fix: GetAllCertificatesAndCAs shouldn't fail internally (#810)

all libraries in pkg/* should never be called Fatal()
internally, the console is imported now and it is important
that the failure logging etc is all well controlled.

Bonus: update to latest minio/pkg v1.0.6 to get trial
customer license verification fixes.

cmd/console/server.go

@@ -140,14 +140,18 @@ func loadAllCerts(ctx *cli.Context) error {
 	certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)}
 	// check if certs and CAs directories exists or can be created
 	if err = certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()); err != nil {
-		return fmt.Errorf("unable to create certs CA directory at %s: with %w", certs.GlobalCertsCADir.Get(), err)
+		return fmt.Errorf("unable to create certs CA directory at %s: failed with %w", certs.GlobalCertsCADir.Get(), err)
 	}
+
 	var manager *xcerts.Manager
 	// load the certificates and the CAs
-	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, manager = certs.GetAllCertificatesAndCAs()
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, manager, err = certs.GetAllCertificatesAndCAs()
 	restapi.GlobalTLSCertsManager = &certs.TLSCertsManager{
 		Manager: manager,
 	}
+	if err != nil {
+		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
+	}
 
 	{
 		// TLS flags from swagger server, used to support VMware vsphere operator version.

go.mod

@@ -23,7 +23,7 @@ require (
 	github.com/minio/minio-go/v7 v7.0.11-0.20210517200026-f0518ca447d6
 	github.com/minio/operator v0.0.0-20210604224119-7e256f98cf90
 	github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90
-	github.com/minio/pkg v1.0.4
+	github.com/minio/pkg v1.0.6
 	github.com/minio/selfupdate v0.3.1
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect

go.sum

@@ -891,8 +891,9 @@ github.com/minio/operator v0.0.0-20210604224119-7e256f98cf90/go.mod h1:8/mIXK+CF
 github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90 h1:Qu6j6oE7+QNuq7Kr2DLyVYq3fqMdqFd/T8NAeNp47og=
 github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90/go.mod h1:R+38Pf3wfm+JMiyLPb/r8OMrBm0vK2hZgUT4y4aYoSY=
 github.com/minio/pkg v1.0.3/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
-github.com/minio/pkg v1.0.4 h1:+BmaCENP6BaMm9PsGK6L1L5MKulWDxl4qobvJYf6m/E=
 github.com/minio/pkg v1.0.4/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
+github.com/minio/pkg v1.0.6 h1:82cyFqL69nSPjprO0+P2T/Rj0AAEljmpUdFjJhpvzvI=
+github.com/minio/pkg v1.0.6/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
 github.com/minio/selfupdate v0.3.1 h1:BWEFSNnrZVMUWXbXIgLDNDjbejkmpAmZvy/nCz1HlEs=
 github.com/minio/selfupdate v0.3.1/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=

pkg/certs/certs.go

@@ -27,7 +27,6 @@ import (
 	"errors"
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -313,18 +312,18 @@ func GetTLSConfig() (x509Certs []*x509.Certificate, manager *xcerts.Manager, err
 	return x509Certs, manager, nil
 }
 
-func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Manager) {
+func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Manager, error) {
 	// load all CAs from ~/.console/certs/CAs
 	GlobalRootCAs, err := xcerts.GetRootCAs(GlobalCertsCADir.Get())
 	if err != nil {
-		log.Fatalln(err)
+		return nil, nil, nil, err
 	}
 	// load all certs from ~/.console/certs
 	globalPublicCerts, globalTLSCertsManager, err := GetTLSConfig()
 	if err != nil {
-		log.Fatalln(err)
+		return nil, nil, nil, err
 	}
-	return GlobalRootCAs, globalPublicCerts, globalTLSCertsManager
+	return GlobalRootCAs, globalPublicCerts, globalTLSCertsManager, nil
 }
 
 // TLSCertsManager custom TLS Manager for SNI support