Ensure GetConsoleSTSClient() is used correctly (#425)
This commit is contained in:
Lenin Alevski
GitHub
@@ -307,7 +307,7 @@ func newAdminFromClaims(claims *models.Principal) (*madmin.AdminClient, error) {
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
adminClient.SetCustomTransport(getSTSClient().Transport)
|
||||
adminClient.SetCustomTransport(GetConsoleSTSClient().Transport)
|
||||
return adminClient, nil
|
||||
}
|
||||
|
||||
@@ -316,17 +316,20 @@ var (
|
||||
consoleSecretKey = getSecretKey()
|
||||
)
|
||||
|
||||
// stsClient is an http.Client with Custom TLS Transport that loads certificates from .console/certs/CAs
|
||||
// stsClient is a custom http client, this client should not be called directly and instead be
|
||||
// called using GetConsoleSTSClient() to ensure is initialized and the certificates are loaded correctly
|
||||
var stsClient *http.Client
|
||||
var consoleLDAPAdminCreds consoleCredentials
|
||||
|
||||
func getSTSClient() *http.Client {
|
||||
// GetConsoleSTSClient will initialize the console STS Client with Custom TLS Transport that with loads certs at .console/certs/CAs
|
||||
func GetConsoleSTSClient() *http.Client {
|
||||
if stsClient == nil {
|
||||
stsClient = PrepareSTSClient(false)
|
||||
}
|
||||
return stsClient
|
||||
}
|
||||
|
||||
var consoleLDAPAdminCreds consoleCredentials
|
||||
|
||||
func newSuperMAdminClient() (*madmin.AdminClient, error) {
|
||||
accessKey := consoleAccessKey
|
||||
secretKey := consoleSecretKey
|
||||
@@ -336,7 +339,7 @@ func newSuperMAdminClient() (*madmin.AdminClient, error) {
|
||||
if ldap.GetLDAPEnabled() {
|
||||
// initialize LDAP super Admin Credentials once
|
||||
if consoleLDAPAdminCreds.consoleCredentials == nil {
|
||||
consoleCredentialsFromLDAP, err := auth.GetCredentialsFromLDAP(getSTSClient(), MinioEndpoint, consoleAccessKey, consoleSecretKey)
|
||||
consoleCredentialsFromLDAP, err := auth.GetCredentialsFromLDAP(GetConsoleSTSClient(), MinioEndpoint, consoleAccessKey, consoleSecretKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -266,7 +266,6 @@ func (s consoleSTSAssumeRole) IsExpired() bool {
|
||||
return s.stsAssumeRole.IsExpired()
|
||||
}
|
||||
|
||||
// STSClient contains http.client configuration need it by STSAssumeRole
|
||||
var (
|
||||
MinioEndpoint = getMinIOServer()
|
||||
)
|
||||
@@ -289,7 +288,7 @@ func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.
|
||||
if MinioEndpoint == "" {
|
||||
return nil, errors.New("endpoint cannot be empty for AssumeRoleSTS")
|
||||
}
|
||||
creds, err := auth.GetCredentialsFromLDAP(stsClient, MinioEndpoint, accessKey, secretKey)
|
||||
creds, err := auth.GetCredentialsFromLDAP(GetConsoleSTSClient(), MinioEndpoint, accessKey, secretKey)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -308,7 +307,7 @@ func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.
|
||||
DurationSeconds: xjwt.GetConsoleSTSDurationInSeconds(),
|
||||
}
|
||||
stsAssumeRole := &credentials.STSAssumeRole{
|
||||
Client: stsClient,
|
||||
Client: GetConsoleSTSClient(),
|
||||
STSEndpoint: MinioEndpoint,
|
||||
Options: opts,
|
||||
}
|
||||
@@ -331,7 +330,7 @@ func newMinioClient(claims *models.Principal) (*minio.Client, error) {
|
||||
minioClient, err := minio.New(getMinIOEndpoint(), &minio.Options{
|
||||
Creds: creds,
|
||||
Secure: getMinIOEndpointIsSecure(),
|
||||
Transport: stsClient.Transport,
|
||||
Transport: GetConsoleSTSClient().Transport,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
Reference in New Issue
Block a user