From 297c980a8dea0186a83249e8e40be71c274e2ad4 Mon Sep 17 00:00:00 2001
From: Lenin Alevski <alevsk.8772@gmail.com>
Date: Thu, 3 Feb 2022 12:04:35 -0600
Subject: [PATCH] Read subnet proxy configuration from minio or env var (#1511)

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
---
 models/subnet_login_m_f_a_request.go          |  3 --
 models/subnet_login_request.go                |  3 --
 models/subnet_register_request.go             |  3 --
 pkg/subnet/subnet.go                          |  3 +-
 .../src/screens/Console/License/types.tsx     |  1 -
 .../src/screens/Console/Support/Register.tsx  | 42 ++++++++-------
 restapi/admin_subnet.go                       | 51 +++++++++++++++----
 restapi/config.go                             |  4 ++
 restapi/consts.go                             |  1 +
 restapi/embedded_spec.go                      | 18 -------
 swagger-console.yml                           |  6 ---
 11 files changed, 70 insertions(+), 65 deletions(-)

diff --git a/models/subnet_login_m_f_a_request.go b/models/subnet_login_m_f_a_request.go
index 042db7cdf..936a5f553 100644
--- a/models/subnet_login_m_f_a_request.go
+++ b/models/subnet_login_m_f_a_request.go
@@ -44,9 +44,6 @@ type SubnetLoginMFARequest struct {
 	// Required: true
 	Otp *string `json:"otp"`
 
-	// proxy
-	Proxy string `json:"proxy,omitempty"`
-
 	// username
 	// Required: true
 	Username *string `json:"username"`
diff --git a/models/subnet_login_request.go b/models/subnet_login_request.go
index f111398dd..13f8e0d5d 100644
--- a/models/subnet_login_request.go
+++ b/models/subnet_login_request.go
@@ -40,9 +40,6 @@ type SubnetLoginRequest struct {
 	// password
 	Password string `json:"password,omitempty"`
 
-	// proxy
-	Proxy string `json:"proxy,omitempty"`
-
 	// username
 	Username string `json:"username,omitempty"`
 }
diff --git a/models/subnet_register_request.go b/models/subnet_register_request.go
index f49dafc09..4ab3e339d 100644
--- a/models/subnet_register_request.go
+++ b/models/subnet_register_request.go
@@ -40,9 +40,6 @@ type SubnetRegisterRequest struct {
 	// Required: true
 	AccountID *string `json:"account_id"`
 
-	// proxy
-	Proxy string `json:"proxy,omitempty"`
-
 	// token
 	// Required: true
 	Token *string `json:"token"`
diff --git a/pkg/subnet/subnet.go b/pkg/subnet/subnet.go
index 3991e7e26..dbc65ea89 100644
--- a/pkg/subnet/subnet.go
+++ b/pkg/subnet/subnet.go
@@ -87,6 +87,7 @@ func GetOrganizations(client cluster.HTTPClientI, token string) ([]*models.Subne
 type LicenseTokenConfig struct {
 	APIKey  string
 	License string
+	Proxy   string
 }
 
 func Register(client cluster.HTTPClientI, admInfo madmin.InfoMessage, apiKey, token, accountID string) (*LicenseTokenConfig, error) {
@@ -115,7 +116,7 @@ func Register(client cluster.HTTPClientI, admInfo madmin.InfoMessage, apiKey, to
 	subnetAPIKey := respJSON.Get("api_key").String()
 	licenseJwt := respJSON.Get("license").String()
 
-	if subnetAPIKey != "" {
+	if subnetAPIKey != "" || licenseJwt != "" {
 		return &LicenseTokenConfig{
 			APIKey:  subnetAPIKey,
 			License: licenseJwt,
diff --git a/portal-ui/src/screens/Console/License/types.tsx b/portal-ui/src/screens/Console/License/types.tsx
index cf816109c..ef80f142d 100644
--- a/portal-ui/src/screens/Console/License/types.tsx
+++ b/portal-ui/src/screens/Console/License/types.tsx
@@ -33,7 +33,6 @@ export interface SubnetLoginRequest {
 export interface SubnetRegisterRequest {
   token: string;
   account_id: string;
-  proxy?: string;
 }
 
 export interface SubnetOrganization {
diff --git a/portal-ui/src/screens/Console/Support/Register.tsx b/portal-ui/src/screens/Console/Support/Register.tsx
index af12fa7ba..1dd6c5703 100644
--- a/portal-ui/src/screens/Console/Support/Register.tsx
+++ b/portal-ui/src/screens/Console/Support/Register.tsx
@@ -30,7 +30,6 @@ import React, { Fragment, useCallback, useEffect, useState } from "react";
 import { CopyIcon, DiagnosticsFeatureIcon, UsersIcon } from "../../../icons";
 import RemoveRedEyeIcon from "@mui/icons-material/RemoveRedEye";
 import VisibilityOffIcon from "@mui/icons-material/VisibilityOff";
-import DnsIcon from "@mui/icons-material/Dns";
 import OnlineRegistrationIcon from "../../../icons/OnlineRegistrationIcon";
 import OfflineRegistrationIcon from "../../../icons/OfflineRegistrationIcon";
 import InputBoxWrapper from "../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
@@ -302,7 +301,6 @@ const Register = ({
   const [clusterRegistered, setClusterRegistered] = useState<boolean>(false);
   const [initialLicenseLoading, setInitialLicenseLoading] =
     useState<boolean>(true);
-  const [subnetProxy, setSubnetProxy] = useState<string>("");
   const [displaySubnetProxy, setDisplaySubnetProxy] = useState<boolean>(false);
 
   const clearForm = () => {
@@ -374,9 +372,6 @@ const Register = ({
       token: token,
       account_id: account_id,
     };
-    if (displaySubnetProxy) {
-      request.proxy = subnetProxy;
-    }
     api
       .invoke("POST", "/api/v1/subnet/register", request)
       .then(() => {
@@ -409,9 +404,6 @@ const Register = ({
       otp: subnetOTP,
       mfa_token: subnetMFAToken,
     };
-    if (displaySubnetProxy) {
-      request.proxy = subnetProxy;
-    }
     api
       .invoke("POST", "/api/v1/subnet/login/mfa", request)
       .then((resp: SubnetLoginResponse) => {
@@ -448,9 +440,6 @@ const Register = ({
       password: subnetPassword,
       apiKey: license,
     };
-    if (displaySubnetProxy) {
-      request.proxy = subnetProxy;
-    }
     api
       .invoke("POST", "/api/v1/subnet/login", request)
       .then((resp: SubnetLoginResponse) => {
@@ -917,6 +906,9 @@ const Register = ({
     );
   }
 
+  const proxyConfigurationCommand =
+    "mc admin config set {alias} subnet proxy={proxy}";
+
   return (
     <Fragment>
       <PageHeader label="Register" />
@@ -1001,21 +993,33 @@ const Register = ({
                     fontSize: "14px",
                   }}
                 >
-                  For airgap/firewalled environments it is possible to configure
-                  a proxy to connect to SUBNET.
+                  For airgap/firewalled environments it is possible to{" "}
+                  <Link
+                    className={classes.link}
+                    href="https://docs.min.io/docs/minio-server-configuration-guide.html?ref=con"
+                    target="_blank"
+                  >
+                    configure a proxy
+                  </Link>{" "}
+                  to connect to SUBNET .
                 </Box>
                 <Box>
                   {displaySubnetProxy && (
                     <InputBoxWrapper
-                      overlayIcon={<DnsIcon />}
+                      disabled
                       id="subnetProxy"
                       name="subnetProxy"
-                      onChange={(event: React.ChangeEvent<HTMLInputElement>) =>
-                        setSubnetProxy(event.target.value)
-                      }
-                      placeholder="https://192.168.1.3:3128"
+                      placeholder=""
+                      onChange={() => {}}
                       label=""
-                      value={subnetProxy}
+                      value={proxyConfigurationCommand}
+                      overlayIcon={<CopyIcon />}
+                      extraInputProps={{
+                        readOnly: true,
+                      }}
+                      overlayAction={() =>
+                        navigator.clipboard.writeText(proxyConfigurationCommand)
+                      }
                     />
                   )}
                 </Box>
diff --git a/restapi/admin_subnet.go b/restapi/admin_subnet.go
index 1e2820e63..a1561def3 100644
--- a/restapi/admin_subnet.go
+++ b/restapi/admin_subnet.go
@@ -44,7 +44,7 @@ func registerSubnetHandlers(api *operations.ConsoleAPI) {
 	})
 	// Get subnet login with MFA handler
 	api.AdminAPISubnetLoginMFAHandler = admin_api.SubnetLoginMFAHandlerFunc(func(params admin_api.SubnetLoginMFAParams, session *models.Principal) middleware.Responder {
-		resp, err := GetSubnetLoginWithMFAResponse(params)
+		resp, err := GetSubnetLoginWithMFAResponse(session, params)
 		if err != nil {
 			return admin_api.NewSubnetLoginMFADefault(int(err.Code)).WithPayload(err)
 		}
@@ -85,7 +85,12 @@ func SubnetRegisterWithAPIKey(ctx context.Context, minioClient MinioAdmin, apiKe
 	if err != nil {
 		return false, err
 	}
-	configStr := fmt.Sprintf("subnet license=%s api_key=%s", registerResult.License, registerResult.APIKey)
+	// Keep existing subnet proxy if exists
+	subnetKey, err := GetSubnetKeyFromMinIOConfig(ctx, minioClient)
+	if err != nil {
+		return false, err
+	}
+	configStr := fmt.Sprintf("subnet license=%s api_key=%s proxy=%s", registerResult.License, registerResult.APIKey, subnetKey.Proxy)
 	_, err = minioClient.setConfigKV(ctx, configStr)
 	if err != nil {
 		return false, err
@@ -112,15 +117,15 @@ func SubnetLogin(client cluster.HTTPClientI, username, password string) (string,
 
 func GetSubnetLoginResponse(session *models.Principal, params admin_api.SubnetLoginParams) (*models.SubnetLoginResponse, *models.Error) {
 	ctx := context.Background()
-	subnetHTTPClient, err := GetSubnetHTTPClient(params.Body.Proxy)
-	if err != nil {
-		return nil, prepareError(err)
-	}
 	mAdmin, err := NewMinioAdminClient(session)
 	if err != nil {
 		return nil, prepareError(err)
 	}
 	minioClient := AdminClient{Client: mAdmin}
+	subnetHTTPClient, err := GetSubnetHTTPClient(ctx, minioClient)
+	if err != nil {
+		return nil, prepareError(err)
+	}
 	apiKey := params.Body.APIKey
 	if apiKey != "" {
 		registered, err := SubnetRegisterWithAPIKey(ctx, minioClient, apiKey)
@@ -173,8 +178,19 @@ func SubnetLoginWithMFA(client cluster.HTTPClientI, username, mfaToken, otp stri
 }
 
 // GetSubnetHTTPClient will return a client with proxy if configured, otherwise will return the default console http client
-func GetSubnetHTTPClient(proxy string) (*cluster.HTTPClient, error) {
+func GetSubnetHTTPClient(ctx context.Context, minioClient MinioAdmin) (*cluster.HTTPClient, error) {
 	var subnetHTTPClient *http.Client
+	var proxy string
+	envProxy := getSubnetProxy()
+	subnetKey, err := GetSubnetKeyFromMinIOConfig(ctx, minioClient)
+	if err != nil {
+		return nil, err
+	}
+	if subnetKey.Proxy != "" {
+		proxy = subnetKey.Proxy
+	} else if envProxy != "" {
+		proxy = envProxy
+	}
 	if proxy != "" {
 		transport := prepareSTSClientTransport(false)
 		subnetHTTPClient = &http.Client{
@@ -194,8 +210,14 @@ func GetSubnetHTTPClient(proxy string) (*cluster.HTTPClient, error) {
 	return clientI, nil
 }
 
-func GetSubnetLoginWithMFAResponse(params admin_api.SubnetLoginMFAParams) (*models.SubnetLoginResponse, *models.Error) {
-	subnetHTTPClient, err := GetSubnetHTTPClient(params.Body.Proxy)
+func GetSubnetLoginWithMFAResponse(session *models.Principal, params admin_api.SubnetLoginMFAParams) (*models.SubnetLoginResponse, *models.Error) {
+	ctx := context.Background()
+	mAdmin, err := NewMinioAdminClient(session)
+	if err != nil {
+		return nil, prepareError(err)
+	}
+	minioClient := AdminClient{Client: mAdmin}
+	subnetHTTPClient, err := GetSubnetHTTPClient(ctx, minioClient)
 	if err != nil {
 		return nil, prepareError(err)
 	}
@@ -225,6 +247,8 @@ func GetSubnetKeyFromMinIOConfig(ctx context.Context, minioClient MinioAdmin) (*
 			res.APIKey = kv.Value
 		} else if kv.Key == "license" {
 			res.License = kv.Value
+		} else if kv.Key == "proxy" {
+			res.Proxy = kv.Value
 		}
 	}
 	return &res, nil
@@ -239,7 +263,12 @@ func GetSubnetRegister(ctx context.Context, minioClient MinioAdmin, httpClient c
 	if err != nil {
 		return err
 	}
-	configStr := fmt.Sprintf("subnet license=%s api_key=%s", registerResult.License, registerResult.APIKey)
+	// Keep existing subnet proxy if exists
+	subnetKey, err := GetSubnetKeyFromMinIOConfig(ctx, minioClient)
+	if err != nil {
+		return err
+	}
+	configStr := fmt.Sprintf("subnet license=%s api_key=%s proxy=%s", registerResult.License, registerResult.APIKey, subnetKey.Proxy)
 	_, err = minioClient.setConfigKV(ctx, configStr)
 	if err != nil {
 		return err
@@ -254,7 +283,7 @@ func GetSubnetRegisterResponse(session *models.Principal, params admin_api.Subne
 		return prepareError(err)
 	}
 	adminClient := AdminClient{Client: mAdmin}
-	subnetHTTPClient, err := GetSubnetHTTPClient(params.Body.Proxy)
+	subnetHTTPClient, err := GetSubnetHTTPClient(ctx, adminClient)
 	if err != nil {
 		return prepareError(err)
 	}
diff --git a/restapi/config.go b/restapi/config.go
index 9f2fe745d..70a471a27 100644
--- a/restapi/config.go
+++ b/restapi/config.go
@@ -50,6 +50,10 @@ func getMinIOServer() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
 }
 
+func getSubnetProxy() string {
+	return strings.TrimSpace(env.Get(ConsoleSubnetProxy, ""))
+}
+
 func GetMinIORegion() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIORegion, ""))
 }
diff --git a/restapi/consts.go b/restapi/consts.go
index aca0db703..c1a0b322d 100644
--- a/restapi/consts.go
+++ b/restapi/consts.go
@@ -20,6 +20,7 @@ package restapi
 const (
 	// Constants for common configuration
 	ConsoleMinIOServer   = "CONSOLE_MINIO_SERVER"
+	ConsoleSubnetProxy   = "CONSOLE_SUBNET_PROXY"
 	ConsoleMinIORegion   = "CONSOLE_MINIO_REGION"
 	ConsoleHostname      = "CONSOLE_HOSTNAME"
 	ConsolePort          = "CONSOLE_PORT"
diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go
index 1c76671b7..716a074b5 100644
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -5730,9 +5730,6 @@ func init() {
         "otp": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "username": {
           "type": "string"
         }
@@ -5747,9 +5744,6 @@ func init() {
         "password": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "username": {
           "type": "string"
         }
@@ -5808,9 +5802,6 @@ func init() {
         "account_id": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "token": {
           "type": "string"
         }
@@ -11966,9 +11957,6 @@ func init() {
         "otp": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "username": {
           "type": "string"
         }
@@ -11983,9 +11971,6 @@ func init() {
         "password": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "username": {
           "type": "string"
         }
@@ -12044,9 +12029,6 @@ func init() {
         "account_id": {
           "type": "string"
         },
-        "proxy": {
-          "type": "string"
-        },
         "token": {
           "type": "string"
         }
diff --git a/swagger-console.yml b/swagger-console.yml
index fbd482f92..4b3d523fe 100644
--- a/swagger-console.yml
+++ b/swagger-console.yml
@@ -4138,8 +4138,6 @@ definitions:
   subnetLoginRequest:
     type: object
     properties:
-      proxy:
-        type: string
       username:
         type: string
       password:
@@ -4154,8 +4152,6 @@ definitions:
       - otp
       - mfa_token
     properties:
-      proxy:
-        type: string
       username:
         type: string
       otp:
@@ -4169,8 +4165,6 @@ definitions:
       - token
       - account_id
     properties:
-      proxy:
-        type: string
       token:
         type: string
       account_id: