Fix crash observed in OPA initialization (#7990)

Related to #7982, this PR refactors the code such that we validate the OPA or JWKS in a common place. This is also a refactor which is already done in the new config migration change. Attempt to avoid any network I/O during Unmarshal of JSON from disk, instead do it later when updating the in-memory data structure.
2025-11-26 04:26:12 -05:00 · 2019-07-29 15:58:25 -07:00
parent 54eded2e6f
commit 8d47ef503c
3 changed files with 28 additions and 58 deletions
--- a/pkg/iam/policy/opa.go
+++ b/pkg/iam/policy/opa.go
@@ -22,7 +22,6 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
-	"os"

 	xnet "github.com/minio/minio/pkg/net"
 )
@@ -63,17 +62,8 @@ func (a *OpaArgs) UnmarshalJSON(data []byte) error {
 	type subOpaArgs OpaArgs
 	var so subOpaArgs

-	if opaURL, ok := os.LookupEnv("MINIO_IAM_OPA_URL"); ok {
-		u, err := xnet.ParseURL(opaURL)
-		if err != nil {
-			return err
-		}
-		so.URL = u
-		so.AuthToken = os.Getenv("MINIO_IAM_OPA_AUTHTOKEN")
-	} else {
-		if err := json.Unmarshal(data, &so); err != nil {
-			return err
-		}
+	if err := json.Unmarshal(data, &so); err != nil {
+		return err
 	}

 	oa := OpaArgs(so)
@@ -82,10 +72,6 @@ func (a *OpaArgs) UnmarshalJSON(data []byte) error {
 		return nil
 	}

-	if err := oa.Validate(); err != nil {
-		return err
-	}
-
 	*a = oa
 	return nil
 }