Migrate config to KV data format (#8392)

- adding oauth support to MinIO browser (#8400) by @kanagaraj
- supports multi-line get/set/del for all config fields
- add support for comments, allow toggle
- add extensive validation of config before saving
- support MinIO browser to support proper claims, using STS tokens
- env support for all config parameters, legacy envs are also
  supported with all documentation now pointing to latest ENVs
- preserve accessKey/secretKey from FS mode setups
- add history support implements three APIs
  - ClearHistory
  - RestoreHistory
  - ListHistory
- add help command support for each config parameters
- all the bug fixes after migration to KV, and other bug
  fixes encountered during testing.

cmd/iam.go

@@ -1125,7 +1125,7 @@ func (sys *IAMSys) IsAllowedSTS(args iampolicy.Args) bool {
 		return combinedPolicy.IsAllowed(args)
 	}
 
-	pname, ok := args.Claims[iampolicy.PolicyName]
+	pname, ok := args.Claims[iamPolicyName()]
 	if !ok {
 		// When claims are set, it should have a "policy" field.
 		return false
@@ -1199,16 +1199,16 @@ func (sys *IAMSys) IsAllowed(args iampolicy.Args) bool {
 		return ok
 	}
 
-	// With claims set, we should do STS related checks and validation.
-	if len(args.Claims) > 0 {
-		return sys.IsAllowedSTS(args)
-	}
-
 	// Policies don't apply to the owner.
 	if args.IsOwner {
 		return true
 	}
 
+	// With claims set, we should do STS related checks and validation.
+	if _, ok := args.Claims["aud"]; ok {
+		return sys.IsAllowedSTS(args)
+	}
+
 	policies, err := sys.PolicyDBGet(args.AccountName, false)
 	if err != nil {
 		logger.LogIf(context.Background(), err)
@@ -1306,8 +1306,7 @@ func NewIAMSys() *IAMSys {
 	// The default users system
 	var utype UsersSysType
 	switch {
-	case globalServerConfig != nil &&
-		globalServerConfig.LDAPServerConfig.ServerAddr != "":
+	case globalLDAPConfig.Enabled:
 		utype = LDAPUsersSysType
 	default:
 		utype = MinIOUsersSysType