add support for customizing redirect_uri for IDP (#12607)

This commit is contained in:
Harshavardhana 2021-06-30 16:08:20 -07:00 committed by GitHub
parent a3f0288262
commit 4781e7580b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 11 deletions

View File

@ -109,17 +109,18 @@ func init() {
const consolePrefix = "CONSOLE_" const consolePrefix = "CONSOLE_"
func minioConfigToConsoleFeatures() { func minioConfigToConsoleFeatures() {
os.Setenv("CONSOLE_PBKDF_PASSPHRASE", restapi.RandomCharString(16)) os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID)
os.Setenv("CONSOLE_PBKDF_SALT", restapi.RandomCharString(8)) os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID)
os.Setenv("CONSOLE_HMAC_JWT_SECRET", globalDeploymentID)
os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0]) os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
if value := os.Getenv("MINIO_LOG_QUERY_URL"); value != "" { if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
os.Setenv("CONSOLE_LOG_QUERY_URL", value) os.Setenv("CONSOLE_LOG_QUERY_URL", value)
} }
if value := os.Getenv("MINIO_LOG_QUERY_AUTH_TOKEN"); value != "" { if value := env.Get("MINIO_LOG_QUERY_AUTH_TOKEN", ""); value != "" {
os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value) os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value)
} }
// Enable if prometheus URL is set. // Enable if prometheus URL is set.
if value := os.Getenv("MINIO_PROMETHEUS_URL"); value != "" { if value := env.Get("MINIO_PROMETHEUS_URL", ""); value != "" {
os.Setenv("CONSOLE_PROMETHEUS_URL", value) os.Setenv("CONSOLE_PROMETHEUS_URL", value)
} }
// Enable if LDAP is enabled. // Enable if LDAP is enabled.
@ -134,8 +135,12 @@ func minioConfigToConsoleFeatures() {
os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret) os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret)
} }
os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion) os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
os.Setenv("CONSOLE_CERT_PASSWD", os.Getenv("MINIO_CERT_PASSWD")) os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", ""))
os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback") if globalOpenIDConfig.RedirectURI != "" {
os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI)
} else {
os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
}
} }
func initConsoleServer() (*restapi.Server, error) { func initConsoleServer() (*restapi.Server, error) {

View File

@ -18,10 +18,10 @@
package cmd package cmd
import ( import (
"os"
"strings" "strings"
"github.com/gorilla/mux" "github.com/gorilla/mux"
"github.com/minio/pkg/env"
) )
const ( const (
@ -46,15 +46,13 @@ const (
func registerMetricsRouter(router *mux.Router) { func registerMetricsRouter(router *mux.Router) {
// metrics router // metrics router
metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter() metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter()
authType := strings.ToLower(os.Getenv(EnvPrometheusAuthType)) authType := strings.ToLower(env.Get(EnvPrometheusAuthType, string(prometheusJWT)))
switch prometheusAuthType(authType) { switch prometheusAuthType(authType) {
case prometheusPublic: case prometheusPublic:
metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler()) metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler())
metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler()) metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler())
metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler()) metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler())
case prometheusJWT: case prometheusJWT:
fallthrough
default:
metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler())) metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler()))
metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler())) metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler()))
metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler())) metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler()))

View File

@ -50,6 +50,12 @@ var (
Optional: true, Optional: true,
Type: "string", Type: "string",
}, },
config.HelpKV{
Key: RedirectURI,
Description: `Configure custom redirect_uri for OpenID login flow callback`,
Optional: true,
Type: "string",
},
config.HelpKV{ config.HelpKV{
Key: Scopes, Key: Scopes,
Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`, Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`,

View File

@ -46,6 +46,7 @@ type Config struct {
URL *xnet.URL `json:"url,omitempty"` URL *xnet.URL `json:"url,omitempty"`
ClaimPrefix string `json:"claimPrefix,omitempty"` ClaimPrefix string `json:"claimPrefix,omitempty"`
ClaimName string `json:"claimName,omitempty"` ClaimName string `json:"claimName,omitempty"`
RedirectURI string `json:"redirectURI,omitempty"`
DiscoveryDoc DiscoveryDoc DiscoveryDoc DiscoveryDoc
ClientID string ClientID string
ClientSecret string ClientSecret string
@ -228,6 +229,7 @@ const (
ClientID = "client_id" ClientID = "client_id"
ClientSecret = "client_secret" ClientSecret = "client_secret"
Scopes = "scopes" Scopes = "scopes"
RedirectURI = "redirect_uri"
EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID" EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID"
EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET" EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET"
@ -235,6 +237,7 @@ const (
EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL" EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL"
EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME" EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME"
EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX" EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX"
EnvIdentityOpenIDRedirectURI = "MINIO_IDENTITY_OPENID_REDIRECT_URI"
EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES" EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES"
) )
@ -304,6 +307,10 @@ var (
Key: ClaimPrefix, Key: ClaimPrefix,
Value: "", Value: "",
}, },
config.KV{
Key: RedirectURI,
Value: "",
},
config.KV{ config.KV{
Key: Scopes, Key: Scopes,
Value: "", Value: "",
@ -334,6 +341,7 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io
c = Config{ c = Config{
ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)), ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)),
ClaimPrefix: env.Get(EnvIdentityOpenIDClaimPrefix, kvs.Get(ClaimPrefix)), ClaimPrefix: env.Get(EnvIdentityOpenIDClaimPrefix, kvs.Get(ClaimPrefix)),
RedirectURI: env.Get(EnvIdentityOpenIDRedirectURI, kvs.Get(RedirectURI)),
publicKeys: make(map[string]crypto.PublicKey), publicKeys: make(map[string]crypto.PublicKey),
ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)), ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)),
ClientSecret: env.Get(EnvIdentityOpenIDClientSecret, kvs.Get(ClientSecret)), ClientSecret: env.Get(EnvIdentityOpenIDClientSecret, kvs.Get(ClientSecret)),