mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
persist the non-default creds in config (#15711)
This commit is contained in:
parent
a83105df9d
commit
9d6fddcfdf
@ -25,6 +25,7 @@ import (
|
|||||||
"sync"
|
"sync"
|
||||||
|
|
||||||
"github.com/minio/madmin-go"
|
"github.com/minio/madmin-go"
|
||||||
|
"github.com/minio/minio/internal/auth"
|
||||||
"github.com/minio/minio/internal/config"
|
"github.com/minio/minio/internal/config"
|
||||||
"github.com/minio/minio/internal/config/api"
|
"github.com/minio/minio/internal/config/api"
|
||||||
"github.com/minio/minio/internal/config/cache"
|
"github.com/minio/minio/internal/config/cache"
|
||||||
@ -279,10 +280,6 @@ var (
|
|||||||
|
|
||||||
func validateSubSysConfig(s config.Config, subSys string, objAPI ObjectLayer) error {
|
func validateSubSysConfig(s config.Config, subSys string, objAPI ObjectLayer) error {
|
||||||
switch subSys {
|
switch subSys {
|
||||||
case config.CredentialsSubSys:
|
|
||||||
if _, err := config.LookupCreds(s[config.CredentialsSubSys][config.Default]); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
case config.SiteSubSys:
|
case config.SiteSubSys:
|
||||||
if _, err := config.LookupSite(s[config.SiteSubSys][config.Default], s[config.RegionSubSys][config.Default]); err != nil {
|
if _, err := config.LookupSite(s[config.SiteSubSys][config.Default], s[config.RegionSubSys][config.Default]); err != nil {
|
||||||
return err
|
return err
|
||||||
@ -799,6 +796,13 @@ func newSrvConfig(objAPI ObjectLayer) error {
|
|||||||
// Initialize server config.
|
// Initialize server config.
|
||||||
srvCfg := newServerConfig()
|
srvCfg := newServerConfig()
|
||||||
|
|
||||||
|
if globalActiveCred.IsValid() && !globalActiveCred.Equal(auth.DefaultCredentials) {
|
||||||
|
kvs := srvCfg[config.CredentialsSubSys][config.Default]
|
||||||
|
kvs.Set(config.AccessKey, globalActiveCred.AccessKey)
|
||||||
|
kvs.Set(config.SecretKey, globalActiveCred.SecretKey)
|
||||||
|
srvCfg[config.CredentialsSubSys][config.Default] = kvs
|
||||||
|
}
|
||||||
|
|
||||||
// hold the mutex lock before a new config is assigned.
|
// hold the mutex lock before a new config is assigned.
|
||||||
globalServerConfigMu.Lock()
|
globalServerConfigMu.Lock()
|
||||||
globalServerConfig = srvCfg
|
globalServerConfig = srvCfg
|
||||||
|
@ -543,12 +543,6 @@ func serverMain(ctx *cli.Context) {
|
|||||||
initHealMRF(GlobalContext, newObject)
|
initHealMRF(GlobalContext, newObject)
|
||||||
initBackgroundExpiry(GlobalContext, newObject)
|
initBackgroundExpiry(GlobalContext, newObject)
|
||||||
|
|
||||||
if globalActiveCred.Equal(auth.DefaultCredentials) {
|
|
||||||
msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables",
|
|
||||||
globalActiveCred)
|
|
||||||
logger.Info(color.RedBold(msg))
|
|
||||||
}
|
|
||||||
|
|
||||||
if !globalCLIContext.StrictS3Compat {
|
if !globalCLIContext.StrictS3Compat {
|
||||||
logger.Info(color.RedBold("WARNING: Strict AWS S3 compatible incoming PUT, POST content payload validation is turned off, caution is advised do not use in production"))
|
logger.Info(color.RedBold("WARNING: Strict AWS S3 compatible incoming PUT, POST content payload validation is turned off, caution is advised do not use in production"))
|
||||||
}
|
}
|
||||||
@ -569,6 +563,19 @@ func serverMain(ctx *cli.Context) {
|
|||||||
logger.LogIf(GlobalContext, err)
|
logger.LogIf(GlobalContext, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if globalActiveCred.Equal(auth.DefaultCredentials) {
|
||||||
|
msg := fmt.Sprintf("WARNING: Detected default credentials '%s', we recommend that you change these values with 'MINIO_ROOT_USER' and 'MINIO_ROOT_PASSWORD' environment variables",
|
||||||
|
globalActiveCred)
|
||||||
|
logger.Info(color.RedBold(msg))
|
||||||
|
}
|
||||||
|
|
||||||
|
savedCreds, _ := config.LookupCreds(globalServerConfig[config.CredentialsSubSys][config.Default])
|
||||||
|
if globalActiveCred.Equal(auth.DefaultCredentials) && !globalActiveCred.Equal(savedCreds) {
|
||||||
|
msg := fmt.Sprintf("WARNING: Detected credentials changed to '%s', please set them back to previously set values",
|
||||||
|
globalActiveCred)
|
||||||
|
logger.Info(color.RedBold(msg))
|
||||||
|
}
|
||||||
|
|
||||||
// Initialize users credentials and policies in background right after config has initialized.
|
// Initialize users credentials and policies in background right after config has initialized.
|
||||||
go func() {
|
go func() {
|
||||||
globalIAMSys.Init(GlobalContext, newObject, globalEtcdClient, globalRefreshIAMInterval)
|
globalIAMSys.Init(GlobalContext, newObject, globalEtcdClient, globalRefreshIAMInterval)
|
||||||
|
Loading…
Reference in New Issue
Block a user