remove support for deprecated MINIO_KMS_MASTER_KEY (#12463)

This commit is contained in:
Harshavardhana 2021-06-08 18:50:14 -07:00 committed by GitHub
parent 6c8be64cdb
commit 66d549c05d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 30 deletions

View File

@ -22,7 +22,6 @@ import (
"crypto/tls"
"crypto/x509"
"encoding/gob"
"encoding/hex"
"errors"
"fmt"
"math/rand"
@ -339,8 +338,6 @@ func handleCommonEnvVars() {
switch {
case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint))
case env.IsSet(config.EnvKMSMasterKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint))
}
if env.IsSet(config.EnvKMSSecretKey) {
@ -348,21 +345,6 @@ func handleCommonEnvVars() {
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
} else if env.IsSet(config.EnvKMSMasterKey) {
// FIXME: remove this block by June 2021
logger.LogIf(GlobalContext, fmt.Errorf("legacy KMS configuration, this environment variable %q is deprecated and will be removed by June 2021", config.EnvKMSMasterKey))
v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2)
if len(v) != 2 {
logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment")
}
secretKey, err := hex.DecodeString(v[1])
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
GlobalKMS, err = kms.New(v[0], secretKey)
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
}
if env.IsSet(config.EnvKESEndpoint) {
var endpoints []string

View File

@ -71,17 +71,6 @@ docker_kms_secret_encryption_env() {
fi
}
## Legacy
## Set KMS_MASTER_KEY from docker secrets if provided
docker_kms_master_encryption_env() {
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
if [ -f "$KMS_MASTER_KEY_FILE" ]; then
MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
export MINIO_KMS_MASTER_KEY
fi
}
# su-exec to requested user, if service cannot run exec will fail.
docker_switch_user() {
if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then

View File

@ -41,7 +41,6 @@ const (
EnvUpdate = "MINIO_UPDATE"
EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy
EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY"
EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT"
EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME"