From ac36a377b0181b82b1114fe44baf553ce99e26b7 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 20 Oct 2021 11:31:09 -0700 Subject: [PATCH] fix: remove deprecated jwks_url from config KV (#13477) --- cmd/config-migrate.go | 1 - cmd/xl-storage.go | 8 +++- internal/config/identity/openid/jwt.go | 23 +++-------- internal/config/identity/openid/legacy.go | 47 ----------------------- 4 files changed, 12 insertions(+), 67 deletions(-) delete mode 100644 internal/config/identity/openid/legacy.go diff --git a/cmd/config-migrate.go b/cmd/config-migrate.go index 0e0231291..500392168 100644 --- a/cmd/config-migrate.go +++ b/cmd/config-migrate.go @@ -2754,7 +2754,6 @@ func migrateMinioSysConfigToKV(objAPI ObjectLayer) error { } xldap.SetIdentityLDAP(newCfg, cfg.LDAPServerConfig) - openid.SetIdentityOpenID(newCfg, cfg.OpenID) opa.SetPolicyOPAConfig(newCfg, cfg.Policy.OPA) cache.SetCacheConfig(newCfg, cfg.Cache) compress.SetCompressionConfig(newCfg, cfg.Compression) diff --git a/cmd/xl-storage.go b/cmd/xl-storage.go index ded5c9a77..aebf67143 100644 --- a/cmd/xl-storage.go +++ b/cmd/xl-storage.go @@ -2044,7 +2044,9 @@ func (s *xlStorage) RenameData(ctx context.Context, srcVolume, srcPath string, f } s.deleteFile(dstVolumeDir, dstDataPath, false) - logger.LogIf(ctx, err) + if err != errFileNotFound { + logger.LogIf(ctx, err) + } return osErrToFileErr(err) } } @@ -2057,7 +2059,9 @@ func (s *xlStorage) RenameData(ctx context.Context, srcVolume, srcPath string, f } s.deleteFile(dstVolumeDir, dstFilePath, false) - logger.LogIf(ctx, err) + if err != errFileNotFound { + logger.LogIf(ctx, err) + } return osErrToFileErr(err) } diff --git a/internal/config/identity/openid/jwt.go b/internal/config/identity/openid/jwt.go index abbfaba95..55335fe12 100644 --- a/internal/config/identity/openid/jwt.go +++ b/internal/config/identity/openid/jwt.go @@ -378,7 +378,6 @@ const ( EnvIdentityOpenIDVendor = "MINIO_IDENTITY_OPENID_VENDOR" EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID" EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET" - EnvIdentityOpenIDJWKSURL = "MINIO_IDENTITY_OPENID_JWKS_URL" EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL" EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME" EnvIdentityOpenIDClaimUserInfo = "MINIO_IDENTITY_OPENID_CLAIM_USERINFO" @@ -469,29 +468,23 @@ var ( Key: Scopes, Value: "", }, - config.KV{ - Key: JwksURL, - Value: "", - }, } ) -// Enabled returns if jwks is enabled. +// Enabled returns if configURL is enabled. func Enabled(kvs config.KVS) bool { - return kvs.Get(JwksURL) != "" + return kvs.Get(ConfigURL) != "" } // LookupConfig lookup jwks from config, override with any ENVs. func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (c Config, err error) { + // remove this since we have removed this already. + kvs.Delete(JwksURL) + if err = config.CheckValidKeys(config.IdentityOpenIDSubSys, kvs, DefaultKVS); err != nil { return c, err } - jwksURL := env.Get(EnvIamJwksURL, "") // Legacy - if jwksURL == "" { - jwksURL = env.Get(EnvIdentityOpenIDJWKSURL, kvs.Get(JwksURL)) - } - c = Config{ RWMutex: &sync.RWMutex{}, ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)), @@ -538,11 +531,7 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io c.ClaimName = iampolicy.PolicyName } - if jwksURL == "" { - // Fallback to discovery document jwksURL - jwksURL = c.DiscoveryDoc.JwksURI - } - + jwksURL := c.DiscoveryDoc.JwksURI if jwksURL == "" { return c, nil } diff --git a/internal/config/identity/openid/legacy.go b/internal/config/identity/openid/legacy.go deleted file mode 100644 index b92ae75db..000000000 --- a/internal/config/identity/openid/legacy.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright (c) 2015-2021 MinIO, Inc. -// -// This file is part of MinIO Object Storage stack -// -// This program is free software: you can redistribute it and/or modify -// it under the terms of the GNU Affero General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// This program is distributed in the hope that it will be useful -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU Affero General Public License for more details. -// -// You should have received a copy of the GNU Affero General Public License -// along with this program. If not, see . - -package openid - -import "github.com/minio/minio/internal/config" - -// Legacy envs -const ( - EnvIamJwksURL = "MINIO_IAM_JWKS_URL" -) - -// SetIdentityOpenID - One time migration code needed, for migrating from older config to new for OpenIDConfig. -func SetIdentityOpenID(s config.Config, cfg Config) { - if cfg.JWKS.URL == nil || cfg.JWKS.URL.String() == "" { - // No need to save not-enabled settings in new config. - return - } - s[config.IdentityOpenIDSubSys][config.Default] = config.KVS{ - config.KV{ - Key: JwksURL, - Value: cfg.JWKS.URL.String(), - }, - config.KV{ - Key: ConfigURL, - Value: "", - }, - config.KV{ - Key: ClaimPrefix, - Value: "", - }, - } -}