From 3818303fdc71c2d34005fcaa1d0379ea0a71c69a Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Fri, 11 Jun 2021 12:24:49 -0700 Subject: [PATCH] fix: GetAllCertificatesAndCAs shouldn't fail internally all libraries in pkg/* should never called Fatal() internally, console is imported now and it is important that the failure logging etc are all well controlled. Bonus: update to latest minio/pkg v1.0.6 to get trial customer license verification fixes. Bonus do not exit inside --- cmd/console/server.go | 8 ++++++-- go.mod | 2 +- go.sum | 3 ++- pkg/certs/certs.go | 9 ++++----- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/cmd/console/server.go b/cmd/console/server.go index 734c31a1bb..e805f26c5e 100644 --- a/cmd/console/server.go +++ b/cmd/console/server.go @@ -140,14 +140,18 @@ func loadAllCerts(ctx *cli.Context) error { certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)} // check if certs and CAs directories exists or can be created if err = certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()); err != nil { - return fmt.Errorf("unable to create certs CA directory at %s: with %w", certs.GlobalCertsCADir.Get(), err) + return fmt.Errorf("unable to create certs CA directory at %s: failed with %w", certs.GlobalCertsCADir.Get(), err) } + var manager *xcerts.Manager // load the certificates and the CAs - restapi.GlobalRootCAs, restapi.GlobalPublicCerts, manager = certs.GetAllCertificatesAndCAs() + restapi.GlobalRootCAs, restapi.GlobalPublicCerts, manager, err = certs.GetAllCertificatesAndCAs() restapi.GlobalTLSCertsManager = &certs.TLSCertsManager{ Manager: manager, } + if err != nil { + return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err) + } { // TLS flags from swagger server, used to support VMware vsphere operator version. diff --git a/go.mod b/go.mod index 89833b818b..dffd746aa2 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/minio/minio-go/v7 v7.0.11-0.20210517200026-f0518ca447d6 github.com/minio/operator v0.0.0-20210604224119-7e256f98cf90 github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90 - github.com/minio/pkg v1.0.4 + github.com/minio/pkg v1.0.6 github.com/minio/selfupdate v0.3.1 github.com/mitchellh/go-homedir v1.1.0 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect diff --git a/go.sum b/go.sum index 0c01b5cf9e..e5fc7982a1 100644 --- a/go.sum +++ b/go.sum @@ -891,8 +891,9 @@ github.com/minio/operator v0.0.0-20210604224119-7e256f98cf90/go.mod h1:8/mIXK+CF github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90 h1:Qu6j6oE7+QNuq7Kr2DLyVYq3fqMdqFd/T8NAeNp47og= github.com/minio/operator/logsearchapi v0.0.0-20210604224119-7e256f98cf90/go.mod h1:R+38Pf3wfm+JMiyLPb/r8OMrBm0vK2hZgUT4y4aYoSY= github.com/minio/pkg v1.0.3/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8= -github.com/minio/pkg v1.0.4 h1:+BmaCENP6BaMm9PsGK6L1L5MKulWDxl4qobvJYf6m/E= github.com/minio/pkg v1.0.4/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8= +github.com/minio/pkg v1.0.6 h1:82cyFqL69nSPjprO0+P2T/Rj0AAEljmpUdFjJhpvzvI= +github.com/minio/pkg v1.0.6/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8= github.com/minio/selfupdate v0.3.1 h1:BWEFSNnrZVMUWXbXIgLDNDjbejkmpAmZvy/nCz1HlEs= github.com/minio/selfupdate v0.3.1/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM= github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM= diff --git a/pkg/certs/certs.go b/pkg/certs/certs.go index a334c3fa42..5b18ae2e5f 100644 --- a/pkg/certs/certs.go +++ b/pkg/certs/certs.go @@ -27,7 +27,6 @@ import ( "errors" "fmt" "io/ioutil" - "log" "os" "path/filepath" "strings" @@ -313,18 +312,18 @@ func GetTLSConfig() (x509Certs []*x509.Certificate, manager *xcerts.Manager, err return x509Certs, manager, nil } -func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Manager) { +func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Manager, error) { // load all CAs from ~/.console/certs/CAs GlobalRootCAs, err := xcerts.GetRootCAs(GlobalCertsCADir.Get()) if err != nil { - log.Fatalln(err) + return nil, nil, nil, err } // load all certs from ~/.console/certs globalPublicCerts, globalTLSCertsManager, err := GetTLSConfig() if err != nil { - log.Fatalln(err) + return nil, nil, nil, err } - return GlobalRootCAs, globalPublicCerts, globalTLSCertsManager + return GlobalRootCAs, globalPublicCerts, globalTLSCertsManager, nil } // TLSCertsManager custom TLS Manager for SNI support