From 9d6fddcfdf4732a99aa4a02d4946767780fa5af3 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 21 Sep 2022 16:14:47 -0700 Subject: [PATCH] persist the non-default creds in config (#15711) --- cmd/config-current.go | 12 ++++++++---- cmd/server-main.go | 19 +++++++++++++------ 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/cmd/config-current.go b/cmd/config-current.go index 8344edba3..00b3354c9 100644 --- a/cmd/config-current.go +++ b/cmd/config-current.go @@ -25,6 +25,7 @@ import ( "sync" "github.com/minio/madmin-go" + "github.com/minio/minio/internal/auth" "github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config/api" "github.com/minio/minio/internal/config/cache" @@ -279,10 +280,6 @@ var ( func validateSubSysConfig(s config.Config, subSys string, objAPI ObjectLayer) error { switch subSys { - case config.CredentialsSubSys: - if _, err := config.LookupCreds(s[config.CredentialsSubSys][config.Default]); err != nil { - return err - } case config.SiteSubSys: if _, err := config.LookupSite(s[config.SiteSubSys][config.Default], s[config.RegionSubSys][config.Default]); err != nil { return err @@ -799,6 +796,13 @@ func newSrvConfig(objAPI ObjectLayer) error { // Initialize server config. srvCfg := newServerConfig() + if globalActiveCred.IsValid() && !globalActiveCred.Equal(auth.DefaultCredentials) { + kvs := srvCfg[config.CredentialsSubSys][config.Default] + kvs.Set(config.AccessKey, globalActiveCred.AccessKey) + kvs.Set(config.SecretKey, globalActiveCred.SecretKey) + srvCfg[config.CredentialsSubSys][config.Default] = kvs + } + // hold the mutex lock before a new config is assigned. globalServerConfigMu.Lock() globalServerConfig = srvCfg diff --git a/cmd/server-main.go b/cmd/server-main.go index 1ec069a21..f8cf8a7aa 100644 --- a/cmd/server-main.go +++ b/cmd/server-main.go @@ -543,12 +543,6 @@ func serverMain(ctx *cli.Context) { initHealMRF(GlobalContext, newObject) initBackgroundExpiry(GlobalContext, newObject) - if globalActiveCred.Equal(auth.DefaultCredentials) { - msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables", - globalActiveCred) - logger.Info(color.RedBold(msg)) - } - if !globalCLIContext.StrictS3Compat { logger.Info(color.RedBold("WARNING: Strict AWS S3 compatible incoming PUT, POST content payload validation is turned off, caution is advised do not use in production")) } @@ -569,6 +563,19 @@ func serverMain(ctx *cli.Context) { logger.LogIf(GlobalContext, err) } + if globalActiveCred.Equal(auth.DefaultCredentials) { + msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables", + globalActiveCred) + logger.Info(color.RedBold(msg)) + } + + savedCreds, _ := config.LookupCreds(globalServerConfig[config.CredentialsSubSys][config.Default]) + if globalActiveCred.Equal(auth.DefaultCredentials) && !globalActiveCred.Equal(savedCreds) { + msg := fmt.Sprintf("WARNING: Detected credentials changed to '%s', please set them back to previously set values", + globalActiveCred) + logger.Info(color.RedBold(msg)) + } + // Initialize users credentials and policies in background right after config has initialized. go func() { globalIAMSys.Init(GlobalContext, newObject, globalEtcdClient, globalRefreshIAMInterval)