From d29df6714ab5616be8c0baf07e3c18dd6c6b3f6a Mon Sep 17 00:00:00 2001 From: Shireesh Anjal <355479+anjalshireesh@users.noreply.github.com> Date: Fri, 3 Dec 2021 23:02:11 +0530 Subject: [PATCH] Introduce new config `subnet api_key` (#13793) The earlier approach of using a license token for communicating with SUBNET is being replaced with a simpler mechanism of API keys. Unlike the license which is a JWT token, these API keys will be simple UUID tokens and don't have any embedded information in them. SUBNET would generate the API key on cluster registration, and then it would be saved in this config, to be used for subsequent communication with SUBNET. --- cmd/common-main.go | 3 ++ cmd/config-current.go | 4 +- internal/config/config.go | 3 +- internal/config/constants.go | 3 +- .../config/subnet/{license.go => api-key.go} | 37 ++++++++++--------- 5 files changed, 29 insertions(+), 21 deletions(-) rename internal/config/subnet/{license.go => api-key.go} (68%) diff --git a/cmd/common-main.go b/cmd/common-main.go index ef253bf43..b8e369423 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -193,6 +193,9 @@ func minioConfigToConsoleFeatures() { if globalSubnetConfig.License != "" { os.Setenv("CONSOLE_SUBNET_LICENSE", globalSubnetConfig.License) } + if globalSubnetConfig.APIKey != "" { + os.Setenv("CONSOLE_SUBNET_API_KEY", globalSubnetConfig.APIKey) + } } func initConsoleServer() (*restapi.Server, error) { diff --git a/cmd/config-current.go b/cmd/config-current.go index b1b59ec71..6093fbf53 100644 --- a/cmd/config-current.go +++ b/cmd/config-current.go @@ -191,7 +191,7 @@ func initHelp() { config.HelpKV{ Key: config.SubnetSubSys, Type: "string", - Description: "set subnet config for the cluster e.g. license token", + Description: "set subnet config for the cluster e.g. api key", Optional: true, }, } @@ -233,7 +233,7 @@ func initHelp() { config.NotifyRedisSubSys: notify.HelpRedis, config.NotifyWebhookSubSys: notify.HelpWebhook, config.NotifyESSubSys: notify.HelpES, - config.SubnetSubSys: subnet.HelpLicense, + config.SubnetSubSys: subnet.HelpSubnet, } config.RegisterHelpSubSys(helpMap) diff --git a/internal/config/config.go b/internal/config/config.go index 0f823bd61..92f33f3da 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -60,7 +60,8 @@ const ( RegionName = "name" AccessKey = "access_key" SecretKey = "secret_key" - License = "license" + License = "license" // Deprecated Dec 2021 + APIKey = "api_key" ) // Top level config constants. diff --git a/internal/config/constants.go b/internal/config/constants.go index 6bab109f7..7b87d9a75 100644 --- a/internal/config/constants.go +++ b/internal/config/constants.go @@ -39,7 +39,8 @@ const ( EnvSiteName = "MINIO_SITE_NAME" EnvSiteRegion = "MINIO_SITE_REGION" - EnvMinIOSubnetLicense = "MINIO_SUBNET_LICENSE" + EnvMinIOSubnetLicense = "MINIO_SUBNET_LICENSE" // Deprecated Dec 2021 + EnvMinIOSubnetAPIKey = "MINIO_SUBNET_API_KEY" EnvMinIOServerURL = "MINIO_SERVER_URL" EnvMinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL" EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE" diff --git a/internal/config/subnet/license.go b/internal/config/subnet/api-key.go similarity index 68% rename from internal/config/subnet/license.go rename to internal/config/subnet/api-key.go index 0882ccd94..5ea24a4ea 100644 --- a/internal/config/subnet/license.go +++ b/internal/config/subnet/api-key.go @@ -18,7 +18,6 @@ package subnet import ( - jwtgo "github.com/golang-jwt/jwt/v4" "github.com/minio/minio/internal/config" "github.com/minio/pkg/env" ) @@ -27,17 +26,27 @@ var ( // DefaultKVS - default KV config for subnet settings DefaultKVS = config.KVS{ config.KV{ - Key: config.License, + Key: config.License, // Deprecated Dec 2021 + Value: "", + }, + config.KV{ + Key: config.APIKey, Value: "", }, } - // HelpLicense - provides help for license config - HelpLicense = config.HelpKVS{ + // HelpSubnet - provides help for subnet api key config + HelpSubnet = config.HelpKVS{ config.HelpKV{ - Key: config.License, + Key: config.License, // Deprecated Dec 2021 Type: "string", - Description: "Subnet license token for the cluster", + Description: "[DEPRECATED use api_key] Subnet license token for the cluster", + Optional: true, + }, + config.HelpKV{ + Key: config.APIKey, + Type: "string", + Description: "Subnet api key for the cluster", Optional: true, }, } @@ -45,18 +54,11 @@ var ( // Config represents the subnet related configuration type Config struct { - // The subnet license token + // The subnet license token - Deprecated Dec 2021 License string `json:"license"` -} -func validateLicenseFormat(lic string) error { - if len(lic) == 0 { - return nil - } - - // Only verifying that the string is a parseable JWT token as of now - _, _, err := new(jwtgo.Parser).ParseUnverified(lic, jwtgo.MapClaims{}) - return err + // The subnet api key + APIKey string `json:"api_key"` } // LookupConfig - lookup config and override with valid environment settings if any. @@ -66,6 +68,7 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) { } cfg.License = env.Get(config.EnvMinIOSubnetLicense, kvs.Get(config.License)) + cfg.APIKey = env.Get(config.EnvMinIOSubnetAPIKey, kvs.Get(config.APIKey)) - return cfg, validateLicenseFormat(cfg.License) + return cfg, nil }