mirror of https://github.com/minio/minio.git
serverConfig: Add a new region config entry.
To change default region from 'us-east-1' to 'custom'. Add a region value in your 'config.json'. "version": "2", "credentials": { "accessKeyId": "****************", "secretAccessKey": "***************", "region": "my-region" },
This commit is contained in:
parent
8a7bf0dde0
commit
cb7b2762f9
|
@ -90,9 +90,12 @@ func getSignedHeadersFromAuth(authHeaderValue string) ([]string, *probe.Error) {
|
|||
return signedHeaders, nil
|
||||
}
|
||||
|
||||
// verify if region value is valid.
|
||||
func isValidRegion(region string) *probe.Error {
|
||||
if region != "us-east-1" && region != "US" {
|
||||
// verify if region value is valid with configured minioRegion.
|
||||
func isValidRegion(region string, minioRegion string) *probe.Error {
|
||||
if minioRegion == "" {
|
||||
minioRegion = "us-east-1"
|
||||
}
|
||||
if region != minioRegion && region != "US" {
|
||||
return probe.NewError(errInvalidRegion)
|
||||
}
|
||||
return nil
|
||||
|
@ -105,9 +108,6 @@ func stripRegion(authHeaderValue string) (string, *probe.Error) {
|
|||
return "", err.Trace(authHeaderValue)
|
||||
}
|
||||
region := credentialElements[2]
|
||||
if err = isValidRegion(region); err != nil {
|
||||
return "", err.Trace(authHeaderValue)
|
||||
}
|
||||
return region, nil
|
||||
}
|
||||
|
||||
|
@ -129,10 +129,20 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
|
|||
// strip auth from authorization header.
|
||||
authHeaderValue := req.Header.Get("Authorization")
|
||||
|
||||
config, err := loadConfigV2()
|
||||
if err != nil {
|
||||
return nil, err.Trace()
|
||||
}
|
||||
|
||||
region, err := stripRegion(authHeaderValue)
|
||||
if err != nil {
|
||||
return nil, err.Trace(authHeaderValue)
|
||||
}
|
||||
|
||||
if err = isValidRegion(region, config.Credentials.Region); err != nil {
|
||||
return nil, err.Trace(authHeaderValue)
|
||||
}
|
||||
|
||||
accessKeyID, err := stripAccessKeyID(authHeaderValue)
|
||||
if err != nil {
|
||||
return nil, err.Trace(authHeaderValue)
|
||||
|
@ -145,10 +155,6 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
|
|||
if err != nil {
|
||||
return nil, err.Trace(authHeaderValue)
|
||||
}
|
||||
config, err := loadConfigV2()
|
||||
if err != nil {
|
||||
return nil, err.Trace()
|
||||
}
|
||||
if config.Credentials.AccessKeyID == accessKeyID {
|
||||
signature := &fs.Signature{
|
||||
AccessKeyID: config.Credentials.AccessKeyID,
|
||||
|
|
|
@ -217,9 +217,20 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
|
|||
var err *probe.Error
|
||||
signature, err = initSignatureV4(req)
|
||||
if err != nil {
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
switch err.ToGoError() {
|
||||
case errInvalidRegion:
|
||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||
return
|
||||
case errAccessKeyIDInvalid:
|
||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||
return
|
||||
default:
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -159,9 +159,20 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
|
|||
var err *probe.Error
|
||||
signature, err = initSignatureV4(req)
|
||||
if err != nil {
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
switch err.ToGoError() {
|
||||
case errInvalidRegion:
|
||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||
return
|
||||
case errAccessKeyIDInvalid:
|
||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||
return
|
||||
default:
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -295,9 +306,20 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
|
|||
var err *probe.Error
|
||||
signature, err = initSignatureV4(req)
|
||||
if err != nil {
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
switch err.ToGoError() {
|
||||
case errInvalidRegion:
|
||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||
return
|
||||
case errAccessKeyIDInvalid:
|
||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||
return
|
||||
default:
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -439,9 +461,20 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
|
|||
var err *probe.Error
|
||||
signature, err = initSignatureV4(req)
|
||||
if err != nil {
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
switch err.ToGoError() {
|
||||
case errInvalidRegion:
|
||||
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
|
||||
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
|
||||
return
|
||||
case errAccessKeyIDInvalid:
|
||||
errorIf(err.Trace(), "Invalid access key id.", nil)
|
||||
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
|
||||
return
|
||||
default:
|
||||
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
|
||||
writeErrorResponse(w, req, InternalError, req.URL.Path)
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,6 +42,7 @@ type configV2 struct {
|
|||
Credentials struct {
|
||||
AccessKeyID string `json:"accessKeyId"`
|
||||
SecretAccessKey string `json:"secretAccessKey"`
|
||||
Region string `json:"region"`
|
||||
} `json:"credentials"`
|
||||
MongoLogger struct {
|
||||
Addr string `json:"addr"`
|
||||
|
@ -249,6 +250,7 @@ func newConfigV2() *configV2 {
|
|||
config.Version = "2"
|
||||
config.Credentials.AccessKeyID = ""
|
||||
config.Credentials.SecretAccessKey = ""
|
||||
config.Credentials.Region = "us-east-1"
|
||||
config.MongoLogger.Addr = ""
|
||||
config.MongoLogger.DB = ""
|
||||
config.MongoLogger.Collection = ""
|
||||
|
|
|
@ -78,7 +78,7 @@ type cloudServerConfig struct {
|
|||
MinFreeDisk int64 // Minimum free disk space for filesystem
|
||||
Expiry time.Duration // Set auto expiry for filesystem
|
||||
|
||||
// TLS service
|
||||
/// TLS service
|
||||
TLS bool // TLS on when certs are specified
|
||||
CertFile string // Domain certificate
|
||||
KeyFile string // Domain key
|
||||
|
@ -206,6 +206,7 @@ func getConfig() (*configV2, *probe.Error) {
|
|||
config.Version = "2"
|
||||
config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID())
|
||||
config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey())
|
||||
config.Credentials.Region = "us-east-1"
|
||||
if err := saveConfig(config); err != nil {
|
||||
return nil, err.Trace()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue