Repurpose Get/SetConfig as import/export support (#8578)

cmd/admin-handlers-config-kv.go

@@ -185,6 +185,8 @@ func (a adminAPIHandlers) SetConfigKVHandler(w http.ResponseWriter, r *http.Requ
 	if globalConfigEncrypted {
 		saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
 	}
+
+	writeSuccessResponseHeadersOnly(w)
 }
 
 // GetConfigKVHandler - GET /minio/admin/v2/get-config-kv?key={key}
@@ -422,17 +424,28 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques
 	}
 
 	password := globalActiveCred.SecretKey
-	configBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
+	kvBytes, err := madmin.DecryptData(password, io.LimitReader(r.Body, r.ContentLength))
 	if err != nil {
 		logger.LogIf(ctx, err, logger.Application)
 		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), r.URL)
 		return
 	}
 
-	var cfg config.Config
+	cfg := newServerConfig()
-	if err = json.Unmarshal(configBytes, &cfg); err != nil {
+	scanner := bufio.NewScanner(bytes.NewReader(kvBytes))
-		logger.LogIf(ctx, err)
+	for scanner.Scan() {
-		writeCustomErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigBadJSON), err.Error(), r.URL)
+		// Skip any empty lines, or comment like characters
+		if scanner.Text() == "" || strings.HasPrefix(scanner.Text(), config.KvComment) {
+			continue
+		}
+		if err = cfg.SetKVS(scanner.Text(), defaultKVS()); err != nil {
+			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
+			return
+		}
+	}
+
+	if err = scanner.Err(); err != nil {
+		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return
 	}
 
@@ -441,17 +454,23 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
+	// Update the actual server config on disk.
 	if err = saveServerConfig(ctx, objectAPI, cfg); err != nil {
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return
 	}
 
+	// Write to the config input KV to history.
+	if err = saveServerConfigHistory(ctx, objectAPI, kvBytes); err != nil {
+		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
+		return
+	}
+
 	// Make sure to write backend is encrypted
 	if globalConfigEncrypted {
 		saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
 	}
 
-	// Reply to the client before restarting minio server.
 	writeSuccessResponseHeadersOnly(w)
 }
 
@@ -471,14 +490,11 @@ func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	configData, err := json.MarshalIndent(config, "", "\t")
+	var buf = &bytes.Buffer{}
-	if err != nil {
+	buf.WriteString(config.String())
-		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
-		return
-	}
 
 	password := globalActiveCred.SecretKey
-	econfigData, err := madmin.EncryptData(password, configData)
+	econfigData, err := madmin.EncryptData(password, buf.Bytes())
 	if err != nil {
 		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
 		return

cmd/config/identity/openid/help.go

@@ -26,6 +26,12 @@ var (
 			Description: `OpenID discovery documented endpoint. eg: "https://accounts.google.com/.well-known/openid-configuration"`,
 			Type:        "url",
 		},
+		config.HelpKV{
+			Key:         ClaimPrefix,
+			Description: `OpenID JWT claim namespace prefix. eg: "customer"`,
+			Optional:    true,
+			Type:        "string",
+		},
 		config.HelpKV{
 			Key:         config.Comment,
 			Description: "A comment to describe the OpenID identity setting",

cmd/config/identity/openid/jwt.go

@@ -262,10 +262,6 @@ var (
 			Key:   config.State,
 			Value: config.StateOff,
 		},
-		config.KV{
-			Key:   JwksURL,
-			Value: "",
-		},
 		config.KV{
 			Key:   ConfigURL,
 			Value: "",
@@ -274,6 +270,10 @@ var (
 			Key:   ClaimPrefix,
 			Value: "",
 		},
+		config.KV{
+			Key:   JwksURL,
+			Value: "",
+		},
 	}
 )