17:59:40 -04:00
|
|
|
"github.com/minio/minio/internal/logger"
|
2023-01-23 06:12:47 -05:00
|
|
|
"github.com/minio/mux"
|
2021-05-30 00:16:42 -04:00
|
|
|
iampolicy "github.com/minio/pkg/iam/policy"
|
2019-10-23 01:59:13 -04:00
|
|
|
)
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// DelConfigKVHandler - DELETE /minio/admin/v3/del-config-kv
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) DelConfigKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "DeleteConfigKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 {
|
|
|
|
// More than maxConfigSize bytes were available
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2019-10-23 01:59:13 -04:00
|
|
|
kvBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
|
|
|
|
if err != nil {
|
|
|
|
logger.LogIf(ctx, err, logger.Application)
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2019-11-27 12:36:08 -05:00
|
|
|
|
2022-02-22 13:59:28 -05:00
|
|
|
subSys, _, _, err := config.GetSubSys(string(kvBytes))
|
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-12-19 14:10:14 -05:00
|
|
|
cfg, err := readServerConfig(ctx, objectAPI, nil)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-27 12:36:08 -05:00
|
|
|
if err = cfg.DelFrom(bytes.NewReader(kvBytes)); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2022-09-30 13:55:53 -04:00
|
|
|
|
2023-05-25 01:57:37 -04:00
|
|
|
if err = validateConfig(ctx, cfg, subSys); err != nil {
|
2022-01-27 21:28:16 -05:00
|
|
|
writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), err.Error(), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2023-02-27 11:35:36 -05:00
|
|
|
// Check if subnet proxy being deleted and if so the value of proxy of subnet
|
|
|
|
// target of logger webhook configuration also should be deleted
|
|
|
|
loggerWebhookProxyDeleted := setLoggerWebhookSubnetProxy(subSys, cfg)
|
|
|
|
|
2019-11-21 07:24:51 -05:00
|
|
|
if err = saveServerConfig(ctx, objectAPI, cfg); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2021-11-10 13:01:32 -05:00
|
|
|
|
2022-09-30 13:55:53 -04:00
|
|
|
// freshly retrieve the config so that default values are loaded for reset config
|
|
|
|
if cfg, err = getValidConfig(objectAPI); err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-02-22 13:59:28 -05:00
|
|
|
dynamic := config.SubSystemsDynamic.Contains(subSys)
|
2021-11-10 13:01:32 -05:00
|
|
|
if dynamic {
|
2022-02-22 13:59:28 -05:00
|
|
|
applyDynamic(ctx, objectAPI, cfg, subSys, r, w)
|
2023-02-27 11:35:36 -05:00
|
|
|
if subSys == config.SubnetSubSys && loggerWebhookProxyDeleted {
|
|
|
|
// Logger webhook proxy deleted, apply the dynamic changes
|
|
|
|
applyDynamic(ctx, objectAPI, cfg, config.LoggerWebhookSubSys, r, w)
|
|
|
|
}
|
2021-11-10 13:01:32 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-02-22 13:59:28 -05:00
|
|
|
func applyDynamic(ctx context.Context, objectAPI ObjectLayer, cfg config.Config, subSys string,
|
2022-04-13 15:00:11 -04:00
|
|
|
r *http.Request, w http.ResponseWriter,
|
|
|
|
) {
|
2021-11-10 13:01:32 -05:00
|
|
|
// Apply dynamic values.
|
2022-02-22 13:59:28 -05:00
|
|
|
if err := applyDynamicConfigForSubSys(GlobalContext, objectAPI, cfg, subSys); err != nil {
|
2021-11-10 13:01:32 -05:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2022-05-16 19:10:51 -04:00
|
|
|
globalNotificationSys.SignalConfigReload(subSys)
|
2021-11-10 13:01:32 -05:00
|
|
|
// Tell the client that dynamic config was applied.
|
|
|
|
w.Header().Set(madmin.ConfigAppliedHeader, madmin.ConfigAppliedTrue)
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
type badConfigErr struct {
|
|
|
|
Err error
|
|
|
|
}
|
|
|
|
|
|
|
|
// Error - return the error message
|
|
|
|
func (bce badConfigErr) Error() string {
|
|
|
|
return bce.Err.Error()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Unwrap the error to its underlying error.
|
|
|
|
func (bce badConfigErr) Unwrap() error {
|
|
|
|
return bce.Err
|
|
|
|
}
|
|
|
|
|
|
|
|
type setConfigResult struct {
|
2023-02-27 11:35:36 -05:00
|
|
|
Cfg config.Config
|
|
|
|
SubSys string
|
|
|
|
Dynamic bool
|
|
|
|
LoggerWebhookCfgUpdated bool
|
2023-01-16 18:38:15 -05:00
|
|
|
}
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// SetConfigKVHandler - PUT /minio/admin/v3/set-config-kv
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) SetConfigKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "SetConfigKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 {
|
|
|
|
// More than maxConfigSize bytes were available
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2019-10-23 01:59:13 -04:00
|
|
|
kvBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
|
|
|
|
if err != nil {
|
|
|
|
logger.LogIf(ctx, err, logger.Application)
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
|
|
|
|
return
|
|
|
|
}
|
2019-11-27 12:36:08 -05:00
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
result, err := setConfigKV(ctx, objectAPI, kvBytes)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
2023-01-16 18:38:15 -05:00
|
|
|
switch err.(type) {
|
|
|
|
case badConfigErr:
|
|
|
|
writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), err.Error(), r.URL)
|
|
|
|
default:
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
}
|
2019-10-23 01:59:13 -04:00
|
|
|
return
|
|
|
|
}
|
2021-01-22 15:09:24 -05:00
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
if result.Dynamic {
|
|
|
|
applyDynamic(ctx, objectAPI, result.Cfg, result.SubSys, r, w)
|
2023-02-27 11:35:36 -05:00
|
|
|
// If logger webhook config updated (proxy due to callhome), explicitly dynamically
|
|
|
|
// apply the config
|
|
|
|
if result.LoggerWebhookCfgUpdated {
|
|
|
|
applyDynamic(ctx, objectAPI, result.Cfg, config.LoggerWebhookSubSys, r, w)
|
|
|
|
}
|
2019-11-27 19:13:07 -05:00
|
|
|
}
|
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
writeSuccessResponseHeadersOnly(w)
|
|
|
|
}
|
|
|
|
|
|
|
|
func setConfigKV(ctx context.Context, objectAPI ObjectLayer, kvBytes []byte) (result setConfigResult, err error) {
|
|
|
|
result.Cfg, err = readServerConfig(ctx, objectAPI, nil)
|
2022-02-08 13:36:41 -05:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
result.Dynamic, err = result.Cfg.ReadConfig(bytes.NewReader(kvBytes))
|
|
|
|
if err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
result.SubSys, _, _, err = config.GetSubSys(string(kvBytes))
|
|
|
|
if err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-05-25 01:57:37 -04:00
|
|
|
tgts, err := config.ParseConfigTargetID(bytes.NewReader(kvBytes))
|
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
ctx = context.WithValue(ctx, config.ContextKeyForTargetFromConfig, tgts)
|
|
|
|
if verr := validateConfig(ctx, result.Cfg, result.SubSys); verr != nil {
|
2023-01-16 18:38:15 -05:00
|
|
|
err = badConfigErr{Err: verr}
|
2019-10-23 01:59:13 -04:00
|
|
|
return
|
|
|
|
}
|
2019-11-09 12:27:23 -05:00
|
|
|
|
2023-02-27 11:35:36 -05:00
|
|
|
// Check if subnet proxy being set and if so set the same value to proxy of subnet
|
|
|
|
// target of logger webhook configuration
|
|
|
|
result.LoggerWebhookCfgUpdated = setLoggerWebhookSubnetProxy(result.SubSys, result.Cfg)
|
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
// Update the actual server config on disk.
|
|
|
|
if err = saveServerConfig(ctx, objectAPI, result.Cfg); err != nil {
|
|
|
|
return
|
2020-12-04 12:32:35 -05:00
|
|
|
}
|
2022-09-30 13:55:53 -04:00
|
|
|
|
2023-01-16 18:38:15 -05:00
|
|
|
// Write the config input KV to history.
|
|
|
|
err = saveServerConfigHistory(ctx, objectAPI, kvBytes)
|
|
|
|
return
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// GetConfigKVHandler - GET /minio/admin/v3/get-config-kv?key={key}
|
2022-08-25 03:17:05 -04:00
|
|
|
//
|
|
|
|
// `key` can be one of three forms:
|
|
|
|
// 1. `subsys:target` -> request for config of a single subsystem and target pair.
|
|
|
|
// 2. `subsys:` -> request for config of a single subsystem and the default target.
|
|
|
|
// 3. `subsys` -> request for config of all targets for the given subsystem.
|
2023-06-23 10:45:27 -04:00
|
|
|
//
|
|
|
|
// This is a reporting API and config secrets are redacted in the response.
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) GetConfigKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "GetConfigKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-06-24 19:24:12 -04:00
|
|
|
cfg := globalServerConfig.Clone()
|
2019-10-23 01:59:13 -04:00
|
|
|
vars := mux.Vars(r)
|
2022-08-25 03:17:05 -04:00
|
|
|
key := vars["key"]
|
|
|
|
|
|
|
|
var subSys, target string
|
|
|
|
{
|
|
|
|
ws := strings.SplitN(key, madmin.SubSystemSeparator, 2)
|
|
|
|
subSys = ws[0]
|
|
|
|
if len(ws) == 2 {
|
|
|
|
if ws[1] == "" {
|
|
|
|
target = madmin.Default
|
|
|
|
} else {
|
|
|
|
target = ws[1]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-06-23 10:45:27 -04:00
|
|
|
subSysConfigs, err := cfg.GetSubsysInfo(subSys, target, true)
|
2022-08-05 01:21:52 -04:00
|
|
|
if err != nil {
|
2019-11-27 12:36:08 -05:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
2019-10-30 03:04:39 -04:00
|
|
|
|
2022-08-05 01:21:52 -04:00
|
|
|
var s strings.Builder
|
|
|
|
for _, subSysConfig := range subSysConfigs {
|
2022-11-01 11:04:07 -04:00
|
|
|
subSysConfig.WriteTo(&s, false)
|
2022-08-05 01:21:52 -04:00
|
|
|
}
|
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2022-08-05 01:21:52 -04:00
|
|
|
econfigData, err := madmin.EncryptData(password, []byte(s.String()))
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeSuccessResponseJSON(w, econfigData)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a adminAPIHandlers) ClearConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "ClearConfigHistoryKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
restoreID := vars["restoreId"]
|
|
|
|
if restoreID == "" {
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if restoreID == "all" {
|
2019-11-05 09:18:26 -05:00
|
|
|
chEntries, err := listServerConfigHistory(ctx, objectAPI, false, -1)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
for _, chEntry := range chEntries {
|
|
|
|
if err = delServerConfigHistory(ctx, objectAPI, chEntry.RestoreID); err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
2021-11-16 12:28:29 -05:00
|
|
|
} else if err := delServerConfigHistory(ctx, objectAPI, restoreID); err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// RestoreConfigHistoryKVHandler - restores a config with KV settings for the given KV id.
|
|
|
|
func (a adminAPIHandlers) RestoreConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "RestoreConfigHistoryKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
|
|
|
restoreID := vars["restoreId"]
|
|
|
|
if restoreID == "" {
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
kvBytes, err := readServerConfigHistory(ctx, objectAPI, restoreID)
|
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-12-19 14:10:14 -05:00
|
|
|
cfg, err := readServerConfig(ctx, objectAPI, nil)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
2019-11-27 12:36:08 -05:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
|
2020-12-04 12:32:35 -05:00
|
|
|
if _, err = cfg.ReadConfig(bytes.NewReader(kvBytes)); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-05-25 01:57:37 -04:00
|
|
|
if err = validateConfig(ctx, cfg, ""); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), err.Error(), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-21 07:24:51 -05:00
|
|
|
if err = saveServerConfig(ctx, objectAPI, cfg); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
delServerConfigHistory(ctx, objectAPI, restoreID)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ListConfigHistoryKVHandler - lists all the KV ids.
|
|
|
|
func (a adminAPIHandlers) ListConfigHistoryKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "ListConfigHistoryKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-05 09:18:26 -05:00
|
|
|
vars := mux.Vars(r)
|
|
|
|
count, err := strconv.Atoi(vars["count"])
|
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
chEntries, err := listServerConfigHistory(ctx, objectAPI, true, count)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
data, err := json.Marshal(chEntries)
|
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2019-11-05 09:18:26 -05:00
|
|
|
econfigData, err := madmin.EncryptData(password, data)
|
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeSuccessResponseJSON(w, econfigData)
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// HelpConfigKVHandler - GET /minio/admin/v3/help-config-kv?subSys={subSys}&key={key}
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) HelpConfigKVHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "HelpConfigKV")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, _ := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
vars := mux.Vars(r)
|
2019-10-30 03:04:39 -04:00
|
|
|
|
2019-10-23 01:59:13 -04:00
|
|
|
subSys := vars["subSys"]
|
|
|
|
key := vars["key"]
|
|
|
|
|
2021-08-08 01:43:01 -04:00
|
|
|
_, envOnly := r.Form["env"]
|
2019-10-30 03:04:39 -04:00
|
|
|
|
|
|
|
rd, err := GetHelp(subSys, key, envOnly)
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-10-30 03:04:39 -04:00
|
|
|
json.NewEncoder(w).Encode(rd)
|
2019-10-23 01:59:13 -04:00
|
|
|
}
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// SetConfigHandler - PUT /minio/admin/v3/config
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "SetConfig")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.ContentLength > maxEConfigJSONSize || r.ContentLength == -1 {
|
|
|
|
// More than maxConfigSize bytes were available
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigTooLarge), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2019-11-26 13:08:25 -05:00
|
|
|
kvBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
logger.LogIf(ctx, err, logger.Application)
|
|
|
|
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-26 13:08:25 -05:00
|
|
|
cfg := newServerConfig()
|
2020-12-04 12:32:35 -05:00
|
|
|
if _, err = cfg.ReadConfig(bytes.NewReader(kvBytes)); err != nil {
|
2019-11-26 13:08:25 -05:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
2019-10-23 01:59:13 -04:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-05-25 01:57:37 -04:00
|
|
|
if err = validateConfig(ctx, cfg, ""); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), err.Error(), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-26 13:08:25 -05:00
|
|
|
// Update the actual server config on disk.
|
2019-11-21 07:24:51 -05:00
|
|
|
if err = saveServerConfig(ctx, objectAPI, cfg); err != nil {
|
2019-10-23 01:59:13 -04:00
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-11-26 13:08:25 -05:00
|
|
|
// Write to the config input KV to history.
|
|
|
|
if err = saveServerConfigHistory(ctx, objectAPI, kvBytes); err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-10-23 01:59:13 -04:00
|
|
|
writeSuccessResponseHeadersOnly(w)
|
|
|
|
}
|
|
|
|
|
2020-04-07 22:30:59 -04:00
|
|
|
// GetConfigHandler - GET /minio/admin/v3/config
|
2023-06-23 10:45:27 -04:00
|
|
|
//
|
|
|
|
// This endpoint is mainly for exporting and backing up the configuration.
|
|
|
|
// Secrets are not redacted.
|
2019-10-23 01:59:13 -04:00
|
|
|
func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Request) {
|
2020-05-11 13:34:08 -04:00
|
|
|
ctx := newContext(r, w, "GetConfig")
|
|
|
|
|
2021-01-26 16:21:51 -05:00
|
|
|
defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2021-08-09 21:14:38 -04:00
|
|
|
objectAPI, cred := validateAdminReq(ctx, w, r, iampolicy.ConfigUpdateAdminAction)
|
2019-10-23 01:59:13 -04:00
|
|
|
if objectAPI == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-06-24 19:24:12 -04:00
|
|
|
cfg := globalServerConfig.Clone()
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2019-12-04 18:32:37 -05:00
|
|
|
var s strings.Builder
|
|
|
|
hkvs := config.HelpSubSysMap[""]
|
|
|
|
for _, hkv := range hkvs {
|
2022-08-05 01:21:52 -04:00
|
|
|
// We ignore the error below, as we cannot get one.
|
2023-06-23 10:45:27 -04:00
|
|
|
cfgSubsysItems, _ := cfg.GetSubsysInfo(hkv.Key, "", false)
|
2022-08-05 01:21:52 -04:00
|
|
|
|
|
|
|
for _, item := range cfgSubsysItems {
|
2022-08-13 13:39:01 -04:00
|
|
|
off := item.Config.Get(config.Enable) == config.EnableOff
|
2019-12-04 18:32:37 -05:00
|
|
|
switch hkv.Key {
|
|
|
|
case config.EtcdSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !etcd.Enabled(item.Config)
|
2019-12-04 18:32:37 -05:00
|
|
|
case config.CacheSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !cache.Enabled(item.Config)
|
2019-12-04 18:32:37 -05:00
|
|
|
case config.StorageClassSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !storageclass.Enabled(item.Config)
|
2022-05-10 20:14:55 -04:00
|
|
|
case config.PolicyPluginSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !polplugin.Enabled(item.Config)
|
2019-12-04 18:32:37 -05:00
|
|
|
case config.IdentityOpenIDSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !openid.Enabled(item.Config)
|
2019-12-04 18:32:37 -05:00
|
|
|
case config.IdentityLDAPSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !xldap.Enabled(item.Config)
|
2021-09-07 22:03:48 -04:00
|
|
|
case config.IdentityTLSSubSys:
|
2023-02-27 02:37:00 -05:00
|
|
|
off = !globalIAMSys.STSTLSConfig.Enabled
|
2022-05-26 20:58:09 -04:00
|
|
|
case config.IdentityPluginSubSys:
|
2022-08-13 13:39:01 -04:00
|
|
|
off = !idplugin.Enabled(item.Config)
|
2019-12-20 17:47:14 -05:00
|
|
|
}
|
2022-11-01 11:04:07 -04:00
|
|
|
item.WriteTo(&s, off)
|
2019-12-04 18:32:37 -05:00
|
|
|
}
|
2019-11-27 12:36:08 -05:00
|
|
|
}
|
2019-10-23 01:59:13 -04:00
|
|
|
|
2020-04-25 01:36:48 -04:00
|
|
|
password := cred.SecretKey
|
2019-12-04 18:32:37 -05:00
|
|
|
econfigData, err := madmin.EncryptData(password, []byte(s.String()))
|
2019-10-23 01:59:13 -04:00
|
|
|
if err != nil {
|
|
|
|
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
writeSuccessResponseJSON(w, econfigData)
|
|
|
|
}
|
2023-02-27 11:35:36 -05:00
|
|
|
|
|
|
|
// setLoggerWebhookSubnetProxy - Sets the logger webhook's subnet proxy value to
|
|
|
|
// one being set for subnet proxy
|
|
|
|
func setLoggerWebhookSubnetProxy(subSys string, cfg config.Config) bool {
|
2023-05-31 11:09:09 -04:00
|
|
|
if subSys == config.SubnetSubSys || subSys == config.LoggerWebhookSubSys {
|
2023-02-27 11:35:36 -05:00
|
|
|
subnetWebhookCfg := cfg[config.LoggerWebhookSubSys][subnet.LoggerWebhookName]
|
|
|
|
loggerWebhookSubnetProxy := subnetWebhookCfg.Get(logger.Proxy)
|
|
|
|
subnetProxy := cfg[config.SubnetSubSys][config.Default].Get(logger.Proxy)
|
|
|
|
if loggerWebhookSubnetProxy != subnetProxy {
|
|
|
|
subnetWebhookCfg.Set(logger.Proxy, subnetProxy)
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|