From 086fbb745e668267e9d587f3993ee064fe3cc6f1 Mon Sep 17 00:00:00 2001
From: Andreas Auernhammer <aead@mail.de>
Date: Thu, 6 Feb 2020 01:48:34 +0100
Subject: [PATCH] fix and improve KMS server info (#8944)

This commit fixes typos in the displayed server info
w.r.t. the KMS and removes the update status.

For more information about why the update status
is removed see: PR #8943
---
 cmd/admin-handlers.go       | 27 ++++++++++-----------------
 pkg/madmin/info-commands.go |  1 -
 2 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go
index d9d9777d2..b76d4e84b 100644
--- a/cmd/admin-handlers.go
+++ b/cmd/admin-handlers.go
@@ -1574,30 +1574,23 @@ func fetchVaultStatus(cfg config.Config) madmin.Vault {
 	} else {
 		vault.Status = "online"
 
-		kmsContext := crypto.Context{"MinIO admin API": "KMSKeyStatusHandler"} // Context for a test key operation
+		kmsContext := crypto.Context{"MinIO admin API": "ServerInfoHandler"} // Context for a test key operation
 		// 1. Generate a new key using the KMS.
 		key, sealedKey, err := GlobalKMS.GenerateKey(keyID, kmsContext)
 		if err != nil {
-			vault.Encrypt = "Encryption failed"
+			vault.Encrypt = fmt.Sprintf("Encryption failed: %v", err)
 		} else {
 			vault.Encrypt = "Ok"
 		}
 
-		// 2. Check whether we can update / re-wrap the sealed key.
-		sealedKey, err = GlobalKMS.UpdateKey(keyID, sealedKey, kmsContext)
-		if err != nil {
-			vault.Update = "Re-wrap failed:"
-		} else {
-			vault.Update = "Ok"
-		}
-
-		// 3. Verify that we can indeed decrypt the (encrypted) key
-		decryptedKey, decryptErr := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
-
-		// 4. Compare generated key with decrypted key
-		if subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1 || decryptErr != nil {
-			vault.Decrypt = "Re-wrap failed:"
-		} else {
+		// 2. Verify that we can indeed decrypt the (encrypted) key
+		decryptedKey, err := GlobalKMS.UnsealKey(keyID, sealedKey, kmsContext)
+		switch {
+		case err != nil:
+			vault.Decrypt = fmt.Sprintf("Decryption failed: %v", err)
+		case subtle.ConstantTimeCompare(key[:], decryptedKey[:]) != 1:
+			vault.Decrypt = "Decryption failed: decrypted key does not match generated key"
+		default:
 			vault.Decrypt = "Ok"
 		}
 	}
diff --git a/pkg/madmin/info-commands.go b/pkg/madmin/info-commands.go
index 54911f877..1019d0dd7 100644
--- a/pkg/madmin/info-commands.go
+++ b/pkg/madmin/info-commands.go
@@ -470,7 +470,6 @@ type Vault struct {
 	Status  string `json:"status,omitempty"`
 	Encrypt string `json:"encryp,omitempty"`
 	Decrypt string `json:"decrypt,omitempty"`
-	Update  string `json:"update,omitempty"`
 }
 
 // LDAP contains ldap status