mirror of
https://github.com/minio/minio.git
synced 2025-01-04 03:23:22 -05:00
4f37c8ccf2
This commit removes the `Update` functionality from the admin API. While this is technically a breaking change I think this will not cause any harm because: - The KMS admin API is not complete, yet. At the moment only the status can be fetched. - The `mc` integration hasn't been merged yet. So no `mc` client could have used this API in the past. The `Update`/`Rewrap` status is not useful anymore. It provided a way to migrate from one master key version to another. However, KES does not support the concept of key versions. Instead, key migration should be implemented as migration from one master key to another. Basically, the `Update` functionality has been implemented just for Vault.
62 lines
2.0 KiB
Go
62 lines
2.0 KiB
Go
/*
|
|
* MinIO Cloud Storage, (C) 2019 MinIO, Inc.
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
package madmin
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/url"
|
|
)
|
|
|
|
// GetKeyStatus requests status information about the key referenced by keyID
|
|
// from the KMS connected to a MinIO by performing a Admin-API request.
|
|
// It basically hits the `/minio/admin/v2/kms/key/status` API endpoint.
|
|
func (adm *AdminClient) GetKeyStatus(keyID string) (*KMSKeyStatus, error) {
|
|
// GET /minio/admin/v2/kms/key/status?key-id=<keyID>
|
|
qv := url.Values{}
|
|
qv.Set("key-id", keyID)
|
|
reqData := requestData{
|
|
relPath: adminAPIPrefix + "/kms/key/status",
|
|
queryValues: qv,
|
|
}
|
|
|
|
resp, err := adm.executeMethod("GET", reqData)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponse(resp)
|
|
if resp.StatusCode != http.StatusOK {
|
|
return nil, httpRespToErrorResponse(resp)
|
|
}
|
|
var keyInfo KMSKeyStatus
|
|
if err = json.NewDecoder(resp.Body).Decode(&keyInfo); err != nil {
|
|
return nil, err
|
|
}
|
|
return &keyInfo, nil
|
|
}
|
|
|
|
// KMSKeyStatus contains some status information about a KMS master key.
|
|
// The MinIO server tries to access the KMS and perform encryption and
|
|
// decryption operations. If the MinIO server can access the KMS and
|
|
// all master key operations succeed it returns a status containing only
|
|
// the master key ID but no error.
|
|
type KMSKeyStatus struct {
|
|
KeyID string `json:"key-id"`
|
|
EncryptionErr string `json:"encryption-error,omitempty"` // An empty error == success
|
|
DecryptionErr string `json:"decryption-error,omitempty"` // An empty error == success
|
|
}
|