Final changes to config sub-system (#8600)

- Introduces changes such as certain types of errors that can be ignored or which need to go into safe mode. - Update help text as per the review
2025-11-09 21:49:46 -05:00 · 2019-12-04 15:32:37 -08:00
parent 794eb54da8
commit c9940d8c3f
65 changed files with 605 additions and 1033 deletions
--- a/cmd/config/identity/ldap/config.go
+++ b/cmd/config/identity/ldap/config.go
@@ -65,7 +65,6 @@ const (
 	GroupSearchBaseDN  = "group_search_base_dn"
 	TLSSkipVerify      = "tls_skip_verify"

-	EnvLDAPState          = "MINIO_IDENTITY_LDAP_STATE"
 	EnvServerAddr         = "MINIO_IDENTITY_LDAP_SERVER_ADDR"
 	EnvSTSExpiry          = "MINIO_IDENTITY_LDAP_STS_EXPIRY"
 	EnvTLSSkipVerify      = "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY"
@@ -78,10 +77,6 @@ const (
 // DefaultKVS - default config for LDAP config
 var (
 	DefaultKVS = config.KVS{
-		config.KV{
-			Key:   config.State,
-			Value: config.StateOff,
-		},
 		config.KV{
 			Key:   ServerAddr,
 			Value: "",
@@ -108,7 +103,7 @@ var (
 		},
 		config.KV{
 			Key:   TLSSkipVerify,
-			Value: config.StateOff,
+			Value: config.EnableOff,
 		},
 	}
 )
@@ -130,25 +125,18 @@ func (l Config) GetExpiryDuration() time.Duration {
 	return l.stsExpiryDuration
 }

+// Enabled returns if jwks is enabled.
+func Enabled(kvs config.KVS) bool {
+	return kvs.Get(ServerAddr) != ""
+}
+
 // Lookup - initializes LDAP config, overrides config, if any ENV values are set.
 func Lookup(kvs config.KVS, rootCAs *x509.CertPool) (l Config, err error) {
 	l = Config{}
 	if err = config.CheckValidKeys(config.IdentityLDAPSubSys, kvs, DefaultKVS); err != nil {
 		return l, err
 	}
-	stateBool, err := config.ParseBool(env.Get(EnvLDAPState, kvs.Get(config.State)))
-	if err != nil {
-		if kvs.Empty() {
-			return l, nil
-		}
-		return l, err
-	}
 	ldapServer := env.Get(EnvServerAddr, kvs.Get(ServerAddr))
-	if stateBool {
-		if ldapServer == "" {
-			return l, config.Error("'serveraddr' cannot be empty if you wish to enable AD/LDAP support")
-		}
-	}
 	if ldapServer == "" {
 		return l, nil
 	}
--- a/cmd/config/identity/ldap/help.go
+++ b/cmd/config/identity/ldap/help.go
@@ -23,47 +23,47 @@ var (
 	Help = config.HelpKVS{
 		config.HelpKV{
 			Key:         ServerAddr,
-			Description: `AD/LDAP server address eg: "myldapserver.com:636"`,
+			Description: `AD/LDAP server address e.g. "myldapserver.com:636"`,
 			Type:        "address",
 		},
 		config.HelpKV{
 			Key:         UsernameFormat,
-			Description: `AD/LDAP format of full username DN eg: "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
+			Description: `AD/LDAP format of full username DN e.g. "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupSearchFilter,
-			Description: `Search filter to find groups of a user (optional) eg: "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
+			Description: `search filter to find groups of a user (optional) e.g. "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupNameAttribute,
-			Description: `Attribute of search results to use as group name (optional) eg: "cn"`,
+			Description: `attribute of search results to use as group name (optional) e.g. "cn"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         GroupSearchBaseDN,
-			Description: `Base DN in AD/LDAP hierarchy to use in search requests (optional) eg: "dc=myldapserver,dc=com"`,
+			Description: `base DN in AD/LDAP hierarchy to use in search requests (optional) e.g. "dc=myldapserver,dc=com"`,
 			Optional:    true,
 			Type:        "string",
 		},
 		config.HelpKV{
 			Key:         STSExpiry,
-			Description: `AD/LDAP STS credentials validity duration eg: "1h"`,
+			Description: `AD/LDAP STS credentials validity duration e.g. "1h"`,
 			Optional:    true,
 			Type:        "duration",
 		},
 		config.HelpKV{
 			Key:         TLSSkipVerify,
-			Description: "Set this to 'on', to disable client verification of server certificates",
+			Description: "enable this to disable client verification of server certificates",
 			Optional:    true,
 			Type:        "on|off",
 		},
 		config.HelpKV{
 			Key:         config.Comment,
-			Description: "A comment to describe the LDAP/AD identity setting",
+			Description: config.DefaultComment,
 			Optional:    true,
 			Type:        "sentence",
 		},
--- a/cmd/config/identity/ldap/legacy.go
+++ b/cmd/config/identity/ldap/legacy.go
@@ -25,10 +25,6 @@ func SetIdentityLDAP(s config.Config, ldapArgs Config) {
 		return
 	}
 	s[config.IdentityLDAPSubSys][config.Default] = config.KVS{
-		config.KV{
-			Key:   config.State,
-			Value: config.StateOn,
-		},
 		config.KV{
 			Key:   ServerAddr,
 			Value: ldapArgs.ServerAddr,