New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect MCS with Minio TLS/Custom CAs #102
Conversation
e16760c
to
5181e1b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
func newMcsCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error) { | ||
return credentials.NewSTSAssumeRole(getMinIOServer(), credentials.STSAssumeRoleOptions{ | ||
stsEndpoint := getMinIOServer() | ||
if stsEndpoint == "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if stsEndpoint == "" { | |
if strings.TrimSpace(stsEndpoint) == "" { |
else " "
will not enter here, same for the ones below
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how is this solved?
This PR adds support to connect MCS to minio instances running TLS with self-signed certificates or certificates signed by custom Certificate Authorities ``` export MCS_MINIO_SERVER_TLS_ROOT_CAS=file1,file2,file3 ``` Note: TLS Skip Verification is not supported unless there's a clear need for it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This PR adds support to connect MCS to minio instances running TLS with
self-signed certificates or certificates signed by custom
Certificate Authorities
Note: TLS Skip Verification is not supported unless there's a clear need
for it