Merge branch 'master' into fix/set-json-validation

minio · Nov 9, 2023 · 4d23b6c · 4d23b6c
2 parents 062553f + 7db80b6
commit 4d23b6c
Show file tree

Hide file tree

Showing 9 changed files with 113 additions and 20 deletions.
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -7,8 +7,8 @@ COPY CREDITS /licenses/CREDITS
 COPY LICENSE /licenses/LICENSE
 
 RUN  \
-     microdnf update --nodocs && \
-     microdnf install ca-certificates --nodocs && \
+     microdnf update --nodocs --assumeyes && \
+     microdnf install ca-certificates --nodocs --assumeyes && \
      microdnf clean all
 
 ENTRYPOINT ["mc"]
diff --git a/Dockerfile.hotfix b/Dockerfile.hotfix
@@ -1,8 +1,8 @@
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:latest as build
 
-RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs && microdnf clean all
+RUN microdnf update --nodocs --assumeyes  && microdnf install ca-certificates --nodocs --assumeyes 
 
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest
 
 ARG TARGETARCH
 ARG RELEASE

diff --git a/Dockerfile.release b/Dockerfile.release
@@ -1,8 +1,8 @@
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:latest as build
 
-RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs && microdnf clean all
+RUN microdnf update --nodocs --assumeyes  && microdnf install ca-certificates --nodocs --assumeyes 
 
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest
 
 ARG TARGETARCH
 ARG RELEASE

diff --git a/Dockerfile.release.fips b/Dockerfile.release.fips
@@ -1,8 +1,8 @@
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:latest as build
 
-RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs && microdnf clean all
+RUN microdnf update --nodocs --assumeyes  && microdnf install ca-certificates --nodocs --assumeyes 
 
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest
 
 ARG TARGETARCH
 ARG RELEASE

diff --git a/Dockerfile.release.old_cpu b/Dockerfile.release.old_cpu
@@ -0,0 +1,24 @@
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi8/ubi-minimal:latest as build
+
+RUN microdnf update --nodocs --assumeyes  && microdnf install ca-certificates --nodocs --assumeyes 
+
+FROM registry.access.redhat.com/ubi8/ubi-micro:latest
+
+ARG TARGETARCH
+ARG RELEASE
+
+LABEL maintainer="MinIO Inc <[email protected]>"
+
+# On RHEL the certificate bundle is located at:
+# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6)
+# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7)
+COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/
+
+COPY CREDITS /licenses/CREDITS
+COPY LICENSE /licenses/LICENSE
+
+ADD https://dl.minio.io/client/mc/release/linux-${TARGETARCH}/archive/mc.${RELEASE} /usr/bin/mc
+
+RUN chmod +x /usr/bin/mc
+
+ENTRYPOINT ["mc"]
diff --git a/cmd/client-s3.go b/cmd/client-s3.go
@@ -38,6 +38,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/minio/pkg/v2/env"
+
 	"github.com/minio/minio-go/v7"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/minio/minio-go/v7/pkg/encrypt"
@@ -158,12 +160,6 @@ func newFactory() func(config *Config) (Client, *probe.Error) {
 		var api *minio.Client
 		var found bool
 		if api, found = clientCache[confSum]; !found {
-			// if Signature version '4' use NewV4 directly.
-			creds := credentials.NewStaticV4(config.AccessKey, config.SecretKey, config.SessionToken)
-			// if Signature version '2' use NewV2 directly.
-			if strings.ToUpper(config.Signature) == "S3V2" {
-				creds = credentials.NewStaticV2(config.AccessKey, config.SecretKey, "")
-			}
 
 			var transport http.RoundTripper
 
@@ -223,6 +219,51 @@ func newFactory() func(config *Config) (Client, *probe.Error) {
 				}
 			}
 
+			var credsChain []credentials.Provider
+
+			// if an STS endpoint is set, we will add that to the chain
+			if stsEndpoint := env.Get("MC_STS_ENDPOINT", ""); stsEndpoint != "" {
+				// set AWS_WEB_IDENTITY_TOKEN_FILE is MC_WEB_IDENTITY_TOKEN_FILE is set
+				if val := env.Get("MC_WEB_IDENTITY_TOKEN_FILE", ""); val != "" {
+					os.Setenv("AWS_WEB_IDENTITY_TOKEN_FILE", val)
+				}
+
+				stsEndpointURL, err := url.Parse(stsEndpoint)
+				if err != nil {
+					return nil, probe.NewError(fmt.Errorf("Error parsing sts endpoint: %v", err))
+				}
+				credsSts := &credentials.IAM{
+					Client: &http.Client{
+						Transport: transport,
+					},
+					Endpoint: stsEndpointURL.String(),
+				}
+				credsChain = append(credsChain, credsSts)
+			}
+
+			// V4 Credentials
+			credsV4 := &credentials.Static{
+				Value: credentials.Value{
+					AccessKeyID:     config.AccessKey,
+					SecretAccessKey: config.SecretKey,
+					SessionToken:    config.SessionToken,
+					SignerType:      credentials.SignatureV4,
+				},
+			}
+			credsChain = append(credsChain, credsV4)
+			// V2 Credentials
+			credsV2 := &credentials.Static{
+				Value: credentials.Value{
+					AccessKeyID:     config.AccessKey,
+					SecretAccessKey: config.SecretKey,
+					SessionToken:    "",
+					SignerType:      credentials.SignatureV2,
+				},
+			}
+			credsChain = append(credsChain, credsV2)
+
+			creds := credentials.NewChainCredentials(credsChain)
+
 			// Not found. Instantiate a new MinIO
 			var e error
 

diff --git a/cmd/support-diag-spinner-v3.go b/cmd/support-diag-spinner-v3.go
@@ -59,6 +59,7 @@ func receiveHealthInfo(decoder *json.Decoder) (info madmin.HealthInfo, e error)
 
 	createSpinner("CPU Info", func(info madmin.HealthInfo) bool { return len(info.Sys.CPUInfo) > 0 })
 	createSpinner("Disk Info", func(info madmin.HealthInfo) bool { return len(info.Sys.Partitions) > 0 })
+	createSpinner("Net Info", func(info madmin.HealthInfo) bool { return len(info.Sys.NetInfo) > 0 })
 	createSpinner("OS Info", func(info madmin.HealthInfo) bool { return len(info.Sys.OSInfo) > 0 })
 	createSpinner("Mem Info", func(info madmin.HealthInfo) bool { return len(info.Sys.MemInfo) > 0 })
 	createSpinner("Process Info", func(info madmin.HealthInfo) bool { return len(info.Sys.ProcInfo) > 0 })

diff --git a/cmd/support-diag.go b/cmd/support-diag.go
@@ -41,6 +41,12 @@ import (
 	"github.com/tidwall/gjson"
 )
 
+const (
+	anonymizeFlag     = "anonymize"
+	anonymizeStandard = "standard"
+	anonymizeStrict   = "strict"
+)
+
 var supportDiagFlags = append([]cli.Flag{
 	HealthDataTypeFlag{
 		Name:   "test",
@@ -54,6 +60,11 @@ var supportDiagFlags = append([]cli.Flag{
 		Value:  1 * time.Hour,
 		Hidden: true,
 	},
+	cli.StringFlag{
+		Name:  anonymizeFlag,
+		Usage: "Data anonymization mode (standard|strict)",
+		Value: anonymizeStandard,
+	},
 }, subnetCommonFlags...)
 
 var supportDiagCmd = cli.Command{
@@ -79,6 +90,9 @@ EXAMPLES:
 
   2. Generate MinIO diagnostics report for cluster with alias 'myminio', save and upload to SUBNET manually
      {{.Prompt}} {{.HelpName}} myminio --airgap
+
+  3. Upload MinIO diagnostics report for cluster with alias 'myminio' to SUBNET, with strict anonymization
+     {{.Prompt}} {{.HelpName}} myminio --anonymize=strict
 `,
 }
 
@@ -87,6 +101,11 @@ func checkSupportDiagSyntax(ctx *cli.Context) {
 	if len(ctx.Args()) == 0 || len(ctx.Args()) > 1 {
 		showCommandHelpAndExit(ctx, 1) // last argument is exit code
 	}
+
+	anon := ctx.String(anonymizeFlag)
+	if anon != anonymizeStandard && anon != anonymizeStrict {
+		fatal(errDummy().Trace(), "Invalid anonymization mode. Valid options are 'standard' or 'strict'.")
+	}
 }
 
 // compress and tar MinIO diagnostics output
@@ -326,8 +345,7 @@ func fetchServerDiagInfo(ctx *cli.Context, client *madmin.AdminClient) (interfac
 	}
 
 	// Fetch info of all servers (cluster or single server)
-	// TODO: allow configurable "anonymize" inputs
-	resp, version, e := client.ServerHealthInfo(cont, *opts, ctx.Duration("deadline"), "standard")
+	resp, version, e := client.ServerHealthInfo(cont, *opts, ctx.Duration("deadline"), ctx.String(anonymizeFlag))
 	if e != nil {
 		cancel()
 		return nil, "", e

diff --git a/docker-buildx.sh b/docker-buildx.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# Copyright (c) 2015-2021 MinIO, Inc.
+# Copyright (c) 2015-2023 MinIO, Inc.
 #
 # This file is part of MinIO Object Storage stack
 #
@@ -33,6 +33,15 @@ docker buildx build --push --no-cache \
 
 docker buildx prune -f
 
+docker buildx build --push --no-cache \
+        --build-arg RELEASE="${release}" \
+        -t "minio/minio:${release}-cpuv1" \
+        -t "quay.io/minio/minio:${release}-cpuv1" \
+        --platform=linux/arm64,linux/amd64,linux/ppc64le,linux/s390x \
+        -f Dockerfile.release.old_cpu .
+
+docker buildx prune -f
+
 docker buildx build --push --no-cache \
 	--build-arg RELEASE="${release}" \
 	-t "minio/minio:${release}.fips" \