Migrate config to KV data format (#8392)

- adding oauth support to MinIO browser (#8400) by @kanagaraj - supports multi-line get/set/del for all config fields - add support for comments, allow toggle - add extensive validation of config before saving - support MinIO browser to support proper claims, using STS tokens - env support for all config parameters, legacy envs are also supported with all documentation now pointing to latest ENVs - preserve accessKey/secretKey from FS mode setups - add history support implements three APIs - ClearHistory - RestoreHistory - ListHistory - add help command support for each config parameters - all the bug fixes after migration to KV, and other bug fixes encountered during testing.
2025-11-09 21:49:46 -05:00 · 2019-10-22 22:59:13 -07:00
parent 8836d57e3c
commit ee4a6a823d
185 changed files with 8228 additions and 3597 deletions
--- a/pkg/auth/credentials.go
+++ b/pkg/auth/credentials.go
@@ -68,6 +68,20 @@ func IsSecretKeyValid(secretKey string) bool {
 	return len(secretKey) >= secretKeyMinLen
 }

+// Default access and secret keys.
+const (
+	DefaultAccessKey = "minioadmin"
+	DefaultSecretKey = "minioadmin"
+)
+
+// Default access credentials
+var (
+	DefaultCredentials = Credentials{
+		AccessKey: DefaultAccessKey,
+		SecretKey: DefaultSecretKey,
+	}
+)
+
 // Credentials holds access and secret keys.
 type Credentials struct {
 	AccessKey    string    `xml:"AccessKeyId" json:"accessKey,omitempty"`
@@ -77,6 +91,22 @@ type Credentials struct {
 	Status       string    `xml:"-" json:"status,omitempty"`
 }

+func (cred Credentials) String() string {
+	var s strings.Builder
+	s.WriteString(cred.AccessKey)
+	s.WriteString(":")
+	s.WriteString(cred.SecretKey)
+	if cred.SessionToken != "" {
+		s.WriteString("\n")
+		s.WriteString(cred.SessionToken)
+	}
+	if !cred.Expiration.IsZero() && cred.Expiration != timeSentinel {
+		s.WriteString("\n")
+		s.WriteString(cred.Expiration.String())
+	}
+	return s.String()
+}
+
 // IsExpired - returns whether Credential is expired or not.
 func (cred Credentials) IsExpired() bool {
 	if cred.Expiration.IsZero() || cred.Expiration == timeSentinel {
@@ -89,10 +119,10 @@ func (cred Credentials) IsExpired() bool {
 // IsValid - returns whether credential is valid or not.
 func (cred Credentials) IsValid() bool {
 	// Verify credentials if its enabled or not set.
-	if cred.Status == "enabled" || cred.Status == "" {
-		return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
+	if cred.Status == "off" {
+		return false
 	}
-	return false
+	return IsAccessKeyValid(cred.AccessKey) && IsSecretKeyValid(cred.SecretKey) && !cred.IsExpired()
 }

 // Equal - returns whether two credentials are equal or not.
@@ -156,7 +186,7 @@ func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string)
 		return cred, err
 	}
 	cred.SecretKey = strings.Replace(string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]), "/", "+", -1)
-	cred.Status = "enabled"
+	cred.Status = "on"

 	expiry, err := expToInt64(m["exp"])
 	if err != nil {
@@ -196,6 +226,6 @@ func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error
 	cred.AccessKey = accessKey
 	cred.SecretKey = secretKey
 	cred.Expiration = timeSentinel
-	cred.Status = "enabled"
+	cred.Status = "on"
 	return cred, nil
 }