MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Revert "fix: remove deprecated MINIO_ACCESS_KEY, MINIO_SECRET_KEY envs (#12173)" 

This reverts commit b0baaeaa3d.
This commit is contained in:
Harshavardhana 2021-04-29 10:55:05 -07:00
parent 091845df39
commit 8cd89e10ea
8 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -13,7 +13,9 @@ RUN \
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
ENV MINIO_ROOT_USER_FILE=access_key \
ENV MINIO_ACCESS_KEY_FILE=access_key \
MINIO_SECRET_KEY_FILE=secret_key \
MINIO_ROOT_USER_FILE=access_key \
MINIO_ROOT_PASSWORD_FILE=secret_key \
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

4
Dockerfile.cicd
View File

@ -15,7 +15,9 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
ARG TARGETARCH
ENV MINIO_ROOT_USER_FILE=access_key \
ENV MINIO_ACCESS_KEY_FILE=access_key \
MINIO_SECRET_KEY_FILE=secret_key \
MINIO_ROOT_USER_FILE=access_key \
MINIO_ROOT_PASSWORD_FILE=secret_key \
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

2
Dockerfile.dev
View File

@ -8,6 +8,8 @@ COPY dockerscripts/docker-entrypoint.sh /usr/bin/
COPY minio /usr/bin/
ENV MINIO_UPDATE=off \
MINIO_ACCESS_KEY_FILE=access_key \
MINIO_SECRET_KEY_FILE=secret_key \
MINIO_ROOT_USER_FILE=access_key \
MINIO_ROOT_PASSWORD_FILE=secret_key \
MINIO_KMS_SECRET_KEY_FILE=kms_master_key

4
Dockerfile.release
View File

@ -12,7 +12,9 @@ LABEL name="MinIO" \
summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
ENV MINIO_ROOT_USER_FILE=access_key \
ENV MINIO_ACCESS_KEY_FILE=access_key \
MINIO_SECRET_KEY_FILE=secret_key \
MINIO_ROOT_USER_FILE=access_key \
MINIO_ROOT_PASSWORD_FILE=secret_key \
MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

9
cmd/common-main.go
View File

@ -309,6 +309,15 @@ func handleCommonEnvVars() {
// in-place update is off.
globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.EnableOn), config.EnableOff)
if env.IsSet(config.EnvAccessKey) || env.IsSet(config.EnvSecretKey) {
cred, err := auth.CreateCredentials(env.Get(config.EnvAccessKey, ""), env.Get(config.EnvSecretKey, ""))
if err != nil {
logger.Fatal(config.ErrInvalidCredentials(err),
"Unable to validate credentials inherited from the shell environment")
}
globalActiveCred = cred
}
if env.IsSet(config.EnvRootUser) || env.IsSet(config.EnvRootPassword) {
cred, err := auth.CreateCredentials(env.Get(config.EnvRootUser, ""), env.Get(config.EnvRootPassword, ""))
if err != nil {

2
cmd/config/constants.go
View File

@ -24,6 +24,8 @@ const (
// Top level common ENVs
const (
EnvAccessKey = "MINIO_ACCESS_KEY"
EnvSecretKey = "MINIO_SECRET_KEY"
EnvRootUser = "MINIO_ROOT_USER"
EnvRootPassword = "MINIO_ROOT_PASSWORD"

2
cmd/test-utils_test.go
View File

@ -82,6 +82,8 @@ func TestMain(m *testing.M) {
// disable ENVs which interfere with tests.
for _, env := range []string{
crypto.EnvKMSAutoEncryption,
config.EnvAccessKey,
config.EnvSecretKey,
config.EnvRootUser,
config.EnvRootPassword,
} {

28
dockerscripts/docker-entrypoint.sh
View File

@ -8,6 +8,31 @@ if [ "${1}" != "minio" ]; then
fi
fi
## Look for docker secrets at given absolute path or in default documented location.
docker_secrets_env_old() {
if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
else
ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
fi
if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
else
SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
fi
if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
if [ -f "$ACCESS_KEY_FILE" ]; then
MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
export MINIO_ACCESS_KEY
fi
if [ -f "$SECRET_KEY_FILE" ]; then
MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
export MINIO_SECRET_KEY
fi
fi
}
docker_secrets_env() {
if [ -f "$MINIO_ROOT_USER_FILE" ]; then
ROOT_USER_FILE="$MINIO_ROOT_USER_FILE"
@ -73,6 +98,9 @@ docker_switch_user() {
fi
}
## Set access env from secrets if necessary.
docker_secrets_env_old
## Set access env from secrets if necessary.
docker_secrets_env