mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support Usage API talk to MinIO over TLS with Insecure (#241)

Browse Source 
* Support Usage API talk to MinIO over TLS with Insecure

Right now if MinIO is running  with TLS, and the certificate is not trusted by console, we fail usage requests. We need to leverage the support for insecure connections so we can read Health Checks and Usage information.

* Remove unusd import
This commit is contained in:
Daniel Valdivia
2020-08-09 14:36:55 -07:00
committed by GitHub
parent 6eb5731eb5
commit bdfa6dc9bf
5 changed files with 34 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
restapi/tls.go
View File

@@ -30,12 +30,24 @@ var (
certDontExists = "File certificate doesn't exists: %s"
)
func prepareSTSClientTransport() *http.Transport {
func prepareSTSClientTransport(insecure bool) *http.Transport {
// This takes github.com/minio/minio/pkg/madmin/transport.go as an example
//
// DefaultTransport - this default transport is similar to
// http.DefaultTransport but with additional param DisableCompression
// is set to true to avoid decompressing content with 'gzip' encoding.
// Keep TLS config.
tlsConfig := &tls.Config{
// Can't use SSLv3 because of POODLE and BEAST
// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
// Can't use TLSv1.1 because of RC4 cipher usage
MinVersion: tls.VersionTLS12,
}
if insecure {
tlsConfig.InsecureSkipVerify = true
}
DefaultTransport := &http.Transport{
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
@@ -49,6 +61,7 @@ func prepareSTSClientTransport() *http.Transport {
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
DisableCompression: true,
TLSClientConfig: tlsConfig,
}
// If Minio instance is running with TLS enabled and it's using a self-signed certificate
// or a certificate issued by a custom certificate authority we prepare a new custom *http.Transport
@@ -86,10 +99,11 @@ func prepareSTSClientTransport() *http.Transport {
// PrepareSTSClient returns an http.Client with custom configurations need it by *credentials.STSAssumeRole
// custom configurations include the use of CA certificates
func PrepareSTSClient() *http.Client {
transport := prepareSTSClientTransport()
func PrepareSTSClient(insecure bool) *http.Client {
transport := prepareSTSClientTransport(insecure)
// Return http client with default configuration
return &http.Client{
c := &http.Client{
Transport: transport,
}
return c
}