Add InsecureSkipVerify to Minio Client for Storage (#23166)

Allows using Minio with untrusted certificates Closes #23128 Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2023-02-27 18:26:13 +02:00 · 2023-02-27 18:26:13 +02:00 · 0e7bec1849
commit 0e7bec1849
parent 303b72c2d1
5 changed files with 28 additions and 9 deletions
--- a/modules/setting/storage.go
+++ b/modules/setting/storage.go
@ -41,6 +41,7 @@ func getStorage(rootCfg ConfigProvider, name, typ string, targetSec *ini.Section
 	sec.Key("MINIO_BUCKET").MustString("gitea")
 	sec.Key("MINIO_LOCATION").MustString("us-east-1")
 	sec.Key("MINIO_USE_SSL").MustBool(false)
+	sec.Key("MINIO_INSECURE_SKIP_VERIFY").MustBool(false)

 	if targetSec == nil {
 		targetSec, _ = rootCfg.NewSection(name)
--- a/modules/storage/minio.go
+++ b/modules/storage/minio.go
@ -5,7 +5,9 @@ package storage

 import (
 	"context"
+	"crypto/tls"
 	"io"
+	"net/http"
 	"net/url"
 	"os"
 	"path"
@ -42,13 +44,14 @@ const MinioStorageType Type = "minio"

 // MinioStorageConfig represents the configuration for a minio storage
 type MinioStorageConfig struct {
-	Endpoint        string `ini:"MINIO_ENDPOINT"`
-	AccessKeyID     string `ini:"MINIO_ACCESS_KEY_ID"`
-	SecretAccessKey string `ini:"MINIO_SECRET_ACCESS_KEY"`
-	Bucket          string `ini:"MINIO_BUCKET"`
-	Location        string `ini:"MINIO_LOCATION"`
-	BasePath        string `ini:"MINIO_BASE_PATH"`
-	UseSSL          bool   `ini:"MINIO_USE_SSL"`
+	Endpoint           string `ini:"MINIO_ENDPOINT"`
+	AccessKeyID        string `ini:"MINIO_ACCESS_KEY_ID"`
+	SecretAccessKey    string `ini:"MINIO_SECRET_ACCESS_KEY"`
+	Bucket             string `ini:"MINIO_BUCKET"`
+	Location           string `ini:"MINIO_LOCATION"`
+	BasePath           string `ini:"MINIO_BASE_PATH"`
+	UseSSL             bool   `ini:"MINIO_USE_SSL"`
+	InsecureSkipVerify bool   `ini:"MINIO_INSECURE_SKIP_VERIFY"`
 }

 // MinioStorage returns a minio bucket storage
@ -90,8 +93,9 @@ func NewMinioStorage(ctx context.Context, cfg interface{}) (ObjectStorage, error
 	log.Info("Creating Minio storage at %s:%s with base path %s", config.Endpoint, config.Bucket, config.BasePath)

 	minioClient, err := minio.New(config.Endpoint, &minio.Options{
-		Creds:  credentials.NewStaticV4(config.AccessKeyID, config.SecretAccessKey, ""),
-		Secure: config.UseSSL,
+		Creds:     credentials.NewStaticV4(config.AccessKeyID, config.SecretAccessKey, ""),
+		Secure:    config.UseSSL,
+		Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: config.InsecureSkipVerify}},
 	})
 	if err != nil {
 		return nil, convertMinioErr(err)