mirrors/minio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sr: use site replicator svcacct to sign STS session tokens (#19111)

Browse Source 
This change is to decouple need for root credentials to match between
 site replication deployments.

 Also ensuring site replication config initialization is re-tried until
 it succeeds, this deoendency is critical to STS flow in site replication
 scenario.
This commit is contained in:
Poorna
2024-02-26 13:26:18 -08:00
committed by Harshavardhana
parent 30c2596512
commit b1351e2dee
8 changed files with 148 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/auth-handler.go
View File

@@ -306,6 +306,13 @@ func checkClaimsFromToken(r *http.Request, cred auth.Credentials) (map[string]in
}
if token != "" {
var err error
if globalSiteReplicationSys.isEnabled() && cred.AccessKey != siteReplicatorSvcAcc {
secret, err = getTokenSigningKey()
if err != nil {
return nil, toAPIErrorCode(r.Context(), err)
}
}
claims, err := getClaimsFromTokenWithSecret(token, secret)
if err != nil {
return nil, toAPIErrorCode(r.Context(), err)