start using xnet and simplify URL handling (#1960)
This commit is contained in:
Harshavardhana
GitHub
5
go.mod
5
go.mod
@@ -26,7 +26,7 @@ require (
|
|||||||
github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82
|
github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82
|
||||||
github.com/minio/minio-go/v7 v7.0.24
|
github.com/minio/minio-go/v7 v7.0.24
|
||||||
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2
|
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2
|
||||||
github.com/minio/pkg v1.1.21
|
github.com/minio/pkg v1.1.23
|
||||||
github.com/minio/selfupdate v0.4.0
|
github.com/minio/selfupdate v0.4.0
|
||||||
github.com/mitchellh/go-homedir v1.1.0
|
github.com/mitchellh/go-homedir v1.1.0
|
||||||
github.com/rs/xid v1.4.0
|
github.com/rs/xid v1.4.0
|
||||||
@@ -41,6 +41,7 @@ require (
|
|||||||
k8s.io/api v0.23.5
|
k8s.io/api v0.23.5
|
||||||
k8s.io/apimachinery v0.23.5
|
k8s.io/apimachinery v0.23.5
|
||||||
k8s.io/client-go v0.23.5
|
k8s.io/client-go v0.23.5
|
||||||
|
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
@@ -104,6 +105,7 @@ require (
|
|||||||
github.com/mitchellh/mapstructure v1.4.3 // indirect
|
github.com/mitchellh/mapstructure v1.4.3 // indirect
|
||||||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
|
||||||
github.com/modern-go/reflect2 v1.0.2 // indirect
|
github.com/modern-go/reflect2 v1.0.2 // indirect
|
||||||
|
github.com/montanaflynn/stats v0.6.6 // indirect
|
||||||
github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect
|
github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect
|
||||||
github.com/muesli/reflow v0.3.0 // indirect
|
github.com/muesli/reflow v0.3.0 // indirect
|
||||||
github.com/muesli/termenv v0.11.1-0.20220212125758-44cd13922739 // indirect
|
github.com/muesli/termenv v0.11.1-0.20220212125758-44cd13922739 // indirect
|
||||||
@@ -153,7 +155,6 @@ require (
|
|||||||
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
|
||||||
k8s.io/klog/v2 v2.40.1 // indirect
|
k8s.io/klog/v2 v2.40.1 // indirect
|
||||||
k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
|
k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
|
||||||
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
|
|
||||||
maze.io/x/duration v0.0.0-20160924141736-faac084b6075 // indirect
|
maze.io/x/duration v0.0.0-20160924141736-faac084b6075 // indirect
|
||||||
sigs.k8s.io/controller-runtime v0.11.1 // indirect
|
sigs.k8s.io/controller-runtime v0.11.1 // indirect
|
||||||
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
|
sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
|
||||||
|
|||||||
5
go.sum
5
go.sum
@@ -488,8 +488,8 @@ github.com/minio/minio-go/v7 v7.0.24/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0
|
|||||||
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2 h1:GdjU5qV+Wv0P2Y/TVGRELapzBdph8Vyi6u9VjgvtVIs=
|
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2 h1:GdjU5qV+Wv0P2Y/TVGRELapzBdph8Vyi6u9VjgvtVIs=
|
||||||
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2/go.mod h1:4Bo6a+XrBFEfCiiEtB14bw8l/nT3hcvZQKrZGZu27mA=
|
github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2/go.mod h1:4Bo6a+XrBFEfCiiEtB14bw8l/nT3hcvZQKrZGZu27mA=
|
||||||
github.com/minio/pkg v1.1.20/go.mod h1:Xo7LQshlxGa9shKwJ7NzQbgW4s8T/Wc1cOStR/eUiMY=
|
github.com/minio/pkg v1.1.20/go.mod h1:Xo7LQshlxGa9shKwJ7NzQbgW4s8T/Wc1cOStR/eUiMY=
|
||||||
github.com/minio/pkg v1.1.21 h1:sqPIwfmlMbufFd3xiEiAdrgyle7c67YIXFf+rFtCeyA=
|
github.com/minio/pkg v1.1.23 h1:CJSoPslQCWZW3z3T79+pv9dVBDCQEK3ipiwXcoAtzY0=
|
||||||
github.com/minio/pkg v1.1.21/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=
|
github.com/minio/pkg v1.1.23/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=
|
||||||
github.com/minio/selfupdate v0.4.0 h1:A7t07pN4Ch1tBTIRStW0KhUVyykz+2muCqFsITQeEW8=
|
github.com/minio/selfupdate v0.4.0 h1:A7t07pN4Ch1tBTIRStW0KhUVyykz+2muCqFsITQeEW8=
|
||||||
github.com/minio/selfupdate v0.4.0/go.mod h1:mcDkzMgq8PRcpCRJo/NlPY7U45O5dfYl2Y0Rg7IustY=
|
github.com/minio/selfupdate v0.4.0/go.mod h1:mcDkzMgq8PRcpCRJo/NlPY7U45O5dfYl2Y0Rg7IustY=
|
||||||
github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
|
github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
|
||||||
@@ -517,6 +517,7 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
|
|||||||
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
|
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
|
||||||
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
|
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
|
||||||
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
|
github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
|
||||||
|
github.com/montanaflynn/stats v0.6.6 h1:Duep6KMIDpY4Yo11iFsvyqJDyfzLF9+sndUKT+v64GQ=
|
||||||
github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
|
github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
|
||||||
github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b/go.mod h1:fQuZ0gauxyBcmsdE3ZT4NasjaRdxmbCS0jRHsrWu3Ho=
|
github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b/go.mod h1:fQuZ0gauxyBcmsdE3ZT4NasjaRdxmbCS0jRHsrWu3Ho=
|
||||||
github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 h1:kMlmsLSbjkikxQJ1IPwaM+7LJ9ltFu/fi8CRzvSnQmA=
|
github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 h1:kMlmsLSbjkikxQJ1IPwaM+7LJ9ltFu/fi8CRzvSnQmA=
|
||||||
|
|||||||
@@ -21,13 +21,13 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"net/url"
|
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/minio/minio-go/v7/pkg/replication"
|
"github.com/minio/minio-go/v7/pkg/replication"
|
||||||
"github.com/minio/minio-go/v7/pkg/sse"
|
"github.com/minio/minio-go/v7/pkg/sse"
|
||||||
|
xnet "github.com/minio/pkg/net"
|
||||||
|
|
||||||
"github.com/minio/console/models"
|
"github.com/minio/console/models"
|
||||||
"github.com/minio/console/pkg"
|
"github.com/minio/console/pkg"
|
||||||
@@ -388,20 +388,18 @@ func newMinioClient(claims *models.Principal) (*minio.Client, error) {
|
|||||||
// computeObjectURLWithoutEncode returns a MinIO url containing the object filename without encoding
|
// computeObjectURLWithoutEncode returns a MinIO url containing the object filename without encoding
|
||||||
func computeObjectURLWithoutEncode(bucketName, prefix string) (string, error) {
|
func computeObjectURLWithoutEncode(bucketName, prefix string) (string, error) {
|
||||||
endpoint := getMinIOServer()
|
endpoint := getMinIOServer()
|
||||||
u, err := url.Parse(endpoint)
|
u, err := xnet.ParseHTTPURL(endpoint)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("the provided endpoint is invalid")
|
return "", fmt.Errorf("the provided endpoint is invalid")
|
||||||
}
|
}
|
||||||
objectURL := fmt.Sprintf("%s:%s", u.Hostname(), u.Port())
|
var p string
|
||||||
if strings.TrimSpace(bucketName) != "" {
|
if strings.TrimSpace(bucketName) != "" {
|
||||||
objectURL = path.Join(objectURL, bucketName)
|
p = path.Join(p, bucketName)
|
||||||
}
|
}
|
||||||
if strings.TrimSpace(prefix) != "" {
|
if strings.TrimSpace(prefix) != "" {
|
||||||
objectURL = pathJoinFinalSlash(objectURL, prefix)
|
p = pathJoinFinalSlash(p, prefix)
|
||||||
}
|
}
|
||||||
|
return fmt.Sprintf("%s://%s/%s", u.Scheme, u.Host, p), nil
|
||||||
objectURL = fmt.Sprintf("%s://%s", u.Scheme, objectURL)
|
|
||||||
return objectURL, nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
|
// newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
|
||||||
|
|||||||
@@ -19,12 +19,12 @@ package restapi
|
|||||||
import (
|
import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
xcerts "github.com/minio/pkg/certs"
|
xcerts "github.com/minio/pkg/certs"
|
||||||
"github.com/minio/pkg/env"
|
"github.com/minio/pkg/env"
|
||||||
|
xnet "github.com/minio/pkg/net"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@@ -59,7 +59,7 @@ func GetMinIORegion() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getMinIOEndpoint() string {
|
func getMinIOEndpoint() string {
|
||||||
u, err := url.Parse(getMinIOServer())
|
u, err := xnet.ParseHTTPURL(getMinIOServer())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
@@ -67,7 +67,7 @@ func getMinIOEndpoint() string {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func getMinIOEndpointIsSecure() bool {
|
func getMinIOEndpointIsSecure() bool {
|
||||||
u, err := url.Parse(getMinIOServer())
|
u, err := xnet.ParseHTTPURL(getMinIOServer())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -43,6 +43,7 @@ import (
|
|||||||
portal_ui "github.com/minio/console/portal-ui"
|
portal_ui "github.com/minio/console/portal-ui"
|
||||||
"github.com/minio/pkg/env"
|
"github.com/minio/pkg/env"
|
||||||
"github.com/minio/pkg/mimedb"
|
"github.com/minio/pkg/mimedb"
|
||||||
|
xnet "github.com/minio/pkg/net"
|
||||||
|
|
||||||
"github.com/go-openapi/errors"
|
"github.com/go-openapi/errors"
|
||||||
"github.com/go-openapi/swag"
|
"github.com/go-openapi/swag"
|
||||||
@@ -212,11 +213,11 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
|
|||||||
next = AuthenticationMiddleware(next)
|
next = AuthenticationMiddleware(next)
|
||||||
|
|
||||||
sslHostFn := secure.SSLHostFunc(func(host string) string {
|
sslHostFn := secure.SSLHostFunc(func(host string) string {
|
||||||
h, _, err := net.SplitHostPort(host)
|
xhost, err := xnet.ParseHost(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return host
|
return host
|
||||||
}
|
}
|
||||||
return net.JoinHostPort(h, TLSPort)
|
return net.JoinHostPort(xhost.Name, TLSPort)
|
||||||
})
|
})
|
||||||
|
|
||||||
// Secure middleware, this middleware wrap all the previous handlers and add
|
// Secure middleware, this middleware wrap all the previous handlers and add
|
||||||
@@ -257,6 +258,7 @@ func RejectS3Middleware(next http.Handler) http.Handler {
|
|||||||
strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") ||
|
strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") ||
|
||||||
r.URL.Query().Get("AWSAccessKeyId") != "" {
|
r.URL.Query().Get("AWSAccessKeyId") != "" {
|
||||||
w.WriteHeader(http.StatusForbidden)
|
w.WriteHeader(http.StatusForbidden)
|
||||||
|
w.Header().Set("Location", getMinIOServer())
|
||||||
w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
|
w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Error>
|
<Error>
|
||||||
<Code>AccessDenied</Code>
|
<Code>AccessDenied</Code>
|
||||||
|
|||||||
@@ -20,12 +20,11 @@ import (
|
|||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
|
||||||
"net/url"
|
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
policies "github.com/minio/console/restapi/policy"
|
policies "github.com/minio/console/restapi/policy"
|
||||||
|
"github.com/minio/madmin-go"
|
||||||
|
|
||||||
jwtgo "github.com/golang-jwt/jwt/v4"
|
jwtgo "github.com/golang-jwt/jwt/v4"
|
||||||
"github.com/minio/pkg/bucket/policy/condition"
|
"github.com/minio/pkg/bucket/policy/condition"
|
||||||
@@ -40,31 +39,6 @@ import (
|
|||||||
authApi "github.com/minio/console/restapi/operations/auth"
|
authApi "github.com/minio/console/restapi/operations/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
func isErasureMode() bool {
|
|
||||||
u, err := url.Parse(getMinIOServer())
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
u.Path = "/minio/health/cluster"
|
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodGet, u.String(), nil)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
clnt := GetConsoleHTTPClient()
|
|
||||||
resp, err := clnt.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
if resp.StatusCode != http.StatusOK {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
||||||
return resp.Header.Get("x-minio-write-quorum") != ""
|
|
||||||
}
|
|
||||||
|
|
||||||
func registerSessionHandlers(api *operations.ConsoleAPI) {
|
func registerSessionHandlers(api *operations.ConsoleAPI) {
|
||||||
// session check
|
// session check
|
||||||
api.AuthSessionCheckHandler = authApi.SessionCheckHandlerFunc(func(params authApi.SessionCheckParams, session *models.Principal) middleware.Responder {
|
api.AuthSessionCheckHandler = authApi.SessionCheckHandlerFunc(func(params authApi.SessionCheckParams, session *models.Principal) middleware.Responder {
|
||||||
@@ -94,6 +68,7 @@ func getClaimsFromToken(sessionToken string) (map[string]interface{}, error) {
|
|||||||
func getSessionResponse(ctx context.Context, session *models.Principal) (*models.SessionResponse, *models.Error) {
|
func getSessionResponse(ctx context.Context, session *models.Principal) (*models.SessionResponse, *models.Error) {
|
||||||
ctx, cancel := context.WithCancel(ctx)
|
ctx, cancel := context.WithCancel(ctx)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
// serialize output
|
// serialize output
|
||||||
if session == nil {
|
if session == nil {
|
||||||
return nil, ErrorWithContext(ctx, ErrInvalidSession)
|
return nil, ErrorWithContext(ctx, ErrInvalidSession)
|
||||||
@@ -116,6 +91,7 @@ func getSessionResponse(ctx context.Context, session *models.Principal) (*models
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, ErrorWithContext(ctx, err, ErrInvalidSession)
|
return nil, ErrorWithContext(ctx, err, ErrInvalidSession)
|
||||||
}
|
}
|
||||||
|
erasure := accountInfo.Server.Type == madmin.Erasure
|
||||||
rawPolicy := policies.ReplacePolicyVariables(tokenClaims, accountInfo)
|
rawPolicy := policies.ReplacePolicyVariables(tokenClaims, accountInfo)
|
||||||
policy, err := minioIAMPolicy.ParseConfig(bytes.NewReader(rawPolicy))
|
policy, err := minioIAMPolicy.ParseConfig(bytes.NewReader(rawPolicy))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -232,7 +208,7 @@ func getSessionResponse(ctx context.Context, session *models.Principal) (*models
|
|||||||
Features: getListOfEnabledFeatures(session),
|
Features: getListOfEnabledFeatures(session),
|
||||||
Status: models.SessionResponseStatusOk,
|
Status: models.SessionResponseStatusOk,
|
||||||
Operator: false,
|
Operator: false,
|
||||||
DistributedMode: isErasureMode(),
|
DistributedMode: erasure,
|
||||||
Permissions: resourcePermissions,
|
Permissions: resourcePermissions,
|
||||||
}
|
}
|
||||||
return sessionResp, nil
|
return sessionResp, nil
|
||||||
|
|||||||
@@ -51,27 +51,6 @@ func Test_getSessionResponse(t *testing.T) {
|
|||||||
want: nil,
|
want: nil,
|
||||||
wantErr: true,
|
wantErr: true,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
name: "malformed minio endpoint URL",
|
|
||||||
args: args{
|
|
||||||
ctx: ctx,
|
|
||||||
session: &models.Principal{
|
|
||||||
STSAccessKeyID: "",
|
|
||||||
STSSecretAccessKey: "",
|
|
||||||
STSSessionToken: "",
|
|
||||||
AccountAccessKey: "",
|
|
||||||
Hm: false,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
want: nil,
|
|
||||||
wantErr: true,
|
|
||||||
preFunc: func() {
|
|
||||||
os.Setenv(ConsoleMinIOServer, "malformed")
|
|
||||||
},
|
|
||||||
postFunc: func() {
|
|
||||||
os.Unsetenv(ConsoleMinIOServer)
|
|
||||||
},
|
|
||||||
},
|
|
||||||
{
|
{
|
||||||
name: "malformed session",
|
name: "malformed session",
|
||||||
args: args{
|
args: args{
|
||||||
@@ -89,6 +68,7 @@ func Test_getSessionResponse(t *testing.T) {
|
|||||||
},
|
},
|
||||||
}
|
}
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
|
tt := tt
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
if tt.preFunc != nil {
|
if tt.preFunc != nil {
|
||||||
tt.preFunc()
|
tt.preFunc()
|
||||||
|
|||||||
Reference in New Issue
Block a user