mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove use of Privileged Credentials (#535)

Browse Source 
- Leverage on MinIO Oauth integration instead of the 
  current Console implementation
- Refactor pkg/idp
- Added tests to login
This commit is contained in:
Lenin Alevski
2021-01-07 13:49:56 -06:00
committed by GitHub
parent 5b98bb8fd6
commit 58903e8337
14 changed files with 186 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
restapi/client-admin.go
View File

@@ -24,8 +24,6 @@ import (
"runtime"
"github.com/minio/console/models"
"github.com/minio/console/pkg/auth"
"github.com/minio/console/pkg/auth/ldap"
mcCmd "github.com/minio/mc/cmd"
"github.com/minio/mc/pkg/probe"
"github.com/minio/minio-go/v7/pkg/credentials"
@@ -317,11 +315,6 @@ func newAdminFromClaims(claims *models.Principal) (*madmin.AdminClient, error) {
return adminClient, nil
}
var (
consoleAccessKey = getAccessKey()
consoleSecretKey = getSecretKey()
)
// stsClient is a custom http client, this client should not be called directly and instead be
// called using GetConsoleSTSClient() to ensure is initialized and the certificates are loaded correctly
var stsClient *http.Client
@@ -333,36 +326,3 @@ func GetConsoleSTSClient() *http.Client {
}
return stsClient
}
var consoleLDAPAdminCreds consoleCredentials
func newSuperMAdminClient() (*madmin.AdminClient, error) {
accessKey := consoleAccessKey
secretKey := consoleSecretKey
sessionToken := ""
// If LDAP is enabled (External IDP) in minio, then obtain the session tokens associated with the super admin credentials
// configured in console
if ldap.GetLDAPEnabled() {
// initialize LDAP super Admin Credentials once
if consoleLDAPAdminCreds.consoleCredentials == nil {
consoleCredentialsFromLDAP, err := auth.GetCredentialsFromLDAP(GetConsoleSTSClient(), MinioEndpoint, consoleAccessKey, consoleSecretKey)
if err != nil {
return nil, err
}
consoleLDAPAdminCreds = consoleCredentials{consoleCredentials: consoleCredentialsFromLDAP}
}
tokens, err := consoleLDAPAdminCreds.Get()
if err != nil {
return nil, err
}
accessKey = tokens.AccessKeyID
secretKey = tokens.SecretAccessKey
sessionToken = tokens.SessionToken
}
adminClient, pErr := NewAdminClient(MinioEndpoint, accessKey, secretKey, sessionToken)
if pErr != nil {
return nil, pErr.Cause
}
return adminClient, nil
}