Final changes to config sub-system (#8600)

- Introduces changes such as certain types of
  errors that can be ignored or which need to 
  go into safe mode.
- Update help text as per the review

cmd/config/etcd/etcd.go

@@ -19,7 +19,6 @@ package etcd
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"fmt"
 	"strings"
 	"time"
 
@@ -44,7 +43,6 @@ const (
 	ClientCert    = "client_cert"
 	ClientCertKey = "client_cert_key"
 
-	EnvEtcdState         = "MINIO_ETCD_STATE"
 	EnvEtcdEndpoints     = "MINIO_ETCD_ENDPOINTS"
 	EnvEtcdPathPrefix    = "MINIO_ETCD_PATH_PREFIX"
 	EnvEtcdCoreDNSPath   = "MINIO_ETCD_COREDNS_PATH"
@@ -55,10 +53,6 @@ const (
 // DefaultKVS - default KV settings for etcd.
 var (
 	DefaultKVS = config.KVS{
-		config.KV{
-			Key:   config.State,
-			Value: config.StateOff,
-		},
 		config.KV{
 			Key:   Endpoints,
 			Value: "",
@@ -115,7 +109,8 @@ func parseEndpoints(endpoints string) ([]string, bool, error) {
 			return nil, false, err
 		}
 		if etcdSecure && u.Scheme == "http" {
-			return nil, false, fmt.Errorf("all endpoints should be https or http: %s", endpoint)
+			return nil, false, config.Errorf(config.SafeModeKind,
+				"all endpoints should be https or http: %s", endpoint)
 		}
 		// If one of the endpoint is https, we will use https directly.
 		etcdSecure = etcdSecure || u.Scheme == "https"
@@ -124,39 +119,10 @@ func parseEndpoints(endpoints string) ([]string, bool, error) {
 	return etcdEndpoints, etcdSecure, nil
 }
 
-func lookupLegacyConfig(rootCAs *x509.CertPool) (Config, error) {
-	cfg := Config{}
-	endpoints := env.Get(EnvEtcdEndpoints, "")
-	if endpoints == "" {
-		return cfg, nil
-	}
-	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)
-	if err != nil {
-		return cfg, err
-	}
-	cfg.Enabled = true
-	cfg.DialTimeout = defaultDialTimeout
-	cfg.DialKeepAliveTime = defaultDialKeepAlive
-	cfg.Endpoints = etcdEndpoints
-	cfg.CoreDNSPath = env.Get(EnvEtcdCoreDNSPath, "/skydns")
-	// Default path prefix for all keys on etcd, other than CoreDNSPath.
-	cfg.PathPrefix = env.Get(EnvEtcdPathPrefix, "")
-	if etcdSecure {
-		cfg.TLS = &tls.Config{
-			RootCAs: rootCAs,
-		}
-		// This is only to support client side certificate authentication
-		// https://coreos.com/etcd/docs/latest/op-guide/security.html
-		etcdClientCertFile := env.Get(EnvEtcdClientCert, "")
-		etcdClientCertKey := env.Get(EnvEtcdClientCertKey, "")
-		if etcdClientCertFile != "" && etcdClientCertKey != "" {
-			cfg.TLS.GetClientCertificate = func(unused *tls.CertificateRequestInfo) (*tls.Certificate, error) {
-				cert, err := tls.LoadX509KeyPair(etcdClientCertFile, etcdClientCertKey)
-				return &cert, err
-			}
-		}
-	}
-	return cfg, nil
+// Enabled returns if etcd is enabled.
+func Enabled(kvs config.KVS) bool {
+	endpoints := kvs.Get(Endpoints)
+	return endpoints != ""
 }
 
 // LookupConfig - Initialize new etcd config.
@@ -166,34 +132,9 @@ func LookupConfig(kvs config.KVS, rootCAs *x509.CertPool) (Config, error) {
 		return cfg, err
 	}
 
-	if env.Get(EnvEtcdEndpoints, "") != "" && env.Get(EnvEtcdState, "") == "" {
-		// By default state is 'on' to honor legacy config.
-		var err error
-		cfg, err = lookupLegacyConfig(rootCAs)
-		if err != nil {
-			return cfg, err
-		}
-		// If old legacy config is enabled honor it.
-		if cfg.Enabled {
-			return cfg, nil
-		}
-	}
-
-	stateBool, err := config.ParseBool(env.Get(EnvEtcdState, kvs.Get(config.State)))
-	if err != nil {
-		if kvs.Empty() {
-			return cfg, nil
-		}
-		return cfg, err
-	}
-
-	if !stateBool {
-		return cfg, nil
-	}
-
 	endpoints := env.Get(EnvEtcdEndpoints, kvs.Get(Endpoints))
 	if endpoints == "" {
-		return cfg, config.Error("'endpoints' key cannot be empty to enable etcd")
+		return cfg, nil
 	}
 
 	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)

cmd/config/etcd/help.go

@@ -23,35 +23,36 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         Endpoints,
-			Description: `Comma separated list of etcd endpoints eg: "http://localhost:2379"`,
+			Description: `comma separated list of etcd endpoints e.g. "http://localhost:2379"`,
 			Type:        "csv",
 		},
 		config.HelpKV{
 			Key:         PathPrefix,
-			Description: `Default etcd path prefix to populate all IAM assets eg: "customer/"`,
+			Description: `default etcd path prefix to populate all IAM assets eg: "customer/"`,
+			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         CoreDNSPath,
-			Description: `Default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
+			Description: `default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         ClientCert,
-			Description: `Etcd client cert for mTLS authentication`,
+			Description: `client cert for mTLS authentication`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         ClientCertKey,
-			Description: `Etcd client cert key for mTLS authentication`,
+			Description: `client cert key for mTLS authentication`,
 			Optional:    true,
 			Type:        "path",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the etcd settings",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},