MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 23:13:23 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove globalOpenIDConfig (#16708)

Browse Source
This commit is contained in:
Aditya Manthramurthy 2023-02-25 21:01:37 -08:00 committed by GitHub
parent b49b39e99d
commit 9ed4fc9687
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 16 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/admin-handlers-idp-config.go
View File

@ -178,7 +178,7 @@ func handleCreateUpdateValidation(s config.Config, subSys, cfgTarget string, isU
var cfgInfos []madmin.IDPCfgInfo var cfgInfos []madmin.IDPCfgInfo
switch subSys { switch subSys {
case madmin.IdentityOpenIDSubSys: case madmin.IdentityOpenIDSubSys:
cfgInfos, _ = globalOpenIDConfig.GetConfigInfo(s, cfgTarget) cfgInfos, _ = globalIAMSys.OpenIDConfig.GetConfigInfo(s, cfgTarget)
case madmin.IdentityLDAPSubSys: case madmin.IdentityLDAPSubSys:
cfgInfos, _ = globalIAMSys.LDAPConfig.GetConfigInfo(s, cfgTarget) cfgInfos, _ = globalIAMSys.LDAPConfig.GetConfigInfo(s, cfgTarget)
} }
@ -240,7 +240,7 @@ func (a adminAPIHandlers) ListIdentityProviderCfg(w http.ResponseWriter, r *http
switch idpCfgType { switch idpCfgType {
case madmin.OpenidIDPCfg: case madmin.OpenidIDPCfg:
cfg := globalServerConfig.Clone() cfg := globalServerConfig.Clone()
cfgList, err = globalOpenIDConfig.GetConfigList(cfg) cfgList, err = globalIAMSys.OpenIDConfig.GetConfigList(cfg)
case madmin.LDAPIDPCfg: case madmin.LDAPIDPCfg:
cfg := globalServerConfig.Clone() cfg := globalServerConfig.Clone()
cfgList, err = globalIAMSys.LDAPConfig.GetConfigList(cfg) cfgList, err = globalIAMSys.LDAPConfig.GetConfigList(cfg)
@ -296,7 +296,7 @@ func (a adminAPIHandlers) GetIdentityProviderCfg(w http.ResponseWriter, r *http.
var err error var err error
switch idpCfgType { switch idpCfgType {
case madmin.OpenidIDPCfg: case madmin.OpenidIDPCfg:
cfgInfos, err = globalOpenIDConfig.GetConfigInfo(cfg, cfgName) cfgInfos, err = globalIAMSys.OpenIDConfig.GetConfigInfo(cfg, cfgName)
case madmin.LDAPIDPCfg: case madmin.LDAPIDPCfg:
cfgInfos, err = globalIAMSys.LDAPConfig.GetConfigInfo(cfg, cfgName) cfgInfos, err = globalIAMSys.LDAPConfig.GetConfigInfo(cfg, cfgName)
} }
@ -355,7 +355,7 @@ func (a adminAPIHandlers) DeleteIdentityProviderCfg(w http.ResponseWriter, r *ht
switch idpCfgType { switch idpCfgType {
case madmin.OpenidIDPCfg: case madmin.OpenidIDPCfg:
subSys = config.IdentityOpenIDSubSys subSys = config.IdentityOpenIDSubSys
cfgInfos, err := globalOpenIDConfig.GetConfigInfo(cfgCopy, cfgName) cfgInfos, err := globalIAMSys.OpenIDConfig.GetConfigInfo(cfgCopy, cfgName)
if err != nil { if err != nil {
if errors.Is(err, openid.ErrProviderConfigNotFound) { if errors.Is(err, openid.ErrProviderConfigNotFound) {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminNoSuchConfigTarget), r.URL) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminNoSuchConfigTarget), r.URL)

5
cmd/common-main.go
View File

@ -215,8 +215,9 @@ func minioConfigToConsoleFeatures() {
} }
func buildOpenIDConsoleConfig() consoleoauth2.OpenIDPCfg { func buildOpenIDConsoleConfig() consoleoauth2.OpenIDPCfg {
m := make(map[string]consoleoauth2.ProviderConfig, len(globalOpenIDConfig.ProviderCfgs)) pcfgs := globalIAMSys.OpenIDConfig.ProviderCfgs
for name, cfg := range globalOpenIDConfig.ProviderCfgs { m := make(map[string]consoleoauth2.ProviderConfig, len(pcfgs))
for name, cfg := range pcfgs {
callback := getConsoleEndpoints()[0] + "/oauth_callback" callback := getConsoleEndpoints()[0] + "/oauth_callback"
if cfg.RedirectURI != "" { if cfg.RedirectURI != "" {
callback = cfg.RedirectURI callback = cfg.RedirectURI

2
cmd/globals.go
View File

@ -42,7 +42,6 @@ import (
"github.com/minio/minio/internal/config/callhome" "github.com/minio/minio/internal/config/callhome"
"github.com/minio/minio/internal/config/compress" "github.com/minio/minio/internal/config/compress"
"github.com/minio/minio/internal/config/dns" "github.com/minio/minio/internal/config/dns"
"github.com/minio/minio/internal/config/identity/openid"
idplugin "github.com/minio/minio/internal/config/identity/plugin" idplugin "github.com/minio/minio/internal/config/identity/plugin"
xtls "github.com/minio/minio/internal/config/identity/tls" xtls "github.com/minio/minio/internal/config/identity/tls"
polplugin "github.com/minio/minio/internal/config/policy/plugin" polplugin "github.com/minio/minio/internal/config/policy/plugin"
@ -200,7 +199,6 @@ var (
globalStorageClass storageclass.Config globalStorageClass storageclass.Config
globalOpenIDConfig openid.Config
globalSTSTLSConfig xtls.Config globalSTSTLSConfig xtls.Config
globalAuthNPlugin *idplugin.AuthNPlugin globalAuthNPlugin *idplugin.AuthNPlugin

13
cmd/iam.go
View File

@ -88,7 +88,7 @@ type IAMSys struct {
iamRefreshInterval time.Duration iamRefreshInterval time.Duration
LDAPConfig xldap.Config // only valid if usersSysType is LDAPUsers LDAPConfig xldap.Config // only valid if usersSysType is LDAPUsers
openIDConfig openid.Config // only valid if OpenID is configured OpenIDConfig openid.Config // only valid if OpenID is configured
usersSysType UsersSysType usersSysType UsersSysType
@ -213,8 +213,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
s := globalServerConfig s := globalServerConfig
globalServerConfigMu.RUnlock() globalServerConfigMu.RUnlock()
var err error openidConfig, err := openid.LookupConfig(s,
globalOpenIDConfig, err = openid.LookupConfig(s,
NewHTTPTransport(), xhttp.DrainBody, globalSite.Region) NewHTTPTransport(), xhttp.DrainBody, globalSite.Region)
if err != nil { if err != nil {
logger.LogIf(ctx, fmt.Errorf("Unable to initialize OpenID: %w", err)) logger.LogIf(ctx, fmt.Errorf("Unable to initialize OpenID: %w", err))
@ -258,7 +257,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
defer sys.Unlock() defer sys.Unlock()
sys.LDAPConfig = ldapConfig sys.LDAPConfig = ldapConfig
sys.openIDConfig = globalOpenIDConfig.Clone() sys.OpenIDConfig = openidConfig
sys.iamRefreshInterval = iamRefreshInterval sys.iamRefreshInterval = iamRefreshInterval
// Initialize IAM store // Initialize IAM store
@ -322,7 +321,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
// Set up polling for expired accounts and credentials purging. // Set up polling for expired accounts and credentials purging.
switch { switch {
case sys.openIDConfig.ProviderEnabled(): case sys.OpenIDConfig.ProviderEnabled():
go func() { go func() {
timer := time.NewTimer(refreshInterval) timer := time.NewTimer(refreshInterval)
defer timer.Stop() defer timer.Stop()
@ -363,7 +362,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
sys.rolesMap = make(map[arn.ARN]string) sys.rolesMap = make(map[arn.ARN]string)
// From OpenID // From OpenID
if riMap := globalOpenIDConfig.GetRoleInfo(); riMap != nil { if riMap := sys.OpenIDConfig.GetRoleInfo(); riMap != nil {
sys.validateAndAddRolePolicyMappings(ctx, riMap) sys.validateAndAddRolePolicyMappings(ctx, riMap)
} }
@ -1280,7 +1279,7 @@ func (sys *IAMSys) purgeExpiredCredentialsForExternalSSO(ctx context.Context) {
continue continue
} }
roleArn = roleArns[0] roleArn = roleArns[0]
u, err := sys.openIDConfig.LookupUser(roleArn, puInfo.subClaimValue) u, err := sys.OpenIDConfig.LookupUser(roleArn, puInfo.subClaimValue)
if err != nil { if err != nil {
logger.LogIf(GlobalContext, err) logger.LogIf(GlobalContext, err)
continue continue

2
cmd/site-replication.go
View File

@ -605,7 +605,7 @@ func (c *SiteReplicationSys) GetIDPSettings(ctx context.Context) madmin.IDPSetti
LDAPGroupSearchBase: globalIAMSys.LDAPConfig.LDAP.GroupSearchBaseDistName, LDAPGroupSearchBase: globalIAMSys.LDAPConfig.LDAP.GroupSearchBaseDistName,
LDAPGroupSearchFilter: globalIAMSys.LDAPConfig.LDAP.GroupSearchFilter, LDAPGroupSearchFilter: globalIAMSys.LDAPConfig.LDAP.GroupSearchFilter,
} }
s.OpenID = globalOpenIDConfig.GetSettings() s.OpenID = globalIAMSys.OpenIDConfig.GetSettings()
if s.OpenID.Enabled { if s.OpenID.Enabled {
s.OpenID.Region = globalSite.Region s.OpenID.Region = globalSite.Region
} }

2
cmd/sts-handlers.go
View File

@ -361,7 +361,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
} }
// Validate JWT; check clientID in claims matches the one associated with the roleArn // Validate JWT; check clientID in claims matches the one associated with the roleArn
if err := globalOpenIDConfig.Validate(r.Context(), roleArn, token, accessToken, r.Form.Get(stsDurationSeconds), claims); err != nil { if err := globalIAMSys.OpenIDConfig.Validate(r.Context(), roleArn, token, accessToken, r.Form.Get(stsDurationSeconds), claims); err != nil {
switch err { switch err {
case openid.ErrTokenExpired: case openid.ErrTokenExpired:
switch action { switch action {

2
cmd/utils.go
View File

@ -920,7 +920,7 @@ func getMinioMode() string {
} }
func iamPolicyClaimNameOpenID() string { func iamPolicyClaimNameOpenID() string {
return globalOpenIDConfig.GetIAMPolicyClaimName() return globalIAMSys.OpenIDConfig.GetIAMPolicyClaimName()
} }
func iamPolicyClaimNameSA() string { func iamPolicyClaimNameSA() string {