Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: migrate to MINIO_ROOT_USER/PASSWORD from ACCESS/SECRET_KEY #11185

Merged
merged 1 commit into from
Jan 5, 2021
Merged

feat: migrate to MINIO_ROOT_USER/PASSWORD from ACCESS/SECRET_KEY #11185

merged 1 commit into from
Jan 5, 2021

Conversation

harshavardhana
Copy link
Member

Description

feat: migrate to MINIO_ROOT_USER/PASSWORD from ACCESS/SECRE_KEY

Motivation and Context

Newly agreed on environment variables to be more indicative of what they are
intended for any their actual meaning.

How to test this PR?

Older envs should be still supported, new ENVs if set overrides old ENVs

Types of changes

  • [] Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Documentation needed
  • Unit tests needed

@harshavardhana harshavardhana requested review from eco-minio, nitisht, vadmeste and kannappanr and removed request for eco-minio and nitisht December 30, 2020 01:49
nitisht
nitisht approved these changes Dec 30, 2020
View reviewed changes
Copy link
Contributor

@nitisht nitisht left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@harshavardhana harshavardhana changed the title feat: migrate to MINIO_ROOT_USER/PASSWORD from ACCESS/SECRE_KEY feat: migrate to MINIO_ROOT_USER/PASSWORD from ACCESS/SECRET_KEY Dec 30, 2020
vadmeste
vadmeste reviewed Dec 30, 2020
View reviewed changes
Copy link
Member

@vadmeste vadmeste left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment

Dockerfile Show resolved Hide resolved
@kannappanr
Copy link
Contributor

startup message probably needs to be changed. It still says AccessKey and SecretKey

Attempting encryption of all config, IAM users and policies on MinIO backend
Endpoint:  http://192.168.86.26:9000  http://172.17.0.1:9000  http://192.168.122.1:9000  http://192.168.42.1:9000  http://127.0.0.1:9000    
AccessKey: minio 
SecretKey: minio123

kannappanr
kannappanr approved these changes Dec 31, 2020
View reviewed changes
Copy link
Contributor

@kannappanr kannappanr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@harshavardhana
Copy link
Member Author

Do not merge this yet, as we need to make a release right away after merging this PR.

@harshavardhana harshavardhana force-pushed the env branch 4 times, most recently from eef7915 to fc8464b Compare January 5, 2021 02:53
@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-azure.sh more...
mint-gateway-nas.sh more...

11185-e6905e4/mint-gateway-azure.sh.log:

Running with
SERVER_ENDPOINT:      minio-dev8.minio.io:30188
ACCESS_KEY:           minioazure
SECRET_KEY:           ***REDACTED***
ENABLE_HTTPS:         0
SERVER_REGION:        us-east-1
MINT_DATA_DIR:        /mint/data
MINT_MODE:            full
ENABLE_VIRTUAL_STYLE: 0

To get logs, run 'docker cp 71d470f976c0:/mint/log /tmp/mint-logs'

(1/15) Running aws-sdk-go tests ... done in 9 seconds
(2/15) Running aws-sdk-java tests ... done in 1 seconds
(3/15) Running aws-sdk-php tests ... done in 1 minutes and 41 seconds
(4/15) Running aws-sdk-ruby tests ... done in 21 seconds
(5/15) Running awscli tests ... done in 3 minutes and 4 seconds
(6/15) Running healthcheck tests ... done in 0 seconds
(7/15) Running mc tests ... done in 3 minutes and 56 seconds
(8/15) Running minio-dotnet tests ... done in 1 minutes and 43 seconds
(9/15) Running minio-go tests ... done in 7 minutes and 9 seconds
(10/15) Running minio-java tests ... FAILED in 9 minutes and 11 seconds
{
  "name": "minio-java",
  "function": "putObject()",
  "args": "[user metadata]",
  "duration": 204,
  "status": "FAIL",
  "error": "error occurred\nErrorResponse(code = AuthenticationFailed, message = -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, github.com/Azure/azure-storage-blob-go@v0.10.0/azblob/zc_storage_error.go:42\n===== RESPONSE ERROR (ServiceCode=AuthenticationFailed) =====\nDescription=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:74eeb602-201e-0002-238c-e3ef14000000\nTime:2021-01-05T17:56:28.8204565Z, Details: \n   AuthenticationErrorDetail: The MAC signature found in the HTTP request 'FWhOljtYFfFIgQHmAR02DelQUyg08Lf+pAOrpcZrDwE=' is not the same as any computed signature. Server used following string to sign: 'PUT\n\n\n128\n\napplication/xml\n\n\n\n\n\n\nx-ms-blob-cache-control:\nx-ms-blob-content-disposition:\nx-ms-blob-content-encoding:\nx-ms-blob-content-language:\nx-ms-blob-content-type:application/octet-stream\nx-ms-client-request-id:d9520dc5-76b1-42ff-43d8-745a03cf426f\nx-ms-date:Tue, 05 Jan 2021 17:56:28 GMT\nx-ms-meta-my_header1:a   b   c\nx-ms-meta-my_header2:\"a   b   c\"\nx-ms-meta-my_project:Project One\nx-ms-meta-my_unicode_tag:商å“�\nx-ms-version:2019-02-02\n/minioazure/minio-java-test-2b4lv7v/minio-java-test-2aaueqp\ncomp:blocklist\ntimeout:1501'.\n   Code: AuthenticationFailed\n   PUT https://minioazure.blob.core.windows.net/minio-java-test-2b4lv7v/minio-java-test-2aaueqp?comp=blocklist&timeout=1501\n   Authorization: REDACTED\n   Content-Length: [128]\n   Content-Type: [application/xml]\n   User-Agent: [APN/1.0 MinIO/1.0 MinIO/2021-01-05T17:22:56Z]\n   X-Ms-Blob-Cache-Control: []\n   X-Ms-Blob-Content-Disposition: []\n   X-Ms-Blob-Content-Encoding: []\n   X-Ms-Blob-Content-Language: []\n   X-Ms-Blob-Content-Type: [application/octet-stream]\n   X-Ms-Client-Request-Id: [d9520dc5-76b1-42ff-43d8-745a03cf426f]\n   X-Ms-Date: [Tue, 05 Jan 2021 17:56:28 GMT]\n   X-Ms-Meta-My_header1: [a   b   c]\n   X-Ms-Meta-My_header2: [\"a   b   c\"]\n   X-Ms-Meta-My_project: [Project One]\n   X-Ms-Meta-My_unicode_tag: [商品]\n   X-Ms-Version: [2019-02-02]\n   --------------------------------------------------------------------------------\n   RESPONSE Status: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\n   Content-Length: [1092]\n   Content-Type: [application/xml]\n   Date: [Tue, 05 Jan 2021 17:56:28 GMT]\n   Server: [Microsoft-HTTPAPI/2.0]\n   X-Ms-Error-Code: [AuthenticationFailed]\n   X-Ms-Request-Id: [74eeb602-201e-0002-238c-e3ef14000000]\n\n\n, bucketName = minio-java-test-2b4lv7v, objectName = minio-java-test-2aaueqp, resource = /minio-java-test-2b4lv7v/minio-java-test-2aaueqp, requestId = 165767ADF6C5CDB3, hostId = 8903d03f-89fb-4537-8cb1-a3eac5595e58)\nrequest={method=PUT, url=http://minio-dev8.minio.io:30188/minio-java-test-2b4lv7v/minio-java-test-2aaueqp, headers=x-amz-meta-My-Unicode-Tag: 商品\nx-amz-meta-My-Project: Project One\nx-amz-meta-My-header1: a   b   c\nx-amz-meta-My-Header2: \"a   b   c\"\nContent-Type: application/octet-stream\nHost: minio-dev8.minio.io:30188\nAccept-Encoding: identity\nUser-Agent: MinIO (Linux; amd64) minio-java/8.0.3\nContent-MD5: A9oFTxee7YVcJ9fWsgQeKg==\nx-amz-content-sha256: 1ff7959f86334ddc5c188a5083268f600146328b2b6c5185e75bf7d9387d6b74\nx-amz-date: 20210105T175628Z\nAuthorization: AWS4-HMAC-SHA256 Credential=*REDACTED*/20210105/us-east-1/s3/aws4_request, SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date;x-amz-meta-my-header1;x-amz-meta-my-header2;x-amz-meta-my-project;x-amz-meta-my-unicode-tag, Signature=*REDACTED*\n}\nresponse={code=403, headers=Accept-Ranges: bytes\nContent-Length: 3086\nContent-Security-Policy: block-all-mixed-content\nContent-Type: application/xml\nServer: MinIO\nVary: Origin\nX-Amz-Request-Id: 165767ADF6C5CDB3\nX-Xss-Protection: 1; mode=block\nDate: Tue, 05 Jan 2021 17:56:28 GMT\n}\n >>> [io.minio.MinioClient.execute(MinioClient.java:775), io.minio.MinioClient.putObject(MinioClient.java:4547), io.minio.MinioClient.putObject(MinioClient.java:2713), io.minio.MinioClient.putObject(MinioClient.java:2830), FunctionalTest.testPutObject(FunctionalTest.java:763), FunctionalTest.putObject(FunctionalTest.java:890), FunctionalTest.runObjectTests(FunctionalTest.java:3751), FunctionalTest.runTests(FunctionalTest.java:3783), FunctionalTest.main(FunctionalTest.java:3927)]"
}
(10/15) Running minio-js tests ... done in 2 minutes and 45 seconds
(11/15) Running minio-py tests ... done in 18 minutes and 42 seconds
(12/15) Running s3cmd tests ... done in 2 minutes and 24 seconds
(13/15) Running s3select tests ... FAILED in 25 seconds
{
  "name": "s3select:test_csv_output_quote_char",
  "function": "select_object_content(bucket_name, object_name, request)",
  "args": {
    "bucket_name": "s3select-test-19ac6ad6-9305-4ab8-af5a-be45817c40f5"
  },
  "duration": 9075,
  "message": "Test test_10 unexpectedly failed with: InternalError: file not found",
  "error": "Traceback (most recent call last):\n  File \"/mint/run/core/s3select/csv.py\", line 42, in test_sql_api\n    for d in data.stream(10*1024):\n  File \"/usr/local/lib/python3.6/dist-packages/minio/select.py\", line 444, in stream\n    if self._read() <= 0:\n  File \"/usr/local/lib/python3.6/dist-packages/minio/select.py\", line 406, in _read\n    headers.get(\":error-code\"), headers.get(\":error-message\"),\nminio.error.MinioException: InternalError: file not found\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"./tests.py\", line 57, in main\n    test_csv_output_custom_quote_char(client, log_output)\n  File \"/mint/run/core/s3select/csv.py\", line 175, in test_csv_output_custom_quote_char\n    input_data, sql_opts, expected_output)\n  File \"/mint/run/core/s3select/csv.py\", line 48, in test_sql_api\n    'Test {} unexpectedly failed with: {}'.format(test_name, select_err))\nValueError: Test test_10 unexpectedly failed with: InternalError: file not found\n",
  "status": "FAIL"
}
(13/15) Running security tests ... done in 0 seconds

Executed 13 out of 15 tests successfully.

11185-e6905e4/mint-gateway-nas.sh.log:

Running with
SERVER_ENDPOINT:      minio-dev4.minio.io:31647
ACCESS_KEY:           minio
SECRET_KEY:           ***REDACTED***
ENABLE_HTTPS:         0
SERVER_REGION:        us-east-1
MINT_DATA_DIR:        /mint/data
MINT_MODE:            full
ENABLE_VIRTUAL_STYLE: 0

To get logs, run 'docker cp 14cbe0ec5617:/mint/log /tmp/mint-logs'

(1/15) Running aws-sdk-go tests ... done in 0 seconds
(2/15) Running aws-sdk-java tests ... done in 2 seconds
(3/15) Running aws-sdk-php tests ... done in 41 seconds
(4/15) Running aws-sdk-ruby tests ... done in 1 seconds
(5/15) Running awscli tests ... done in 2 minutes and 1 seconds
(6/15) Running healthcheck tests ... done in 0 seconds
(7/15) Running mc tests ... done in 33 seconds
(8/15) Running minio-dotnet tests ... done in 35 seconds
(9/15) Running minio-go tests ... done in 50 seconds
(10/15) Running minio-java tests ... done in 11 seconds
(11/15) Running minio-js tests ... done in 36 seconds
(12/15) Running minio-py tests ... done in 1 minutes and 6 seconds
(13/15) Running s3cmd tests ... FAILED in 14 seconds
{
  "name": "s3cmd",
  "duration": "12150",
  "function": "test_put_object_multipart",
  "status": "FAIL",
  "error": "ERROR: [Errno -3] Temporary failure in name resolution\nERROR: Connection Error: Error resolving a server hostname.\nPlease check the servers address specified in 'host_base', 'host_bucket', 'cloudfront_host', 'website_endpoint'"
}
(13/15) Running s3select tests ... done in 3 seconds
(14/15) Running security tests ... done in 0 seconds

Executed 14 out of 15 tests successfully.

Deleting image on docker hub
Deleting image locally

@harshavardhana harshavardhana merged commit cb0eaea into minio:master Jan 5, 2021
@harshavardhana harshavardhana deleted the env branch January 5, 2021 18:23
@lucendio lucendio mentioned this pull request Mar 30, 2021
Merged
@mcovalt mcovalt mentioned this pull request Sep 1, 2021
Merged
@fmuyassarov fmuyassarov mentioned this pull request Sep 1, 2021
Merged
BuJo added a commit to aminueza/terraform-provider-minio that referenced this pull request Aug 8, 2022
@BuJo
provider, use user/password instead of root user/pwd
1bdbdaf 
* Makes meaning more clear
* see minio/minio#11185
BuJo added a commit to aminueza/terraform-provider-minio that referenced this pull request Aug 8, 2022
@BuJo
Deprecate use of minio_access_key/minio_secret_key
e29fb19 
* Use minio_user/minio_password to follow minio
* See minio/minio#11185
BuJo added a commit to aminueza/terraform-provider-minio that referenced this pull request Aug 9, 2022
@BuJo
provider, use user/password instead of root user/pwd
7d86431 
* Makes meaning more clear
* see minio/minio#11185
BuJo added a commit to aminueza/terraform-provider-minio that referenced this pull request Aug 9, 2022
@BuJo
Deprecate use of minio_access_key/minio_secret_key
00e326f 
* Use minio_user/minio_password to follow minio
* See minio/minio#11185
BuJo added a commit to aminueza/terraform-provider-minio that referenced this pull request Oct 22, 2022
@BuJo @felladrin
Update minio (#297)
243676c 
* Update minio
* test, revise pre check to be more strict
* needs all environment variables to be checked
* Use MINIO_ROOT_USER/MINIO_ROOT_PASSWORD instead of deprecated env vars
* MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated since
  version RELEASE.2021-04-22T15-44-28Z.
* Note that the Terraform Provider will still accept the old variables.
* provider, use user/password instead of root user/pwd
* Makes meaning more clear
  * see minio/minio#11185
* Deprecate use of minio_access_key/minio_secret_key
* Use minio_user/minio_password to follow minio
 * See minio/minio#11185
* tests, fixup use of temporary MINIO_ROOT_USER variable
* Update MinIO image
* Update MinIO Variables in `serviceaccount` resource

Co-authored-by: Victor Nogueira <felladrin@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kannappanr kannappanr kannappanr approved these changes

@nitisht nitisht nitisht approved these changes

@eco-minio eco-minio Awaiting requested review from eco-minio

@vadmeste vadmeste Awaiting requested review from vadmeste

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@harshavardhana @kannappanr @minio-trusted @vadmeste @nitisht