diff --git a/cmd/admin-handlers-config-kv.go b/cmd/admin-handlers-config-kv.go index 4f5f2c517..3b9a2a48c 100644 --- a/cmd/admin-handlers-config-kv.go +++ b/cmd/admin-handlers-config-kv.go @@ -178,16 +178,7 @@ func (a adminAPIHandlers) GetConfigKVHandler(w http.ResponseWriter, r *http.Requ return } - cfg := globalServerConfig - if newObjectLayerFn() == nil { - var err error - cfg, err = getValidConfig(objectAPI) - if err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } - } - + cfg := globalServerConfig.Clone() vars := mux.Vars(r) var buf = &bytes.Buffer{} cw := config.NewConfigWriteTo(cfg, vars["key"]) @@ -421,11 +412,7 @@ func (a adminAPIHandlers) GetConfigHandler(w http.ResponseWriter, r *http.Reques return } - cfg, err := readServerConfig(ctx, objectAPI) - if err != nil { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) - return - } + cfg := globalServerConfig.Clone() var s strings.Builder hkvs := config.HelpSubSysMap[""] diff --git a/cmd/common-main.go b/cmd/common-main.go index d81a48493..38f5dd195 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -575,6 +575,7 @@ func handleCommonEnvVars() { } GlobalKMS = KMS } + if tiers := env.Get("_MINIO_DEBUG_REMOTE_TIERS_IMMEDIATELY", ""); tiers != "" { globalDebugRemoteTiersImmediately = strings.Split(tiers, ",") } diff --git a/cmd/config-current.go b/cmd/config-current.go index dc5e2e915..08c7c73b6 100644 --- a/cmd/config-current.go +++ b/cmd/config-current.go @@ -100,10 +100,6 @@ func initHelp() { Key: config.PolicyOPASubSys, Description: "[DEPRECATED] enable external OPA for policy enforcement", }, - config.HelpKV{ - Key: config.KmsKesSubSys, - Description: "enable external MinIO key encryption service", - }, config.HelpKV{ Key: config.APISubSys, Description: "manage global HTTP API call specific features, such as throttling, authentication types, etc.", diff --git a/cmd/config-encrypted.go b/cmd/config-encrypted.go index 2d2b81670..0fdd13133 100644 --- a/cmd/config-encrypted.go +++ b/cmd/config-encrypted.go @@ -97,15 +97,17 @@ func migrateIAMConfigsEtcdToEncrypted(ctx context.Context, client *etcd.Client) if !utf8.Valid(data) { pdata, err := madmin.DecryptData(globalActiveCred.String(), bytes.NewReader(data)) if err != nil { - pdata, err = config.DecryptBytes(GlobalKMS, data, kms.Context{ - minioMetaBucket: path.Join(minioMetaBucket, string(kv.Key)), - }) - if err != nil { + if GlobalKMS != nil { pdata, err = config.DecryptBytes(GlobalKMS, data, kms.Context{ - minioMetaBucket: string(kv.Key), + minioMetaBucket: path.Join(minioMetaBucket, string(kv.Key)), }) if err != nil { - return fmt.Errorf("Decrypting IAM config failed %w, possibly credentials are incorrect", err) + pdata, err = config.DecryptBytes(GlobalKMS, data, kms.Context{ + minioMetaBucket: string(kv.Key), + }) + if err != nil { + return fmt.Errorf("Decrypting IAM config failed %w, possibly credentials are incorrect", err) + } } } } diff --git a/cmd/config.go b/cmd/config.go index 18eebf1f3..efa76af37 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -20,6 +20,7 @@ package cmd import ( "context" "encoding/json" + "errors" "path" "sort" "strings" @@ -149,13 +150,13 @@ func saveServerConfig(ctx context.Context, objAPI ObjectLayer, cfg interface{}) } func readServerConfig(ctx context.Context, objAPI ObjectLayer) (config.Config, error) { + var srvCfg = config.New() configFile := path.Join(minioConfigPrefix, minioConfigFile) data, err := readConfig(ctx, objAPI, configFile) if err != nil { - // Config not found for some reason, allow things to continue - // by initializing a new fresh config in safe mode. - if err == errConfigNotFound && newObjectLayerFn() == nil { - return newServerConfig(), nil + if errors.Is(err, errConfigNotFound) { + lookupConfigs(srvCfg, objAPI.SetDriveCounts()) + return srvCfg, nil } return nil, err } @@ -165,11 +166,11 @@ func readServerConfig(ctx context.Context, objAPI ObjectLayer) (config.Config, e minioMetaBucket: path.Join(minioMetaBucket, configFile), }) if err != nil { + lookupConfigs(srvCfg, objAPI.SetDriveCounts()) return nil, err } } - var srvCfg = config.New() var json = jsoniter.ConfigCompatibleWithStandardLibrary if err = json.Unmarshal(data, &srvCfg); err != nil { return nil, err diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index c3382b7ee..e626d5c1f 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -845,22 +845,14 @@ var ( // Returns a minio-go Client configured to access remote host described by destDNSRecord // Applicable only in a federated deployment var getRemoteInstanceClient = func(r *http.Request, host string) (*miniogo.Core, error) { - if newObjectLayerFn() == nil { - return nil, errServerNotInitialized - } - cred := getReqAccessCred(r, globalServerRegion) // In a federated deployment, all the instances share config files // and hence expected to have same credentials. - core, err := miniogo.NewCore(host, &miniogo.Options{ + return miniogo.NewCore(host, &miniogo.Options{ Creds: credentials.NewStaticV4(cred.AccessKey, cred.SecretKey, ""), Secure: globalIsTLS, Transport: getRemoteInstanceTransport, }) - if err != nil { - return nil, err - } - return core, nil } // Check if the destination bucket is on a remote site, this code only gets executed diff --git a/internal/config/config.go b/internal/config/config.go index 6618d5081..67b75286a 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -72,7 +72,6 @@ const ( StorageClassSubSys = "storage_class" APISubSys = "api" CompressionSubSys = "compression" - KmsKesSubSys = "kms_kes" LoggerWebhookSubSys = "logger_webhook" AuditWebhookSubSys = "audit_webhook" HealSubSys = "heal" @@ -107,7 +106,6 @@ var SubSystems = set.CreateStringSet( APISubSys, StorageClassSubSys, CompressionSubSys, - KmsKesSubSys, LoggerWebhookSubSys, AuditWebhookSubSys, PolicyOPASubSys, @@ -144,7 +142,6 @@ var SubSystemsSingleTargets = set.CreateStringSet([]string{ APISubSys, StorageClassSubSys, CompressionSubSys, - KmsKesSubSys, PolicyOPASubSys, IdentityLDAPSubSys, IdentityOpenIDSubSys,