mirror of https://github.com/minio/minio.git
remove support for deprecated MINIO_KMS_MASTER_KEY (#12463)
This commit is contained in:
parent
6c8be64cdb
commit
66d549c05d
|
@ -22,7 +22,6 @@ import (
|
|||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
"encoding/gob"
|
||||
"encoding/hex"
|
||||
"errors"
|
||||
"fmt"
|
||||
"math/rand"
|
||||
|
@ -339,8 +338,6 @@ func handleCommonEnvVars() {
|
|||
switch {
|
||||
case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint):
|
||||
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint))
|
||||
case env.IsSet(config.EnvKMSMasterKey) && env.IsSet(config.EnvKESEndpoint):
|
||||
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint))
|
||||
}
|
||||
|
||||
if env.IsSet(config.EnvKMSSecretKey) {
|
||||
|
@ -348,21 +345,6 @@ func handleCommonEnvVars() {
|
|||
if err != nil {
|
||||
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
|
||||
}
|
||||
} else if env.IsSet(config.EnvKMSMasterKey) {
|
||||
// FIXME: remove this block by June 2021
|
||||
logger.LogIf(GlobalContext, fmt.Errorf("legacy KMS configuration, this environment variable %q is deprecated and will be removed by June 2021", config.EnvKMSMasterKey))
|
||||
v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2)
|
||||
if len(v) != 2 {
|
||||
logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment")
|
||||
}
|
||||
secretKey, err := hex.DecodeString(v[1])
|
||||
if err != nil {
|
||||
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
|
||||
}
|
||||
GlobalKMS, err = kms.New(v[0], secretKey)
|
||||
if err != nil {
|
||||
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
|
||||
}
|
||||
}
|
||||
if env.IsSet(config.EnvKESEndpoint) {
|
||||
var endpoints []string
|
||||
|
|
|
@ -71,17 +71,6 @@ docker_kms_secret_encryption_env() {
|
|||
fi
|
||||
}
|
||||
|
||||
## Legacy
|
||||
## Set KMS_MASTER_KEY from docker secrets if provided
|
||||
docker_kms_master_encryption_env() {
|
||||
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
|
||||
|
||||
if [ -f "$KMS_MASTER_KEY_FILE" ]; then
|
||||
MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
|
||||
export MINIO_KMS_MASTER_KEY
|
||||
fi
|
||||
}
|
||||
|
||||
# su-exec to requested user, if service cannot run exec will fail.
|
||||
docker_switch_user() {
|
||||
if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then
|
||||
|
|
|
@ -41,7 +41,6 @@ const (
|
|||
|
||||
EnvUpdate = "MINIO_UPDATE"
|
||||
|
||||
EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy
|
||||
EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY"
|
||||
EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT"
|
||||
EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME"
|
||||
|
|
Loading…
Reference in New Issue