Honor etcd legacy v/s new config settings properly (#8510)

This PR also fixes issues related to - Add proper newline for `mc admin config get` output for more than one targets - Fixes issue of temporary user credentials to have consistent output - Fixes a crash when setting a key with empty values - Fixes a parsing issue with `mc admin config history` - Fixes gateway ENV handling for etcd server and gateway
2025-11-09 21:49:46 -05:00 · 2019-11-12 03:16:25 -08:00
parent 1027afa853
commit d97d53bddc
6 changed files with 116 additions and 42 deletions
--- a/cmd/config/etcd/etcd.go
+++ b/cmd/config/etcd/etcd.go
@@ -95,6 +95,39 @@ func parseEndpoints(endpoints string) ([]string, bool, error) {
 	return etcdEndpoints, etcdSecure, nil
 }

+func lookupLegacyConfig(rootCAs *x509.CertPool) (Config, error) {
+	cfg := Config{}
+	endpoints := env.Get(EnvEtcdEndpoints, "")
+	if endpoints == "" {
+		return cfg, nil
+	}
+	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)
+	if err != nil {
+		return cfg, err
+	}
+	cfg.Enabled = true
+	cfg.DialTimeout = defaultDialTimeout
+	cfg.DialKeepAliveTime = defaultDialKeepAlive
+	cfg.Endpoints = etcdEndpoints
+	cfg.CoreDNSPath = "/skydns"
+	if etcdSecure {
+		cfg.TLS = &tls.Config{
+			RootCAs: rootCAs,
+		}
+		// This is only to support client side certificate authentication
+		// https://coreos.com/etcd/docs/latest/op-guide/security.html
+		etcdClientCertFile := env.Get(EnvEtcdClientCert, "")
+		etcdClientCertKey := env.Get(EnvEtcdClientCertKey, "")
+		if etcdClientCertFile != "" && etcdClientCertKey != "" {
+			cfg.TLS.GetClientCertificate = func(unused *tls.CertificateRequestInfo) (*tls.Certificate, error) {
+				cert, err := tls.LoadX509KeyPair(etcdClientCertFile, etcdClientCertKey)
+				return &cert, err
+			}
+		}
+	}
+	return cfg, nil
+}
+
 // LookupConfig - Initialize new etcd config.
 func LookupConfig(kv config.KVS, rootCAs *x509.CertPool) (Config, error) {
 	cfg := Config{}
@@ -102,20 +135,37 @@ func LookupConfig(kv config.KVS, rootCAs *x509.CertPool) (Config, error) {
 		return cfg, err
 	}

-	stateBool, err := config.ParseBool(env.Get(EnvEtcdState, kv.Get(config.State)))
+	stateBool, err := config.ParseBool(env.Get(EnvEtcdState, config.StateOn))
 	if err != nil {
 		return cfg, err
 	}

-	endpoints := env.Get(EnvEtcdEndpoints, kv.Get(Endpoints))
-	if stateBool && len(endpoints) == 0 {
-		return cfg, config.Error("'endpoints' key cannot be empty if you wish to enable etcd")
+	if stateBool {
+		// By default state is 'on' to honor legacy config.
+		cfg, err = lookupLegacyConfig(rootCAs)
+		if err != nil {
+			return cfg, err
+		}
+		// If old legacy config is enabled honor it.
+		if cfg.Enabled {
+			return cfg, nil
+		}
 	}

-	if len(endpoints) == 0 && !stateBool {
+	stateBool, err = config.ParseBool(env.Get(EnvEtcdState, kv.Get(config.State)))
+	if err != nil {
+		return cfg, err
+	}
+
+	if !stateBool {
 		return cfg, nil
 	}

+	endpoints := env.Get(EnvEtcdEndpoints, kv.Get(Endpoints))
+	if endpoints == "" {
+		return cfg, config.Error("'endpoints' key cannot be empty to enable etcd")
+	}
+
 	etcdEndpoints, etcdSecure, err := parseEndpoints(endpoints)
 	if err != nil {
 		return cfg, err