mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
fix and improve KMS server info (#8944)
This commit fixes typos in the displayed server info w.r.t. the KMS and removes the update status. For more information about why the update status is removed see: PR #8943
This commit is contained in:
parent
4f37c8ccf2
commit
086fbb745e
@ -1574,30 +1574,23 @@ func fetchVaultStatus(cfg config.Config) madmin.Vault {
|
|||||||
} else {
|
} else {
|
||||||
vault.Status = "online"
|
vault.Status = "online"
|
||||||
|
|
||||||
kmsContext := crypto.Context{"MinIO admin API": "KMSKeyStatusHandler"} // Context for a test key operation
|
kmsContext := crypto.Context{"MinIO admin API": "ServerInfoHandler"} // Context for a test key operation
|
||||||
// 1. Generate a new key using the KMS.
|
// 1. Generate a new key using the KMS.
|
||||||
key, sealedKey, err := GlobalKMS.GenerateKey(keyID, kmsContext)
|
key, sealedKey, err := GlobalKMS.GenerateKey(keyID, kmsContext)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
vault.Encrypt = "Encryption failed"
|
vault.Encrypt = fmt.Sprintf("Encryption failed: %v", err)
|
||||||
} else {
|
} else {
|
||||||
vault.Encrypt = "Ok"
|
vault.Encrypt = "Ok"
|
||||||
}
|
}
|
||||||
|
|
||||||
// 2. Check whether we can update / re-wrap the sealed key.
|
// 2. Verify that we can indeed decrypt the (encrypted) key
|
||||||
sealedKey, err = GlobalKMS.UpdateKey(keyID, sealedKey, kmsContext)
|
decryptedKey, err := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
|
||||||
if err != nil {
|
switch {
|
||||||
vault.Update = "Re-wrap failed:"
|
case err != nil:
|
||||||
} else {
|
vault.Decrypt = fmt.Sprintf("Decryption failed: %v", err)
|
||||||
vault.Update = "Ok"
|
case subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1:
|
||||||
}
|
vault.Decrypt = "Decryption failed: decrypted key does not match generated key"
|
||||||
|
default:
|
||||||
// 3. Verify that we can indeed decrypt the (encrypted) key
|
|
||||||
decryptedKey, decryptErr := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
|
|
||||||
|
|
||||||
// 4. Compare generated key with decrypted key
|
|
||||||
if subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1 || decryptErr != nil {
|
|
||||||
vault.Decrypt = "Re-wrap failed:"
|
|
||||||
} else {
|
|
||||||
vault.Decrypt = "Ok"
|
vault.Decrypt = "Ok"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -470,7 +470,6 @@ type Vault struct {
|
|||||||
Status string `json:"status,omitempty"`
|
Status string `json:"status,omitempty"`
|
||||||
Encrypt string `json:"encryp,omitempty"`
|
Encrypt string `json:"encryp,omitempty"`
|
||||||
Decrypt string `json:"decrypt,omitempty"`
|
Decrypt string `json:"decrypt,omitempty"`
|
||||||
Update string `json:"update,omitempty"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// LDAP contains ldap status
|
// LDAP contains ldap status
|
||||||
|
Loading…
Reference in New Issue
Block a user