MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add HTTP2 config option for policy plugin (#16225)

Browse Source
This commit is contained in:
Aditya Manthramurthy
2022-12-13 14:28:48 -08:00
committed by GitHub
parent 709eb283d9
commit 9e6cc847f8
8 changed files with 87 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
docs/iam/access-management-plugin.md
View File

@@ -46,16 +46,19 @@ Only the last operation would fail with a permissions error.
Access Management Plugin can be configured with environment variables:
```sh
$ mc admin config set dminio1 policy_plugin --env
$ mc admin config set myminio policy_plugin --env
KEY:
policy_plugin enable Access Management Plugin for policy enforcement
ARGS:
MINIO_POLICY_PLUGIN_URL* (url) plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"
MINIO_POLICY_PLUGIN_AUTH_TOKEN (string) authorization token for plugin hook endpoint
MINIO_POLICY_PLUGIN_COMMENT (sentence) optionally add a comment to this setting
MINIO_POLICY_PLUGIN_URL* (url) plugin hook endpoint (HTTP(S)) e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"
MINIO_POLICY_PLUGIN_AUTH_TOKEN (string) authorization header for plugin hook endpoint
MINIO_POLICY_PLUGIN_ENABLE_HTTP2 (bool) Enable experimental HTTP2 support to connect to plugin service (default: 'off')
MINIO_POLICY_PLUGIN_COMMENT (sentence) optionally add a comment to this setting
```
By default this plugin uses HTTP 1.x. To enable HTTP2 use the `MINIO_POLICY_PLUGIN_ENABLE_HTTP2` environment variable.
## Request and Response
MinIO will make a `POST` request with a JSON body to the given plugin URL. If the auth token parameter is set, it will be sent as an authorization header.

27
docs/iam/access-manager-plugin.go
View File

@@ -22,6 +22,7 @@ package main
import (
"encoding/json"
"flag"
"fmt"
"io"
"log"
@@ -29,6 +30,16 @@ import (
"strings"
)
var (
keyFile string
certFile string
)
func init() {
flag.StringVar(&keyFile, "key-file", "", "Path to TLS cert key file")
flag.StringVar(&certFile, "cert-file", "", "Path to TLS cert file")
}
func writeErrorResponse(w http.ResponseWriter, err error) {
w.WriteHeader(http.StatusBadRequest)
json.NewEncoder(w).Encode(map[string]string{
@@ -77,8 +88,22 @@ func mainHandler(w http.ResponseWriter, r *http.Request) {
}
func main() {
flag.Parse()
serveFunc := func() error {
return http.ListenAndServe(":8080", nil)
}
if certFile != "" || keyFile != "" {
if certFile == "" || keyFile == "" {
log.Fatal("Please provide both a key file and a cert file to enable TLS.")
}
serveFunc = func() error {
return http.ListenAndServeTLS(":8080", certFile, keyFile, nil)
}
}
http.HandleFunc("/", mainHandler)
log.Print("Listening on :8080")
log.Fatal(http.ListenAndServe(":8080", nil))
log.Fatal(serveFunc())
}