MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-07-26 17:00:10 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ensure to load only regular files for CAs (#5612)

Browse Source 
In kubernetes statefulset like environments when secrets
are mounted to pods they have sub-directories, we should
ideally be only looking for regular files here and skip
all others.
This commit is contained in:
Harshavardhana 2018-03-07 08:46:28 -08:00 committed by Nitish Tiwari
parent b325593b47
commit 27258b9c54
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cmd/certs.go
View File

@ -23,7 +23,6 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath"
) )
// TLSPrivateKeyPassword is the environment variable which contains the password used // TLSPrivateKeyPassword is the environment variable which contains the password used
@ -64,14 +63,18 @@ func parsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err er
func getRootCAs(certsCAsDir string) (*x509.CertPool, error) { func getRootCAs(certsCAsDir string) (*x509.CertPool, error) {
// Get all CA file names. // Get all CA file names.
var caFiles []string var caFiles []string
fis, err := ioutil.ReadDir(certsCAsDir) fis, err := readDir(certsCAsDir)
if err != nil { if err != nil {
return nil, err return nil, err
} }
for _, fi := range fis { for _, fi := range fis {
caFiles = append(caFiles, filepath.Join(certsCAsDir, fi.Name())) // Skip all directories.
if hasSuffix(fi, slashSeparator) {
continue
}
// We are only interested in regular files here.
caFiles = append(caFiles, pathJoin(certsCAsDir, fi))
} }
if len(caFiles) == 0 { if len(caFiles) == 0 {
return nil, nil return nil, nil
} }

21
cmd/certs_test.go
View File

@ -219,27 +219,16 @@ func TestGetRootCAs(t *testing.T) {
t.Fatalf("Unable create test file. %v", err) t.Fatalf("Unable create test file. %v", err)
} }
nonexistentErr := fmt.Errorf("open nonexistent-dir: no such file or directory")
if runtime.GOOS == "windows" {
// Below concatenation is done to get rid of goline error
// "error strings should not be capitalized or end with punctuation or a newline"
nonexistentErr = fmt.Errorf("open nonexistent-dir:" + " The system cannot find the file specified.")
}
err1 := fmt.Errorf("read %s: is a directory", filepath.Join(dir1, "empty-dir"))
if runtime.GOOS == "windows" {
// Below concatenation is done to get rid of goline error
// "error strings should not be capitalized or end with punctuation or a newline"
err1 = fmt.Errorf("read %s:"+" The handle is invalid.", filepath.Join(dir1, "empty-dir"))
}
testCases := []struct { testCases := []struct {
certCAsDir string certCAsDir string
expectedErr error expectedErr error
}{ }{
{"nonexistent-dir", nonexistentErr}, {"nonexistent-dir", errFileNotFound},
{dir1, err1}, // Ignores directories.
{dir1, nil},
// Ignore empty directory.
{emptydir, nil}, {emptydir, nil},
// Loads the cert properly.
{dir2, nil}, {dir2, nil},
} }