Migrate config to KV data format (#8392)

- adding oauth support to MinIO browser (#8400) by @kanagaraj - supports multi-line get/set/del for all config fields - add support for comments, allow toggle - add extensive validation of config before saving - support MinIO browser to support proper claims, using STS tokens - env support for all config parameters, legacy envs are also supported with all documentation now pointing to latest ENVs - preserve accessKey/secretKey from FS mode setups - add history support implements three APIs - ClearHistory - RestoreHistory - ListHistory - add help command support for each config parameters - all the bug fixes after migration to KV, and other bug fixes encountered during testing.
2025-11-22 18:47:43 -05:00 · 2019-10-22 22:59:13 -07:00
parent 8836d57e3c
commit ee4a6a823d
185 changed files with 8228 additions and 3597 deletions
--- a/cmd/config/identity/openid/validators.go
+++ b/cmd/config/identity/openid/validators.go
@@ -0,0 +1,92 @@
+/*
+ * MinIO Cloud Storage, (C) 2018-2019 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package openid
+
+import (
+	"errors"
+	"fmt"
+	"sync"
+)
+
+// ID - holds identification name authentication validator target.
+type ID string
+
+// Validator interface describes basic implementation
+// requirements of various authentication providers.
+type Validator interface {
+	// Validate is a custom validator function for this provider,
+	// each validation is authenticationType or provider specific.
+	Validate(token string, duration string) (map[string]interface{}, error)
+
+	// ID returns provider name of this provider.
+	ID() ID
+}
+
+// ErrTokenExpired - error token expired
+var (
+	ErrTokenExpired    = errors.New("token expired")
+	ErrInvalidDuration = errors.New("duration higher than token expiry")
+)
+
+// Validators - holds list of providers indexed by provider id.
+type Validators struct {
+	sync.RWMutex
+	providers map[ID]Validator
+}
+
+// Add - adds unique provider to provider list.
+func (list *Validators) Add(provider Validator) error {
+	list.Lock()
+	defer list.Unlock()
+
+	if _, ok := list.providers[provider.ID()]; ok {
+		return fmt.Errorf("provider %v already exists", provider.ID())
+	}
+
+	list.providers[provider.ID()] = provider
+	return nil
+}
+
+// List - returns available provider IDs.
+func (list *Validators) List() []ID {
+	list.RLock()
+	defer list.RUnlock()
+
+	keys := []ID{}
+	for k := range list.providers {
+		keys = append(keys, k)
+	}
+
+	return keys
+}
+
+// Get - returns the provider for the given providerID, if not found
+// returns an error.
+func (list *Validators) Get(id ID) (p Validator, err error) {
+	list.RLock()
+	defer list.RUnlock()
+	var ok bool
+	if p, ok = list.providers[id]; !ok {
+		return nil, fmt.Errorf("provider %v doesn't exist", id)
+	}
+	return p, nil
+}
+
+// NewValidators - creates Validators.
+func NewValidators() *Validators {
+	return &Validators{providers: make(map[ID]Validator)}
+}