Skip to content

Commit

Permalink
Bugfix sidecar credentials validation (minio#2134)
Browse files Browse the repository at this point in the history
* Bugfix sidecar credentials validation

Sidecar allways return `Missing root credentials in the configuration.` causing tenant to not start on the modification of the tenant configuration secret that sidecar observes

* Adds little `Config secret '%s' sync` log line to know when a secret sync event has triggered in sidecar.

* Remove `pkg/validator.go` file, it got moved to `sidecar/pkg/validator/validator.go` and this one is no longer needed.

* Fix: "Struct Controller has methods on both value and pointer receivers. Such usage is not recommended by the Go Documentation."

* Run Informer factories in goroutines to do not block the process and proceed to wait for caches to sync.

Signed-off-by: pjuarezd <[email protected]>

* lint

Signed-off-by: pjuarezd <[email protected]>

---------

Signed-off-by: pjuarezd <[email protected]>
  • Loading branch information
pjuarezd authored May 24, 2024
1 parent ce0a300 commit fdb7232
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 164 deletions.
140 changes: 0 additions & 140 deletions pkg/validator/validator.go

This file was deleted.

47 changes: 23 additions & 24 deletions sidecar/pkg/sidecar/sidecar_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,7 @@ func NewSideCarController(kubeClient *kubernetes.Clientset, controllerClient *cl
if oldSecret.Name != secretName {
return
}
log.Printf("Config secret '%s' sync", secretName)
newSecret := new.(*corev1.Secret)
if newSecret.ResourceVersion == oldSecret.ResourceVersion {
// Periodic resync will send update events for all known Tenants.
Expand All @@ -151,36 +152,39 @@ func NewSideCarController(kubeClient *kubernetes.Clientset, controllerClient *cl
}
data := newSecret.Data["config.env"]
// validate root creds in string
rootUserMissing := true
rootPassMissing := false
rootUserFound := false
rootPwdFound := false

dataStr := string(data)
if !strings.Contains(dataStr, "MINIO_ROOT_USER") {
rootUserMissing = true
if strings.Contains(dataStr, "MINIO_ROOT_USER") {
rootUserFound = true
}
if !strings.Contains(dataStr, "MINIO_ACCESS_KEY") {
rootUserMissing = true
if strings.Contains(dataStr, "MINIO_ACCESS_KEY") {
rootUserFound = true
}
if !strings.Contains(dataStr, "MINIO_ROOT_PASSWORD") {
rootPassMissing = true
if strings.Contains(dataStr, "MINIO_ROOT_PASSWORD") {
rootPwdFound = true
}
if !strings.Contains(dataStr, "MINIO_SECRET_KEY") {
rootPassMissing = true
if strings.Contains(dataStr, "MINIO_SECRET_KEY") {
rootPwdFound = true
}
if rootUserMissing || rootPassMissing {
if !rootUserFound || !rootPwdFound {
log.Println("Missing root credentials in the configuration.")
log.Println("MinIO won't start")
os.Exit(1)
}

c.regenCfgWithCfg(tenantName, namespace, string(data))
if !strings.HasSuffix(dataStr, "\n") {
dataStr = dataStr + "\n"
}
c.regenCfgWithCfg(tenantName, namespace, dataStr)
},
})

return c
}

func (c Controller) regenCfg(tenantName string, namespace string) {
func (c *Controller) regenCfg(tenantName string, namespace string) {
rootUserFound, rootPwdFound, fileContents, err := validator.ReadTmpConfig()
if err != nil {
log.Println(err)
Expand All @@ -194,7 +198,7 @@ func (c Controller) regenCfg(tenantName string, namespace string) {
c.regenCfgWithCfg(tenantName, namespace, fileContents)
}

func (c Controller) regenCfgWithCfg(tenantName string, namespace string, fileContents string) {
func (c *Controller) regenCfgWithCfg(tenantName string, namespace string, fileContents string) {
ctx := context.Background()

args, err := validator.GetTenantArgs(ctx, c.controllerClient, tenantName, namespace)
Expand All @@ -213,18 +217,13 @@ func (c Controller) regenCfgWithCfg(tenantName string, namespace string, fileCon

// Run starts the informers
func (c *Controller) Run(stopCh chan struct{}) error {
// Starts all the shared minioInformers that have been created by the factory so
// far.
c.minInformerFactory.Start(stopCh)
c.informerFactory.Start(stopCh)
// Starts all the shared minioInformers that have been created by the factory so far.
go c.minInformerFactory.Start(stopCh)
go c.informerFactory.Start(stopCh)

// wait for the initial synchronization of the local cache.
if !cache.WaitForCacheSync(stopCh, c.tenantInformer.Informer().HasSynced) {
return fmt.Errorf("Failed to sync")
}
// wait for the initial synchronization of the local cache.
if !cache.WaitForCacheSync(stopCh, c.secretInformer.Informer().HasSynced) {
return fmt.Errorf("Failed to sync")
if !cache.WaitForCacheSync(stopCh, c.tenantInformer.Informer().HasSynced, c.secretInformer.Informer().HasSynced) {
return fmt.Errorf("failed to sync")
}
return nil
}

0 comments on commit fdb7232

Please sign in to comment.