Revert "fix: remove deprecated MINIO_ACCESS_KEY, MINIO_SECRET_KEY envs (

minio#12173)" This reverts commit b0baaea.
ydkn · Apr 29, 2021 · 8cd89e1 · 8cd89e1
1 parent 091845d
commit 8cd89e1
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,9 @@ RUN  \
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

diff --git a/Dockerfile.cicd b/Dockerfile.cicd
@@ -15,7 +15,9 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 
 ARG TARGETARCH
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -8,6 +8,8 @@ COPY dockerscripts/docker-entrypoint.sh /usr/bin/
 COPY minio /usr/bin/
 
 ENV MINIO_UPDATE=off \
+    MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
     MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key

diff --git a/Dockerfile.release b/Dockerfile.release
@@ -12,7 +12,9 @@ LABEL name="MinIO" \
       summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
       description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"

diff --git a/cmd/common-main.go b/cmd/common-main.go
@@ -309,6 +309,15 @@ func handleCommonEnvVars() {
 	// in-place update is off.
 	globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.EnableOn), config.EnableOff)
 
+	if env.IsSet(config.EnvAccessKey) || env.IsSet(config.EnvSecretKey) {
+		cred, err := auth.CreateCredentials(env.Get(config.EnvAccessKey, ""), env.Get(config.EnvSecretKey, ""))
+		if err != nil {
+			logger.Fatal(config.ErrInvalidCredentials(err),
+				"Unable to validate credentials inherited from the shell environment")
+		}
+		globalActiveCred = cred
+	}
+
 	if env.IsSet(config.EnvRootUser) || env.IsSet(config.EnvRootPassword) {
 		cred, err := auth.CreateCredentials(env.Get(config.EnvRootUser, ""), env.Get(config.EnvRootPassword, ""))
 		if err != nil {

diff --git a/cmd/config/constants.go b/cmd/config/constants.go
@@ -24,6 +24,8 @@ const (
 
 // Top level common ENVs
 const (
+	EnvAccessKey    = "MINIO_ACCESS_KEY"
+	EnvSecretKey    = "MINIO_SECRET_KEY"
 	EnvRootUser     = "MINIO_ROOT_USER"
 	EnvRootPassword = "MINIO_ROOT_PASSWORD"
 

diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go
@@ -82,6 +82,8 @@ func TestMain(m *testing.M) {
 	// disable ENVs which interfere with tests.
 	for _, env := range []string{
 		crypto.EnvKMSAutoEncryption,
+		config.EnvAccessKey,
+		config.EnvSecretKey,
 		config.EnvRootUser,
 		config.EnvRootPassword,
 	} {

diff --git a/dockerscripts/docker-entrypoint.sh b/dockerscripts/docker-entrypoint.sh
@@ -8,6 +8,31 @@ if [ "${1}" != "minio" ]; then
     fi
 fi
 
+## Look for docker secrets at given absolute path or in default documented location.
+docker_secrets_env_old() {
+    if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
+        ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
+    else
+        ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
+    fi
+    if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
+        SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
+    else
+        SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
+    fi
+
+    if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
+        if [ -f "$ACCESS_KEY_FILE" ]; then
+            MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
+            export MINIO_ACCESS_KEY
+        fi
+        if [ -f "$SECRET_KEY_FILE" ]; then
+            MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
+            export MINIO_SECRET_KEY
+        fi
+    fi
+}
+
 docker_secrets_env() {
     if [ -f "$MINIO_ROOT_USER_FILE" ]; then
         ROOT_USER_FILE="$MINIO_ROOT_USER_FILE"
@@ -73,6 +98,9 @@ docker_switch_user() {
     fi
 }
 
+## Set access env from secrets if necessary.
+docker_secrets_env_old
+
 ## Set access env from secrets if necessary.
 docker_secrets_env