maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

remove support for deprecated MINIO_KMS_MASTER_KEY (#12463)

Browse source
This commit is contained in:
Harshavardhana 2021-06-08 18:50:14 -07:00 committed by GitHub
parent 6c8be64cdb
commit 66d549c05d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 0 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
cmd/common-main.go
View file

@ -22,7 +22,6 @@ import (
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"encoding/gob" "encoding/gob"
"encoding/hex"
"errors" "errors"
"fmt" "fmt"
"math/rand" "math/rand"
@ -339,8 +338,6 @@ func handleCommonEnvVars() {
switch { switch {
case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint): case env.IsSet(config.EnvKMSSecretKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint)) logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSSecretKey, config.EnvKESEndpoint))
case env.IsSet(config.EnvKMSMasterKey) && env.IsSet(config.EnvKESEndpoint):
logger.Fatal(errors.New("ambigious KMS configuration"), fmt.Sprintf("The environment contains %q as well as %q", config.EnvKMSMasterKey, config.EnvKESEndpoint))
} }
if env.IsSet(config.EnvKMSSecretKey) { if env.IsSet(config.EnvKMSSecretKey) {
@ -348,21 +345,6 @@ func handleCommonEnvVars() {
if err != nil { if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment") logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
} }
} else if env.IsSet(config.EnvKMSMasterKey) {
// FIXME: remove this block by June 2021
logger.LogIf(GlobalContext, fmt.Errorf("legacy KMS configuration, this environment variable %q is deprecated and will be removed by June 2021", config.EnvKMSMasterKey))
v := strings.SplitN(env.Get(config.EnvKMSMasterKey, ""), ":", 2)
if len(v) != 2 {
logger.Fatal(errors.New("invalid "+config.EnvKMSMasterKey), "Unable to parse the KMS secret key inherited from the shell environment")
}
secretKey, err := hex.DecodeString(v[1])
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
GlobalKMS, err = kms.New(v[0], secretKey)
if err != nil {
logger.Fatal(err, "Unable to parse the KMS secret key inherited from the shell environment")
}
} }
if env.IsSet(config.EnvKESEndpoint) { if env.IsSet(config.EnvKESEndpoint) {
var endpoints []string var endpoints []string

11
dockerscripts/docker-entrypoint.sh
View file

@ -71,17 +71,6 @@ docker_kms_secret_encryption_env() {
fi fi
} }
## Legacy
## Set KMS_MASTER_KEY from docker secrets if provided
docker_kms_master_encryption_env() {
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
if [ -f "$KMS_MASTER_KEY_FILE" ]; then
MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
export MINIO_KMS_MASTER_KEY
fi
}
# su-exec to requested user, if service cannot run exec will fail. # su-exec to requested user, if service cannot run exec will fail.
docker_switch_user() { docker_switch_user() {
if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then

1
internal/config/constants.go
View file

@ -41,7 +41,6 @@ const (
EnvUpdate = "MINIO_UPDATE" EnvUpdate = "MINIO_UPDATE"
EnvKMSMasterKey = "MINIO_KMS_MASTER_KEY" // legacy
EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY" EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY"
EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT" EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT"
EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME" EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME"