Compare commits
55 Commits
Author | SHA1 | Date |
---|---|---|
|
b624d6775c | |
|
330f186821 | |
|
72224538ea | |
|
fb1f583f4c | |
|
5699a05783 | |
|
64222e227e | |
|
8f7a046554 | |
|
3717901b12 | |
|
85f4a808be | |
|
9d1b7e1a9d | |
|
9bea0cc891 | |
|
557a8acd3d | |
|
fb1db2809a | |
|
7fcfa2d793 | |
|
2e71a424d6 | |
|
d5ed478302 | |
|
63240d9ef7 | |
|
ea84113aa7 | |
|
d70ab90edf | |
|
47ca8d4426 | |
|
a6c683af4d | |
|
b64d0c834b | |
|
8aab79757f | |
|
4d0ed6744f | |
|
5f7d71f028 | |
|
26e95361b6 | |
|
5cee1588f3 | |
|
d8c7fa0d47 | |
|
2f8caf38d4 | |
|
51850a87d8 | |
|
9a9367d5f4 | |
|
bedc600aa5 | |
|
368da33581 | |
|
ca6eaad35d | |
|
e47f31b8a8 | |
|
05c08cdafe | |
|
af2efcfd46 | |
|
042e08f7ad | |
|
5f6b3ef9c3 | |
|
0e6b93f732 | |
|
2b7aff15d3 | |
|
febd561bfb | |
|
abef481b63 | |
|
2b0dcc7d38 | |
|
0c32be8139 | |
|
fd04e1b784 | |
|
bd883b747c | |
|
618c3c6736 | |
|
fba9a4ff32 | |
|
7878d690b9 | |
|
623b291e62 | |
|
74bc0cbbd2 | |
|
316047b1d3 | |
|
569e830514 | |
|
7417ce44e5 |
249
CHANGELOG
249
CHANGELOG
|
@ -2343,3 +2343,252 @@ Improve replication performance. See (#12080, #12054, #12009) for more details.
|
|||
* Update minio to 2024-02-17T01-15-57Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-02-17T01-15-57Z)
|
||||
|
||||
[3.13.0]
|
||||
* Implement OIDC authentication
|
||||
|
||||
[3.13.1]
|
||||
* Update minio to 2024-02-26T09-33-48Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-02-26T09-33-48Z)
|
||||
* fix: crash in ResourceMetrics RPC handling concurrent writers by @harshavardhana in https://github.com/minio/minio/pull/19123
|
||||
* fix: re-arrange console-sys to log properly in k8s/docker by @harshavardhana in https://github.com/minio/minio/pull/19129
|
||||
|
||||
[3.13.2]
|
||||
* Update minio to 2024-03-03T17-50-39Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-03T17-50-39Z)
|
||||
* Major performance improvement on total connection usage and de-duplicate ILM entries refer #18926
|
||||
* Major performance improvement for Listing() to avoid readdir() under situations for directory lookups refer #19100
|
||||
* Read drive IO stats from sysfs instead of procfs by @Praveenrajmani in #19131
|
||||
* ilm: Select an object when all AND tags are satisfied by @vadmeste in #19134
|
||||
* remove unnecessary 'recreate' code by @harshavardhana in #19136
|
||||
* feat: add userCredentials for nats by @jiuker in #19139
|
||||
|
||||
[3.13.3]
|
||||
* Update minio to 2024-03-05T04-48-44Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-05T04-48-44Z)
|
||||
* fix: healthcheck to fail even if one erasure set doesn't have quorum by @Praveenrajmani in #19180
|
||||
* Add common middleware to S3 API handlers by @donatello in #19171
|
||||
* fix: nLink is unreliable on all filesystems by @harshavardhana in #19187
|
||||
* Fix ilm config at startup by @krisis in #19189
|
||||
* fix: skip local disks properly in cluster health maintenance check by @harshavardhana in #19184
|
||||
|
||||
[3.13.4]
|
||||
* Update minio to 2024-03-07T00-43-48Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-07T00-43-48Z)
|
||||
* fix: cluster read health check to return proper values by @Praveenrajmani in #19203
|
||||
* fix: a regression in loading replication creds by @harshavardhana in #19204
|
||||
* fix: go mod update v1.33.0 https://pkg.go.dev/vuln/GO-2024-2611 by @harshavardhana in #19208
|
||||
* bucket import: avoid overwriting bucket creation date by @poornas in #19207
|
||||
* Set expected expiry date for ExpiredObjectAllVersions by @krisis in #19210
|
||||
|
||||
[3.13.5]
|
||||
* Update minio to 2024-03-10T02-53-48Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-10T02-53-48Z)
|
||||
* make immediate purge non-blocking up to 100,000 entries per drive (#19231)
|
||||
* make immediate purge non-blocking upto 100000 entries per drive
|
||||
* Bonus: turn-off O_DIRECT verification when FSType is 'XFS'
|
||||
|
||||
[3.13.6]
|
||||
* Update minio to 2024-03-15T01-07-19Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-15T01-07-19Z)
|
||||
* allow dynamically changing max_object_versions per object (#19265)
|
||||
|
||||
[3.13.7]
|
||||
* Update minio to 2024-03-21T23-13-43Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/2024-03-21T23-13-43Z)
|
||||
* write anything beyond 4k to be written in 4k pages by @harshavardhana in https://github.com/minio/minio/pull/19269
|
||||
* fix wrong time.Parse params order by @alingse in https://github.com/minio/minio/pull/19279
|
||||
* implement a flag to specify custom crossdomain.xml by @harshavardhana in https://github.com/minio/minio/pull/19262
|
||||
* fix: add a default requests deadline when deadline is 0 by @harshavardhana in https://github.com/minio/minio/pull/19287
|
||||
* add deprecated expiry_workers to be ignored by @harshavardhana in https://github.com/minio/minio/pull/19289
|
||||
* add additional logs for the decom during metadata save by @harshavardhana in https://github.com/minio/minio/pull/19288
|
||||
* feat: add user to NOTIFY_REDIS by @jiuker in https://github.com/minio/minio/pull/19285
|
||||
* change the notification queue full message by @harshavardhana in https://github.com/minio/minio/pull/19293
|
||||
* list: Fix IsTruncated and NextMarker when encountering expired objects by @vadmeste in https://github.com/minio/minio/pull/19290
|
||||
* xl: Purge instead of moving to trash with near filled disks by @vadmeste in https://github.com/minio/minio/pull/19294
|
||||
* crypto: generate OEK using HMAC-SHA256 instead of SHA256 by @aead in https://github.com/minio/minio/pull/19297
|
||||
* decom: Fix failed status after a failed decommission by @vadmeste in https://github.com/minio/minio/pull/19300
|
||||
* Handle zero versions qualified for expiration by @krisis in https://github.com/minio/minio/pull/19301
|
||||
* avoid triggering heals on metacache files if any by @harshavardhana in https://github.com/minio/minio/pull/19299
|
||||
* add IAM policyDB lookup fallbacks to drives by @harshavardhana in https://github.com/minio/minio/pull/19302
|
||||
* replication: enforce precondition for multipart by @poornas in https://github.com/minio/minio/pull/19306
|
||||
* fix: peer addr returned as empty string by @anjalshireesh in https://github.com/minio/minio/pull/19308
|
||||
* fix: Fix crash when logging events and anonymous is enabled by @vadmeste in https://github.com/minio/minio/pull/19313
|
||||
* use retry during policy reload from drives by @harshavardhana in https://github.com/minio/minio/pull/19307
|
||||
* Encode dir obj names before expiration by @krisis in https://github.com/minio/minio/pull/19305
|
||||
* fix batch snowball to close channel after listing finishes by @poornas in https://github.com/minio/minio/pull/19316
|
||||
|
||||
[3.13.8]
|
||||
* Update minio to 2024-03-26T22-10-45Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/2024-03-26T22-10-45Z)
|
||||
* Webhook targets refactor and bug fixes by @zveinn in https://github.com/minio/minio/pull/19275
|
||||
* fix: convert multiple callers to use toStorageErr(err) correctly by @harshavardhana in https://github.com/minio/minio/pull/19339
|
||||
* fix: should return when error happend by @jiuker in https://github.com/minio/minio/pull/19342
|
||||
* bring back minor DNS cache for k8s setups by @harshavardhana in https://github.com/minio/minio/pull/19341
|
||||
* Adding dashboard for MinIO node metrics by @shtripat in https://github.com/minio/minio/pull/19329
|
||||
* Fix races in IAM cache lazy loading by @klauspost in https://github.com/minio/minio/pull/19346
|
||||
* allow configuring inline shard size value by @harshavardhana in https://github.com/minio/minio/pull/19336
|
||||
* replication:fix precondition check for multipart by @poornas in https://github.com/minio/minio/pull/19349
|
||||
|
||||
[3.13.9]
|
||||
* Update minio to 2024-03-30T09-41-56Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-03-30T09-41-56Z)
|
||||
* Support for SSE-C encrypted objects with site and bucket replication.
|
||||
* CPU issue addressed when you have 1000's of folder prefixes at bucket root.
|
||||
* LDAP support normalization of DN names for consistent behavior.
|
||||
|
||||
[3.13.10]
|
||||
* Update minio to 2024-04-06T05-26-02Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-04-06T05-26-02Z)
|
||||
* Reduce big message RPC allocations by @klauspost in #19390
|
||||
* Prioritize the bucket configs first during the decommissioning by @Praveenrajmani in #19393
|
||||
* fix: missing metrics for healed objects by @harshavardhana in #19392
|
||||
* Always return slice with cap by @klauspost in #19395
|
||||
* Adding console targets back into systemtarget log slice by @zveinn in #19398
|
||||
* feat: support EdDSA/Ed25519 for oss by @jiuker in #19397
|
||||
* update to latest deps by @harshavardhana in #19399
|
||||
* Avoid using a nil transport when the config is not initialized by @vadmeste in #19405
|
||||
|
||||
[3.13.11]
|
||||
* Update minio to 2024-04-18T19-09-19Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-04-18T19-09-19Z)
|
||||
* fix: add fallbackDisks for disk healing by @harshavardhana in #19425
|
||||
* fix: increase the tiering part size to 128MiB by @harshavardhana in #19424
|
||||
* heal: Add more per disk healing result in the audit by @vadmeste in #19427
|
||||
* batch-repl: Do not allow both source/target to be remote by @vadmeste in #19434
|
||||
* Allow setting readOnlyRootFilesystem in securityContext by @AlexanderThaller in #19437
|
||||
* Add a warning when the total size of an object versions exceeds 1 TiB by @vadmeste in #19435
|
||||
* make if-none-match PUT/POST RFC compliant by @harshavardhana in #19448
|
||||
* fix: unknow contentType for ArchiveFileHandler by @jiuker in #19451
|
||||
|
||||
[3.13.12]
|
||||
* Update minio to 2024-04-28T17-53-50Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-04-28T17-53-50Z)
|
||||
* updating tests to use new mc --enc flags by @zveinn in #19508
|
||||
* fix: get rid of large buffers by @harshavardhana in #19549
|
||||
* cleanup: Simplify usage of MinIOSourceProxyRequest by @rluetzner in #19553
|
||||
* optimize ftp/sftp upload() implementations to avoid CPU load by @harshavardhana in #19552
|
||||
* add ILM + site-replication tests by @harshavardhana in #19554
|
||||
* Store object EC in metadata header by @klauspost in #19534
|
||||
* Reduce parallelReader allocs by @klauspost in #19558
|
||||
* make LRU cache global for internode tokens by @harshavardhana in #19555
|
||||
* fix: ignore signaturev2 for policy header check by @jiuker in #19551
|
||||
* build(deps): bump golang.org/x/net from 0.19.0 to 0.23.0 in /docs/debugging/s3-verify by @dependabot in #19559
|
||||
* Disable trailing header support for MinIO tiers by @krisis in #19561
|
||||
* re-use transport and set stronger backwards compatible Ciphers by @harshavardhana in #19565
|
||||
* do not panic on rebalance during server restarts by @harshavardhana in #19563
|
||||
* Fix RenameData data race by @klauspost in #19579
|
||||
* Remove leading zero strings in return value of (*xlMetaV2)getDataDirs() by @seiyab in #19567
|
||||
* fix: can't get total disksize for decom status by @jiuker in #19585
|
||||
* make renameData() more defensive during overwrites by @harshavardhana in #19548
|
||||
* Add system CPU metrics to metrics-v3 by @anjalshireesh in #19560
|
||||
* fix: avoid some IAM import errors if LDAP enabled by @donatello in #19591
|
||||
* simplify listener implementation setup customizations in right place by @harshavardhana in #19589
|
||||
* Add cluster notification metrics in metrics-v3 by @balamurugana in #19533
|
||||
* Fix few wrongly defined metric types by @anjalshireesh in #19586
|
||||
* fix: site-replication will reset group status when add user by @jiuker in #19594
|
||||
* Validates PostgreSQL table name by @ramondeklein in #19602
|
||||
* xl-meta: Allow combining multiple unversioned objects by @klauspost in #19604
|
||||
* support preserving renameData() on inlined content during overwrites by @harshavardhana in #19609
|
||||
* fix: IAM import for LDAP should replace mappings by @donatello in #19607
|
||||
* fix: IAM LDAP access key import bug by @donatello in #19608
|
||||
* Fixes an internal error while force-deleting a bucket by @ramondeklein in #19614
|
||||
* Update Console UI to v1.3.0 by @cesnietor in #19617
|
||||
* fix: LDAP init. issue when LDAP server is down by @donatello in #19619
|
||||
* heal: Fix regression in healing a new fresh drive by @vadmeste in #19615
|
||||
* add metrics ioerror counter for alerts on I/O errors by @harshavardhana in #19618
|
||||
* Fix DeleteObject API for unversioned objects with insufficient read q… by @poornas in #19581
|
||||
* deprecate usage of sha256-simd by @harshavardhana in #19621
|
||||
* heal: Avoid marking a bucket as done when remote drives are offline by @vadmeste in #19587
|
||||
* helm: fix port types in CiliumNetworkPolicy by @twelho in #19232
|
||||
* Add process metrics in metrics-v3 by @anjalshireesh in #19612
|
||||
* Handle failures in pool rebalancing by @Praveenrajmani in #19623
|
||||
* heal/list: Fix rare incomplete listing with flaky internode connections by @vadmeste in #19625
|
||||
* iam reload policy mapping of STS users properly by @poornas in #19626
|
||||
* a bunch of fixes for error handling by @harshavardhana in #19627
|
||||
|
||||
[3.13.13]
|
||||
* Update minio to 2024-05-01T01-11-10Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-05-01T01-11-10Z)
|
||||
* Always unfreeze when connection dies by @klauspost in #19634
|
||||
* avoid data race for testing by @jiuker in #19635
|
||||
* Suppress metrics with zero values by @shtripat in #19638
|
||||
* Allow custom SFTP algorithm selection by @klauspost in #19636
|
||||
* fix: a crash in RemoveReplication target by @harshavardhana in #19640
|
||||
* ilm: Handle DeleteAllVersions action differently for DEL markers by @krisis in #19481
|
||||
|
||||
[3.13.14]
|
||||
* Update minio to 2024-05-07T06-41-25Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-05-07T06-41-25Z)
|
||||
* Fix --stfp "mac-algos=..." overwrites cipher algorithms by @klauspost in #19643
|
||||
* enhance ListSVCs() API to return more info to avoid InfoSvc() by @harshavardhana in #19642
|
||||
* Wait one minute after startup to restart decommissioning by @klauspost in #19645
|
||||
* add logrotate support for MinIO logs by @harshavardhana in #19641
|
||||
* Return listing when exceeding min disk errors by @klauspost in #19644
|
||||
* fix: Filter out cust. AssumeRole Token for audit by @donatello in #19646
|
||||
* support compression after rotation of logs by @harshavardhana in #19647
|
||||
* Add cluster IAM metrics in metrics-v3 by @balamurugana in #19595
|
||||
* Use better gzip for log rotate by @klauspost in #19651
|
||||
* Change endpoint format for per-bucket metrics by @anjalshireesh in #19655
|
||||
* replication: Avoid proxying if requested object is a deletemarker by @poornas in #19656
|
||||
* With retention, skip actions expiring all versions by @krisis in #19657
|
||||
* extend server config.yaml to support per pool set drive count by @harshavardhana in #19663
|
||||
* Fix Walk missing entries with opts.Marker set by @klauspost in #19661
|
||||
* avoid using 10MiB EC buffers in maxAPI calculations by @harshavardhana in #19665
|
||||
* turn-off coloring if we have std{err,out} dumb terminals by @harshavardhana in #19667
|
||||
* add support for specific error response for InvalidRange by @harshavardhana in #19668
|
||||
* support 'mc support perf object' with root login disabled by @harshavardhana in #19672
|
||||
* fix: Ignore AWSAccessKeyId check for SignV2 policy condition by @jiuker in #19673
|
||||
* Make WalkDir return errors by @klauspost in #19677
|
||||
* support ETag value to be '*' by @harshavardhana in #19682
|
||||
* Update Console version to v1.4.0 by @bexsoft in #19684
|
||||
* Set Console Redirect URL env variable by @cesnietor in #19683
|
||||
* fix: collect quorum errors for deletePrefix() by @harshavardhana in #19685
|
||||
* Support user certificate based authentication on SFTP by @olljanat in #19650
|
||||
|
||||
[3.13.15]
|
||||
* Update minio to 2024-05-10T01-41-38Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-05-10T01-41-38Z)
|
||||
* fix: unexpected credentials missing while passing (05/09/24)
|
||||
* remove references for MINIO_SERVER_URL (05/09/24)
|
||||
* add log-prefix name for specifying custom log-name (#19712) (05/09/24)
|
||||
* Revert "Fix incorrect merging of slash-suffixed objects (#19699)" (05/09/24)
|
||||
* fix: truncate Expiration to second when Add ServiceAccount (#19674) (05/10/24)
|
||||
* Fix incorrect merging of slash-suffixed objects (#19699) (05/09/24)
|
||||
* deprecate unexpected healing failed counters (#19705) (05/09/24)
|
||||
* pass around correct endpoint while registering remote storage (#19710) (05/09/24)
|
||||
* ldap-import: Add additional logs (#19691) (05/09/24)
|
||||
* results must be a single channel to avoid overwriting healing.bin (#19702) (05/09/24)
|
||||
* chore: use errors.New to replace fmt.Errorf with no parameters (#19568) (05/09/24)
|
||||
* upgrade to go1.22.x (05/09/24)
|
||||
* allow caller context during reloads() to cancel (#19687) (05/08/24)
|
||||
* grid: Fix a window of a disconnected node not marked as offline (#19703) (05/09/24)
|
||||
* Accept multipart checksums with part count (#19680) (05/08/24)
|
||||
* kms: add support for MinKMS and remove some unused/broken code (#19368) (05/08/24)
|
||||
* return appropriate error upon reaching maxClients() (#19669) (05/07/24)
|
||||
|
||||
[3.13.16]
|
||||
* Update minio to 2024-05-27T19-17-46Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-05-27T19-17-46Z)
|
||||
* Major optimization in handling hung network disconnects, and related tests and hardening added #19719, #19605, #19741
|
||||
* Fix a medium CVE for information disclosure - during GETs with conditional headers such as If-modified-since, if-unmodified-since #19810
|
||||
|
||||
[3.13.17]
|
||||
* Update minio to 2024-05-28T17-19-04Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-05-28T17-19-04Z)
|
||||
|
||||
[3.13.18]
|
||||
* Update minio to 2024-06-04T19-20-08Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-06-04T19-20-08Z)
|
||||
|
||||
[3.13.19]
|
||||
* Update minio to 2024-06-06T09-36-42Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-06-06T09-36-42Z)
|
||||
|
||||
[3.13.20]
|
||||
* Update minio to 2024-06-11T03-13-30Z
|
||||
* [Changelog](https://github.com/minio/minio/releases/tag/RELEASE.2024-06-11T03-13-30Z)
|
||||
* Disable caching of encrypted objects by @klauspost in #19890
|
||||
* Calculate correct object size while replication by @shtripat in #19888
|
||||
* Don't tier directory objects by @krisis in #19891
|
||||
* Update docker build script to pull all changes by @donatello in #19892
|
||||
* Two way streams fixes - take 2 by @klauspost in #19796
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
"description": "file://DESCRIPTION.md",
|
||||
"changelog": "file://CHANGELOG",
|
||||
"tagline": "Distributed object storage",
|
||||
"version": "3.12.14",
|
||||
"upstreamVersion": "2024-02-17T01-15-57Z",
|
||||
"version": "3.13.20",
|
||||
"upstreamVersion": "2024-06-11T03-13-30Z",
|
||||
"healthCheckPath": "/minio/login",
|
||||
"memoryLimit": 2147483648,
|
||||
"httpPort": 8000,
|
||||
|
@ -19,8 +19,10 @@
|
|||
}
|
||||
},
|
||||
"addons": {
|
||||
"localstorage": {}
|
||||
"localstorage": {},
|
||||
"oidc": { "loginRedirectUri": "/oauth_callback" }
|
||||
},
|
||||
"optionalSso": true,
|
||||
"manifestVersion": 2,
|
||||
"website": "http://www.minio.io",
|
||||
"minBoxVersion": "7.1.2",
|
||||
|
|
|
@ -3,7 +3,7 @@ FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768
|
|||
RUN mkdir -p /app/code
|
||||
WORKDIR /app/code
|
||||
|
||||
ARG VERSION=RELEASE.2024-02-17T01-15-57Z
|
||||
ARG VERSION=RELEASE.2024-06-11T03-13-30Z
|
||||
|
||||
# sometimes here https://dl.min.io/server/minio/release/linux-amd64/archive/
|
||||
# RUN wget https://dl.min.io/server/minio/release/linux-amd64/minio.${VERSION} -O /app/code/minio && chmod +x /app/code/minio
|
||||
|
@ -11,6 +11,6 @@ RUN wget https://dl.min.io/server/minio/release/linux-amd64/archive/minio.${VERS
|
|||
# https://dl.min.io/client/mc/release/linux-amd64/
|
||||
RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc -O /app/code/mc && chmod +x /app/code/mc
|
||||
|
||||
COPY env.sh start.sh /app/code/
|
||||
COPY env.sh.template start.sh /app/code/
|
||||
|
||||
CMD [ "/app/code/start.sh" ]
|
||||
|
|
|
@ -1,7 +1,19 @@
|
|||
<nosso>
|
||||
Please use the following credentials to login:
|
||||
|
||||
**Username**: minioadmin<br/>
|
||||
**Password**: minioadmin<br/>
|
||||
|
||||
Please change the credentials immediately by following this [guide](https://cloudron.io/documentation/apps/minio/#admin-credentials).
|
||||
</nosso>
|
||||
|
||||
<sso>
|
||||
|
||||
Please use the following credentials to login via 'Other Authentication Methods' -> 'Use Credentials':
|
||||
|
||||
**Username**: minioadmin<br/>
|
||||
**Password**: See `MINIO_ROOT_PASSWORD` in `/app/data/env.sh` <a href="/frontend/filemanager.html#/viewer/app/$CLOUDRON-APP-ID/env.sh">Open File Manager</a><br/>
|
||||
|
||||
Cloudron users have `readwrite` access policy. See the [docs](https://cloudron.io/documentation/apps/minio/#admin-credentials) on how to change it.
|
||||
|
||||
</nosso>
|
||||
|
|
9
env.sh
9
env.sh
|
@ -1,9 +0,0 @@
|
|||
# Add custom minio configuration to this file. Restart the app for changes to take effect.
|
||||
|
||||
export CLOUDRON_MINIO_STARTUP_ARGS='server /app/data/data'
|
||||
|
||||
# See https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ROOT_USER
|
||||
# You can use pwgen -1s 64 to generate usernames and passwords
|
||||
export MINIO_ROOT_USER=minioadmin
|
||||
export MINIO_ROOT_PASSWORD=minioadmin
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
# Add custom minio configuration to this file. Restart the app for changes to take effect.
|
||||
|
||||
export CLOUDRON_MINIO_STARTUP_ARGS='server /app/data/data'
|
||||
|
26
start.sh
26
start.sh
|
@ -5,7 +5,18 @@ set -eu
|
|||
mkdir -p /app/data/data /run/minio/config /run/minio/certs
|
||||
|
||||
# env vars take precedence over config.yaml (https://github.com/minio/minio/blob/master/docs/distributed/CONFIG.md#things-to-know)
|
||||
[[ ! -f /app/data/env.sh ]] && cp /app/code/env.sh /app/data/env.sh
|
||||
if [[ ! -f /app/data/env.sh ]]; then
|
||||
echo "=> First run"
|
||||
cp /app/code/env.sh.template /app/data/env.sh
|
||||
# minio does not show the password login by default when OIDC is setup (https://github.com/minio/minio/discussions/16928)
|
||||
# we generate a dynamic password because users might forget to change the admin password (with the oidc login being so click friendly)
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
||||
echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=$(pwgen -1s 20)\n\n" >> /app/data/env.sh
|
||||
else
|
||||
echo -e "export MINIO_ROOT_USER=minioadmin\nexport MINIO_ROOT_PASSWORD=minioadmin\n\n" >> /app/data/env.sh
|
||||
fi
|
||||
fi
|
||||
|
||||
source /app/data/env.sh
|
||||
|
||||
# https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_SERVER_URL
|
||||
|
@ -17,6 +28,19 @@ if [[ ! -d /app/data/mc_config ]]; then
|
|||
/app/code/mc --config-dir /app/data/mc_config &> /dev/null || true
|
||||
fi
|
||||
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
||||
export MINIO_IDENTITY_OPENID_DISPLAY_NAME="Cloudron"
|
||||
export MINIO_IDENTITY_OPENID_CONFIG_URL="${CLOUDRON_OIDC_DISCOVERY_URL}"
|
||||
export MINIO_IDENTITY_OPENID_CLIENT_ID="${CLOUDRON_OIDC_CLIENT_ID}"
|
||||
export MINIO_IDENTITY_OPENID_CLIENT_SECRET="${CLOUDRON_OIDC_CLIENT_SECRET}"
|
||||
export MINIO_IDENTITY_OPENID_SCOPES="openid profile email"
|
||||
if [[ -z "${MINIO_IDENTITY_OPENID_ROLE_POLICY:-}" ]]; then
|
||||
export MINIO_IDENTITY_OPENID_ROLE_POLICY="readwrite"
|
||||
fi
|
||||
|
||||
export MINIO_IDENTITY_OPENID_COMMENT="Cloudron OIDC"
|
||||
fi
|
||||
|
||||
# minio is used for backups at times and has a large number of files. optimize by checking if files are actually in correct chown state
|
||||
echo "==> Changing ownership"
|
||||
[[ $(stat --format '%U' /app/data/data) != "cloudron" ]] && chown -R cloudron:cloudron /app/data
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -9,10 +9,10 @@
|
|||
"author": "",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"chromedriver": "^121.0.1",
|
||||
"chromedriver": "^125.0.3",
|
||||
"expect.js": "^0.3.1",
|
||||
"mocha": "^10.3.0",
|
||||
"selenium-webdriver": "^4.17.0",
|
||||
"superagent": "^8.1.2"
|
||||
"mocha": "^10.4.0",
|
||||
"selenium-webdriver": "^4.21.0",
|
||||
"superagent": "^9.0.2"
|
||||
}
|
||||
}
|
||||
|
|
160
test/test.js
160
test/test.js
|
@ -20,15 +20,23 @@ const execSync = require('child_process').execSync,
|
|||
{ Builder, By, until } = require('selenium-webdriver'),
|
||||
{ Options } = require('selenium-webdriver/chrome');
|
||||
|
||||
if (!process.env.USERNAME || !process.env.PASSWORD) {
|
||||
console.log('USERNAME and PASSWORD env vars need to be set');
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
describe('Application life cycle test', function () {
|
||||
this.timeout(0);
|
||||
|
||||
const LOCATION = 'test';
|
||||
const TEST_TIMEOUT = 30000;
|
||||
const TEST_TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 30000;
|
||||
const BUCKET = 'cloudrontestbucket';
|
||||
const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
|
||||
|
||||
let browser, app;
|
||||
let athenticated_by_oidc = false, rootPassword;
|
||||
let username = process.env.USERNAME;
|
||||
let password = process.env.PASSWORD;
|
||||
|
||||
before(function () {
|
||||
browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
|
||||
|
@ -49,23 +57,58 @@ describe('Application life cycle test', function () {
|
|||
expect(app).to.be.an('object');
|
||||
}
|
||||
|
||||
async function login(accessKey='minioadmin', secretKey='minioadmin') {
|
||||
async function login(username, password, expandLoginForm=true) {
|
||||
await browser.manage().deleteAllCookies();
|
||||
await browser.get('about:blank');
|
||||
await browser.sleep(2000);
|
||||
await browser.get(`https://${app.fqdn}/login`);
|
||||
await browser.sleep(2000);
|
||||
|
||||
if (expandLoginForm) {
|
||||
await waitForElement(By.xpath('//div[@id="alternativeMethods-select"]/div[contains(., "Other Authentication Methods")]'));
|
||||
await browser.findElement(By.xpath('//div[@id="alternativeMethods-select"]/div[contains(., "Other Authentication Methods")]')).click();
|
||||
await browser.sleep(2000);
|
||||
await browser.findElement(By.xpath('//li[contains(., "Use Credentials")] | //div[@label="Use Credentials"]')).click();
|
||||
await browser.sleep(2000);
|
||||
}
|
||||
await waitForElement(By.id('accessKey'));
|
||||
await browser.findElement(By.id('accessKey')).sendKeys(accessKey);
|
||||
await browser.findElement(By.id('secretKey')).sendKeys(secretKey);
|
||||
await browser.findElement(By.id('accessKey')).sendKeys(username);
|
||||
await browser.findElement(By.id('secretKey')).sendKeys(password);
|
||||
await browser.findElement(By.xpath('//button[@id="do-login"]')).click();
|
||||
await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
|
||||
await timers.setTimeout(5000);
|
||||
}
|
||||
|
||||
async function loginOIDC(username, password) {
|
||||
browser.manage().deleteAllCookies();
|
||||
await browser.get(`https://${app.fqdn}/login`);
|
||||
await browser.sleep(10000);
|
||||
|
||||
await browser.findElement(By.xpath('//button[contains(., "Cloudron")]')).click();
|
||||
await browser.sleep(10000);
|
||||
|
||||
if (!athenticated_by_oidc) {
|
||||
await waitForElement(By.xpath('//input[@name="username"]'));
|
||||
await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
|
||||
await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
|
||||
await browser.sleep(2000);
|
||||
await browser.findElement(By.id('loginSubmitButton')).click();
|
||||
await browser.sleep(2000);
|
||||
|
||||
athenticated_by_oidc = true;
|
||||
}
|
||||
|
||||
await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
|
||||
}
|
||||
|
||||
async function logout() {
|
||||
await browser.get(`https://${app.fqdn}/`);
|
||||
await waitForElement(By.xpath('//span[contains(text(), "Buckets")]'));
|
||||
const button = await browser.findElement(By.xpath('//button[@id="sign-out"]'));
|
||||
await browser.executeScript('arguments[0].scrollIntoView(false)', button);
|
||||
await button.click();
|
||||
await waitForElement(By.id('accessKey'));
|
||||
await browser.sleep(10000); // needed!
|
||||
await waitForElement(By.xpath('//*[@id="accessKey"] | //button[contains(., "Cloudron")]'));
|
||||
}
|
||||
|
||||
async function addBucket() {
|
||||
|
@ -96,38 +139,87 @@ describe('Application life cycle test', function () {
|
|||
expect(response.body.toString('utf8')).to.contain('<Code>AccessDenied</Code>');
|
||||
}
|
||||
|
||||
async function changeAdminCredentials() {
|
||||
let data = fs.readFileSync(path.join(__dirname, '../env.sh.template'), 'utf8');
|
||||
data += '\nexport MINIO_ROOT_USER=minioakey\nexport MINIO_ROOT_PASSWORD=minioskey\n';
|
||||
fs.writeFileSync('/tmp/env.sh', data);
|
||||
execSync(`cloudron push --app ${app.id} /tmp/env.sh /app/data/env.sh`, EXEC_ARGS);
|
||||
execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
|
||||
await timers.setTimeout(10000);
|
||||
}
|
||||
|
||||
async function getAdminCredentials() {
|
||||
execSync(`cloudron pull --app ${app.id} /app/data/env.sh /tmp/env.sh`, EXEC_ARGS);
|
||||
const data = fs.readFileSync('/tmp/env.sh', 'utf8');
|
||||
const m = data.match(/MINIO_ROOT_PASSWORD=(.*)/);
|
||||
if (!m) throw new Error('Could not detect root password');
|
||||
rootPassword = m[1].trim();
|
||||
console.log(`root password is [${rootPassword}]`);
|
||||
}
|
||||
|
||||
xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
|
||||
it('install app', async function () {
|
||||
execSync(`cloudron install --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS);
|
||||
|
||||
// // no SSO
|
||||
it('install app (no SSO)', async function () {
|
||||
execSync(`cloudron install --no-sso --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS);
|
||||
await timers.setTimeout(10000);
|
||||
});
|
||||
|
||||
it('can get app information', getAppInfo);
|
||||
|
||||
it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
|
||||
it('can admin login', login.bind(null, 'minioadmin', 'minioadmin', false));
|
||||
it('can add bucket', addBucket);
|
||||
it('can logout', logout);
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
it('can change credentials', async function () {
|
||||
let data = fs.readFileSync(path.join(__dirname, '../env.sh'), 'utf8');
|
||||
data = data
|
||||
.replace(/MINIO_ROOT_USER=.*/, 'MINIO_ROOT_USER=minioakey')
|
||||
.replace(/MINIO_ROOT_PASSWORD=.*/, 'MINIO_ROOT_PASSWORD=minioskey');
|
||||
fs.writeFileSync('/tmp/env.sh', data);
|
||||
execSync(`cloudron push --app ${app.id} /tmp/env.sh /app/data/env.sh`, EXEC_ARGS);
|
||||
it('can change admin credentials', changeAdminCredentials);
|
||||
it('can restart app', async function () {
|
||||
execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
|
||||
await timers.setTimeout(10000);
|
||||
});
|
||||
|
||||
it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS); });
|
||||
|
||||
it('can login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('can admin login', login.bind(null, 'minioakey', 'minioskey', false));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
|
||||
|
||||
// SSO
|
||||
it('install app (SSO)', async function () {
|
||||
execSync(`cloudron install --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS);
|
||||
await timers.setTimeout(10000);
|
||||
});
|
||||
|
||||
it('can get app information', getAppInfo);
|
||||
it('can get admin credentials', getAdminCredentials);
|
||||
it('can admin login', async function () { await login('minioadmin', rootPassword); });
|
||||
it('can add bucket', addBucket);
|
||||
it('can logout', logout);
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can change admin credentials', changeAdminCredentials);
|
||||
|
||||
it('can restart app', async function () {
|
||||
execSync(`cloudron restart --app ${app.id}`, EXEC_ARGS);
|
||||
await timers.setTimeout(10000);
|
||||
});
|
||||
|
||||
it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
|
||||
it('restore app', async function () {
|
||||
|
@ -139,9 +231,15 @@ describe('Application life cycle test', function () {
|
|||
await timers.setTimeout(10000);
|
||||
});
|
||||
|
||||
it('can login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('can get app information', getAppInfo);
|
||||
it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
|
@ -152,28 +250,44 @@ describe('Application life cycle test', function () {
|
|||
});
|
||||
it('can get app information', getAppInfo);
|
||||
|
||||
it('can login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('can admin login', login.bind(null, 'minioakey', 'minioskey'));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
|
||||
|
||||
// test update
|
||||
it('can install app', function () { execSync('cloudron install --appstore-id io.minio.cloudronapp --location ' + LOCATION, EXEC_ARGS); });
|
||||
it('can install app for update', function () { execSync('cloudron install --appstore-id io.minio.cloudronapp --location ' + LOCATION, EXEC_ARGS); });
|
||||
it('can get app information', getAppInfo);
|
||||
|
||||
it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
|
||||
it('can get admin credentials', getAdminCredentials);
|
||||
it('can admin login', async function () { await login('minioadmin', rootPassword); });
|
||||
it('can add buckets', addBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can update', function () { execSync(`cloudron update --app ${LOCATION}`, EXEC_ARGS); });
|
||||
it('can configure', function () { execSync(`cloudron configure --app ${LOCATION} --location ${LOCATION} --secondary-domains API_SERVER_DOMAIN=${LOCATION}-api`, EXEC_ARGS); });
|
||||
it('can get app information', getAppInfo);
|
||||
|
||||
it('can login', login.bind(null, 'minioadmin', 'minioadmin'));
|
||||
it('can admin login', async function () { await login('minioadmin', rootPassword); });
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('has bucket', checkBucket);
|
||||
it('can logout', logout);
|
||||
|
||||
it('does redirect', checkRedirect);
|
||||
it('check api', checkApi);
|
||||
|
||||
|
|
Loading…
Reference in New Issue