MINIO_STS_DURATION doesn't extend the Max Share Link expiry date

[UKFr-DIZ]

Sharing links using the updated MINIO_STS_DURATION doesn't apply for the Minio Console Shared links.

Original solution from:
#3098

Expected Behavior

When setting the MINIO_STS_DURATION parameter the max share link should be able to increase appropriately too and also reflect in the console GUI.

Current Behavior

When setting the MINIO_STS_DURATION parameter to e.g. 7d the GUI doesn't allow increasing the Max Shared Link value to 6d etc.
The UI call to /api/v1/buckets/max-share-exp API apparently still return the default 12h even though the environment parameter is properly set.

Steps to Reproduce (for bugs)

1. Set the environment variable as followed. In our setup it is the /etc/default/minio :

# Minio local/remote volumes.
MINIO_VOLUMES="/opt/data/minio"
# Admin user
MINIO_ROOT_USER=
MINIO_ROOT_PASSWORD=
# Public API url
MINIO_SERVER_URL="https://<minio-host>:9000"
# Public Console url
MINIO_BROWSER_REDIRECT_URL="https://<minio-host>"
# Interal ports
MINIO_OPTS="--address :9001 --console-address :9090"

# OIDC Configuration
MINIO_IDENTITY_OPENID_CONFIG_URL="https://<kc-host>/auth/realms/realm-name/.well-known/openid-configuration"
MINIO_IDENTITY_OPENID_CLIENT_ID="account"
MINIO_IDENTITY_OPENID_CLIENT_SECRET=""
MINIO_IDENTITY_OPENID_CLAIM_NAME="policy"
MINIO_IDENTITY_OPENID_DISPLAY_NAME="SSO Login"

# Share Link fix documentation
MINIO_STS_DURATION=7d # Length of the Security Token Service / token validity length

2. Login into minio console using the IdP login
3. Go to an object and try create presigned URL for sharing e.g 1d and 12h
   

Solution Approaches

I tried quoting the env vars however i couldn't easily debug, whether the MINIO_STS_DURATION was properly accepted.
https://github.com/minio/minio/blob/e104b183d8e115695b19309fa4b2920380635829/cmd/common-main.go#L169
Given that the OIDC Login works, i assume that the app properly can read the ENV vars from the env file.

We have also tried setting CONSOLE_STS_DURATIONdirectly addtionaly/instead to the MINIO_STS_DURATION duration, but based on the high-level understanding of the code, the result would be the same.

I also tried playing around with the IdP / keycloak token configuration, though that didn#t change anything as far I could tell regarding the results.

In general we'd be happy if you share debugging or any further approaches for fixing this issue.

Context

This feature is necessary, so our non technical users can easily generate shared links via a GUI.

Your Environment

• MinIO version used (minio --version): 2024-02-06T21:36:22Z
• Server setup and configuration: , Systemd setup, Keycloak IdP, Minio API and console run behind Apache rev proxy. API under Port 9000 and the gui under port 443. (unusual setup compared to the default setup).
• Operating System and version (uname -a):linux Ubuntu 22.04
• Browser: Edge Version 121.0.2277.106 (Official build) (64-bit)

[cesnietor]

@UKFr-DIZ the value 7d is not valid.

Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". e.g. "300ms", "-1.5h" or "2h45m". 

In this case use use 168h.

[UKFr-DIZ]

welp this was fast, thanks for the fast fix ! :)

https://pkg.go.dev/time#Duration for anybody who wants to check the Go docs.