Final changes to config sub-system (#8600)

- Introduces changes such as certain types of
  errors that can be ignored or which need to 
  go into safe mode.
- Update help text as per the review

docs/sts/README.md

@@ -34,7 +34,6 @@ Make sure we have followed the previous step and configured each software indepe
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
-export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 minio server /mnt/data
@@ -48,7 +47,6 @@ Make sure we have followed the previous step and configured each software indepe
 ```
 export MINIO_ACCESS_KEY=aws_access_key
 export MINIO_SECRET_KEY=aws_secret_key
-export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 export MINIO_ETCD_ENDPOINTS=http://localhost:2379

docs/sts/client-grants.md

@@ -93,14 +93,13 @@ http://minio.cluster:9000?Action=AssumeRoleWithClientGrants&DurationSeconds=3600
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
-export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="7a243d56-1081-11ea-b1b9-0bad8bed6ca0"
 export MINIO_POLICY_OPA_URL=http://localhost:8181/v1/data/httpapi/authz
 minio server /mnt/export
 
 mc admin config get myminio identity_openid
-identity_openid config_url="https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration" 
+identity_openid config_url="https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration"
 
 mc admin config get myminio policy_opa
 policy_opa url="http://localhost:8181/v1/data/httpapi/authz" auth_token=

docs/sts/ldap.md

@@ -42,7 +42,6 @@ LDAP is configured via the following environment variables:
 
 | Variable                                     | Required?               | Purpose                                                                 |
 |----------------------------------------------|-------------------------|-------------------------------------------------------------------------|
-| **MINIO_IDENTITY_LDAP_STATE**                | **YES**                 | Enable or disable ldap identity                                         |
 | **MINIO_IDENTITY_LDAP_SERVER_ADDR**          | **YES**                 | AD/LDAP server address                                                  |
 | **MINIO_IDENTITY_LDAP_USERNAME_FORMAT**      | **YES**                 | Format of full username DN                                              |
 | **MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN** | **NO**                  | Base DN in AD/LDAP hierarchy to use in search requests                  |
@@ -57,7 +56,6 @@ Please note that MinIO will only access the AD/LDAP server over TLS. If a self-s
 An example setup for development or experimentation:
 
 ``` shell
-export MINIO_IDENTITY_LDAP_STATE="on"
 export MINIO_IDENTITY_LDAP_SERVER_ADDR=myldapserver.com:636
 export MINIO_IDENTITY_LDAP_USERNAME_FORMAT="uid={username},cn=accounts,dc=myldapserver,dc=com"
 export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=myldapserver,dc=com"
@@ -111,7 +109,6 @@ The group search filter looks like `(&(objectclass=group)(member={usernamedn}))`
 Thus the key configuration parameters look like:
 
 ```
-MINIO_IDENTITY_LDAP_STATE="on"
 MINIO_IDENTITY_LDAP_SERVER_ADDR='my.ldap-active-dir-server.com:636'
 MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn={username},cn=users,dc=minioad,dc=local'
 MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN='dc=minioad,dc=local'
@@ -218,7 +215,6 @@ http://minio.cluster:9000?Action=AssumeRoleWithLDAPIdentity&LDAPUsername=foouser
 ```
 $ export MINIO_ACCESS_KEY=minio
 $ export MINIO_SECRET_KEY=minio123
-$ export MINIO_IDENTITY_LDAP_STATE="on"
 $ export MINIO_IDENTITY_LDAP_SERVER_ADDR='my.ldap-active-dir-server.com:636'
 $ export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn={username},cn=users,dc=minioad,dc=local'
 $ export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN='dc=minioad,dc=local'

docs/sts/web-identity.md

@@ -93,7 +93,6 @@ http://minio.cluster:9000?Action=AssumeRoleWithWebIdentity&DurationSeconds=3600&
 ```
 export MINIO_ACCESS_KEY=minio
 export MINIO_SECRET_KEY=minio123
-export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://accounts.google.com/.well-known/openid-configuration
 minio server /mnt/export

docs/sts/wso2.md

@@ -69,7 +69,6 @@ Using the above `access_token` we can perform an STS request to MinIO to get tem
 ### 5. Setup MinIO with OpenID configuration URL
 MinIO server expects environment variable for OpenID configuration url as `MINIO_IDENTITY_OPENID_CONFIG_URL`, this environment variable takes a single entry.
 ```
-export MINIO_IDENTITY_OPENID_STATE="on"
 export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
 export MINIO_IDENTITY_OPENID_CLIENT_ID="843351d4-1080-11ea-aa20-271ecba3924a"
 minio server /mnt/data