Commit Graph

8430 Commits

Author SHA1 Message Date
Aditya Manthramurthy
eae9c2f65b
Add changes to ensure session policy is enforced in LDAP STS (#12716)
- Bonus: Fix bug in webidentity sts that doesnt parse session policy correctly.

- update ldap.go to support session policy argument
2021-07-15 15:27:34 -07:00
Poorna Krishnamoorthy
a6ec405443
fix: UpdateObjectVersion should compare versionID through versions (#12726)
fixes #12703
2021-07-15 15:01:59 -07:00
Harshavardhana
9516587a6c update console to master branch
with new fixes

- improve download behavior
- avoid response timeouts
2021-07-15 14:44:18 -07:00
Ravind Kumar
ce800ed347
DOCS: Remove http links in favor of HTTPS (#12725) 2021-07-15 13:31:59 -07:00
Harshavardhana
017722cf85
fix: propagate service account deletes properly (#12717)
service account deletes were not propagating
to remote peers, fix this.
2021-07-14 21:28:53 -07:00
Harshavardhana
10fc30a989
fix crash when config is not properly initialized (#12714)
fixes #12709
2021-07-14 18:27:25 -07:00
Lenin Alevski
92ffe5e5ef
Allow MinIO to load configurations from env file (#12706)
docker-entrypoint.sh will load configuration values from
'config.env' file, this is useful when MinIO is deployed in Kubernetes
environments and want to avoid reading secrets from environment
variables

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2021-07-14 16:55:59 -07:00
Lazzaretti
e8cbfa7af2
fix: rename error message for MINIO_BROWSER_REDIRECT_URL (#12700)
rename the error message for MINIO_BROWSER_REDIRECT_URL to match the field name
2021-07-14 12:38:25 -07:00
Anis Elleuch
b8f95fb3d4
fix: Use correct replication status in replication healing (#12711)
In case of replication healing, we always store completed status in the
object metadata, which is wrong because replication could fail in the
further retries.
2021-07-14 09:58:46 -07:00
Anis Elleuch
a4b8928660
Move prefix usage in admin AccountInfo API (#12710) 2021-07-14 08:51:10 -07:00
Shireesh Anjal
4d6d4244f1
Anonymize hosts in subnet health report (#12627)
Ensure that hostnames / ip addresses are not printed in the subnet
health report. Anonymize them by replacing them with `servern` where `n`
represents the position of the server in the pool.

This is done by building a `host anonymizer` map that maps every
possible value containing the host e.g. host, host:port,
http://host:port, etc to the corresponding anonymized name and using
this map to replace the values at the time of health report generation.

A different logic is used to anonymize host names in the `procinfo`
data, as the host names are part of an ellipses pattern in the process
start command. Here we just replace the prefix/suffix of the ellipses
pattern with their hashes.
2021-07-14 00:23:22 -07:00
Harshavardhana
8d19efe7e0
feat: increase allowed maximum STS expiration timeout to 365 days (#12704) 2021-07-14 00:08:22 -07:00
ebozduman
83c37a44b6
'starts-with' support for 'success_action_status' (#12698) 2021-07-13 13:33:03 -07:00
Harshavardhana
9dae5a7c85
fix: only redirect for GET/HEAD requests (#12702)
fixes #12701
2021-07-13 11:25:08 -07:00
Anis Elleuch
aa78505181
Add prefixes usage in Accounting Usage Info (#12687) 2021-07-13 10:42:11 -07:00
Harshavardhana
e316873f84
feat: Add support for kakfa audit logger target (#12678) 2021-07-13 09:39:13 -07:00
Harshavardhana
559d075627
fix: properly send group unset policy (#12694)
In distributed setups `mc admin group unset`
was not correctly working due to incorrect
handling of query parameters between peers.
2021-07-13 09:32:35 -07:00
Harshavardhana
e25ae1c01f add console-address flag for spoonfed users 2021-07-12 17:05:38 -07:00
Harshavardhana
a655e7f820
fix: use browser redirect URL for IDP callback (#12689)
if browser_redirect_url is set use that for IDP callback
automatically, if we do not have to set REDIRECT_URI
for OpenID callback URL.
2021-07-12 15:21:07 -07:00
Harshavardhana
c438eda624 update console dependency for derivedKey fix 2021-07-12 14:37:25 -07:00
Harshavardhana
2b6d0a1d84 fix: typo in REDIRECT_URL 2021-07-12 11:43:42 -07:00
Klaus Post
3201bae773
feat: gzip S3/Admin API responses whenever applicable (#12631)
Gzip responses if appropriate, except GetObject requests.
List reponses has an almost 10:1 compression ratio with no
measurable slowdown (in fact it seems a bit faster).
2021-07-12 10:49:50 -07:00
Anis Elleuch
8625cfdfae
update madmin-go dependency, update related code (#12669) 2021-07-12 10:16:10 -07:00
Minio Trusted
bc8962102f Update yaml files to latest version RELEASE.2021-07-12T02-44-53Z 2021-07-12 03:45:14 +00:00
Harshavardhana
55b08403cb update docker docs with --console-address
also update the orchestration docs for nginx
proxy for console.

fixes #12660
2021-07-11 19:44:53 -07:00
Harshavardhana
d86ef6256d fix: ldap:username variable substitution in policies 2021-07-11 18:39:06 -07:00
Harshavardhana
cd36019450
fix: allow STS credentials with dynamic policies (#12681)
- ParentUser for OIDC auth changed to `openid:`
  instead of `jwt:` to avoid clashes with variable
  substitution

- Do not pass in random parents into IsAllowed()
  policy evaluation as it can change the behavior
  of looking for correct policies underneath.

fixes #12676
fixes #12680
2021-07-11 17:39:52 -07:00
Minio Trusted
e4c3953947 update console dependency 2021-07-10 12:16:07 -07:00
Harshavardhana
931f73f59a
fix: add IAM dummy store for gateway operations (#12670)
with console addition users cannot login with
root credentials without etcd persistent layer,
allow a dummy store such that such functionalities
can be supported when running as non-persistent
manner, this enables all calls and operations.
2021-07-10 08:32:52 -07:00
Anis Elleuch
9be040dd14
Add option in readDir to enable symlink following of dirs (#12668) 2021-07-09 16:20:51 -07:00
Harshavardhana
da0fd5f056
fix: allow customizing console redirection (#12665)
MinIO might be running inside proxies, and
console while being on another port might not be
reachable on a specific port behind such proxies.

For such scenarios customize the redirect URL
such that console can be redirected to correct
proxy endpoint instead.

fixes #12661
2021-07-09 14:27:09 -07:00
Anis Elleuch
c8cf4c5eb8
Fix force bucket deletion in distributed mode (#12659)
storageRESTForceDelete is not always passed by client, use r.URL().Query
instead.

Co-authored-by: Anis Elleuch <anis@min.io>
2021-07-09 13:29:38 -07:00
Harshavardhana
bab72f6887
fix: allow authToken for webhook to support Splunk (#12663) 2021-07-09 11:47:04 -07:00
Klaus Post
d6a2fe02d3
Add admin file inspector (#12635)
Download files from *any* bucket/path as an encrypted zip file.

The key is included in the response but can be separated so zip 
and the key doesn't have to be sent on the same channel.

Requires https://github.com/minio/pkg/pull/6
2021-07-09 11:29:16 -07:00
Harshavardhana
28adb29db3
feat: Add support to poll users on external SSO (#12592)
Additional support for vendor-specific admin API
integrations for OpenID, to ensure validity of
credentials on MinIO.

Every 5minutes check for validity of credentials
on MinIO with vendor specific IDP.
2021-07-09 11:17:21 -07:00
Harshavardhana
b79cdc1611
fix: allow gateway to work with root credentials (#12655) 2021-07-09 10:35:09 -07:00
Minio Trusted
b6dd9b55a7 Update yaml files to latest version RELEASE.2021-07-08T19-43-25Z 2021-07-08 22:53:49 -07:00
Harshavardhana
84a64a7e47
fix: accountInfo should use parentUser (#12652)
parentUser is needed to make sure that
dynamic variables in policy work properly.

fixes #12651
2021-07-08 12:43:25 -07:00
Christian Weiske
95d29a6a53
fix: Mention GetBucketyPolicy in S3 gateway docs policy (#12642)
That action is needed for the gateway to obtain the policy
setting for public access.

Resolves: https://github.com/minio/minio/issues/12638
2021-07-08 10:34:56 -07:00
Harshavardhana
affee27b05
fix: speed up erasure code upgrade checks (#12626)
DiskInfo() calls can stagger and wait if run
serially timing out 10secs per drive, to avoid
this lets check DiskInfo in parallel to avoid
delays when nodes get disconnected.
2021-07-08 01:04:37 -07:00
Minio Trusted
c14f965293 Update yaml files to latest version RELEASE.2021-07-08T01-15-01Z 2021-07-08 03:12:44 +00:00
Harshavardhana
9a47d3f860 update CREDITS with latest deps 2021-07-07 18:15:01 -07:00
Harshavardhana
2ce60d772b
fix: update README.md for new release (#12637)
rename all 'docker run' commands to 'podman run'

fixes #12633
2021-07-07 18:07:29 -07:00
Harshavardhana
c99d399d09
fix: handle redirects for specific resources (#12629) 2021-07-07 12:04:16 -07:00
Harshavardhana
25f55d6051 fix: order of args ListObjectsV2 S3 gateway 2021-07-06 13:44:14 -07:00
Harshavardhana
039978640f
fix: honor system umask for file creates (#12601)
use 0666 os.FileMode to honor system umask
2021-07-06 12:54:16 -07:00
Harshavardhana
6503c6ac21 fix: support startAfter with S3 gateway
fixes #12604
2021-07-05 18:44:04 -07:00
Klaus Post
05aebc52c2
feat: Implement listing version 3.0 (#12605)
Co-authored-by: Harshavardhana <harsha@minio.io>
2021-07-05 15:34:41 -07:00
Harshavardhana
bb92989359 fix: cross compilation on openbsd/amd64
fixes #12620
2021-07-04 00:34:10 -07:00
Klaus Post
a7e2a1a38b
fix: two different scanner update races (#12615) 2021-07-02 11:19:56 -07:00