mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
fix and improve KMS server info (#8944)
This commit fixes typos in the displayed server info w.r.t. the KMS and removes the update status. For more information about why the update status is removed see: PR #8943
This commit is contained in:
parent
4f37c8ccf2
commit
086fbb745e
@ -1574,30 +1574,23 @@ func fetchVaultStatus(cfg config.Config) madmin.Vault {
|
||||
} else {
|
||||
vault.Status = "online"
|
||||
|
||||
kmsContext := crypto.Context{"MinIO admin API": "KMSKeyStatusHandler"} // Context for a test key operation
|
||||
kmsContext := crypto.Context{"MinIO admin API": "ServerInfoHandler"} // Context for a test key operation
|
||||
// 1. Generate a new key using the KMS.
|
||||
key, sealedKey, err := GlobalKMS.GenerateKey(keyID, kmsContext)
|
||||
if err != nil {
|
||||
vault.Encrypt = "Encryption failed"
|
||||
vault.Encrypt = fmt.Sprintf("Encryption failed: %v", err)
|
||||
} else {
|
||||
vault.Encrypt = "Ok"
|
||||
}
|
||||
|
||||
// 2. Check whether we can update / re-wrap the sealed key.
|
||||
sealedKey, err = GlobalKMS.UpdateKey(keyID, sealedKey, kmsContext)
|
||||
if err != nil {
|
||||
vault.Update = "Re-wrap failed:"
|
||||
} else {
|
||||
vault.Update = "Ok"
|
||||
}
|
||||
|
||||
// 3. Verify that we can indeed decrypt the (encrypted) key
|
||||
decryptedKey, decryptErr := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
|
||||
|
||||
// 4. Compare generated key with decrypted key
|
||||
if subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1 || decryptErr != nil {
|
||||
vault.Decrypt = "Re-wrap failed:"
|
||||
} else {
|
||||
// 2. Verify that we can indeed decrypt the (encrypted) key
|
||||
decryptedKey, err := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
|
||||
switch {
|
||||
case err != nil:
|
||||
vault.Decrypt = fmt.Sprintf("Decryption failed: %v", err)
|
||||
case subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1:
|
||||
vault.Decrypt = "Decryption failed: decrypted key does not match generated key"
|
||||
default:
|
||||
vault.Decrypt = "Ok"
|
||||
}
|
||||
}
|
||||
|
@ -470,7 +470,6 @@ type Vault struct {
|
||||
Status string `json:"status,omitempty"`
|
||||
Encrypt string `json:"encryp,omitempty"`
|
||||
Decrypt string `json:"decrypt,omitempty"`
|
||||
Update string `json:"update,omitempty"`
|
||||
}
|
||||
|
||||
// LDAP contains ldap status
|
||||
|
Loading…
Reference in New Issue
Block a user