config

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2020 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Default = madmin.Default
	Enable  = madmin.EnableKey
	Comment = madmin.CommentKey

	// Enable values
	EnableOn  = madmin.EnableOn
	EnableOff = madmin.EnableOff

	RegionName = "name"
	AccessKey  = "access_key"
	SecretKey  = "secret_key"
)

Default keys

View Source 
const (
	CredentialsSubSys    = "credentials"
	PolicyOPASubSys      = "policy_opa"
	IdentityOpenIDSubSys = "identity_openid"
	IdentityLDAPSubSys   = "identity_ldap"
	CacheSubSys          = "cache"
	RegionSubSys         = "region"
	EtcdSubSys           = "etcd"
	StorageClassSubSys   = "storage_class"
	CompressionSubSys    = "compression"
	KmsVaultSubSys       = "kms_vault"
	KmsKesSubSys         = "kms_kes"
	LoggerWebhookSubSys  = "logger_webhook"
	AuditWebhookSubSys   = "audit_webhook"
)

Top level config constants.

View Source 
const (
	NotifyKafkaSubSys    = "notify_kafka"
	NotifyMQTTSubSys     = "notify_mqtt"
	NotifyMySQLSubSys    = "notify_mysql"
	NotifyNATSSubSys     = "notify_nats"
	NotifyNSQSubSys      = "notify_nsq"
	NotifyESSubSys       = "notify_elasticsearch"
	NotifyAMQPSubSys     = "notify_amqp"
	NotifyPostgresSubSys = "notify_postgres"
	NotifyRedisSubSys    = "notify_redis"
	NotifyWebhookSubSys  = "notify_webhook"
)

Notification config constants.

View Source 
const (
	SubSystemSeparator = madmin.SubSystemSeparator
	KvSeparator        = madmin.KvSeparator
	KvSpaceSeparator   = madmin.KvSpaceSeparator
	KvComment          = madmin.KvComment
	KvNewline          = madmin.KvNewline
	KvDoubleQuote      = madmin.KvDoubleQuote
	KvSingleQuote      = madmin.KvSingleQuote

	// Env prefix used for all envs in MinIO
	EnvPrefix        = "MINIO_"
	EnvWordDelimiter = `_`
)

Constant separators

View Source 
const (
	EnvAccessKey    = "MINIO_ACCESS_KEY"
	EnvSecretKey    = "MINIO_SECRET_KEY"
	EnvAccessKeyOld = "MINIO_ACCESS_KEY_OLD"
	EnvSecretKeyOld = "MINIO_SECRET_KEY_OLD"
	EnvBrowser      = "MINIO_BROWSER"
	EnvDomain       = "MINIO_DOMAIN"
	EnvRegionName   = "MINIO_REGION_NAME"
	EnvPublicIPs    = "MINIO_PUBLIC_IPS"
	EnvEndpoints    = "MINIO_ENDPOINTS"

	EnvUpdate = "MINIO_UPDATE"

	EnvWorm   = "MINIO_WORM"   // legacy
	EnvRegion = "MINIO_REGION" // legacy
)

Top level common ENVs

View Source 
const DefaultComment = "optionally add a comment to this setting"

DefaultComment used across all sub-systems.

View Source 
const EnvCertPassword = "MINIO_CERT_PASSWD"

EnvCertPassword is the environment variable which contains the password used to decrypt the TLS private key. It must be set if the TLS private key is password protected.

View Source 
const (
	ValueSeparator = ","
)

Config value separator

Variables

View Source 
var (
	DefaultCredentialKVS = KVS{
		KV{
			Key:   AccessKey,
			Value: auth.DefaultAccessKey,
		},
		KV{
			Key:   SecretKey,
			Value: auth.DefaultSecretKey,
		},
	}

	DefaultRegionKVS = KVS{
		KV{
			Key:   RegionName,
			Value: "",
		},
	}
)

Default KV configs for worm and region

View Source 
var (
	ErrInvalidBrowserValue = newErrFn(
		"Invalid browser value",
		"Please check the passed value",
		"Browser can only accept `on` and `off` values. To disable web browser access, set this value to `off`",
	)

	ErrInvalidDomainValue = newErrFn(
		"Invalid domain value",
		"Please check the passed value",
		"Domain can only accept DNS compatible values",
	)

	ErrInvalidErasureSetSize = newErrFn(
		"Invalid erasure set size",
		"Please check the passed value",
		"Erasure set can only accept any of [4, 6, 8, 10, 12, 14, 16] values",
	)

	ErrInvalidWormValue = newErrFn(
		"Invalid WORM value",
		"Please check the passed value",
		"WORM can only accept `on` and `off` values. To enable WORM, set this value to `on`",
	)

	ErrInvalidCacheDrivesValue = newErrFn(
		"Invalid cache drive value",
		"Please check the value in this ENV variable",
		"MINIO_CACHE_DRIVES: Mounted drives or directories are delimited by `,`",
	)

	ErrInvalidCacheExcludesValue = newErrFn(
		"Invalid cache excludes value",
		"Please check the passed value",
		"MINIO_CACHE_EXCLUDE: Cache exclusion patterns are delimited by `,`",
	)

	ErrInvalidCacheExpiryValue = newErrFn(
		"Invalid cache expiry value",
		"Please check the passed value",
		"MINIO_CACHE_EXPIRY: Valid cache expiry duration must be in days",
	)

	ErrInvalidCacheQuota = newErrFn(
		"Invalid cache quota value",
		"Please check the passed value",
		"MINIO_CACHE_QUOTA: Valid cache quota value must be between 0-100",
	)

	ErrInvalidCacheEncryptionKey = newErrFn(
		"Invalid cache encryption master key value",
		"Please check the passed value",
		"MINIO_CACHE_ENCRYPTION_MASTER_KEY: For more information, please refer to https://docs.min.io/docs/minio-disk-cache-guide",
	)

	ErrInvalidRotatingCredentialsBackendEncrypted = newErrFn(
		"Invalid rotating credentials",
		"Please set correct rotating credentials in the environment for decryption",
		`Detected encrypted config backend, correct old access and secret keys should be specified via environment variables MINIO_ACCESS_KEY_OLD and MINIO_SECRET_KEY_OLD to be able to re-encrypt the MinIO config, user IAM and policies with new credentials`,
	)

	ErrInvalidCredentialsBackendEncrypted = newErrFn(
		"Invalid credentials",
		"Please set correct credentials in the environment for decryption",
		`Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY to be able to decrypt the MinIO config, user IAM and policies`,
	)

	ErrMissingCredentialsBackendEncrypted = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`Detected encrypted config backend, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY to be able to decrypt the MinIO config, user IAM and policies`,
	)

	ErrInvalidCredentials = newErrFn(
		"Invalid credentials",
		"Please provide correct credentials",
		`Access key length should be at least 3, and secret key length at least 8 characters`,
	)

	ErrEnvCredentialsMissingGateway = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`In Gateway mode, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY respectively`,
	)

	ErrEnvCredentialsMissingDistributed = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`In distributed server mode, access and secret keys should be specified via environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY respectively`,
	)

	ErrInvalidErasureEndpoints = newErrFn(
		"Invalid endpoint(s) in erasure mode",
		"Please provide correct combination of local/remote paths",
		"For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide",
	)

	ErrInvalidNumberOfErasureEndpoints = newErrFn(
		"Invalid total number of endpoints for erasure mode",
		"Please provide an even number of endpoints greater or equal to 4",
		"For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide",
	)

	ErrStorageClassValue = newErrFn(
		"Invalid storage class value",
		"Please check the value",
		`MINIO_STORAGE_CLASS_STANDARD: Format "EC:<Default_Parity_Standard_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Standard mode. Objects are stored in Standard mode, if storage class is not defined in Put request
MINIO_STORAGE_CLASS_RRS: Format "EC:<Default_Parity_Reduced_Redundancy_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Reduced Redundancy mode. Objects are stored in Reduced Redundancy mode, if Put request specifies RRS storage class
Refer to the link https://github.com/RTradeLtd/s3x/tree/master/docs/erasure/storage-class for more information`,
	)

	ErrUnexpectedBackendVersion = newErrFn(
		"Backend version seems to be too recent",
		"Please update to the latest MinIO version",
		"",
	)

	ErrInvalidAddressFlag = newErrFn(
		"--address input is invalid",
		"Please check --address parameter",
		`--address binds to a specific ADDRESS:PORT, ADDRESS can be an IPv4/IPv6 address or hostname (default port is ':9000')
	Examples: --address ':443'
		  --address '172.16.34.31:9000'
		  --address '[fe80::da00:a6c8:e3ae:ddd7]:9000'`,
	)

	ErrInvalidFSEndpoint = newErrFn(
		"Invalid endpoint for standalone FS mode",
		"Please check the FS endpoint",
		`FS mode requires only one writable disk path
Example 1:
   $ minio server /data/minio/`,
	)

	ErrUnableToWriteInBackend = newErrFn(
		"Unable to write to the backend",
		"Please ensure MinIO binary has write permissions for the backend",
		`Verify if MinIO binary is running as the same user who has write permissions for the backend`,
	)

	ErrPortAlreadyInUse = newErrFn(
		"Port is already in use",
		"Please ensure no other program uses the same address/port",
		"",
	)

	ErrPortAccess = newErrFn(
		"Unable to use specified port",
		"Please ensure MinIO binary has 'cap_net_bind_service=+ep' permissions",
		`Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`,
	)

	ErrNoPermissionsToAccessDirFiles = newErrFn(
		"Missing permissions to access the specified path",
		"Please ensure the specified path can be accessed",
		"",
	)

	ErrSSLUnexpectedError = newErrFn(
		"Invalid TLS certificate",
		"Please check the content of your certificate data",
		`Only PEM (x.509) format is accepted as valid public & private certificates`,
	)

	ErrSSLUnexpectedData = newErrFn(
		"Invalid TLS certificate",
		"Please check your certificate",
		"",
	)

	ErrSSLNoPassword = newErrFn(
		"Missing TLS password",
		"Please set the password to environment variable `MINIO_CERT_PASSWD` so that the private key can be decrypted",
		"",
	)

	ErrNoCertsAndHTTPSEndpoints = newErrFn(
		"HTTPS specified in endpoints, but no TLS certificate is found on the local machine",
		"Please add TLS certificate or use HTTP endpoints only",
		"Refer to https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls for information about how to load a TLS certificate in your server",
	)

	ErrCertsAndHTTPEndpoints = newErrFn(
		"HTTP specified in endpoints, but the server in the local machine is configured with a TLS certificate",
		"Please remove the certificate in the configuration directory or switch to HTTPS",
		"",
	)

	ErrSSLWrongPassword = newErrFn(
		"Unable to decrypt the private key using the provided password",
		"Please set the correct password in environment variable `MINIO_CERT_PASSWD`",
		"",
	)

	ErrUnexpectedDataContent = newErrFn(
		"Unexpected data content",
		"Please contact MinIO at https://slack.min.io",
		"",
	)

	ErrUnexpectedError = newErrFn(
		"Unexpected error",
		"Please contact MinIO at https://slack.min.io",
		"",
	)

	ErrInvalidCompressionIncludesValue = newErrFn(
		"Invalid compression include value",
		"Please check the passed value",
		"Compress extensions/mime-types are delimited by `,`. For eg, MINIO_COMPRESS_MIME_TYPES=\"A,B,C\"",
	)

	ErrInvalidGWSSEValue = newErrFn(
		"Invalid gateway SSE value",
		"Please check the passed value",
		"MINIO_GATEWAY_SSE: Gateway SSE accepts only C and S3 as valid values. Delimit by `;` to set more than one value",
	)

	ErrInvalidGWSSEEnvValue = newErrFn(
		"Invalid gateway SSE configuration",
		"",
		"Refer to https://docs.min.io/docs/minio-kms-quickstart-guide.html for setting up SSE",
	)
)

UI errors

View Source 
var DefaultKVS map[string]KVS

DefaultKVS - default kvs for all sub-systems

View Source 
var HelpSubSysMap map[string]HelpKVS

HelpSubSysMap - help for all individual KVS for each sub-systems also carries a special empty sub-system which dumps help for each sub-system key.

View Source 
var (
	RegionHelp = HelpKVS{
		HelpKV{
			Key:         RegionName,
			Type:        "string",
			Description: `name of the location of the server e.g. "us-west-rack2"`,
			Optional:    true,
		},
		HelpKV{
			Key:         Comment,
			Type:        "sentence",
			Description: DefaultComment,
			Optional:    true,
		},
	}
)

Region and Worm help is documented in default config

View Source 
var SubSystems = set.CreateStringSet([]string{
	CredentialsSubSys,
	RegionSubSys,
	EtcdSubSys,
	CacheSubSys,
	StorageClassSubSys,
	CompressionSubSys,
	KmsVaultSubSys,
	KmsKesSubSys,
	LoggerWebhookSubSys,
	AuditWebhookSubSys,
	PolicyOPASubSys,
	IdentityLDAPSubSys,
	IdentityOpenIDSubSys,
	NotifyAMQPSubSys,
	NotifyESSubSys,
	NotifyKafkaSubSys,
	NotifyMQTTSubSys,
	NotifyMySQLSubSys,
	NotifyNATSSubSys,
	NotifyNSQSubSys,
	NotifyPostgresSubSys,
	NotifyRedisSubSys,
	NotifyWebhookSubSys,
}...)

SubSystems - all supported sub-systems

View Source 
var SubSystemsSingleTargets = set.CreateStringSet([]string{
	CredentialsSubSys,
	RegionSubSys,
	EtcdSubSys,
	CacheSubSys,
	StorageClassSubSys,
	CompressionSubSys,
	KmsVaultSubSys,
	KmsKesSubSys,
	PolicyOPASubSys,
	IdentityLDAPSubSys,
	IdentityOpenIDSubSys,
}...)

SubSystemsSingleTargets - subsystems which only support single target.

Functions

func CheckValidKeys 

func CheckValidKeys(subSys string, kv KVS, validKVS KVS) error

CheckValidKeys - checks if inputs KVS has the necessary keys, returns error if it find extra or superflous keys.

func Errorf 

func Errorf(format string, a ...interface{}) error

Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type config.Error

func FmtError 

func FmtError(introMsg string, err error, jsonFlag bool) string

FmtError converts a fatal error message to a more clear error using some colors

func FormatBool 

func FormatBool(b bool) string

FormatBool prints stringified version of boolean.

func GetRootCAs 

func GetRootCAs(certsCAsDir string) (*x509.CertPool, error)

GetRootCAs - returns all the root CAs into certPool at the input certsCADir

func LoadX509KeyPair 

func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error)

LoadX509KeyPair - load an X509 key pair (private key , certificate) from the provided paths. The private key may be encrypted and is decrypted using the ENV_VAR: MINIO_CERT_PASSWD.

func LookupCreds 

func LookupCreds(kv KVS) (auth.Credentials, error)

LookupCreds - lookup credentials from config.

func LookupRegion 

func LookupRegion(kv KVS) (string, error)

LookupRegion - get current region.

func LookupWorm 

func LookupWorm() (bool, error)

LookupWorm - check if worm is enabled

func NewConfigWriteTo 

func NewConfigWriteTo(cfg Config, key string) io.WriterTo

NewConfigWriteTo - returns a struct which allows for serializing the config/kv struct to a io.WriterTo

func ParseBool 

func ParseBool(str string) (bool, error)

ParseBool returns the boolean value represented by the string. It accepts 1, t, T, TRUE, true, True, 0, f, F, FALSE, false, False. Any other value returns an error.

func ParsePublicCertFile 

func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error)

ParsePublicCertFile - parses public cert into its *x509.Certificate equivalent.

func RegisterDefaultKVS 

func RegisterDefaultKVS(kvsMap map[string]KVS)

RegisterDefaultKVS - this function saves input kvsMap globally, this should be called only once preferably during `init()`.

func RegisterHelpSubSys 

func RegisterHelpSubSys(helpKVSMap map[string]HelpKVS)

RegisterHelpSubSys - this function saves input help KVS for each sub-system globally, this function should be called only once preferably in during `init()`.

func SetCredentials 

func SetCredentials(c Config, cred auth.Credentials)

SetCredentials - One time migration code needed, for migrating from older config to new for server credentials.

func SetRegion 

func SetRegion(c Config, name string)

SetRegion - One time migration code needed, for migrating from older config to new for server Region.

Types

type BoolFlag 

type BoolFlag bool

BoolFlag - wrapper bool type.

func ParseBoolFlag 

func ParseBoolFlag(s string) (bf BoolFlag, err error)

ParseBoolFlag - parses string into BoolFlag.

func (BoolFlag) MarshalJSON 

func (bf BoolFlag) MarshalJSON() ([]byte, error)

MarshalJSON - converts BoolFlag into JSON data.

func (BoolFlag) String 

func (bf BoolFlag) String() string

String - returns string of BoolFlag.

func (*BoolFlag) UnmarshalJSON 

func (bf *BoolFlag) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON - parses given data into BoolFlag.

type Config 

type Config map[string]map[string]KVS

Config - MinIO server config structure.

func New 

func New() Config

New - initialize a new server config.

func (Config) Clone 

func (c Config) Clone() Config

Clone - clones a config map entirely.

func (Config) DelFrom 

func (c Config) DelFrom(r io.Reader) error

DelFrom - deletes all keys in the input reader.

func (Config) DelKVS 

func (c Config) DelKVS(s string) error

DelKVS - delete a specific key.

func (Config) GetKVS 

func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error)

GetKVS - get kvs from specific subsystem.

func (Config) ReadFrom 

func (c Config) ReadFrom(r io.Reader) (int64, error)

ReadFrom - implements io.ReaderFrom interface

func (Config) SetKVS 

func (c Config) SetKVS(s string, defaultKVS map[string]KVS) error

SetKVS - set specific key values per sub-system.

type Err 

type Err struct {
	// contains filtered or unexported fields
}

Err is a structure which contains all information to print a fatal error message in json or pretty mode Err implements error so we can use it anywhere

func ErrorToErr 

func ErrorToErr(err error) Err

ErrorToErr inspects the passed error and transforms it to the appropriate UI error.

func (Err) Clone 

func (u Err) Clone() Err

Clone returns a new Err struct with the same information

func (Err) Error 

func (u Err) Error() string

Return the error message

func (Err) Hint 

func (u Err) Hint(m string, args ...interface{}) Err

Hint - Replace the current error's message

func (Err) Msg 

func (u Err) Msg(m string, args ...interface{}) Err

Msg - Replace the current error's message

type ErrFn 

type ErrFn func(err error) Err

ErrFn function wrapper

type Error 

type Error struct {
	Err string
}

Error config error type

func (Error) Error 

func (e Error) Error() string

type HelpKV 

type HelpKV struct {
	Key         string `json:"key"`
	Type        string `json:"type"`
	Description string `json:"description"`
	Optional    bool   `json:"optional"`

	// Indicates if sub-sys supports multiple targets.
	MultipleTargets bool `json:"multipleTargets"`
}

HelpKV - implements help messages for keys with value as description of the keys.

type HelpKVS 

type HelpKVS []HelpKV

HelpKVS - implement order of keys help messages.

func (HelpKVS) Lookup 

func (hkvs HelpKVS) Lookup(key string) (HelpKV, bool)

Lookup - lookup a key from help kvs.

type KV 

type KV struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

KV - is a shorthand of each key value.

type KVS 

type KVS []KV

KVS - is a shorthand for some wrapper functions to operate on list of key values.

func (KVS) Empty 

func (kvs KVS) Empty() bool

Empty - return if kv is empty

func (KVS) Get 

func (kvs KVS) Get(key string) string

Get - returns the value of a key, if not found returns empty.

func (KVS) Lookup 

func (kvs KVS) Lookup(key string) (string, bool)

Lookup - lookup a key in a list of KVS

func (*KVS) Set 

func (kvs *KVS) Set(key, value string)

Set sets a value, if not sets a default value.

func (KVS) String 

func (kvs KVS) String() string

type Target 

type Target struct {
	SubSystem string
	KVS       KVS
}

Target signifies an individual target

type Targets 

type Targets []Target

Targets sub-system targets

Source Files

View all Source files

Directories

Path Synopsis
dns
identity
ldap
openid
policy
opa

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.