Merge branch 'master' into custom-user-agent

The provided parameter should be checked before accepting legal hold

cmd/admin-handlers-idp-ldap.go

@@ -445,8 +445,10 @@ func (a adminAPIHandlers) ListAccessKeysLDAP(w http.ResponseWriter, r *http.Requ
 	for _, svc := range serviceAccounts {
 		expiryTime := svc.Expiration
 		serviceAccountList = append(serviceAccountList, madmin.ServiceAccountInfo{
-			AccessKey:  svc.AccessKey,
-			Expiration: &expiryTime,
+			AccessKey:   svc.AccessKey,
+			Expiration:  &expiryTime,
+			Name:        svc.Name,
+			Description: svc.Description,
 		})
 	}
 	for _, sts := range stsKeys {
@@ -625,8 +627,10 @@ func (a adminAPIHandlers) ListAccessKeysLDAPBulk(w http.ResponseWriter, r *http.
 			}
 			for _, svc := range serviceAccounts {
 				accessKeys.ServiceAccounts = append(accessKeys.ServiceAccounts, madmin.ServiceAccountInfo{
-					AccessKey:  svc.AccessKey,
-					Expiration: &svc.Expiration,
+					AccessKey:   svc.AccessKey,
+					Expiration:  &svc.Expiration,
+					Name:        svc.Name,
+					Description: svc.Description,
 				})
 			}
 			// if only service accounts, skip if user has no service accounts

cmd/bucket-object-lock.go

@@ -297,6 +297,9 @@ func checkPutObjectLockAllowed(ctx context.Context, rq *http.Request, bucket, ob
 		if legalHold, lerr = objectlock.ParseObjectLockLegalHoldHeaders(rq.Header); lerr != nil {
 			return mode, retainDate, legalHold, toAPIErrorCode(ctx, lerr)
 		}
+		if legalHoldPermErr != ErrNone {
+			return mode, retainDate, legalHold, legalHoldPermErr
+		}
 	}
 
 	if retentionRequested {

cmd/bucket-quota.go

@@ -92,7 +92,7 @@ func parseBucketQuota(bucket string, data []byte) (quotaCfg *madmin.BucketQuota,
 	}
 	if !quotaCfg.IsValid() {
 		if quotaCfg.Type == "fifo" {
-			internalLogIf(GlobalContext, errors.New("Detected older 'fifo' quota config, 'fifo' feature is removed and not supported anymore. Please clear your quota configs using 'mc admin bucket quota alias/bucket --clear' and use 'mc ilm add' for expiration of objects"), logger.WarningKind)
+			internalLogIf(GlobalContext, errors.New("Detected older 'fifo' quota config, 'fifo' feature is removed and not supported anymore. Please clear your quota configs using 'mc quota clear alias/bucket' and use 'mc ilm add' for expiration of objects"), logger.WarningKind)
 			return quotaCfg, fmt.Errorf("invalid quota type 'fifo'")
 		}
 		return quotaCfg, fmt.Errorf("Invalid quota config %#v", quotaCfg)

cmd/config-current.go

@@ -355,7 +355,9 @@ func validateSubSysConfig(ctx context.Context, s config.Config, subSys string, o
 		}
 	case config.IdentityOpenIDSubSys:
 		if _, err := openid.LookupConfig(s,
-			NewHTTPTransport(), xhttp.DrainBody, globalSite.Region()); err != nil {
+			xhttp.WithUserAgent(NewHTTPTransport(), func() string {
+				return getUserAgent(getMinioMode())
+			}), xhttp.DrainBody, globalSite.Region()); err != nil {
 			return err
 		}
 	case config.IdentityLDAPSubSys:

cmd/iam.go

@@ -277,7 +277,9 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
 	for {
 		if !openidInit {
 			openidConfig, err := openid.LookupConfig(s,
-				NewHTTPTransport(), xhttp.DrainBody, globalSite.Region())
+				xhttp.WithUserAgent(NewHTTPTransport(), func() string {
+					return getUserAgent(getMinioMode())
+				}), xhttp.DrainBody, globalSite.Region())
 			if err != nil {
 				iamLogIf(ctx, fmt.Errorf("Unable to initialize OpenID: %w", err), logger.WarningKind)
 			} else {

cmd/server-main.go

@@ -53,7 +53,6 @@ import (
 	xhttp "github.com/minio/minio/internal/http"
 	xioutil "github.com/minio/minio/internal/ioutil"
 	"github.com/minio/minio/internal/logger"
-	"github.com/minio/minio/internal/useragent"
 	"github.com/minio/pkg/v3/certs"
 	"github.com/minio/pkg/v3/env"
 	"gopkg.in/yaml.v2"
@@ -755,10 +754,6 @@ func serverMain(ctx *cli.Context) {
 
 	setDefaultProfilerRates()
 
-	useragent.Register(func() string {
-		return getUserAgent(getMinioMode())
-	})
-
 	// Initialize globalConsoleSys system
 	bootstrapTrace("newConsoleLogger", func() {
 		output, err := initializeLogRotate(ctx)

cmd/storage-rest-client.go

@@ -88,6 +88,8 @@ func toStorageErr(err error) error {
 	}
 
 	switch err.Error() {
+	case errUploadIDNotFound.Error():
+		return errUploadIDNotFound
 	case errFaultyDisk.Error():
 		return errFaultyDisk
 	case errFaultyRemoteDisk.Error():

cmd/sts-handlers.go

@@ -414,9 +414,13 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
 	//
 	// Currently, we do not support multiple claim based IDPs, as there is no
 	// defined parameter to disambiguate the intended IDP in this STS request.
+	//
+	// Skip RoleArn existence check when policy mapping is based on a JWT claim.
+	// This is required to support clients (like the AWS CLI or SDKs) that enforce providing a RoleArn,
+	// even though it's not used in claim-based identity mode.
 	roleArn := openid.DummyRoleARN
 	roleArnStr := r.Form.Get(stsRoleArn)
-	if roleArnStr != "" {
+	if roleArnStr != "" && strings.TrimSpace(iamPolicyClaimNameOpenID()) == "" {
 		var err error
 		roleArn, _, err = globalIAMSys.GetRolePolicy(roleArnStr)
 		if err != nil {
@@ -451,7 +455,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
 	}
 
 	var policyName string
-	if roleArnStr != "" && globalIAMSys.HasRolePolicy() {
+	if roleArnStr != "" && globalIAMSys.HasRolePolicy() && strings.TrimSpace(iamPolicyClaimNameOpenID()) == "" {
 		// If roleArn is used, we set it as a claim, and use the
 		// associated policy when credentials are used.
 		claims[roleArnClaim] = roleArn.String()

docs/metrics/prometheus/grafana/bucket/minio-bucket.json

@@ -15,16 +15,6 @@
       }
     ]
   },
-  "__inputs": [
-    {
-      "name": "DS_PROMETHEUS",
-      "label": "Prometheus",
-      "description": "",
-      "type": "datasource",
-      "pluginId": "prometheus",
-      "pluginName": "Prometheus"
-    }
-  ],
   "description": "MinIO Grafana Dashboard - https://min.io/",
   "editable": true,
   "fiscalYearStartMonth": 0,
@@ -4151,28 +4141,39 @@
     "list": [
       {
         "current": {
-          "selected": true,
-          "text": "minio-job-bucket",
-          "value": "minio-job-bucket"
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
+        },
+        "label": "Data source",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
         },
         "datasource": {
           "type": "prometheus",
           "uid": "${DS_PROMETHEUS}"
         },
         "definition": "label_values(job)",
-        "hide": 0,
         "includeAll": false,
-        "multi": false,
         "name": "scrape_jobs",
         "options": [],
         "query": {
+          "qryType": 1,
           "query": "label_values(job)",
-          "refId": "StandardVariableQuery"
+          "refId": "PrometheusVariableQueryEditor-VariableQuery"
         },
         "refresh": 1,
         "regex": "",
-        "skipUrlSync": false,
-        "sort": 0,
         "type": "query"
       }
     ]
@@ -4210,4 +4211,4 @@
   "uid": "TgmJnqnnk2",
   "version": 1,
   "weekStart": ""
-}
+}

docs/metrics/prometheus/grafana/minio-dashboard.json

@@ -21,16 +21,6 @@
       }
     ]
   },
-  "__inputs": [
-    {
-      "name": "DS_PROMETHEUS",
-      "label": "Prometheus",
-      "description": "", 
-      "type": "datasource",
-      "pluginId": "prometheus",
-      "pluginName": "Prometheus"
-    }
-  ],
   "description": "MinIO Grafana Dashboard - https://min.io/",
   "editable": true,
   "fiscalYearStartMonth": 0,
@@ -3800,6 +3790,20 @@
   ],
   "templating": {
     "list": [
+      {
+        "current": {
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
+        },
+        "label": "Data source",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
       {
         "current": {
           "selected": false,
@@ -3861,4 +3865,4 @@
   "uid": "TgmJnqnnk",
   "version": 1,
   "weekStart": ""
-}
+}

docs/metrics/prometheus/grafana/node/minio-node.json

@@ -15,16 +15,6 @@
       }
     ]
   },
-  "__inputs": [
-    {
-      "name": "DS_PROMETHEUS",
-      "label": "Prometheus",
-      "description": "",
-      "type": "datasource",
-      "pluginId": "prometheus",
-      "pluginName": "Prometheus"
-    }
-  ],
   "description": "MinIO Nodes Grafana Dashboard - https://min.io/",
   "editable": true,
   "fiscalYearStartMonth": 0,
@@ -869,7 +859,20 @@
     "list": [
       {
         "current": {
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
         },
+        "label": "Data source",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {},
         "datasource": {
           "type": "prometheus",
           "uid": "${DS_PROMETHEUS}"
@@ -891,8 +894,7 @@
         "type": "query"
       },
       {
-        "current": {
-        },
+        "current": {},
         "datasource": {
           "type": "prometheus",
           "uid": "${DS_PROMETHEUS}"
@@ -950,4 +952,4 @@
   "uid": "TgmJnnqn2k",
   "version": 1,
   "weekStart": ""
-}
+}

docs/metrics/prometheus/grafana/replication/minio-replication-cluster.json

@@ -15,16 +15,6 @@
       }
     ]
   },
- "__inputs": [
-    { 
-      "name": "DS_PROMETHEUS",
-      "label": "Prometheus",
-      "description": "",
-      "type": "datasource",
-      "pluginId": "prometheus",
-      "pluginName": "Prometheus"
-    } 
-  ],    
   "description": "MinIO Grafana Dashboard - https://min.io/",
   "editable": true,
   "fiscalYearStartMonth": 0,
@@ -2890,7 +2880,20 @@
     "list": [
       {
         "current": {
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
         },
+        "label": "Data source",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {},
         "datasource": {
           "type": "prometheus",
           "uid": "${DS_PROMETHEUS}"
@@ -2946,4 +2949,4 @@
   "uid": "TgmJnnqnk3",
   "version": 1,
   "weekStart": ""
-}
+}

docs/metrics/prometheus/grafana/replication/minio-replication-node.json

@@ -15,16 +15,6 @@
       }
     ]
   },
- "__inputs": [
-    { 
-      "name": "DS_PROMETHEUS",
-      "label": "Prometheus",
-      "description": "",
-      "type": "datasource",
-      "pluginId": "prometheus",
-      "pluginName": "Prometheus"
-    } 
-  ],    
   "description": "MinIO Grafana Dashboard - https://min.io/",
   "editable": true,
   "fiscalYearStartMonth": 0,
@@ -2335,7 +2325,20 @@
     "list": [
       {
         "current": {
+          "selected": false,
+          "text": "All",
+          "value": "$__all"
         },
+        "label": "Data source",
+        "name": "DS_PROMETHEUS",
+        "options": [],
+        "query": "prometheus",
+        "refresh": 1,
+        "regex": "",
+        "type": "datasource"
+      },
+      {
+        "current": {},
         "datasource": {
           "type": "prometheus",
           "uid": "${DS_PROMETHEUS}"
@@ -2391,4 +2394,4 @@
   "uid": "gmTJnqnnk3",
   "version": 1,
   "weekStart": ""
-}
+}

helm/minio/templates/_helper_create_bucket.txt

@@ -94,6 +94,8 @@ createBucket() {
 				echo "Suspending versioning for '$BUCKET'"
 				${MC} version suspend myminio/$BUCKET
 			fi
+		else
+		    echo "No versioning action for '$BUCKET'" 
 		fi
 	else
 		echo "Bucket '$BUCKET' versioning unchanged."
@@ -117,6 +119,5 @@ connectToMinio $scheme
 {{ $global := . }}
 # Create the buckets
 {{- range .Values.buckets }}
-createBucket {{ tpl .name $global }} {{ .policy | default "none" | quote }} {{ .purge | default false }} {{ .versioning | default false }} {{ .objectlocking | default false }}
-{{- end }}
+createBucket {{ tpl .name $global }} {{ .policy | default "none" | quote }} {{ .purge | default false }} {{ .versioning | default "" }} {{ .objectlocking | default false }}{{- end }}
 {{- end }}

helm/minio/templates/_helpers.tpl

@@ -131,9 +131,7 @@ Also, we can not use a single if because lazy evaluation is not an option
 {{- if .Values.global }}
 {{- if .Values.global.imagePullSecrets }}
 imagePullSecrets:
-{{- range .Values.global.imagePullSecrets }}
-  - name: {{ . }}
-{{- end }}
+    {{ toYaml .Values.global.imagePullSecrets }}
 {{- else if .Values.imagePullSecrets }}
 imagePullSecrets:
     {{ toYaml .Values.imagePullSecrets }}

internal/config/identity/openid/jwt.go

@@ -30,7 +30,6 @@ import (
 	jwtgo "github.com/golang-jwt/jwt/v4"
 	"github.com/minio/minio/internal/arn"
 	"github.com/minio/minio/internal/auth"
-	xhttp "github.com/minio/minio/internal/http"
 	xnet "github.com/minio/pkg/v3/net"
 	"github.com/minio/pkg/v3/policy"
 )
@@ -269,7 +268,7 @@ func parseDiscoveryDoc(u *xnet.URL, transport http.RoundTripper, closeRespFn fun
 		return d, err
 	}
 	clnt := http.Client{
-		Transport: xhttp.WithUserAgent(transport),
+		Transport: transport,
 	}
 	resp, err := clnt.Do(req)
 	if err != nil {

internal/http/transports.go

@@ -25,7 +25,6 @@ import (
 	"syscall"
 	"time"
 
-	"github.com/minio/minio/internal/useragent"
 	"github.com/minio/pkg/v3/certs"
 )
 
@@ -198,9 +197,9 @@ func (u *uaTransport) RoundTrip(req *http.Request) (*http.Response, error) {
 }
 
 // WithUserAgent wraps an existing transport with custom User-Agent
-func WithUserAgent(rt http.RoundTripper) http.RoundTripper {
+func WithUserAgent(rt http.RoundTripper, getUA func() string) http.RoundTripper {
 	return &uaTransport{
-		ua: useragent.Get(),
+		ua: getUA(),
 		rt: rt,
 	}
 }

internal/useragent/useragent.go

@@ -1,32 +0,0 @@
-// Copyright (c) 2015-2025 MinIO, Inc.
-//
-// This file is part of MinIO Object Storage stack
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package useragent
-
-var provider = func() string {
-	return "Go-http-client/1.1"
-}
-
-// Register sets a custom function to provide the User-Agent string.
-func Register(f func() string) {
-	provider = f
-}
-
-// Get returns the current User-Agent string.
-func Get() string {
-	return provider()
-}