MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-19 18:17:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

do not disable root for invalid API config values (#17386)

Browse Source
This commit is contained in:
Harshavardhana 2023-06-08 15:50:06 -07:00 committed by GitHub
parent 6e38d0f3ab
commit b829e80ecb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
cmd/handler-api.go
View File

@ -97,8 +97,17 @@ func (t *apiConfig) init(cfg api.Config, setDriveCounts []int) {
t.mu.Lock() t.mu.Lock()
defer t.mu.Unlock() defer t.mu.Unlock()
t.clusterDeadline = cfg.ClusterDeadline clusterDeadline := cfg.ClusterDeadline
t.corsAllowOrigins = cfg.CorsAllowOrigin if clusterDeadline == 0 {
clusterDeadline = 10 * time.Second
}
t.clusterDeadline = clusterDeadline
corsAllowOrigin := cfg.CorsAllowOrigin
if len(corsAllowOrigin) == 0 {
corsAllowOrigin = []string{"*"}
}
t.corsAllowOrigins = corsAllowOrigin
maxSetDrives := 0 maxSetDrives := 0
for _, setDriveCount := range setDriveCounts { for _, setDriveCount := range setDriveCounts {
t.totalDriveCount += setDriveCount t.totalDriveCount += setDriveCount
@ -136,13 +145,16 @@ func (t *apiConfig) init(cfg api.Config, setDriveCounts []int) {
t.requestsPool = make(chan struct{}, apiRequestsMaxPerNode) t.requestsPool = make(chan struct{}, apiRequestsMaxPerNode)
} }
t.requestsDeadline = cfg.RequestsDeadline t.requestsDeadline = cfg.RequestsDeadline
t.listQuorum = cfg.ListQuorum listQuorum := cfg.ListQuorum
if listQuorum == "" {
listQuorum = "strict"
}
t.listQuorum = listQuorum
if globalReplicationPool != nil && if globalReplicationPool != nil &&
cfg.ReplicationPriority != t.replicationPriority { cfg.ReplicationPriority != t.replicationPriority {
globalReplicationPool.ResizeWorkerPriority(cfg.ReplicationPriority) globalReplicationPool.ResizeWorkerPriority(cfg.ReplicationPriority)
} }
t.replicationPriority = cfg.ReplicationPriority t.replicationPriority = cfg.ReplicationPriority
if globalTransitionState != nil && cfg.TransitionWorkers != t.transitionWorkers { if globalTransitionState != nil && cfg.TransitionWorkers != t.transitionWorkers {
globalTransitionState.UpdateWorkers(cfg.TransitionWorkers) globalTransitionState.UpdateWorkers(cfg.TransitionWorkers)
} }
@ -181,6 +193,10 @@ func (t *apiConfig) getListQuorum() string {
t.mu.RLock() t.mu.RLock()
defer t.mu.RUnlock() defer t.mu.RUnlock()
if t.listQuorum == "" {
return "strict"
}
return t.listQuorum return t.listQuorum
} }
@ -188,6 +204,10 @@ func (t *apiConfig) getCorsAllowOrigins() []string {
t.mu.RLock() t.mu.RLock()
defer t.mu.RUnlock() defer t.mu.RUnlock()
if len(t.corsAllowOrigins) == 0 {
return []string{"*"}
}
corsAllowOrigins := make([]string, len(t.corsAllowOrigins)) corsAllowOrigins := make([]string, len(t.corsAllowOrigins))
copy(corsAllowOrigins, t.corsAllowOrigins) copy(corsAllowOrigins, t.corsAllowOrigins)
return corsAllowOrigins return corsAllowOrigins
@ -316,6 +336,10 @@ func (t *apiConfig) getReplicationPriority() string {
t.mu.RLock() t.mu.RLock()
defer t.mu.RUnlock() defer t.mu.RUnlock()
if t.replicationPriority == "" {
return "auto"
}
return t.replicationPriority return t.replicationPriority
} }
@ -323,5 +347,9 @@ func (t *apiConfig) getTransitionWorkers() int {
t.mu.RLock() t.mu.RLock()
defer t.mu.RUnlock() defer t.mu.RUnlock()
if t.transitionWorkers <= 0 {
return runtime.GOMAXPROCS(0) / 2
}
return t.transitionWorkers return t.transitionWorkers
} }

48
internal/config/api/api.go
View File

@ -21,7 +21,6 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"runtime"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -180,12 +179,23 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
return cfg, err return cfg, err
} }
disableODirect := env.Get(EnvAPIDisableODirect, kvs.Get(apiDisableODirect)) == config.EnableOn
gzipObjects := env.Get(EnvAPIGzipObjects, kvs.Get(apiGzipObjects)) == config.EnableOn
rootAccess := env.Get(EnvAPIRootAccess, kvs.Get(apiRootAccess)) == config.EnableOn
cfg = Config{
DisableODirect: disableODirect,
GzipObjects: gzipObjects,
RootAccess: rootAccess,
}
// Check environment variables parameters // Check environment variables parameters
requestsMax, err := strconv.Atoi(env.Get(EnvAPIRequestsMax, kvs.GetWithDefault(apiRequestsMax, DefaultKVS))) requestsMax, err := strconv.Atoi(env.Get(EnvAPIRequestsMax, kvs.GetWithDefault(apiRequestsMax, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.RequestsMax = requestsMax
if requestsMax < 0 { if requestsMax < 0 {
return cfg, errors.New("invalid API max requests value") return cfg, errors.New("invalid API max requests value")
} }
@ -194,28 +204,33 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.RequestsDeadline = requestsDeadline
clusterDeadline, err := time.ParseDuration(env.Get(EnvAPIClusterDeadline, kvs.GetWithDefault(apiClusterDeadline, DefaultKVS))) clusterDeadline, err := time.ParseDuration(env.Get(EnvAPIClusterDeadline, kvs.GetWithDefault(apiClusterDeadline, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.ClusterDeadline = clusterDeadline
corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",") corsAllowOrigin := strings.Split(env.Get(EnvAPICorsAllowOrigin, kvs.Get(apiCorsAllowOrigin)), ",")
if len(corsAllowOrigin) == 0 { if len(corsAllowOrigin) == 0 {
corsAllowOrigin = []string{"*"} // defaults to '*' corsAllowOrigin = []string{"*"} // defaults to '*'
} }
cfg.CorsAllowOrigin = corsAllowOrigin
remoteTransportDeadline, err := time.ParseDuration(env.Get(EnvAPIRemoteTransportDeadline, kvs.GetWithDefault(apiRemoteTransportDeadline, DefaultKVS))) remoteTransportDeadline, err := time.ParseDuration(env.Get(EnvAPIRemoteTransportDeadline, kvs.GetWithDefault(apiRemoteTransportDeadline, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.RemoteTransportDeadline = remoteTransportDeadline
listQuorum := env.Get(EnvAPIListQuorum, kvs.GetWithDefault(apiListQuorum, DefaultKVS)) listQuorum := env.Get(EnvAPIListQuorum, kvs.GetWithDefault(apiListQuorum, DefaultKVS))
switch listQuorum { switch listQuorum {
case "strict", "optimal", "reduced", "disk": case "strict", "optimal", "reduced", "disk":
default: default:
return cfg, fmt.Errorf("invalid value %v for list_quorum", listQuorum) return cfg, fmt.Errorf("invalid value %v for list_quorum: will default to 'strict'", listQuorum)
} }
cfg.ListQuorum = listQuorum
replicationPriority := env.Get(EnvAPIReplicationPriority, kvs.GetWithDefault(apiReplicationPriority, DefaultKVS)) replicationPriority := env.Get(EnvAPIReplicationPriority, kvs.GetWithDefault(apiReplicationPriority, DefaultKVS))
switch replicationPriority { switch replicationPriority {
@ -223,14 +238,13 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
default: default:
return cfg, fmt.Errorf("invalid value %v for replication_priority", replicationPriority) return cfg, fmt.Errorf("invalid value %v for replication_priority", replicationPriority)
} }
cfg.ReplicationPriority = replicationPriority
transitionWorkers, err := strconv.Atoi(env.Get(EnvAPITransitionWorkers, kvs.GetWithDefault(apiTransitionWorkers, DefaultKVS))) transitionWorkers, err := strconv.Atoi(env.Get(EnvAPITransitionWorkers, kvs.GetWithDefault(apiTransitionWorkers, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
if transitionWorkers < runtime.GOMAXPROCS(0)/2 { cfg.TransitionWorkers = transitionWorkers
return cfg, config.ErrInvalidTransitionWorkersValue(nil)
}
v := env.Get(EnvAPIDeleteCleanupInterval, kvs.Get(apiDeleteCleanupInterval)) v := env.Get(EnvAPIDeleteCleanupInterval, kvs.Get(apiDeleteCleanupInterval))
if v == "" { if v == "" {
@ -241,35 +255,19 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.DeleteCleanupInterval = deleteCleanupInterval
staleUploadsCleanupInterval, err := time.ParseDuration(env.Get(EnvAPIStaleUploadsCleanupInterval, kvs.GetWithDefault(apiStaleUploadsCleanupInterval, DefaultKVS))) staleUploadsCleanupInterval, err := time.ParseDuration(env.Get(EnvAPIStaleUploadsCleanupInterval, kvs.GetWithDefault(apiStaleUploadsCleanupInterval, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.StaleUploadsCleanupInterval = staleUploadsCleanupInterval
staleUploadsExpiry, err := time.ParseDuration(env.Get(EnvAPIStaleUploadsExpiry, kvs.GetWithDefault(apiStaleUploadsExpiry, DefaultKVS))) staleUploadsExpiry, err := time.ParseDuration(env.Get(EnvAPIStaleUploadsExpiry, kvs.GetWithDefault(apiStaleUploadsExpiry, DefaultKVS)))
if err != nil { if err != nil {
return cfg, err return cfg, err
} }
cfg.StaleUploadsExpiry = staleUploadsExpiry
disableODirect := env.Get(EnvAPIDisableODirect, kvs.Get(apiDisableODirect)) == config.EnableOn return cfg, nil
gzipObjects := env.Get(EnvAPIGzipObjects, kvs.Get(apiGzipObjects)) == config.EnableOn
rootAccess := env.Get(EnvAPIRootAccess, kvs.Get(apiRootAccess)) == config.EnableOn
return Config{
RequestsMax: requestsMax,
RequestsDeadline: requestsDeadline,
ClusterDeadline: clusterDeadline,
CorsAllowOrigin: corsAllowOrigin,
RemoteTransportDeadline: remoteTransportDeadline,
ListQuorum: listQuorum,
ReplicationPriority: replicationPriority,
TransitionWorkers: transitionWorkers,
StaleUploadsCleanupInterval: staleUploadsCleanupInterval,
StaleUploadsExpiry: staleUploadsExpiry,
DeleteCleanupInterval: deleteCleanupInterval,
DisableODirect: disableODirect,
GzipObjects: gzipObjects,
RootAccess: rootAccess,
}, nil
} }