Documentation ¶
Index ¶
- Constants
- Variables
- func CertificateText(cert *x509.Certificate) string
- func CheckValidKeys(subSys string, kv KVS, validKVS KVS) error
- func Decrypt(KMS kms.KMS, ciphertext io.Reader, context kms.Context) (io.Reader, error)
- func DecryptBytes(KMS kms.KMS, ciphertext []byte, context kms.Context) ([]byte, error)
- func Encrypt(KMS kms.KMS, plaintext io.Reader, context kms.Context) (io.Reader, error)
- func EncryptBytes(KMS kms.KMS, plaintext []byte, context kms.Context) ([]byte, error)
- func EnsureCertAndKey(ClientCert, ClientKey string) error
- func Errorf(format string, a ...interface{}) error
- func FmtError(introMsg string, err error, jsonFlag bool) string
- func FormatBool(b bool) string
- func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error)
- func LookupCreds(kv KVS) (auth.Credentials, error)
- func LookupRegion(kv KVS) (string, error)
- func LookupWorm() (bool, error)
- func NewConfigWriteTo(cfg Config, key string) io.WriterTo
- func ParseBool(str string) (bool, error)
- func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error)
- func RegisterDefaultKVS(kvsMap map[string]KVS)
- func RegisterHelpSubSys(helpKVSMap map[string]HelpKVS)
- func SetCredentials(c Config, cred auth.Credentials)
- func SetRegion(c Config, name string)
- type BoolFlag
- type Config
- func (c Config) Clone() Config
- func (c Config) DelFrom(r io.Reader) error
- func (c Config) DelKVS(s string) error
- func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error)
- func (c Config) Merge() Config
- func (c Config) ReadConfig(r io.Reader) (dynOnly bool, err error)
- func (c Config) RedactSensitiveInfo() Config
- func (c Config) SetKVS(s string, defaultKVS map[string]KVS) (dynamic bool, err error)
- type Err
- type ErrFn
- type Error
- type HelpKV
- type HelpKVS
- type KV
- type KVS
- type Target
- type Targets
Constants ¶
const ( Default = madmin.Default Enable = madmin.EnableKey Comment = madmin.CommentKey // Enable values EnableOn = madmin.EnableOn EnableOff = madmin.EnableOff RegionName = "name" AccessKey = "access_key" SecretKey = "secret_key" )
Default keys
const ( CredentialsSubSys = "credentials" PolicyOPASubSys = "policy_opa" IdentityOpenIDSubSys = "identity_openid" IdentityLDAPSubSys = "identity_ldap" CacheSubSys = "cache" RegionSubSys = "region" EtcdSubSys = "etcd" StorageClassSubSys = "storage_class" APISubSys = "api" CompressionSubSys = "compression" KmsKesSubSys = "kms_kes" LoggerWebhookSubSys = "logger_webhook" AuditWebhookSubSys = "audit_webhook" HealSubSys = "heal" ScannerSubSys = "scanner" CrawlerSubSys = "crawler" )
Top level config constants.
const ( NotifyKafkaSubSys = "notify_kafka" NotifyMQTTSubSys = "notify_mqtt" NotifyMySQLSubSys = "notify_mysql" NotifyNATSSubSys = "notify_nats" NotifyNSQSubSys = "notify_nsq" NotifyESSubSys = "notify_elasticsearch" NotifyAMQPSubSys = "notify_amqp" NotifyPostgresSubSys = "notify_postgres" NotifyRedisSubSys = "notify_redis" NotifyWebhookSubSys = "notify_webhook" )
Notification config constants.
const ( SubSystemSeparator = madmin.SubSystemSeparator KvSeparator = madmin.KvSeparator KvSpaceSeparator = madmin.KvSpaceSeparator KvComment = madmin.KvComment KvNewline = madmin.KvNewline KvDoubleQuote = madmin.KvDoubleQuote KvSingleQuote = madmin.KvSingleQuote // Env prefix used for all envs in MinIO EnvPrefix = "MINIO_" EnvWordDelimiter = `_` )
Constant separators
const ( EnvAccessKey = "MINIO_ACCESS_KEY" EnvSecretKey = "MINIO_SECRET_KEY" EnvRootUser = "MINIO_ROOT_USER" EnvRootPassword = "MINIO_ROOT_PASSWORD" EnvBrowser = "MINIO_BROWSER" EnvDomain = "MINIO_DOMAIN" EnvRegionName = "MINIO_REGION_NAME" EnvPublicIPs = "MINIO_PUBLIC_IPS" EnvFSOSync = "MINIO_FS_OSYNC" EnvArgs = "MINIO_ARGS" EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT" EnvRootDiskThresholdSize = "MINIO_ROOTDISK_THRESHOLD_SIZE" EnvUpdate = "MINIO_UPDATE" EnvKMSSecretKey = "MINIO_KMS_SECRET_KEY" EnvKESEndpoint = "MINIO_KMS_KES_ENDPOINT" EnvKESKeyName = "MINIO_KMS_KES_KEY_NAME" EnvKESClientKey = "MINIO_KMS_KES_KEY_FILE" EnvKESClientCert = "MINIO_KMS_KES_CERT_FILE" EnvKESServerCA = "MINIO_KMS_KES_CAPATH" EnvEndpoints = "MINIO_ENDPOINTS" // legacy EnvWorm = "MINIO_WORM" // legacy EnvRegion = "MINIO_REGION" // legacy )
Top level common ENVs
const DefaultComment = "optionally add a comment to this setting"
DefaultComment used across all sub-systems.
const EnvCertPassword = "MINIO_CERT_PASSWD"
EnvCertPassword is the environment variable which contains the password used to decrypt the TLS private key. It must be set if the TLS private key is password protected.
const (
ValueSeparator = ","
)
Config value separator
Variables ¶
var ( DefaultCredentialKVS = KVS{ KV{ Key: AccessKey, Value: auth.DefaultAccessKey, }, KV{ Key: SecretKey, Value: auth.DefaultSecretKey, }, } DefaultRegionKVS = KVS{ KV{ Key: RegionName, Value: "", }, } )
Default KV configs for worm and region
var ( ErrInvalidBrowserValue = newErrFn( "Invalid browser value", "Please check the passed value", "Browser can only accept `on` and `off` values. To disable web browser access, set this value to `off`", ) ErrInvalidFSOSyncValue = newErrFn( "Invalid O_SYNC value", "Please check the passed value", "Can only accept `on` and `off` values. To enable O_SYNC for fs backend, set this value to `on`", ) ErrOverlappingDomainValue = newErrFn( "Overlapping domain values", "Please check the passed value", "MINIO_DOMAIN only accepts non-overlapping domain values", ) ErrInvalidDomainValue = newErrFn( "Invalid domain value", "Please check the passed value", "Domain can only accept DNS compatible values", ) ErrInvalidErasureSetSize = newErrFn( "Invalid erasure set size", "Please check the passed value", "Erasure set can only accept any of [4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16] values", ) ErrInvalidWormValue = newErrFn( "Invalid WORM value", "Please check the passed value", "WORM can only accept `on` and `off` values. To enable WORM, set this value to `on`", ) ErrInvalidCacheDrivesValue = newErrFn( "Invalid cache drive value", "Please check the value in this ENV variable", "MINIO_CACHE_DRIVES: Mounted drives or directories are delimited by `,`", ) ErrInvalidCacheExcludesValue = newErrFn( "Invalid cache excludes value", "Please check the passed value", "MINIO_CACHE_EXCLUDE: Cache exclusion patterns are delimited by `,`", ) ErrInvalidCacheExpiryValue = newErrFn( "Invalid cache expiry value", "Please check the passed value", "MINIO_CACHE_EXPIRY: Valid cache expiry duration must be in days", ) ErrInvalidCacheQuota = newErrFn( "Invalid cache quota value", "Please check the passed value", "MINIO_CACHE_QUOTA: Valid cache quota value must be between 0-100", ) ErrInvalidCacheAfter = newErrFn( "Invalid cache after value", "Please check the passed value", "MINIO_CACHE_AFTER: Valid cache after value must be 0 or greater", ) ErrInvalidCacheWatermarkLow = newErrFn( "Invalid cache low watermark value", "Please check the passed value", "MINIO_CACHE_WATERMARK_LOW: Valid cache low watermark value must be between 0-100", ) ErrInvalidCacheWatermarkHigh = newErrFn( "Invalid cache high watermark value", "Please check the passed value", "MINIO_CACHE_WATERMARK_HIGH: Valid cache high watermark value must be between 0-100", ) ErrInvalidCacheEncryptionKey = newErrFn( "Invalid cache encryption master key value", "Please check the passed value", "MINIO_CACHE_ENCRYPTION_MASTER_KEY: For more information, please refer to https://docs.min.io/docs/minio-disk-cache-guide", ) ErrInvalidCacheRange = newErrFn( "Invalid cache range value", "Please check the passed value", "MINIO_CACHE_RANGE: Valid expected value is `on` or `off`", ) ErrInvalidCacheCommitValue = newErrFn( "Invalid cache commit value", "Please check the passed value", "MINIO_CACHE_COMMIT: Valid expected value is `writeback` or `writethrough`", ) ErrInvalidCacheSetting = newErrFn( "Incompatible cache setting", "Please check the passed value", "MINIO_CACHE_AFTER cannot be used with MINIO_CACHE_COMMIT setting", ) ErrInvalidCredentialsBackendEncrypted = newErrFn( "Invalid credentials", "Please set correct credentials in the environment for decryption", `Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`, ) ErrInvalidCredentials = newErrFn( "Invalid credentials", "Please provide correct credentials", `Access key length should be at least 3, and secret key length at least 8 characters`, ) ErrEnvCredentialsMissingGateway = newErrFn( "Credentials missing", "Please set your credentials in the environment", `In Gateway mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`, ) ErrInvalidErasureEndpoints = newErrFn( "Invalid endpoint(s) in erasure mode", "Please provide correct combination of local/remote paths", "For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide", ) ErrInvalidNumberOfErasureEndpoints = newErrFn( "Invalid total number of endpoints for erasure mode", "Please provide an even number of endpoints greater or equal to 4", "For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide", ) ErrStorageClassValue = newErrFn( "Invalid storage class value", "Please check the value", `MINIO_STORAGE_CLASS_STANDARD: Format "EC:<Default_Parity_Standard_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Standard mode. Objects are stored in Standard mode, if storage class is not defined in Put request MINIO_STORAGE_CLASS_RRS: Format "EC:<Default_Parity_Reduced_Redundancy_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Reduced Redundancy mode. Objects are stored in Reduced Redundancy mode, if Put request specifies RRS storage class Refer to the link https://github.com/hattrickcr7/myminio/tree/master/docs/erasure/storage-class for more information`, ) ErrUnexpectedBackendVersion = newErrFn( "Backend version seems to be too recent", "Please update to the latest MinIO version", "", ) ErrInvalidAddressFlag = newErrFn( "--address input is invalid", "Please check --address parameter", `--address binds to a specific ADDRESS:PORT, ADDRESS can be an IPv4/IPv6 address or hostname (default port is ':9000') Examples: --address ':443' --address '172.16.34.31:9000' --address '[fe80::da00:a6c8:e3ae:ddd7]:9000'`, ) ErrInvalidFSEndpoint = newErrFn( "Invalid endpoint for standalone FS mode", "Please check the FS endpoint", `FS mode requires only one writable disk path Example 1: $ minio server /data/minio/`, ) ErrUnsupportedBackend = newErrFn( "Unable to write to the backend", "Please ensure your disk supports O_DIRECT", "", ) ErrUnableToWriteInBackend = newErrFn( "Unable to write to the backend", "Please ensure MinIO binary has write permissions for the backend", `Verify if MinIO binary is running as the same user who has write permissions for the backend`, ) ErrPortAlreadyInUse = newErrFn( "Port is already in use", "Please ensure no other program uses the same address/port", "", ) ErrPortAccess = newErrFn( "Unable to use specified port", "Please ensure MinIO binary has 'cap_net_bind_service=+ep' permissions", `Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`, ) ErrSSLUnexpectedError = newErrFn( "Invalid TLS certificate", "Please check the content of your certificate data", `Only PEM (x.509) format is accepted as valid public & private certificates`, ) ErrSSLUnexpectedData = newErrFn( "Invalid TLS certificate", "Please check your certificate", "", ) ErrSSLNoPassword = newErrFn( "Missing TLS password", "Please set the password to environment variable `MINIO_CERT_PASSWD` so that the private key can be decrypted", "", ) ErrNoCertsAndHTTPSEndpoints = newErrFn( "HTTPS specified in endpoints, but no TLS certificate is found on the local machine", "Please add TLS certificate or use HTTP endpoints only", "Refer to https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls for information about how to load a TLS certificate in your server", ) ErrCertsAndHTTPEndpoints = newErrFn( "HTTP specified in endpoints, but the server in the local machine is configured with a TLS certificate", "Please remove the certificate in the configuration directory or switch to HTTPS", "", ) ErrSSLWrongPassword = newErrFn( "Unable to decrypt the private key using the provided password", "Please set the correct password in environment variable `MINIO_CERT_PASSWD`", "", ) ErrUnexpectedError = newErrFn( "Unexpected error", "Please contact MinIO at https://slack.min.io", "", ) ErrInvalidCompressionIncludesValue = newErrFn( "Invalid compression include value", "Please check the passed value", "Compress extensions/mime-types are delimited by `,`. For eg, MINIO_COMPRESS_MIME_TYPES=\"A,B,C\"", ) ErrInvalidGWSSEValue = newErrFn( "Invalid gateway SSE value", "Please check the passed value", "MINIO_GATEWAY_SSE: Gateway SSE accepts only C and S3 as valid values. Delimit by `;` to set more than one value", ) ErrInvalidGWSSEEnvValue = newErrFn( "Invalid gateway SSE configuration", "", "Refer to https://docs.min.io/docs/minio-kms-quickstart-guide.html for setting up SSE", ) ErrInvalidReplicationWorkersValue = newErrFn( "Invalid value for replication workers", "", "MINIO_API_REPLICATION_WORKERS: should be > 0", ) )
UI errors
var DefaultKVS map[string]KVS
DefaultKVS - default kvs for all sub-systems
var HelpSubSysMap map[string]HelpKVS
HelpSubSysMap - help for all individual KVS for each sub-systems also carries a special empty sub-system which dumps help for each sub-system key.
var Logger = struct { Info func(msg string, data ...interface{}) LogIf func(ctx context.Context, err error, errKind ...interface{}) }{}
Logger contains injected logger methods.
var ( RegionHelp = HelpKVS{ HelpKV{ Key: RegionName, Type: "string", Description: `name of the location of the server e.g. "us-west-rack2"`, Optional: true, }, HelpKV{ Key: Comment, Type: "sentence", Description: DefaultComment, Optional: true, }, } )
Region and Worm help is documented in default config
var SubSystems = set.CreateStringSet( CredentialsSubSys, RegionSubSys, EtcdSubSys, CacheSubSys, APISubSys, StorageClassSubSys, CompressionSubSys, KmsKesSubSys, LoggerWebhookSubSys, AuditWebhookSubSys, PolicyOPASubSys, IdentityLDAPSubSys, IdentityOpenIDSubSys, ScannerSubSys, HealSubSys, NotifyAMQPSubSys, NotifyESSubSys, NotifyKafkaSubSys, NotifyMQTTSubSys, NotifyMySQLSubSys, NotifyNATSSubSys, NotifyNSQSubSys, NotifyPostgresSubSys, NotifyRedisSubSys, NotifyWebhookSubSys, )
SubSystems - all supported sub-systems
var SubSystemsDynamic = set.CreateStringSet( APISubSys, CompressionSubSys, ScannerSubSys, HealSubSys, )
SubSystemsDynamic - all sub-systems that have dynamic config.
var SubSystemsSingleTargets = set.CreateStringSet([]string{ CredentialsSubSys, RegionSubSys, EtcdSubSys, CacheSubSys, APISubSys, StorageClassSubSys, CompressionSubSys, KmsKesSubSys, PolicyOPASubSys, IdentityLDAPSubSys, IdentityOpenIDSubSys, HealSubSys, ScannerSubSys, }...)
SubSystemsSingleTargets - subsystems which only support single target.
Functions ¶
func CertificateText ¶
func CertificateText(cert *x509.Certificate) string
CertificateText returns a human-readable string representation of the certificate cert. The format is similar to the OpenSSL way of printing certificates (not identical).
func CheckValidKeys ¶
CheckValidKeys - checks if inputs KVS has the necessary keys, returns error if it find extra or superflous keys.
func Decrypt ¶
Decrypt decrypts the ciphertext using a key managed by the KMS. The same context that have been used during encryption must be provided.
func DecryptBytes ¶
DecryptBytes decrypts the ciphertext using a key managed by the KMS. The same context that have been used during encryption must be provided.
func Encrypt ¶
Encrypt encrypts the plaintext with a key managed by KMS. The context is bound to the returned ciphertext.
The same context must be provided when decrypting the ciphertext.
func EncryptBytes ¶
EncryptBytes encrypts the plaintext with a key managed by KMS. The context is bound to the returned ciphertext.
The same context must be provided when decrypting the ciphertext.
func EnsureCertAndKey ¶
EnsureCertAndKey checks if both client certificate and key paths are provided
func Errorf ¶
Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type config.Error
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error)
LoadX509KeyPair - load an X509 key pair (private key , certificate) from the provided paths. The private key may be encrypted and is decrypted using the ENV_VAR: MINIO_CERT_PASSWD.
func LookupCreds ¶
func LookupCreds(kv KVS) (auth.Credentials, error)
LookupCreds - lookup credentials from config.
func NewConfigWriteTo ¶
NewConfigWriteTo - returns a struct which allows for serializing the config/kv struct to a io.WriterTo
func ParseBool ¶
ParseBool returns the boolean value represented by the string. It accepts 1, t, T, TRUE, true, True, 0, f, F, FALSE, false, False. Any other value returns an error.
func ParsePublicCertFile ¶
func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error)
ParsePublicCertFile - parses public cert into its *x509.Certificate equivalent.
func RegisterDefaultKVS ¶
RegisterDefaultKVS - this function saves input kvsMap globally, this should be called only once preferably during `init()`.
func RegisterHelpSubSys ¶
RegisterHelpSubSys - this function saves input help KVS for each sub-system globally, this function should be called only once preferably in during `init()`.
func SetCredentials ¶
func SetCredentials(c Config, cred auth.Credentials)
SetCredentials - One time migration code needed, for migrating from older config to new for server credentials.
Types ¶
type BoolFlag ¶
type BoolFlag bool
BoolFlag - wrapper bool type.
func ParseBoolFlag ¶
ParseBoolFlag - parses string into BoolFlag.
func (BoolFlag) MarshalJSON ¶
MarshalJSON - converts BoolFlag into JSON data.
func (*BoolFlag) UnmarshalJSON ¶
UnmarshalJSON - parses given data into BoolFlag.
type Config ¶
Config - MinIO server config structure.
func (Config) Merge ¶
Merge - merges a new config with all the missing values for default configs, returns a config.
func (Config) ReadConfig ¶
ReadConfig - read content from input and write into c. Returns whether all parameters were dynamic.
func (Config) RedactSensitiveInfo ¶
RedactSensitiveInfo - removes sensitive information like urls and credentials from the configuration
type Err ¶
type Err struct {
// contains filtered or unexported fields
}
Err is a structure which contains all information to print a fatal error message in json or pretty mode Err implements error so we can use it anywhere
func ErrorToErr ¶
ErrorToErr inspects the passed error and transforms it to the appropriate UI error.
type HelpKV ¶
type HelpKV struct { Key string `json:"key"` Type string `json:"type"` Description string `json:"description"` Optional bool `json:"optional"` // Indicates if the value contains sensitive info // that shouldn't be exposed in certain apis Sensitive bool `json:"-"` // Indicates if sub-sys supports multiple targets. MultipleTargets bool `json:"multipleTargets"` }
HelpKV - implements help messages for keys with value as description of the keys.
type KVS ¶
type KVS []KV
KVS - is a shorthand for some wrapper functions to operate on list of key values.