minio / kes

Key Managament Server for Object Storage and more
https://min.io/docs/kes/concepts/
GNU Affero General Public License v3.0
459 stars 97 forks source link

'address' is no longer parsed from config file #418

Closed rluetzner closed 11 months ago

rluetzner commented 11 months ago

Bug describtion

I've noticed this because after updating to the latest version, kes will no longer start with the existing config.

The error message differs between the last two releases and the current state on master.

  1. Releases 2023-10-27T22-05-35Z and 2023-10-24T20-26-51Z will fail with Error: listen tcp :443: bind: permission denied after printing config values that indicate that the address was parsed correctly.
  2. master fails with Error: missing port in address.

How to reproduce:

curl -ssL https://raw.githubusercontent.com/minio/kes/master/kesconf/testdata/fs.yml > config.yml
kes identity new --key server.key --cert server.cert --ip 127.0.0.1 localhost
kes server --config ./config.yml

Adding the --addr flag solves this, whereas removing the address value from the config.yml file does not. Interestingly enough, according to the config values kes prints on startup, the address is evaluated. But when it's time to actually start the server and listen, it falls back to port 443.

Here's the config I'm downloading above:

version: v1

address: 0.0.0.0:7373 

admin:
  identity: c84cc9b91ae2399b043da7eca616048d4b4200edf2ff418d8af3835911db945d

tls:
  key:      ./server.key  
  cert:     ./server.cert  

keystore:
  fs:
    path: "/tmp/keys" 

Expected behavior

The address attribute in the config should be evaluated correctly.

Additional context

  1. What version of Go are you using (go version)? 1.21.4

  2. What operating system and processor architecture are you using (go env)?

    GO111MODULE='auto'
    GOARCH='amd64'
    GOBIN=''
    GOCACHE='/home/robertl/.cache/go-build'
    GOENV='/home/robertl/.config/go/env'
    GOEXE=''
    GOEXPERIMENT=''
    GOFLAGS=''
    GOHOSTARCH='amd64'
    GOHOSTOS='linux'
    GOINSECURE=''
    GOMODCACHE='/home/robertl/go/pkg/mod'
    GONOPROXY=''
    GONOSUMDB=''
    GOOS='linux'
    GOPATH='/home/robertl/go'
    GOPRIVATE=''
    GOPROXY='https://proxy.golang.org,direct'
    GOROOT='/usr/local/go'
    GOSUMDB='sum.golang.org'
    GOTMPDIR=''
    GOTOOLCHAIN='auto'
    GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
    GOVCS=''
    GOVERSION='go1.21.4'
    GCCGO='gccgo'
    GOAMD64='v1'
    AR='ar'
    CC='gcc'
    CXX='g++'
    CGO_ENABLED='1'
    GOMOD='/home/robertl/kes/go.mod'
    GOWORK=''
    CGO_CFLAGS='-O2 -g'
    CGO_CPPFLAGS=''
    CGO_CXXFLAGS='-O2 -g'
    CGO_FFLAGS='-O2 -g'
    CGO_LDFLAGS='-O2 -g'
    PKG_CONFIG='pkg-config'
    GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1556664813=/tmp/go-build -gno-record-gcc-switches'
  3. Anything else that is important? Nope. It's trivial to reproduce.