mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Return Generated Console Credentials (#217)

Browse Source 
Whe Console is configured, we auto generate credentials for Console and store them in a secret but we need to return them to the user so he knows what credentials he/she can use to log in to console.
This commit is contained in:
Daniel Valdivia
2020-07-30 13:55:11 -07:00
committed by GitHub
parent 3ffaeceaf4
commit 410920823a
4 changed files with 136 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
models/create_tenant_response.go
View File

@@ -23,6 +23,7 @@ package models
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
@@ -35,12 +36,42 @@ type CreateTenantResponse struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// console
Console *CreateTenantResponseConsole `json:"console,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response
func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateConsole(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
if swag.IsZero(m.Console) { // not required
return nil
}
if m.Console != nil {
if err := m.Console.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("console")
}
return err
}
}
return nil
}
@@ -61,3 +92,38 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// CreateTenantResponseConsole create tenant response console
//
// swagger:model CreateTenantResponseConsole
type CreateTenantResponseConsole struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response console
func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
var res CreateTenantResponseConsole
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

50
restapi/admin_tenants.go
View File

@@ -254,12 +254,12 @@ func listTenants(ctx context.Context, operatorClient OperatorClient, namespace s
}
var tenants []*models.TenantList
var totalSize int64
for _, minInst := range minTenants.Items {
for _, tenant := range minTenants.Items {
var totalSize int64
var instanceCount int64
var volumeCount int64
for _, zone := range minInst.Spec.Zones {
for _, zone := range tenant.Spec.Zones {
instanceCount = instanceCount + int64(zone.Servers)
volumeCount = volumeCount + int64(zone.Servers*zone.VolumesPerServer)
if zone.VolumeClaimTemplate != nil {
@@ -269,20 +269,20 @@ func listTenants(ctx context.Context, operatorClient OperatorClient, namespace s
}
tenants = append(tenants, &models.TenantList{
CreationDate: minInst.ObjectMeta.CreationTimestamp.String(),
Name: minInst.ObjectMeta.Name,
ZoneCount: int64(len(minInst.Spec.Zones)),
CreationDate: tenant.ObjectMeta.CreationTimestamp.String(),
Name: tenant.ObjectMeta.Name,
ZoneCount: int64(len(tenant.Spec.Zones)),
InstanceCount: instanceCount,
VolumeCount: volumeCount,
CurrentState: minInst.Status.CurrentState,
Namespace: minInst.ObjectMeta.Namespace,
CurrentState: tenant.Status.CurrentState,
Namespace: tenant.ObjectMeta.Namespace,
TotalSize: totalSize,
})
}
return &models.ListTenantsResponse{
Tenants: tenants,
Total: 0,
Total: int64(len(tenants)),
}, nil
}
@@ -332,6 +332,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
minioImage = *minImg
}
// get Kubernetes Client
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
return nil, err
}
ns := *params.Body.Namespace
// if access/secret are provided, use them, else create a random pair
accessKey := RandomCharString(16)
@@ -355,11 +362,6 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
},
}
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
return nil, err
}
ns := *params.Body.Namespace
_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
if err != nil {
return nil, err
@@ -389,10 +391,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
},
}
// optionals are set below
var consoleAccess string
var consoleSecret string
if enableConsole {
consoleSelector := fmt.Sprintf("%s-console", *params.Body.Name)
consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
consoleAccess = RandomCharString(16)
consoleSecret = RandomCharString(32)
imm := true
instanceSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
@@ -403,8 +408,8 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
"CONSOLE_HMAC_JWT_SECRET": []byte(RandomCharString(16)),
"CONSOLE_PBKDF_PASSPHRASE": []byte(RandomCharString(16)),
"CONSOLE_PBKDF_SALT": []byte(RandomCharString(8)),
"CONSOLE_ACCESS_KEY": []byte(RandomCharString(16)),
"CONSOLE_SECRET_KEY": []byte(RandomCharString(32)),
"CONSOLE_ACCESS_KEY": []byte(consoleAccess),
"CONSOLE_SECRET_KEY": []byte(consoleSecret),
},
}
_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
@@ -462,11 +467,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
return nil, err
}
}
return &models.CreateTenantResponse{
response := &models.CreateTenantResponse{
AccessKey: accessKey,
SecretKey: secretKey,
}, nil
}
// Attach Console Credentials
if enableConsole {
response.Console.AccessKey = consoleAccess
response.Console.SecretKey = consoleSecret
}
return response, nil
}
// updateTenantAction does an update on the minioTenant by patching the desired changes

33
restapi/embedded_spec.go
View File

@@ -2020,6 +2020,17 @@ func init() {
"access_key": {
"type": "string"
},
"console": {
"type": "object",
"properties": {
"access_key": {
"type": "string"
},
"secret_key": {
"type": "string"
}
}
},
"secret_key": {
"type": "string"
}
@@ -4842,6 +4853,17 @@ func init() {
}
},
"definitions": {
"CreateTenantResponseConsole": {
"type": "object",
"properties": {
"access_key": {
"type": "string"
},
"secret_key": {
"type": "string"
}
}
},
"NodeSelectorTermMatchExpressionsItems0": {
"description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
"type": "object",
@@ -5359,6 +5381,17 @@ func init() {
"access_key": {
"type": "string"
},
"console": {
"type": "object",
"properties": {
"access_key": {
"type": "string"
},
"secret_key": {
"type": "string"
}
}
},
"secret_key": {
"type": "string"
}

7
swagger.yml
View File

@@ -1817,6 +1817,13 @@ definitions:
type: string
secret_key:
type: string
console:
type: object
properties:
access_key:
type: string
secret_key:
type: string
zone:
type: object
required: