Honor envs properly for access and secret key. (#3703)

Also changes the behavior of `secretKeyHash` which is not necessary to be sent over the network, each node has its own secretKeyHash to validate. Fixes #3696 Partial(fix) #3700 (More changes needed with some code cleanup)
2025-11-08 21:24:55 -05:00 · 2017-02-07 12:51:43 -08:00
parent fd72c21e0e
commit 31dff87903
19 changed files with 237 additions and 314 deletions
--- a/cmd/admin-handlers.go
+++ b/cmd/admin-handlers.go
@@ -154,24 +154,25 @@ func (adminAPI adminAPIHandlers) ServiceCredentialsHandler(w http.ResponseWriter
 	}

 	// Check passed credentials
-	cred, err := getCredential(req.Username, req.Password)
-	switch err {
-	case errInvalidAccessKeyLength:
-		writeErrorResponse(w, ErrAdminInvalidAccessKey, r.URL)
-		return
-	case errInvalidSecretKeyLength:
-		writeErrorResponse(w, ErrAdminInvalidSecretKey, r.URL)
+	err = validateAuthKeys(req.Username, req.Password)
+	if err != nil {
+		writeErrorResponse(w, toAPIErrorCode(err), r.URL)
 		return
 	}

+	creds := credential{
+		AccessKey: req.Username,
+		SecretKey: req.Password,
+	}
+
 	// Notify all other Minio peers to update credentials
-	updateErrs := updateCredsOnPeers(cred)
+	updateErrs := updateCredsOnPeers(creds)
 	for peer, err := range updateErrs {
 		errorIf(err, "Unable to update credentials on peer %s.", peer)
 	}

-	// Update local credentials
-	serverConfig.SetCredential(cred)
+	// Update local credentials in memory.
+	serverConfig.SetCredential(creds)
 	if err = serverConfig.Save(); err != nil {
 		writeErrorResponse(w, ErrInternalError, r.URL)
 		return