From 4781e7580b09d595dad4fa9bee882abfb7abaef2 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 30 Jun 2021 16:08:20 -0700 Subject: [PATCH] add support for customizing redirect_uri for IDP (#12607) --- cmd/common-main.go | 19 ++++++++++++------- cmd/metrics-router.go | 6 ++---- internal/config/identity/openid/help.go | 6 ++++++ internal/config/identity/openid/jwt.go | 8 ++++++++ 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/cmd/common-main.go b/cmd/common-main.go index 38f5dd195..b0266c43d 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -109,17 +109,18 @@ func init() { const consolePrefix = "CONSOLE_" func minioConfigToConsoleFeatures() { - os.Setenv("CONSOLE_PBKDF_PASSPHRASE", restapi.RandomCharString(16)) - os.Setenv("CONSOLE_PBKDF_SALT", restapi.RandomCharString(8)) + os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID) + os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID) + os.Setenv("CONSOLE_HMAC_JWT_SECRET", globalDeploymentID) os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0]) - if value := os.Getenv("MINIO_LOG_QUERY_URL"); value != "" { + if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" { os.Setenv("CONSOLE_LOG_QUERY_URL", value) } - if value := os.Getenv("MINIO_LOG_QUERY_AUTH_TOKEN"); value != "" { + if value := env.Get("MINIO_LOG_QUERY_AUTH_TOKEN", ""); value != "" { os.Setenv("CONSOLE_LOG_QUERY_AUTH_TOKEN", value) } // Enable if prometheus URL is set. - if value := os.Getenv("MINIO_PROMETHEUS_URL"); value != "" { + if value := env.Get("MINIO_PROMETHEUS_URL", ""); value != "" { os.Setenv("CONSOLE_PROMETHEUS_URL", value) } // Enable if LDAP is enabled. @@ -134,8 +135,12 @@ func minioConfigToConsoleFeatures() { os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret) } os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion) - os.Setenv("CONSOLE_CERT_PASSWD", os.Getenv("MINIO_CERT_PASSWD")) - os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback") + os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", "")) + if globalOpenIDConfig.RedirectURI != "" { + os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI) + } else { + os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback") + } } func initConsoleServer() (*restapi.Server, error) { diff --git a/cmd/metrics-router.go b/cmd/metrics-router.go index 8f9aeda4c..239475af8 100644 --- a/cmd/metrics-router.go +++ b/cmd/metrics-router.go @@ -18,10 +18,10 @@ package cmd import ( - "os" "strings" "github.com/gorilla/mux" + "github.com/minio/pkg/env" ) const ( @@ -46,15 +46,13 @@ const ( func registerMetricsRouter(router *mux.Router) { // metrics router metricsRouter := router.NewRoute().PathPrefix(minioReservedBucketPath).Subrouter() - authType := strings.ToLower(os.Getenv(EnvPrometheusAuthType)) + authType := strings.ToLower(env.Get(EnvPrometheusAuthType, string(prometheusJWT))) switch prometheusAuthType(authType) { case prometheusPublic: metricsRouter.Handle(prometheusMetricsPathLegacy, metricsHandler()) metricsRouter.Handle(prometheusMetricsV2ClusterPath, metricsServerHandler()) metricsRouter.Handle(prometheusMetricsV2NodePath, metricsNodeHandler()) case prometheusJWT: - fallthrough - default: metricsRouter.Handle(prometheusMetricsPathLegacy, AuthMiddleware(metricsHandler())) metricsRouter.Handle(prometheusMetricsV2ClusterPath, AuthMiddleware(metricsServerHandler())) metricsRouter.Handle(prometheusMetricsV2NodePath, AuthMiddleware(metricsNodeHandler())) diff --git a/internal/config/identity/openid/help.go b/internal/config/identity/openid/help.go index 92bc80cb9..8c220bb83 100644 --- a/internal/config/identity/openid/help.go +++ b/internal/config/identity/openid/help.go @@ -50,6 +50,12 @@ var ( Optional: true, Type: "string", }, + config.HelpKV{ + Key: RedirectURI, + Description: `Configure custom redirect_uri for OpenID login flow callback`, + Optional: true, + Type: "string", + }, config.HelpKV{ Key: Scopes, Description: `Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin"`, diff --git a/internal/config/identity/openid/jwt.go b/internal/config/identity/openid/jwt.go index b16cd6696..b467d7156 100644 --- a/internal/config/identity/openid/jwt.go +++ b/internal/config/identity/openid/jwt.go @@ -46,6 +46,7 @@ type Config struct { URL *xnet.URL `json:"url,omitempty"` ClaimPrefix string `json:"claimPrefix,omitempty"` ClaimName string `json:"claimName,omitempty"` + RedirectURI string `json:"redirectURI,omitempty"` DiscoveryDoc DiscoveryDoc ClientID string ClientSecret string @@ -228,6 +229,7 @@ const ( ClientID = "client_id" ClientSecret = "client_secret" Scopes = "scopes" + RedirectURI = "redirect_uri" EnvIdentityOpenIDClientID = "MINIO_IDENTITY_OPENID_CLIENT_ID" EnvIdentityOpenIDClientSecret = "MINIO_IDENTITY_OPENID_CLIENT_SECRET" @@ -235,6 +237,7 @@ const ( EnvIdentityOpenIDURL = "MINIO_IDENTITY_OPENID_CONFIG_URL" EnvIdentityOpenIDClaimName = "MINIO_IDENTITY_OPENID_CLAIM_NAME" EnvIdentityOpenIDClaimPrefix = "MINIO_IDENTITY_OPENID_CLAIM_PREFIX" + EnvIdentityOpenIDRedirectURI = "MINIO_IDENTITY_OPENID_REDIRECT_URI" EnvIdentityOpenIDScopes = "MINIO_IDENTITY_OPENID_SCOPES" ) @@ -304,6 +307,10 @@ var ( Key: ClaimPrefix, Value: "", }, + config.KV{ + Key: RedirectURI, + Value: "", + }, config.KV{ Key: Scopes, Value: "", @@ -334,6 +341,7 @@ func LookupConfig(kvs config.KVS, transport *http.Transport, closeRespFn func(io c = Config{ ClaimName: env.Get(EnvIdentityOpenIDClaimName, kvs.Get(ClaimName)), ClaimPrefix: env.Get(EnvIdentityOpenIDClaimPrefix, kvs.Get(ClaimPrefix)), + RedirectURI: env.Get(EnvIdentityOpenIDRedirectURI, kvs.Get(RedirectURI)), publicKeys: make(map[string]crypto.PublicKey), ClientID: env.Get(EnvIdentityOpenIDClientID, kvs.Get(ClientID)), ClientSecret: env.Get(EnvIdentityOpenIDClientSecret, kvs.Get(ClientSecret)),