MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-20 01:50:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: etcd IAM encryption fails due to incorrect kms.Context (#12431)

Browse Source 
Due to incorrect KMS context constructed, we need to add
additional fallbacks and also fix the original root cause
to fix already migrated deployments.

Bonus remove double migration is avoided in gateway mode
for etcd, instead do it once in iam.Init(), also simplify
the migration by not migrating STS users instead let the
clients regenerate them.
This commit is contained in:
Harshavardhana
2021-06-04 11:15:13 -07:00
committed by GitHub
parent c0e41356f5
commit 36b2f6d11d
6 changed files with 50 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/gateway-main.go
View File

@@ -317,14 +317,6 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
logger.FatalIf(globalNotificationSys.Init(GlobalContext, buckets, newObject), "Unable to initialize notification system")
}
if globalEtcdClient != nil {
// **** WARNING ****
// Migrating to encrypted backend on etcd should happen before initialization of
// IAM sub-systems, make sure that we do not move the above codeblock elsewhere.
logger.FatalIf(migrateIAMConfigsEtcdToEncrypted(GlobalContext, globalEtcdClient),
"Unable to handle encrypted backend for iam and policies")
}
if enableIAMOps {
// Initialize users credentials and policies in background.
globalIAMSys.InitStore(newObject)