mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
add support for customizing redirect_uri for IDP (#12607)
This commit is contained in:
parent
a3f0288262
commit
4781e7580b
@ -109,17 +109,18 @@ func init() {
|
|||||||
const consolePrefix = "CONSOLE_"
|
const consolePrefix = "CONSOLE_"
|
||||||
|
|
||||||
func minioConfigToConsoleFeatures() {
|
func minioConfigToConsoleFeatures() {
|
||||||
os.Setenv("CONSOLE_PBKDF_PASSPHRASE", restapi.RandomCharString(16))
|
os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID)
|
||||||
os.Setenv("CONSOLE_PBKDF_SALT", restapi.RandomCharString(8))
|
os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID)
|
||||||
|
os.Setenv("CONSOLE_HMAC_JWT_SECRET", globalDeploymentID)
|
||||||
os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
|
os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
|
||||||
if value := os.Getenv("MINIO_LOG_QUERY_URL"); value != "" {
|
if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
|
||||||
os.Setenv("CONSOLE_LOG_QUERY_URL", value)
|
os.Setenv("CONSOLE_LOG_QUERY_URL", value)
|
||||||
}
|
}
|
||||||
if value := os.Getenv("MINIO_LOG_QUERY_AUTH_TOKEN"); value != "" {
|
if value := env.Get("MINIO_LOG_QUERY_AUTH_TOKEN", ""); value != "" {
|
||||||
os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value)
|
os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value)
|
||||||
}
|
}
|
||||||
// Enable if prometheus URL is set.
|
// Enable if prometheus URL is set.
|
||||||
if value := os.Getenv("MINIO_PROMETHEUS_URL"); value != "" {
|
if value := env.Get("MINIO_PROMETHEUS_URL", ""); value != "" {
|
||||||
os.Setenv("CONSOLE_PROMETHEUS_URL", value)
|
os.Setenv("CONSOLE_PROMETHEUS_URL", value)
|
||||||
}
|
}
|
||||||
// Enable if LDAP is enabled.
|
// Enable if LDAP is enabled.
|
||||||
@ -134,8 +135,12 @@ func minioConfigToConsoleFeatures() {
|
|||||||
os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret)
|
os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret)
|
||||||
}
|
}
|
||||||
os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
|
os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
|
||||||
os.Setenv("CONSOLE_CERT_PASSWD", os.Getenv("MINIO_CERT_PASSWD"))
|
os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", ""))
|
||||||
os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
|
if globalOpenIDConfig.RedirectURI != "" {
|
||||||
|
os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI)
|
||||||
|
} else {
|
||||||
|
os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func initConsoleServer() (*restapi.Server, error) {
|
func initConsoleServer() (*restapi.Server, error) {
|
||||||
|
@ -18,10 +18,10 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
|
"github.com/minio/pkg/env"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -46,15 +46,13 @@ const (
|
|||||||
func registerMetricsRouter(router *mux.Router) {
|
func registerMetricsRouter(router *mux.Router) {
|
||||||
// metrics router
|
// metrics router
|
||||||
metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter()
|
metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter()
|
||||||
authType := strings.ToLower(os.Getenv(EnvPrometheusAuthType))
|
authType := strings.ToLower(env.Get(EnvPrometheusAuthType, string(prometheusJWT)))
|
||||||
switch prometheusAuthType(authType) {
|
switch prometheusAuthType(authType) {
|
||||||
case prometheusPublic:
|
case prometheusPublic:
|
||||||
metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler())
|
metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler())
|
||||||
metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler())
|
metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler())
|
||||||
metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler())
|
metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler())
|
||||||
case prometheusJWT:
|
case prometheusJWT:
|
||||||
fallthrough
|
|
||||||
default:
|
|
||||||
metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler()))
|
metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler()))
|
||||||
metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler()))
|
metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler()))
|
||||||
metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler()))
|
metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler()))
|
||||||
|
@ -50,6 +50,12 @@ var (
|
|||||||
Optional: true,
|
Optional: true,
|
||||||
Type: "string",
|
Type: "string",
|
||||||
},
|
},
|
||||||
|
config.HelpKV{
|
||||||
|
Key: RedirectURI,
|
||||||
|
Description: `Configure custom redirect_uri for OpenID login flow callback`,
|
||||||
|
Optional: true,
|
||||||
|
Type: "string",
|
||||||
|
},
|
||||||
config.HelpKV{
|
config.HelpKV{
|
||||||
Key: Scopes,
|
Key: Scopes,
|
||||||
Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`,
|
Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`,
|
||||||
|
@ -46,6 +46,7 @@ type Config struct {
|
|||||||
URL *xnet.URL `json:"url,omitempty"`
|
URL *xnet.URL `json:"url,omitempty"`
|
||||||
ClaimPrefix string `json:"claimPrefix,omitempty"`
|
ClaimPrefix string `json:"claimPrefix,omitempty"`
|
||||||
ClaimName string `json:"claimName,omitempty"`
|
ClaimName string `json:"claimName,omitempty"`
|
||||||
|
RedirectURI string `json:"redirectURI,omitempty"`
|
||||||
DiscoveryDoc DiscoveryDoc
|
DiscoveryDoc DiscoveryDoc
|
||||||
ClientID string
|
ClientID string
|
||||||
ClientSecret string
|
ClientSecret string
|
||||||
@ -228,6 +229,7 @@ const (
|
|||||||
ClientID = "client_id"
|
ClientID = "client_id"
|
||||||
ClientSecret = "client_secret"
|
ClientSecret = "client_secret"
|
||||||
Scopes = "scopes"
|
Scopes = "scopes"
|
||||||
|
RedirectURI = "redirect_uri"
|
||||||
|
|
||||||
EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID"
|
EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID"
|
||||||
EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET"
|
EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET"
|
||||||
@ -235,6 +237,7 @@ const (
|
|||||||
EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL"
|
EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL"
|
||||||
EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME"
|
EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME"
|
||||||
EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX"
|
EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX"
|
||||||
|
EnvIdentityOpenIDRedirectURI = "MINIO_IDENTITY_OPENID_REDIRECT_URI"
|
||||||
EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES"
|
EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -304,6 +307,10 @@ var (
|
|||||||
Key: ClaimPrefix,
|
Key: ClaimPrefix,
|
||||||
Value: "",
|
Value: "",
|
||||||
},
|
},
|
||||||
|
config.KV{
|
||||||
|
Key: RedirectURI,
|
||||||
|
Value: "",
|
||||||
|
},
|
||||||
config.KV{
|
config.KV{
|
||||||
Key: Scopes,
|
Key: Scopes,
|
||||||
Value: "",
|
Value: "",
|
||||||
@ -334,6 +341,7 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io
|
|||||||
c = Config{
|
c = Config{
|
||||||
ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)),
|
ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)),
|
||||||
ClaimPrefix: env.Get(EnvIdentityOpenIDClaimPrefix, kvs.Get(ClaimPrefix)),
|
ClaimPrefix: env.Get(EnvIdentityOpenIDClaimPrefix, kvs.Get(ClaimPrefix)),
|
||||||
|
RedirectURI: env.Get(EnvIdentityOpenIDRedirectURI, kvs.Get(RedirectURI)),
|
||||||
publicKeys: make(map[string]crypto.PublicKey),
|
publicKeys: make(map[string]crypto.PublicKey),
|
||||||
ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)),
|
ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)),
|
||||||
ClientSecret: env.Get(EnvIdentityOpenIDClientSecret, kvs.Get(ClientSecret)),
|
ClientSecret: env.Get(EnvIdentityOpenIDClientSecret, kvs.Get(ClientSecret)),
|
||||||
|
Loading…
Reference in New Issue
Block a user