diff --git a/models/csr_element.go b/models/csr_element.go
new file mode 100644
index 000000000..ea07d26e4
--- /dev/null
+++ b/models/csr_element.go
@@ -0,0 +1,154 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "context"
+ "strconv"
+
+ "github.com/go-openapi/errors"
+ "github.com/go-openapi/strfmt"
+ "github.com/go-openapi/swag"
+)
+
+// CsrElement csr element
+//
+// swagger:model csrElement
+type CsrElement struct {
+
+ // annotations
+ Annotations []*Annotation `json:"annotations"`
+
+ // deletion grace period seconds
+ DeletionGracePeriodSeconds int64 `json:"deletion_grace_period_seconds,omitempty"`
+
+ // generate name
+ GenerateName string `json:"generate_name,omitempty"`
+
+ // generation
+ Generation int64 `json:"generation,omitempty"`
+
+ // name
+ Name string `json:"name,omitempty"`
+
+ // namespace
+ Namespace string `json:"namespace,omitempty"`
+
+ // resource version
+ ResourceVersion string `json:"resource_version,omitempty"`
+
+ // status
+ Status string `json:"status,omitempty"`
+}
+
+// Validate validates this csr element
+func (m *CsrElement) Validate(formats strfmt.Registry) error {
+ var res []error
+
+ if err := m.validateAnnotations(formats); err != nil {
+ res = append(res, err)
+ }
+
+ if len(res) > 0 {
+ return errors.CompositeValidationError(res...)
+ }
+ return nil
+}
+
+func (m *CsrElement) validateAnnotations(formats strfmt.Registry) error {
+ if swag.IsZero(m.Annotations) { // not required
+ return nil
+ }
+
+ for i := 0; i < len(m.Annotations); i++ {
+ if swag.IsZero(m.Annotations[i]) { // not required
+ continue
+ }
+
+ if m.Annotations[i] != nil {
+ if err := m.Annotations[i].Validate(formats); err != nil {
+ if ve, ok := err.(*errors.Validation); ok {
+ return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+ } else if ce, ok := err.(*errors.CompositeError); ok {
+ return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+ }
+ return err
+ }
+ }
+
+ }
+
+ return nil
+}
+
+// ContextValidate validate this csr element based on the context it is used
+func (m *CsrElement) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+ var res []error
+
+ if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+ res = append(res, err)
+ }
+
+ if len(res) > 0 {
+ return errors.CompositeValidationError(res...)
+ }
+ return nil
+}
+
+func (m *CsrElement) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+ for i := 0; i < len(m.Annotations); i++ {
+
+ if m.Annotations[i] != nil {
+ if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+ if ve, ok := err.(*errors.Validation); ok {
+ return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+ } else if ce, ok := err.(*errors.CompositeError); ok {
+ return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+ }
+ return err
+ }
+ }
+
+ }
+
+ return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsrElement) MarshalBinary() ([]byte, error) {
+ if m == nil {
+ return nil, nil
+ }
+ return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsrElement) UnmarshalBinary(b []byte) error {
+ var res CsrElement
+ if err := swag.ReadJSON(b, &res); err != nil {
+ return err
+ }
+ *m = res
+ return nil
+}
diff --git a/operator-integration/tenant_test.go b/operator-integration/tenant_test.go
index 5459aa0e2..c2a85aee4 100644
--- a/operator-integration/tenant_test.go
+++ b/operator-integration/tenant_test.go
@@ -606,3 +606,41 @@ func TestGetPodDescribe(t *testing.T) {
200, resp.StatusCode, "Status Code is incorrect")
}*/
}
+
+func GetCSR(nameSpace string, tenant string) (*http.Response, error) {
+ /*
+ Helper function to get events for pod
+ URL: /namespaces/{namespace}/tenants/{tenant}/csr
+ HTTP Verb: GET
+ */
+ request, err := http.NewRequest(
+ "GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/csr/", nil)
+ if err != nil {
+ log.Println(err)
+ }
+ request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+ request.Header.Add("Content-Type", "application/json")
+ client := &http.Client{
+ Timeout: 2 * time.Second,
+ }
+ response, err := client.Do(request)
+ return response, err
+}
+
+func TestGetCSR(t *testing.T) {
+ assert := assert.New(t)
+ namespace := "tenant-lite"
+ tenant := "storage-lite"
+ resp, err := GetCSR(namespace, tenant)
+ assert.Nil(err)
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ finalResponse := inspectHTTPResponse(resp)
+ if resp != nil {
+ assert.Equal(
+ 200, resp.StatusCode, finalResponse)
+ }
+ assert.Equal(strings.Contains(finalResponse, "Automatically approved by MinIO Operator"), true)
+}
diff --git a/operatorapi/embedded_spec.go b/operatorapi/embedded_spec.go
index cffcf936e..7b0e8e13e 100644
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
@@ -583,6 +583,43 @@ func init() {
}
}
},
+ "/namespaces/{namespace}/tenants/{tenant}/csr": {
+ "get": {
+ "tags": [
+ "OperatorAPI"
+ ],
+ "summary": "List Tenant Certificate Signing Request",
+ "operationId": "ListTenantCertificateSigningRequest",
+ "parameters": [
+ {
+ "type": "string",
+ "name": "namespace",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "name": "tenant",
+ "in": "path",
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "A successful response.",
+ "schema": {
+ "$ref": "#/definitions/csrElement"
+ }
+ },
+ "default": {
+ "description": "Generic error response.",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
+ }
+ }
+ }
+ },
"/namespaces/{namespace}/tenants/{tenant}/disable-logging": {
"post": {
"tags": [
@@ -2273,6 +2310,40 @@ func init() {
}
}
},
+ "csrElement": {
+ "type": "object",
+ "properties": {
+ "annotations": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/annotation"
+ }
+ },
+ "deletion_grace_period_seconds": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "generate_name": {
+ "type": "string"
+ },
+ "generation": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "name": {
+ "type": "string"
+ },
+ "namespace": {
+ "type": "string"
+ },
+ "resource_version": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ }
+ },
"deleteTenantRequest": {
"type": "object",
"properties": {
@@ -5012,6 +5083,43 @@ func init() {
}
}
},
+ "/namespaces/{namespace}/tenants/{tenant}/csr": {
+ "get": {
+ "tags": [
+ "OperatorAPI"
+ ],
+ "summary": "List Tenant Certificate Signing Request",
+ "operationId": "ListTenantCertificateSigningRequest",
+ "parameters": [
+ {
+ "type": "string",
+ "name": "namespace",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "string",
+ "name": "tenant",
+ "in": "path",
+ "required": true
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "A successful response.",
+ "schema": {
+ "$ref": "#/definitions/csrElement"
+ }
+ },
+ "default": {
+ "description": "Generic error response.",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
+ }
+ }
+ }
+ },
"/namespaces/{namespace}/tenants/{tenant}/disable-logging": {
"post": {
"tags": [
@@ -7545,6 +7653,40 @@ func init() {
}
}
},
+ "csrElement": {
+ "type": "object",
+ "properties": {
+ "annotations": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/annotation"
+ }
+ },
+ "deletion_grace_period_seconds": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "generate_name": {
+ "type": "string"
+ },
+ "generation": {
+ "type": "integer",
+ "format": "int64"
+ },
+ "name": {
+ "type": "string"
+ },
+ "namespace": {
+ "type": "string"
+ },
+ "resource_version": {
+ "type": "string"
+ },
+ "status": {
+ "type": "string"
+ }
+ }
+ },
"deleteTenantRequest": {
"type": "object",
"properties": {
diff --git a/operatorapi/operations/operator_api.go b/operatorapi/operations/operator_api.go
index ecaf229a8..e10ea93e2 100644
--- a/operatorapi/operations/operator_api.go
+++ b/operatorapi/operations/operator_api.go
@@ -142,6 +142,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
OperatorAPIListPVCsForTenantHandler: operator_api.ListPVCsForTenantHandlerFunc(func(params operator_api.ListPVCsForTenantParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.ListPVCsForTenant has not yet been implemented")
}),
+ OperatorAPIListTenantCertificateSigningRequestHandler: operator_api.ListTenantCertificateSigningRequestHandlerFunc(func(params operator_api.ListTenantCertificateSigningRequestParams, principal *models.Principal) middleware.Responder {
+ return middleware.NotImplemented("operation operator_api.ListTenantCertificateSigningRequest has not yet been implemented")
+ }),
OperatorAPIListTenantsHandler: operator_api.ListTenantsHandlerFunc(func(params operator_api.ListTenantsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.ListTenants has not yet been implemented")
}),
@@ -321,6 +324,8 @@ type OperatorAPI struct {
OperatorAPIListPVCsHandler operator_api.ListPVCsHandler
// OperatorAPIListPVCsForTenantHandler sets the operation handler for the list p v cs for tenant operation
OperatorAPIListPVCsForTenantHandler operator_api.ListPVCsForTenantHandler
+ // OperatorAPIListTenantCertificateSigningRequestHandler sets the operation handler for the list tenant certificate signing request operation
+ OperatorAPIListTenantCertificateSigningRequestHandler operator_api.ListTenantCertificateSigningRequestHandler
// OperatorAPIListTenantsHandler sets the operation handler for the list tenants operation
OperatorAPIListTenantsHandler operator_api.ListTenantsHandler
// AuthLoginDetailHandler sets the operation handler for the login detail operation
@@ -532,6 +537,9 @@ func (o *OperatorAPI) Validate() error {
if o.OperatorAPIListPVCsForTenantHandler == nil {
unregistered = append(unregistered, "operator_api.ListPVCsForTenantHandler")
}
+ if o.OperatorAPIListTenantCertificateSigningRequestHandler == nil {
+ unregistered = append(unregistered, "operator_api.ListTenantCertificateSigningRequestHandler")
+ }
if o.OperatorAPIListTenantsHandler == nil {
unregistered = append(unregistered, "operator_api.ListTenantsHandler")
}
@@ -815,6 +823,10 @@ func (o *OperatorAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
+ o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/csr"] = operator_api.NewListTenantCertificateSigningRequest(o.context, o.OperatorAPIListTenantCertificateSigningRequestHandler)
+ if o.handlers["GET"] == nil {
+ o.handlers["GET"] = make(map[string]http.Handler)
+ }
o.handlers["GET"]["/namespaces/{namespace}/tenants"] = operator_api.NewListTenants(o.context, o.OperatorAPIListTenantsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
diff --git a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request.go b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request.go
new file mode 100644
index 000000000..b0fc08315
--- /dev/null
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime/middleware"
+
+ "github.com/minio/console/models"
+)
+
+// ListTenantCertificateSigningRequestHandlerFunc turns a function with the right signature into a list tenant certificate signing request handler
+type ListTenantCertificateSigningRequestHandlerFunc func(ListTenantCertificateSigningRequestParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ListTenantCertificateSigningRequestHandlerFunc) Handle(params ListTenantCertificateSigningRequestParams, principal *models.Principal) middleware.Responder {
+ return fn(params, principal)
+}
+
+// ListTenantCertificateSigningRequestHandler interface for that can handle valid list tenant certificate signing request params
+type ListTenantCertificateSigningRequestHandler interface {
+ Handle(ListTenantCertificateSigningRequestParams, *models.Principal) middleware.Responder
+}
+
+// NewListTenantCertificateSigningRequest creates a new http.Handler for the list tenant certificate signing request operation
+func NewListTenantCertificateSigningRequest(ctx *middleware.Context, handler ListTenantCertificateSigningRequestHandler) *ListTenantCertificateSigningRequest {
+ return &ListTenantCertificateSigningRequest{Context: ctx, Handler: handler}
+}
+
+/* ListTenantCertificateSigningRequest swagger:route GET /namespaces/{namespace}/tenants/{tenant}/csr OperatorAPI listTenantCertificateSigningRequest
+
+List Tenant Certificate Signing Request
+
+*/
+type ListTenantCertificateSigningRequest struct {
+ Context *middleware.Context
+ Handler ListTenantCertificateSigningRequestHandler
+}
+
+func (o *ListTenantCertificateSigningRequest) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+ route, rCtx, _ := o.Context.RouteInfo(r)
+ if rCtx != nil {
+ *r = *rCtx
+ }
+ var Params = NewListTenantCertificateSigningRequestParams()
+ uprinc, aCtx, err := o.Context.Authorize(r, route)
+ if err != nil {
+ o.Context.Respond(rw, r, route.Produces, route, err)
+ return
+ }
+ if aCtx != nil {
+ *r = *aCtx
+ }
+ var principal *models.Principal
+ if uprinc != nil {
+ principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+ }
+
+ if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+ o.Context.Respond(rw, r, route.Produces, route, err)
+ return
+ }
+
+ res := o.Handler.Handle(Params, principal) // actually handle the request
+ o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
diff --git a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_parameters.go b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_parameters.go
new file mode 100644
index 000000000..72ce8958b
--- /dev/null
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_parameters.go
@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/errors"
+ "github.com/go-openapi/runtime/middleware"
+ "github.com/go-openapi/strfmt"
+)
+
+// NewListTenantCertificateSigningRequestParams creates a new ListTenantCertificateSigningRequestParams object
+//
+// There are no default values defined in the spec.
+func NewListTenantCertificateSigningRequestParams() ListTenantCertificateSigningRequestParams {
+
+ return ListTenantCertificateSigningRequestParams{}
+}
+
+// ListTenantCertificateSigningRequestParams contains all the bound params for the list tenant certificate signing request operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters ListTenantCertificateSigningRequest
+type ListTenantCertificateSigningRequestParams struct {
+
+ // HTTP Request Object
+ HTTPRequest *http.Request `json:"-"`
+
+ /*
+ Required: true
+ In: path
+ */
+ Namespace string
+ /*
+ Required: true
+ In: path
+ */
+ Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewListTenantCertificateSigningRequestParams() beforehand.
+func (o *ListTenantCertificateSigningRequestParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+ var res []error
+
+ o.HTTPRequest = r
+
+ rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+ if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+ if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+ res = append(res, err)
+ }
+ if len(res) > 0 {
+ return errors.CompositeValidationError(res...)
+ }
+ return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *ListTenantCertificateSigningRequestParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+ o.Namespace = raw
+
+ return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *ListTenantCertificateSigningRequestParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+ o.Tenant = raw
+
+ return nil
+}
diff --git a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_responses.go b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_responses.go
new file mode 100644
index 000000000..50a24ce69
--- /dev/null
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime"
+
+ "github.com/minio/console/models"
+)
+
+// ListTenantCertificateSigningRequestOKCode is the HTTP code returned for type ListTenantCertificateSigningRequestOK
+const ListTenantCertificateSigningRequestOKCode int = 200
+
+/*ListTenantCertificateSigningRequestOK A successful response.
+
+swagger:response listTenantCertificateSigningRequestOK
+*/
+type ListTenantCertificateSigningRequestOK struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.CsrElement `json:"body,omitempty"`
+}
+
+// NewListTenantCertificateSigningRequestOK creates ListTenantCertificateSigningRequestOK with default headers values
+func NewListTenantCertificateSigningRequestOK() *ListTenantCertificateSigningRequestOK {
+
+ return &ListTenantCertificateSigningRequestOK{}
+}
+
+// WithPayload adds the payload to the list tenant certificate signing request o k response
+func (o *ListTenantCertificateSigningRequestOK) WithPayload(payload *models.CsrElement) *ListTenantCertificateSigningRequestOK {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the list tenant certificate signing request o k response
+func (o *ListTenantCertificateSigningRequestOK) SetPayload(payload *models.CsrElement) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListTenantCertificateSigningRequestOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(200)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+/*ListTenantCertificateSigningRequestDefault Generic error response.
+
+swagger:response listTenantCertificateSigningRequestDefault
+*/
+type ListTenantCertificateSigningRequestDefault struct {
+ _statusCode int
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewListTenantCertificateSigningRequestDefault creates ListTenantCertificateSigningRequestDefault with default headers values
+func NewListTenantCertificateSigningRequestDefault(code int) *ListTenantCertificateSigningRequestDefault {
+ if code <= 0 {
+ code = 500
+ }
+
+ return &ListTenantCertificateSigningRequestDefault{
+ _statusCode: code,
+ }
+}
+
+// WithStatusCode adds the status to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) WithStatusCode(code int) *ListTenantCertificateSigningRequestDefault {
+ o._statusCode = code
+ return o
+}
+
+// SetStatusCode sets the status to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) SetStatusCode(code int) {
+ o._statusCode = code
+}
+
+// WithPayload adds the payload to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) WithPayload(payload *models.Error) *ListTenantCertificateSigningRequestDefault {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListTenantCertificateSigningRequestDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(o._statusCode)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
diff --git a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_urlbuilder.go b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_urlbuilder.go
new file mode 100644
index 000000000..5d4829e85
--- /dev/null
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_urlbuilder.go
@@ -0,0 +1,124 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "errors"
+ "net/url"
+ golangswaggerpaths "path"
+ "strings"
+)
+
+// ListTenantCertificateSigningRequestURL generates an URL for the list tenant certificate signing request operation
+type ListTenantCertificateSigningRequestURL struct {
+ Namespace string
+ Tenant string
+
+ _basePath string
+ // avoid unkeyed usage
+ _ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListTenantCertificateSigningRequestURL) WithBasePath(bp string) *ListTenantCertificateSigningRequestURL {
+ o.SetBasePath(bp)
+ return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListTenantCertificateSigningRequestURL) SetBasePath(bp string) {
+ o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *ListTenantCertificateSigningRequestURL) Build() (*url.URL, error) {
+ var _result url.URL
+
+ var _path = "/namespaces/{namespace}/tenants/{tenant}/csr"
+
+ namespace := o.Namespace
+ if namespace != "" {
+ _path = strings.Replace(_path, "{namespace}", namespace, -1)
+ } else {
+ return nil, errors.New("namespace is required on ListTenantCertificateSigningRequestURL")
+ }
+
+ tenant := o.Tenant
+ if tenant != "" {
+ _path = strings.Replace(_path, "{tenant}", tenant, -1)
+ } else {
+ return nil, errors.New("tenant is required on ListTenantCertificateSigningRequestURL")
+ }
+
+ _basePath := o._basePath
+ if _basePath == "" {
+ _basePath = "/api/v1"
+ }
+ _result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+ return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *ListTenantCertificateSigningRequestURL) Must(u *url.URL, err error) *url.URL {
+ if err != nil {
+ panic(err)
+ }
+ if u == nil {
+ panic("url can't be nil")
+ }
+ return u
+}
+
+// String returns the string representation of the path with query string
+func (o *ListTenantCertificateSigningRequestURL) String() string {
+ return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *ListTenantCertificateSigningRequestURL) BuildFull(scheme, host string) (*url.URL, error) {
+ if scheme == "" {
+ return nil, errors.New("scheme is required for a full url on ListTenantCertificateSigningRequestURL")
+ }
+ if host == "" {
+ return nil, errors.New("host is required for a full url on ListTenantCertificateSigningRequestURL")
+ }
+
+ base, err := o.Build()
+ if err != nil {
+ return nil, err
+ }
+
+ base.Scheme = scheme
+ base.Host = host
+ return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *ListTenantCertificateSigningRequestURL) StringFull(scheme, host string) string {
+ return o.Must(o.BuildFull(scheme, host)).String()
+}
diff --git a/operatorapi/volumes.go b/operatorapi/volumes.go
index 444021c47..54d55f821 100644
--- a/operatorapi/volumes.go
+++ b/operatorapi/volumes.go
@@ -52,6 +52,15 @@ func registerVolumesHandlers(api *operations.OperatorAPI) {
return operator_api.NewListPVCsForTenantOK().WithPayload(payload)
})
+ api.OperatorAPIListTenantCertificateSigningRequestHandler = operator_api.ListTenantCertificateSigningRequestHandlerFunc(func(params operator_api.ListTenantCertificateSigningRequestParams, session *models.Principal) middleware.Responder {
+ payload, err := getTenantCSResponse(session, params)
+ if err != nil {
+ return operator_api.NewListTenantCertificateSigningRequestDefault(int(err.Code)).WithPayload(err)
+ }
+
+ return operator_api.NewListTenantCertificateSigningRequestOK().WithPayload(payload)
+ })
+
api.OperatorAPIDeletePVCHandler = operator_api.DeletePVCHandlerFunc(func(params operator_api.DeletePVCParams, session *models.Principal) middleware.Responder {
err := getDeletePVCResponse(session, params)
if err != nil {
@@ -212,3 +221,42 @@ func getPVCEventsResponse(session *models.Principal, params operator_api.GetPVCE
})
return retval, nil
}
+
+func getTenantCSResponse(session *models.Principal, params operator_api.ListTenantCertificateSigningRequestParams) (*models.CsrElement, *models.Error) {
+ ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+ defer cancel()
+ clientset, err := cluster.K8sClient(session.STSSessionToken)
+ if err != nil {
+ return nil, errors.ErrorWithContext(ctx, err)
+ }
+ csrName := params.Tenant + "-" + params.Namespace + "-csr"
+ csrResult, csrError := clientset.CertificatesV1().CertificateSigningRequests().Get(ctx, csrName, metav1.GetOptions{})
+ if csrError != nil {
+ return nil, errors.ErrorWithContext(ctx, err)
+ }
+ annotations := []*models.Annotation{}
+ for k, v := range csrResult.ObjectMeta.Annotations {
+ annotations = append(annotations, &models.Annotation{Key: k, Value: v})
+ }
+ var DeletionGracePeriodSeconds int64
+ DeletionGracePeriodSeconds = 0
+ if csrResult.ObjectMeta.DeletionGracePeriodSeconds != nil {
+ DeletionGracePeriodSeconds = *csrResult.ObjectMeta.DeletionGracePeriodSeconds
+ }
+ messages := ""
+ // A CSR.Status can contain multiple Conditions
+ for i := 0; i < len(csrResult.Status.Conditions); i++ {
+ messages = messages + " " + csrResult.Status.Conditions[i].Message
+ }
+ retval := &models.CsrElement{
+ Name: csrResult.ObjectMeta.Name,
+ Annotations: annotations,
+ DeletionGracePeriodSeconds: DeletionGracePeriodSeconds,
+ GenerateName: csrResult.ObjectMeta.GenerateName,
+ Generation: csrResult.ObjectMeta.Generation,
+ Namespace: csrResult.ObjectMeta.Namespace,
+ ResourceVersion: csrResult.ObjectMeta.ResourceVersion,
+ Status: messages,
+ }
+ return retval, nil
+}
diff --git a/swagger-operator.yml b/swagger-operator.yml
index 91b2f7f83..89ac5ee3b 100644
--- a/swagger-operator.yml
+++ b/swagger-operator.yml
@@ -310,6 +310,31 @@ paths:
tags:
- OperatorAPI
+ /namespaces/{namespace}/tenants/{tenant}/csr:
+ get:
+ summary: List Tenant Certificate Signing Request
+ operationId: ListTenantCertificateSigningRequest
+ parameters:
+ - name: namespace
+ in: path
+ required: true
+ type: string
+ - name: tenant
+ in: path
+ required: true
+ type: string
+ responses:
+ 200:
+ description: A successful response.
+ schema:
+ $ref: "#/definitions/csrElement"
+ default:
+ description: Generic error response.
+ schema:
+ $ref: "#/definitions/error"
+ tags:
+ - OperatorAPI
+
/namespaces/{namespace}/tenants/{tenant}/identity-provider:
get:
summary: Tenant Identity Provider
@@ -1580,6 +1605,30 @@ definitions:
password:
type: string
+ csrElement:
+ type: object
+ properties:
+ status:
+ type: string
+ name:
+ type: string
+ generate_name:
+ type: string
+ namespace:
+ type: string
+ resource_version:
+ type: string
+ generation:
+ type: integer
+ format: int64
+ deletion_grace_period_seconds:
+ type: integer
+ format: int64
+ annotations:
+ type: array
+ items:
+ $ref: "#/definitions/annotation"
+
createTenantRequest:
type: object
required: