Merge branch 'master' into mc_share_contentlengthrange

Author: harshavardhana

Dockerfile.release.fips

@@ -18,7 +18,15 @@
 package cmd
 
 import (
+	"strings"
+	"time"
+
+	"github.com/charmbracelet/lipgloss"
+	humanize "github.com/dustin/go-humanize"
 	"github.com/minio/cli"
+	json "github.com/minio/colorjson"
+	"github.com/minio/madmin-go/v3"
+	"github.com/minio/mc/pkg/probe"
 )
 
 var adminAccesskeyInfoCmd = cli.Command{
@@ -45,6 +53,150 @@ EXAMPLES:
 	`,
 }
 
+type accesskeyMessage struct {
+	op            string
+	Status        string          `json:"status"`
+	AccessKey     string          `json:"accessKey"`
+	SecretKey     string          `json:"secretKey,omitempty"`
+	STS           bool            `json:"sts,omitempty"`
+	ParentUser    string          `json:"parentUser,omitempty"`
+	AccountStatus string          `json:"accountStatus,omitempty"`
+	ImpliedPolicy bool            `json:"impliedPolicy,omitempty"`
+	Policy        json.RawMessage `json:"policy,omitempty"`
+	Name          string          `json:"name,omitempty"`
+	Description   string          `json:"description,omitempty"`
+	Expiration    *time.Time      `json:"expiration,omitempty"`
+	Provider      string          `json:"provider,omitempty"`
+	ProviderInfo  providerInfo    `json:"providerInfo,omitempty"`
+}
+
+func (m accesskeyMessage) String() string {
+	labelStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("#04B575")) // green
+	o := strings.Builder{}
+	switch m.op {
+	case "info":
+		expirationStr := "NONE"
+		if m.Expiration != nil && !m.Expiration.IsZero() && !m.Expiration.Equal(timeSentinel) {
+			expirationStr = humanize.Time(*m.Expiration)
+		}
+		policyStr := "embedded"
+		if m.ImpliedPolicy {
+			policyStr = "implied"
+		}
+		statusStr := "enabled"
+		if m.AccountStatus == "off" {
+			statusStr = "disabled"
+		}
+		stsStr := "false"
+		if m.STS {
+			stsStr = "true"
+		}
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Access Key:"), m.AccessKey))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Parent User:"), m.ParentUser))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Status:"), statusStr))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Policy:"), policyStr))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Name:"), m.Name))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Description:"), m.Description))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Expiration:"), expirationStr))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("STS:"), stsStr))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Provider:"), m.Provider))
+		if m.ProviderInfo != nil {
+			o.WriteString(iFmt(0, "%s\n", labelStyle.Render("Provider Specific Info:")))
+			o.WriteString(m.ProviderInfo.String())
+		}
+	case "create":
+		expirationStr := "NONE"
+		if m.Expiration != nil && !m.Expiration.IsZero() && !m.Expiration.Equal(timeSentinel) {
+			expirationStr = m.Expiration.String()
+		}
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Access Key:"), m.AccessKey))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Secret Key:"), m.SecretKey))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Expiration:"), expirationStr))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Name:"), m.Name))
+		o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("Description:"), m.Description))
+	case "remove":
+		o.WriteString(labelStyle.Render(iFmt(0, "Successfully removed access key `%s`.", m.AccessKey)))
+	case "edit":
+		o.WriteString(labelStyle.Render(iFmt(0, "Successfully edited access key `%s`.", m.AccessKey)))
+	case "enable":
+		o.WriteString(labelStyle.Render(iFmt(0, "Successfully enabled access key `%s`.", m.AccessKey)))
+	case "disable":
+		o.WriteString(labelStyle.Render(iFmt(0, "Successfully disabled access key `%s`.", m.AccessKey)))
+	}
+	return o.String()
+}
+
+func (m accesskeyMessage) JSON() string {
+	m.Status = "success"
+	jsonMessageBytes, e := json.MarshalIndent(m, "", " ")
+	fatalIf(probe.NewError(e), "Unable to marshal into JSON.")
+
+	return string(jsonMessageBytes)
+}
+
+type providerInfo interface {
+	String() string
+}
+
 func mainAdminAccesskeyInfo(ctx *cli.Context) error {
 	return commonAccesskeyInfo(ctx)
 }
+
+func commonAccesskeyInfo(ctx *cli.Context) error {
+	if len(ctx.Args()) < 2 {
+		showCommandHelpAndExit(ctx, 1) // last argument is exit code
+	}
+
+	args := ctx.Args()
+	aliasedURL := args.Get(0)
+	accessKeys := args.Tail()
+
+	// Create a new MinIO Admin Client
+	client, err := newAdminClient(aliasedURL)
+	fatalIf(err, "Unable to initialize admin connection.")
+
+	for _, accessKey := range accessKeys {
+		// Assume service account by default
+		res, e := client.InfoAccessKey(globalContext, accessKey)
+		fatalIf(probe.NewError(e), "Unable to get info for access key.")
+		m := accesskeyMessage{
+			op:            "info",
+			AccessKey:     accessKey,
+			ParentUser:    res.ParentUser,
+			AccountStatus: res.AccountStatus,
+			ImpliedPolicy: res.ImpliedPolicy,
+			Policy:        json.RawMessage(res.Policy),
+			Name:          res.Name,
+			Description:   res.Description,
+			Expiration:    nilExpiry(res.Expiration),
+			Provider:      res.UserProvider,
+		}
+
+		switch res.UserProvider {
+		case madmin.LDAPProvider:
+			info := res.LDAPSpecificInfo
+			m.ProviderInfo = ldapAccessKeyInfo{
+				Username: info.Username,
+			}
+		case madmin.OpenIDProvider:
+			info := res.OpenIDSpecificInfo
+			m.ProviderInfo = openIDAccessKeyInfo{
+				ConfigName:       info.ConfigName,
+				UserID:           info.UserID,
+				UserIDClaim:      info.UserIDClaim,
+				DisplayName:      info.DisplayName,
+				DisplayNameClaim: info.DisplayNameClaim,
+			}
+		}
+		printMsg(m)
+	}
+
+	return nil
+}
+
+func nilExpiry(expiry *time.Time) *time.Time {
+	if expiry != nil && expiry.Equal(timeSentinel) {
+		return nil
+	}
+	return expiry
+}

cmd/admin-accesskey-info.go

@@ -119,6 +119,11 @@ func mainClusterBucketExport(ctx *cli.Context) error {
 	}
 	fatalIf(probe.NewError(moveFile(tmpFile.Name(), downloadPath)), "Unable to rename downloaded data, file exists at %s", tmpFile.Name())
 
+	// Explicitly set permissions to 0o600 and override umask
+	// to ensure that the file is not world-readable.
+	e = os.Chmod(downloadPath, 0o600)
+	fatalIf(probe.NewError(e), "Unable to set file permissions for "+downloadPath)
+
 	if !globalJSON {
 		console.Infof("Bucket metadata successfully downloaded as %s\n", downloadPath)
 		return nil

cmd/admin-cluster-bucket-export.go

@@ -125,6 +125,11 @@ func mainClusterIAMExport(ctx *cli.Context) error {
 
 	fatalIf(probe.NewError(moveFile(tmpFile.Name(), downloadPath)), "Unable to rename downloaded data, file exists at %s", tmpFile.Name())
 
+	// Explicitly set permissions to 0o600 and override umask
+	// to ensure that the file is not world-readable.
+	e = os.Chmod(downloadPath, 0o600)
+	fatalIf(probe.NewError(e), "Unable to set file permissions for "+downloadPath)
+
 	if !globalJSON {
 		console.Infof("IAM info successfully downloaded as %s\n", downloadPath)
 		return nil

cmd/admin-cluster-iam-export.go

@@ -107,15 +107,6 @@ func (l logMessage) String() string {
 	if l.NodeName != "" {
 		hostStr = fmt.Sprintf("%s ", colorizedNodeName(l.NodeName))
 	}
-	log := l.LogInfo
-	if log.ConsoleMsg != "" {
-		if strings.HasPrefix(log.ConsoleMsg, "\n") {
-			fmt.Fprintf(b, "%s\n", hostStr)
-			log.ConsoleMsg = strings.TrimPrefix(log.ConsoleMsg, "\n")
-		}
-		fmt.Fprintf(b, "%s %s", hostStr, log.ConsoleMsg)
-		return b.String()
-	}
 	if l.API != nil {
 		apiString := "API: " + l.API.Name + "("
 		if l.API.Args != nil && l.API.Args.Bucket != "" {
@@ -142,6 +133,9 @@ func (l logMessage) String() string {
 	if l.UserAgent != "" {
 		fmt.Fprintf(b, "\n%s UserAgent: %s", hostStr, l.UserAgent)
 	}
+	if l.Message != "" {
+		fmt.Fprintf(b, "\n%s Message: %s", hostStr, l.Message)
+	}
 	if l.Trace != nil {
 		if l.Trace.Message != "" {
 			fmt.Fprintf(b, "\n%s Error: %s", hostStr, console.Colorize("LogMessage", l.Trace.Message))

cmd/admin-logs.go

@@ -74,13 +74,12 @@ func (m resyncCancelMessage) String() string {
 }
 
 func mainAdminReplicateResyncCancel(ctx *cli.Context) error {
-	{
-		// Check argument count
-		argsNr := len(ctx.Args())
-		if argsNr != 2 {
-			cli.ShowCommandHelpAndExit(ctx, "cancel", 1) // last argument is exit code
-		}
+	// Check argument count
+	argsNr := len(ctx.Args())
+	if argsNr != 2 {
+		showCommandHelpAndExit(ctx, 1) // last argument is exit code
 	}
+
 	console.SetColor("ResyncMessage", color.New(color.FgGreen))
 
 	// Get the alias parameter from cli

cmd/admin-replicate-resync-cancel.go

@@ -21,10 +21,11 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/minio/madmin-go/v3"
+
 	"github.com/fatih/color"
 	"github.com/minio/cli"
 	json "github.com/minio/colorjson"
-	"github.com/minio/madmin-go/v3"
 	"github.com/minio/mc/pkg/probe"
 	"github.com/minio/pkg/v3/console"
 )
@@ -74,12 +75,10 @@ func (m resyncMessage) String() string {
 }
 
 func mainAdminReplicateResyncStart(ctx *cli.Context) error {
-	{
-		// Check argument count
-		argsNr := len(ctx.Args())
-		if argsNr != 2 {
-			cli.ShowCommandHelpAndExit(ctx, "start", 1) // last argument is exit code
-		}
+	// Check argument count
+	argsNr := len(ctx.Args())
+	if argsNr != 2 {
+		showCommandHelpAndExit(ctx, 1) // last argument is exit code
 	}
 
 	console.SetColor("ResyncMessage", color.New(color.FgGreen))

cmd/admin-replicate-resync-start.go

@@ -60,12 +60,10 @@ EXAMPLES:
 }
 
 func mainAdminReplicationResyncStatus(ctx *cli.Context) error {
-	{
-		// Check argument count
-		argsNr := len(ctx.Args())
-		if argsNr != 2 {
-			cli.ShowCommandHelpAndExit(ctx, "status", 1) // last argument is exit code
-		}
+	// Check argument count
+	argsNr := len(ctx.Args())
+	if argsNr != 2 {
+		showCommandHelpAndExit(ctx, 1) // last argument is exit code
 	}
 
 	console.SetColor("ResyncMessage", color.New(color.FgGreen))

cmd/admin-replicate-resync-status.go

@@ -411,12 +411,10 @@ func (opts matchOpts) matches(traceInfo madmin.ServiceTraceInfo) bool {
 		}
 	}
 
-	if opts.requestSize > 0 && traceInfo.Trace.HTTP.CallStats.InputBytes < int(opts.requestSize) {
-		return false
-	}
-
-	if opts.responseSize > 0 && traceInfo.Trace.HTTP.CallStats.OutputBytes < int(opts.responseSize) {
-		return false
+	if traceInfo.Trace.HTTP != nil {
+		if (opts.requestSize > 0 && traceInfo.Trace.HTTP.CallStats.InputBytes < int(opts.requestSize)) || (opts.responseSize > 0 && traceInfo.Trace.HTTP.CallStats.OutputBytes < int(opts.responseSize)) {
+			return false
+		}
 	}
 
 	return true

cmd/admin-trace.go

@@ -148,7 +148,7 @@ func checkAliasSetSyntax(ctx *cli.Context, accessKey, secretKey string, deprecat
 		}
 	} else {
 		if !isValidPath(path) {
-			fatalIf(errInvalidArgument().Trace(bucketLookup),
+			fatalIf(errInvalidArgument().Trace(path),
 				"Unrecognized path value. Valid options are `[auto, on, off]`.")
 		}
 	}