add support for customizing redirect_uri for IDP (#12607)

cmd/common-main.go

@@ -109,17 +109,18 @@ func init() {
 const consolePrefix = "CONSOLE_"
 
 func minioConfigToConsoleFeatures() {
-	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", restapi.RandomCharString(16))
-	os.Setenv("CONSOLE_PBKDF_SALT", restapi.RandomCharString(8))
+	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID)
+	os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID)
+	os.Setenv("CONSOLE_HMAC_JWT_SECRET", globalDeploymentID)
 	os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
-	if value := os.Getenv("MINIO_LOG_QUERY_URL"); value != "" {
+	if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
 		os.Setenv("CONSOLE_LOG_QUERY_URL", value)
 	}
-	if value := os.Getenv("MINIO_LOG_QUERY_AUTH_TOKEN"); value != "" {
+	if value := env.Get("MINIO_LOG_QUERY_AUTH_TOKEN", ""); value != "" {
 		os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value)
 	}
 	// Enable if prometheus URL is set.
-	if value := os.Getenv("MINIO_PROMETHEUS_URL"); value != "" {
+	if value := env.Get("MINIO_PROMETHEUS_URL", ""); value != "" {
 		os.Setenv("CONSOLE_PROMETHEUS_URL", value)
 	}
 	// Enable if LDAP is enabled.
@@ -134,8 +135,12 @@ func minioConfigToConsoleFeatures() {
 		os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret)
 	}
 	os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
-	os.Setenv("CONSOLE_CERT_PASSWD", os.Getenv("MINIO_CERT_PASSWD"))
-	os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
+	os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", ""))
+	if globalOpenIDConfig.RedirectURI != "" {
+		os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI)
+	} else {
+		os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
+	}
 }
 
 func initConsoleServer() (*restapi.Server, error) {

cmd/metrics-router.go

@@ -18,10 +18,10 @@
 package cmd
 
 import (
-	"os"
 	"strings"
 
 	"github.com/gorilla/mux"
+	"github.com/minio/pkg/env"
 )
 
 const (
@@ -46,15 +46,13 @@ const (
 func registerMetricsRouter(router *mux.Router) {
 	// metrics router
 	metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter()
-	authType := strings.ToLower(os.Getenv(EnvPrometheusAuthType))
+	authType := strings.ToLower(env.Get(EnvPrometheusAuthType, string(prometheusJWT)))
 	switch prometheusAuthType(authType) {
 	case prometheusPublic:
 		metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler())
 		metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler())
 		metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler())
 	case prometheusJWT:
-		fallthrough
-	default:
 		metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler()))
 		metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler()))
 		metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler()))