-
Notifications
You must be signed in to change notification settings - Fork 547
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Accept SECRET_KEY using prompt and standard input. #2785
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2785 +/- ##
==========================================
- Coverage 10.5% 10.37% -0.14%
==========================================
Files 129 127 -2
Lines 12751 12738 -13
==========================================
- Hits 1339 1321 -18
- Misses 11245 11258 +13
+ Partials 167 159 -8
Continue to review full report at Codecov.
|
9ca1000
to
3d482f3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments
Okay so @abperiasamy confirmed two things
So you need to redo this PR to have this behavior. |
👍 |
12bcc47
to
54da186
Compare
@harshavardhana @vadmeste @poornas modifed the PR. PTAL |
One more thing this PR also needs to do is when |
54da186
to
a933298
Compare
Done with the other changes . Can you elaborate |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments
docs/minio-admin-complete-guide.md
Outdated
*Example: Add a new user 'testuser' on MinIO, with 'writeonly' using standard input.* | ||
|
||
```sh | ||
$ set -o history |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't have to disable history if we are entering access & secret keys in the prompt
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed
cmd/admin-user-add.go
Outdated
{{.EnableHistory}} | ||
$ set -o history | ||
$ {{.HelpName}} myminio foobar foo12345 | ||
$ set +o history |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is some extra leading spaces here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
corrected
docs/minio-client-complete-guide.md
Outdated
Enter API signature. An optional argument. Default value 'S3v4' : | ||
Enter lookup. An optional argument. Default value 'auto' : |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe both of these prompts are not there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, removed.
a933298
to
6d84281
Compare
The access and secret key is taken as an input from promt . This is done to avoid the credetials shown in ps aux command. Adding a new user asks for a user credentials.
6d84281
to
e3b4547
Compare
value, _, _ := reader.ReadLine() | ||
accessKey = string(value) | ||
fmt.Printf("%s", console.Colorize(cred, "Enter Secret Key : ")) | ||
bytePassword, _ := terminal.ReadPassword(int(syscall.Stdin)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing proper error handling
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also according to Terminal.ReadPassword we are supposed to pass the prompt. In any case we should use os.File.Fd()
instead of the syscall
package.
case numberOfArgs == 2: | ||
accessKey = args.Get(1) | ||
fmt.Printf("%s", console.Colorize(cred, "Enter Secret Key : ")) | ||
bytePassword, _ := terminal.ReadPassword(int(syscall.Stdin)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing proper error handling
are we going to implement this? @kannappanr @sinhaashish - if there are no plans can we close them out? |
ping @sinhaashish |
please implement this. it is not uncommon for security policies to require (or force) shell logging. |
Based on work by @sinhaashish in minio#2785
Based on work by @sinhaashish in minio#2785
Based on work by @sinhaashish in minio#2785
Based on work by @sinhaashish in minio#2785
Closing this for now . Will send another PR for this |
@sinhaashish would you take a look at #3083 |
Based on work by @sinhaashish in minio#2785
Based on work by @sinhaashish in minio#2785
The
ACCESS_KEY
,SECRET_KEY
is taken as an input . This is done to avoid the credentials shownin
ps aux
command.Adding a new user asks for their credentials.
To test:
mc config host add myminio http://192.168.86.149:9000
mc admin user add myminio foobar readonly
Fixes #2651