Indicate backend encrypted only if encryption is requested (#8508)

master
Harshavardhana 5 years ago committed by GitHub
parent aa04f97f95
commit 1027afa853
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      cmd/admin-handlers-config-kv.go
  2. 17
      cmd/config-encrypted.go
  3. 2
      cmd/logger/config.go

@ -183,7 +183,9 @@ func (a adminAPIHandlers) SetConfigKVHandler(w http.ResponseWriter, r *http.Requ
}
// Make sure to write backend is encrypted
if globalConfigEncrypted {
saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
}
}
// GetConfigKVHandler - GET /minio/admin/v2/get-config-kv?key={key}
@ -447,7 +449,9 @@ func (a adminAPIHandlers) SetConfigHandler(w http.ResponseWriter, r *http.Reques
}
// Make sure to write backend is encrypted
if globalConfigEncrypted {
saveConfig(context.Background(), objectAPI, backendEncryptedFile, backendEncryptedMigrationComplete)
}
// Reply to the client before restarting minio server.
writeSuccessResponseHeadersOnly(w)

@ -19,11 +19,12 @@ package cmd
import (
"bytes"
"context"
"errors"
"os"
"strings"
"unicode/utf8"
etcd "github.com/coreos/etcd/clientv3"
jsoniter "github.com/json-iterator/go"
"github.com/minio/minio/cmd/config"
"github.com/minio/minio/cmd/logger"
"github.com/minio/minio/pkg/auth"
@ -260,11 +261,8 @@ func migrateIAMConfigsEtcdToEncrypted(client *etcd.Client) error {
data = cdata
}
// Attempt to unmarshal JSON content
var dummy map[string]interface{}
var json = jsoniter.ConfigCompatibleWithStandardLibrary
if err = json.Unmarshal(data, &dummy); err != nil {
return err
if !utf8.Valid(data) {
return errors.New("config data not in plain-text form")
}
cencdata, err = madmin.EncryptData(globalActiveCred.String(), data)
@ -335,11 +333,8 @@ func migrateConfigPrefixToEncrypted(objAPI ObjectLayer, activeCredOld auth.Crede
data = cdata
}
// Attempt to unmarshal JSON content
var dummy map[string]interface{}
var json = jsoniter.ConfigCompatibleWithStandardLibrary
if err = json.Unmarshal(data, &dummy); err != nil {
return err
if !utf8.Valid(data) {
return errors.New("config data not in plain-text form")
}
cencdata, err = madmin.EncryptData(globalActiveCred.String(), data)

@ -193,7 +193,7 @@ func LookupConfig(scfg config.Config) (Config, error) {
if starget != config.Default {
authTokenEnv = EnvLoggerHTTPAuditAuthToken + config.Default + starget
}
cfg.HTTP[starget] = HTTP{
cfg.Audit[starget] = HTTP{
Enabled: true,
Endpoint: endpoint,
AuthToken: env.Get(authTokenEnv, kv.Get(AuthToken)),

Loading…
Cancel
Save