diff --git a/internal/yml/config.go b/internal/yml/config.go index 4dfc18fd..e3988879 100644 --- a/internal/yml/config.go +++ b/internal/yml/config.go @@ -153,20 +153,6 @@ func unmarshalServerConfig(b []byte) (*ServerConfig, error) { if _, ok := errV0170.(*yaml.TypeError); !ok { return nil, err } - - var configV0140 serverConfigV0140 - if errV0140 := yaml.Unmarshal(b, &configV0140); errV0140 != nil { - if _, ok := errV0140.(*yaml.TypeError); !ok { - return nil, err - } - - var configV0135 serverConfigV0135 - if errV0135 := yaml.Unmarshal(b, &configV0135); errV0135 != nil { - return nil, err - } - return configV0135.migrate(), nil - } - return configV0140.migrate(), nil } return configV0170.migrate(), nil } diff --git a/internal/yml/server-config_test.go b/internal/yml/server-config_test.go index d576455a..747bfa74 100644 --- a/internal/yml/server-config_test.go +++ b/internal/yml/server-config_test.go @@ -9,9 +9,7 @@ import "testing" var readServerConfigTests = []struct { File string }{ - {File: "testdata/config_v0.13.0.yml"}, // 0 - {File: "testdata/config_v0.14.0.yml"}, // 1 - {File: "testdata/config_v0.17.0.yml"}, // 2 + {File: "testdata/config_v0.17.0.yml"}, // 0 } func TestReadServerConfig(t *testing.T) { diff --git a/internal/yml/server-config_v0.13.5.go b/internal/yml/server-config_v0.13.5.go deleted file mode 100644 index 2439ae1e..00000000 --- a/internal/yml/server-config_v0.13.5.go +++ /dev/null @@ -1,192 +0,0 @@ -// Copyright 2021 - MinIO, Inc. All rights reserved. -// Use of this source code is governed by the AGPLv3 -// license that can be found in the LICENSE file. - -package yml - -type serverConfigV0135 struct { - Addr String `yaml:"address"` - Root Identity `yaml:"root"` - - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - Proxy struct { - Identities []Identity `yaml:"identities"` - Header struct { - ClientCert String `yaml:"cert"` - } `yaml:"header"` - } `yaml:"proxy"` - } `yaml:"tls"` - - Policies map[string]struct { - Paths []string `yaml:"paths"` // Use 'string' type; We don't replace API path patterns with env. vars - Identities []Identity `yaml:"identities"` - } `yaml:"policy"` - - Cache struct { - Expiry struct { - Any Duration `yaml:"any"` - Unused Duration `yaml:"unused"` - Offline Duration `yaml:"offline"` - } `yaml:"expiry"` - } `yaml:"cache"` - - Log struct { - Error String `yaml:"error"` - Audit String `yaml:"audit"` - } `yaml:"log"` - - Keys struct { - Fs struct { - Path String `yaml:"path"` - } `yaml:"fs"` - - Generic struct { - Endpoint String `yaml:"endpoint"` - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"generic"` - - Vault struct { - Endpoint String `yaml:"endpoint"` - Engine String `yaml:"engine"` - APIVersion String `yaml:"version"` - Namespace String `yaml:"namespace"` - - Prefix String `yaml:"prefix"` - - AppRole struct { - Engine String `yaml:"engine"` - ID String `yaml:"id"` - Secret String `yaml:"secret"` - Retry Duration `yaml:"retry"` - } `yaml:"approle"` - - Kubernetes struct { - Engine String `yaml:"engine"` - Role String `yaml:"role"` - JWT String `yaml:"jwt"` // Can be either a JWT or a path to a file containing a JWT - Retry Duration `yaml:"retry"` - } `yaml:"kubernetes"` - - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - CAPath String `yaml:"ca"` - } `yaml:"tls"` - - Status struct { - Ping Duration `yaml:"ping"` - } `yaml:"status"` - } `yaml:"vault"` - - Fortanix struct { - SDKMS struct { - Endpoint String `yaml:"endpoint"` - GroupID String `yaml:"group_id"` - - Login struct { - APIKey String `yaml:"key"` - } `yaml:"credentials"` - - TLS struct { - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"sdkms"` - } `yaml:"fortanix"` - - Aws struct { - SecretsManager struct { - Endpoint String `yaml:"endpoint"` - Region String `yaml:"region"` - KmsKey String ` yaml:"kmskey"` - - Login struct { - AccessKey String `yaml:"accesskey"` - SecretKey String `yaml:"secretkey"` - SessionToken String `yaml:"token"` - } `yaml:"credentials"` - } `yaml:"secretsmanager"` - } `yaml:"aws"` - - GCP struct { - SecretManager struct { - ProjectID String `yaml:"project_id"` - Endpoint String `yaml:"endpoint"` - Scopes []String `yaml:"scopes"` - Credentials struct { - Client String `yaml:"client_email"` - ClientID String `yaml:"client_id"` - KeyID String `yaml:"private_key_id"` - Key String `yaml:"private_key"` - } `yaml:"credentials"` - } `yaml:"secretmanager"` - } `yaml:"gcp"` - - Azure struct { - KeyVault struct { - Endpoint String `yaml:"endpoint"` - Credentials struct { - TenantID String `yaml:"tenant_id"` - ClientID String `yaml:"client_id"` - Secret String `yaml:"client_secret"` - } `yaml:"credentials"` - ManagedIdentity struct { - ClientID String `yaml:"client_id"` - } `yaml:"managed_identity"` - } `yaml:"keyvault"` - } `yaml:"azure"` - - Gemalto struct { - KeySecure struct { - Endpoint String `yaml:"endpoint"` - - Login struct { - Token String `yaml:"token"` - Domain String `yaml:"domain"` - Retry Duration `yaml:"retry"` - } `yaml:"credentials"` - - TLS struct { - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"keysecure"` - } `yaml:"gemalto"` - } `yaml:"keys"` -} - -func (c *serverConfigV0135) migrate() *ServerConfig { - config := &ServerConfig{ - Address: c.Addr, - Cache: c.Cache, - Log: c.Log, - KeyStore: c.Keys, - } - config.Admin.Identity = c.Root - - config.TLS.PrivateKey = c.TLS.PrivateKey - config.TLS.Certificate = c.TLS.Certificate - config.TLS.Proxy = c.TLS.Proxy - - type Policy struct { - Allow []string `yaml:"allow"` - Deny []string `yaml:"deny"` - Identities []Identity `yaml:"identities"` - } - config.Policies = make(map[string]struct { - Allow []string `yaml:"allow"` - Deny []string `yaml:"deny"` - Identities []Identity `yaml:"identities"` - }, len(c.Policies)) - for name, policy := range c.Policies { - config.Policies[name] = Policy{ - Allow: policy.Paths, - Identities: policy.Identities, - } - } - return config -} diff --git a/internal/yml/server-config_v0.14.0.go b/internal/yml/server-config_v0.14.0.go deleted file mode 100644 index 8da67f71..00000000 --- a/internal/yml/server-config_v0.14.0.go +++ /dev/null @@ -1,197 +0,0 @@ -// Copyright 2021 - MinIO, Inc. All rights reserved. -// Use of this source code is governed by the AGPLv3 -// license that can be found in the LICENSE file. - -package yml - -type serverConfigV0140 struct { - Addr String `yaml:"address"` - Root Identity `yaml:"root"` - - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - Proxy struct { - Identities []Identity `yaml:"identities"` - Header struct { - ClientCert String `yaml:"cert"` - } `yaml:"header"` - } `yaml:"proxy"` - } `yaml:"tls"` - - Policies map[string]struct { - Paths []string `yaml:"paths"` // Use 'string' type; We don't replace API path patterns with env. vars - Identities []Identity `yaml:"identities"` - } `yaml:"policy"` - - Cache struct { - Expiry struct { - Any Duration `yaml:"any"` - Unused Duration `yaml:"unused"` - Offline Duration `yaml:"offline"` - } `yaml:"expiry"` - } `yaml:"cache"` - - Log struct { - Error String `yaml:"error"` - Audit String `yaml:"audit"` - } `yaml:"log"` - - Keys []struct { - Name String `yaml:"name"` - } `yaml:"keys"` - - KeyStore struct { - Fs struct { - Path String `yaml:"path"` - } `yaml:"fs"` - - Generic struct { - Endpoint String `yaml:"endpoint"` - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"generic"` - - Vault struct { - Endpoint String `yaml:"endpoint"` - Engine String `yaml:"engine"` - APIVersion String `yaml:"version"` - Namespace String `yaml:"namespace"` - - Prefix String `yaml:"prefix"` - - AppRole struct { - Engine String `yaml:"engine"` - ID String `yaml:"id"` - Secret String `yaml:"secret"` - Retry Duration `yaml:"retry"` - } `yaml:"approle"` - - Kubernetes struct { - Engine String `yaml:"engine"` - Role String `yaml:"role"` - JWT String `yaml:"jwt"` // Can be either a JWT or a path to a file containing a JWT - Retry Duration `yaml:"retry"` - } `yaml:"kubernetes"` - - TLS struct { - PrivateKey String `yaml:"key"` - Certificate String `yaml:"cert"` - CAPath String `yaml:"ca"` - } `yaml:"tls"` - - Status struct { - Ping Duration `yaml:"ping"` - } `yaml:"status"` - } `yaml:"vault"` - - Fortanix struct { - SDKMS struct { - Endpoint String `yaml:"endpoint"` - GroupID String `yaml:"group_id"` - - Login struct { - APIKey String `yaml:"key"` - } `yaml:"credentials"` - - TLS struct { - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"sdkms"` - } `yaml:"fortanix"` - - Aws struct { - SecretsManager struct { - Endpoint String `yaml:"endpoint"` - Region String `yaml:"region"` - KmsKey String ` yaml:"kmskey"` - - Login struct { - AccessKey String `yaml:"accesskey"` - SecretKey String `yaml:"secretkey"` - SessionToken String `yaml:"token"` - } `yaml:"credentials"` - } `yaml:"secretsmanager"` - } `yaml:"aws"` - - GCP struct { - SecretManager struct { - ProjectID String `yaml:"project_id"` - Endpoint String `yaml:"endpoint"` - Scopes []String `yaml:"scopes"` - Credentials struct { - Client String `yaml:"client_email"` - ClientID String `yaml:"client_id"` - KeyID String `yaml:"private_key_id"` - Key String `yaml:"private_key"` - } `yaml:"credentials"` - } `yaml:"secretmanager"` - } `yaml:"gcp"` - - Azure struct { - KeyVault struct { - Endpoint String `yaml:"endpoint"` - Credentials struct { - TenantID String `yaml:"tenant_id"` - ClientID String `yaml:"client_id"` - Secret String `yaml:"client_secret"` - } `yaml:"credentials"` - ManagedIdentity struct { - ClientID String `yaml:"client_id"` - } `yaml:"managed_identity"` - } `yaml:"keyvault"` - } `yaml:"azure"` - - Gemalto struct { - KeySecure struct { - Endpoint String `yaml:"endpoint"` - - Login struct { - Token String `yaml:"token"` - Domain String `yaml:"domain"` - Retry Duration `yaml:"retry"` - } `yaml:"credentials"` - - TLS struct { - CAPath String `yaml:"ca"` - } `yaml:"tls"` - } `yaml:"keysecure"` - } `yaml:"gemalto"` - } `yaml:"keystore"` -} - -func (c *serverConfigV0140) migrate() *ServerConfig { - config := &ServerConfig{ - Address: c.Addr, - Cache: c.Cache, - Log: c.Log, - Keys: c.Keys, - KeyStore: c.KeyStore, - } - config.Admin.Identity = c.Root - - config.TLS.PrivateKey = c.TLS.PrivateKey - config.TLS.Certificate = c.TLS.Certificate - config.TLS.Proxy = c.TLS.Proxy - - type Policy struct { - Allow []string `yaml:"allow"` - Deny []string `yaml:"deny"` - Identities []Identity `yaml:"identities"` - } - config.Policies = make(map[string]struct { - Allow []string `yaml:"allow"` - Deny []string `yaml:"deny"` - Identities []Identity `yaml:"identities"` - }, len(c.Policies)) - for name, policy := range c.Policies { - config.Policies[name] = Policy{ - Allow: policy.Paths, - Identities: policy.Identities, - } - } - return config -} diff --git a/internal/yml/testdata/config_v0.13.0.yml b/internal/yml/testdata/config_v0.13.0.yml deleted file mode 100644 index 955de330..00000000 --- a/internal/yml/testdata/config_v0.13.0.yml +++ /dev/null @@ -1,62 +0,0 @@ -address: 0.0.0.0:7373 - -root: c84cc9b91ae2399b043da7eca616048d4b4200edf2ff418d8af3835911db945d - -tls: - key: server.key - cert: server.crt - -proxy: - identities: [] - header: - cert: X-Tls-Client-Cert - -policy: - my-app: - paths: - - /v1/key/create/my-app* - - /v1/key/generate/my-app* - - /v1/key/decrypt/my-app* - identities: - - df7281ca3fed4ef7d06297eb7cb9d590a4edc863b4425f4762bb2afaebfd3258 - - c0ecd5962eaf937422268b80a93dde4786dc9783fb2480ddea0f3e5fe471a731 - - my-app-ops: - paths: - - /v1/key/delete/my-app* - - /v1/policy/show/my-app - - /v1/identity/assign/my-app/* - identities: - - 7ec8095a5308a535b72b35c7ccd4ce1d7c14af713acd22e2935a9d6e4fe18127 - -cache: - expiry: - any: 5m0s - unused: 20s - -log: - error: on - audit: off - -keys: - vault: - endpoint: "https://localhost:8200" - engine: "" - namespace: "" - prefix: "" - approle: - engine: "" - id: "" - secret: "" - retry: 15s - kubernetes: - engine: "" - role: "" - jwt: "" - retry: 15s - tls: - key: "" - cert: "" - ca: "" - status: - ping: 10s diff --git a/internal/yml/testdata/config_v0.14.0.yml b/internal/yml/testdata/config_v0.14.0.yml deleted file mode 100644 index 73cd2e44..00000000 --- a/internal/yml/testdata/config_v0.14.0.yml +++ /dev/null @@ -1,54 +0,0 @@ -address: 0.0.0.0:7373 - -root: c84cc9b91ae2399b043da7eca616048d4b4200edf2ff418d8af3835911db945d - -tls: - key: server.key - cert: server.crt - -proxy: - identities: [] - header: - cert: X-Tls-Client-Cert - -policy: - my-app: - paths: - - /v1/key/create/my-app* - - /v1/key/generate/my-app* - - /v1/key/decrypt/my-app* - identities: - - df7281ca3fed4ef7d06297eb7cb9d590a4edc863b4425f4762bb2afaebfd3258 - - c0ecd5962eaf937422268b80a93dde4786dc9783fb2480ddea0f3e5fe471a731 - - my-app-ops: - paths: - - /v1/key/delete/my-app* - - /v1/policy/show/my-app - - /v1/identity/assign/my-app/* - identities: - - 7ec8095a5308a535b72b35c7ccd4ce1d7c14af713acd22e2935a9d6e4fe18127 - -cache: - expiry: - any: 5m0s - unused: 20s - -log: - error: on - audit: off - -keys: - - name: my-key-1 - - name: my-key-2 - -keystore: - aws: - secretsmanager: - endpoint: "secretsmanager.us-east-2.amazonaws.com" - region: "us-east-2" - kmskey: "" - credentials: - accesskey: "" - secretkey: "" - token: ""