mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update encryption configuration screen for tenant (#1611)

Browse Source
This commit is contained in:
Lenin Alevski
2022-03-01 01:56:38 -06:00
committed by GitHub
parent 208afdfc3a
commit 4fa2f16e9a
30 changed files with 6216 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
models/encryption_configuration.go
View File

@@ -57,6 +57,9 @@ type EncryptionConfiguration struct {
// replicas
Replicas string `json:"replicas,omitempty"`
// secrets to be deleted
SecretsToBeDeleted []string `json:"secretsToBeDeleted"`
// security context
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
@@ -92,6 +95,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
Replicas string `json:"replicas,omitempty"`
SecretsToBeDeleted []string `json:"secretsToBeDeleted"`
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *KeyPairConfiguration `json:"server,omitempty"`
@@ -116,6 +121,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
m.Replicas = dataAO1.Replicas
m.SecretsToBeDeleted = dataAO1.SecretsToBeDeleted
m.SecurityContext = dataAO1.SecurityContext
m.Server = dataAO1.Server
@@ -149,6 +156,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
Replicas string `json:"replicas,omitempty"`
SecretsToBeDeleted []string `json:"secretsToBeDeleted"`
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *KeyPairConfiguration `json:"server,omitempty"`
@@ -170,6 +179,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
dataAO1.Replicas = m.Replicas
dataAO1.SecretsToBeDeleted = m.SecretsToBeDeleted
dataAO1.SecurityContext = m.SecurityContext
dataAO1.Server = m.Server

585
models/encryption_configuration_response.go Normal file
View File

@@ -0,0 +1,585 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// EncryptionConfigurationResponse encryption configuration response
//
// swagger:model encryptionConfigurationResponse
type EncryptionConfigurationResponse struct {
MetadataFields
// aws
Aws *AwsConfiguration `json:"aws,omitempty"`
// azure
Azure *AzureConfiguration `json:"azure,omitempty"`
// gcp
Gcp *GcpConfiguration `json:"gcp,omitempty"`
// gemalto
Gemalto *GemaltoConfigurationResponse `json:"gemalto,omitempty"`
// image
Image string `json:"image,omitempty"`
// mtls client
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
// replicas
Replicas string `json:"replicas,omitempty"`
// security context
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
// server
Server *CertificateInfo `json:"server,omitempty"`
// vault
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
}
// UnmarshalJSON unmarshals this object from a JSON structure
func (m *EncryptionConfigurationResponse) UnmarshalJSON(raw []byte) error {
// AO0
var aO0 MetadataFields
if err := swag.ReadJSON(raw, &aO0); err != nil {
return err
}
m.MetadataFields = aO0
// AO1
var dataAO1 struct {
Aws *AwsConfiguration `json:"aws,omitempty"`
Azure *AzureConfiguration `json:"azure,omitempty"`
Gcp *GcpConfiguration `json:"gcp,omitempty"`
Gemalto *GemaltoConfigurationResponse `json:"gemalto,omitempty"`
Image string `json:"image,omitempty"`
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
Replicas string `json:"replicas,omitempty"`
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *CertificateInfo `json:"server,omitempty"`
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
}
if err := swag.ReadJSON(raw, &dataAO1); err != nil {
return err
}
m.Aws = dataAO1.Aws
m.Azure = dataAO1.Azure
m.Gcp = dataAO1.Gcp
m.Gemalto = dataAO1.Gemalto
m.Image = dataAO1.Image
m.MtlsClient = dataAO1.MtlsClient
m.Replicas = dataAO1.Replicas
m.SecurityContext = dataAO1.SecurityContext
m.Server = dataAO1.Server
m.Vault = dataAO1.Vault
return nil
}
// MarshalJSON marshals this object to a JSON structure
func (m EncryptionConfigurationResponse) MarshalJSON() ([]byte, error) {
_parts := make([][]byte, 0, 2)
aO0, err := swag.WriteJSON(m.MetadataFields)
if err != nil {
return nil, err
}
_parts = append(_parts, aO0)
var dataAO1 struct {
Aws *AwsConfiguration `json:"aws,omitempty"`
Azure *AzureConfiguration `json:"azure,omitempty"`
Gcp *GcpConfiguration `json:"gcp,omitempty"`
Gemalto *GemaltoConfigurationResponse `json:"gemalto,omitempty"`
Image string `json:"image,omitempty"`
MtlsClient *CertificateInfo `json:"mtls_client,omitempty"`
Replicas string `json:"replicas,omitempty"`
SecurityContext *SecurityContext `json:"securityContext,omitempty"`
Server *CertificateInfo `json:"server,omitempty"`
Vault *VaultConfigurationResponse `json:"vault,omitempty"`
}
dataAO1.Aws = m.Aws
dataAO1.Azure = m.Azure
dataAO1.Gcp = m.Gcp
dataAO1.Gemalto = m.Gemalto
dataAO1.Image = m.Image
dataAO1.MtlsClient = m.MtlsClient
dataAO1.Replicas = m.Replicas
dataAO1.SecurityContext = m.SecurityContext
dataAO1.Server = m.Server
dataAO1.Vault = m.Vault
jsonDataAO1, errAO1 := swag.WriteJSON(dataAO1)
if errAO1 != nil {
return nil, errAO1
}
_parts = append(_parts, jsonDataAO1)
return swag.ConcatJSON(_parts...), nil
}
// Validate validates this encryption configuration response
func (m *EncryptionConfigurationResponse) Validate(formats strfmt.Registry) error {
var res []error
// validation for a type composition with MetadataFields
if err := m.MetadataFields.Validate(formats); err != nil {
res = append(res, err)
}
if err := m.validateAws(formats); err != nil {
res = append(res, err)
}
if err := m.validateAzure(formats); err != nil {
res = append(res, err)
}
if err := m.validateGcp(formats); err != nil {
res = append(res, err)
}
if err := m.validateGemalto(formats); err != nil {
res = append(res, err)
}
if err := m.validateMtlsClient(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecurityContext(formats); err != nil {
res = append(res, err)
}
if err := m.validateServer(formats); err != nil {
res = append(res, err)
}
if err := m.validateVault(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationResponse) validateAws(formats strfmt.Registry) error {
if swag.IsZero(m.Aws) { // not required
return nil
}
if m.Aws != nil {
if err := m.Aws.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("aws")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("aws")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateAzure(formats strfmt.Registry) error {
if swag.IsZero(m.Azure) { // not required
return nil
}
if m.Azure != nil {
if err := m.Azure.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("azure")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("azure")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateGcp(formats strfmt.Registry) error {
if swag.IsZero(m.Gcp) { // not required
return nil
}
if m.Gcp != nil {
if err := m.Gcp.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("gcp")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("gcp")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateGemalto(formats strfmt.Registry) error {
if swag.IsZero(m.Gemalto) { // not required
return nil
}
if m.Gemalto != nil {
if err := m.Gemalto.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("gemalto")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("gemalto")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateMtlsClient(formats strfmt.Registry) error {
if swag.IsZero(m.MtlsClient) { // not required
return nil
}
if m.MtlsClient != nil {
if err := m.MtlsClient.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("mtls_client")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("mtls_client")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateSecurityContext(formats strfmt.Registry) error {
if swag.IsZero(m.SecurityContext) { // not required
return nil
}
if m.SecurityContext != nil {
if err := m.SecurityContext.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("securityContext")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("securityContext")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateServer(formats strfmt.Registry) error {
if swag.IsZero(m.Server) { // not required
return nil
}
if m.Server != nil {
if err := m.Server.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) validateVault(formats strfmt.Registry) error {
if swag.IsZero(m.Vault) { // not required
return nil
}
if m.Vault != nil {
if err := m.Vault.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("vault")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("vault")
}
return err
}
}
return nil
}
// ContextValidate validate this encryption configuration response based on the context it is used
func (m *EncryptionConfigurationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
// validation for a type composition with MetadataFields
if err := m.MetadataFields.ContextValidate(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateAws(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateAzure(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateGcp(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateGemalto(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateMtlsClient(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateServer(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateVault(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateAws(ctx context.Context, formats strfmt.Registry) error {
if m.Aws != nil {
if err := m.Aws.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("aws")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("aws")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateAzure(ctx context.Context, formats strfmt.Registry) error {
if m.Azure != nil {
if err := m.Azure.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("azure")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("azure")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateGcp(ctx context.Context, formats strfmt.Registry) error {
if m.Gcp != nil {
if err := m.Gcp.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("gcp")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("gcp")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateGemalto(ctx context.Context, formats strfmt.Registry) error {
if m.Gemalto != nil {
if err := m.Gemalto.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("gemalto")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("gemalto")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateMtlsClient(ctx context.Context, formats strfmt.Registry) error {
if m.MtlsClient != nil {
if err := m.MtlsClient.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("mtls_client")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("mtls_client")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
if m.SecurityContext != nil {
if err := m.SecurityContext.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("securityContext")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("securityContext")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateServer(ctx context.Context, formats strfmt.Registry) error {
if m.Server != nil {
if err := m.Server.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("server")
}
return err
}
}
return nil
}
func (m *EncryptionConfigurationResponse) contextValidateVault(ctx context.Context, formats strfmt.Registry) error {
if m.Vault != nil {
if err := m.Vault.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("vault")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("vault")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfigurationResponse) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfigurationResponse) UnmarshalBinary(b []byte) error {
var res EncryptionConfigurationResponse
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

447
models/gemalto_configuration_response.go Normal file
View File

@@ -0,0 +1,447 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// GemaltoConfigurationResponse gemalto configuration response
//
// swagger:model gemaltoConfigurationResponse
type GemaltoConfigurationResponse struct {
// keysecure
// Required: true
Keysecure *GemaltoConfigurationResponseKeysecure `json:"keysecure"`
}
// Validate validates this gemalto configuration response
func (m *GemaltoConfigurationResponse) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKeysecure(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponse) validateKeysecure(formats strfmt.Registry) error {
if err := validate.Required("keysecure", "body", m.Keysecure); err != nil {
return err
}
if m.Keysecure != nil {
if err := m.Keysecure.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration response based on the context it is used
func (m *GemaltoConfigurationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateKeysecure(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponse) contextValidateKeysecure(ctx context.Context, formats strfmt.Registry) error {
if m.Keysecure != nil {
if err := m.Keysecure.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponse) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationResponse) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationResponse
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationResponseKeysecure gemalto configuration response keysecure
//
// swagger:model GemaltoConfigurationResponseKeysecure
type GemaltoConfigurationResponseKeysecure struct {
// credentials
// Required: true
Credentials *GemaltoConfigurationResponseKeysecureCredentials `json:"credentials"`
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// tls
TLS *GemaltoConfigurationResponseKeysecureTLS `json:"tls,omitempty"`
}
// Validate validates this gemalto configuration response keysecure
func (m *GemaltoConfigurationResponseKeysecure) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCredentials(formats); err != nil {
res = append(res, err)
}
if err := m.validateEndpoint(formats); err != nil {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) validateCredentials(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials", "body", m.Credentials); err != nil {
return err
}
if m.Credentials != nil {
if err := m.Credentials.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "credentials")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "credentials")
}
return err
}
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) validateEndpoint(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"endpoint", "body", m.Endpoint); err != nil {
return err
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration response keysecure based on the context it is used
func (m *GemaltoConfigurationResponseKeysecure) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCredentials(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) contextValidateCredentials(ctx context.Context, formats strfmt.Registry) error {
if m.Credentials != nil {
if err := m.Credentials.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "credentials")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "credentials")
}
return err
}
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecure) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecure) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecure) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationResponseKeysecure
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationResponseKeysecureCredentials gemalto configuration response keysecure credentials
//
// swagger:model GemaltoConfigurationResponseKeysecureCredentials
type GemaltoConfigurationResponseKeysecureCredentials struct {
// domain
// Required: true
Domain *string `json:"domain"`
// retry
Retry int64 `json:"retry,omitempty"`
// token
// Required: true
Token *string `json:"token"`
}
// Validate validates this gemalto configuration response keysecure credentials
func (m *GemaltoConfigurationResponseKeysecureCredentials) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateDomain(formats); err != nil {
res = append(res, err)
}
if err := m.validateToken(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureCredentials) validateDomain(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials"+"."+"domain", "body", m.Domain); err != nil {
return err
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureCredentials) validateToken(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials"+"."+"token", "body", m.Token); err != nil {
return err
}
return nil
}
// ContextValidate validates this gemalto configuration response keysecure credentials based on context it is used
func (m *GemaltoConfigurationResponseKeysecureCredentials) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureCredentials) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureCredentials) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationResponseKeysecureCredentials
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationResponseKeysecureTLS gemalto configuration response keysecure TLS
//
// swagger:model GemaltoConfigurationResponseKeysecureTLS
type GemaltoConfigurationResponseKeysecureTLS struct {
// ca
// Required: true
Ca *CertificateInfo `json:"ca"`
}
// Validate validates this gemalto configuration response keysecure TLS
func (m *GemaltoConfigurationResponseKeysecureTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureTLS) validateCa(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
return err
}
if m.Ca != nil {
if err := m.Ca.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca")
}
return err
}
}
return nil
}
// ContextValidate validate this gemalto configuration response keysecure TLS based on the context it is used
func (m *GemaltoConfigurationResponseKeysecureTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCa(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationResponseKeysecureTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error {
if m.Ca != nil {
if err := m.Ca.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("keysecure" + "." + "tls" + "." + "ca")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationResponseKeysecureTLS) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationResponseKeysecureTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

232
models/update_tenant_encryption_request.go Normal file
View File

@@ -0,0 +1,232 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// UpdateTenantEncryptionRequest update tenant encryption request
//
// swagger:model updateTenantEncryptionRequest
type UpdateTenantEncryptionRequest struct {
// auto cert
AutoCert bool `json:"autoCert,omitempty"`
// custom certificates
CustomCertificates *UpdateTenantEncryptionRequestCustomCertificates `json:"customCertificates,omitempty"`
}
// Validate validates this update tenant encryption request
func (m *UpdateTenantEncryptionRequest) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCustomCertificates(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *UpdateTenantEncryptionRequest) validateCustomCertificates(formats strfmt.Registry) error {
if swag.IsZero(m.CustomCertificates) { // not required
return nil
}
if m.CustomCertificates != nil {
if err := m.CustomCertificates.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("customCertificates")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("customCertificates")
}
return err
}
}
return nil
}
// ContextValidate validate this update tenant encryption request based on the context it is used
func (m *UpdateTenantEncryptionRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCustomCertificates(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *UpdateTenantEncryptionRequest) contextValidateCustomCertificates(ctx context.Context, formats strfmt.Registry) error {
if m.CustomCertificates != nil {
if err := m.CustomCertificates.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("customCertificates")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("customCertificates")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *UpdateTenantEncryptionRequest) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *UpdateTenantEncryptionRequest) UnmarshalBinary(b []byte) error {
var res UpdateTenantEncryptionRequest
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// UpdateTenantEncryptionRequestCustomCertificates update tenant encryption request custom certificates
//
// swagger:model UpdateTenantEncryptionRequestCustomCertificates
type UpdateTenantEncryptionRequestCustomCertificates struct {
// minio
Minio []*KeyPairConfiguration `json:"minio"`
// minio c as
MinioCAs []string `json:"minioCAs"`
// secrets to be deleted
SecretsToBeDeleted []string `json:"secretsToBeDeleted"`
}
// Validate validates this update tenant encryption request custom certificates
func (m *UpdateTenantEncryptionRequestCustomCertificates) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateMinio(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *UpdateTenantEncryptionRequestCustomCertificates) validateMinio(formats strfmt.Registry) error {
if swag.IsZero(m.Minio) { // not required
return nil
}
for i := 0; i < len(m.Minio); i++ {
if swag.IsZero(m.Minio[i]) { // not required
continue
}
if m.Minio[i] != nil {
if err := m.Minio[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("customCertificates" + "." + "minio" + "." + strconv.Itoa(i))
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("customCertificates" + "." + "minio" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// ContextValidate validate this update tenant encryption request custom certificates based on the context it is used
func (m *UpdateTenantEncryptionRequestCustomCertificates) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateMinio(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *UpdateTenantEncryptionRequestCustomCertificates) contextValidateMinio(ctx context.Context, formats strfmt.Registry) error {
for i := 0; i < len(m.Minio); i++ {
if m.Minio[i] != nil {
if err := m.Minio[i].ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("customCertificates" + "." + "minio" + "." + strconv.Itoa(i))
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("customCertificates" + "." + "minio" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *UpdateTenantEncryptionRequestCustomCertificates) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *UpdateTenantEncryptionRequestCustomCertificates) UnmarshalBinary(b []byte) error {
var res UpdateTenantEncryptionRequestCustomCertificates
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

494
models/vault_configuration_response.go Normal file
View File

@@ -0,0 +1,494 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// VaultConfigurationResponse vault configuration response
//
// swagger:model vaultConfigurationResponse
type VaultConfigurationResponse struct {
// approle
// Required: true
Approle *VaultConfigurationResponseApprole `json:"approle"`
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// engine
Engine string `json:"engine,omitempty"`
// namespace
Namespace string `json:"namespace,omitempty"`
// prefix
Prefix string `json:"prefix,omitempty"`
// status
Status *VaultConfigurationResponseStatus `json:"status,omitempty"`
// tls
TLS *VaultConfigurationResponseTLS `json:"tls,omitempty"`
}
// Validate validates this vault configuration response
func (m *VaultConfigurationResponse) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateApprole(formats); err != nil {
res = append(res, err)
}
if err := m.validateEndpoint(formats); err != nil {
res = append(res, err)
}
if err := m.validateStatus(formats); err != nil {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponse) validateApprole(formats strfmt.Registry) error {
if err := validate.Required("approle", "body", m.Approle); err != nil {
return err
}
if m.Approle != nil {
if err := m.Approle.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("approle")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("approle")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponse) validateEndpoint(formats strfmt.Registry) error {
if err := validate.Required("endpoint", "body", m.Endpoint); err != nil {
return err
}
return nil
}
func (m *VaultConfigurationResponse) validateStatus(formats strfmt.Registry) error {
if swag.IsZero(m.Status) { // not required
return nil
}
if m.Status != nil {
if err := m.Status.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("status")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("status")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponse) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// ContextValidate validate this vault configuration response based on the context it is used
func (m *VaultConfigurationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateApprole(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateStatus(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateTLS(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponse) contextValidateApprole(ctx context.Context, formats strfmt.Registry) error {
if m.Approle != nil {
if err := m.Approle.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("approle")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("approle")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponse) contextValidateStatus(ctx context.Context, formats strfmt.Registry) error {
if m.Status != nil {
if err := m.Status.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("status")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("status")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponse) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
if m.TLS != nil {
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponse) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationResponse) UnmarshalBinary(b []byte) error {
var res VaultConfigurationResponse
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationResponseApprole vault configuration response approle
//
// swagger:model VaultConfigurationResponseApprole
type VaultConfigurationResponseApprole struct {
// engine
Engine string `json:"engine,omitempty"`
// id
// Required: true
ID *string `json:"id"`
// retry
Retry int64 `json:"retry,omitempty"`
// secret
// Required: true
Secret *string `json:"secret"`
}
// Validate validates this vault configuration response approle
func (m *VaultConfigurationResponseApprole) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateID(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecret(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponseApprole) validateID(formats strfmt.Registry) error {
if err := validate.Required("approle"+"."+"id", "body", m.ID); err != nil {
return err
}
return nil
}
func (m *VaultConfigurationResponseApprole) validateSecret(formats strfmt.Registry) error {
if err := validate.Required("approle"+"."+"secret", "body", m.Secret); err != nil {
return err
}
return nil
}
// ContextValidate validates this vault configuration response approle based on context it is used
func (m *VaultConfigurationResponseApprole) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponseApprole) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationResponseApprole) UnmarshalBinary(b []byte) error {
var res VaultConfigurationResponseApprole
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationResponseStatus vault configuration response status
//
// swagger:model VaultConfigurationResponseStatus
type VaultConfigurationResponseStatus struct {
// ping
Ping int64 `json:"ping,omitempty"`
}
// Validate validates this vault configuration response status
func (m *VaultConfigurationResponseStatus) Validate(formats strfmt.Registry) error {
return nil
}
// ContextValidate validates this vault configuration response status based on context it is used
func (m *VaultConfigurationResponseStatus) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponseStatus) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationResponseStatus) UnmarshalBinary(b []byte) error {
var res VaultConfigurationResponseStatus
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationResponseTLS vault configuration response TLS
//
// swagger:model VaultConfigurationResponseTLS
type VaultConfigurationResponseTLS struct {
// ca
Ca *CertificateInfo `json:"ca,omitempty"`
// crt
Crt *CertificateInfo `json:"crt,omitempty"`
}
// Validate validates this vault configuration response TLS
func (m *VaultConfigurationResponseTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponseTLS) validateCa(formats strfmt.Registry) error {
if swag.IsZero(m.Ca) { // not required
return nil
}
if m.Ca != nil {
if err := m.Ca.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponseTLS) validateCrt(formats strfmt.Registry) error {
if swag.IsZero(m.Crt) { // not required
return nil
}
if m.Crt != nil {
if err := m.Crt.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "crt")
}
return err
}
}
return nil
}
// ContextValidate validate this vault configuration response TLS based on the context it is used
func (m *VaultConfigurationResponseTLS) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateCa(ctx, formats); err != nil {
res = append(res, err)
}
if err := m.contextValidateCrt(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationResponseTLS) contextValidateCa(ctx context.Context, formats strfmt.Registry) error {
if m.Ca != nil {
if err := m.Ca.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "ca")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "ca")
}
return err
}
}
return nil
}
func (m *VaultConfigurationResponseTLS) contextValidateCrt(ctx context.Context, formats strfmt.Registry) error {
if m.Crt != nil {
if err := m.Crt.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls" + "." + "crt")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("tls" + "." + "crt")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationResponseTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationResponseTLS) UnmarshalBinary(b []byte) error {
var res VaultConfigurationResponseTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

596
operatorapi/embedded_spec.go
View File

@@ -634,6 +634,41 @@ func init() {
}
},
"/namespaces/{namespace}/tenants/{tenant}/encryption": {
"get": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Encryption Info",
"operationId": "TenantEncryptionInfo",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/encryptionConfigurationResponse"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
},
"put": {
"tags": [
"OperatorAPI"
@@ -673,6 +708,38 @@ func init() {
}
}
}
},
"delete": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Delete Encryption",
"operationId": "TenantDeleteEncryption",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/namespaces/{namespace}/tenants/{tenant}/events": {
@@ -2013,6 +2080,12 @@ func init() {
"replicas": {
"type": "string"
},
"secretsToBeDeleted": {
"type": "array",
"items": {
"type": "string"
}
},
"securityContext": {
"type": "object",
"$ref": "#/definitions/securityContext"
@@ -2029,6 +2102,56 @@ func init() {
}
]
},
"encryptionConfigurationResponse": {
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
{
"type": "object",
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"azure": {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"gcp": {
"type": "object",
"$ref": "#/definitions/gcpConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfigurationResponse"
},
"image": {
"type": "string"
},
"mtls_client": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"replicas": {
"type": "string"
},
"securityContext": {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfigurationResponse"
}
}
}
]
},
"error": {
"type": "object",
"required": [
@@ -2197,6 +2320,57 @@ func init() {
}
}
},
"gemaltoConfigurationResponse": {
"type": "object",
"required": [
"keysecure"
],
"properties": {
"keysecure": {
"type": "object",
"required": [
"endpoint",
"credentials"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"token",
"domain"
],
"properties": {
"domain": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"token": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
}
},
"getDirectCSIDriveListResponse": {
"type": "object",
"properties": {
@@ -3648,6 +3822,71 @@ func init() {
}
}
}
},
"vaultConfigurationResponse": {
"type": "object",
"required": [
"endpoint",
"approle"
],
"properties": {
"approle": {
"type": "object",
"required": [
"id",
"secret"
],
"properties": {
"engine": {
"type": "string"
},
"id": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"secret": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
},
"engine": {
"type": "string"
},
"namespace": {
"type": "string"
},
"prefix": {
"type": "string"
},
"status": {
"type": "object",
"properties": {
"ping": {
"type": "integer",
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
},
"securityDefinitions": {
@@ -4264,6 +4503,41 @@ func init() {
}
},
"/namespaces/{namespace}/tenants/{tenant}/encryption": {
"get": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Encryption Info",
"operationId": "TenantEncryptionInfo",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/encryptionConfigurationResponse"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
},
"put": {
"tags": [
"OperatorAPI"
@@ -4303,6 +4577,38 @@ func init() {
}
}
}
},
"delete": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Delete Encryption",
"operationId": "TenantDeleteEncryption",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"204": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/namespaces/{namespace}/tenants/{tenant}/events": {
@@ -5517,6 +5823,80 @@ func init() {
}
}
},
"GemaltoConfigurationResponseKeysecure": {
"type": "object",
"required": [
"endpoint",
"credentials"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"token",
"domain"
],
"properties": {
"domain": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"token": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
},
"GemaltoConfigurationResponseKeysecureCredentials": {
"type": "object",
"required": [
"token",
"domain"
],
"properties": {
"domain": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"token": {
"type": "string"
}
}
},
"GemaltoConfigurationResponseKeysecureTLS": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"IdpConfigurationActiveDirectory": {
"type": "object",
"required": [
@@ -6003,6 +6383,50 @@ func init() {
}
}
},
"VaultConfigurationResponseApprole": {
"type": "object",
"required": [
"id",
"secret"
],
"properties": {
"engine": {
"type": "string"
},
"id": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"secret": {
"type": "string"
}
}
},
"VaultConfigurationResponseStatus": {
"type": "object",
"properties": {
"ping": {
"type": "integer",
"format": "int64"
}
}
},
"VaultConfigurationResponseTLS": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
},
"VaultConfigurationStatus": {
"type": "object",
"properties": {
@@ -6376,6 +6800,12 @@ func init() {
"replicas": {
"type": "string"
},
"secretsToBeDeleted": {
"type": "array",
"items": {
"type": "string"
}
},
"securityContext": {
"type": "object",
"$ref": "#/definitions/securityContext"
@@ -6392,6 +6822,56 @@ func init() {
}
]
},
"encryptionConfigurationResponse": {
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
{
"type": "object",
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"azure": {
"type": "object",
"$ref": "#/definitions/azureConfiguration"
},
"gcp": {
"type": "object",
"$ref": "#/definitions/gcpConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfigurationResponse"
},
"image": {
"type": "string"
},
"mtls_client": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"replicas": {
"type": "string"
},
"securityContext": {
"type": "object",
"$ref": "#/definitions/securityContext"
},
"server": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfigurationResponse"
}
}
}
]
},
"error": {
"type": "object",
"required": [
@@ -6560,6 +7040,57 @@ func init() {
}
}
},
"gemaltoConfigurationResponse": {
"type": "object",
"required": [
"keysecure"
],
"properties": {
"keysecure": {
"type": "object",
"required": [
"endpoint",
"credentials"
],
"properties": {
"credentials": {
"type": "object",
"required": [
"token",
"domain"
],
"properties": {
"domain": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"token": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
},
"tls": {
"type": "object",
"required": [
"ca"
],
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
}
},
"getDirectCSIDriveListResponse": {
"type": "object",
"properties": {
@@ -7864,6 +8395,71 @@ func init() {
}
}
}
},
"vaultConfigurationResponse": {
"type": "object",
"required": [
"endpoint",
"approle"
],
"properties": {
"approle": {
"type": "object",
"required": [
"id",
"secret"
],
"properties": {
"engine": {
"type": "string"
},
"id": {
"type": "string"
},
"retry": {
"type": "integer",
"format": "int64"
},
"secret": {
"type": "string"
}
}
},
"endpoint": {
"type": "string"
},
"engine": {
"type": "string"
},
"namespace": {
"type": "string"
},
"prefix": {
"type": "string"
},
"status": {
"type": "object",
"properties": {
"ping": {
"type": "integer",
"format": "int64"
}
}
},
"tls": {
"type": "object",
"properties": {
"ca": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
},
"crt": {
"type": "object",
"$ref": "#/definitions/certificateInfo"
}
}
}
}
}
},
"securityDefinitions": {

2
operatorapi/error.go
View File

@@ -42,6 +42,8 @@ var (
errorUnableToGetTenantLogs = errors.New("unable to get tenant logs")
errorUnableToUpdateTenantCertificates = errors.New("unable to update tenant certificates")
errorUpdatingEncryptionConfig = errors.New("unable to update encryption configuration")
errorDeletingEncryptionConfig = errors.New("error disabling tenant encryption")
errorEncryptionConfigNotFound = errors.New("encryption configuration not found")
errBucketBodyNotInRequest = errors.New("error bucket body not in request")
errBucketNameNotInRequest = errors.New("error bucket name not in request")
errGroupBodyNotInRequest = errors.New("error group body not in request")

24
operatorapi/operations/operator_api.go
View File

@@ -177,9 +177,15 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
OperatorAPITenantAddPoolHandler: operator_api.TenantAddPoolHandlerFunc(func(params operator_api.TenantAddPoolParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantAddPool has not yet been implemented")
}),
OperatorAPITenantDeleteEncryptionHandler: operator_api.TenantDeleteEncryptionHandlerFunc(func(params operator_api.TenantDeleteEncryptionParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantDeleteEncryption has not yet been implemented")
}),
OperatorAPITenantDetailsHandler: operator_api.TenantDetailsHandlerFunc(func(params operator_api.TenantDetailsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantDetails has not yet been implemented")
}),
OperatorAPITenantEncryptionInfoHandler: operator_api.TenantEncryptionInfoHandlerFunc(func(params operator_api.TenantEncryptionInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantEncryptionInfo has not yet been implemented")
}),
OperatorAPITenantSecurityHandler: operator_api.TenantSecurityHandlerFunc(func(params operator_api.TenantSecurityParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantSecurity has not yet been implemented")
}),
@@ -323,8 +329,12 @@ type OperatorAPI struct {
OperatorAPISubscriptionValidateHandler operator_api.SubscriptionValidateHandler
// OperatorAPITenantAddPoolHandler sets the operation handler for the tenant add pool operation
OperatorAPITenantAddPoolHandler operator_api.TenantAddPoolHandler
// OperatorAPITenantDeleteEncryptionHandler sets the operation handler for the tenant delete encryption operation
OperatorAPITenantDeleteEncryptionHandler operator_api.TenantDeleteEncryptionHandler
// OperatorAPITenantDetailsHandler sets the operation handler for the tenant details operation
OperatorAPITenantDetailsHandler operator_api.TenantDetailsHandler
// OperatorAPITenantEncryptionInfoHandler sets the operation handler for the tenant encryption info operation
OperatorAPITenantEncryptionInfoHandler operator_api.TenantEncryptionInfoHandler
// OperatorAPITenantSecurityHandler sets the operation handler for the tenant security operation
OperatorAPITenantSecurityHandler operator_api.TenantSecurityHandler
// OperatorAPITenantUpdateCertificateHandler sets the operation handler for the tenant update certificate operation
@@ -532,9 +542,15 @@ func (o *OperatorAPI) Validate() error {
if o.OperatorAPITenantAddPoolHandler == nil {
unregistered = append(unregistered, "operator_api.TenantAddPoolHandler")
}
if o.OperatorAPITenantDeleteEncryptionHandler == nil {
unregistered = append(unregistered, "operator_api.TenantDeleteEncryptionHandler")
}
if o.OperatorAPITenantDetailsHandler == nil {
unregistered = append(unregistered, "operator_api.TenantDetailsHandler")
}
if o.OperatorAPITenantEncryptionInfoHandler == nil {
unregistered = append(unregistered, "operator_api.TenantEncryptionInfoHandler")
}
if o.OperatorAPITenantSecurityHandler == nil {
unregistered = append(unregistered, "operator_api.TenantSecurityHandler")
}
@@ -803,6 +819,10 @@ func (o *OperatorAPI) initHandlerCache() {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/namespaces/{namespace}/tenants/{tenant}/pools"] = operator_api.NewTenantAddPool(o.context, o.OperatorAPITenantAddPoolHandler)
if o.handlers["DELETE"] == nil {
o.handlers["DELETE"] = make(map[string]http.Handler)
}
o.handlers["DELETE"]["/namespaces/{namespace}/tenants/{tenant}/encryption"] = operator_api.NewTenantDeleteEncryption(o.context, o.OperatorAPITenantDeleteEncryptionHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
@@ -810,6 +830,10 @@ func (o *OperatorAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/encryption"] = operator_api.NewTenantEncryptionInfo(o.context, o.OperatorAPITenantEncryptionInfoHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewTenantSecurity(o.context, o.OperatorAPITenantSecurityHandler)
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)

88
operatorapi/operations/operator_api/tenant_delete_encryption.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// TenantDeleteEncryptionHandlerFunc turns a function with the right signature into a tenant delete encryption handler
type TenantDeleteEncryptionHandlerFunc func(TenantDeleteEncryptionParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn TenantDeleteEncryptionHandlerFunc) Handle(params TenantDeleteEncryptionParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// TenantDeleteEncryptionHandler interface for that can handle valid tenant delete encryption params
type TenantDeleteEncryptionHandler interface {
Handle(TenantDeleteEncryptionParams, *models.Principal) middleware.Responder
}
// NewTenantDeleteEncryption creates a new http.Handler for the tenant delete encryption operation
func NewTenantDeleteEncryption(ctx *middleware.Context, handler TenantDeleteEncryptionHandler) *TenantDeleteEncryption {
return &TenantDeleteEncryption{Context: ctx, Handler: handler}
}
/* TenantDeleteEncryption swagger:route DELETE /namespaces/{namespace}/tenants/{tenant}/encryption OperatorAPI tenantDeleteEncryption
Tenant Delete Encryption
*/
type TenantDeleteEncryption struct {
Context *middleware.Context
Handler TenantDeleteEncryptionHandler
}
func (o *TenantDeleteEncryption) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewTenantDeleteEncryptionParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

112
operatorapi/operations/operator_api/tenant_delete_encryption_parameters.go Normal file
View File

@@ -0,0 +1,112 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewTenantDeleteEncryptionParams creates a new TenantDeleteEncryptionParams object
//
// There are no default values defined in the spec.
func NewTenantDeleteEncryptionParams() TenantDeleteEncryptionParams {
return TenantDeleteEncryptionParams{}
}
// TenantDeleteEncryptionParams contains all the bound params for the tenant delete encryption operation
// typically these are obtained from a http.Request
//
// swagger:parameters TenantDeleteEncryption
type TenantDeleteEncryptionParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Namespace string
/*
Required: true
In: path
*/
Tenant string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewTenantDeleteEncryptionParams() beforehand.
func (o *TenantDeleteEncryptionParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
res = append(res, err)
}
rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindNamespace binds and validates parameter Namespace from path.
func (o *TenantDeleteEncryptionParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Namespace = raw
return nil
}
// bindTenant binds and validates parameter Tenant from path.
func (o *TenantDeleteEncryptionParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Tenant = raw
return nil
}

113
operatorapi/operations/operator_api/tenant_delete_encryption_responses.go Normal file
View File

@@ -0,0 +1,113 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// TenantDeleteEncryptionNoContentCode is the HTTP code returned for type TenantDeleteEncryptionNoContent
const TenantDeleteEncryptionNoContentCode int = 204
/*TenantDeleteEncryptionNoContent A successful response.
swagger:response tenantDeleteEncryptionNoContent
*/
type TenantDeleteEncryptionNoContent struct {
}
// NewTenantDeleteEncryptionNoContent creates TenantDeleteEncryptionNoContent with default headers values
func NewTenantDeleteEncryptionNoContent() *TenantDeleteEncryptionNoContent {
return &TenantDeleteEncryptionNoContent{}
}
// WriteResponse to the client
func (o *TenantDeleteEncryptionNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
rw.WriteHeader(204)
}
/*TenantDeleteEncryptionDefault Generic error response.
swagger:response tenantDeleteEncryptionDefault
*/
type TenantDeleteEncryptionDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewTenantDeleteEncryptionDefault creates TenantDeleteEncryptionDefault with default headers values
func NewTenantDeleteEncryptionDefault(code int) *TenantDeleteEncryptionDefault {
if code <= 0 {
code = 500
}
return &TenantDeleteEncryptionDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the tenant delete encryption default response
func (o *TenantDeleteEncryptionDefault) WithStatusCode(code int) *TenantDeleteEncryptionDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the tenant delete encryption default response
func (o *TenantDeleteEncryptionDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the tenant delete encryption default response
func (o *TenantDeleteEncryptionDefault) WithPayload(payload *models.Error) *TenantDeleteEncryptionDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the tenant delete encryption default response
func (o *TenantDeleteEncryptionDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *TenantDeleteEncryptionDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

124
operatorapi/operations/operator_api/tenant_delete_encryption_urlbuilder.go Normal file
View File

@@ -0,0 +1,124 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// TenantDeleteEncryptionURL generates an URL for the tenant delete encryption operation
type TenantDeleteEncryptionURL struct {
Namespace string
Tenant string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantDeleteEncryptionURL) WithBasePath(bp string) *TenantDeleteEncryptionURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantDeleteEncryptionURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *TenantDeleteEncryptionURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/namespaces/{namespace}/tenants/{tenant}/encryption"
namespace := o.Namespace
if namespace != "" {
_path = strings.Replace(_path, "{namespace}", namespace, -1)
} else {
return nil, errors.New("namespace is required on TenantDeleteEncryptionURL")
}
tenant := o.Tenant
if tenant != "" {
_path = strings.Replace(_path, "{tenant}", tenant, -1)
} else {
return nil, errors.New("tenant is required on TenantDeleteEncryptionURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *TenantDeleteEncryptionURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *TenantDeleteEncryptionURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *TenantDeleteEncryptionURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on TenantDeleteEncryptionURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on TenantDeleteEncryptionURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *TenantDeleteEncryptionURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

88
operatorapi/operations/operator_api/tenant_encryption_info.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// TenantEncryptionInfoHandlerFunc turns a function with the right signature into a tenant encryption info handler
type TenantEncryptionInfoHandlerFunc func(TenantEncryptionInfoParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn TenantEncryptionInfoHandlerFunc) Handle(params TenantEncryptionInfoParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// TenantEncryptionInfoHandler interface for that can handle valid tenant encryption info params
type TenantEncryptionInfoHandler interface {
Handle(TenantEncryptionInfoParams, *models.Principal) middleware.Responder
}
// NewTenantEncryptionInfo creates a new http.Handler for the tenant encryption info operation
func NewTenantEncryptionInfo(ctx *middleware.Context, handler TenantEncryptionInfoHandler) *TenantEncryptionInfo {
return &TenantEncryptionInfo{Context: ctx, Handler: handler}
}
/* TenantEncryptionInfo swagger:route GET /namespaces/{namespace}/tenants/{tenant}/encryption OperatorAPI tenantEncryptionInfo
Tenant Encryption Info
*/
type TenantEncryptionInfo struct {
Context *middleware.Context
Handler TenantEncryptionInfoHandler
}
func (o *TenantEncryptionInfo) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewTenantEncryptionInfoParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

112
operatorapi/operations/operator_api/tenant_encryption_info_parameters.go Normal file
View File

@@ -0,0 +1,112 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewTenantEncryptionInfoParams creates a new TenantEncryptionInfoParams object
//
// There are no default values defined in the spec.
func NewTenantEncryptionInfoParams() TenantEncryptionInfoParams {
return TenantEncryptionInfoParams{}
}
// TenantEncryptionInfoParams contains all the bound params for the tenant encryption info operation
// typically these are obtained from a http.Request
//
// swagger:parameters TenantEncryptionInfo
type TenantEncryptionInfoParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Namespace string
/*
Required: true
In: path
*/
Tenant string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewTenantEncryptionInfoParams() beforehand.
func (o *TenantEncryptionInfoParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
res = append(res, err)
}
rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindNamespace binds and validates parameter Namespace from path.
func (o *TenantEncryptionInfoParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Namespace = raw
return nil
}
// bindTenant binds and validates parameter Tenant from path.
func (o *TenantEncryptionInfoParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Tenant = raw
return nil
}

133
operatorapi/operations/operator_api/tenant_encryption_info_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// TenantEncryptionInfoOKCode is the HTTP code returned for type TenantEncryptionInfoOK
const TenantEncryptionInfoOKCode int = 200
/*TenantEncryptionInfoOK A successful response.
swagger:response tenantEncryptionInfoOK
*/
type TenantEncryptionInfoOK struct {
/*
In: Body
*/
Payload *models.EncryptionConfigurationResponse `json:"body,omitempty"`
}
// NewTenantEncryptionInfoOK creates TenantEncryptionInfoOK with default headers values
func NewTenantEncryptionInfoOK() *TenantEncryptionInfoOK {
return &TenantEncryptionInfoOK{}
}
// WithPayload adds the payload to the tenant encryption info o k response
func (o *TenantEncryptionInfoOK) WithPayload(payload *models.EncryptionConfigurationResponse) *TenantEncryptionInfoOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the tenant encryption info o k response
func (o *TenantEncryptionInfoOK) SetPayload(payload *models.EncryptionConfigurationResponse) {
o.Payload = payload
}
// WriteResponse to the client
func (o *TenantEncryptionInfoOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*TenantEncryptionInfoDefault Generic error response.
swagger:response tenantEncryptionInfoDefault
*/
type TenantEncryptionInfoDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewTenantEncryptionInfoDefault creates TenantEncryptionInfoDefault with default headers values
func NewTenantEncryptionInfoDefault(code int) *TenantEncryptionInfoDefault {
if code <= 0 {
code = 500
}
return &TenantEncryptionInfoDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the tenant encryption info default response
func (o *TenantEncryptionInfoDefault) WithStatusCode(code int) *TenantEncryptionInfoDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the tenant encryption info default response
func (o *TenantEncryptionInfoDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the tenant encryption info default response
func (o *TenantEncryptionInfoDefault) WithPayload(payload *models.Error) *TenantEncryptionInfoDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the tenant encryption info default response
func (o *TenantEncryptionInfoDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *TenantEncryptionInfoDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

124
operatorapi/operations/operator_api/tenant_encryption_info_urlbuilder.go Normal file
View File

@@ -0,0 +1,124 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// TenantEncryptionInfoURL generates an URL for the tenant encryption info operation
type TenantEncryptionInfoURL struct {
Namespace string
Tenant string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantEncryptionInfoURL) WithBasePath(bp string) *TenantEncryptionInfoURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantEncryptionInfoURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *TenantEncryptionInfoURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/namespaces/{namespace}/tenants/{tenant}/encryption"
namespace := o.Namespace
if namespace != "" {
_path = strings.Replace(_path, "{namespace}", namespace, -1)
} else {
return nil, errors.New("namespace is required on TenantEncryptionInfoURL")
}
tenant := o.Tenant
if tenant != "" {
_path = strings.Replace(_path, "{tenant}", tenant, -1)
} else {
return nil, errors.New("tenant is required on TenantEncryptionInfoURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *TenantEncryptionInfoURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *TenantEncryptionInfoURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *TenantEncryptionInfoURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on TenantEncryptionInfoURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on TenantEncryptionInfoURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *TenantEncryptionInfoURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

56
operatorapi/operator_tenants.go
View File

@@ -280,6 +280,24 @@ func registerTenantHandlers(api *operations.OperatorAPI) {
return operator_api.NewTenantUpdateEncryptionCreated()
})
// Delete tenant Encryption Configuration
api.OperatorAPITenantDeleteEncryptionHandler = operator_api.TenantDeleteEncryptionHandlerFunc(func(params operator_api.TenantDeleteEncryptionParams, session *models.Principal) middleware.Responder {
err := getTenantDeleteEncryptionResponse(session, params)
if err != nil {
return operator_api.NewTenantDeleteEncryptionDefault(int(err.Code)).WithPayload(err)
}
return operator_api.NewTenantDeleteEncryptionNoContent()
})
// Get Tenant Encryption Configuration
api.OperatorAPITenantEncryptionInfoHandler = operator_api.TenantEncryptionInfoHandlerFunc(func(params operator_api.TenantEncryptionInfoParams, session *models.Principal) middleware.Responder {
configuration, err := getTenantEncryptionInfoResponse(session, params)
if err != nil {
return operator_api.NewTenantEncryptionInfoDefault(int(err.Code)).WithPayload(err)
}
return operator_api.NewTenantEncryptionInfoOK().WithPayload(configuration)
})
// Get Tenant YAML
api.OperatorAPIGetTenantYAMLHandler = operator_api.GetTenantYAMLHandlerFunc(func(params operator_api.GetTenantYAMLParams, principal *models.Principal) middleware.Responder {
payload, err := getTenantYAML(principal, params)
@@ -635,6 +653,34 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
return info, nil
}
func parseCertificate(name string, rawCert []byte) (*models.CertificateInfo, error) {
block, _ := pem.Decode(rawCert)
if block == nil {
return nil, errors.New("certificate failed to decode")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
domains := []string{}
// append certificate domain names
if len(cert.DNSNames) > 0 {
domains = append(domains, cert.DNSNames...)
}
// append certificate IPs
if len(cert.IPAddresses) > 0 {
for _, ip := range cert.IPAddresses {
domains = append(domains, ip.String())
}
}
return &models.CertificateInfo{
SerialNumber: cert.SerialNumber.String(),
Name: name,
Domains: domains,
Expiry: cert.NotAfter.String(),
}, nil
}
// parseTenantCertificates convert public key pem certificates stored in k8s secrets for a given Tenant into x509 certificates
func parseTenantCertificates(ctx context.Context, clientSet K8sClientI, namespace string, secrets []*miniov2.LocalCertificateReference) ([]*models.CertificateInfo, error) {
var certificates []*models.CertificateInfo
@@ -1207,7 +1253,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
minInst.Spec.KES.NodeSelector = tenantReq.Encryption.NodeSelector
if tenantReq.Encryption.SecurityContext != nil {
sc, err := parseSecurityContext(tenantReq.Encryption.SecurityContext)
sc, err := convertModelSCToK8sSC(tenantReq.Encryption.SecurityContext)
if err != nil {
return nil, prepareError(err)
}
@@ -1309,7 +1355,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
}
// if security context for logSearch is present, configure it.
if tenantReq.LogSearchConfiguration.SecurityContext != nil {
sc, err := parseSecurityContext(tenantReq.LogSearchConfiguration.SecurityContext)
sc, err := convertModelSCToK8sSC(tenantReq.LogSearchConfiguration.SecurityContext)
if err != nil {
return nil, prepareError(err)
}
@@ -1317,7 +1363,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
}
// if security context for logSearch is present, configure it.
if tenantReq.LogSearchConfiguration.PostgresSecurityContext != nil {
sc, err := parseSecurityContext(tenantReq.LogSearchConfiguration.PostgresSecurityContext)
sc, err := convertModelSCToK8sSC(tenantReq.LogSearchConfiguration.PostgresSecurityContext)
if err != nil {
return nil, prepareError(err)
}
@@ -1411,7 +1457,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
}
// if security context for prometheus is present, configure it.
if tenantReq.PrometheusConfiguration != nil && tenantReq.PrometheusConfiguration.SecurityContext != nil {
sc, err := parseSecurityContext(tenantReq.PrometheusConfiguration.SecurityContext)
sc, err := convertModelSCToK8sSC(tenantReq.PrometheusConfiguration.SecurityContext)
if err != nil {
return nil, prepareError(err)
}
@@ -2550,7 +2596,7 @@ func parseTenantPoolRequest(poolParams *models.Pool) (*miniov2.Pool, error) {
}
// if security context for Tenant is present, configure it.
if poolParams.SecurityContext != nil {
sc, err := parseSecurityContext(poolParams.SecurityContext)
sc, err := convertModelSCToK8sSC(poolParams.SecurityContext)
if err != nil {
return nil, err
}

354
operatorapi/operator_tenants_helper.go
View File

@@ -22,6 +22,7 @@ import (
"crypto/tls"
"encoding/base64"
"encoding/hex"
"encoding/json"
"fmt"
"strconv"
"time"
@@ -39,8 +40,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// parseSecurityContext validate and return securityContext for pods
func parseSecurityContext(sc *models.SecurityContext) (*corev1.PodSecurityContext, error) {
// convertModelSCToK8sSC validates and converts from models.SecurityContext to corev1.PodSecurityContext
func convertModelSCToK8sSC(sc *models.SecurityContext) (*corev1.PodSecurityContext, error) {
if sc == nil {
return nil, errors.New("invalid security context")
}
@@ -64,6 +65,19 @@ func parseSecurityContext(sc *models.SecurityContext) (*corev1.PodSecurityContex
}, nil
}
// convertK8sSCToModelSC validates and converts from corev1.PodSecurityContext to models.SecurityContext
func convertK8sSCToModelSC(sc *corev1.PodSecurityContext) *models.SecurityContext {
runAsUser := strconv.FormatInt(*sc.RunAsUser, 10)
RunAsGroup := strconv.FormatInt(*sc.RunAsGroup, 10)
FsGroup := strconv.FormatInt(*sc.FSGroup, 10)
return &models.SecurityContext{
RunAsUser: &runAsUser,
RunAsGroup: &RunAsGroup,
RunAsNonRoot: sc.RunAsNonRoot,
FsGroup: &FsGroup,
}
}
// tenantUpdateCertificates receives the keyPair certificates (public and private keys) for Minio and Console and will try
// to replace the existing kubernetes secrets with the new values, then will restart the affected pods so the new volumes can be mounted
func tenantUpdateCertificates(ctx context.Context, operatorClient OperatorClientI, clientSet K8sClientI, namespace string, params operator_api.TenantUpdateCertificateParams) error {
@@ -116,6 +130,22 @@ func getTenantUpdateCertificatesResponse(session *models.Principal, params opera
return nil
}
// tenantDeleteEncryption allow user to disable tenant encryption for a particular tenant
func tenantDeleteEncryption(ctx context.Context, operatorClient OperatorClientI, namespace string, params operator_api.TenantDeleteEncryptionParams) error {
tenantName := params.Tenant
tenant, err := operatorClient.TenantGet(ctx, namespace, tenantName, metav1.GetOptions{})
if err != nil {
return err
}
tenant.EnsureDefaults()
tenant.Spec.KES = nil
_, err = operatorClient.TenantUpdate(ctx, tenant, metav1.UpdateOptions{})
if err != nil {
return err
}
return nil
}
// tenantUpdateEncryption allow user to update KES server certificates, KES client certificates (used by MinIO for mTLS) and KES configuration (KMS configuration, credentials, etc)
func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI, clientSet K8sClientI, namespace string, params operator_api.TenantUpdateEncryptionParams) error {
tenantName := params.Tenant
@@ -125,47 +155,99 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI,
if err != nil {
return err
}
// Check if encryption is enabled for MinIO via KES
if tenant.HasKESEnabled() {
// check if KES is deployed with external certificates and user provided new server keypair
if tenant.KESExternalCert() && body.Server != nil {
kesExternalCertSecretName := fmt.Sprintf("%s-kes-external-cert", secretName)
// update certificates
certificates := []*models.KeyPairConfiguration{body.Server}
if _, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, kesExternalCertSecretName, tenantName); err != nil {
return err
tenant.EnsureDefaults()
// Initialize KES configuration if not present
if !tenant.HasKESEnabled() {
tenant.Spec.KES = &miniov2.KESConfig{}
}
if tenant.KESExternalCert() {
for _, certificateToBeDeleted := range params.Body.SecretsToBeDeleted {
if tenant.Spec.KES.ExternalCertSecret.Name == certificateToBeDeleted {
tenant.Spec.KES.ExternalCertSecret = nil
break
}
}
// check if Tenant is deployed with external client certificates and user provided new client keypaiir
if tenant.ExternalClientCert() && body.Client != nil {
tenantExternalClientCertSecretName := fmt.Sprintf("%s-tenant-external-client-cert", secretName)
// Update certificates
certificates := []*models.KeyPairConfiguration{body.Client}
if _, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, tenantExternalClientCertSecretName, tenantName); err != nil {
return err
}
// Restart MinIO pods to mount the new client secrets
err := clientSet.deletePodCollection(ctx, namespace, metav1.DeleteOptions{}, metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, tenantName),
})
if err != nil {
return err
}
if tenant.ExternalClientCert() {
for _, certificateToBeDeleted := range params.Body.SecretsToBeDeleted {
if tenant.Spec.ExternalClientCertSecret.Name == certificateToBeDeleted {
tenant.Spec.ExternalClientCertSecret = nil
break
}
}
// update KES identities in kes-configuration.yaml secret
kesConfigurationSecretName := fmt.Sprintf("%s-kes-configuration", secretName)
kesClientCertSecretName := fmt.Sprintf("%s-kes-client-cert", secretName)
_, _, err := createOrReplaceKesConfigurationSecrets(ctx, clientSet, namespace, body, kesConfigurationSecretName, kesClientCertSecretName, tenantName)
}
if body.Server != nil {
kesExternalCertSecretName := fmt.Sprintf("%s-kes-external-cert", secretName)
if tenant.KESExternalCert() {
kesExternalCertSecretName = tenant.Spec.KES.ExternalCertSecret.Name
}
// update certificates
certificates := []*models.KeyPairConfiguration{body.Server}
createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, kesExternalCertSecretName, tenantName)
if err != nil {
return err
}
// Restart KES pods to mount the new configuration
err = clientSet.deletePodCollection(ctx, namespace, metav1.DeleteOptions{}, metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", miniov2.KESInstanceLabel, fmt.Sprintf("%s-kes", tenantName)),
})
if len(createdCertificates) > 0 {
tenant.Spec.KES.ExternalCertSecret = createdCertificates[0]
}
}
if body.Client != nil {
tenantExternalClientCertSecretName := fmt.Sprintf("%s-tenant-external-client-cert", secretName)
if tenant.ExternalClientCert() {
tenantExternalClientCertSecretName = tenant.Spec.ExternalClientCertSecret.Name
}
// Update certificates
certificates := []*models.KeyPairConfiguration{body.Client}
createdCertificates, err := createOrReplaceExternalCertSecrets(ctx, clientSet, namespace, certificates, tenantExternalClientCertSecretName, tenantName)
if err != nil {
return err
}
if len(createdCertificates) > 0 {
tenant.Spec.ExternalClientCertSecret = createdCertificates[0]
}
}
// update KES identities in kes-configuration.yaml secret
kesConfigurationSecretName := fmt.Sprintf("%s-kes-configuration", secretName)
kesClientCertSecretName := fmt.Sprintf("%s-kes-client-cert", secretName)
kesConfigurationSecret, kesClientCertSecret, err := createOrReplaceKesConfigurationSecrets(ctx, clientSet, namespace, body, kesConfigurationSecretName, kesClientCertSecretName, tenantName)
if err != nil {
return err
}
tenant.Spec.KES.Configuration = kesConfigurationSecret
tenant.Spec.KES.ClientCertSecret = kesClientCertSecret
image := params.Body.Image
if image == "" {
image = miniov2.DefaultKESImage
}
tenant.Spec.KES.Image = image
i, err := strconv.ParseInt(params.Body.Replicas, 10, 32)
if err != nil {
return err
}
tenant.Spec.KES.Replicas = int32(i)
tenant.Spec.KES.SecurityContext, err = convertModelSCToK8sSC(params.Body.SecurityContext)
if err != nil {
return err
}
_, err = operatorClient.TenantUpdate(ctx, tenant, metav1.UpdateOptions{})
if err != nil {
return err
}
return nil
}
// getTenantDeleteEncryptionResponse is a wrapper for tenantDeleteEncryption
func getTenantDeleteEncryptionResponse(session *models.Principal, params operator_api.TenantDeleteEncryptionParams) *models.Error {
ctx := context.Background()
opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
if err != nil {
return prepareError(err, errorDeletingEncryptionConfig)
}
opClient := operatorClient{
client: opClientClientSet,
}
if err := tenantDeleteEncryption(ctx, &opClient, params.Namespace, params); err != nil {
return prepareError(err, errorDeletingEncryptionConfig)
}
return nil
}
@@ -194,6 +276,203 @@ func getTenantUpdateEncryptionResponse(session *models.Principal, params operato
return nil
}
// tenantEncryptionInfo retrieves encryption information for the current tenant
func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, clientSet K8sClientI, namespace string, params operator_api.TenantEncryptionInfoParams) (*models.EncryptionConfigurationResponse, error) {
tenantName := params.Tenant
tenant, err := operatorClient.TenantGet(ctx, namespace, tenantName, metav1.GetOptions{})
if err != nil {
return nil, err
}
// Check if encryption is enabled for MinIO via KES
if tenant.HasKESEnabled() {
encryptConfig := &models.EncryptionConfigurationResponse{
Image: tenant.Spec.KES.Image,
Replicas: fmt.Sprintf("%d", tenant.Spec.KES.Replicas),
}
if tenant.Spec.KES.Image == "" {
encryptConfig.Image = miniov2.GetTenantKesImage()
}
if tenant.Spec.KES.SecurityContext != nil {
encryptConfig.SecurityContext = convertK8sSCToModelSC(tenant.Spec.KES.SecurityContext)
}
if tenant.KESExternalCert() {
kesExternalCerts, err := parseTenantCertificates(ctx, clientSet, tenant.Namespace, []*miniov2.LocalCertificateReference{tenant.Spec.KES.ExternalCertSecret})
if err != nil {
return nil, err
}
if len(kesExternalCerts) > 0 {
encryptConfig.Server = kesExternalCerts[0]
}
}
if tenant.ExternalClientCert() {
clientCerts, err := parseTenantCertificates(ctx, clientSet, tenant.Namespace, []*miniov2.LocalCertificateReference{tenant.Spec.ExternalClientCertSecret})
if err != nil {
return nil, err
}
if len(clientCerts) > 0 {
encryptConfig.MtlsClient = clientCerts[0]
}
}
if tenant.Spec.KES.Configuration != nil {
configSecret, err := clientSet.getSecret(ctx, tenant.Namespace, tenant.Spec.KES.Configuration.Name, metav1.GetOptions{})
if err != nil {
return nil, err
}
if rawConfiguration, ok := configSecret.Data["server-config.yaml"]; ok {
kesConfiguration := &kes.ServerConfig{}
err := yaml.Unmarshal(rawConfiguration, kesConfiguration)
if err != nil {
return nil, err
}
if kesConfiguration.Keys.Vault != nil {
vault := kesConfiguration.Keys.Vault
vaultConfig := &models.VaultConfigurationResponse{
Prefix: vault.Prefix,
Namespace: vault.Namespace,
Engine: vault.EnginePath,
Endpoint: &vault.Endpoint,
}
if vault.Status != nil {
vaultConfig.Status = &models.VaultConfigurationResponseStatus{
Ping: int64(vault.Status.Ping.Seconds()),
}
}
if vault.AppRole != nil {
vaultConfig.Approle = &models.VaultConfigurationResponseApprole{
Engine: vault.AppRole.EnginePath,
ID: &vault.AppRole.ID,
Retry: int64(vault.AppRole.Retry.Seconds()),
Secret: &vault.AppRole.Secret,
}
}
if tenant.KESClientCert() {
vaultConfig.TLS = &models.VaultConfigurationResponseTLS{}
clientSecretName := tenant.Spec.KES.ClientCertSecret.Name
keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{})
if err != nil {
return nil, err
}
// Extract client public certificate
if rawCert, ok := keyPair.Data["client.crt"]; ok {
vaultConfig.TLS.Crt, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
}
// Extract client ca certificate
if rawCert, ok := keyPair.Data["ca.crt"]; ok {
vaultConfig.TLS.Ca, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
}
}
encryptConfig.Vault = vaultConfig
}
if kesConfiguration.Keys.Aws != nil {
awsJSON, err := json.Marshal(kesConfiguration.Keys.Aws)
if err != nil {
return nil, err
}
awsConfig := &models.AwsConfiguration{}
err = json.Unmarshal(awsJSON, awsConfig)
if err != nil {
return nil, err
}
encryptConfig.Aws = awsConfig
}
if kesConfiguration.Keys.Gcp != nil {
gcpJSON, err := json.Marshal(kesConfiguration.Keys.Gcp)
if err != nil {
return nil, err
}
gcpConfig := &models.GcpConfiguration{}
err = json.Unmarshal(gcpJSON, gcpConfig)
if err != nil {
return nil, err
}
encryptConfig.Gcp = gcpConfig
}
if kesConfiguration.Keys.Gemalto != nil {
gemalto := kesConfiguration.Keys.Gemalto
gemaltoConfig := &models.GemaltoConfigurationResponse{
Keysecure: &models.GemaltoConfigurationResponseKeysecure{},
}
if gemalto.KeySecure != nil {
gemaltoConfig.Keysecure.Endpoint = &gemalto.KeySecure.Endpoint
if gemalto.KeySecure.Credentials != nil {
gemaltoConfig.Keysecure.Credentials = &models.GemaltoConfigurationResponseKeysecureCredentials{
Domain: &gemalto.KeySecure.Credentials.Domain,
Retry: int64(gemalto.KeySecure.Credentials.Retry.Seconds()),
Token: &gemalto.KeySecure.Credentials.Token,
}
}
if gemalto.KeySecure.TLS != nil {
if tenant.KESClientCert() {
gemaltoConfig.Keysecure.TLS = &models.GemaltoConfigurationResponseKeysecureTLS{}
clientSecretName := tenant.Spec.KES.ClientCertSecret.Name
keyPair, err := clientSet.getSecret(ctx, namespace, clientSecretName, metav1.GetOptions{})
if err != nil {
return nil, err
}
// Extract client ca certificate
if rawCert, ok := keyPair.Data["ca.crt"]; ok {
gemaltoConfig.Keysecure.TLS.Ca, err = parseCertificate(clientSecretName, rawCert)
if err != nil {
return nil, err
}
}
}
}
}
encryptConfig.Gemalto = gemaltoConfig
}
if kesConfiguration.Keys.Azure != nil {
azureJSON, err := json.Marshal(kesConfiguration.Keys.Azure)
if err != nil {
return nil, err
}
azureConfig := &models.AzureConfiguration{}
err = json.Unmarshal(azureJSON, azureConfig)
if err != nil {
return nil, err
}
encryptConfig.Azure = azureConfig
}
}
}
return encryptConfig, nil
}
return nil, errors.New("encryption configuration not found")
}
// getTenantEncryptionResponse is a wrapper for tenantEncryptionInfo
func getTenantEncryptionInfoResponse(session *models.Principal, params operator_api.TenantEncryptionInfoParams) (*models.EncryptionConfigurationResponse, *models.Error) {
ctx := context.Background()
// get Kubernetes Client
clientSet, err := cluster.K8sClient(session.STSSessionToken)
if err != nil {
return nil, prepareError(err, errorEncryptionConfigNotFound)
}
k8sClient := k8sClient{
client: clientSet,
}
opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
if err != nil {
return nil, prepareError(err, errorEncryptionConfigNotFound)
}
opClient := operatorClient{
client: opClientClientSet,
}
configuration, err := tenantEncryptionInfo(ctx, &opClient, &k8sClient, params.Namespace, params)
if err != nil {
return nil, prepareError(err, errorEncryptionConfigNotFound)
}
return configuration, nil
}
// getKESConfiguration will generate the KES server certificate secrets, the tenant client secrets for mTLS authentication between MinIO and KES and the
// kes-configuration.yaml file used by the KES service (how to connect to the external KMS, eg: Vault, AWS, Gemalto, etc)
func getKESConfiguration(ctx context.Context, clientSet K8sClientI, ns string, encryptionCfg *models.EncryptionConfiguration, secretName, tenantName string) (kesConfiguration *miniov2.KESConfig, err error) {
@@ -410,6 +689,10 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
mTLSCertificates := map[string][]byte{}
// if encryption is enabled and encryption is configured to use Vault
if encryptionCfg.Vault != nil {
ping := 10 // default ping
if encryptionCfg.Vault.Status != nil {
ping = int(encryptionCfg.Vault.Status.Ping)
}
// Initialize Vault Config
kesConfig.Keys.Vault = &kes.Vault{
Endpoint: *encryptionCfg.Vault.Endpoint,
@@ -417,16 +700,17 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
Namespace: encryptionCfg.Vault.Namespace,
Prefix: encryptionCfg.Vault.Prefix,
Status: &kes.VaultStatus{
Ping: 10 * time.Second,
Ping: time.Duration(ping) * time.Second,
},
}
// Vault AppRole credentials
if encryptionCfg.Vault.Approle != nil {
retry := encryptionCfg.Vault.Approle.Retry
kesConfig.Keys.Vault.AppRole = &kes.AppRole{
EnginePath: encryptionCfg.Vault.Approle.Engine,
ID: *encryptionCfg.Vault.Approle.ID,
Secret: *encryptionCfg.Vault.Approle.Secret,
Retry: 15 * time.Second,
Retry: time.Duration(retry) * time.Second,
}
} else {
return nil, nil, errors.New("approle credentials missing for kes")

140
pkg/kes/kes.go
View File

@@ -32,87 +32,87 @@ type TLSProxyHeader struct {
}
type TLSProxy struct {
Identities *[]Identity `yaml:"identities,omitempty"`
Header *TLSProxyHeader `yaml:"header,omitempty"`
Identities *[]Identity `yaml:"identities,omitempty" json:"identities,omitempty"`
Header *TLSProxyHeader `yaml:"header,omitempty" json:"header,omitempty"`
}
type TLS struct {
KeyPath string `yaml:"key,omitempty"`
CertPath string `yaml:"cert,omitempty"`
Proxy *TLSProxy `yaml:"proxy,omitempty"`
KeyPath string `yaml:"key,omitempty" json:"key,omitempty"`
CertPath string `yaml:"cert,omitempty" json:"cert,omitempty"`
Proxy *TLSProxy `yaml:"proxy,omitempty" json:"proxy,omitempty"`
}
type Policy struct {
Paths []string `yaml:"paths,omitempty"`
Identities []Identity `yaml:"identities,omitempty"`
Paths []string `yaml:"paths,omitempty" json:"paths,omitempty"`
Identities []Identity `yaml:"identities,omitempty" json:"identities,omitempty"`
}
type Expiry struct {
Any time.Duration `yaml:"any,omitempty"`
Unused time.Duration `yaml:"unused,omitempty"`
Any time.Duration `yaml:"any,omitempty" json:"any,omitempty"`
Unused time.Duration `yaml:"unused,omitempty" json:"unused,omitempty"`
}
type Cache struct {
Expiry *Expiry `yaml:"expiry,omitempty"`
Expiry *Expiry `yaml:"expiry,omitempty" json:"expiry,omitempty"`
}
type Log struct {
Error string `yaml:"error,omitempty"`
Audit string `yaml:"audit,omitempty"`
Error string `yaml:"error,omitempty" json:"error,omitempty"`
Audit string `yaml:"audit,omitempty" json:"audit,omitempty"`
}
type Fs struct {
Path string `yaml:"path,omitempty"`
Path string `yaml:"path,omitempty" json:"path,omitempty"`
}
type AppRole struct {
EnginePath string `yaml:"engine,omitempty"`
ID string `yaml:"id,omitempty"`
Secret string `yaml:"secret,omitempty"`
Retry time.Duration `yaml:"retry,omitempty"`
EnginePath string `yaml:"engine,omitempty" json:"engine,omitempty"`
ID string `yaml:"id,omitempty" json:"id,omitempty"`
Secret string `yaml:"secret,omitempty" json:"secret,omitempty"`
Retry time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"`
}
type VaultTLS struct {
KeyPath string `yaml:"key,omitempty"`
CertPath string `yaml:"cert,omitempty"`
CAPath string `yaml:"ca,omitempty"`
KeyPath string `yaml:"key,omitempty" json:"key,omitempty"`
CertPath string `yaml:"cert,omitempty" json:"cert,omitempty"`
CAPath string `yaml:"ca,omitempty" json:"ca,omitempty"`
}
type VaultStatus struct {
Ping time.Duration `yaml:"ping,omitempty"`
Ping time.Duration `yaml:"ping,omitempty" json:"ping,omitempty"`
}
type Vault struct {
Endpoint string `yaml:"endpoint,omitempty"`
EnginePath string `yaml:"engine,omitempty"`
Namespace string `yaml:"namespace,omitempty"`
Prefix string `yaml:"prefix,omitempty"`
AppRole *AppRole `yaml:"approle,omitempty"`
TLS *VaultTLS `yaml:"tls,omitempty"`
Status *VaultStatus `yaml:"status,omitempty"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
EnginePath string `yaml:"engine,omitempty" json:"engine,omitempty"`
Namespace string `yaml:"namespace,omitempty" json:"namespace,omitempty"`
Prefix string `yaml:"prefix,omitempty" json:"prefix,omitempty"`
AppRole *AppRole `yaml:"approle,omitempty" json:"approle,omitempty"`
TLS *VaultTLS `yaml:"tls,omitempty" json:"tls,omitempty"`
Status *VaultStatus `yaml:"status,omitempty" json:"status,omitempty"`
}
type AwsSecretManagerLogin struct {
AccessKey string `yaml:"accesskey"`
SecretKey string `yaml:"secretkey"`
SessionToken string `yaml:"token"`
AccessKey string `yaml:"accesskey" json:"accesskey"`
SecretKey string `yaml:"secretkey" json:"secretkey"`
SessionToken string `yaml:"token" json:"token"`
}
type AwsSecretManager struct {
Endpoint string `yaml:"endpoint,omitempty"`
Region string `yaml:"region,omitempty"`
KmsKey string ` yaml:"kmskey,omitempty"`
Login *AwsSecretManagerLogin `yaml:"credentials,omitempty"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
Region string `yaml:"region,omitempty" json:"region,omitempty"`
KmsKey string `yaml:"kmskey,omitempty" json:"kmskey,omitempty"`
Login *AwsSecretManagerLogin `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}
type Aws struct {
SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty"`
SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty" json:"secretsmanager,omitempty"`
}
type GemaltoCredentials struct {
Token string `yaml:"token,omitempty"`
Domain string `yaml:"domain,omitempty"`
Retry time.Duration `yaml:"retry,omitempty"`
Token string `yaml:"token,omitempty" json:"token,omitempty"`
Domain string `yaml:"domain,omitempty" json:"domain,omitempty"`
Retry time.Duration `yaml:"retry,omitempty" json:"retry,omitempty"`
}
type GemaltoTLS struct {
@@ -120,64 +120,64 @@ type GemaltoTLS struct {
}
type GemaltoKeySecure struct {
Endpoint string `yaml:"endpoint,omitempty"`
Credentials *GemaltoCredentials `yaml:"credentials,omitempty"`
TLS *GemaltoTLS `yaml:"tls,omitempty"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
Credentials *GemaltoCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
TLS *GemaltoTLS `yaml:"tls,omitempty" json:"tls,omitempty"`
}
type Gemalto struct {
KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty"`
KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty" json:"keysecure,omitempty"`
}
type GcpCredentials struct {
ClientEmail string `yaml:"client_email"`
ClientID string `yaml:"client_id"`
PrivateKeyID string `yaml:"private_key_id"`
PrivateKey string `yaml:"private_key"`
ClientEmail string `yaml:"client_email" json:"client_email"`
ClientID string `yaml:"client_id" json:"client_id"`
PrivateKeyID string `yaml:"private_key_id" json:"private_key_id"`
PrivateKey string `yaml:"private_key" json:"private_key"`
}
type GcpSecretManager struct {
ProjectID string `yaml:"project_id"`
Endpoint string `yaml:"endpoint,omitempty"`
Credentials *GcpCredentials `yaml:"credentials,omitempty"`
ProjectID string `yaml:"project_id" json:"project_id"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
Credentials *GcpCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}
type Gcp struct {
SecretManager *GcpSecretManager `yaml:"secretmanager,omitempty"`
SecretManager *GcpSecretManager `yaml:"secretmanager,omitempty" json:"secretmanager,omitempty"`
}
type AzureCredentials struct {
TenantID string `yaml:"tenant_id"`
ClientID string `yaml:"client_id"`
ClientSecret string `yaml:"client_secret"`
TenantID string `yaml:"tenant_id" json:"tenant_id"`
ClientID string `yaml:"client_id" json:"client_id"`
ClientSecret string `yaml:"client_secret" json:"client_secret"`
}
type AzureKeyVault struct {
Endpoint string `yaml:"endpoint,omitempty"`
Credentials *AzureCredentials `yaml:"credentials,omitempty"`
Endpoint string `yaml:"endpoint,omitempty" json:"endpoint,omitempty"`
Credentials *AzureCredentials `yaml:"credentials,omitempty" json:"credentials,omitempty"`
}
type Azure struct {
KeyVault *AzureKeyVault `yaml:"keyvault,omitempty"`
KeyVault *AzureKeyVault `yaml:"keyvault,omitempty" json:"keyvault,omitempty"`
}
type Keys struct {
Fs *Fs `yaml:"fs,omitempty"`
Vault *Vault `yaml:"vault,omitempty"`
Aws *Aws `yaml:"aws,omitempty"`
Gemalto *Gemalto `yaml:"gemalto,omitempty"`
Gcp *Gcp `yaml:"gcp,omitempty"`
Azure *Azure `yaml:"azure,omitempty"`
Fs *Fs `yaml:"fs,omitempty" json:"fs,omitempty"`
Vault *Vault `yaml:"vault,omitempty" json:"vault,omitempty"`
Aws *Aws `yaml:"aws,omitempty" json:"aws,omitempty"`
Gemalto *Gemalto `yaml:"gemalto,omitempty" json:"gemalto,omitempty"`
Gcp *Gcp `yaml:"gcp,omitempty" json:"gcp,omitempty"`
Azure *Azure `yaml:"azure,omitempty" json:"azure,omitempty"`
}
type ServerConfig struct {
Addr string `yaml:"address,omitempty"`
Root Identity `yaml:"root,omitempty"`
TLS TLS `yaml:"tls,omitempty"`
Policies map[string]Policy `yaml:"policy,omitempty"`
Cache Cache `yaml:"cache,omitempty"`
Log Log `yaml:"log,omitempty"`
Keys Keys `yaml:"keys,omitempty"`
Addr string `yaml:"address,omitempty" json:"address,omitempty"`
Root Identity `yaml:"root,omitempty" json:"root,omitempty"`
TLS TLS `yaml:"tls,omitempty" json:"tls,omitempty"`
Policies map[string]Policy `yaml:"policy,omitempty" json:"policy,omitempty"`
Cache Cache `yaml:"cache,omitempty" json:"cache,omitempty"`
Log Log `yaml:"log,omitempty" json:"log,omitempty"`
Keys Keys `yaml:"keys,omitempty" json:"keys,omitempty"`
}
func ParseCertificate(cert []byte) (*x509.Certificate, error) {

2
portal-ui/src/common/SecureComponent/permissions.ts
View File

@@ -185,6 +185,8 @@ export const IAM_PAGES = {
"/namespaces/:tenantNamespace/tenants/:tenantName/license",
NAMESPACE_TENANT_SECURITY:
"/namespaces/:tenantNamespace/tenants/:tenantName/security",
NAMESPACE_TENANT_ENCRYPTION:
"/namespaces/:tenantNamespace/tenants/:tenantName/encryption",
NAMESPACE_TENANT_MONITORING:
"/namespaces/:tenantNamespace/tenants/:tenantName/monitoring",
NAMESPACE_TENANT_LOGGING:

38
portal-ui/src/common/types.ts
View File

@@ -178,6 +178,38 @@ export interface IEncryptionConfiguration {
gemalto?: IGemaltoConfig;
aws?: IAWSConfig;
vault?: IVaultConfig;
azure?: IAzureConfig;
gcp?: IGCPConfig;
}
export interface IGCPCredentials {
client_email: string;
client_id: string;
private_key_id: string;
private_key: string;
}
export interface IGCPSecretManager {
project_id: string;
endpoint?: string;
credentials?: IGCPCredentials;
}
export interface IGCPConfig {
secretmanager: IGCPSecretManager;
}
export interface IAzureCredentials {
tenant_id: string;
client_id: string;
client_secret: string;
}
export interface IAzureKeyVault {
endpoint: string;
credentials?: IAzureCredentials;
}
export interface IAzureConfig {
keyvault: IAzureKeyVault;
}
export interface IVaultConfig {
@@ -218,16 +250,16 @@ export interface IVaultStatusConfig {
export interface IKeysecureConfig {
endpoint: string;
credentials: IGemaltoCredentials;
tls: IGemaltoTLS;
tls: IGemaltoTLSConfig;
}
export interface IGemaltoCredentials {
token: string;
domain: string;
retry?: number;
retry?: string;
}
export interface IGemaltoTLS {
export interface IGemaltoTLSConfig {
ca: string;
}

5
portal-ui/src/screens/Console/Console.tsx
View File

@@ -446,6 +446,11 @@ const Console = ({
path: IAM_PAGES.NAMESPACE_TENANT_SECURITY,
forceDisplay: true,
},
{
component: TenantDetails,
path: IAM_PAGES.NAMESPACE_TENANT_ENCRYPTION,
forceDisplay: true,
},
{
component: TenantDetails,
path: IAM_PAGES.NAMESPACE_TENANT_MONITORING,

2
portal-ui/src/screens/Console/Tenants/AddTenant/AddTenant.tsx
View File

@@ -515,7 +515,7 @@ const AddTenant = ({
};
}
let vaultTLS = null;
if (vaultKeyPair || vaultCA) {
if (vaultKeyPair || vaultCAInsert) {
vaultTLS = {
tls: {
...vaultKeyPair,

181
portal-ui/src/screens/Console/Tenants/AddTenant/Steps/Encryption.tsx
View File

@@ -482,97 +482,6 @@ const Encryption = ({
</Grid>
{encryptionType === "vault" && (
<Fragment>
<Grid item xs={12}>
<FormSwitchWrapper
value="enableCustomCertsForKES"
id="enableCustomCertsForKES"
name="enableCustomCertsForKES"
checked={enableCustomCertsForKES || !enableAutoCert}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
updateField("enableCustomCertsForKES", checked);
}}
label={"Custom Certificates"}
disabled={!enableAutoCert}
/>
</Grid>
{(enableCustomCertsForKES || !enableAutoCert) && (
<Fragment>
<Grid container>
<Grid item xs={12} style={{ marginBottom: 15 }}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Encryption Service Certificates
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileServerCert("key", fileName, encodedValue);
cleanValidation("serverKey");
}}
accept=".key,.pem"
id="serverKey"
name="serverKey"
label="Key"
error={validationErrors["serverKey"] || ""}
value={serverCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileServerCert("cert", fileName, encodedValue);
cleanValidation("serverCert");
}}
accept=".cer,.crt,.cert,.pem"
id="serverCert"
name="serverCert"
label="Cert"
error={validationErrors["serverCert"] || ""}
value={serverCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
</Grid>
</Grid>
<Grid container style={{ marginBottom: 15 }}>
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileClientCert("key", fileName, encodedValue);
cleanValidation("clientKey");
}}
accept=".key,.pem"
id="clientKey"
name="clientKey"
label="Key"
error={validationErrors["clientKey"] || ""}
value={clientCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileClientCert("cert", fileName, encodedValue);
cleanValidation("clientCert");
}}
accept=".cer,.crt,.cert,.pem"
id="clientCert"
name="clientCert"
label="Cert"
error={validationErrors["clientCert"] || ""}
value={clientCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
</Grid>
</Grid>
</Fragment>
)}
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="vault_endpoint"
@@ -1078,6 +987,96 @@ const Encryption = ({
<div className={classes.headerElement}>
<h4 className={classes.h3Section}>Additional Configurations</h4>
</div>
<Grid item xs={12}>
<FormSwitchWrapper
value="enableCustomCertsForKES"
id="enableCustomCertsForKES"
name="enableCustomCertsForKES"
checked={enableCustomCertsForKES || !enableAutoCert}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
updateField("enableCustomCertsForKES", checked);
}}
label={"Custom Certificates"}
disabled={!enableAutoCert}
/>
</Grid>
{(enableCustomCertsForKES || !enableAutoCert) && (
<Fragment>
<Grid container>
<Grid item xs={12} style={{ marginBottom: 15 }}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Encryption Service Certificates
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileServerCert("key", fileName, encodedValue);
cleanValidation("serverKey");
}}
accept=".key,.pem"
id="serverKey"
name="serverKey"
label="Key"
error={validationErrors["serverKey"] || ""}
value={serverCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileServerCert("cert", fileName, encodedValue);
cleanValidation("serverCert");
}}
accept=".cer,.crt,.cert,.pem"
id="serverCert"
name="serverCert"
label="Cert"
error={validationErrors["serverCert"] || ""}
value={serverCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
</Grid>
</Grid>
<Grid container style={{ marginBottom: 15 }}>
<Grid item xs={12}>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication with MinIO
</legend>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileClientCert("key", fileName, encodedValue);
cleanValidation("clientKey");
}}
accept=".key,.pem"
id="clientKey"
name="clientKey"
label="Key"
error={validationErrors["clientKey"] || ""}
value={clientCertificate.key}
required={!enableAutoCert}
/>
<FileSelector
onChange={(encodedValue, fileName) => {
addFileClientCert("cert", fileName, encodedValue);
cleanValidation("clientCert");
}}
accept=".cer,.crt,.cert,.pem"
id="clientCert"
name="clientCert"
label="Cert"
error={validationErrors["clientCert"] || ""}
value={clientCertificate.cert}
required={!enableAutoCert}
/>
</fieldset>
</Grid>
</Grid>
</Fragment>
)}
<Grid item xs={12}>
<Grid item xs={12} classes={classes.formFieldRow}>
<InputBoxWrapper

33
portal-ui/src/screens/Console/Tenants/ListTenants/types.ts
View File

@@ -16,7 +16,11 @@
import { SubnetInfo } from "../../License/types";
import { IAffinityModel } from "../../../../common/types";
import { NodeMaxAllocatableResources } from "../types";
import {
ICertificateInfo,
ISecurityContext,
NodeMaxAllocatableResources,
} from "../types";
export interface IEvent {
namespace: string;
@@ -84,6 +88,33 @@ export interface ITenantStatus {
usage?: ITenantStatusUsage;
}
export interface ITenantEncryptionResponse {
image: string;
replicas: string;
securityContext: ISecurityContext;
server: ICertificateInfo[];
client: ICertificateInfo[];
/*
gemalto:
type: object
$ref: "#/definitions/gemaltoConfiguration"
aws:
type: object
$ref: "#/definitions/awsConfiguration"
vault:
type: object
$ref: "#/definitions/vaultConfiguration"
gcp:
type: object
$ref: "#/definitions/gcpConfiguration"
azure:
type: object
$ref: "#/definitions/azureConfiguration"
securityContext:
type: object
$ref: "#/definitions/securityContext"*/
}
export interface ITenant {
total_size: number;
name: string;

52
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantDetails.tsx
View File

@@ -50,6 +50,7 @@ import BackLink from "../../../../common/BackLink";
import VerticalTabs from "../../Common/VerticalTabs/VerticalTabs";
import BoxIconButton from "../../Common/BoxIconButton/BoxIconButton";
import withSuspense from "../../Common/Components/withSuspense";
import { IAM_PAGES } from "../../../../common/SecureComponent/permissions";
const TenantYAML = withSuspense(React.lazy(() => import("./TenantYAML")));
const TenantSummary = withSuspense(React.lazy(() => import("./TenantSummary")));
@@ -69,6 +70,9 @@ const TenantVolumes = withSuspense(
const TenantSecurity = withSuspense(
React.lazy(() => import("./TenantSecurity"))
);
const TenantEncryption = withSuspense(
React.lazy(() => import("./TenantEncryption"))
);
const DeleteTenant = withSuspense(
React.lazy(() => import("../ListTenants/DeleteTenant"))
);
@@ -301,10 +305,10 @@ const TenantDetails = ({
return health_status === "red"
? classes.redState
: health_status === "yellow"
? classes.yellowState
: health_status === "green"
? classes.greenState
: classes.greyState;
? classes.yellowState
: health_status === "green"
? classes.greenState
: classes.greyState;
};
return (
@@ -420,59 +424,63 @@ const TenantDetails = ({
<Router history={history}>
<Switch>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/summary"
path={IAM_PAGES.NAMESPACE_TENANT_SUMMARY}
component={TenantSummary}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/metrics"
path={IAM_PAGES.NAMESPACE_TENANT_METRICS}
component={TenantMetrics}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/trace"
path={IAM_PAGES.NAMESPACE_TENANT_TRACE}
component={TenantTrace}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/security"
path={IAM_PAGES.NAMESPACE_TENANT_SECURITY}
component={TenantSecurity}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/pools"
path={IAM_PAGES.NAMESPACE_TENANT_ENCRYPTION}
component={TenantEncryption}
/>
<Route
path={IAM_PAGES.NAMESPACE_TENANT_POOLS}
component={PoolsSummary}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/pods/:podName"
path={IAM_PAGES.NAMESPACE_TENANT_PODS}
component={PodDetails}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/pods"
path={IAM_PAGES.NAMESPACE_TENANT_PODS_LIST}
component={PodsSummary}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/pvcs/:PVCName"
path={IAM_PAGES.NAMESPACE_TENANT_PVCS}
component={TenantVolumes}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/volumes"
path={IAM_PAGES.NAMESPACE_TENANT_VOLUMES}
component={VolumesSummary}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/license"
path={IAM_PAGES.NAMESPACE_TENANT_LICENSE}
component={TenantLicense}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/monitoring"
path={IAM_PAGES.NAMESPACE_TENANT_MONITORING}
component={TenantMonitoring}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/logging"
path={IAM_PAGES.NAMESPACE_TENANT_LOGGING}
component={TenantLogging}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName/events"
path={IAM_PAGES.NAMESPACE_TENANT_EVENTS}
component={TenantEvents}
/>
<Route
path="/namespaces/:tenantNamespace/tenants/:tenantName"
path={IAM_PAGES.NAMESPACE_TENANT}
component={() => (
<Redirect
to={`/namespaces/${tenantNamespace}/tenants/${tenantName}/summary`}
@@ -508,6 +516,14 @@ const TenantDetails = ({
to: getRoutePath("security"),
},
}}
{{
tabConfig: {
label: "Encryption",
value: "encryption",
component: Link,
to: getRoutePath("encryption"),
},
}}
{{
tabConfig: {
label: "Pools",

2068
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx Normal file
View File

File diff suppressed because it is too large Load Diff

60
portal-ui/src/screens/Console/Tenants/types.ts
View File

@@ -14,7 +14,13 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
import { IErasureCodeCalc } from "../../../common/types";
import {
IAWSConfig,
IAzureConfig,
IErasureCodeCalc,
IGCPConfig,
IGemaltoCredentials,
} from "../../../common/types";
import { IResourcesSize, ITenant } from "./ListTenants/types";
import { KeyPair, Opts } from "./ListTenants/utils";
import { IntegrationConfiguration } from "./AddTenant/Steps/TenantResources/utils";
@@ -87,6 +93,58 @@ export interface ITenantSecurityResponse {
customCertificates: ICustomCertificates;
}
export interface IVaultTLS {
crt: ICertificateInfo;
ca: ICertificateInfo;
}
export interface IVaultAppRole {
engine: string;
id: string;
secret: string;
retry: string;
}
export interface IVaultStatus {
ping: string;
}
export interface IVaultConfiguration {
endpoint: string;
engine: string;
namespace: string;
prefix: string;
approle: IVaultAppRole;
status: IVaultStatus;
tls: IVaultTLS;
}
export interface IGemaltoTLS {
ca: ICertificateInfo;
}
export interface IKeysecureConfiguration {
endpoint: string;
credentials: IGemaltoCredentials;
tls: IGemaltoTLS;
}
export interface IGemaltoConfiguration {
keysecure: IKeysecureConfiguration;
}
export interface ITenantEncryptionResponse {
image: string;
replicas: string;
securityContext: ISecurityContext;
server: ICertificateInfo;
mtls_client: ICertificateInfo;
vault?: IVaultConfiguration;
aws?: IAWSConfig;
gemalto?: IGemaltoConfiguration;
gcp?: IGCPConfig;
azure?: IAzureConfig;
}
export interface ICreateTenant {
page: number;
validPages: string[];

2
portal-ui/src/utils/validationFunctions.ts
View File

@@ -31,6 +31,7 @@ export const commonFormValidation = (fieldsValidate: IValidation[]) => {
if (
field.required &&
typeof field.value !== "undefined" &&
field.value.trim &&
field.value.trim() === ""
) {
returnErrors[field.fieldKey] = "Field cannot be empty";
@@ -40,6 +41,7 @@ export const commonFormValidation = (fieldsValidate: IValidation[]) => {
if (
!field.required &&
typeof field.value !== "undefined" &&
field.value.trim &&
field.value.trim() === ""
) {
return;

163
swagger-operator.yml
View File

@@ -844,6 +844,27 @@ paths:
- OperatorAPI
/namespaces/{namespace}/tenants/{tenant}/encryption:
delete:
summary: Tenant Delete Encryption
operationId: TenantDeleteEncryption
parameters:
- name: namespace
in: path
required: true
type: string
- name: tenant
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- OperatorAPI
put:
summary: Tenant Update Encryption
operationId: TenantUpdateEncryption
@@ -871,6 +892,30 @@ paths:
tags:
- OperatorAPI
get:
summary: Tenant Encryption Info
operationId: TenantEncryptionInfo
parameters:
- name: namespace
in: path
required: true
type: string
- name: tenant
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/encryptionConfigurationResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- OperatorAPI
/namespaces/{namespace}/tenants/{tenant}/yaml:
get:
summary: Get the Tenant YAML
@@ -1622,6 +1667,10 @@ definitions:
type: string
replicas:
type: string
secretsToBeDeleted:
type: array
items:
type: string
server:
type: object
$ref: "#/definitions/keyPairConfiguration"
@@ -1647,6 +1696,40 @@ definitions:
type: object
$ref: "#/definitions/securityContext"
encryptionConfigurationResponse:
allOf:
- $ref: "#/definitions/metadataFields"
- type: object
properties:
image:
type: string
replicas:
type: string
server:
type: object
$ref: "#/definitions/certificateInfo"
mtls_client:
type: object
$ref: "#/definitions/certificateInfo"
gemalto:
type: object
$ref: "#/definitions/gemaltoConfigurationResponse"
aws:
type: object
$ref: "#/definitions/awsConfiguration"
vault:
type: object
$ref: "#/definitions/vaultConfigurationResponse"
gcp:
type: object
$ref: "#/definitions/gcpConfiguration"
azure:
type: object
$ref: "#/definitions/azureConfiguration"
securityContext:
type: object
$ref: "#/definitions/securityContext"
vaultConfiguration:
type: object
required:
@@ -1692,6 +1775,51 @@ definitions:
ca:
type: string
vaultConfigurationResponse:
type: object
required:
- endpoint
- approle
properties:
endpoint:
type: string
engine:
type: string
namespace:
type: string
prefix:
type: string
approle:
type: object
required:
- id
- secret
properties:
engine:
type: string
id:
type: string
secret:
type: string
retry:
type: integer
format: int64
status:
type: object
properties:
ping:
type: integer
format: int64
tls:
type: object
properties:
crt:
type: object
$ref: "#/definitions/certificateInfo"
ca:
type: object
$ref: "#/definitions/certificateInfo"
awsConfiguration:
type: object
required:
@@ -1757,6 +1885,41 @@ definitions:
ca:
type: string
gemaltoConfigurationResponse:
type: object
required:
- keysecure
properties:
keysecure:
type: object
required:
- endpoint
- credentials
properties:
endpoint:
type: string
credentials:
type: object
required:
- token
- domain
properties:
token:
type: string
domain:
type: string
retry:
type: integer
format: int64
tls:
type: object
required:
- ca
properties:
ca:
type: object
$ref: "#/definitions/certificateInfo"
gcpConfiguration:
type: object
required: