oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5222 Commits
1 Branch
0 Tags
89 MiB
Tag: Branch: Tree: 16a100b597
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '16a100b597'
${ noResults }
minio/pkg/madmin/config-commands.go

210 lines
5.3 KiB
Raw Normal View History Unescape

Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
/*
* Minio Cloud Storage, (C) 2017 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package madmin
import (
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
"bytes"
"crypto/rand"
Add admin get/set config keys API (#6113) This PR adds two new admin APIs in Minio server and madmin package: - GetConfigKeys(keys []string) ([]byte, error) - SetConfigKeys(params map[string]string) (err error) A key is a path in Minio configuration file, (e.g. notify.webhook.1) The user will always send a string value when setting it in the config file, the API will know how to convert the value to the appropriate type. The user is also able to set a raw json. Before setting a new config, Minio will validate all fields and try to connect to notification targets if available.
6 years ago
"encoding/base64"
Implement SetConfig admin API handler. (#3792)
8 years ago
"encoding/json"
Validate Minio config.json file on the client side (#6067)
6 years ago
"errors"
Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence.
7 years ago
"fmt"
Implement SetConfig admin API handler. (#3792)
8 years ago
"io"
Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
"io/ioutil"
"net/http"
Add admin get/set config keys API (#6113) This PR adds two new admin APIs in Minio server and madmin package: - GetConfigKeys(keys []string) ([]byte, error) - SetConfigKeys(params map[string]string) (err error) A key is a path in Minio configuration file, (e.g. notify.webhook.1) The user will always send a string value when setting it in the config file, the API will know how to convert the value to the appropriate type. The user is also able to set a raw json. Before setting a new config, Minio will validate all fields and try to connect to notification targets if available.
6 years ago
"net/url"
Validate Minio config.json file on the client side (#6067)
6 years ago
"github.com/minio/minio/pkg/quick"
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
"github.com/minio/sio"
"golang.org/x/crypto/argon2"
Implement SetConfig admin API handler. (#3792)
8 years ago
)
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
// EncryptServerConfigData - encrypts server config data.
func EncryptServerConfigData(password string, data []byte) ([]byte, error) {
salt := make([]byte, 32)
if _, err := io.ReadFull(rand.Reader, salt); err != nil {
return nil, err
}
// derive an encryption key from the master key and the nonce
var key [32]byte
copy(key[:], argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32))
encrypted, err := sio.EncryptReader(bytes.NewReader(data), sio.Config{
Key: key[:]},
)
if err != nil {
return nil, err
}
edata, err := ioutil.ReadAll(encrypted)
return append(salt, edata...), err
}
// DecryptServerConfigData - decrypts server config data.
func DecryptServerConfigData(password string, data io.Reader) ([]byte, error) {
salt := make([]byte, 32)
if _, err := io.ReadFull(data, salt); err != nil {
return nil, err
Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
}
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
// derive an encryption key from the master key and the nonce
var key [32]byte
copy(key[:], argon2.IDKey([]byte(password), salt, 1, 64*1024, 4, 32))
Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
decrypted, err := sio.DecryptReader(data, sio.Config{
Key: key[:]},
)
if err != nil {
return nil, err
}
return ioutil.ReadAll(decrypted)
}
// GetConfig - returns the config.json of a minio setup, incoming data is encrypted.
func (adm *AdminClient) GetConfig() ([]byte, error) {
Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence.
7 years ago
// Execute GET on /minio/admin/v1/config to get config of a setup.
resp, err := adm.executeMethod("GET",
requestData{relPath: "/v1/config"})
Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
defer closeResponse(resp)
if err != nil {
return nil, err
}
Implement SetConfig admin API handler. (#3792)
8 years ago
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
Drain response body properly for http connection pool (#6415) Currently Go http connection pool was not being properly utilized leading to degrading performance as the number of concurrent requests increased. As recommended by Go implementation, we have to drain the response body and close it.
6 years ago
defer closeResponse(resp)
Implement SetConfig admin API handler. (#3792)
8 years ago
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
return DecryptServerConfigData(adm.secretAccessKey, resp.Body)
Implement ServerConfig admin REST API (#3741) Returns a valid config.json of the setup. In case of distributed setup, it checks if quorum or more number of nodes have the same config.json.
8 years ago
}
Implement SetConfig admin API handler. (#3792)
8 years ago
Add admin get/set config keys API (#6113) This PR adds two new admin APIs in Minio server and madmin package: - GetConfigKeys(keys []string) ([]byte, error) - SetConfigKeys(params map[string]string) (err error) A key is a path in Minio configuration file, (e.g. notify.webhook.1) The user will always send a string value when setting it in the config file, the API will know how to convert the value to the appropriate type. The user is also able to set a raw json. Before setting a new config, Minio will validate all fields and try to connect to notification targets if available.
6 years ago
// GetConfigKeys - returns partial json or json value from config.json of a minio setup.
func (adm *AdminClient) GetConfigKeys(keys []string) ([]byte, error) {
queryVals := make(url.Values)
for _, k := range keys {
queryVals.Add(k, "")
}
// Execute GET on /minio/admin/v1/config-keys to get config of a setup.
resp, err := adm.executeMethod("GET",
requestData{
relPath: "/v1/config-keys",
queryValues: queryVals,
})
defer closeResponse(resp)
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
return DecryptServerConfigData(adm.secretAccessKey, resp.Body)
}
Implement SetConfig admin API handler. (#3792)
8 years ago
// SetConfig - set config supplied as config.json for the setup.
Ensure that setConfig uses latest functionality (#6302)
6 years ago
func (adm *AdminClient) SetConfig(config io.Reader) (err error) {
Validate Minio config.json file on the client side (#6067)
6 years ago
const maxConfigJSONSize = 256 * 1024 // 256KiB
// Read configuration bytes
configBuf := make([]byte, maxConfigJSONSize+1)
n, err := io.ReadFull(config, configBuf)
if err == nil {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return fmt.Errorf("too large file")
Validate Minio config.json file on the client side (#6067)
6 years ago
}
if err != io.ErrUnexpectedEOF {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return err
Implement SetConfig admin API handler. (#3792)
8 years ago
}
Validate Minio config.json file on the client side (#6067)
6 years ago
configBytes := configBuf[:n]
type configVersion struct {
Version string `json:"version,omitempty"`
}
var cfg configVersion
// Check if read data is in json format
if err = json.Unmarshal(configBytes, &cfg); err != nil {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return errors.New("Invalid JSON format: " + err.Error())
Validate Minio config.json file on the client side (#6067)
6 years ago
}
// Check if the provided json file has "version" key set
if cfg.Version == "" {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return errors.New("Missing or unset \"version\" key in json file")
Validate Minio config.json file on the client side (#6067)
6 years ago
}
// Validate there are no duplicate keys in the JSON
if err = quick.CheckDuplicateKeys(string(configBytes)); err != nil {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return errors.New("Duplicate key in json file: " + err.Error())
Validate Minio config.json file on the client side (#6067)
6 years ago
}
Implement SetConfig admin API handler. (#3792)
8 years ago
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
econfigBytes, err := EncryptServerConfigData(adm.secretAccessKey, configBytes)
if err != nil {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return err
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
}
Implement SetConfig admin API handler. (#3792)
8 years ago
reqData := requestData{
ensure authenticated request bodies for Admin-API (#5984) This commit adds a check to the server's admin-API such that it only accepts Admin-API requests with authenticated bodies. Further this commit updates the `madmin` package to always add the `X-Amz-Content-Sha256` header. This change improves the Admin-API security since the server does not accept unauthenticated request bodies anymore. After this commit `mc` must be updated to the new `madmin` api because requests over TLS connections will fail.
7 years ago
relPath: "/v1/config",
Migrate config.json from config-dir to backend (#6195) This PR is the first set of changes to move the config to the backend, the changes use the existing `config.json` allows it to be migrated such that we can save it in on backend disks. In future releases, we will slowly migrate out of the current architecture. Fixes #6182
6 years ago
content: econfigBytes,
Implement SetConfig admin API handler. (#3792)
8 years ago
}
Move admin APIs to new path and add redesigned heal APIs (#5351) - Changes related to moving admin APIs - admin APIs now have an endpoint under /minio/admin - admin APIs are now versioned - a new API to server the version is added at "GET /minio/admin/version" and all API operations have the path prefix /minio/admin/v1/<operation> - new service stop API added - credentials change API is moved to /minio/admin/v1/config/credential - credentials change API and configuration get/set API now require TLS so that credentials are protected - all API requests now receive JSON - heal APIs are disabled as they will be changed substantially - Heal API changes Heal API is now provided at a single endpoint with the ability for a client to start a heal sequence on all the data in the server, a single bucket, or under a prefix within a bucket. When a heal sequence is started, the server returns a unique token that needs to be used for subsequent 'status' requests to fetch heal results. On each status request from the client, the server returns heal result records that it has accumulated since the previous status request. The server accumulates upto 1000 records and pauses healing further objects until the client requests for status. If the client does not request any further records for a long time, the server aborts the heal sequence automatically. A heal result record is returned for each entity healed on the server, such as system metadata, object metadata, buckets and objects, and has information about the before and after states on each disk. A client may request to force restart a heal sequence - this causes the running heal sequence to be aborted at the next safe spot and starts a new heal sequence.
7 years ago
// Execute PUT on /minio/admin/v1/config to set config.
Implement SetConfig admin API handler. (#3792)
8 years ago
resp, err := adm.executeMethod("PUT", reqData)
defer closeResponse(resp)
if err != nil {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return err
Implement SetConfig admin API handler. (#3792)
8 years ago
}
if resp.StatusCode != http.StatusOK {
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return httpRespToErrorResponse(resp)
Implement SetConfig admin API handler. (#3792)
8 years ago
}
Ensure that setConfig uses latest functionality (#6302)
6 years ago
return nil
Implement SetConfig admin API handler. (#3792)
8 years ago
}
Add admin get/set config keys API (#6113) This PR adds two new admin APIs in Minio server and madmin package: - GetConfigKeys(keys []string) ([]byte, error) - SetConfigKeys(params map[string]string) (err error) A key is a path in Minio configuration file, (e.g. notify.webhook.1) The user will always send a string value when setting it in the config file, the API will know how to convert the value to the appropriate type. The user is also able to set a raw json. Before setting a new config, Minio will validate all fields and try to connect to notification targets if available.
6 years ago
// SetConfigKeys - set config keys supplied as config.json for the setup.
func (adm *AdminClient) SetConfigKeys(params map[string]string) error {
queryVals := make(url.Values)
for k, v := range params {
encryptedVal, err := EncryptServerConfigData(adm.secretAccessKey, []byte(v))
if err != nil {
return err
}
encodedVal := base64.StdEncoding.EncodeToString(encryptedVal)
queryVals.Add(k, string(encodedVal))
}
reqData := requestData{
relPath: "/v1/config-keys",
queryValues: queryVals,
}
// Execute PUT on /minio/admin/v1/config-keys to set config.
resp, err := adm.executeMethod("PUT", reqData)
defer closeResponse(resp)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return httpRespToErrorResponse(resp)
}
return nil
}