Indicate backend encrypted only if encryption is requested (#8508)

2025-07-16 20:31:55 -04:00 · 2019-11-11 18:42:10 -08:00 · 2019-11-11 18:42:10 -08:00 · 1027afa853
commit 1027afa853
parent aa04f97f95
3 changed files with 13 additions and 14 deletions
--- a/cmd/admin-handlers-config-kv.go
+++ b/cmd/admin-handlers-config-kv.go
@ -183,7 +183,9 @@ func (a adminAPIHandlers) SetConfigKVHandler(w http.ResponseWriter, r *http.Requ
 	}
 	// Make sure to write backend is encrypted
-	saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
+	if globalConfigEncrypted {
 		saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
 	}
 }
 // GetConfigKVHandler - GET /minio/admin/v2/get-config-kv?key={key}
@ -447,7 +449,9 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques
 	}
 	// Make sure to write backend is encrypted
-	saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
+	if globalConfigEncrypted {
 		saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
 	}
 	// Reply to the client before restarting minio server.
 	writeSuccessResponseHeadersOnly(w)
--- a/cmd/config-encrypted.go
+++ b/cmd/config-encrypted.go
@ -19,11 +19,12 @@ package cmd
 import (
 	"bytes"
 	"context"
 	"errors"
 	"os"
 	"strings"
 	"unicode/utf8"
 	etcd "github.com/coreos/etcd/clientv3"
 	jsoniter "github.com/json-iterator/go"
 	"github.com/minio/minio/cmd/config"
 	"github.com/minio/minio/cmd/logger"
 	"github.com/minio/minio/pkg/auth"
@ -260,11 +261,8 @@ func migrateIAMConfigsEtcdToEncrypted(client *etcd.Client) error {
 			data = cdata
 		}
-		// Attempt to unmarshal JSON content
+		if !utf8.Valid(data) {
-		var dummy map[string]interface{}
+			return errors.New("config data not in plain-text form")
 		var json = jsoniter.ConfigCompatibleWithStandardLibrary
 		if err = json.Unmarshal(data, &dummy); err != nil {
 			return err
 		}
 		cencdata, err = madmin.EncryptData(globalActiveCred.String(), data)
@ -335,11 +333,8 @@ func migrateConfigPrefixToEncrypted(objAPI ObjectLayer, activeCredOld auth.Crede
 				data = cdata
 			}
-			// Attempt to unmarshal JSON content
+			if !utf8.Valid(data) {
-			var dummy map[string]interface{}
+				return errors.New("config data not in plain-text form")
 			var json = jsoniter.ConfigCompatibleWithStandardLibrary
 			if err = json.Unmarshal(data, &dummy); err != nil {
 				return err
 			}
 			cencdata, err = madmin.EncryptData(globalActiveCred.String(), data)
--- a/cmd/logger/config.go
+++ b/cmd/logger/config.go
@ -193,7 +193,7 @@ func LookupConfig(scfg config.Config) (Config, error) {
 		if starget != config.Default {
 			authTokenEnv = EnvLoggerHTTPAuditAuthToken + config.Default + starget
 		}
-		cfg.HTTP[starget] = HTTP{
+		cfg.Audit[starget] = HTTP{
 			Enabled:   true,
 			Endpoint:  endpoint,
 			AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),