Fix crash observed in OPA initialization (#7990)

Related to #7982, this PR refactors the code
such that we validate the OPA or JWKS in a
common place.

This is also a refactor which is already done
in the new config migration change. Attempt
to avoid any network I/O during Unmarshal of
JSON from disk, instead do it later when
updating the in-memory data structure.

pkg/iam/validator/jwt.go

@@ -24,7 +24,6 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-	"os"
 	"strconv"
 	"time"
 
@@ -38,11 +37,6 @@ type JWKSArgs struct {
 	publicKeys map[string]crypto.PublicKey
 }
 
-// Validate JWT authentication target arguments
-func (r *JWKSArgs) Validate() error {
-	return nil
-}
-
 // PopulatePublicKey - populates a new publickey from the JWKS URL.
 func (r *JWKSArgs) PopulatePublicKey() error {
 	insecureClient := &http.Client{Transport: newCustomHTTPTransport(true)}
@@ -83,17 +77,8 @@ func (r *JWKSArgs) UnmarshalJSON(data []byte) error {
 	type subJWKSArgs JWKSArgs
 	var sr subJWKSArgs
 
-	// IAM related envs.
-	if jwksURL, ok := os.LookupEnv("MINIO_IAM_JWKS_URL"); ok {
-		u, err := xnet.ParseURL(jwksURL)
-		if err != nil {
-			return err
-		}
-		sr.URL = u
-	} else {
-		if err := json.Unmarshal(data, &sr); err != nil {
-			return err
-		}
+	if err := json.Unmarshal(data, &sr); err != nil {
+		return err
 	}
 
 	ar := JWKSArgs(sr)
@@ -101,13 +86,6 @@ func (r *JWKSArgs) UnmarshalJSON(data []byte) error {
 		*r = ar
 		return nil
 	}
-	if err := ar.Validate(); err != nil {
-		return err
-	}
-
-	if err := ar.PopulatePublicKey(); err != nil {
-		return err
-	}
 
 	*r = ar
 	return nil