Introduce new config subnet api_key (#13793)

The earlier approach of using a license token for 
communicating with SUBNET is being replaced 
with a simpler mechanism of API keys. Unlike the 
license which is a JWT token, these API keys will 
be simple UUID tokens and don't have any embedded 
information in them. SUBNET would generate the 
API key on cluster registration, and then it would 
be saved in this config, to be used for subsequent 
communication with SUBNET.
This commit is contained in:
Shireesh Anjal 2021-12-03 23:02:11 +05:30 committed by GitHub
parent 7460fb8349
commit d29df6714a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 29 additions and 21 deletions

View File

@ -193,6 +193,9 @@ func minioConfigToConsoleFeatures() {
if globalSubnetConfig.License != "" { if globalSubnetConfig.License != "" {
os.Setenv("CONSOLE_SUBNET_LICENSE", globalSubnetConfig.License) os.Setenv("CONSOLE_SUBNET_LICENSE", globalSubnetConfig.License)
} }
if globalSubnetConfig.APIKey != "" {
os.Setenv("CONSOLE_SUBNET_API_KEY", globalSubnetConfig.APIKey)
}
} }
func initConsoleServer() (*restapi.Server, error) { func initConsoleServer() (*restapi.Server, error) {

View File

@ -191,7 +191,7 @@ func initHelp() {
config.HelpKV{ config.HelpKV{
Key: config.SubnetSubSys, Key: config.SubnetSubSys,
Type: "string", Type: "string",
Description: "set subnet config for the cluster e.g. license token", Description: "set subnet config for the cluster e.g. api key",
Optional: true, Optional: true,
}, },
} }
@ -233,7 +233,7 @@ func initHelp() {
config.NotifyRedisSubSys: notify.HelpRedis, config.NotifyRedisSubSys: notify.HelpRedis,
config.NotifyWebhookSubSys: notify.HelpWebhook, config.NotifyWebhookSubSys: notify.HelpWebhook,
config.NotifyESSubSys: notify.HelpES, config.NotifyESSubSys: notify.HelpES,
config.SubnetSubSys: subnet.HelpLicense, config.SubnetSubSys: subnet.HelpSubnet,
} }
config.RegisterHelpSubSys(helpMap) config.RegisterHelpSubSys(helpMap)

View File

@ -60,7 +60,8 @@ const (
RegionName = "name" RegionName = "name"
AccessKey = "access_key" AccessKey = "access_key"
SecretKey = "secret_key" SecretKey = "secret_key"
License = "license" License = "license" // Deprecated Dec 2021
APIKey = "api_key"
) )
// Top level config constants. // Top level config constants.

View File

@ -39,7 +39,8 @@ const (
EnvSiteName = "MINIO_SITE_NAME" EnvSiteName = "MINIO_SITE_NAME"
EnvSiteRegion = "MINIO_SITE_REGION" EnvSiteRegion = "MINIO_SITE_REGION"
EnvMinIOSubnetLicense = "MINIO_SUBNET_LICENSE" EnvMinIOSubnetLicense = "MINIO_SUBNET_LICENSE" // Deprecated Dec 2021
EnvMinIOSubnetAPIKey = "MINIO_SUBNET_API_KEY"
EnvMinIOServerURL = "MINIO_SERVER_URL" EnvMinIOServerURL = "MINIO_SERVER_URL"
EnvMinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL" EnvMinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL"
EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE" EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE"

View File

@ -18,7 +18,6 @@
package subnet package subnet
import ( import (
jwtgo "github.com/golang-jwt/jwt/v4"
"github.com/minio/minio/internal/config" "github.com/minio/minio/internal/config"
"github.com/minio/pkg/env" "github.com/minio/pkg/env"
) )
@ -27,17 +26,27 @@ var (
// DefaultKVS - default KV config for subnet settings // DefaultKVS - default KV config for subnet settings
DefaultKVS = config.KVS{ DefaultKVS = config.KVS{
config.KV{ config.KV{
Key: config.License, Key: config.License, // Deprecated Dec 2021
Value: "",
},
config.KV{
Key: config.APIKey,
Value: "", Value: "",
}, },
} }
// HelpLicense - provides help for license config // HelpSubnet - provides help for subnet api key config
HelpLicense = config.HelpKVS{ HelpSubnet = config.HelpKVS{
config.HelpKV{ config.HelpKV{
Key: config.License, Key: config.License, // Deprecated Dec 2021
Type: "string", Type: "string",
Description: "Subnet license token for the cluster", Description: "[DEPRECATED use api_key] Subnet license token for the cluster",
Optional: true,
},
config.HelpKV{
Key: config.APIKey,
Type: "string",
Description: "Subnet api key for the cluster",
Optional: true, Optional: true,
}, },
} }
@ -45,18 +54,11 @@ var (
// Config represents the subnet related configuration // Config represents the subnet related configuration
type Config struct { type Config struct {
// The subnet license token // The subnet license token - Deprecated Dec 2021
License string `json:"license"` License string `json:"license"`
}
func validateLicenseFormat(lic string) error { // The subnet api key
if len(lic) == 0 { APIKey string `json:"api_key"`
return nil
}
// Only verifying that the string is a parseable JWT token as of now
_, _, err := new(jwtgo.Parser).ParseUnverified(lic, jwtgo.MapClaims{})
return err
} }
// LookupConfig - lookup config and override with valid environment settings if any. // LookupConfig - lookup config and override with valid environment settings if any.
@ -66,6 +68,7 @@ func LookupConfig(kvs config.KVS) (cfg Config, err error) {
} }
cfg.License = env.Get(config.EnvMinIOSubnetLicense, kvs.Get(config.License)) cfg.License = env.Get(config.EnvMinIOSubnetLicense, kvs.Get(config.License))
cfg.APIKey = env.Get(config.EnvMinIOSubnetAPIKey, kvs.Get(config.APIKey))
return cfg, validateLicenseFormat(cfg.License) return cfg, nil
} }