pkg/certs: On windows watch for directory changes to load certs (#6128)

This PR fixes an issue when configuring Minio TLS on windows

pkg/certs/certs.go

@@ -18,6 +18,7 @@ package certs
 
 import (
 	"crypto/tls"
+	"path/filepath"
 	"sync"
 
 	"github.com/rjeczalik/notify"
@@ -74,11 +75,14 @@ func (c *Certs) watch() (err error) {
 		}
 	}()
 
-	if err = notify.Watch(c.certFile, c.e, eventWrite...); err != nil {
+	// Windows doesn't allow for watching file changes but instead allows
+	// for directory changes only, while we can still watch for changes
+	// on files on other platforms. Watch parent directory on all platforms
+	// for simplicity.
+	if err = notify.Watch(filepath.Dir(c.certFile), c.e, eventWrite...); err != nil {
 		return err
 	}
-
+	if err = notify.Watch(filepath.Dir(c.keyFile), c.e, eventWrite...); err != nil {
-	if err = notify.Watch(c.keyFile, c.e, eventWrite...); err != nil {
 		return err
 	}
 	c.Lock()
@@ -93,7 +97,11 @@ func (c *Certs) watch() (err error) {
 
 func (c *Certs) run() {
 	for event := range c.e {
+		base := filepath.Base(event.Path())
 		if isWriteEvent(event.Event()) {
+			certChanged := base == filepath.Base(c.certFile)
+			keyChanged := base == filepath.Base(c.keyFile)
+			if certChanged || keyChanged {
 				cert, err := c.loadCert(c.certFile, c.keyFile)
 				if err != nil {
 					// ignore the error continue to use
@@ -106,6 +114,7 @@ func (c *Certs) run() {
 			}
 		}
 	}
+}
 
 // GetCertificateFunc provides a GetCertificate type for custom client implementations.
 type GetCertificateFunc func(hello *tls.ClientHelloInfo) (*tls.Certificate, error)