Move etcd, logger, crypto into their own packages (minio#8366)

- Deprecates _MINIO_PROFILER, `mc admin profile` does the job
- Move ENVs to common location in cmd/config/

.travis.yml

@@ -35,7 +35,6 @@ matrix:
         - make verifiers
         - make crosscompile
         - make verify
-        - make coverage
         - cd browser && yarn && yarn test && cd ..
         - bash -c 'shopt -s globstar; shellcheck mint/**/*.sh'
 
@@ -47,7 +46,7 @@ matrix:
       go: 1.13.x
       script:
         - go build --ldflags="$(go run buildscripts/gen-ldflags.go)" -o %GOPATH%\bin\minio.exe
-        - bash buildscripts/go-coverage.sh
+        - CGO_ENABLED=1 go test -v --timeout 20m ./...
 
 before_script:
   # Add an IPv6 config - see the corresponding Travis issue

Makefile

@@ -64,8 +64,10 @@ test: verifiers build
 	@echo "Running unit tests"
 	@GO111MODULE=on CGO_ENABLED=0 go test -tags kqueue ./... 1>/dev/null
 
-verify: build
+# Verify minio binary, enable races as well
+verify:
 	@echo "Verifying build"
+	@GO111MODULE=on CGO_ENABLED=1 go build -race -tags kqueue --ldflags $(BUILD_LDFLAGS) -o $(PWD)/minio 1>/dev/null
 	@(env bash $(PWD)/buildscripts/verify-build.sh)
 
 coverage: build

cmd/admin-handlers.go

@@ -1722,7 +1722,7 @@ func (a adminAPIHandlers) KMSKeyStatusHandler(w http.ResponseWriter, r *http.Req
 
 	keyID := r.URL.Query().Get("key-id")
 	if keyID == "" {
-		keyID = globalKMSKeyID
+		keyID = GlobalKMS.KeyID()
 	}
 	var response = madmin.KMSKeyStatus{
 		KeyID: keyID,

cmd/api-errors_test.go

@@ -19,6 +19,8 @@ package cmd
 import (
 	"context"
 	"errors"
+	"os"
+	"path/filepath"
 	"testing"
 
 	"github.com/minio/minio/cmd/crypto"
@@ -65,6 +67,11 @@ var toAPIErrorTests = []struct {
 }
 
 func TestAPIErrCode(t *testing.T) {
+	disk := filepath.Join(globalTestTmpDir, "minio-"+nextSuffix())
+	defer os.RemoveAll(disk)
+
+	initFSObjects(disk, t)
+
 	ctx := context.Background()
 	for i, testCase := range toAPIErrorTests {
 		errCode := toAPIErrorCode(ctx, testCase.err)

cmd/common-main.go

@@ -1,5 +1,5 @@
 /*
- * MinIO Cloud Storage, (C) 2017, 2018 MinIO, Inc.
+ * MinIO Cloud Storage, (C) 2017-2019 MinIO, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,24 +17,23 @@
 package cmd
 
 import (
-	"crypto/tls"
+	"crypto/x509"
 	"errors"
 	"net"
 	"path/filepath"
 	"strings"
 	"time"
 
-	etcd "github.com/coreos/etcd/clientv3"
 	dns2 "github.com/miekg/dns"
 	"github.com/minio/cli"
 	"github.com/minio/minio-go/v6/pkg/set"
 	"github.com/minio/minio/cmd/config"
+	"github.com/minio/minio/cmd/config/etcd"
 	"github.com/minio/minio/cmd/logger"
-	"github.com/minio/minio/cmd/logger/target/http"
 	"github.com/minio/minio/pkg/auth"
+	"github.com/minio/minio/pkg/certs"
 	"github.com/minio/minio/pkg/dns"
 	"github.com/minio/minio/pkg/env"
-	xnet "github.com/minio/minio/pkg/net"
 )
 
 func verifyObjectLayerFeatures(name string, objAPI ObjectLayer) {
@@ -71,36 +70,6 @@ func checkUpdate(mode string) {
 	}
 }
 
-// Load logger targets based on user's configuration
-func loadLoggers() {
-	loggerUserAgent := getUserAgent(getMinioMode())
-
-	auditEndpoint, ok := env.Lookup("MINIO_AUDIT_LOGGER_HTTP_ENDPOINT")
-	if ok {
-		// Enable audit HTTP logging through ENV.
-		logger.AddAuditTarget(http.New(auditEndpoint, loggerUserAgent, NewCustomHTTPTransport()))
-	}
-
-	loggerEndpoint, ok := env.Lookup("MINIO_LOGGER_HTTP_ENDPOINT")
-	if ok {
-		// Enable HTTP logging through ENV.
-		logger.AddTarget(http.New(loggerEndpoint, loggerUserAgent, NewCustomHTTPTransport()))
-	} else {
-		for _, l := range globalServerConfig.Logger.HTTP {
-			if l.Enabled {
-				// Enable http logging
-				logger.AddTarget(http.New(l.Endpoint, loggerUserAgent, NewCustomHTTPTransport()))
-			}
-		}
-	}
-
-	if globalServerConfig.Logger.Console.Enabled {
-		// Enable console logging
-		logger.AddTarget(globalConsoleSys.Console())
-	}
-
-}
-
 func newConfigDirFromCtx(ctx *cli.Context, option string, getDefaultDir func() string) (*ConfigDir, bool) {
 	var dir string
 	var dirSet bool
@@ -190,15 +159,8 @@ func handleCommonCmdArgs(ctx *cli.Context) {
 }
 
 func handleCommonEnvVars() {
-	// Start profiler if env is set.
-	if profiler := env.Get("_MINIO_PROFILER", ""); profiler != "" {
-		var err error
-		globalProfiler, err = startProfiler(profiler, "")
-		logger.FatalIf(err, "Unable to setup a profiler")
-	}
-
-	accessKey := env.Get("MINIO_ACCESS_KEY", "")
-	secretKey := env.Get("MINIO_SECRET_KEY", "")
+	accessKey := env.Get(config.EnvAccessKey, "")
+	secretKey := env.Get(config.EnvSecretKey, "")
 	if accessKey != "" && secretKey != "" {
 		cred, err := auth.CreateCredentials(accessKey, secretKey)
 		if err != nil {
@@ -211,8 +173,8 @@ func handleCommonEnvVars() {
 		globalActiveCred = cred
 	}
 
-	if browser := env.Get("MINIO_BROWSER", "on"); browser != "" {
-		browserFlag, err := ParseBoolFlag(browser)
+	if browser := env.Get(config.EnvBrowser, "on"); browser != "" {
+		browserFlag, err := config.ParseBoolFlag(browser)
 		if err != nil {
 			logger.Fatal(config.ErrInvalidBrowserValue(nil).Msg("Unknown value `%s`", browser), "Invalid MINIO_BROWSER value in environment variable")
 		}
@@ -223,65 +185,23 @@ func handleCommonEnvVars() {
 		globalIsBrowserEnabled = bool(browserFlag)
 	}
 
-	etcdEndpointsEnv, ok := env.Lookup("MINIO_ETCD_ENDPOINTS")
-	if ok {
-		etcdEndpoints := strings.Split(etcdEndpointsEnv, ",")
-
-		var etcdSecure bool
-		for _, endpoint := range etcdEndpoints {
-			u, err := xnet.ParseURL(endpoint)
-			if err != nil {
-				logger.FatalIf(err, "Unable to initialize etcd with %s", etcdEndpoints)
-			}
-			// If one of the endpoint is https, we will use https directly.
-			etcdSecure = etcdSecure || u.Scheme == "https"
-		}
-
-		var err error
-		if etcdSecure {
-			// This is only to support client side certificate authentication
-			// https://coreos.com/etcd/docs/latest/op-guide/security.html
-			etcdClientCertFile, ok1 := env.Lookup("MINIO_ETCD_CLIENT_CERT")
-			etcdClientCertKey, ok2 := env.Lookup("MINIO_ETCD_CLIENT_CERT_KEY")
-			var getClientCertificate func(*tls.CertificateRequestInfo) (*tls.Certificate, error)
-			if ok1 && ok2 {
-				getClientCertificate = func(unused *tls.CertificateRequestInfo) (*tls.Certificate, error) {
-					cert, terr := tls.LoadX509KeyPair(etcdClientCertFile, etcdClientCertKey)
-					return &cert, terr
-				}
-			}
-
-			globalEtcdClient, err = etcd.New(etcd.Config{
-				Endpoints:         etcdEndpoints,
-				DialTimeout:       defaultDialTimeout,
-				DialKeepAliveTime: defaultDialKeepAlive,
-				TLS: &tls.Config{
-					RootCAs:              globalRootCAs,
-					GetClientCertificate: getClientCertificate,
-				},
-			})
-		} else {
-			globalEtcdClient, err = etcd.New(etcd.Config{
-				Endpoints:         etcdEndpoints,
-				DialTimeout:       defaultDialTimeout,
-				DialKeepAliveTime: defaultDialKeepAlive,
-			})
-		}
-		logger.FatalIf(err, "Unable to initialize etcd with %s", etcdEndpoints)
+	var err error
+	globalEtcdClient, err = etcd.New(globalRootCAs)
+	if err != nil {
+		logger.FatalIf(err, "Unable to initialize etcd config")
 	}
 
-	v, ok := env.Lookup("MINIO_DOMAIN")
-	if ok {
-		for _, domainName := range strings.Split(v, ",") {
-			if _, ok = dns2.IsDomainName(domainName); !ok {
+	for _, domainName := range strings.Split(env.Get(config.EnvDomain, ""), ",") {
+		if domainName != "" {
+			if _, ok := dns2.IsDomainName(domainName); !ok {
 				logger.Fatal(config.ErrInvalidDomainValue(nil).Msg("Unknown value `%s`", domainName),
 					"Invalid MINIO_DOMAIN value in environment variable")
 			}
 			globalDomainNames = append(globalDomainNames, domainName)
 		}
 	}
 
-	minioEndpointsEnv, ok := env.Lookup("MINIO_PUBLIC_IPS")
+	minioEndpointsEnv, ok := env.Lookup(config.EnvPublicIPs)
 	if ok {
 		minioEndpoints := strings.Split(minioEndpointsEnv, ",")
 		var domainIPs = set.NewStringSet()
@@ -315,11 +235,11 @@ func handleCommonEnvVars() {
 	// In place update is true by default if the MINIO_UPDATE is not set
 	// or is not set to 'off', if MINIO_UPDATE is set to 'off' then
 	// in-place update is off.
-	globalInplaceUpdateDisabled = strings.EqualFold(env.Get("MINIO_UPDATE", "off"), "off")
+	globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, "off"), "off")
 
 	// Get WORM environment variable.
-	if worm := env.Get("MINIO_WORM", "off"); worm != "" {
-		wormFlag, err := ParseBoolFlag(worm)
+	if worm := env.Get(config.EnvWorm, "off"); worm != "" {
+		wormFlag, err := config.ParseBoolFlag(worm)
 		if err != nil {
 			logger.Fatal(config.ErrInvalidWormValue(nil).Msg("Unknown value `%s`", worm), "Invalid MINIO_WORM value in environment variable")
 		}
@@ -338,3 +258,21 @@ func logStartupMessage(msg string, data ...interface{}) {
 	}
 	logger.StartupMessage(msg, data...)
 }
+
+func getTLSConfig() (x509Certs []*x509.Certificate, c *certs.Certs, secureConn bool, err error) {
+	if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) {
+		return nil, nil, false, nil
+	}
+
+	if x509Certs, err = config.ParsePublicCertFile(getPublicCertFile()); err != nil {
+		return nil, nil, false, err
+	}
+
+	c, err = certs.New(getPublicCertFile(), getPrivateKeyFile(), config.LoadX509KeyPair)
+	if err != nil {
+		return nil, nil, false, err
+	}
+
+	secureConn = true
+	return x509Certs, c, secureConn, nil
+}

cmd/config-current.go

@@ -21,6 +21,7 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
+	"strings"
 	"sync"
 
 	"github.com/minio/minio/cmd/config"
@@ -31,6 +32,7 @@ import (
 	"github.com/minio/minio/cmd/crypto"
 	xhttp "github.com/minio/minio/cmd/http"
 	"github.com/minio/minio/cmd/logger"
+	"github.com/minio/minio/cmd/logger/target/http"
 	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/env"
 	"github.com/minio/minio/pkg/event"
@@ -111,7 +113,7 @@ func (s *serverConfig) GetCredential() auth.Credentials {
 // SetWorm set if worm is enabled.
 func (s *serverConfig) SetWorm(b bool) {
 	// Set the new value.
-	s.Worm = BoolFlag(b)
+	s.Worm = config.BoolFlag(b)
 }
 
 // GetStorageClass reads storage class fields from current config.
@@ -271,16 +273,27 @@ func (s *serverConfig) lookupConfigs() {
 		globalCacheMaxUse = s.Cache.MaxUse
 
 		if cacheEncKey := env.Get(cache.EnvCacheEncryptionMasterKey, ""); cacheEncKey != "" {
-			globalCacheKMSKeyID, globalCacheKMS, err = parseKMSMasterKey(cacheEncKey)
+			globalCacheKMS, err = crypto.ParseMasterKey(cacheEncKey)
 			if err != nil {
 				logger.FatalIf(config.ErrInvalidCacheEncryptionKey(err),
 					"Unable to setup encryption cache")
 			}
 		}
 	}
 
-	if err = LookupKMSConfig(s.KMS); err != nil {
-		logger.FatalIf(err, "Unable to setup KMS")
+	s.KMS, err = crypto.LookupConfig(s.KMS)
+	if err != nil {
+		logger.FatalIf(err, "Unable to setup KMS config")
+	}
+
+	GlobalKMS, err = crypto.NewKMS(s.KMS)
+	if err != nil {
+		logger.FatalIf(err, "Unable to setup KMS with current KMS config")
+	}
+
+	globalAutoEncryption = strings.EqualFold(env.Get(crypto.EnvAutoEncryption, "off"), "on")
+	if globalAutoEncryption && GlobalKMS == nil {
+		logger.FatalIf(errors.New("Invalid KMS configuration: auto-encryption is enabled but no valid KMS configuration is present"), "")
 	}
 
 	s.Compression, err = compress.LookupConfig(s.Compression)
@@ -311,6 +324,34 @@ func (s *serverConfig) lookupConfigs() {
 	if err != nil {
 		logger.FatalIf(err, "Unable to parse LDAP configuration from env")
 	}
+
+	// Load logger targets based on user's configuration
+	loggerUserAgent := getUserAgent(getMinioMode())
+
+	s.Logger, err = logger.LookupConfig(s.Logger)
+	if err != nil {
+		logger.FatalIf(err, "Unable to initialize logger")
+	}
+
+	for _, l := range s.Logger.HTTP {
+		if l.Enabled {
+			// Enable http logging
+			logger.AddTarget(http.New(l.Endpoint, loggerUserAgent, NewCustomHTTPTransport()))
+		}
+	}
+
+	for _, l := range s.Logger.Audit {
+		if l.Enabled {
+			// Enable http audit logging
+			logger.AddAuditTarget(http.New(l.Endpoint, loggerUserAgent, NewCustomHTTPTransport()))
+		}
+	}
+
+	if s.Logger.Console.Enabled {
+		// Enable console logging
+		logger.AddTarget(globalConsoleSys.Console())
+	}
+
 }
 
 // TestNotificationTargets tries to establish connections to all notification
@@ -531,8 +572,8 @@ func newServerConfig() *serverConfig {
 	// Console logging is on by default
 	srvCfg.Logger.Console.Enabled = true
 	// Create an example of HTTP logger
-	srvCfg.Logger.HTTP = make(map[string]loggerHTTP)
-	srvCfg.Logger.HTTP["target1"] = loggerHTTP{Endpoint: "https://username:[email protected]/api"}
+	srvCfg.Logger.HTTP = make(map[string]logger.HTTP)
+	srvCfg.Logger.HTTP["target1"] = logger.HTTP{Endpoint: "https://username:[email protected]/api"}
 
 	return srvCfg
 }