Remove Operator mode references in Console mode (#884)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
2021-07-22 11:17:26 -07:00
parent b79c228890
commit 73fe08cd81
23 changed files with 248 additions and 142 deletions
--- a/operatorapi/consts.go
+++ b/operatorapi/consts.go
@@ -19,14 +19,13 @@ package operatorapi
 // list of all console environment constants
 const (
 	// Constants for common configuration
-	ConsoleMinIOServer    = "CONSOLE_MINIO_SERVER"
-	ConsoleMinIORegion    = "CONSOLE_MINIO_REGION"
-	ConsoleProductionMode = "CONSOLE_PRODUCTION_MODE"
-	ConsoleHostname       = "CONSOLE_HOSTNAME"
-	ConsolePort           = "CONSOLE_PORT"
-	ConsoleTLSHostname    = "CONSOLE_TLS_HOSTNAME"
-	ConsoleTLSPort        = "CONSOLE_TLS_PORT"
-	ConsoleSubnetLicense  = "CONSOLE_SUBNET_LICENSE"
+	ConsoleMinIOServer   = "CONSOLE_MINIO_SERVER"
+	ConsoleMinIORegion   = "CONSOLE_MINIO_REGION"
+	ConsoleHostname      = "CONSOLE_HOSTNAME"
+	ConsolePort          = "CONSOLE_PORT"
+	ConsoleTLSHostname   = "CONSOLE_TLS_HOSTNAME"
+	ConsoleTLSPort       = "CONSOLE_TLS_PORT"
+	ConsoleSubnetLicense = "CONSOLE_SUBNET_LICENSE"

 	// Constants for Secure middleware
 	ConsoleSecureAllowedHosts                    = "CONSOLE_SECURE_ALLOWED_HOSTS"
@@ -50,11 +49,6 @@ const (
 	ConsoleSecureExpectCTHeader                  = "CONSOLE_SECURE_EXPECT_CT_HEADER"
 	ConsoleOperatorSAToken                       = "CONSOLE_OPERATOR_SA_TOKEN"
 	ConsoleOperatorConsoleImage                  = "CONSOLE_OPERATOR_CONSOLE_IMAGE"
-	PrometheusURL                                = "CONSOLE_PROMETHEUS_URL"
-	PrometheusJobID                              = "CONSOLE_PROMETHEUS_JOB_ID"
-	ConsoleLogQueryURL                           = "CONSOLE_LOG_QUERY_URL"
-	ConsoleLogQueryAuthToken                     = "CONSOLE_LOG_QUERY_AUTH_TOKEN"
-	LogSearchQueryAuthToken                      = "LOGSEARCH_QUERY_AUTH_TOKEN"

 	// Constants for prometheus annotations
 	prometheusPath   = "prometheus.io/path"
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
@@ -1183,7 +1183,7 @@ func init() {
          "200": {
            "description": "A successful response.",
            "schema": {
-              "$ref": "#/definitions/sessionResponse"
+              "$ref": "#/definitions/operatorSessionResponse"
            }
          },
          "default": {
@@ -3309,6 +3309,32 @@ func init() {
        "years"
      ]
    },
+    "operatorSessionResponse": {
+      "type": "object",
+      "properties": {
+        "features": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "operator": {
+          "type": "boolean"
+        },
+        "pages": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "status": {
+          "type": "string",
+          "enum": [
+            "ok"
+          ]
+        }
+      }
+    },
    "parityResponse": {
      "type": "array",
      "items": {
@@ -3987,32 +4013,6 @@ func init() {
        "type": "string"
      }
    },
-    "sessionResponse": {
-      "type": "object",
-      "properties": {
-        "features": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "operator": {
-          "type": "boolean"
-        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "status": {
-          "type": "string",
-          "enum": [
-            "ok"
-          ]
-        }
-      }
-    },
    "setBucketPolicyRequest": {
      "type": "object",
      "required": [
@@ -6056,7 +6056,7 @@ func init() {
          "200": {
            "description": "A successful response.",
            "schema": {
-              "$ref": "#/definitions/sessionResponse"
+              "$ref": "#/definitions/operatorSessionResponse"
            }
          },
          "default": {
@@ -8830,6 +8830,32 @@ func init() {
        "years"
      ]
    },
+    "operatorSessionResponse": {
+      "type": "object",
+      "properties": {
+        "features": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "operator": {
+          "type": "boolean"
+        },
+        "pages": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "status": {
+          "type": "string",
+          "enum": [
+            "ok"
+          ]
+        }
+      }
+    },
    "parityResponse": {
      "type": "array",
      "items": {
@@ -9417,32 +9443,6 @@ func init() {
        "type": "string"
      }
    },
-    "sessionResponse": {
-      "type": "object",
-      "properties": {
-        "features": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "operator": {
-          "type": "boolean"
-        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
-        "status": {
-          "type": "string",
-          "enum": [
-            "ok"
-          ]
-        }
-      }
-    },
    "setBucketPolicyRequest": {
      "type": "object",
      "required": [
--- a/operatorapi/operations/user_api/session_check_responses.go
+++ b/operatorapi/operations/user_api/session_check_responses.go
@@ -42,7 +42,7 @@ type SessionCheckOK struct {
 	/*
 	  In: Body
 	*/
-	Payload *models.SessionResponse `json:"body,omitempty"`
+	Payload *models.OperatorSessionResponse `json:"body,omitempty"`
 }

 // NewSessionCheckOK creates SessionCheckOK with default headers values
@@ -52,13 +52,13 @@ func NewSessionCheckOK() *SessionCheckOK {
 }

 // WithPayload adds the payload to the session check o k response
-func (o *SessionCheckOK) WithPayload(payload *models.SessionResponse) *SessionCheckOK {
+func (o *SessionCheckOK) WithPayload(payload *models.OperatorSessionResponse) *SessionCheckOK {
 	o.Payload = payload
 	return o
 }

 // SetPayload sets the payload to the session check o k response
-func (o *SessionCheckOK) SetPayload(payload *models.SessionResponse) {
+func (o *SessionCheckOK) SetPayload(payload *models.OperatorSessionResponse) {
 	o.Payload = payload
 }

--- a/operatorapi/operator_login.go
+++ b/operatorapi/operator_login.go
@@ -22,6 +22,8 @@ import (
 	"net/http"
 	"time"

+	"github.com/minio/minio-go/v7/pkg/credentials"
+
 	"github.com/minio/console/restapi"

 	iampolicy "github.com/minio/pkg/iam/policy"
@@ -114,7 +116,7 @@ func getAccountPolicy(ctx context.Context, client restapi.MinioAdmin) (*iampolic

 // getConsoleCredentials will return consoleCredentials interface including the associated policy of the current account
 func getConsoleCredentials(ctx context.Context, accessKey, secretKey string) (*restapi.ConsoleCredentials, error) {
-	creds, err := restapi.NewConsoleCredentials(accessKey, secretKey, restapi.GetMinIORegion())
+	creds, err := newConsoleCredentials(secretKey)
 	if err != nil {
 		return nil, err
 	}
@@ -180,7 +182,7 @@ func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.E
 func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
 	defer cancel()
-	loginStrategy := models.LoginDetailsLoginStrategyForm
+	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""

 	if oauth2.IsIdpEnabled() {
@@ -193,8 +195,6 @@ func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
 		// Validate user against IDP
 		identityProvider := &auth.IdentityProvider{Client: oauth2Client}
 		redirectURL = identityProvider.GenerateLoginURL()
-	} else if acl.GetOperatorMode() {
-		loginStrategy = models.LoginDetailsLoginStrategyServiceDashAccount
 	}

 	loginDetails := &models.LoginDetails{
@@ -206,12 +206,12 @@ func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {

 func getLoginOauth2AuthResponse() (*models.LoginResponse, *models.Error) {

-	creds, err := restapi.NewConsoleCredentials("", getK8sSAToken(), "")
+	creds, err := newConsoleCredentials(getK8sSAToken())
 	if err != nil {
 		return nil, prepareError(err)
 	}
-	credentials := restapi.ConsoleCredentials{ConsoleCredentials: creds, Actions: []string{}}
-	token, err := login(credentials)
+	consoleCredentials := restapi.ConsoleCredentials{ConsoleCredentials: creds, Actions: []string{}}
+	token, err := login(consoleCredentials)
 	if err != nil {
 		return nil, prepareError(errInvalidCredentials, nil, err)
 	}
@@ -222,9 +222,17 @@ func getLoginOauth2AuthResponse() (*models.LoginResponse, *models.Error) {
 	return loginResponse, nil
 }

+func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
+	creds, err := auth.GetConsoleCredentialsForOperator(secretKey)
+	if err != nil {
+		return nil, err
+	}
+	return creds, nil
+}
+
 // getLoginOperatorResponse validate the provided service account token against k8s api
 func getLoginOperatorResponse(lmr *models.LoginOperatorRequest) (*models.LoginResponse, *models.Error) {
-	creds, err := restapi.NewConsoleCredentials("", *lmr.Jwt, "")
+	creds, err := newConsoleCredentials(*lmr.Jwt)
 	if err != nil {
 		return nil, prepareError(err)
 	}
--- a/operatorapi/operator_session.go
+++ b/operatorapi/operator_session.go
@@ -36,16 +36,16 @@ func registerSessionHandlers(api *operations.OperatorAPI) {
 }

 // getSessionResponse parse the token of the current session and returns a list of allowed actions to render in the UI
-func getSessionResponse(session *models.Principal) (*models.SessionResponse, *models.Error) {
+func getSessionResponse(session *models.Principal) (*models.OperatorSessionResponse, *models.Error) {
 	// serialize output
 	if session == nil {
 		return nil, prepareError(errorGenericInvalidSession)
 	}
-	sessionResp := &models.SessionResponse{
+	sessionResp := &models.OperatorSessionResponse{
 		Pages:    acl.GetAuthorizedEndpoints(session.Actions),
 		Features: getListOfEnabledFeatures(),
-		Status:   models.SessionResponseStatusOk,
-		Operator: acl.GetOperatorMode(),
+		Status:   models.OperatorSessionResponseStatusOk,
+		Operator: true,
 	}
 	return sessionResp, nil
 }
--- a/operatorapi/operator_subscription.go
+++ b/operatorapi/operator_subscription.go
@@ -108,7 +108,7 @@ func getOperatorSubscriptionActivateResponse(session *models.Principal, namespac
 		client: clientSet,
 	}
 	// Get cluster subscription license
-	license, err := getSubscriptionLicense(ctx, &k8sClient, cluster.Namespace, restapi.OperatorSubnetLicenseSecretName)
+	license, err := getSubscriptionLicense(ctx, &k8sClient, cluster.Namespace, OperatorSubnetLicenseSecretName)
 	if err != nil {
 		return prepareError(errInvalidCredentials, nil, err)
 	}
--- a/operatorapi/operator_tenants.go
+++ b/operatorapi/operator_tenants.go
@@ -1220,7 +1220,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		}
 		// If Subnet License is present in k8s secrets, copy that to the CONSOLE_SUBNET_LICENSE env variable
 		// of the console tenant
-		license, _ := getSubscriptionLicense(ctx, &k8sClient, cluster.Namespace, restapi.OperatorSubnetLicenseSecretName)
+		license, _ := getSubscriptionLicense(ctx, &k8sClient, cluster.Namespace, OperatorSubnetLicenseSecretName)
 		if license != "" {
 			consoleSecretData[restapi.ConsoleSubnetLicense] = []byte(license)
 		}