From b154581b650197124eed989a8dc8e87f49f81eaa Mon Sep 17 00:00:00 2001 From: ebozduman Date: Thu, 10 Jun 2021 22:28:09 -0700 Subject: [PATCH] fix: partially defined cred env vars cause "minio gateway s3" to fail (#12228) Both credential env vars not needed to start s3 gateway --- buildscripts/verify-build.sh | 2 ++ cmd/common-main.go | 56 +++++++++++++++++++++++++++++------- internal/config/errors.go | 26 ++++++++++++++--- 3 files changed, 70 insertions(+), 14 deletions(-) diff --git a/buildscripts/verify-build.sh b/buildscripts/verify-build.sh index 84a5c5abe..18324210a 100755 --- a/buildscripts/verify-build.sh +++ b/buildscripts/verify-build.sh @@ -31,6 +31,8 @@ FUNCTIONAL_TESTS="$WORK_DIR/functional-tests.sh" function start_minio_fs() { + export MINIO_ROOT_USER=$ACCESS_KEY + export MINIO_ROOT_PASSWORD=$SECRET_KEY "${MINIO[@]}" server "${WORK_DIR}/fs-disk" >"$WORK_DIR/fs-minio.log" 2>&1 & sleep 10 } diff --git a/cmd/common-main.go b/cmd/common-main.go index 9719c9846..6e4361a46 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -317,22 +317,58 @@ func handleCommonEnvVars() { // in-place update is off. globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.EnableOn), config.EnableOff) - if env.IsSet(config.EnvAccessKey) || env.IsSet(config.EnvSecretKey) { - cred, err := auth.CreateCredentials(env.Get(config.EnvAccessKey, ""), env.Get(config.EnvSecretKey, "")) + // Check if the supported credential env vars, "MINIO_ROOT_USER" and + // "MINIO_ROOT_PASSWORD" are provided + // Warn user if deprecated environment variables, + // "MINIO_ACCESS_KEY" and "MINIO_SECRET_KEY", are defined + // Check all error conditions first + if !env.IsSet(config.EnvRootUser) && env.IsSet(config.EnvRootPassword) { + logger.Fatal(config.ErrMissingEnvCredentialRootUser(nil), "Unable to start MinIO") + } else if env.IsSet(config.EnvRootUser) && !env.IsSet(config.EnvRootPassword) { + logger.Fatal(config.ErrMissingEnvCredentialRootPassword(nil), "Unable to start MinIO") + } else if !env.IsSet(config.EnvRootUser) && !env.IsSet(config.EnvRootPassword) { + if !env.IsSet(config.EnvAccessKey) && env.IsSet(config.EnvSecretKey) { + logger.Fatal(config.ErrMissingEnvCredentialAccessKey(nil), "Unable to start MinIO") + } else if env.IsSet(config.EnvAccessKey) && !env.IsSet(config.EnvSecretKey) { + logger.Fatal(config.ErrMissingEnvCredentialSecretKey(nil), "Unable to start MinIO") + } + } + + // At this point, either both environment variables + // are defined or both are not defined. + // Check both cases and authenticate them if correctly defined + var user, password string + haveRootCredentials := false + haveAccessCredentials := false + if env.IsSet(config.EnvRootUser) && env.IsSet(config.EnvRootPassword) { + user = env.Get(config.EnvRootUser, "") + password = env.Get(config.EnvRootPassword, "") + haveRootCredentials = true + } else if env.IsSet(config.EnvAccessKey) && env.IsSet(config.EnvSecretKey) { + user = env.Get(config.EnvAccessKey, "") + password = env.Get(config.EnvSecretKey, "") + haveAccessCredentials = true + } + if haveRootCredentials || haveAccessCredentials { + cred, err := auth.CreateCredentials(user, password) if err != nil { logger.Fatal(config.ErrInvalidCredentials(err), "Unable to validate credentials inherited from the shell environment") } + if haveAccessCredentials { + msg := fmt.Sprintf("WARNING: %s and %s are deprecated.\n"+ + " Please use %s and %s", + config.EnvAccessKey, config.EnvSecretKey, + config.EnvRootUser, config.EnvRootPassword) + logger.StartupMessage(color.RedString(msg)) + } globalActiveCred = cred } - - if env.IsSet(config.EnvRootUser) || env.IsSet(config.EnvRootPassword) { - cred, err := auth.CreateCredentials(env.Get(config.EnvRootUser, ""), env.Get(config.EnvRootPassword, "")) - if err != nil { - logger.Fatal(config.ErrInvalidCredentials(err), - "Unable to validate credentials inherited from the shell environment") - } - globalActiveCred = cred + if !haveRootCredentials && !haveAccessCredentials { + msg := "No credential environment variables defined. Going with the defaults.\n" + + "It is strongly recommended to define your own credentials" + + " via environment variables %s and %s instead of using default values" + logger.StartupMessage(color.RedString(msg, config.EnvRootUser, config.EnvRootPassword)) } switch { diff --git a/internal/config/errors.go b/internal/config/errors.go index 18a2b0eaa..7d0becf93 100644 --- a/internal/config/errors.go +++ b/internal/config/errors.go @@ -133,10 +133,28 @@ var ( `Access key length should be at least 3, and secret key length at least 8 characters`, ) - ErrEnvCredentialsMissingGateway = newErrFn( - "Credentials missing", - "Please set your credentials in the environment", - `In Gateway mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, + ErrMissingEnvCredentialRootUser = newErrFn( + "Missing credential environment variable, \""+EnvRootUser+"\"", + "Environment variable \""+EnvRootUser+"\" is missing", + `Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, + ) + + ErrMissingEnvCredentialRootPassword = newErrFn( + "Missing credential environment variable, \""+EnvRootPassword+"\"", + "Environment variable \""+EnvRootPassword+"\" is missing", + `Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, + ) + + ErrMissingEnvCredentialAccessKey = newErrFn( + "Missing credential environment variable, \""+EnvAccessKey+"\"", + "Environment variables \""+EnvAccessKey+"\" and \""+EnvSecretKey+"\" are deprecated", + `Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, + ) + + ErrMissingEnvCredentialSecretKey = newErrFn( + "Missing credential environment variable, \""+EnvSecretKey+"\"", + "Environment variables \""+EnvSecretKey+"\" and \""+EnvAccessKey+"\" are deprecated", + `Root user name (access key) and root password (secret key) are expected to be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, ) ErrInvalidErasureEndpoints = newErrFn(