diff --git a/cmd/acl-handlers.go b/cmd/acl-handlers.go index 63573df71..eb1f3c1ea 100644 --- a/cmd/acl-handlers.go +++ b/cmd/acl-handlers.go @@ -25,7 +25,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // Data types used for returning dummy access control diff --git a/cmd/admin-bucket-handlers.go b/cmd/admin-bucket-handlers.go index 0bd15c80f..d22ed01cd 100644 --- a/cmd/admin-bucket-handlers.go +++ b/cmd/admin-bucket-handlers.go @@ -40,7 +40,7 @@ import ( "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/kms" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/admin-handler-utils.go b/cmd/admin-handler-utils.go index 3466c2973..595392771 100644 --- a/cmd/admin-handler-utils.go +++ b/cmd/admin-handler-utils.go @@ -27,7 +27,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // validateAdminReq will validate request against and return whether it is allowed. diff --git a/cmd/admin-handlers-config-kv.go b/cmd/admin-handlers-config-kv.go index 902d40c29..4afc6dfef 100644 --- a/cmd/admin-handlers-config-kv.go +++ b/cmd/admin-handlers-config-kv.go @@ -37,7 +37,7 @@ import ( "github.com/minio/minio/internal/config/subnet" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // DelConfigKVHandler - DELETE /minio/admin/v3/del-config-kv diff --git a/cmd/admin-handlers-idp-config.go b/cmd/admin-handlers-idp-config.go index b8336f0ad..8ba9dc5f8 100644 --- a/cmd/admin-handlers-idp-config.go +++ b/cmd/admin-handlers-idp-config.go @@ -32,8 +32,8 @@ import ( cfgldap "github.com/minio/minio/internal/config/identity/ldap" "github.com/minio/minio/internal/config/identity/openid" "github.com/minio/mux" - "github.com/minio/pkg/v2/ldap" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/ldap" + "github.com/minio/pkg/v3/policy" ) func addOrUpdateIDPHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, isUpdate bool) { diff --git a/cmd/admin-handlers-idp-ldap.go b/cmd/admin-handlers-idp-ldap.go index efef1f0b4..d34208f48 100644 --- a/cmd/admin-handlers-idp-ldap.go +++ b/cmd/admin-handlers-idp-ldap.go @@ -27,7 +27,8 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/auth" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + xldap "github.com/minio/pkg/v3/ldap" + "github.com/minio/pkg/v3/policy" ) // ListLDAPPolicyMappingEntities lists users/groups mapped to given/all policies. @@ -236,12 +237,12 @@ func (a adminAPIHandlers) AddServiceAccountLDAP(w http.ResponseWriter, r *http.R targetGroups = requestorGroups // Deny if the target user is not LDAP - foundLDAPDN, err := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(targetUser) + foundResult, err := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(targetUser) if err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } - if foundLDAPDN == "" { + if foundResult == nil { err := errors.New("Specified user does not exist on LDAP server") APIErr := errorCodes.ToAPIErrWithErr(ErrAdminNoSuchUser, err) writeErrorResponseJSON(ctx, w, APIErr, r.URL) @@ -264,7 +265,8 @@ func (a adminAPIHandlers) AddServiceAccountLDAP(w http.ResponseWriter, r *http.R isDN := globalIAMSys.LDAPConfig.ParsesAsDN(targetUser) opts.claims[ldapUserN] = targetUser // simple username - targetUser, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser) + var lookupResult *xldap.DNSearchResult + lookupResult, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser) if err != nil { // if not found, check if DN if strings.Contains(err.Error(), "User DN not found for:") { @@ -278,7 +280,13 @@ func (a adminAPIHandlers) AddServiceAccountLDAP(w http.ResponseWriter, r *http.R writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } + targetUser = lookupResult.NormDN opts.claims[ldapUser] = targetUser // DN + + // Add LDAP attributes that were looked up into the claims. + for attribKey, attribValue := range lookupResult.Attributes { + opts.claims[ldapAttribPrefix+attribKey] = attribValue + } } newCred, updatedAt, err := globalIAMSys.NewServiceAccount(ctx, targetUser, targetGroups, opts) @@ -385,15 +393,16 @@ func (a adminAPIHandlers) ListAccessKeysLDAP(w http.ResponseWriter, r *http.Requ } } - targetAccount, err := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(userDN) + dnResult, err := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(userDN) if err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } - if targetAccount == "" { + if dnResult == nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUser), r.URL) return } + targetAccount := dnResult.NormDN listType := r.Form.Get("listType") if listType != "sts-only" && listType != "svcacc-only" && listType != "" { diff --git a/cmd/admin-handlers-pools.go b/cmd/admin-handlers-pools.go index 9fc729d04..cd965582c 100644 --- a/cmd/admin-handlers-pools.go +++ b/cmd/admin-handlers-pools.go @@ -27,8 +27,8 @@ import ( "strings" "github.com/minio/mux" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/policy" ) var ( diff --git a/cmd/admin-handlers-site-replication.go b/cmd/admin-handlers-site-replication.go index 3ae0a0283..a44fb01cf 100644 --- a/cmd/admin-handlers-site-replication.go +++ b/cmd/admin-handlers-site-replication.go @@ -33,7 +33,7 @@ import ( "github.com/minio/madmin-go/v3" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // SiteReplicationAdd - PUT /minio/admin/v3/site-replication/add diff --git a/cmd/admin-handlers-users-race_test.go b/cmd/admin-handlers-users-race_test.go index 5d86d5d45..0e8ec10e1 100644 --- a/cmd/admin-handlers-users-race_test.go +++ b/cmd/admin-handlers-users-race_test.go @@ -32,7 +32,7 @@ import ( "github.com/minio/madmin-go/v3" minio "github.com/minio/minio-go/v7" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) func runAllIAMConcurrencyTests(suite *TestSuiteIAM, c *check) { diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index b37931400..abfc1d4cf 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -36,7 +36,8 @@ import ( "github.com/minio/minio/internal/cachevalue" "github.com/minio/minio/internal/config/dns" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + xldap "github.com/minio/pkg/v3/ldap" + "github.com/minio/pkg/v3/policy" "github.com/puzpuzpuz/xsync/v3" ) @@ -700,13 +701,20 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque // In case of LDAP we need to resolve the targetUser to a DN and // query their groups: opts.claims[ldapUserN] = targetUser // simple username - targetUser, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser) + var lookupResult *xldap.DNSearchResult + lookupResult, targetGroups, err = globalIAMSys.LDAPConfig.LookupUserDN(targetUser) if err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) return } + targetUser = lookupResult.NormDN opts.claims[ldapUser] = targetUser // username DN + // Add LDAP attributes that were looked up into the claims. + for attribKey, attribValue := range lookupResult.Attributes { + opts.claims[ldapAttribPrefix+attribKey] = attribValue + } + // NOTE: if not using LDAP, then internal IDP or open ID is // being used - in the former, group info is enforced when // generated credentials are used to make requests, and in the @@ -1636,22 +1644,22 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http // form of the entityName (which will be an LDAP DN). var err error if isGroup { - var foundGroupDN string + var foundGroupDN *xldap.DNSearchResult var underBaseDN bool if foundGroupDN, underBaseDN, err = globalIAMSys.LDAPConfig.GetValidatedGroupDN(nil, entityName); err != nil { iamLogIf(ctx, err) - } else if foundGroupDN == "" || !underBaseDN { + } else if foundGroupDN == nil || !underBaseDN { err = errNoSuchGroup } - entityName = foundGroupDN + entityName = foundGroupDN.NormDN } else { - var foundUserDN string + var foundUserDN *xldap.DNSearchResult if foundUserDN, err = globalIAMSys.LDAPConfig.GetValidatedDNForUsername(entityName); err != nil { iamLogIf(ctx, err) - } else if foundUserDN == "" { + } else if foundUserDN == nil { err = errNoSuchUser } - entityName = foundUserDN + entityName = foundUserDN.NormDN } if err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) diff --git a/cmd/admin-handlers-users_test.go b/cmd/admin-handlers-users_test.go index f91f63fca..3c6002733 100644 --- a/cmd/admin-handlers-users_test.go +++ b/cmd/admin-handlers-users_test.go @@ -39,7 +39,7 @@ import ( "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio-go/v7/pkg/signer" "github.com/minio/minio/internal/auth" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go index 029180282..f35ceb699 100644 --- a/cmd/admin-handlers.go +++ b/cmd/admin-handlers.go @@ -59,9 +59,9 @@ import ( "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/logger/message/log" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/logger/message/log" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/policy" "github.com/secure-io/sio-go" "github.com/zeebo/xxh3" ) diff --git a/cmd/admin-server-info.go b/cmd/admin-server-info.go index dbb28f47d..4a98f9ba6 100644 --- a/cmd/admin-server-info.go +++ b/cmd/admin-server-info.go @@ -30,7 +30,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/kms" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // getLocalServerProperty - returns madmin.ServerProperties for only the diff --git a/cmd/api-errors.go b/cmd/api-errors.go index 864586313..39846fd2e 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -48,7 +48,7 @@ import ( levent "github.com/minio/minio/internal/config/lambda/event" "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/hash" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // APIError structure diff --git a/cmd/api-response.go b/cmd/api-response.go index 10f9bb880..01a96cac4 100644 --- a/cmd/api-response.go +++ b/cmd/api-response.go @@ -35,7 +35,7 @@ import ( "github.com/minio/minio/internal/hash" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" xxml "github.com/minio/xxml" ) diff --git a/cmd/api-router.go b/cmd/api-router.go index a54761f5e..41259ce90 100644 --- a/cmd/api-router.go +++ b/cmd/api-router.go @@ -24,7 +24,7 @@ import ( consoleapi "github.com/minio/console/api" xhttp "github.com/minio/minio/internal/http" "github.com/minio/mux" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" "github.com/rs/cors" ) diff --git a/cmd/auth-handler.go b/cmd/auth-handler.go index 6b800a547..7f363957b 100644 --- a/cmd/auth-handler.go +++ b/cmd/auth-handler.go @@ -41,7 +41,7 @@ import ( xjwt "github.com/minio/minio/internal/jwt" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/mcontext" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // Verify if request has JWT. diff --git a/cmd/auth-handler_test.go b/cmd/auth-handler_test.go index 339ade5c5..a3d977fee 100644 --- a/cmd/auth-handler_test.go +++ b/cmd/auth-handler_test.go @@ -28,7 +28,7 @@ import ( "time" "github.com/minio/minio/internal/auth" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) type nullReader struct{} diff --git a/cmd/background-heal-ops.go b/cmd/background-heal-ops.go index 113939f90..8f9d349cc 100644 --- a/cmd/background-heal-ops.go +++ b/cmd/background-heal-ops.go @@ -25,7 +25,7 @@ import ( "time" "github.com/minio/madmin-go/v3" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // healTask represents what to heal along with options diff --git a/cmd/background-newdisks-heal-ops.go b/cmd/background-newdisks-heal-ops.go index acea42454..c68abf5b8 100644 --- a/cmd/background-newdisks-heal-ops.go +++ b/cmd/background-newdisks-heal-ops.go @@ -33,7 +33,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/cmd/batch-expire.go b/cmd/batch-expire.go index 9d86d6def..cd20cf2c2 100644 --- a/cmd/batch-expire.go +++ b/cmd/batch-expire.go @@ -33,9 +33,9 @@ import ( "github.com/minio/minio/internal/bucket/versioning" xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/wildcard" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/wildcard" + "github.com/minio/pkg/v3/workers" "gopkg.in/yaml.v3" ) diff --git a/cmd/batch-handlers.go b/cmd/batch-handlers.go index e3a4d2016..9375f9dce 100644 --- a/cmd/batch-handlers.go +++ b/cmd/batch-handlers.go @@ -48,10 +48,10 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/ioutil" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/workers" "gopkg.in/yaml.v3" ) diff --git a/cmd/batch-job-common-types.go b/cmd/batch-job-common-types.go index 3c256378b..83e1c554b 100644 --- a/cmd/batch-job-common-types.go +++ b/cmd/batch-job-common-types.go @@ -23,7 +23,7 @@ import ( "time" "github.com/dustin/go-humanize" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" "gopkg.in/yaml.v3" ) diff --git a/cmd/batch-rotate.go b/cmd/batch-rotate.go index c81a899ea..bf3a789b7 100644 --- a/cmd/batch-rotate.go +++ b/cmd/batch-rotate.go @@ -33,8 +33,8 @@ import ( "github.com/minio/minio/internal/crypto" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/kms" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/workers" ) // keyrotate: diff --git a/cmd/bootstrap-peer-server.go b/cmd/bootstrap-peer-server.go index 14a5baa2c..552e2e5ce 100644 --- a/cmd/bootstrap-peer-server.go +++ b/cmd/bootstrap-peer-server.go @@ -30,7 +30,7 @@ import ( "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/grid" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // To abstract a node over network. diff --git a/cmd/bucket-encryption-handlers.go b/cmd/bucket-encryption-handlers.go index e17edba78..1fe7631de 100644 --- a/cmd/bucket-encryption-handlers.go +++ b/cmd/bucket-encryption-handlers.go @@ -30,7 +30,7 @@ import ( "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go index b0ea4c3af..6949dc724 100644 --- a/cmd/bucket-handlers.go +++ b/cmd/bucket-handlers.go @@ -61,8 +61,8 @@ import ( "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/sync/errgroup" ) const ( diff --git a/cmd/bucket-lifecycle-handlers.go b/cmd/bucket-lifecycle-handlers.go index bb7741277..442086b9c 100644 --- a/cmd/bucket-lifecycle-handlers.go +++ b/cmd/bucket-lifecycle-handlers.go @@ -28,7 +28,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/bucket-lifecycle.go b/cmd/bucket-lifecycle.go index c95ed7d72..a1cd73db6 100644 --- a/cmd/bucket-lifecycle.go +++ b/cmd/bucket-lifecycle.go @@ -40,7 +40,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/s3select" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/zeebo/xxh3" ) diff --git a/cmd/bucket-listobjects-handlers.go b/cmd/bucket-listobjects-handlers.go index 0fc61cda0..1adb198bb 100644 --- a/cmd/bucket-listobjects-handlers.go +++ b/cmd/bucket-listobjects-handlers.go @@ -26,7 +26,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // Validate all the ListObjects query arguments, returns an APIErrorCode diff --git a/cmd/bucket-metadata-sys.go b/cmd/bucket-metadata-sys.go index d36bd1b18..6cf2d732c 100644 --- a/cmd/bucket-metadata-sys.go +++ b/cmd/bucket-metadata-sys.go @@ -37,8 +37,8 @@ import ( "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/sync/errgroup" ) // BucketMetadataSys captures all bucket metadata for a given cluster. diff --git a/cmd/bucket-metadata.go b/cmd/bucket-metadata.go index 8f2d72de0..5e04f08fb 100644 --- a/cmd/bucket-metadata.go +++ b/cmd/bucket-metadata.go @@ -41,7 +41,7 @@ import ( "github.com/minio/minio/internal/fips" "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/minio/sio" ) diff --git a/cmd/bucket-notification-handlers.go b/cmd/bucket-notification-handlers.go index e8da8ba72..c41823b4e 100644 --- a/cmd/bucket-notification-handlers.go +++ b/cmd/bucket-notification-handlers.go @@ -26,7 +26,7 @@ import ( "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/bucket-object-lock.go b/cmd/bucket-object-lock.go index ada088b5b..e08e13839 100644 --- a/cmd/bucket-object-lock.go +++ b/cmd/bucket-object-lock.go @@ -28,7 +28,7 @@ import ( "github.com/minio/minio/internal/bucket/replication" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // BucketObjectLockSys - map of bucket and retention configuration. diff --git a/cmd/bucket-policy-handlers.go b/cmd/bucket-policy-handlers.go index 3bea30ef7..994b0b0da 100644 --- a/cmd/bucket-policy-handlers.go +++ b/cmd/bucket-policy-handlers.go @@ -27,7 +27,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/bucket-policy-handlers_test.go b/cmd/bucket-policy-handlers_test.go index f299ebc5b..751820c8d 100644 --- a/cmd/bucket-policy-handlers_test.go +++ b/cmd/bucket-policy-handlers_test.go @@ -29,8 +29,8 @@ import ( "testing" "github.com/minio/minio/internal/auth" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/policy/condition" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/policy/condition" ) func getAnonReadOnlyBucketPolicy(bucketName string) *policy.BucketPolicy { diff --git a/cmd/bucket-policy.go b/cmd/bucket-policy.go index b8e1da5c8..4a2bd9249 100644 --- a/cmd/bucket-policy.go +++ b/cmd/bucket-policy.go @@ -32,7 +32,7 @@ import ( "github.com/minio/minio/internal/handlers" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // PolicySys - policy subsystem. diff --git a/cmd/bucket-replication-handlers.go b/cmd/bucket-replication-handlers.go index 29c066a08..5316d473f 100644 --- a/cmd/bucket-replication-handlers.go +++ b/cmd/bucket-replication-handlers.go @@ -34,7 +34,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // PutBucketReplicationConfigHandler - PUT Bucket replication configuration. diff --git a/cmd/bucket-versioning-handler.go b/cmd/bucket-versioning-handler.go index 31dc6fd4c..92b2c1466 100644 --- a/cmd/bucket-versioning-handler.go +++ b/cmd/bucket-versioning-handler.go @@ -28,7 +28,7 @@ import ( "github.com/minio/minio/internal/bucket/versioning" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/common-main.go b/cmd/common-main.go index a1437c0d3..151eff397 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -55,10 +55,10 @@ import ( "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/certs" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/certs" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" "golang.org/x/term" ) diff --git a/cmd/config-current.go b/cmd/config-current.go index ac8cd3ffb..5d1d136d1 100644 --- a/cmd/config-current.go +++ b/cmd/config-current.go @@ -56,7 +56,7 @@ import ( "github.com/minio/minio/internal/crypto" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) func initHelp() { diff --git a/cmd/config-migrate.go b/cmd/config-migrate.go index 380a58404..30d2e085e 100644 --- a/cmd/config-migrate.go +++ b/cmd/config-migrate.go @@ -33,8 +33,8 @@ import ( "github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/event/target" "github.com/minio/minio/internal/logger" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/quick" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/quick" ) // Save config file to corresponding backend diff --git a/cmd/config-versions.go b/cmd/config-versions.go index 63012afee..020bfa440 100644 --- a/cmd/config-versions.go +++ b/cmd/config-versions.go @@ -27,7 +27,7 @@ import ( "github.com/minio/minio/internal/config/policy/opa" "github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/quick" + "github.com/minio/pkg/v3/quick" ) // FileLogger is introduced to workaround the dependency about logrus diff --git a/cmd/consolelogger.go b/cmd/consolelogger.go index a9ba6a380..bbc8e6f39 100644 --- a/cmd/consolelogger.go +++ b/cmd/consolelogger.go @@ -29,8 +29,8 @@ import ( "github.com/minio/minio/internal/logger/target/console" "github.com/minio/minio/internal/logger/target/types" "github.com/minio/minio/internal/pubsub" - "github.com/minio/pkg/v2/logger/message/log" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/logger/message/log" + xnet "github.com/minio/pkg/v3/net" ) // number of log messages to buffer diff --git a/cmd/data-scanner.go b/cmd/data-scanner.go index 9ab1bf64f..090578ab2 100644 --- a/cmd/data-scanner.go +++ b/cmd/data-scanner.go @@ -43,7 +43,7 @@ import ( "github.com/minio/minio/internal/config/heal" "github.com/minio/minio/internal/event" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/console" + "github.com/minio/pkg/v3/console" uatomic "go.uber.org/atomic" ) diff --git a/cmd/dummy-handlers.go b/cmd/dummy-handlers.go index f92c66743..9f9552e8f 100644 --- a/cmd/dummy-handlers.go +++ b/cmd/dummy-handlers.go @@ -22,7 +22,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // Data types used for returning dummy tagging XML. diff --git a/cmd/endpoint-ellipses.go b/cmd/endpoint-ellipses.go index 72f3c2180..702992f3b 100644 --- a/cmd/endpoint-ellipses.go +++ b/cmd/endpoint-ellipses.go @@ -28,8 +28,8 @@ import ( "github.com/cespare/xxhash/v2" "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/ellipses" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/ellipses" + "github.com/minio/pkg/v3/env" ) // This file implements and supports ellipses pattern for diff --git a/cmd/endpoint-ellipses_test.go b/cmd/endpoint-ellipses_test.go index 6714ea923..ee5b27ee4 100644 --- a/cmd/endpoint-ellipses_test.go +++ b/cmd/endpoint-ellipses_test.go @@ -22,7 +22,7 @@ import ( "reflect" "testing" - "github.com/minio/pkg/v2/ellipses" + "github.com/minio/pkg/v3/ellipses" ) // Tests create endpoints with ellipses and without. diff --git a/cmd/endpoint.go b/cmd/endpoint.go index 1709883dd..f3247b024 100644 --- a/cmd/endpoint.go +++ b/cmd/endpoint.go @@ -36,8 +36,8 @@ import ( "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/mountinfo" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" "golang.org/x/exp/slices" ) diff --git a/cmd/erasure-common.go b/cmd/erasure-common.go index 1cc32d08d..869571a54 100644 --- a/cmd/erasure-common.go +++ b/cmd/erasure-common.go @@ -25,7 +25,7 @@ import ( "sync" "time" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) func (er erasureObjects) getOnlineDisks() (newDisks []StorageAPI) { diff --git a/cmd/erasure-healing.go b/cmd/erasure-healing.go index 5829f1a92..54e43b199 100644 --- a/cmd/erasure-healing.go +++ b/cmd/erasure-healing.go @@ -31,7 +31,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/grid" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) //go:generate stringer -type=healingMetric -trimprefix=healingMetric $GOFILE diff --git a/cmd/erasure-metadata-utils.go b/cmd/erasure-metadata-utils.go index 6ca77cdb3..d742425cc 100644 --- a/cmd/erasure-metadata-utils.go +++ b/cmd/erasure-metadata-utils.go @@ -23,7 +23,7 @@ import ( "errors" "hash/crc32" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) // counterMap type adds GetValueWithQuorum method to a map[T]int used to count occurrences of values of type T. diff --git a/cmd/erasure-metadata.go b/cmd/erasure-metadata.go index 5c9716a0e..41f276e24 100644 --- a/cmd/erasure-metadata.go +++ b/cmd/erasure-metadata.go @@ -30,7 +30,7 @@ import ( "github.com/minio/minio/internal/crypto" "github.com/minio/minio/internal/hash/sha256" xhttp "github.com/minio/minio/internal/http" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) // Object was stored with additional erasure codes due to degraded system at upload time diff --git a/cmd/erasure-multipart.go b/cmd/erasure-multipart.go index e81a3decc..6700e2ae1 100644 --- a/cmd/erasure-multipart.go +++ b/cmd/erasure-multipart.go @@ -39,8 +39,8 @@ import ( xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/mimedb" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/mimedb" + "github.com/minio/pkg/v3/sync/errgroup" ) func (er erasureObjects) getUploadIDDir(bucket, object, uploadID string) string { diff --git a/cmd/erasure-object.go b/cmd/erasure-object.go index 864d19e47..75151b6de 100644 --- a/cmd/erasure-object.go +++ b/cmd/erasure-object.go @@ -46,8 +46,8 @@ import ( xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/mimedb" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/mimedb" + "github.com/minio/pkg/v3/sync/errgroup" ) // list all errors which can be ignored in object operations. diff --git a/cmd/erasure-server-pool-decom.go b/cmd/erasure-server-pool-decom.go index 946350af5..afc47c0bd 100644 --- a/cmd/erasure-server-pool-decom.go +++ b/cmd/erasure-server-pool-decom.go @@ -37,9 +37,9 @@ import ( "github.com/minio/minio/internal/bucket/versioning" "github.com/minio/minio/internal/hash" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/workers" ) // PoolDecommissionInfo currently decommissioning information diff --git a/cmd/erasure-server-pool-rebalance.go b/cmd/erasure-server-pool-rebalance.go index e645792b1..59b537b2a 100644 --- a/cmd/erasure-server-pool-rebalance.go +++ b/cmd/erasure-server-pool-rebalance.go @@ -39,8 +39,8 @@ import ( "github.com/minio/minio/internal/hash" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/workers" ) //go:generate msgp -file $GOFILE -unexported diff --git a/cmd/erasure-server-pool.go b/cmd/erasure-server-pool.go index 16b380547..6eb3df616 100644 --- a/cmd/erasure-server-pool.go +++ b/cmd/erasure-server-pool.go @@ -43,8 +43,8 @@ import ( "github.com/minio/minio/internal/config/storageclass" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/sync/errgroup" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/sync/errgroup" + "github.com/minio/pkg/v3/wildcard" ) type erasureServerPools struct { diff --git a/cmd/erasure-sets.go b/cmd/erasure-sets.go index dae388364..021e29c28 100644 --- a/cmd/erasure-sets.go +++ b/cmd/erasure-sets.go @@ -38,8 +38,8 @@ import ( "github.com/minio/minio/internal/dsync" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/sync/errgroup" ) // setsDsyncLockers is encapsulated type for Close() diff --git a/cmd/erasure.go b/cmd/erasure.go index 72e3a2e0c..08e26bd27 100644 --- a/cmd/erasure.go +++ b/cmd/erasure.go @@ -31,7 +31,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/dsync" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) // list all errors that can be ignore in a bucket operation. diff --git a/cmd/event-notification.go b/cmd/event-notification.go index 4d177db3f..c113706f8 100644 --- a/cmd/event-notification.go +++ b/cmd/event-notification.go @@ -29,7 +29,7 @@ import ( "github.com/minio/minio/internal/event" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/pubsub" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // EventNotifier - notifies external systems about events in MinIO. diff --git a/cmd/format-erasure.go b/cmd/format-erasure.go index ba10a497a..93b0a4a76 100644 --- a/cmd/format-erasure.go +++ b/cmd/format-erasure.go @@ -32,7 +32,7 @@ import ( "github.com/minio/minio/internal/config/storageclass" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) const ( diff --git a/cmd/ftp-server-driver.go b/cmd/ftp-server-driver.go index 0053bfb0a..beb812e86 100644 --- a/cmd/ftp-server-driver.go +++ b/cmd/ftp-server-driver.go @@ -34,7 +34,7 @@ import ( "github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/minio/internal/auth" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/mimedb" + "github.com/minio/pkg/v3/mimedb" ftp "goftp.io/server/v2" ) @@ -260,11 +260,11 @@ func (driver *ftpDriver) CheckPasswd(c *ftp.Context, username, password string) return false, err } if errors.Is(err, errNoSuchServiceAccount) { - ldapUserDN, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(username, password) + lookupRes, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(username, password) if err != nil { return false, err } - ldapPolicies, _ := globalIAMSys.PolicyDBGet(ldapUserDN, groupDistNames...) + ldapPolicies, _ := globalIAMSys.PolicyDBGet(lookupRes.NormDN, groupDistNames...) return len(ldapPolicies) > 0, nil } return subtle.ConstantTimeCompare([]byte(sa.Credentials.SecretKey), []byte(password)) == 1, nil @@ -290,11 +290,11 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error) var mcreds *credentials.Credentials if errors.Is(err, errNoSuchServiceAccount) { - targetUser, targetGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(ctx.Sess.LoginUser()) + lookupResult, targetGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(ctx.Sess.LoginUser()) if err != nil { return nil, err } - ldapPolicies, _ := globalIAMSys.PolicyDBGet(targetUser, targetGroups...) + ldapPolicies, _ := globalIAMSys.PolicyDBGet(lookupResult.NormDN, targetGroups...) if len(ldapPolicies) == 0 { return nil, errAuthentication } @@ -304,9 +304,15 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error) } claims := make(map[string]interface{}) claims[expClaim] = UTCNow().Add(expiryDur).Unix() - claims[ldapUser] = targetUser + + claims[ldapUser] = lookupResult.NormDN claims[ldapUserN] = ctx.Sess.LoginUser() + // Add LDAP attributes that were looked up into the claims. + for attribKey, attribValue := range lookupResult.Attributes { + claims[ldapAttribPrefix+attribKey] = attribValue + } + cred, err := auth.GetNewCredentialsWithMetadata(claims, globalActiveCred.SecretKey) if err != nil { return nil, err @@ -314,7 +320,7 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error) // Set the parent of the temporary access key, this is useful // in obtaining service accounts by this cred. - cred.ParentUser = targetUser + cred.ParentUser = lookupResult.NormDN // Set this value to LDAP groups, LDAP user can be part // of large number of groups diff --git a/cmd/generic-handlers.go b/cmd/generic-handlers.go index 8c7a40270..7bb8e07d2 100644 --- a/cmd/generic-handlers.go +++ b/cmd/generic-handlers.go @@ -32,7 +32,7 @@ import ( "github.com/minio/minio-go/v7/pkg/s3utils" "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/grid" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "golang.org/x/exp/maps" "golang.org/x/exp/slices" diff --git a/cmd/global-heal.go b/cmd/global-heal.go index 1152628c7..5cc7a0235 100644 --- a/cmd/global-heal.go +++ b/cmd/global-heal.go @@ -35,9 +35,9 @@ import ( "github.com/minio/minio/internal/color" "github.com/minio/minio/internal/config/storageclass" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/wildcard" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/wildcard" + "github.com/minio/pkg/v3/workers" ) const ( diff --git a/cmd/globals.go b/cmd/globals.go index 9ac5890c9..a5a6e7ece 100644 --- a/cmd/globals.go +++ b/cmd/globals.go @@ -56,9 +56,9 @@ import ( levent "github.com/minio/minio/internal/config/lambda/event" "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/pubsub" - "github.com/minio/pkg/v2/certs" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/certs" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" ) // minio configuration related constants. diff --git a/cmd/handler-utils.go b/cmd/handler-utils.go index 60253d100..d0b4d0250 100644 --- a/cmd/handler-utils.go +++ b/cmd/handler-utils.go @@ -32,7 +32,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/mcontext" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "golang.org/x/exp/maps" "golang.org/x/exp/slices" ) diff --git a/cmd/iam-store.go b/cmd/iam-store.go index 175fdbd42..d6b2c3640 100644 --- a/cmd/iam-store.go +++ b/cmd/iam-store.go @@ -33,7 +33,7 @@ import ( "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config/identity/openid" "github.com/minio/minio/internal/jwt" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/puzpuzpuz/xsync/v3" ) diff --git a/cmd/iam.go b/cmd/iam.go index 7ba26e593..0e5b95ef8 100644 --- a/cmd/iam.go +++ b/cmd/iam.go @@ -49,8 +49,8 @@ import ( xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/jwt" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/ldap" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/ldap" + "github.com/minio/pkg/v3/policy" etcd "go.etcd.io/etcd/client/v3" ) @@ -1510,13 +1510,13 @@ func (sys *IAMSys) NormalizeLDAPAccessKeypairs(ctx context.Context, accessKeyMap collectedErrors = append(collectedErrors, fmt.Errorf("could not validate `%s` exists in LDAP directory: %w", parent, err)) continue } - if validatedParent == "" || !isUnderBaseDN { + if validatedParent == nil || !isUnderBaseDN { err := fmt.Errorf("DN `%s` was not found in the LDAP directory", parent) collectedErrors = append(collectedErrors, err) continue } - if validatedParent != parent { + if validatedParent.NormDN != parent { hasDiff = true } @@ -1529,21 +1529,21 @@ func (sys *IAMSys) NormalizeLDAPAccessKeypairs(ctx context.Context, accessKeyMap collectedErrors = append(collectedErrors, fmt.Errorf("could not validate `%s` exists in LDAP directory: %w", group, err)) continue } - if validatedGroup == "" { + if validatedGroup == nil { err := fmt.Errorf("DN `%s` was not found in the LDAP directory", group) collectedErrors = append(collectedErrors, err) continue } - if validatedGroup != group { + if validatedGroup.NormDN != group { hasDiff = true } - normalizedGroups = append(normalizedGroups, validatedGroup) + normalizedGroups = append(normalizedGroups, validatedGroup.NormDN) } if hasDiff { updatedCreateReq := createReq - updatedCreateReq.Parent = validatedParent + updatedCreateReq.Parent = validatedParent.NormDN updatedCreateReq.Groups = normalizedGroups updatedKeysMap[ak] = updatedCreateReq @@ -1615,7 +1615,7 @@ func (sys *IAMSys) NormalizeLDAPMappingImport(ctx context.Context, isGroup bool, // We map keys that correspond to LDAP DNs and validate that they exist in // the LDAP server. - var dnValidator func(*libldap.Conn, string) (string, bool, error) = sys.LDAPConfig.GetValidatedUserDN + var dnValidator func(*libldap.Conn, string) (*ldap.DNSearchResult, bool, error) = sys.LDAPConfig.GetValidatedUserDN if isGroup { dnValidator = sys.LDAPConfig.GetValidatedGroupDN } @@ -1634,14 +1634,14 @@ func (sys *IAMSys) NormalizeLDAPMappingImport(ctx context.Context, isGroup bool, collectedErrors = append(collectedErrors, fmt.Errorf("could not validate `%s` exists in LDAP directory: %w", k, err)) continue } - if validatedDN == "" || !underBaseDN { + if validatedDN == nil || !underBaseDN { err := fmt.Errorf("DN `%s` was not found in the LDAP directory", k) collectedErrors = append(collectedErrors, err) continue } - if validatedDN != k { - normalizedDNKeysMap[validatedDN] = append(normalizedDNKeysMap[validatedDN], k) + if validatedDN.NormDN != k { + normalizedDNKeysMap[validatedDN.NormDN] = append(normalizedDNKeysMap[validatedDN.NormDN], k) } } @@ -1948,37 +1948,39 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool, } var dn string + var dnResult *ldap.DNSearchResult var isGroup bool if r.User != "" { - dn, err = sys.LDAPConfig.GetValidatedDNForUsername(r.User) + dnResult, err = sys.LDAPConfig.GetValidatedDNForUsername(r.User) if err != nil { iamLogIf(ctx, err) return } - if dn == "" { - // Still attempt to detach if provided user is a DN. + if dnResult == nil { + // dn not found - still attempt to detach if provided user is a DN. if !isAttach && sys.LDAPConfig.IsLDAPUserDN(r.User) { dn = r.User } else { err = errNoSuchUser return } + } else { + dn = dnResult.NormDN } isGroup = false } else { if isAttach { - var foundGroupDN string var underBaseDN bool - if foundGroupDN, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil { + if dnResult, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil { iamLogIf(ctx, err) return - } else if foundGroupDN == "" || !underBaseDN { + } else if dnResult == nil || !underBaseDN { err = errNoSuchGroup return } // We use the group DN returned by the LDAP server (this may not // equal the input group name, but we assume it is canonical). - dn = foundGroupDN + dn = dnResult.NormDN } else { dn = r.Group } diff --git a/cmd/jwt.go b/cmd/jwt.go index 8a91b763d..0bb46369e 100644 --- a/cmd/jwt.go +++ b/cmd/jwt.go @@ -28,7 +28,7 @@ import ( "github.com/minio/minio/internal/auth" xjwt "github.com/minio/minio/internal/jwt" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) const ( diff --git a/cmd/kms-handlers.go b/cmd/kms-handlers.go index be9ed40bf..e77a3ea68 100644 --- a/cmd/kms-handlers.go +++ b/cmd/kms-handlers.go @@ -26,7 +26,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/kms" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // KMSStatusHandler - GET /minio/kms/v1/status diff --git a/cmd/listen-notification-handlers.go b/cmd/listen-notification-handlers.go index 709543047..50743f7d6 100644 --- a/cmd/listen-notification-handlers.go +++ b/cmd/listen-notification-handlers.go @@ -29,7 +29,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/pubsub" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) func (api objectAPIHandlers) ListenNotificationHandler(w http.ResponseWriter, r *http.Request) { diff --git a/cmd/main.go b/cmd/main.go index 9bcdc0f0d..b8f572cc1 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -32,10 +32,10 @@ import ( "github.com/minio/cli" "github.com/minio/minio/internal/color" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/env" - "github.com/minio/pkg/v2/trie" - "github.com/minio/pkg/v2/words" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/env" + "github.com/minio/pkg/v3/trie" + "github.com/minio/pkg/v3/words" ) // GlobalFlags - global flags for minio. diff --git a/cmd/metacache-bucket.go b/cmd/metacache-bucket.go index a0ecfe7ef..821db5b4d 100644 --- a/cmd/metacache-bucket.go +++ b/cmd/metacache-bucket.go @@ -26,7 +26,7 @@ import ( "time" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/console" + "github.com/minio/pkg/v3/console" ) // a bucketMetacache keeps track of all caches generated diff --git a/cmd/metacache-entries.go b/cmd/metacache-entries.go index 94f274c9a..2c471010f 100644 --- a/cmd/metacache-entries.go +++ b/cmd/metacache-entries.go @@ -27,7 +27,7 @@ import ( "strings" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/console" + "github.com/minio/pkg/v3/console" ) // metaCacheEntry is an object or a directory within an unknown bucket. diff --git a/cmd/metacache-set.go b/cmd/metacache-set.go index 1c9a6d085..17259c93d 100644 --- a/cmd/metacache-set.go +++ b/cmd/metacache-set.go @@ -38,7 +38,7 @@ import ( "github.com/minio/minio/internal/color" "github.com/minio/minio/internal/hash" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/console" + "github.com/minio/pkg/v3/console" ) //go:generate msgp -file $GOFILE -unexported diff --git a/cmd/metrics-router.go b/cmd/metrics-router.go index b34d93a8a..e3078a7fc 100644 --- a/cmd/metrics-router.go +++ b/cmd/metrics-router.go @@ -22,7 +22,7 @@ import ( "strings" "github.com/minio/mux" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/cmd/metrics.go b/cmd/metrics.go index da11af44c..42ae31a7b 100644 --- a/cmd/metrics.go +++ b/cmd/metrics.go @@ -24,7 +24,7 @@ import ( "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/mcontext" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/common/expfmt" ) diff --git a/cmd/mrf.go b/cmd/mrf.go index 21fdde819..27ec966fa 100644 --- a/cmd/mrf.go +++ b/cmd/mrf.go @@ -23,7 +23,7 @@ import ( "github.com/google/uuid" "github.com/minio/madmin-go/v3" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" ) const ( diff --git a/cmd/net.go b/cmd/net.go index 50b6b2280..2181cbaeb 100644 --- a/cmd/net.go +++ b/cmd/net.go @@ -29,7 +29,7 @@ import ( "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/logger" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // IPv4 addresses of local host. diff --git a/cmd/notification.go b/cmd/notification.go index 96541e929..df5c10df2 100644 --- a/cmd/notification.go +++ b/cmd/notification.go @@ -34,9 +34,9 @@ import ( "github.com/klauspost/compress/zip" "github.com/minio/madmin-go/v3" xioutil "github.com/minio/minio/internal/ioutil" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/sync/errgroup" - "github.com/minio/pkg/v2/workers" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/sync/errgroup" + "github.com/minio/pkg/v3/workers" "github.com/minio/minio/internal/bucket/bandwidth" "github.com/minio/minio/internal/logger" diff --git a/cmd/object-api-utils.go b/cmd/object-api-utils.go index 9e7ef8ffe..cc84b8935 100644 --- a/cmd/object-api-utils.go +++ b/cmd/object-api-utils.go @@ -48,8 +48,8 @@ import ( "github.com/minio/minio/internal/ioutil" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/trie" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/trie" + "github.com/minio/pkg/v3/wildcard" "github.com/valyala/bytebufferpool" "golang.org/x/exp/slices" ) diff --git a/cmd/object-api-utils_test.go b/cmd/object-api-utils_test.go index 794e00348..4caef275d 100644 --- a/cmd/object-api-utils_test.go +++ b/cmd/object-api-utils_test.go @@ -34,7 +34,7 @@ import ( "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config/compress" "github.com/minio/minio/internal/crypto" - "github.com/minio/pkg/v2/trie" + "github.com/minio/pkg/v3/trie" ) func pathJoinOld(elem ...string) string { diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 655f4729f..a3642b424 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -64,7 +64,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/s3select" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/valyala/bytebufferpool" ) diff --git a/cmd/object-lambda-handlers.go b/cmd/object-lambda-handlers.go index 6916cc904..d756c70f6 100644 --- a/cmd/object-lambda-handlers.go +++ b/cmd/object-lambda-handlers.go @@ -29,7 +29,7 @@ import ( miniogo "github.com/minio/minio-go/v7" "github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/minio/minio/internal/auth" levent "github.com/minio/minio/internal/config/lambda/event" diff --git a/cmd/object-multipart-handlers.go b/cmd/object-multipart-handlers.go index 2354f94eb..328494efc 100644 --- a/cmd/object-multipart-handlers.go +++ b/cmd/object-multipart-handlers.go @@ -48,7 +48,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/minio/sio" ) diff --git a/cmd/peer-rest-client.go b/cmd/peer-rest-client.go index 4a888484c..24c45597a 100644 --- a/cmd/peer-rest-client.go +++ b/cmd/peer-rest-client.go @@ -36,7 +36,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/rest" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // client to talk to peer Nodes. diff --git a/cmd/peer-rest-server.go b/cmd/peer-rest-server.go index 88bd41504..06fdb8e95 100644 --- a/cmd/peer-rest-server.go +++ b/cmd/peer-rest-server.go @@ -45,7 +45,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/pubsub" "github.com/minio/mux" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) // To abstract a node over network. diff --git a/cmd/peer-s3-client.go b/cmd/peer-s3-client.go index d6cf8a06b..344e9f204 100644 --- a/cmd/peer-s3-client.go +++ b/cmd/peer-s3-client.go @@ -28,7 +28,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/grid" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" "golang.org/x/exp/slices" ) diff --git a/cmd/peer-s3-server.go b/cmd/peer-s3-server.go index a41d139c0..65597f469 100644 --- a/cmd/peer-s3-server.go +++ b/cmd/peer-s3-server.go @@ -22,7 +22,7 @@ import ( "errors" "github.com/minio/madmin-go/v3" - "github.com/minio/pkg/v2/sync/errgroup" + "github.com/minio/pkg/v3/sync/errgroup" ) const ( diff --git a/cmd/perf-tests.go b/cmd/perf-tests.go index 961deaf65..5e2c77be3 100644 --- a/cmd/perf-tests.go +++ b/cmd/perf-tests.go @@ -36,7 +36,7 @@ import ( "github.com/minio/minio-go/v7/pkg/credentials" xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/randreader" + "github.com/minio/pkg/v3/randreader" ) // SpeedTestResult return value of the speedtest function diff --git a/cmd/policy_test.go b/cmd/policy_test.go index b4da5943b..bd9c9add5 100644 --- a/cmd/policy_test.go +++ b/cmd/policy_test.go @@ -23,8 +23,8 @@ import ( miniogopolicy "github.com/minio/minio-go/v7/pkg/policy" "github.com/minio/minio-go/v7/pkg/set" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/policy/condition" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/policy/condition" ) func TestPolicySysIsAllowed(t *testing.T) { diff --git a/cmd/s3-zip-handlers.go b/cmd/s3-zip-handlers.go index d97d65451..75311a516 100644 --- a/cmd/s3-zip-handlers.go +++ b/cmd/s3-zip-handlers.go @@ -32,7 +32,7 @@ import ( "github.com/minio/minio/internal/crypto" xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "github.com/minio/zipindex" ) diff --git a/cmd/server-main.go b/cmd/server-main.go index 3a25428b0..527976abb 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -51,8 +51,8 @@ import ( xhttp "github.com/minio/minio/internal/http" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/certs" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/certs" + "github.com/minio/pkg/v3/env" "golang.org/x/exp/slices" "gopkg.in/yaml.v2" ) diff --git a/cmd/server-rlimit.go b/cmd/server-rlimit.go index 51fe8a811..69e0a7651 100644 --- a/cmd/server-rlimit.go +++ b/cmd/server-rlimit.go @@ -25,7 +25,7 @@ import ( "github.com/minio/cli" "github.com/minio/madmin-go/v3/kernel" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/sys" + "github.com/minio/pkg/v3/sys" ) func oldLinux() bool { diff --git a/cmd/server-startup-msg.go b/cmd/server-startup-msg.go index db77d75c6..b38ca3230 100644 --- a/cmd/server-startup-msg.go +++ b/cmd/server-startup-msg.go @@ -26,7 +26,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/color" "github.com/minio/minio/internal/logger" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // generates format string depending on the string length and padding. diff --git a/cmd/server_test.go b/cmd/server_test.go index 037a3ea95..b5a57ccc3 100644 --- a/cmd/server_test.go +++ b/cmd/server_test.go @@ -37,7 +37,7 @@ import ( "github.com/dustin/go-humanize" "github.com/minio/minio-go/v7/pkg/set" xhttp "github.com/minio/minio/internal/http" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // API suite container common to both ErasureSD and Erasure. diff --git a/cmd/sftp-server-driver.go b/cmd/sftp-server-driver.go index 4183549e0..23f8c1a83 100644 --- a/cmd/sftp-server-driver.go +++ b/cmd/sftp-server-driver.go @@ -34,7 +34,7 @@ import ( "github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/minio/internal/auth" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/mimedb" + "github.com/minio/pkg/v3/mimedb" "github.com/pkg/sftp" "golang.org/x/crypto/ssh" ) @@ -101,7 +101,7 @@ func (f *sftpDriver) getMinIOClient() (*minio.Client, error) { } var mcreds *credentials.Credentials if errors.Is(err, errNoSuchServiceAccount) { - targetUser, targetGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(f.AccessKey()) + lookupResult, targetGroups, err := globalIAMSys.LDAPConfig.LookupUserDN(f.AccessKey()) if err != nil { return nil, err } @@ -115,6 +115,14 @@ func (f *sftpDriver) getMinIOClient() (*minio.Client, error) { claims[k] = v } + // Set LDAP claims. + claims[ldapUserN] = f.AccessKey() + claims[ldapUser] = lookupResult.NormDN + // Add LDAP attributes that were looked up into the claims. + for attribKey, attribValue := range lookupResult.Attributes { + claims[ldapAttribPrefix+attribKey] = attribValue + } + cred, err := auth.GetNewCredentialsWithMetadata(claims, globalActiveCred.SecretKey) if err != nil { return nil, err @@ -122,7 +130,7 @@ func (f *sftpDriver) getMinIOClient() (*minio.Client, error) { // Set the parent of the temporary access key, this is useful // in obtaining service accounts by this cred. - cred.ParentUser = targetUser + cred.ParentUser = lookupResult.NormDN // Set this value to LDAP groups, LDAP user can be part // of large number of groups diff --git a/cmd/sftp-server.go b/cmd/sftp-server.go index 6e448e7ff..576767e25 100644 --- a/cmd/sftp-server.go +++ b/cmd/sftp-server.go @@ -30,7 +30,7 @@ import ( "time" "github.com/minio/minio/internal/logger" - xsftp "github.com/minio/pkg/v2/sftp" + xsftp "github.com/minio/pkg/v3/sftp" "github.com/pkg/sftp" "golang.org/x/crypto/ssh" ) @@ -238,20 +238,30 @@ func startSFTPServer(args []string) { return nil, err } if errors.Is(err, errNoSuchServiceAccount) { - targetUser, targetGroups, err := globalIAMSys.LDAPConfig.Bind(c.User(), string(pass)) + lookupResult, targetGroups, err := globalIAMSys.LDAPConfig.Bind(c.User(), string(pass)) if err != nil { return nil, err } + targetUser := lookupResult.NormDN ldapPolicies, _ := globalIAMSys.PolicyDBGet(targetUser, targetGroups...) if len(ldapPolicies) == 0 { return nil, errAuthentication } + criticalOptions := map[string]string{ + ldapUser: targetUser, + ldapUserN: c.User(), + } + for attribKey, attribValue := range lookupResult.Attributes { + // we skip multi-value attributes here, as they cannot + // be stored in the critical options. + if len(attribValue) == 1 { + criticalOptions[ldapAttribPrefix+attribKey] = attribValue[0] + } + } + return &ssh.Permissions{ - CriticalOptions: map[string]string{ - ldapUser: targetUser, - ldapUserN: c.User(), - }, - Extensions: make(map[string]string), + CriticalOptions: criticalOptions, + Extensions: make(map[string]string), }, nil } if subtle.ConstantTimeCompare([]byte(sa.Credentials.SecretKey), pass) == 1 { diff --git a/cmd/signature-v4-utils.go b/cmd/signature-v4-utils.go index 07374858b..c821c3ebc 100644 --- a/cmd/signature-v4-utils.go +++ b/cmd/signature-v4-utils.go @@ -30,7 +30,7 @@ import ( "github.com/minio/minio/internal/hash/sha256" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" "golang.org/x/exp/slices" ) diff --git a/cmd/site-replication.go b/cmd/site-replication.go index 8cfb7ad98..19412bba3 100644 --- a/cmd/site-replication.go +++ b/cmd/site-replication.go @@ -45,7 +45,8 @@ import ( "github.com/minio/minio/internal/bucket/lifecycle" sreplication "github.com/minio/minio/internal/bucket/replication" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/policy" + xldap "github.com/minio/pkg/v3/ldap" + "github.com/minio/pkg/v3/policy" "github.com/puzpuzpuz/xsync/v3" ) @@ -1435,22 +1436,22 @@ func (c *SiteReplicationSys) PeerPolicyMappingHandler(ctx context.Context, mappi // form of the entityName (which will be an LDAP DN). var err error if isGroup { - var foundGroupDN string + var foundGroupDN *xldap.DNSearchResult var underBaseDN bool if foundGroupDN, underBaseDN, err = globalIAMSys.LDAPConfig.GetValidatedGroupDN(nil, entityName); err != nil { iamLogIf(ctx, err) - } else if foundGroupDN == "" || !underBaseDN { + } else if foundGroupDN == nil || !underBaseDN { err = errNoSuchGroup } - entityName = foundGroupDN + entityName = foundGroupDN.NormDN } else { - var foundUserDN string + var foundUserDN *xldap.DNSearchResult if foundUserDN, err = globalIAMSys.LDAPConfig.GetValidatedDNForUsername(entityName); err != nil { iamLogIf(ctx, err) - } else if foundUserDN == "" { + } else if foundUserDN == nil { err = errNoSuchUser } - entityName = foundUserDN + entityName = foundUserDN.NormDN } if err != nil { return wrapSRErr(err) diff --git a/cmd/storage-rest-client.go b/cmd/storage-rest-client.go index 4f3e4b365..f6d0352e2 100644 --- a/cmd/storage-rest-client.go +++ b/cmd/storage-rest-client.go @@ -41,7 +41,7 @@ import ( "github.com/minio/minio/internal/ioutil" xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/rest" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" xbufio "github.com/philhofer/fwd" "github.com/tinylib/msgp/msgp" ) diff --git a/cmd/storage-rest-server.go b/cmd/storage-rest-server.go index 49f7b52de..7e0b24d0d 100644 --- a/cmd/storage-rest-server.go +++ b/cmd/storage-rest-server.go @@ -47,7 +47,7 @@ import ( xjwt "github.com/minio/minio/internal/jwt" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) var errDiskStale = errors.New("drive stale") diff --git a/cmd/storage-rest_test.go b/cmd/storage-rest_test.go index e1f49dc0b..bb034adaa 100644 --- a/cmd/storage-rest_test.go +++ b/cmd/storage-rest_test.go @@ -28,7 +28,7 @@ import ( "time" "github.com/minio/minio/internal/grid" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // Storage REST server, storageRESTReceiver and StorageRESTClient are diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go index d4c10b9a2..9494fe30b 100644 --- a/cmd/sts-handlers.go +++ b/cmd/sts-handlers.go @@ -36,8 +36,8 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/policy" + "github.com/minio/pkg/v3/wildcard" ) const ( @@ -76,6 +76,8 @@ const ( // LDAP claim keys ldapUser = "ldapUser" // this is a key name for a DN value ldapUserN = "ldapUsername" // this is a key name for the short/login username + // Claim key-prefix for LDAP attributes + ldapAttribPrefix = "ldapAttrib_" // Role Claim key roleArnClaim = "roleArn" @@ -668,12 +670,13 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r * return } - ldapUserDN, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(ldapUsername, ldapPassword) + lookupResult, groupDistNames, err := globalIAMSys.LDAPConfig.Bind(ldapUsername, ldapPassword) if err != nil { err = fmt.Errorf("LDAP server error: %w", err) writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, err) return } + ldapUserDN := lookupResult.NormDN // Check if this user or their groups have a policy applied. ldapPolicies, err := globalIAMSys.PolicyDBGet(ldapUserDN, groupDistNames...) @@ -697,6 +700,10 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r * claims[expClaim] = UTCNow().Add(expiryDur).Unix() claims[ldapUser] = ldapUserDN claims[ldapUserN] = ldapUsername + // Add lookup up LDAP attributes as claims. + for attrib, value := range lookupResult.Attributes { + claims[ldapAttribPrefix+attrib] = value + } if len(sessionPolicyStr) > 0 { claims[policy.SessionPolicyName] = base64.StdEncoding.EncodeToString([]byte(sessionPolicyStr)) diff --git a/cmd/sts-handlers_test.go b/cmd/sts-handlers_test.go index feada2f5d..19edbfe85 100644 --- a/cmd/sts-handlers_test.go +++ b/cmd/sts-handlers_test.go @@ -33,7 +33,7 @@ import ( minio "github.com/minio/minio-go/v7" cr "github.com/minio/minio-go/v7/pkg/credentials" "github.com/minio/minio-go/v7/pkg/set" - ldap "github.com/minio/pkg/v2/ldap" + ldap "github.com/minio/pkg/v3/ldap" "golang.org/x/exp/slices" ) @@ -656,6 +656,7 @@ func (s *TestSuiteIAM) SetUpLDAP(c *check, serverAddr string) { "lookup_bind_password=admin", "user_dn_search_base_dn=dc=min,dc=io", "user_dn_search_filter=(uid=%s)", + "user_dn_attributes=sshPublicKey", "group_search_base_dn=ou=swengg,dc=min,dc=io", "group_search_filter=(&(objectclass=groupofnames)(member=%d))", } @@ -721,6 +722,7 @@ func TestIAMWithLDAPServerSuite(t *testing.T) { suite.TestLDAPSTSServiceAccounts(c) suite.TestLDAPSTSServiceAccountsWithUsername(c) suite.TestLDAPSTSServiceAccountsWithGroups(c) + suite.TestLDAPAttributesLookup(c) suite.TearDownSuite(c) }, ) @@ -1870,6 +1872,91 @@ func (s *TestSuiteIAM) TestLDAPSTSServiceAccountsWithGroups(c *check) { c.mustNotCreateSvcAccount(ctx, globalActiveCred.AccessKey, userAdmClient) } +func (s *TestSuiteIAM) TestLDAPAttributesLookup(c *check) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + defer cancel() + + groupDN := "cn=projectb,ou=groups,ou=swengg,dc=min,dc=io" + _, err := s.adm.AttachPolicyLDAP(ctx, madmin.PolicyAssociationReq{ + Policies: []string{"readwrite"}, + Group: groupDN, + }) + if err != nil { + c.Fatalf("Unable to set policy: %v", err) + } + + cases := []struct { + username string + dn string + expectedSSHKeyType string + }{ + { + username: "dillon", + dn: "uid=dillon,ou=people,ou=swengg,dc=min,dc=io", + expectedSSHKeyType: "ssh-ed25519", + }, + { + username: "liza", + dn: "uid=liza,ou=people,ou=swengg,dc=min,dc=io", + expectedSSHKeyType: "ssh-rsa", + }, + } + + conn, err := globalIAMSys.LDAPConfig.LDAP.Connect() + if err != nil { + c.Fatalf("LDAP connect failed: %v", err) + } + defer conn.Close() + + for i, testCase := range cases { + ldapID := cr.LDAPIdentity{ + Client: s.TestSuiteCommon.client, + STSEndpoint: s.endPoint, + LDAPUsername: testCase.username, + LDAPPassword: testCase.username, + } + + value, err := ldapID.Retrieve() + if err != nil { + c.Fatalf("Expected to generate STS creds, got err: %#v", err) + } + + // Retrieve the STS account's credential object. + u, ok := globalIAMSys.GetUser(ctx, value.AccessKeyID) + if !ok { + c.Fatalf("Expected to find user %s", value.AccessKeyID) + } + + if u.Credentials.AccessKey != value.AccessKeyID { + c.Fatalf("Expected access key %s, got %s", value.AccessKeyID, u.Credentials.AccessKey) + } + + // Retrieve the credential's claims. + secret, err := getTokenSigningKey() + if err != nil { + c.Fatalf("Error getting token signing key: %v", err) + } + claims, err := getClaimsFromTokenWithSecret(value.SessionToken, secret) + if err != nil { + c.Fatalf("Error getting claims from token: %v", err) + } + + // Validate claims. Check if the sshPublicKey claim is present. + dnClaim := claims[ldapUser].(string) + if dnClaim != testCase.dn { + c.Fatalf("Test %d: unexpected dn claim: %s", i+1, dnClaim) + } + sshPublicKeyClaim := claims[ldapAttribPrefix+"sshPublicKey"].([]interface{})[0].(string) + if sshPublicKeyClaim == "" { + c.Fatalf("Test %d: expected sshPublicKey claim to be present", i+1) + } + parts := strings.Split(sshPublicKeyClaim, " ") + if parts[0] != testCase.expectedSSHKeyType { + c.Fatalf("Test %d: unexpected sshPublicKey type: %s", i+1, parts[0]) + } + } +} + func (s *TestSuiteIAM) TestOpenIDSTS(c *check) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) defer cancel() diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go index 033183cb3..a63eaf942 100644 --- a/cmd/test-utils_test.go +++ b/cmd/test-utils_test.go @@ -66,7 +66,7 @@ import ( "github.com/minio/minio/internal/hash" "github.com/minio/minio/internal/logger" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) // TestMain to set up global env. diff --git a/cmd/tier-handlers.go b/cmd/tier-handlers.go index b588753ec..3b794fc8b 100644 --- a/cmd/tier-handlers.go +++ b/cmd/tier-handlers.go @@ -27,7 +27,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/config/storageclass" "github.com/minio/mux" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/policy" ) var ( diff --git a/cmd/update.go b/cmd/update.go index 481350026..174be7ae2 100644 --- a/cmd/update.go +++ b/cmd/update.go @@ -38,8 +38,8 @@ import ( "github.com/klauspost/compress/zstd" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" "github.com/minio/selfupdate" gopsutilcpu "github.com/shirou/gopsutil/v3/cpu" "github.com/valyala/bytebufferpool" diff --git a/cmd/utils.go b/cmd/utils.go index be75f59e2..4bc2970aa 100644 --- a/cmd/utils.go +++ b/cmd/utils.go @@ -57,10 +57,10 @@ import ( "github.com/minio/minio/internal/logger/message/audit" "github.com/minio/minio/internal/rest" "github.com/minio/mux" - "github.com/minio/pkg/v2/certs" - "github.com/minio/pkg/v2/env" - xaudit "github.com/minio/pkg/v2/logger/message/audit" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/certs" + "github.com/minio/pkg/v3/env" + xaudit "github.com/minio/pkg/v3/logger/message/audit" + xnet "github.com/minio/pkg/v3/net" "golang.org/x/oauth2" ) diff --git a/docs/debugging/reorder-disks/main.go b/docs/debugging/reorder-disks/main.go index 8e9a7618f..5581ca833 100644 --- a/docs/debugging/reorder-disks/main.go +++ b/docs/debugging/reorder-disks/main.go @@ -30,7 +30,7 @@ import ( "strings" "syscall" - "github.com/minio/pkg/v2/ellipses" + "github.com/minio/pkg/v3/ellipses" ) type xl struct { diff --git a/docs/sts/ldap.md b/docs/sts/ldap.md index 0725dc179..7f50eb6bf 100644 --- a/docs/sts/ldap.md +++ b/docs/sts/ldap.md @@ -34,18 +34,19 @@ KEY: identity_ldap enable LDAP SSO support ARGS: -MINIO_IDENTITY_LDAP_SERVER_ADDR* (address) AD/LDAP server address e.g. "myldap.com" or "myldapserver.com:1686" -MINIO_IDENTITY_LDAP_SRV_RECORD_NAME (string) DNS SRV record name for LDAP service, if given, must be one of ldap, ldaps or on -MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN* (string) DN for LDAP read-only service account used to perform DN and group lookups -MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD (string) Password for LDAP read-only service account used to perform DN and group lookups -MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN* (list) ";" separated list of user search base DNs e.g. "dc=myldapserver,dc=com" -MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER* (string) Search filter to lookup user DN -MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER (string) search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))" -MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN (list) ";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com" -MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY (on|off) trust server TLS without verification, defaults to "off" (verify) -MINIO_IDENTITY_LDAP_SERVER_INSECURE (on|off) allow plain text connection to AD/LDAP server, defaults to "off" -MINIO_IDENTITY_LDAP_SERVER_STARTTLS (on|off) use StartTLS connection to AD/LDAP server, defaults to "off" -MINIO_IDENTITY_LDAP_COMMENT (sentence) optionally add a comment to this setting +MINIO_IDENTITY_LDAP_SERVER_ADDR* (address) AD/LDAP server address e.g. "myldap.com" or "myldapserver.com:636" +MINIO_IDENTITY_LDAP_SRV_RECORD_NAME (string) DNS SRV record name for LDAP service, if given, must be one of "ldap", "ldaps" or "on" +MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN (string) DN for LDAP read-only service account used to perform DN and group lookups +MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD (string) Password for LDAP read-only service account used to perform DN and group lookups +MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN (list) ";" separated list of user search base DNs e.g. "dc=myldapserver,dc=com" +MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER (string) Search filter to lookup user DN +MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES (list) "," separated list of user DN attributes e.g. "uid,cn,mail,sshPublicKey" +MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER (string) search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))" +MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN (list) ";" separated list of group search base DNs e.g. "dc=myldapserver,dc=com" +MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY (on|off) trust server TLS without verification (default: 'off') +MINIO_IDENTITY_LDAP_SERVER_INSECURE (on|off) allow plain text connection to AD/LDAP server (default: 'off') +MINIO_IDENTITY_LDAP_SERVER_STARTTLS (on|off) use StartTLS connection to AD/LDAP server (default: 'off') +MINIO_IDENTITY_LDAP_COMMENT (sentence) optionally add a comment to this setting ``` ### LDAP server connectivity @@ -104,6 +105,11 @@ The search filter must use the LDAP username to find the user DN. This is done v The returned user's DN and their password are then verified with the LDAP server. The user DN may also be associated with an [access policy](#managing-usergroup-access-policy). +The User DN attributes configuration parameter: +``` +MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES (list) "," separated list of user DN attributes e.g. "uid,cn,mail,sshPublicKey" +``` +is optional and can be used to specify additional attributes to lookup on the User DN record in the LDAP server. This is for certain display purposes and may be used for extended functionality that may be added in the future. ### Group membership search diff --git a/go.mod b/go.mod index bc5176ac2..3cae47538 100644 --- a/go.mod +++ b/go.mod @@ -45,7 +45,7 @@ require ( github.com/lithammer/shortuuid/v4 v4.0.0 github.com/miekg/dns v1.1.58 github.com/minio/cli v1.24.2 - github.com/minio/console v1.4.0 + github.com/minio/console v1.4.1 github.com/minio/csvparser v1.0.0 github.com/minio/dnscache v0.1.1 github.com/minio/dperf v0.5.3 @@ -55,7 +55,7 @@ require ( github.com/minio/madmin-go/v3 v3.0.52 github.com/minio/minio-go/v7 v7.0.70 github.com/minio/mux v1.9.0 - github.com/minio/pkg/v2 v2.0.19 + github.com/minio/pkg/v3 v3.0.0 github.com/minio/selfupdate v0.6.0 github.com/minio/simdjson-go v0.4.5 github.com/minio/sio v0.3.1 @@ -194,10 +194,11 @@ require ( github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/minio/colorjson v1.0.6 // indirect + github.com/minio/colorjson v1.0.7 // indirect github.com/minio/filepath v1.0.0 // indirect github.com/minio/mc v0.0.0-20240430174448-dcb911bed9d5 // indirect github.com/minio/md5-simd v1.1.2 // indirect + github.com/minio/pkg/v2 v2.0.17 // indirect github.com/minio/websocket v1.6.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect diff --git a/go.sum b/go.sum index a8ec386fe..5bfb91f09 100644 --- a/go.sum +++ b/go.sum @@ -423,10 +423,10 @@ github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= github.com/minio/cli v1.24.2 h1:J+fCUh9mhPLjN3Lj/YhklXvxj8mnyE/D6FpFduXJ2jg= github.com/minio/cli v1.24.2/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY= -github.com/minio/colorjson v1.0.6 h1:m7TUvpvt0u7FBmVIEQNIa0T4NBQlxrcMBp4wJKsg2Ik= -github.com/minio/colorjson v1.0.6/go.mod h1:LUXwS5ZGNb6Eh9f+t+3uJiowD3XsIWtsvTriUBeqgYs= -github.com/minio/console v1.4.0 h1:WqZMFWQRnUtpumgdgXLpPXenz4hHB1E3SZydiMbv7jY= -github.com/minio/console v1.4.0/go.mod h1:keSmHo7VWg6NxdJSh1/S0+GdBxtQkqxWgs/rSqL8i8w= +github.com/minio/colorjson v1.0.7 h1:n69M42mIuQHdzbsxlmwji1zxDypaw4o39rHjAmX4Dh4= +github.com/minio/colorjson v1.0.7/go.mod h1:9LGM5yybI+GuhSbuzAerbSgvFb4j8ux9NzyONR+NrAY= +github.com/minio/console v1.4.1 h1:P7hgyQi+36aYH90WPME3d/eLJ+a1jxnfhwxLjUOe9kY= +github.com/minio/console v1.4.1/go.mod h1:JyqeznIlKwgSx2Usz4CNq0i9WlDMJF75m8lbPV38p4I= github.com/minio/csvparser v1.0.0 h1:xJEHcYK8ZAjeW4hNV9Zu30u+/2o4UyPnYgyjWp8b7ZU= github.com/minio/csvparser v1.0.0/go.mod h1:lKXskSLzPgC5WQyzP7maKH7Sl1cqvANXo9YCto8zbtM= github.com/minio/dnscache v0.1.1 h1:AMYLqomzskpORiUA1ciN9k7bZT1oB3YZN4cEIi88W5o= @@ -452,8 +452,10 @@ github.com/minio/minio-go/v7 v7.0.70 h1:1u9NtMgfK1U42kUxcsl5v0yj6TEOPR497OAQxpJn github.com/minio/minio-go/v7 v7.0.70/go.mod h1:4yBA8v80xGA30cfM3fz0DKYMXunWl/AV/6tWEs9ryzo= github.com/minio/mux v1.9.0 h1:dWafQFyEfGhJvK6AwLOt83bIG5bxKxKJnKMCi0XAaoA= github.com/minio/mux v1.9.0/go.mod h1:1pAare17ZRL5GpmNL+9YmqHoWnLmMZF9C/ioUCfy0BQ= -github.com/minio/pkg/v2 v2.0.19 h1:r187/k/oVH9H0DDwvLY5WipkJaZ4CLd4KI3KgIUExR0= -github.com/minio/pkg/v2 v2.0.19/go.mod h1:luK9LAhQlAPzSuF6F326XSCKjMc1G3Tbh+a9JYwqh8M= +github.com/minio/pkg/v2 v2.0.17 h1:ndmGlitUj/eCVRPmfsAw3KlbtVNxqk0lQIvDXlcTHiQ= +github.com/minio/pkg/v2 v2.0.17/go.mod h1:V+OP/fKRD/qhJMQpdXXrCXcLYjGMpHKEE26zslthm5k= +github.com/minio/pkg/v3 v3.0.0 h1:0vOKHgwpya//mb7RH0i1lyPMH2IBBF5hJMNY5Bk2WlY= +github.com/minio/pkg/v3 v3.0.0/go.mod h1:53gkSUVHcfYoskOs5YAJ3D99nsd2SKru90rdE9whlXU= github.com/minio/selfupdate v0.6.0 h1:i76PgT0K5xO9+hjzKcacQtO7+MjJ4JKA8Ak8XQ9DDwU= github.com/minio/selfupdate v0.6.0/go.mod h1:bO02GTIPCMQFTEvE5h4DjYB58bCoZ35XLeBf0buTDdM= github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= diff --git a/internal/bucket/object/lock/lock.go b/internal/bucket/object/lock/lock.go index d5ed3371c..6ba9857a2 100644 --- a/internal/bucket/object/lock/lock.go +++ b/internal/bucket/object/lock/lock.go @@ -34,7 +34,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/internal/bucket/replication/destination.go b/internal/bucket/replication/destination.go index fae272f42..9f31b3231 100644 --- a/internal/bucket/replication/destination.go +++ b/internal/bucket/replication/destination.go @@ -22,7 +22,7 @@ import ( "fmt" "strings" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" ) // DestinationARNPrefix - destination ARN prefix as per AWS S3 specification. diff --git a/internal/bucket/versioning/versioning.go b/internal/bucket/versioning/versioning.go index 8d31c0fad..3647f908d 100644 --- a/internal/bucket/versioning/versioning.go +++ b/internal/bucket/versioning/versioning.go @@ -22,7 +22,7 @@ import ( "io" "strings" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" ) // State - enabled/disabled/suspended states diff --git a/internal/config/api/api.go b/internal/config/api/api.go index 487afc307..7f7563334 100644 --- a/internal/config/api/api.go +++ b/internal/config/api/api.go @@ -27,7 +27,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // API sub-system constants diff --git a/internal/config/batch/batch.go b/internal/config/batch/batch.go index e1c095418..7404cf869 100644 --- a/internal/config/batch/batch.go +++ b/internal/config/batch/batch.go @@ -22,7 +22,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Batch job environment variables diff --git a/internal/config/browser/browser.go b/internal/config/browser/browser.go index 6e4f11a6d..0daf91a4e 100644 --- a/internal/config/browser/browser.go +++ b/internal/config/browser/browser.go @@ -23,7 +23,7 @@ import ( "sync" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Browser sub-system constants diff --git a/internal/config/cache/cache.go b/internal/config/cache/cache.go index 56c50019e..bb97635c1 100644 --- a/internal/config/cache/cache.go +++ b/internal/config/cache/cache.go @@ -29,7 +29,7 @@ import ( "github.com/dustin/go-humanize" "github.com/minio/minio/internal/config" xhttp "github.com/minio/minio/internal/http" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" "github.com/tinylib/msgp/msgp" ) diff --git a/internal/config/callhome/callhome.go b/internal/config/callhome/callhome.go index fd7a27558..ef6f8d51f 100644 --- a/internal/config/callhome/callhome.go +++ b/internal/config/callhome/callhome.go @@ -22,7 +22,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Callhome related keys diff --git a/internal/config/certs.go b/internal/config/certs.go index bf13a429b..b01f93b60 100644 --- a/internal/config/certs.go +++ b/internal/config/certs.go @@ -25,7 +25,7 @@ import ( "errors" "os" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // EnvCertPassword is the environment variable which contains the password used diff --git a/internal/config/compress/compress.go b/internal/config/compress/compress.go index 8e9a0b75c..ce393bc55 100644 --- a/internal/config/compress/compress.go +++ b/internal/config/compress/compress.go @@ -22,7 +22,7 @@ import ( "strings" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Config represents the compression settings. diff --git a/internal/config/config.go b/internal/config/config.go index 8dc8172e0..f0074c682 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -29,7 +29,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/auth" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // ErrorConfig holds the config error types diff --git a/internal/config/drive/drive.go b/internal/config/drive/drive.go index 6ac7b0de9..abd95b414 100644 --- a/internal/config/drive/drive.go +++ b/internal/config/drive/drive.go @@ -22,7 +22,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Drive specific timeout environment variables diff --git a/internal/config/etcd/etcd.go b/internal/config/etcd/etcd.go index 7351ee4bf..9bd51f912 100644 --- a/internal/config/etcd/etcd.go +++ b/internal/config/etcd/etcd.go @@ -24,8 +24,8 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" clientv3 "go.etcd.io/etcd/client/v3" "go.etcd.io/etcd/client/v3/namespace" "go.uber.org/zap" diff --git a/internal/config/heal/heal.go b/internal/config/heal/heal.go index 7c0a7cda6..2c3ca8bce 100644 --- a/internal/config/heal/heal.go +++ b/internal/config/heal/heal.go @@ -26,7 +26,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Compression environment variables diff --git a/internal/config/identity/ldap/config.go b/internal/config/identity/ldap/config.go index dbf88c838..ea748c004 100644 --- a/internal/config/identity/ldap/config.go +++ b/internal/config/identity/ldap/config.go @@ -25,7 +25,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/ldap" + "github.com/minio/pkg/v3/ldap" ) const ( @@ -67,6 +67,7 @@ const ( LookupBindPassword = "lookup_bind_password" UserDNSearchBaseDN = "user_dn_search_base_dn" UserDNSearchFilter = "user_dn_search_filter" + UserDNAttributes = "user_dn_attributes" GroupSearchFilter = "group_search_filter" GroupSearchBaseDN = "group_search_base_dn" TLSSkipVerify = "tls_skip_verify" @@ -81,6 +82,7 @@ const ( EnvUsernameFormat = "MINIO_IDENTITY_LDAP_USERNAME_FORMAT" EnvUserDNSearchBaseDN = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN" EnvUserDNSearchFilter = "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER" + EnvUserDNAttributes = "MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES" EnvGroupSearchFilter = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER" EnvGroupSearchBaseDN = "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN" EnvLookupBindDN = "MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN" @@ -118,6 +120,10 @@ var ( Key: UserDNSearchFilter, Value: "", }, + config.KV{ + Key: UserDNAttributes, + Value: "", + }, config.KV{ Key: GroupSearchFilter, Value: "", @@ -227,6 +233,7 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) { // User DN search configuration l.LDAP.UserDNSearchFilter = getCfgVal(UserDNSearchFilter) l.LDAP.UserDNSearchBaseDistName = getCfgVal(UserDNSearchBaseDN) + l.LDAP.UserDNAttributes = getCfgVal(UserDNAttributes) // Group search params configuration l.LDAP.GroupSearchFilter = getCfgVal(GroupSearchFilter) diff --git a/internal/config/identity/ldap/help.go b/internal/config/identity/ldap/help.go index 035a9d80f..300039baa 100644 --- a/internal/config/identity/ldap/help.go +++ b/internal/config/identity/ldap/help.go @@ -66,6 +66,12 @@ var ( Optional: true, Type: "string", }, + config.HelpKV{ + Key: UserDNAttributes, + Description: `"," separated list of user DN attributes e.g. "uid,cn,mail,sshPublicKey"` + defaultHelpPostfix(UserDNAttributes), + Optional: true, + Type: "list", + }, config.HelpKV{ Key: GroupSearchFilter, Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"` + defaultHelpPostfix(GroupSearchFilter), diff --git a/internal/config/identity/ldap/ldap.go b/internal/config/identity/ldap/ldap.go index b2d932dd7..e48537b8e 100644 --- a/internal/config/identity/ldap/ldap.go +++ b/internal/config/identity/ldap/ldap.go @@ -27,36 +27,36 @@ import ( ldap "github.com/go-ldap/ldap/v3" "github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio/internal/auth" - xldap "github.com/minio/pkg/v2/ldap" + xldap "github.com/minio/pkg/v3/ldap" ) // LookupUserDN searches for the full DN and groups of a given short/login // username. -func (l *Config) LookupUserDN(username string) (string, []string, error) { +func (l *Config) LookupUserDN(username string) (*xldap.DNSearchResult, []string, error) { conn, err := l.LDAP.Connect() if err != nil { - return "", nil, err + return nil, nil, err } defer conn.Close() // Bind to the lookup user account if err = l.LDAP.LookupBind(conn); err != nil { - return "", nil, err + return nil, nil, err } // Lookup user DN - bindDN, err := l.LDAP.LookupUserDN(conn, username) + lookupRes, err := l.LDAP.LookupUsername(conn, username) if err != nil { errRet := fmt.Errorf("Unable to find user DN: %w", err) - return "", nil, errRet + return nil, nil, errRet } - groups, err := l.LDAP.SearchForUserGroups(conn, username, bindDN) + groups, err := l.LDAP.SearchForUserGroups(conn, username, lookupRes.NormDN) if err != nil { - return "", nil, err + return nil, nil, err } - return bindDN, groups, nil + return lookupRes, groups, nil } // GetValidatedDNForUsername checks if the given username exists in the LDAP directory. @@ -68,28 +68,28 @@ func (l *Config) LookupUserDN(username string) (string, []string, error) { // LDAP specific normalization (including Unicode normalization). // // If the user is not found, err = nil, otherwise, err != nil. -func (l *Config) GetValidatedDNForUsername(username string) (string, error) { +func (l *Config) GetValidatedDNForUsername(username string) (*xldap.DNSearchResult, error) { conn, err := l.LDAP.Connect() if err != nil { - return "", err + return nil, err } defer conn.Close() // Bind to the lookup user account if err = l.LDAP.LookupBind(conn); err != nil { - return "", err + return nil, err } // Check if the passed in username is a valid DN. if !l.ParsesAsDN(username) { // We consider it as a login username and attempt to check it exists in // the directory. - bindDN, err := l.LDAP.LookupUserDN(conn, username) + bindDN, err := l.LDAP.LookupUsername(conn, username) if err != nil { if strings.Contains(err.Error(), "User DN not found for") { - return "", nil + return nil, nil } - return "", fmt.Errorf("Unable to find user DN: %w", err) + return nil, fmt.Errorf("Unable to find user DN: %w", err) } return bindDN, nil } @@ -98,124 +98,126 @@ func (l *Config) GetValidatedDNForUsername(username string) (string, error) { // under a configured base DN in the LDAP directory. validDN, isUnderBaseDN, err := l.GetValidatedUserDN(conn, username) if err == nil && !isUnderBaseDN { - return "", fmt.Errorf("Unable to find user DN: %w", err) + return nil, fmt.Errorf("Unable to find user DN: %w", err) } return validDN, err } // GetValidatedUserDN validates the given user DN. Will error out if conn is nil. The returned // boolean is true iff the user DN is found under one of the LDAP user base DNs. -func (l *Config) GetValidatedUserDN(conn *ldap.Conn, userDN string) (string, bool, error) { - return l.GetValidatedDNUnderBaseDN(conn, userDN, l.LDAP.UserDNSearchBaseDistNames) +func (l *Config) GetValidatedUserDN(conn *ldap.Conn, userDN string) (*xldap.DNSearchResult, bool, error) { + return l.GetValidatedDNUnderBaseDN(conn, userDN, + l.LDAP.GetUserDNSearchBaseDistNames(), l.LDAP.GetUserDNAttributesList()) } // GetValidatedGroupDN validates the given group DN. If conn is nil, creates a // connection. The returned boolean is true iff the group DN is found under one // of the configured LDAP base DNs. -func (l *Config) GetValidatedGroupDN(conn *ldap.Conn, groupDN string) (string, bool, error) { +func (l *Config) GetValidatedGroupDN(conn *ldap.Conn, groupDN string) (*xldap.DNSearchResult, bool, error) { if conn == nil { var err error conn, err = l.LDAP.Connect() if err != nil { - return "", false, err + return nil, false, err } defer conn.Close() // Bind to the lookup user account if err = l.LDAP.LookupBind(conn); err != nil { - return "", false, err + return nil, false, err } } - return l.GetValidatedDNUnderBaseDN(conn, groupDN, l.LDAP.GroupSearchBaseDistNames) + return l.GetValidatedDNUnderBaseDN(conn, groupDN, + l.LDAP.GetGroupSearchBaseDistNames(), nil) } -// GetValidatedDNUnderBaseDN checks if the given DN exists in the LDAP directory -// and returns the DN value sent by the LDAP server. The value returned by the -// server may not be equal to the input DN, as LDAP equality is not a simple -// Golang string equality. However, we assume the value returned by the LDAP -// server is canonical. Additionally, the attribute type names in the DN are -// lower-cased. +// GetValidatedDNUnderBaseDN checks if the given DN exists in the LDAP +// directory. +// +// The `NormDN` value returned here in the search result may not be equal to the +// input DN, as LDAP equality is not a simple Golang string equality. However, +// we assume the value returned by the LDAP server is canonical. Additionally, +// the attribute type names in the DN are lower-cased. // // Return values: // -// If the DN is found, the normalized (string) value is returned and error is -// nil. +// If the DN is found, the normalized (string) value and any requested +// attributes are returned and error is nil. // -// If the DN is not found, the string returned is empty and the error is nil. +// If the DN is not found, a nil result and error are returned. // // The returned boolean is true iff the DN is found under one of the LDAP // subtrees listed in `baseDNList`. -func (l *Config) GetValidatedDNUnderBaseDN(conn *ldap.Conn, dn string, baseDNList []xldap.BaseDNInfo) (string, bool, error) { +func (l *Config) GetValidatedDNUnderBaseDN(conn *ldap.Conn, dn string, baseDNList []xldap.BaseDNInfo, attrs []string) (*xldap.DNSearchResult, bool, error) { if len(baseDNList) == 0 { - return "", false, errors.New("no Base DNs given") + return nil, false, errors.New("no Base DNs given") } // Check that DN exists in the LDAP directory. - validatedDN, err := xldap.LookupDN(conn, dn) + searchRes, err := xldap.LookupDN(conn, dn, attrs) if err != nil { - return "", false, fmt.Errorf("Error looking up DN %s: %w", dn, err) + return nil, false, fmt.Errorf("Error looking up DN %s: %w", dn, err) } - if validatedDN == "" { - return "", false, nil + if searchRes == nil { + return nil, false, nil } // This will not return an error as the argument is validated to be a DN. - pdn, _ := ldap.ParseDN(validatedDN) + pdn, _ := ldap.ParseDN(searchRes.NormDN) // Check that the DN is under a configured base DN in the LDAP // directory. for _, baseDN := range baseDNList { if baseDN.Parsed.AncestorOf(pdn) { - return validatedDN, true, nil + return searchRes, true, nil } } // Not under any configured base DN so return false. - return validatedDN, false, nil + return searchRes, false, nil } // Bind - binds to ldap, searches LDAP and returns the distinguished name of the // user and the list of groups. -func (l *Config) Bind(username, password string) (string, []string, error) { +func (l *Config) Bind(username, password string) (*xldap.DNSearchResult, []string, error) { conn, err := l.LDAP.Connect() if err != nil { - return "", nil, err + return nil, nil, err } defer conn.Close() - var bindDN string // Bind to the lookup user account if err = l.LDAP.LookupBind(conn); err != nil { - return "", nil, err + return nil, nil, err } // Lookup user DN - bindDN, err = l.LDAP.LookupUserDN(conn, username) + lookupResult, err := l.LDAP.LookupUsername(conn, username) if err != nil { errRet := fmt.Errorf("Unable to find user DN: %w", err) - return "", nil, errRet + return nil, nil, errRet } // Authenticate the user credentials. - err = conn.Bind(bindDN, password) + err = conn.Bind(lookupResult.NormDN, password) if err != nil { - errRet := fmt.Errorf("LDAP auth failed for DN %s: %w", bindDN, err) - return "", nil, errRet + errRet := fmt.Errorf("LDAP auth failed for DN %s: %w", lookupResult.NormDN, err) + return nil, nil, errRet } // Bind to the lookup user account again to perform group search. if err = l.LDAP.LookupBind(conn); err != nil { - return "", nil, err + return nil, nil, err } // User groups lookup. - groups, err := l.LDAP.SearchForUserGroups(conn, username, bindDN) + groups, err := l.LDAP.SearchForUserGroups(conn, username, lookupResult.NormDN) if err != nil { - return "", nil, err + return nil, nil, err } - return bindDN, groups, nil + return lookupResult, groups, nil } // GetExpiryDuration - return parsed expiry duration. @@ -250,7 +252,7 @@ func (l Config) IsLDAPUserDN(user string) bool { if err != nil { return false } - for _, baseDN := range l.LDAP.UserDNSearchBaseDistNames { + for _, baseDN := range l.LDAP.GetUserDNSearchBaseDistNames() { if baseDN.Parsed.AncestorOf(udn) { return true } @@ -264,7 +266,7 @@ func (l Config) IsLDAPGroupDN(group string) bool { if err != nil { return false } - for _, baseDN := range l.LDAP.GroupSearchBaseDistNames { + for _, baseDN := range l.LDAP.GetGroupSearchBaseDistNames() { if baseDN.Parsed.AncestorOf(gdn) { return true } diff --git a/internal/config/identity/openid/jwt.go b/internal/config/identity/openid/jwt.go index 0eb3b5eed..5813cade8 100644 --- a/internal/config/identity/openid/jwt.go +++ b/internal/config/identity/openid/jwt.go @@ -30,8 +30,8 @@ import ( jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/arn" "github.com/minio/minio/internal/auth" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/policy" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/policy" ) type publicKeys struct { diff --git a/internal/config/identity/openid/jwt_test.go b/internal/config/identity/openid/jwt_test.go index f6e258ca3..a3b1396ac 100644 --- a/internal/config/identity/openid/jwt_test.go +++ b/internal/config/identity/openid/jwt_test.go @@ -35,7 +35,7 @@ import ( "github.com/minio/minio/internal/arn" "github.com/minio/minio/internal/config" jwtm "github.com/minio/minio/internal/jwt" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) func TestUpdateClaimsExpiry(t *testing.T) { diff --git a/internal/config/identity/openid/openid.go b/internal/config/identity/openid/openid.go index e5f59ba40..8f40c96b5 100644 --- a/internal/config/identity/openid/openid.go +++ b/internal/config/identity/openid/openid.go @@ -36,9 +36,9 @@ import ( "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config/identity/openid/provider" "github.com/minio/minio/internal/hash/sha256" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/policy" ) // OpenID keys and envs. diff --git a/internal/config/identity/openid/providercfg.go b/internal/config/identity/openid/providercfg.go index 8dc2b509c..5621b83df 100644 --- a/internal/config/identity/openid/providercfg.go +++ b/internal/config/identity/openid/providercfg.go @@ -28,7 +28,7 @@ import ( "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config/identity/openid/provider" xhttp "github.com/minio/minio/internal/http" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) type providerCfg struct { diff --git a/internal/config/identity/plugin/config.go b/internal/config/identity/plugin/config.go index 8dc362ab0..8714b3bc8 100644 --- a/internal/config/identity/plugin/config.go +++ b/internal/config/identity/plugin/config.go @@ -34,8 +34,8 @@ import ( "github.com/minio/minio/internal/arn" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" ) func authNLogIf(ctx context.Context, err error) { diff --git a/internal/config/identity/tls/config.go b/internal/config/identity/tls/config.go index a35926a98..b002aab75 100644 --- a/internal/config/identity/tls/config.go +++ b/internal/config/identity/tls/config.go @@ -23,7 +23,7 @@ import ( "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/internal/config/ilm/ilm.go b/internal/config/ilm/ilm.go index 7d2106a29..3ecf68fae 100644 --- a/internal/config/ilm/ilm.go +++ b/internal/config/ilm/ilm.go @@ -21,7 +21,7 @@ import ( "strconv" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // DefaultKVS default configuration values for ILM subsystem diff --git a/internal/config/lambda/parse.go b/internal/config/lambda/parse.go index 83853e653..156aa3525 100644 --- a/internal/config/lambda/parse.go +++ b/internal/config/lambda/parse.go @@ -27,8 +27,8 @@ import ( "github.com/minio/minio/internal/config/lambda/event" "github.com/minio/minio/internal/config/lambda/target" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/config/lambda/target/webhook.go b/internal/config/lambda/target/webhook.go index f69ea7e03..e15370a78 100644 --- a/internal/config/lambda/target/webhook.go +++ b/internal/config/lambda/target/webhook.go @@ -32,8 +32,8 @@ import ( "github.com/minio/minio/internal/config/lambda/event" xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/certs" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/certs" + xnet "github.com/minio/pkg/v3/net" ) // Webhook constants diff --git a/internal/config/notify/parse.go b/internal/config/notify/parse.go index cf1f27a1c..9ee9c0b7f 100644 --- a/internal/config/notify/parse.go +++ b/internal/config/notify/parse.go @@ -32,8 +32,8 @@ import ( "github.com/minio/minio/internal/event" "github.com/minio/minio/internal/event/target" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/config/policy/opa/config.go b/internal/config/policy/opa/config.go index bfde1f2a6..e5c9269a7 100644 --- a/internal/config/policy/opa/config.go +++ b/internal/config/policy/opa/config.go @@ -24,9 +24,9 @@ import ( "net/http" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/policy" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/policy" ) // Env IAM OPA URL diff --git a/internal/config/policy/plugin/config.go b/internal/config/policy/plugin/config.go index da168b530..93177aa87 100644 --- a/internal/config/policy/plugin/config.go +++ b/internal/config/policy/plugin/config.go @@ -26,8 +26,8 @@ import ( "github.com/minio/minio/internal/config" xhttp "github.com/minio/minio/internal/http" - xnet "github.com/minio/pkg/v2/net" - "github.com/minio/pkg/v2/policy" + xnet "github.com/minio/pkg/v3/net" + "github.com/minio/pkg/v3/policy" ) // Authorization Plugin config and env variables diff --git a/internal/config/scanner/scanner.go b/internal/config/scanner/scanner.go index 02dabc92e..7d1714139 100644 --- a/internal/config/scanner/scanner.go +++ b/internal/config/scanner/scanner.go @@ -23,7 +23,7 @@ import ( "time" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Compression environment variables diff --git a/internal/config/storageclass/storage-class.go b/internal/config/storageclass/storage-class.go index 9224f37cf..baa26231a 100644 --- a/internal/config/storageclass/storage-class.go +++ b/internal/config/storageclass/storage-class.go @@ -28,7 +28,7 @@ import ( "github.com/dustin/go-humanize" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) // Standard constants for all storage class diff --git a/internal/config/subnet/config.go b/internal/config/subnet/config.go index 55e0a9bb7..7dd5fc38c 100644 --- a/internal/config/subnet/config.go +++ b/internal/config/subnet/config.go @@ -25,8 +25,8 @@ import ( "sync" "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/crypto/auto-encryption.go b/internal/crypto/auto-encryption.go index 90a55b465..f2cdcc5c5 100644 --- a/internal/crypto/auto-encryption.go +++ b/internal/crypto/auto-encryption.go @@ -19,7 +19,7 @@ package crypto import ( "github.com/minio/minio/internal/config" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" ) const ( diff --git a/internal/dsync/drwmutex.go b/internal/dsync/drwmutex.go index 682eb1218..be26ff50b 100644 --- a/internal/dsync/drwmutex.go +++ b/internal/dsync/drwmutex.go @@ -28,8 +28,8 @@ import ( xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/mcontext" - "github.com/minio/pkg/v2/console" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/console" + "github.com/minio/pkg/v3/env" ) // Indicator if logging is enabled. diff --git a/internal/event/rules.go b/internal/event/rules.go index ccab53f41..0218aabc6 100644 --- a/internal/event/rules.go +++ b/internal/event/rules.go @@ -20,7 +20,7 @@ package event import ( "strings" - "github.com/minio/pkg/v2/wildcard" + "github.com/minio/pkg/v3/wildcard" ) // NewPattern - create new pattern for prefix/suffix. diff --git a/internal/event/target/amqp.go b/internal/event/target/amqp.go index 3f828f656..86f48f21a 100644 --- a/internal/event/target/amqp.go +++ b/internal/event/target/amqp.go @@ -32,7 +32,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/rabbitmq/amqp091-go" ) diff --git a/internal/event/target/elasticsearch.go b/internal/event/target/elasticsearch.go index f80a48a95..69116d39a 100644 --- a/internal/event/target/elasticsearch.go +++ b/internal/event/target/elasticsearch.go @@ -38,7 +38,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/pkg/errors" ) diff --git a/internal/event/target/kafka.go b/internal/event/target/kafka.go index c57837593..fd42233e1 100644 --- a/internal/event/target/kafka.go +++ b/internal/event/target/kafka.go @@ -34,7 +34,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/IBM/sarama" saramatls "github.com/IBM/sarama/tools/tls" diff --git a/internal/event/target/mqtt.go b/internal/event/target/mqtt.go index 8a4b2a389..b390a6834 100644 --- a/internal/event/target/mqtt.go +++ b/internal/event/target/mqtt.go @@ -33,7 +33,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/event/target/mysql.go b/internal/event/target/mysql.go index 2b6f93183..11f419ab5 100644 --- a/internal/event/target/mysql.go +++ b/internal/event/target/mysql.go @@ -35,7 +35,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/event/target/nats.go b/internal/event/target/nats.go index b67ac36b7..d6d781d73 100644 --- a/internal/event/target/nats.go +++ b/internal/event/target/nats.go @@ -33,7 +33,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/nats-io/nats.go" "github.com/nats-io/stan.go" ) diff --git a/internal/event/target/nats_contrib_test.go b/internal/event/target/nats_contrib_test.go index 9d2cb9501..c04b1a91d 100644 --- a/internal/event/target/nats_contrib_test.go +++ b/internal/event/target/nats_contrib_test.go @@ -19,7 +19,7 @@ package target import ( "testing" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" natsserver "github.com/nats-io/nats-server/v2/test" ) diff --git a/internal/event/target/nats_tls_contrib_test.go b/internal/event/target/nats_tls_contrib_test.go index a89ecb222..5f3080715 100644 --- a/internal/event/target/nats_tls_contrib_test.go +++ b/internal/event/target/nats_tls_contrib_test.go @@ -21,7 +21,7 @@ import ( "path/filepath" "testing" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" natsserver "github.com/nats-io/nats-server/v2/test" ) diff --git a/internal/event/target/nsq.go b/internal/event/target/nsq.go index e8f68e2c1..cc95f288e 100644 --- a/internal/event/target/nsq.go +++ b/internal/event/target/nsq.go @@ -33,7 +33,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // NSQ constants diff --git a/internal/event/target/nsq_test.go b/internal/event/target/nsq_test.go index 0b225ac72..32926ab58 100644 --- a/internal/event/target/nsq_test.go +++ b/internal/event/target/nsq_test.go @@ -20,7 +20,7 @@ package target import ( "testing" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) func TestNSQArgs_Validate(t *testing.T) { diff --git a/internal/event/target/postgresql.go b/internal/event/target/postgresql.go index 40e4ba8c9..e46a766e3 100644 --- a/internal/event/target/postgresql.go +++ b/internal/event/target/postgresql.go @@ -38,7 +38,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) const ( diff --git a/internal/event/target/redis.go b/internal/event/target/redis.go index 59056227c..b403367d6 100644 --- a/internal/event/target/redis.go +++ b/internal/event/target/redis.go @@ -33,7 +33,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // Redis constants diff --git a/internal/event/target/webhook.go b/internal/event/target/webhook.go index 9a723eb7d..31ca09d9b 100644 --- a/internal/event/target/webhook.go +++ b/internal/event/target/webhook.go @@ -38,8 +38,8 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - "github.com/minio/pkg/v2/certs" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/certs" + xnet "github.com/minio/pkg/v3/net" ) // Webhook constants diff --git a/internal/event/targetlist.go b/internal/event/targetlist.go index 6a1eb6a69..7d8ae2f0a 100644 --- a/internal/event/targetlist.go +++ b/internal/event/targetlist.go @@ -26,7 +26,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/store" - "github.com/minio/pkg/v2/workers" + "github.com/minio/pkg/v3/workers" ) const ( diff --git a/internal/grid/connection.go b/internal/grid/connection.go index 5cfac573c..6492d4625 100644 --- a/internal/grid/connection.go +++ b/internal/grid/connection.go @@ -42,7 +42,7 @@ import ( xioutil "github.com/minio/minio/internal/ioutil" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/pubsub" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/puzpuzpuz/xsync/v3" "github.com/tinylib/msgp/msgp" "github.com/zeebo/xxh3" diff --git a/internal/http/server_test.go b/internal/http/server_test.go index 9ace90e49..3773a0979 100644 --- a/internal/http/server_test.go +++ b/internal/http/server_test.go @@ -24,7 +24,7 @@ import ( "reflect" "testing" - "github.com/minio/pkg/v2/certs" + "github.com/minio/pkg/v3/certs" ) func TestNewServer(t *testing.T) { diff --git a/internal/http/transports.go b/internal/http/transports.go index f88473727..f44df16ba 100644 --- a/internal/http/transports.go +++ b/internal/http/transports.go @@ -25,7 +25,7 @@ import ( "syscall" "time" - "github.com/minio/pkg/v2/certs" + "github.com/minio/pkg/v3/certs" ) // tlsClientSessionCacheSize is the cache size for client sessions. diff --git a/internal/kms/config.go b/internal/kms/config.go index 6390dd593..c622b67f6 100644 --- a/internal/kms/config.go +++ b/internal/kms/config.go @@ -33,9 +33,9 @@ import ( "github.com/minio/kms-go/kes" "github.com/minio/kms-go/kms" - "github.com/minio/pkg/v2/certs" - "github.com/minio/pkg/v2/ellipses" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/certs" + "github.com/minio/pkg/v3/ellipses" + "github.com/minio/pkg/v3/env" ) // Environment variables for MinIO KMS. diff --git a/internal/logger/audit.go b/internal/logger/audit.go index bb5a7c3ab..41f5cdac8 100644 --- a/internal/logger/audit.go +++ b/internal/logger/audit.go @@ -26,7 +26,7 @@ import ( internalAudit "github.com/minio/minio/internal/logger/message/audit" "github.com/minio/minio/internal/mcontext" - "github.com/minio/pkg/v2/logger/message/audit" + "github.com/minio/pkg/v3/logger/message/audit" xhttp "github.com/minio/minio/internal/http" ) diff --git a/internal/logger/config.go b/internal/logger/config.go index 1d15a786b..293d8fbe4 100644 --- a/internal/logger/config.go +++ b/internal/logger/config.go @@ -24,8 +24,8 @@ import ( "strconv" "strings" - "github.com/minio/pkg/v2/env" - xnet "github.com/minio/pkg/v2/net" + "github.com/minio/pkg/v3/env" + xnet "github.com/minio/pkg/v3/net" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/logger/target/http" diff --git a/internal/logger/console.go b/internal/logger/console.go index 2f367ebc7..f80adbf77 100644 --- a/internal/logger/console.go +++ b/internal/logger/console.go @@ -25,7 +25,7 @@ import ( "time" "github.com/minio/minio/internal/color" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) // ConsoleLoggerTgt is a stringified value to represent console logging diff --git a/internal/logger/logger.go b/internal/logger/logger.go index 3c9985e29..9d73853d3 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -36,7 +36,7 @@ import ( "github.com/minio/madmin-go/v3" "github.com/minio/minio/internal/color" xhttp "github.com/minio/minio/internal/http" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) // HighwayHash key for logging in anonymous mode diff --git a/internal/logger/logrotate.go b/internal/logger/logrotate.go index 63fd98915..48deb6f61 100644 --- a/internal/logger/logrotate.go +++ b/internal/logger/logrotate.go @@ -27,7 +27,7 @@ import ( "github.com/klauspost/compress/gzip" xioutil "github.com/minio/minio/internal/ioutil" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) func defaultFilenameFunc() string { diff --git a/internal/logger/message/audit/entry.go b/internal/logger/message/audit/entry.go index 91b72e085..9547d0d0e 100644 --- a/internal/logger/message/audit/entry.go +++ b/internal/logger/message/audit/entry.go @@ -22,7 +22,7 @@ import ( "strings" "time" - "github.com/minio/pkg/v2/logger/message/audit" + "github.com/minio/pkg/v3/logger/message/audit" "github.com/minio/minio/internal/handlers" xhttp "github.com/minio/minio/internal/http" diff --git a/internal/logger/target/console/console.go b/internal/logger/target/console/console.go index 978fa9d2e..067e6d256 100644 --- a/internal/logger/target/console/console.go +++ b/internal/logger/target/console/console.go @@ -26,7 +26,7 @@ import ( "github.com/minio/minio/internal/color" "github.com/minio/minio/internal/logger" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) // Target implements loggerTarget to send log diff --git a/internal/logger/target/http/http.go b/internal/logger/target/http/http.go index 8efa14d8e..894355360 100644 --- a/internal/logger/target/http/http.go +++ b/internal/logger/target/http/http.go @@ -36,7 +36,7 @@ import ( "github.com/minio/minio/internal/logger/target/types" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" "github.com/valyala/bytebufferpool" ) diff --git a/internal/logger/target/kafka/kafka.go b/internal/logger/target/kafka/kafka.go index 4edc29b7c..ac66ec38a 100644 --- a/internal/logger/target/kafka/kafka.go +++ b/internal/logger/target/kafka/kafka.go @@ -37,7 +37,7 @@ import ( "github.com/minio/minio/internal/logger/target/types" "github.com/minio/minio/internal/once" "github.com/minio/minio/internal/store" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) // the suffix for the configured queue dir where the logs will be persisted. diff --git a/internal/logger/target/testlogger/testlogger.go b/internal/logger/target/testlogger/testlogger.go index 35f5b3da6..a04caab70 100644 --- a/internal/logger/target/testlogger/testlogger.go +++ b/internal/logger/target/testlogger/testlogger.go @@ -36,7 +36,7 @@ import ( "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/logger/target/types" - "github.com/minio/pkg/v2/logger/message/log" + "github.com/minio/pkg/v3/logger/message/log" ) const ( diff --git a/internal/rest/client.go b/internal/rest/client.go index 710d1ffe0..5722be061 100644 --- a/internal/rest/client.go +++ b/internal/rest/client.go @@ -36,7 +36,7 @@ import ( xhttp "github.com/minio/minio/internal/http" "github.com/minio/minio/internal/logger" "github.com/minio/minio/internal/mcontext" - xnet "github.com/minio/pkg/v2/net" + xnet "github.com/minio/pkg/v3/net" ) const logSubsys = "internodes" diff --git a/internal/s3select/select.go b/internal/s3select/select.go index 404022d61..6026c9b3c 100644 --- a/internal/s3select/select.go +++ b/internal/s3select/select.go @@ -39,7 +39,7 @@ import ( "github.com/minio/minio/internal/s3select/parquet" "github.com/minio/minio/internal/s3select/simdj" "github.com/minio/minio/internal/s3select/sql" - "github.com/minio/pkg/v2/env" + "github.com/minio/pkg/v3/env" "github.com/minio/simdjson-go" "github.com/pierrec/lz4" )