search

minio / kes

Key Managament Server for Object Storage and more
https://min.io/docs/kes/concepts/
GNU Affero General Public License v3.0
456 stars 95 forks source link

regression in kes server command #397

Closed gutmensch closed 11 months ago

gutmensch commented 11 months ago

Bug describtion

Latest build does not start kes server anymore and is always showing usage, no matter what parameters I add or remove (e.g. addr, auth, config).

image: 2023-09-28T19-40-28Z

    Command:
      /bin/sh
      -ce
      /entrypoint.sh kes server --config /config.yml --addr 0.0.0.0:7373 --auth on

Usage:
    kes server [options]

Options:
    --addr <IP:PORT>         The address of the server (default: 0.0.0.0:7373)
    --config <PATH>          Path to the server configuration file

    --key <PATH>             Path to the TLS private key. It takes precedence over
                             the config file
    --cert <PATH>            Path to the TLS certificate. It takes precedence over
                             the config file

    --auth {on|off}          Controls how the server handles mTLS authentication.
                             By default, the server requires a client certificate
                             and verifies that certificate has been issued by a
                             trusted CA.
                             Valid options are:
                                Require and verify      : --auth=on (default)
                                Require but don't verify: --auth=off

    -h, --help               Show list of command-line options

Starts a KES server. The server address can be specified in the config file but
may be overwritten by the --addr flag. If omitted the IP defaults to 0.0.0.0 and
the PORT to 7373.

The client TLS verification can be disabled by setting --auth=off. The server then
accepts arbitrary client certificates but still maps them to policies. So, it disables
authentication but not authorization.

Examples:
    $ kes server --config config.yml --auth =off

Expected behavior

Correct startup behaviour with image before latest release.

image: 2023-08-19T17-27-47Z

    Command:
      /bin/sh
      -ce
      /entrypoint.sh kes server --config /config.yml --addr 0.0.0.0:7373 --auth on

Copyright   MinIO, Inc.           https://min.io
License     GNU AGPLv3            https://www.gnu.org/licenses/agpl-3.0.html
Version     2023-08-19T17-27-47Z  linux/amd64

KMS         GCP SecretManager: Project: kubectl-me
Endpoints   https://127.0.0.1:7373
            https://10.244.5.140:7373

Admin       _                     [ disabled ]
Mem Lock    on                    RAM pages will not be swapped to disk
aead commented 11 months ago

@gutmensch Thanks for reporting this. This is fixed by #399 .