mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
admin: Add service Set Credentials API (#3580)
This commit is contained in:
parent
20a65981bd
commit
f803bb4b3d
@ -35,8 +35,8 @@ test_script:
|
|||||||
# Unit tests
|
# Unit tests
|
||||||
- ps: Add-AppveyorTest "Unit Tests" -Outcome Running
|
- ps: Add-AppveyorTest "Unit Tests" -Outcome Running
|
||||||
- mkdir build\coverage
|
- mkdir build\coverage
|
||||||
- go test -race github.com/minio/minio/cmd...
|
- go test -timeout 15m -v -race github.com/minio/minio/cmd...
|
||||||
- go test -race github.com/minio/minio/pkg...
|
- go test -v -race github.com/minio/minio/pkg...
|
||||||
- go test -coverprofile=build\coverage\coverage.txt -covermode=atomic github.com/minio/minio/cmd
|
- go test -coverprofile=build\coverage\coverage.txt -covermode=atomic github.com/minio/minio/cmd
|
||||||
- ps: Update-AppveyorTest "Unit Tests" -Outcome Passed
|
- ps: Update-AppveyorTest "Unit Tests" -Outcome Passed
|
||||||
|
|
||||||
|
@ -18,6 +18,8 @@ package cmd
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"encoding/xml"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strconv"
|
"strconv"
|
||||||
@ -84,6 +86,76 @@ func (adminAPI adminAPIHandlers) ServiceRestartHandler(w http.ResponseWriter, r
|
|||||||
sendServiceCmd(globalAdminPeers, serviceRestart)
|
sendServiceCmd(globalAdminPeers, serviceRestart)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setCredsReq request
|
||||||
|
type setCredsReq struct {
|
||||||
|
Username string `xml:"username"`
|
||||||
|
Password string `xml:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServiceCredsHandler - POST /?service
|
||||||
|
// HTTP header x-minio-operation: creds
|
||||||
|
// ----------
|
||||||
|
// Update credentials in a minio server. In a distributed setup, update all the servers
|
||||||
|
// in the cluster.
|
||||||
|
func (adminAPI adminAPIHandlers) ServiceCredentialsHandler(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Authenticate request
|
||||||
|
adminAPIErr := checkRequestAuthType(r, "", "", "")
|
||||||
|
if adminAPIErr != ErrNone {
|
||||||
|
writeErrorResponse(w, adminAPIErr, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Avoid setting new credentials when they are already passed
|
||||||
|
// by the environnement
|
||||||
|
if globalEnvAccessKey != "" || globalEnvSecretKey != "" {
|
||||||
|
writeErrorResponse(w, ErrMethodNotAllowed, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Load request body
|
||||||
|
inputData, err := ioutil.ReadAll(r.Body)
|
||||||
|
if err != nil {
|
||||||
|
writeErrorResponse(w, ErrInternalError, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Unmarshal request body
|
||||||
|
var req setCredsReq
|
||||||
|
err = xml.Unmarshal(inputData, &req)
|
||||||
|
if err != nil {
|
||||||
|
errorIf(err, "Cannot unmarshal credentials request")
|
||||||
|
writeErrorResponse(w, ErrMalformedXML, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Check passed credentials
|
||||||
|
cred, err := getCredential(req.Username, req.Password)
|
||||||
|
switch err {
|
||||||
|
case errInvalidAccessKeyLength:
|
||||||
|
writeErrorResponse(w, ErrAdminInvalidAccessKey, r.URL)
|
||||||
|
return
|
||||||
|
case errInvalidSecretKeyLength:
|
||||||
|
writeErrorResponse(w, ErrAdminInvalidSecretKey, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Notify all other Minio peers to update credentials
|
||||||
|
updateErrs := updateCredsOnPeers(cred)
|
||||||
|
for peer, err := range updateErrs {
|
||||||
|
errorIf(err, "Unable to update credentials on peer %s.", peer)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Update local credentials
|
||||||
|
serverConfig.SetCredential(cred)
|
||||||
|
if err = serverConfig.Save(); err != nil {
|
||||||
|
writeErrorResponse(w, ErrInternalError, r.URL)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// At this stage, the operation is successful, return 200 OK
|
||||||
|
w.WriteHeader(http.StatusOK)
|
||||||
|
}
|
||||||
|
|
||||||
// validateLockQueryParams - Validates query params for list/clear locks management APIs.
|
// validateLockQueryParams - Validates query params for list/clear locks management APIs.
|
||||||
func validateLockQueryParams(vars url.Values) (string, string, time.Duration, APIErrorCode) {
|
func validateLockQueryParams(vars url.Values) (string, string, time.Duration, APIErrorCode) {
|
||||||
bucket := vars.Get(string(mgmtBucket))
|
bucket := vars.Get(string(mgmtBucket))
|
||||||
|
@ -19,6 +19,8 @@ package cmd
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"encoding/xml"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
@ -33,8 +35,8 @@ type cmdType int
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
statusCmd cmdType = iota
|
statusCmd cmdType = iota
|
||||||
stopCmd
|
|
||||||
restartCmd
|
restartCmd
|
||||||
|
setCreds
|
||||||
)
|
)
|
||||||
|
|
||||||
// String - String representation for cmdType
|
// String - String representation for cmdType
|
||||||
@ -42,10 +44,10 @@ func (c cmdType) String() string {
|
|||||||
switch c {
|
switch c {
|
||||||
case statusCmd:
|
case statusCmd:
|
||||||
return "status"
|
return "status"
|
||||||
case stopCmd:
|
|
||||||
return "stop"
|
|
||||||
case restartCmd:
|
case restartCmd:
|
||||||
return "restart"
|
return "restart"
|
||||||
|
case setCreds:
|
||||||
|
return "set-credentials"
|
||||||
}
|
}
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
@ -58,6 +60,8 @@ func (c cmdType) apiMethod() string {
|
|||||||
return "GET"
|
return "GET"
|
||||||
case restartCmd:
|
case restartCmd:
|
||||||
return "POST"
|
return "POST"
|
||||||
|
case setCreds:
|
||||||
|
return "POST"
|
||||||
}
|
}
|
||||||
return "GET"
|
return "GET"
|
||||||
}
|
}
|
||||||
@ -86,15 +90,19 @@ func testServiceSignalReceiver(cmd cmdType, t *testing.T) {
|
|||||||
|
|
||||||
// getServiceCmdRequest - Constructs a management REST API request for service
|
// getServiceCmdRequest - Constructs a management REST API request for service
|
||||||
// subcommands for a given cmdType value.
|
// subcommands for a given cmdType value.
|
||||||
func getServiceCmdRequest(cmd cmdType, cred credential) (*http.Request, error) {
|
func getServiceCmdRequest(cmd cmdType, cred credential, body []byte) (*http.Request, error) {
|
||||||
req, err := newTestRequest(cmd.apiMethod(), "/?service", 0, nil)
|
req, err := newTestRequest(cmd.apiMethod(), "/?service", 0, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set body
|
||||||
|
req.Body = ioutil.NopCloser(bytes.NewReader(body))
|
||||||
|
|
||||||
// minioAdminOpHeader is to identify the request as a
|
// minioAdminOpHeader is to identify the request as a
|
||||||
// management REST API request.
|
// management REST API request.
|
||||||
req.Header.Set(minioAdminOpHeader, cmd.String())
|
req.Header.Set(minioAdminOpHeader, cmd.String())
|
||||||
|
req.Header.Set("X-Amz-Content-Sha256", getSHA256Hash(body))
|
||||||
|
|
||||||
// management REST API uses signature V4 for authentication.
|
// management REST API uses signature V4 for authentication.
|
||||||
err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
|
err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
|
||||||
@ -106,7 +114,7 @@ func getServiceCmdRequest(cmd cmdType, cred credential) (*http.Request, error) {
|
|||||||
|
|
||||||
// testServicesCmdHandler - parametrizes service subcommand tests on
|
// testServicesCmdHandler - parametrizes service subcommand tests on
|
||||||
// cmdType value.
|
// cmdType value.
|
||||||
func testServicesCmdHandler(cmd cmdType, t *testing.T) {
|
func testServicesCmdHandler(cmd cmdType, args map[string]interface{}, t *testing.T) {
|
||||||
// reset globals.
|
// reset globals.
|
||||||
// this is to make sure that the tests are not affected by modified value.
|
// this is to make sure that the tests are not affected by modified value.
|
||||||
resetTestGlobals()
|
resetTestGlobals()
|
||||||
@ -147,19 +155,25 @@ func testServicesCmdHandler(cmd cmdType, t *testing.T) {
|
|||||||
|
|
||||||
// Setting up a go routine to simulate ServerMux's
|
// Setting up a go routine to simulate ServerMux's
|
||||||
// handleServiceSignals for stop and restart commands.
|
// handleServiceSignals for stop and restart commands.
|
||||||
switch cmd {
|
if cmd == restartCmd {
|
||||||
case stopCmd, restartCmd:
|
|
||||||
go testServiceSignalReceiver(cmd, t)
|
go testServiceSignalReceiver(cmd, t)
|
||||||
}
|
}
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
adminRouter := router.NewRouter()
|
adminRouter := router.NewRouter()
|
||||||
registerAdminRouter(adminRouter)
|
registerAdminRouter(adminRouter)
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
var body []byte
|
||||||
req, err := getServiceCmdRequest(cmd, credentials)
|
|
||||||
|
if cmd == setCreds {
|
||||||
|
body, _ = xml.Marshal(setCredsReq{Username: args["username"].(string), Password: args["password"].(string)})
|
||||||
|
}
|
||||||
|
|
||||||
|
req, err := getServiceCmdRequest(cmd, credentials, body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to build service status request %v", err)
|
t.Fatalf("Failed to build service status request %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
adminRouter.ServeHTTP(rec, req)
|
adminRouter.ServeHTTP(rec, req)
|
||||||
|
|
||||||
if cmd == statusCmd {
|
if cmd == statusCmd {
|
||||||
@ -173,20 +187,37 @@ func testServicesCmdHandler(cmd cmdType, t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cmd == setCreds {
|
||||||
|
// Check if new credentials are set
|
||||||
|
cred := serverConfig.GetCredential()
|
||||||
|
if cred.AccessKey != args["username"].(string) {
|
||||||
|
t.Errorf("Wrong access key, expected = %s, found = %s", args["username"].(string), cred.AccessKey)
|
||||||
|
}
|
||||||
|
if cred.SecretKey != args["password"].(string) {
|
||||||
|
t.Errorf("Wrong secret key, expected = %s, found = %s", args["password"].(string), cred.SecretKey)
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
if rec.Code != http.StatusOK {
|
if rec.Code != http.StatusOK {
|
||||||
t.Errorf("Expected to receive %d status code but received %d",
|
resp, _ := ioutil.ReadAll(rec.Body)
|
||||||
http.StatusOK, rec.Code)
|
t.Errorf("Expected to receive %d status code but received %d. Body (%s)",
|
||||||
|
http.StatusOK, rec.Code, string(resp))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test for service status management REST API.
|
// Test for service status management REST API.
|
||||||
func TestServiceStatusHandler(t *testing.T) {
|
func TestServiceStatusHandler(t *testing.T) {
|
||||||
testServicesCmdHandler(statusCmd, t)
|
testServicesCmdHandler(statusCmd, nil, t)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test for service restart management REST API.
|
// Test for service restart management REST API.
|
||||||
func TestServiceRestartHandler(t *testing.T) {
|
func TestServiceRestartHandler(t *testing.T) {
|
||||||
testServicesCmdHandler(restartCmd, t)
|
testServicesCmdHandler(restartCmd, nil, t)
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestServiceSetCreds(t *testing.T) {
|
||||||
|
testServicesCmdHandler(setCreds, map[string]interface{}{"username": "minio", "password": "minio123"}, t)
|
||||||
}
|
}
|
||||||
|
|
||||||
// mkLockQueryVal - helper function to build lock query param.
|
// mkLockQueryVal - helper function to build lock query param.
|
||||||
|
@ -36,6 +36,8 @@ func registerAdminRouter(mux *router.Router) {
|
|||||||
|
|
||||||
// Service restart
|
// Service restart
|
||||||
adminRouter.Methods("POST").Queries("service", "").Headers(minioAdminOpHeader, "restart").HandlerFunc(adminAPI.ServiceRestartHandler)
|
adminRouter.Methods("POST").Queries("service", "").Headers(minioAdminOpHeader, "restart").HandlerFunc(adminAPI.ServiceRestartHandler)
|
||||||
|
// Service update credentials
|
||||||
|
adminRouter.Methods("POST").Queries("service", "").Headers(minioAdminOpHeader, "set-credentials").HandlerFunc(adminAPI.ServiceCredentialsHandler)
|
||||||
|
|
||||||
/// Lock operations
|
/// Lock operations
|
||||||
|
|
||||||
|
@ -140,6 +140,9 @@ const (
|
|||||||
// Add new extended error codes here.
|
// Add new extended error codes here.
|
||||||
// Please open a https://github.com/minio/minio/issues before adding
|
// Please open a https://github.com/minio/minio/issues before adding
|
||||||
// new error codes here.
|
// new error codes here.
|
||||||
|
|
||||||
|
ErrAdminInvalidAccessKey
|
||||||
|
ErrAdminInvalidSecretKey
|
||||||
)
|
)
|
||||||
|
|
||||||
// error code to APIError structure, these fields carry respective
|
// error code to APIError structure, these fields carry respective
|
||||||
@ -574,6 +577,17 @@ var errorCodeResponse = map[APIErrorCode]APIError{
|
|||||||
Description: "Server not initialized, please try again.",
|
Description: "Server not initialized, please try again.",
|
||||||
HTTPStatusCode: http.StatusServiceUnavailable,
|
HTTPStatusCode: http.StatusServiceUnavailable,
|
||||||
},
|
},
|
||||||
|
ErrAdminInvalidAccessKey: {
|
||||||
|
Code: "XMinioAdminInvalidAccessKey",
|
||||||
|
Description: "The access key is invalid.",
|
||||||
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
ErrAdminInvalidSecretKey: {
|
||||||
|
Code: "XMinioAdminInvalidSecretKey",
|
||||||
|
Description: "The secret key is invalid.",
|
||||||
|
HTTPStatusCode: http.StatusBadRequest,
|
||||||
|
},
|
||||||
|
|
||||||
// Add your error structure here.
|
// Add your error structure here.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -101,6 +101,12 @@ var (
|
|||||||
// Minio server user agent string.
|
// Minio server user agent string.
|
||||||
globalServerUserAgent = "Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"
|
globalServerUserAgent = "Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"
|
||||||
|
|
||||||
|
// Access key passed from the environment
|
||||||
|
globalEnvAccessKey = os.Getenv("MINIO_ACCESS_KEY")
|
||||||
|
|
||||||
|
// Secret key passed from the environment
|
||||||
|
globalEnvSecretKey = os.Getenv("MINIO_SECRET_KEY")
|
||||||
|
|
||||||
// Add new variable global values here.
|
// Add new variable global values here.
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -190,13 +190,11 @@ func minioInit(ctx *cli.Context) {
|
|||||||
enableLoggers()
|
enableLoggers()
|
||||||
|
|
||||||
// Fetch access keys from environment variables and update the config.
|
// Fetch access keys from environment variables and update the config.
|
||||||
accessKey := os.Getenv("MINIO_ACCESS_KEY")
|
if globalEnvAccessKey != "" && globalEnvSecretKey != "" {
|
||||||
secretKey := os.Getenv("MINIO_SECRET_KEY")
|
|
||||||
if accessKey != "" && secretKey != "" {
|
|
||||||
// Set new credentials.
|
// Set new credentials.
|
||||||
serverConfig.SetCredential(credential{
|
serverConfig.SetCredential(credential{
|
||||||
AccessKey: accessKey,
|
AccessKey: globalEnvAccessKey,
|
||||||
SecretKey: secretKey,
|
SecretKey: globalEnvSecretKey,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
if !isAccessKeyValid(serverConfig.GetCredential().AccessKey) {
|
if !isAccessKeyValid(serverConfig.GetCredential().AccessKey) {
|
||||||
|
@ -6,9 +6,9 @@
|
|||||||
|
|
||||||
## List of management APIs
|
## List of management APIs
|
||||||
- Service
|
- Service
|
||||||
- Stop
|
|
||||||
- Restart
|
- Restart
|
||||||
- Status
|
- Status
|
||||||
|
- SetCredentials
|
||||||
|
|
||||||
- Locks
|
- Locks
|
||||||
- List
|
- List
|
||||||
@ -17,11 +17,6 @@
|
|||||||
- Healing
|
- Healing
|
||||||
|
|
||||||
### Service Management APIs
|
### Service Management APIs
|
||||||
* Stop
|
|
||||||
- POST /?service
|
|
||||||
- x-minio-operation: stop
|
|
||||||
- Response: On success 200
|
|
||||||
|
|
||||||
* Restart
|
* Restart
|
||||||
- POST /?service
|
- POST /?service
|
||||||
- x-minio-operation: restart
|
- x-minio-operation: restart
|
||||||
@ -32,6 +27,43 @@
|
|||||||
- x-minio-operation: status
|
- x-minio-operation: status
|
||||||
- Response: On success 200, return json formatted StorageInfo object.
|
- Response: On success 200, return json formatted StorageInfo object.
|
||||||
|
|
||||||
|
* SetCredentials
|
||||||
|
- GET /?service
|
||||||
|
- x-minio-operation: set-credentials
|
||||||
|
- Response: Success 200
|
||||||
|
- Possible error responses
|
||||||
|
- ErrMethodNotAllowed
|
||||||
|
<Error>
|
||||||
|
<Code>MethodNotAllowed</Code>
|
||||||
|
<Message>The specified method is not allowed against this resource.</Message>
|
||||||
|
<Key></Key>
|
||||||
|
<BucketName></BucketName>
|
||||||
|
<Resource>/</Resource>
|
||||||
|
<RequestId>3L137</RequestId>
|
||||||
|
<HostId>3L137</HostId>
|
||||||
|
</Error>
|
||||||
|
- ErrAdminBadCred
|
||||||
|
<Error>
|
||||||
|
<Code>XMinioBadCred</Code>
|
||||||
|
<Message>XMinioBadCred</Message>
|
||||||
|
<Key></Key>
|
||||||
|
<BucketName></BucketName>
|
||||||
|
<Resource>/</Resource>
|
||||||
|
<RequestId>3L137</RequestId>
|
||||||
|
<HostId>3L137</HostId>
|
||||||
|
</Error>
|
||||||
|
- ErrInternalError
|
||||||
|
<Error>
|
||||||
|
<Code>InternalError</Code>
|
||||||
|
<Message>We encountered an internal error, please try again.</Message>
|
||||||
|
<Key></Key>
|
||||||
|
<BucketName></BucketName>
|
||||||
|
<Resource>/</Resource>
|
||||||
|
<RequestId>3L137</RequestId>
|
||||||
|
<HostId>3L137</HostId>
|
||||||
|
</Error>
|
||||||
|
|
||||||
|
|
||||||
### Lock Management APIs
|
### Lock Management APIs
|
||||||
* ListLocks
|
* ListLocks
|
||||||
- GET /?lock&bucket=mybucket&prefix=myprefix&older-than=rel_time
|
- GET /?lock&bucket=mybucket&prefix=myprefix&older-than=rel_time
|
||||||
|
@ -106,6 +106,7 @@ go run service-status.go
|
|||||||
|
|
||||||
* [`ServiceStatus`](./API.md#ServiceStatus)
|
* [`ServiceStatus`](./API.md#ServiceStatus)
|
||||||
* [`ServiceRestart`](./API.md#ServiceRestart)
|
* [`ServiceRestart`](./API.md#ServiceRestart)
|
||||||
|
* [`ServiceSetCredentials`](./API.md#ServiceSetCredentials)
|
||||||
|
|
||||||
## Full Examples
|
## Full Examples
|
||||||
|
|
||||||
@ -113,6 +114,7 @@ go run service-status.go
|
|||||||
|
|
||||||
* [service-status.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-status.go)
|
* [service-status.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-status.go)
|
||||||
* [service-restart.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-restart.go)
|
* [service-restart.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-restart.go)
|
||||||
|
* [service-set-credentials.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-set-credentials.go)
|
||||||
|
|
||||||
## Contribute
|
## Contribute
|
||||||
|
|
||||||
|
@ -16,7 +16,10 @@
|
|||||||
|
|
||||||
package madmin
|
package madmin
|
||||||
|
|
||||||
import "encoding/xml"
|
import (
|
||||||
|
"encoding/xml"
|
||||||
|
"net/http"
|
||||||
|
)
|
||||||
|
|
||||||
/* **** SAMPLE ERROR RESPONSE ****
|
/* **** SAMPLE ERROR RESPONSE ****
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
@ -50,6 +53,29 @@ func (e ErrorResponse) Error() string {
|
|||||||
return e.Message
|
return e.Message
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const (
|
||||||
|
reportIssue = "Please report this issue at https://github.com/minio/minio-go/issues."
|
||||||
|
)
|
||||||
|
|
||||||
|
// httpRespToErrorResponse returns a new encoded ErrorResponse
|
||||||
|
// structure as error.
|
||||||
|
func httpRespToErrorResponse(resp *http.Response) error {
|
||||||
|
if resp == nil {
|
||||||
|
msg := "Response is empty. " + reportIssue
|
||||||
|
return ErrInvalidArgument(msg)
|
||||||
|
}
|
||||||
|
var errResp ErrorResponse
|
||||||
|
// Decode the xml error
|
||||||
|
err := xmlDecoder(resp.Body, &errResp)
|
||||||
|
if err != nil {
|
||||||
|
return ErrorResponse{
|
||||||
|
Code: resp.Status,
|
||||||
|
Message: "Failed to parse server response.",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return errResp
|
||||||
|
}
|
||||||
|
|
||||||
// ErrInvalidArgument - Invalid argument response.
|
// ErrInvalidArgument - Invalid argument response.
|
||||||
func ErrInvalidArgument(message string) error {
|
func ErrInvalidArgument(message string) error {
|
||||||
return ErrorResponse{
|
return ErrorResponse{
|
||||||
|
44
pkg/madmin/examples/service-set-credentials.go
Normal file
44
pkg/madmin/examples/service-set-credentials.go
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
// +build ignore
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Minio Cloud Storage, (C) 2016 Minio, Inc.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"log"
|
||||||
|
|
||||||
|
"github.com/minio/minio/pkg/madmin"
|
||||||
|
)
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY and my-bucketname are
|
||||||
|
// dummy values, please replace them with original values.
|
||||||
|
|
||||||
|
// API requests are secure (HTTPS) if secure=true and insecure (HTTPS) otherwise.
|
||||||
|
// New returns an Minio Admin client object.
|
||||||
|
madmClnt, err := madmin.New("your-minio.example.com:9000", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalln(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
err = madmClnt.ServiceSetCredentials("YOUR-NEW-ACCESSKEY", "YOUR-NEW-SECRETKEY")
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalln(err)
|
||||||
|
}
|
||||||
|
log.Println("New credentials successfully set.")
|
||||||
|
}
|
@ -18,7 +18,9 @@
|
|||||||
package madmin
|
package madmin
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
|
"encoding/xml"
|
||||||
"errors"
|
"errors"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
@ -117,3 +119,49 @@ func (adm *AdminClient) ServiceRestart() error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// setCredsReq - xml to send to the server to set new credentials
|
||||||
|
type setCredsReq struct {
|
||||||
|
Username string `xml:"username"`
|
||||||
|
Password string `xml:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// ServiceSetCredentials - Call Service Set Credentials API to set new access and secret keys in the specified Minio server
|
||||||
|
func (adm *AdminClient) ServiceSetCredentials(access, secret string) error {
|
||||||
|
|
||||||
|
// Disallow sending with the server if the connection is not secure
|
||||||
|
if !adm.secure {
|
||||||
|
return errors.New("setting new credentials requires HTTPS connection to the server")
|
||||||
|
}
|
||||||
|
|
||||||
|
// Setup new request
|
||||||
|
reqData := requestData{}
|
||||||
|
reqData.queryValues = make(url.Values)
|
||||||
|
reqData.queryValues.Set("service", "")
|
||||||
|
reqData.customHeaders = make(http.Header)
|
||||||
|
reqData.customHeaders.Set(minioAdminOpHeader, "set-credentials")
|
||||||
|
|
||||||
|
// Setup request's body
|
||||||
|
body, err := xml.Marshal(setCredsReq{Username: access, Password: secret})
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
reqData.contentBody = bytes.NewReader(body)
|
||||||
|
reqData.contentLength = int64(len(body))
|
||||||
|
reqData.contentMD5Bytes = sumMD5(body)
|
||||||
|
reqData.contentSHA256Bytes = sum256(body)
|
||||||
|
|
||||||
|
// Execute GET on bucket to list objects.
|
||||||
|
resp, err := adm.executeMethod("POST", reqData)
|
||||||
|
|
||||||
|
defer closeResponse(resp)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
// Return error to the caller if http response code is different from 200
|
||||||
|
if resp.StatusCode != http.StatusOK {
|
||||||
|
return httpRespToErrorResponse(resp)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@ -17,7 +17,9 @@
|
|||||||
package madmin
|
package madmin
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/md5"
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
|
"encoding/xml"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
@ -35,6 +37,19 @@ func sum256(data []byte) []byte {
|
|||||||
return hash.Sum(nil)
|
return hash.Sum(nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// sumMD5 calculate sumMD5 sum for an input byte array.
|
||||||
|
func sumMD5(data []byte) []byte {
|
||||||
|
hash := md5.New()
|
||||||
|
hash.Write(data)
|
||||||
|
return hash.Sum(nil)
|
||||||
|
}
|
||||||
|
|
||||||
|
// xmlDecoder provide decoded value in xml.
|
||||||
|
func xmlDecoder(body io.Reader, v interface{}) error {
|
||||||
|
d := xml.NewDecoder(body)
|
||||||
|
return d.Decode(v)
|
||||||
|
}
|
||||||
|
|
||||||
// getEndpointURL - construct a new endpoint.
|
// getEndpointURL - construct a new endpoint.
|
||||||
func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {
|
func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {
|
||||||
if strings.Contains(endpoint, ":") {
|
if strings.Contains(endpoint, ":") {
|
||||||
|
Loading…
Reference in New Issue
Block a user