mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Identity Provider screen for TenantDetails (#1809)

Browse Source 
- fixing encryption page styles
- removing extra fields on gemalto configuration
- backend endpoints for tenant identity provider details
- force restart tenant pods when identity provider configuration change
- force restart tenant pods when tls certificates change
- existing tls secrets are not deleted from tenant namespace, just removed from the tenant

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This commit is contained in:
Lenin Alevski
2022-04-07 18:40:09 -07:00
committed by GitHub
parent 02a35fb8d1
commit 8540168133
21 changed files with 2267 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
models/idp_configuration.go
View File

@@ -237,7 +237,8 @@ type IdpConfigurationActiveDirectory struct {
GroupSearchFilter string `json:"group_search_filter,omitempty"` GroupSearchFilter string `json:"group_search_filter,omitempty"`
// lookup bind dn // lookup bind dn
LookupBindDn string `json:"lookup_bind_dn,omitempty"` // Required: true
LookupBindDn *string `json:"lookup_bind_dn"`
// lookup bind password // lookup bind password
LookupBindPassword string `json:"lookup_bind_password,omitempty"` LookupBindPassword string `json:"lookup_bind_password,omitempty"`
@@ -269,6 +270,10 @@ type IdpConfigurationActiveDirectory struct {
func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error { func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
var res []error var res []error
if err := m.validateLookupBindDn(formats); err != nil {
res = append(res, err)
}
if err := m.validateURL(formats); err != nil { if err := m.validateURL(formats); err != nil {
res = append(res, err) res = append(res, err)
} }
@@ -279,6 +284,15 @@ func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) erro
return nil return nil
} }
func (m *IdpConfigurationActiveDirectory) validateLookupBindDn(formats strfmt.Registry) error {
if err := validate.Required("active_directory"+"."+"lookup_bind_dn", "body", m.LookupBindDn); err != nil {
return err
}
return nil
}
func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error { func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil { if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {

163
operatorapi/embedded_spec.go
View File

@@ -803,6 +803,83 @@ func init() {
} }
} }
}, },
"/namespaces/{namespace}/tenants/{tenant}/identity-provider": {
"get": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Identity Provider",
"operationId": "TenantIdentityProvider",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/idpConfiguration"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
},
"post": {
"tags": [
"OperatorAPI"
],
"summary": "Update Tenant Identity Provider",
"operationId": "UpdateTenantIdentityProvider",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/idpConfiguration"
}
}
],
"responses": {
"204": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/namespaces/{namespace}/tenants/{tenant}/log": { "/namespaces/{namespace}/tenants/{tenant}/log": {
"get": { "get": {
"tags": [ "tags": [
@@ -2434,7 +2511,8 @@ func init() {
"active_directory": { "active_directory": {
"type": "object", "type": "object",
"required": [ "required": [
"url" "url",
"lookup_bind_dn"
], ],
"properties": { "properties": {
"group_search_base_dn": { "group_search_base_dn": {
@@ -4719,6 +4797,83 @@ func init() {
} }
} }
}, },
"/namespaces/{namespace}/tenants/{tenant}/identity-provider": {
"get": {
"tags": [
"OperatorAPI"
],
"summary": "Tenant Identity Provider",
"operationId": "TenantIdentityProvider",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/idpConfiguration"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
},
"post": {
"tags": [
"OperatorAPI"
],
"summary": "Update Tenant Identity Provider",
"operationId": "UpdateTenantIdentityProvider",
"parameters": [
{
"type": "string",
"name": "namespace",
"in": "path",
"required": true
},
{
"type": "string",
"name": "tenant",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/idpConfiguration"
}
}
],
"responses": {
"204": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/namespaces/{namespace}/tenants/{tenant}/log": { "/namespaces/{namespace}/tenants/{tenant}/log": {
"get": { "get": {
"tags": [ "tags": [
@@ -5971,7 +6126,8 @@ func init() {
"IdpConfigurationActiveDirectory": { "IdpConfigurationActiveDirectory": {
"type": "object", "type": "object",
"required": [ "required": [
"url" "url",
"lookup_bind_dn"
], ],
"properties": { "properties": {
"group_search_base_dn": { "group_search_base_dn": {
@@ -7192,7 +7348,8 @@ func init() {
"active_directory": { "active_directory": {
"type": "object", "type": "object",
"required": [ "required": [
"url" "url",
"lookup_bind_dn"
], ],
"properties": { "properties": {
"group_search_base_dn": { "group_search_base_dn": {

24
operatorapi/operations/operator_api.go
View File

@@ -189,6 +189,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
OperatorAPITenantEncryptionInfoHandler: operator_api.TenantEncryptionInfoHandlerFunc(func(params operator_api.TenantEncryptionInfoParams, principal *models.Principal) middleware.Responder { OperatorAPITenantEncryptionInfoHandler: operator_api.TenantEncryptionInfoHandlerFunc(func(params operator_api.TenantEncryptionInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantEncryptionInfo has not yet been implemented") return middleware.NotImplemented("operation operator_api.TenantEncryptionInfo has not yet been implemented")
}), }),
OperatorAPITenantIdentityProviderHandler: operator_api.TenantIdentityProviderHandlerFunc(func(params operator_api.TenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantIdentityProvider has not yet been implemented")
}),
OperatorAPITenantSecurityHandler: operator_api.TenantSecurityHandlerFunc(func(params operator_api.TenantSecurityParams, principal *models.Principal) middleware.Responder { OperatorAPITenantSecurityHandler: operator_api.TenantSecurityHandlerFunc(func(params operator_api.TenantSecurityParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.TenantSecurity has not yet been implemented") return middleware.NotImplemented("operation operator_api.TenantSecurity has not yet been implemented")
}), }),
@@ -204,6 +207,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
OperatorAPIUpdateTenantHandler: operator_api.UpdateTenantHandlerFunc(func(params operator_api.UpdateTenantParams, principal *models.Principal) middleware.Responder { OperatorAPIUpdateTenantHandler: operator_api.UpdateTenantHandlerFunc(func(params operator_api.UpdateTenantParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.UpdateTenant has not yet been implemented") return middleware.NotImplemented("operation operator_api.UpdateTenant has not yet been implemented")
}), }),
OperatorAPIUpdateTenantIdentityProviderHandler: operator_api.UpdateTenantIdentityProviderHandlerFunc(func(params operator_api.UpdateTenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.UpdateTenantIdentityProvider has not yet been implemented")
}),
OperatorAPIUpdateTenantSecurityHandler: operator_api.UpdateTenantSecurityHandlerFunc(func(params operator_api.UpdateTenantSecurityParams, principal *models.Principal) middleware.Responder { OperatorAPIUpdateTenantSecurityHandler: operator_api.UpdateTenantSecurityHandlerFunc(func(params operator_api.UpdateTenantSecurityParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation operator_api.UpdateTenantSecurity has not yet been implemented") return middleware.NotImplemented("operation operator_api.UpdateTenantSecurity has not yet been implemented")
}), }),
@@ -340,6 +346,8 @@ type OperatorAPI struct {
OperatorAPITenantDetailsHandler operator_api.TenantDetailsHandler OperatorAPITenantDetailsHandler operator_api.TenantDetailsHandler
// OperatorAPITenantEncryptionInfoHandler sets the operation handler for the tenant encryption info operation // OperatorAPITenantEncryptionInfoHandler sets the operation handler for the tenant encryption info operation
OperatorAPITenantEncryptionInfoHandler operator_api.TenantEncryptionInfoHandler OperatorAPITenantEncryptionInfoHandler operator_api.TenantEncryptionInfoHandler
// OperatorAPITenantIdentityProviderHandler sets the operation handler for the tenant identity provider operation
OperatorAPITenantIdentityProviderHandler operator_api.TenantIdentityProviderHandler
// OperatorAPITenantSecurityHandler sets the operation handler for the tenant security operation // OperatorAPITenantSecurityHandler sets the operation handler for the tenant security operation
OperatorAPITenantSecurityHandler operator_api.TenantSecurityHandler OperatorAPITenantSecurityHandler operator_api.TenantSecurityHandler
// OperatorAPITenantUpdateCertificateHandler sets the operation handler for the tenant update certificate operation // OperatorAPITenantUpdateCertificateHandler sets the operation handler for the tenant update certificate operation
@@ -350,6 +358,8 @@ type OperatorAPI struct {
OperatorAPITenantUpdatePoolsHandler operator_api.TenantUpdatePoolsHandler OperatorAPITenantUpdatePoolsHandler operator_api.TenantUpdatePoolsHandler
// OperatorAPIUpdateTenantHandler sets the operation handler for the update tenant operation // OperatorAPIUpdateTenantHandler sets the operation handler for the update tenant operation
OperatorAPIUpdateTenantHandler operator_api.UpdateTenantHandler OperatorAPIUpdateTenantHandler operator_api.UpdateTenantHandler
// OperatorAPIUpdateTenantIdentityProviderHandler sets the operation handler for the update tenant identity provider operation
OperatorAPIUpdateTenantIdentityProviderHandler operator_api.UpdateTenantIdentityProviderHandler
// OperatorAPIUpdateTenantSecurityHandler sets the operation handler for the update tenant security operation // OperatorAPIUpdateTenantSecurityHandler sets the operation handler for the update tenant security operation
OperatorAPIUpdateTenantSecurityHandler operator_api.UpdateTenantSecurityHandler OperatorAPIUpdateTenantSecurityHandler operator_api.UpdateTenantSecurityHandler
@@ -559,6 +569,9 @@ func (o *OperatorAPI) Validate() error {
if o.OperatorAPITenantEncryptionInfoHandler == nil { if o.OperatorAPITenantEncryptionInfoHandler == nil {
unregistered = append(unregistered, "operator_api.TenantEncryptionInfoHandler") unregistered = append(unregistered, "operator_api.TenantEncryptionInfoHandler")
} }
if o.OperatorAPITenantIdentityProviderHandler == nil {
unregistered = append(unregistered, "operator_api.TenantIdentityProviderHandler")
}
if o.OperatorAPITenantSecurityHandler == nil { if o.OperatorAPITenantSecurityHandler == nil {
unregistered = append(unregistered, "operator_api.TenantSecurityHandler") unregistered = append(unregistered, "operator_api.TenantSecurityHandler")
} }
@@ -574,6 +587,9 @@ func (o *OperatorAPI) Validate() error {
if o.OperatorAPIUpdateTenantHandler == nil { if o.OperatorAPIUpdateTenantHandler == nil {
unregistered = append(unregistered, "operator_api.UpdateTenantHandler") unregistered = append(unregistered, "operator_api.UpdateTenantHandler")
} }
if o.OperatorAPIUpdateTenantIdentityProviderHandler == nil {
unregistered = append(unregistered, "operator_api.UpdateTenantIdentityProviderHandler")
}
if o.OperatorAPIUpdateTenantSecurityHandler == nil { if o.OperatorAPIUpdateTenantSecurityHandler == nil {
unregistered = append(unregistered, "operator_api.UpdateTenantSecurityHandler") unregistered = append(unregistered, "operator_api.UpdateTenantSecurityHandler")
} }
@@ -846,6 +862,10 @@ func (o *OperatorAPI) initHandlerCache() {
if o.handlers["GET"] == nil { if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler) o.handlers["GET"] = make(map[string]http.Handler)
} }
o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/identity-provider"] = operator_api.NewTenantIdentityProvider(o.context, o.OperatorAPITenantIdentityProviderHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewTenantSecurity(o.context, o.OperatorAPITenantSecurityHandler) o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewTenantSecurity(o.context, o.OperatorAPITenantSecurityHandler)
if o.handlers["PUT"] == nil { if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler) o.handlers["PUT"] = make(map[string]http.Handler)
@@ -866,6 +886,10 @@ func (o *OperatorAPI) initHandlerCache() {
if o.handlers["POST"] == nil { if o.handlers["POST"] == nil {
o.handlers["POST"] = make(map[string]http.Handler) o.handlers["POST"] = make(map[string]http.Handler)
} }
o.handlers["POST"]["/namespaces/{namespace}/tenants/{tenant}/identity-provider"] = operator_api.NewUpdateTenantIdentityProvider(o.context, o.OperatorAPIUpdateTenantIdentityProviderHandler)
if o.handlers["POST"] == nil {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewUpdateTenantSecurity(o.context, o.OperatorAPIUpdateTenantSecurityHandler) o.handlers["POST"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewUpdateTenantSecurity(o.context, o.OperatorAPIUpdateTenantSecurityHandler)
} }

88
operatorapi/operations/operator_api/tenant_identity_provider.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// TenantIdentityProviderHandlerFunc turns a function with the right signature into a tenant identity provider handler
type TenantIdentityProviderHandlerFunc func(TenantIdentityProviderParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn TenantIdentityProviderHandlerFunc) Handle(params TenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// TenantIdentityProviderHandler interface for that can handle valid tenant identity provider params
type TenantIdentityProviderHandler interface {
Handle(TenantIdentityProviderParams, *models.Principal) middleware.Responder
}
// NewTenantIdentityProvider creates a new http.Handler for the tenant identity provider operation
func NewTenantIdentityProvider(ctx *middleware.Context, handler TenantIdentityProviderHandler) *TenantIdentityProvider {
return &TenantIdentityProvider{Context: ctx, Handler: handler}
}
/* TenantIdentityProvider swagger:route GET /namespaces/{namespace}/tenants/{tenant}/identity-provider OperatorAPI tenantIdentityProvider
Tenant Identity Provider
*/
type TenantIdentityProvider struct {
Context *middleware.Context
Handler TenantIdentityProviderHandler
}
func (o *TenantIdentityProvider) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewTenantIdentityProviderParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

112
operatorapi/operations/operator_api/tenant_identity_provider_parameters.go Normal file
View File

@@ -0,0 +1,112 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewTenantIdentityProviderParams creates a new TenantIdentityProviderParams object
//
// There are no default values defined in the spec.
func NewTenantIdentityProviderParams() TenantIdentityProviderParams {
return TenantIdentityProviderParams{}
}
// TenantIdentityProviderParams contains all the bound params for the tenant identity provider operation
// typically these are obtained from a http.Request
//
// swagger:parameters TenantIdentityProvider
type TenantIdentityProviderParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Namespace string
/*
Required: true
In: path
*/
Tenant string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewTenantIdentityProviderParams() beforehand.
func (o *TenantIdentityProviderParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
res = append(res, err)
}
rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindNamespace binds and validates parameter Namespace from path.
func (o *TenantIdentityProviderParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Namespace = raw
return nil
}
// bindTenant binds and validates parameter Tenant from path.
func (o *TenantIdentityProviderParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Tenant = raw
return nil
}

133
operatorapi/operations/operator_api/tenant_identity_provider_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// TenantIdentityProviderOKCode is the HTTP code returned for type TenantIdentityProviderOK
const TenantIdentityProviderOKCode int = 200
/*TenantIdentityProviderOK A successful response.
swagger:response tenantIdentityProviderOK
*/
type TenantIdentityProviderOK struct {
/*
In: Body
*/
Payload *models.IdpConfiguration `json:"body,omitempty"`
}
// NewTenantIdentityProviderOK creates TenantIdentityProviderOK with default headers values
func NewTenantIdentityProviderOK() *TenantIdentityProviderOK {
return &TenantIdentityProviderOK{}
}
// WithPayload adds the payload to the tenant identity provider o k response
func (o *TenantIdentityProviderOK) WithPayload(payload *models.IdpConfiguration) *TenantIdentityProviderOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the tenant identity provider o k response
func (o *TenantIdentityProviderOK) SetPayload(payload *models.IdpConfiguration) {
o.Payload = payload
}
// WriteResponse to the client
func (o *TenantIdentityProviderOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*TenantIdentityProviderDefault Generic error response.
swagger:response tenantIdentityProviderDefault
*/
type TenantIdentityProviderDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewTenantIdentityProviderDefault creates TenantIdentityProviderDefault with default headers values
func NewTenantIdentityProviderDefault(code int) *TenantIdentityProviderDefault {
if code <= 0 {
code = 500
}
return &TenantIdentityProviderDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the tenant identity provider default response
func (o *TenantIdentityProviderDefault) WithStatusCode(code int) *TenantIdentityProviderDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the tenant identity provider default response
func (o *TenantIdentityProviderDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the tenant identity provider default response
func (o *TenantIdentityProviderDefault) WithPayload(payload *models.Error) *TenantIdentityProviderDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the tenant identity provider default response
func (o *TenantIdentityProviderDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *TenantIdentityProviderDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

124
operatorapi/operations/operator_api/tenant_identity_provider_urlbuilder.go Normal file
View File

@@ -0,0 +1,124 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// TenantIdentityProviderURL generates an URL for the tenant identity provider operation
type TenantIdentityProviderURL struct {
Namespace string
Tenant string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantIdentityProviderURL) WithBasePath(bp string) *TenantIdentityProviderURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *TenantIdentityProviderURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *TenantIdentityProviderURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/namespaces/{namespace}/tenants/{tenant}/identity-provider"
namespace := o.Namespace
if namespace != "" {
_path = strings.Replace(_path, "{namespace}", namespace, -1)
} else {
return nil, errors.New("namespace is required on TenantIdentityProviderURL")
}
tenant := o.Tenant
if tenant != "" {
_path = strings.Replace(_path, "{tenant}", tenant, -1)
} else {
return nil, errors.New("tenant is required on TenantIdentityProviderURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *TenantIdentityProviderURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *TenantIdentityProviderURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *TenantIdentityProviderURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on TenantIdentityProviderURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on TenantIdentityProviderURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *TenantIdentityProviderURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

88
operatorapi/operations/operator_api/update_tenant_identity_provider.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// UpdateTenantIdentityProviderHandlerFunc turns a function with the right signature into a update tenant identity provider handler
type UpdateTenantIdentityProviderHandlerFunc func(UpdateTenantIdentityProviderParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn UpdateTenantIdentityProviderHandlerFunc) Handle(params UpdateTenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// UpdateTenantIdentityProviderHandler interface for that can handle valid update tenant identity provider params
type UpdateTenantIdentityProviderHandler interface {
Handle(UpdateTenantIdentityProviderParams, *models.Principal) middleware.Responder
}
// NewUpdateTenantIdentityProvider creates a new http.Handler for the update tenant identity provider operation
func NewUpdateTenantIdentityProvider(ctx *middleware.Context, handler UpdateTenantIdentityProviderHandler) *UpdateTenantIdentityProvider {
return &UpdateTenantIdentityProvider{Context: ctx, Handler: handler}
}
/* UpdateTenantIdentityProvider swagger:route POST /namespaces/{namespace}/tenants/{tenant}/identity-provider OperatorAPI updateTenantIdentityProvider
Update Tenant Identity Provider
*/
type UpdateTenantIdentityProvider struct {
Context *middleware.Context
Handler UpdateTenantIdentityProviderHandler
}
func (o *UpdateTenantIdentityProvider) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewUpdateTenantIdentityProviderParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

151
operatorapi/operations/operator_api/update_tenant_identity_provider_parameters.go Normal file
View File

@@ -0,0 +1,151 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"io"
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/validate"
"github.com/minio/console/models"
)
// NewUpdateTenantIdentityProviderParams creates a new UpdateTenantIdentityProviderParams object
//
// There are no default values defined in the spec.
func NewUpdateTenantIdentityProviderParams() UpdateTenantIdentityProviderParams {
return UpdateTenantIdentityProviderParams{}
}
// UpdateTenantIdentityProviderParams contains all the bound params for the update tenant identity provider operation
// typically these are obtained from a http.Request
//
// swagger:parameters UpdateTenantIdentityProvider
type UpdateTenantIdentityProviderParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: body
*/
Body *models.IdpConfiguration
/*
Required: true
In: path
*/
Namespace string
/*
Required: true
In: path
*/
Tenant string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewUpdateTenantIdentityProviderParams() beforehand.
func (o *UpdateTenantIdentityProviderParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.IdpConfiguration
if err := route.Consumer.Consume(r.Body, &body); err != nil {
if err == io.EOF {
res = append(res, errors.Required("body", "body", ""))
} else {
res = append(res, errors.NewParseError("body", "body", "", err))
}
} else {
// validate body object
if err := body.Validate(route.Formats); err != nil {
res = append(res, err)
}
ctx := validate.WithOperationRequest(context.Background())
if err := body.ContextValidate(ctx, route.Formats); err != nil {
res = append(res, err)
}
if len(res) == 0 {
o.Body = &body
}
}
} else {
res = append(res, errors.Required("body", "body", ""))
}
rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
res = append(res, err)
}
rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindNamespace binds and validates parameter Namespace from path.
func (o *UpdateTenantIdentityProviderParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Namespace = raw
return nil
}
// bindTenant binds and validates parameter Tenant from path.
func (o *UpdateTenantIdentityProviderParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Tenant = raw
return nil
}

113
operatorapi/operations/operator_api/update_tenant_identity_provider_responses.go Normal file
View File

@@ -0,0 +1,113 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// UpdateTenantIdentityProviderNoContentCode is the HTTP code returned for type UpdateTenantIdentityProviderNoContent
const UpdateTenantIdentityProviderNoContentCode int = 204
/*UpdateTenantIdentityProviderNoContent A successful response.
swagger:response updateTenantIdentityProviderNoContent
*/
type UpdateTenantIdentityProviderNoContent struct {
}
// NewUpdateTenantIdentityProviderNoContent creates UpdateTenantIdentityProviderNoContent with default headers values
func NewUpdateTenantIdentityProviderNoContent() *UpdateTenantIdentityProviderNoContent {
return &UpdateTenantIdentityProviderNoContent{}
}
// WriteResponse to the client
func (o *UpdateTenantIdentityProviderNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
rw.WriteHeader(204)
}
/*UpdateTenantIdentityProviderDefault Generic error response.
swagger:response updateTenantIdentityProviderDefault
*/
type UpdateTenantIdentityProviderDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewUpdateTenantIdentityProviderDefault creates UpdateTenantIdentityProviderDefault with default headers values
func NewUpdateTenantIdentityProviderDefault(code int) *UpdateTenantIdentityProviderDefault {
if code <= 0 {
code = 500
}
return &UpdateTenantIdentityProviderDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the update tenant identity provider default response
func (o *UpdateTenantIdentityProviderDefault) WithStatusCode(code int) *UpdateTenantIdentityProviderDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the update tenant identity provider default response
func (o *UpdateTenantIdentityProviderDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the update tenant identity provider default response
func (o *UpdateTenantIdentityProviderDefault) WithPayload(payload *models.Error) *UpdateTenantIdentityProviderDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the update tenant identity provider default response
func (o *UpdateTenantIdentityProviderDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *UpdateTenantIdentityProviderDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

124
operatorapi/operations/operator_api/update_tenant_identity_provider_urlbuilder.go Normal file
View File

@@ -0,0 +1,124 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package operator_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// UpdateTenantIdentityProviderURL generates an URL for the update tenant identity provider operation
type UpdateTenantIdentityProviderURL struct {
Namespace string
Tenant string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *UpdateTenantIdentityProviderURL) WithBasePath(bp string) *UpdateTenantIdentityProviderURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *UpdateTenantIdentityProviderURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *UpdateTenantIdentityProviderURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/namespaces/{namespace}/tenants/{tenant}/identity-provider"
namespace := o.Namespace
if namespace != "" {
_path = strings.Replace(_path, "{namespace}", namespace, -1)
} else {
return nil, errors.New("namespace is required on UpdateTenantIdentityProviderURL")
}
tenant := o.Tenant
if tenant != "" {
_path = strings.Replace(_path, "{tenant}", tenant, -1)
} else {
return nil, errors.New("tenant is required on UpdateTenantIdentityProviderURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *UpdateTenantIdentityProviderURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *UpdateTenantIdentityProviderURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *UpdateTenantIdentityProviderURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on UpdateTenantIdentityProviderURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on UpdateTenantIdentityProviderURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *UpdateTenantIdentityProviderURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

2
operatorapi/tenant_add.go
View File

@@ -153,7 +153,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
serverAddress := *tenantReq.Idp.ActiveDirectory.URL serverAddress := *tenantReq.Idp.ActiveDirectory.URL
tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification
serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
lookupBindDN := tenantReq.Idp.ActiveDirectory.LookupBindDn lookupBindDN := *tenantReq.Idp.ActiveDirectory.LookupBindDn
lookupBindPassword := tenantReq.Idp.ActiveDirectory.LookupBindPassword lookupBindPassword := tenantReq.Idp.ActiveDirectory.LookupBindPassword
userDNSearchBaseDN := tenantReq.Idp.ActiveDirectory.UserDnSearchBaseDn userDNSearchBaseDN := tenantReq.Idp.ActiveDirectory.UserDnSearchBaseDn
userDNSearchFilter := tenantReq.Idp.ActiveDirectory.UserDnSearchFilter userDNSearchFilter := tenantReq.Idp.ActiveDirectory.UserDnSearchFilter

273
operatorapi/tenants.go
View File

@@ -132,6 +132,26 @@ func registerTenantHandlers(api *operations.OperatorAPI) {
}) })
// Tenant identity provider details
api.OperatorAPITenantIdentityProviderHandler = operator_api.TenantIdentityProviderHandlerFunc(func(params operator_api.TenantIdentityProviderParams, session *models.Principal) middleware.Responder {
resp, err := getTenantIdentityProviderResponse(session, params)
if err != nil {
return operator_api.NewTenantIdentityProviderDefault(int(err.Code)).WithPayload(err)
}
return operator_api.NewTenantIdentityProviderOK().WithPayload(resp)
})
// Update Tenant identity provider configuration
api.OperatorAPIUpdateTenantIdentityProviderHandler = operator_api.UpdateTenantIdentityProviderHandlerFunc(func(params operator_api.UpdateTenantIdentityProviderParams, session *models.Principal) middleware.Responder {
err := getUpdateTenantIdentityProviderResponse(session, params)
if err != nil {
return operator_api.NewUpdateTenantIdentityProviderDefault(int(err.Code)).WithPayload(err)
}
return operator_api.NewUpdateTenantIdentityProviderNoContent()
})
// Delete Tenant // Delete Tenant
api.OperatorAPIDeleteTenantHandler = operator_api.DeleteTenantHandlerFunc(func(params operator_api.DeleteTenantParams, session *models.Principal) middleware.Responder { api.OperatorAPIDeleteTenantHandler = operator_api.DeleteTenantHandlerFunc(func(params operator_api.DeleteTenantParams, session *models.Principal) middleware.Responder {
err := getDeleteTenantResponse(session, params) err := getDeleteTenantResponse(session, params)
@@ -635,6 +655,239 @@ func getTenantSecurity(ctx context.Context, clientSet K8sClientI, tenant *miniov
}, nil }, nil
} }
func getTenantIdentityProvider(ctx context.Context, clientSet K8sClientI, tenant *miniov2.Tenant) (response *models.IdpConfiguration, err error) {
tenantConfiguration, err := GetTenantConfiguration(ctx, clientSet, tenant)
if err != nil {
return nil, err
}
var idpConfiguration *models.IdpConfiguration
if tenantConfiguration["MINIO_IDENTITY_OPENID_CONFIG_URL"] != "" {
callbackURL := tenantConfiguration["MINIO_IDENTITY_OPENID_REDIRECT_URI"]
claimName := tenantConfiguration["MINIO_IDENTITY_OPENID_CLAIM_NAME"]
clientID := tenantConfiguration["MINIO_IDENTITY_OPENID_CLIENT_ID"]
configurationURL := tenantConfiguration["MINIO_IDENTITY_OPENID_CONFIG_URL"]
scopes := tenantConfiguration["MINIO_IDENTITY_OPENID_SCOPES"]
secretID := tenantConfiguration["MINIO_IDENTITY_OPENID_CLIENT_SECRET"]
idpConfiguration = &models.IdpConfiguration{
Oidc: &models.IdpConfigurationOidc{
CallbackURL: callbackURL,
ClaimName: &claimName,
ClientID: &clientID,
ConfigurationURL: &configurationURL,
Scopes: scopes,
SecretID: &secretID,
},
}
}
if tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_ADDR"] != "" {
groupSearchBaseDN := tenantConfiguration["MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"]
groupSearchFilter := tenantConfiguration["MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"]
lookupBindDN := tenantConfiguration["MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN"]
lookupBindPassword := tenantConfiguration["MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD"]
serverInsecure := tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_INSECURE"] == "on"
serverStartTLS := tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_STARTTLS"] == "on"
tlsSkipVerify := tenantConfiguration["MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY"] == "on"
serverAddress := tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_ADDR"]
userDNSearchBaseDN := tenantConfiguration["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN"]
userDNSearchFilter := tenantConfiguration["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER"]
idpConfiguration = &models.IdpConfiguration{
ActiveDirectory: &models.IdpConfigurationActiveDirectory{
GroupSearchBaseDn: groupSearchBaseDN,
GroupSearchFilter: groupSearchFilter,
LookupBindDn: &lookupBindDN,
LookupBindPassword: lookupBindPassword,
ServerInsecure: serverInsecure,
ServerStartTLS: serverStartTLS,
SkipTLSVerification: tlsSkipVerify,
URL: &serverAddress,
UserDnSearchBaseDn: userDNSearchBaseDN,
UserDnSearchFilter: userDNSearchFilter,
},
}
}
return idpConfiguration, nil
}
func updateTenantIdentityProvider(ctx context.Context, operatorClient OperatorClientI, client K8sClientI, namespace string, params operator_api.UpdateTenantIdentityProviderParams) error {
tenant, err := operatorClient.TenantGet(ctx, namespace, params.Tenant, metav1.GetOptions{})
if err != nil {
return err
}
tenantConfiguration, err := GetTenantConfiguration(ctx, client, tenant)
if err != nil {
return err
}
delete(tenantConfiguration, "accesskey")
delete(tenantConfiguration, "secretkey")
oidcConfig := params.Body.Oidc
// set new oidc configuration fields
if oidcConfig != nil {
configurationURL := *oidcConfig.ConfigurationURL
clientID := *oidcConfig.ClientID
secretID := *oidcConfig.SecretID
claimName := *oidcConfig.ClaimName
scopes := oidcConfig.Scopes
callbackURL := oidcConfig.CallbackURL
// oidc config
tenantConfiguration["MINIO_IDENTITY_OPENID_CONFIG_URL"] = configurationURL
tenantConfiguration["MINIO_IDENTITY_OPENID_CLIENT_ID"] = clientID
tenantConfiguration["MINIO_IDENTITY_OPENID_CLIENT_SECRET"] = secretID
tenantConfiguration["MINIO_IDENTITY_OPENID_CLAIM_NAME"] = claimName
tenantConfiguration["MINIO_IDENTITY_OPENID_REDIRECT_URI"] = callbackURL
if scopes == "" {
scopes = "openid,profile,email"
}
tenantConfiguration["MINIO_IDENTITY_OPENID_SCOPES"] = scopes
} else {
// reset oidc configuration fields
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_CLAIM_NAME")
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_CLIENT_ID")
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_CONFIG_URL")
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_SCOPES")
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_CLIENT_SECRET")
delete(tenantConfiguration, "MINIO_IDENTITY_OPENID_REDIRECT_URI")
}
ldapConfig := params.Body.ActiveDirectory
// set new active directory configuration fields
if ldapConfig != nil {
// ldap config
serverAddress := *ldapConfig.URL
tlsSkipVerify := ldapConfig.SkipTLSVerification
serverInsecure := ldapConfig.ServerInsecure
lookupBindDN := *ldapConfig.LookupBindDn
lookupBindPassword := ldapConfig.LookupBindPassword
userDNSearchBaseDN := ldapConfig.UserDnSearchBaseDn
userDNSearchFilter := ldapConfig.UserDnSearchFilter
groupSearchBaseDN := ldapConfig.GroupSearchBaseDn
groupSearchFilter := ldapConfig.GroupSearchFilter
serverStartTLS := ldapConfig.ServerStartTLS
// LDAP Server
tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_ADDR"] = serverAddress
if tlsSkipVerify {
tenantConfiguration["MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY"] = "on"
}
if serverInsecure {
tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_INSECURE"] = "on"
}
if serverStartTLS {
tenantConfiguration["MINIO_IDENTITY_LDAP_SERVER_STARTTLS"] = "on"
}
// LDAP Lookup
tenantConfiguration["MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN"] = lookupBindDN
tenantConfiguration["MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD"] = lookupBindPassword
// LDAP User DN
tenantConfiguration["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN"] = userDNSearchBaseDN
tenantConfiguration["MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER"] = userDNSearchFilter
// LDAP Group
tenantConfiguration["MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN"] = groupSearchBaseDN
tenantConfiguration["MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER"] = groupSearchFilter
} else {
// reset active directory configuration fields
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_SERVER_INSECURE")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_SERVER_STARTTLS")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_SERVER_ADDR")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN")
delete(tenantConfiguration, "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER")
}
// write tenant configuration to secret that contains config.env
tenantConfigurationName := fmt.Sprintf("%s-env-configuration", tenant.Name)
_, err = createOrReplaceSecrets(ctx, client, tenant.Namespace, []tenantSecret{
{
Name: tenantConfigurationName,
Content: map[string][]byte{
"config.env": []byte(GenerateTenantConfigurationFile(tenantConfiguration)),
},
},
}, tenant.Name)
if err != nil {
return err
}
tenant.Spec.Configuration = &corev1.LocalObjectReference{Name: tenantConfigurationName}
tenant.EnsureDefaults()
// update tenant CRD
_, err = operatorClient.TenantUpdate(ctx, tenant, metav1.UpdateOptions{})
if err != nil {
return err
}
// restart all MinIO pods at the same time
err = client.deletePodCollection(ctx, namespace, metav1.DeleteOptions{}, metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, tenant.Name),
})
if err != nil {
return err
}
return nil
}
func getTenantIdentityProviderResponse(session *models.Principal, params operator_api.TenantIdentityProviderParams) (*models.IdpConfiguration, *models.Error) {
// 5 seconds timeout
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
if err != nil {
return nil, prepareError(err)
}
opClient := &operatorClient{
client: opClientClientSet,
}
minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
if err != nil {
return nil, prepareError(err)
}
// get Kubernetes Client
clientSet, err := cluster.K8sClient(session.STSSessionToken)
k8sClient := k8sClient{
client: clientSet,
}
if err != nil {
return nil, prepareError(err)
}
info, err := getTenantIdentityProvider(ctx, &k8sClient, minTenant)
if err != nil {
return nil, prepareError(err)
}
return info, nil
}
func getUpdateTenantIdentityProviderResponse(session *models.Principal, params operator_api.UpdateTenantIdentityProviderParams) *models.Error {
// 5 seconds timeout
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
if err != nil {
return prepareError(err)
}
// get Kubernetes Client
clientSet, err := cluster.K8sClient(session.STSSessionToken)
if err != nil {
return prepareError(err)
}
k8sClient := k8sClient{
client: clientSet,
}
opClient := &operatorClient{
client: opClientClientSet,
}
if err := updateTenantIdentityProvider(ctx, opClient, &k8sClient, params.Namespace, params); err != nil {
return prepareError(err, errors.New("unable to update tenant"))
}
return nil
}
func getTenantSecurityResponse(session *models.Principal, params operator_api.TenantSecurityParams) (*models.TenantSecurityResponse, *models.Error) { func getTenantSecurityResponse(session *models.Principal, params operator_api.TenantSecurityParams) (*models.TenantSecurityResponse, *models.Error) {
// 5 seconds timeout // 5 seconds timeout
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
@@ -764,12 +1017,12 @@ func updateTenantSecurity(ctx context.Context, operatorClient OperatorClientI, c
if err != nil { if err != nil {
return err return err
} }
// Remove Certificate Secrets from Tenant namespace // restart all MinIO pods at the same time
for _, secretName := range params.Body.CustomCertificates.SecretsToBeDeleted { err = client.deletePodCollection(ctx, namespace, metav1.DeleteOptions{}, metav1.ListOptions{
err = client.deleteSecret(ctx, minInst.Namespace, secretName, metav1.DeleteOptions{}) LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, minInst.Name),
if err != nil { })
restapi.LogError("error deleting secret: %v", err) if err != nil {
} return err
} }
return nil return nil
} }
@@ -1002,7 +1255,7 @@ func addTenantPool(ctx context.Context, operatorClient OperatorClientI, params o
return err return err
} }
_, err = operatorClient.TenantPatch(ctx, params.Namespace, tenant.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{}) _, err = operatorClient.TenantPatch(ctx, tenant.Namespace, tenant.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{})
if err != nil { if err != nil {
return err return err
} }
@@ -2207,7 +2460,7 @@ func getTenantYAML(session *models.Principal, params operator_api.GetTenantYAMLP
tenant.ManagedFields = []metav1.ManagedFieldsEntry{} tenant.ManagedFields = []metav1.ManagedFieldsEntry{}
//yb, err := yaml.Marshal(tenant) //yb, err := yaml.Marshal(tenant)
serializer := k8sJson.NewSerializerWithOptions( j8sJSONSerializer := k8sJson.NewSerializerWithOptions(
k8sJson.DefaultMetaFactory, nil, nil, k8sJson.DefaultMetaFactory, nil, nil,
k8sJson.SerializerOptions{ k8sJson.SerializerOptions{
Yaml: true, Yaml: true,
@@ -2217,7 +2470,7 @@ func getTenantYAML(session *models.Principal, params operator_api.GetTenantYAMLP
) )
buf := new(bytes.Buffer) buf := new(bytes.Buffer)
err = serializer.Encode(tenant, buf) err = j8sJSONSerializer.Encode(tenant, buf)
if err != nil { if err != nil {
return nil, prepareError(err) return nil, prepareError(err)
} }
@@ -2259,7 +2512,7 @@ func getUpdateTenantYAML(session *models.Principal, params operator_api.PutTenan
upTenant.Finalizers = inTenant.Finalizers upTenant.Finalizers = inTenant.Finalizers
upTenant.Spec = inTenant.Spec upTenant.Spec = inTenant.Spec
_, err = opClient.MinioV2().Tenants(params.Namespace).Update(params.HTTPRequest.Context(), upTenant, metav1.UpdateOptions{}) _, err = opClient.MinioV2().Tenants(upTenant.Namespace).Update(params.HTTPRequest.Context(), upTenant, metav1.UpdateOptions{})
if err != nil { if err != nil {
return &models.Error{Code: 400, Message: swag.String(err.Error())} return &models.Error{Code: 400, Message: swag.String(err.Error())}
} }

2
portal-ui/src/common/SecureComponent/permissions.ts
View File

@@ -187,6 +187,8 @@ export const IAM_PAGES = {
"/namespaces/:tenantNamespace/tenants/:tenantName/volumes", "/namespaces/:tenantNamespace/tenants/:tenantName/volumes",
NAMESPACE_TENANT_LICENSE: NAMESPACE_TENANT_LICENSE:
"/namespaces/:tenantNamespace/tenants/:tenantName/license", "/namespaces/:tenantNamespace/tenants/:tenantName/license",
NAMESPACE_TENANT_IDENTITY_PROVIDER:
"/namespaces/:tenantNamespace/tenants/:tenantName/identity-provider",
NAMESPACE_TENANT_SECURITY: NAMESPACE_TENANT_SECURITY:
"/namespaces/:tenantNamespace/tenants/:tenantName/security", "/namespaces/:tenantNamespace/tenants/:tenantName/security",
NAMESPACE_TENANT_ENCRYPTION: NAMESPACE_TENANT_ENCRYPTION:

5
portal-ui/src/screens/Console/Console.tsx
View File

@@ -449,6 +449,11 @@ const Console = ({
path: IAM_PAGES.NAMESPACE_TENANT_LICENSE, path: IAM_PAGES.NAMESPACE_TENANT_LICENSE,
forceDisplay: true, forceDisplay: true,
}, },
{
component: TenantDetails,
path: IAM_PAGES.NAMESPACE_TENANT_IDENTITY_PROVIDER,
forceDisplay: true,
},
{ {
component: TenantDetails, component: TenantDetails,
path: IAM_PAGES.NAMESPACE_TENANT_SECURITY, path: IAM_PAGES.NAMESPACE_TENANT_SECURITY,

15
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantDetails.tsx
View File

@@ -68,6 +68,9 @@ const TenantTrace = withSuspense(React.lazy(() => import("./TenantTrace")));
const TenantVolumes = withSuspense( const TenantVolumes = withSuspense(
React.lazy(() => import("./pvcs/TenantVolumes")) React.lazy(() => import("./pvcs/TenantVolumes"))
); );
const TenantIdentityProvider = withSuspense(
React.lazy(() => import("./TenantIdentityProvider"))
);
const TenantSecurity = withSuspense( const TenantSecurity = withSuspense(
React.lazy(() => import("./TenantSecurity")) React.lazy(() => import("./TenantSecurity"))
); );
@@ -451,6 +454,10 @@ const TenantDetails = ({
path={IAM_PAGES.NAMESPACE_TENANT_TRACE} path={IAM_PAGES.NAMESPACE_TENANT_TRACE}
component={TenantTrace} component={TenantTrace}
/> />
<Route
path={IAM_PAGES.NAMESPACE_TENANT_IDENTITY_PROVIDER}
component={TenantIdentityProvider}
/>
<Route <Route
path={IAM_PAGES.NAMESPACE_TENANT_SECURITY} path={IAM_PAGES.NAMESPACE_TENANT_SECURITY}
component={TenantSecurity} component={TenantSecurity}
@@ -524,6 +531,14 @@ const TenantDetails = ({
to: getRoutePath("metrics"), to: getRoutePath("metrics"),
}, },
}} }}
{{
tabConfig: {
label: "Identity Provider",
value: "identity-provider",
component: Link,
to: getRoutePath("identity-provider"),
},
}}
{{ {{
tabConfig: { tabConfig: {
label: "Security", label: "Security",

218
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantEncryption.tsx
View File

@@ -709,7 +709,13 @@ const TenantEncryption = ({
<Grid item xs> <Grid item xs>
<h1 className={classes.sectionTitle}>Encryption</h1> <h1 className={classes.sectionTitle}>Encryption</h1>
</Grid> </Grid>
<Grid item xs={4} justifyContent={"end"} textAlign={"right"}> <Grid
item
xs={4}
justifyContent={"end"}
textAlign={"right"}
className={classes.formFieldRow}
>
<FormSwitchWrapper <FormSwitchWrapper
label={""} label={""}
indicatorLabels={["Enabled", "Disabled"]} indicatorLabels={["Enabled", "Disabled"]}
@@ -717,7 +723,7 @@ const TenantEncryption = ({
value={"tenant_encryption"} value={"tenant_encryption"}
id="tenant-encryption" id="tenant-encryption"
name="tenant-encryption" name="tenant-encryption"
onChange={(e) => { onChange={() => {
setEncryptionEnabled(!encryptionEnabled); setEncryptionEnabled(!encryptionEnabled);
}} }}
description="" description=""
@@ -746,7 +752,7 @@ const TenantEncryption = ({
</Grid> </Grid>
{encryptionType === "vault" && ( {encryptionType === "vault" && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="vault_endpoint" id="vault_endpoint"
name="vault_endpoint" name="vault_endpoint"
@@ -762,7 +768,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="vault_engine" id="vault_engine"
name="vault_engine" name="vault_engine"
@@ -776,7 +782,7 @@ const TenantEncryption = ({
value={vaultConfiguration?.engine || ""} value={vaultConfiguration?.engine || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="vault_namespace" id="vault_namespace"
name="vault_namespace" name="vault_namespace"
@@ -790,7 +796,7 @@ const TenantEncryption = ({
value={vaultConfiguration?.namespace || ""} value={vaultConfiguration?.namespace || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="vault_prefix" id="vault_prefix"
name="vault_prefix" name="vault_prefix"
@@ -804,7 +810,7 @@ const TenantEncryption = ({
value={vaultConfiguration?.prefix || ""} value={vaultConfiguration?.prefix || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<Stack> <Stack>
<StackRow <StackRow
sx={{ sx={{
@@ -922,7 +928,7 @@ const TenantEncryption = ({
</Grid> </Grid>
</Stack> </Stack>
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<Stack> <Stack>
<StackRow <StackRow
sx={{ sx={{
@@ -936,9 +942,14 @@ const TenantEncryption = ({
marginBottom: 8, marginBottom: 8,
}} }}
> >
Mutual TLS authentication with KMS (optional) Vault Certificates (optional)
</h3> </h3>
</StackRow> </StackRow>
</Stack>
<fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}>
Mutual TLS authentication with Vault (optional)
</legend>
{vaultClientCertificateSecret ? ( {vaultClientCertificateSecret ? (
<TLSCertificate <TLSCertificate
certificateInfo={vaultClientCertificateSecret} certificateInfo={vaultClientCertificateSecret}
@@ -984,10 +995,10 @@ const TenantEncryption = ({
/> />
</Fragment> </Fragment>
)} )}
</Stack> </fieldset>
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
KMS CA certificate (optional) Vault CA certificate (optional)
</legend> </legend>
{vaultCACertificateSecret ? ( {vaultCACertificateSecret ? (
<TLSCertificate <TLSCertificate
@@ -1016,7 +1027,7 @@ const TenantEncryption = ({
)} )}
</fieldset> </fieldset>
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<Stack> <Stack>
<StackRow <StackRow
sx={{ sx={{
@@ -1057,7 +1068,7 @@ const TenantEncryption = ({
)} )}
{encryptionType === "azure" && ( {encryptionType === "azure" && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="azure_endpoint" id="azure_endpoint"
name="azure_endpoint" name="azure_endpoint"
@@ -1075,12 +1086,12 @@ const TenantEncryption = ({
value={azureConfiguration?.keyvault?.endpoint || ""} value={azureConfiguration?.keyvault?.endpoint || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Credentials Credentials
</legend> </legend>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="azure_tenant_id" id="azure_tenant_id"
name="azure_tenant_id" name="azure_tenant_id"
@@ -1104,7 +1115,7 @@ const TenantEncryption = ({
error={validationErrors["azure_tenant_id"] || ""} error={validationErrors["azure_tenant_id"] || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="azure_client_id" id="azure_client_id"
name="azure_client_id" name="azure_client_id"
@@ -1128,7 +1139,7 @@ const TenantEncryption = ({
error={validationErrors["azure_client_id"] || ""} error={validationErrors["azure_client_id"] || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="azure_client_secret" id="azure_client_secret"
name="azure_client_secret" name="azure_client_secret"
@@ -1158,7 +1169,7 @@ const TenantEncryption = ({
)} )}
{encryptionType === "gcp" && ( {encryptionType === "gcp" && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_project_id" id="gcp_project_id"
name="gcp_project_id" name="gcp_project_id"
@@ -1175,7 +1186,7 @@ const TenantEncryption = ({
value={gcpConfiguration?.secretmanager.project_id || ""} value={gcpConfiguration?.secretmanager.project_id || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_endpoint" id="gcp_endpoint"
name="gcp_endpoint" name="gcp_endpoint"
@@ -1192,12 +1203,12 @@ const TenantEncryption = ({
value={gcpConfiguration?.secretmanager.endpoint || ""} value={gcpConfiguration?.secretmanager.endpoint || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Credentials Credentials
</legend> </legend>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_client_email" id="gcp_client_email"
name="gcp_client_email" name="gcp_client_email"
@@ -1220,7 +1231,7 @@ const TenantEncryption = ({
} }
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_client_id" id="gcp_client_id"
name="gcp_client_id" name="gcp_client_id"
@@ -1243,7 +1254,7 @@ const TenantEncryption = ({
} }
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_private_key_id" id="gcp_private_key_id"
name="gcp_private_key_id" name="gcp_private_key_id"
@@ -1266,7 +1277,7 @@ const TenantEncryption = ({
} }
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gcp_private_key" id="gcp_private_key"
name="gcp_private_key" name="gcp_private_key"
@@ -1295,7 +1306,7 @@ const TenantEncryption = ({
)} )}
{encryptionType === "aws" && ( {encryptionType === "aws" && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_endpoint" id="aws_endpoint"
name="aws_endpoint" name="aws_endpoint"
@@ -1314,7 +1325,7 @@ const TenantEncryption = ({
error={validationErrors["aws_endpoint"] || ""} error={validationErrors["aws_endpoint"] || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_region" id="aws_region"
name="aws_region" name="aws_region"
@@ -1333,7 +1344,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_kmsKey" id="aws_kmsKey"
name="aws_kmsKey" name="aws_kmsKey"
@@ -1350,12 +1361,12 @@ const TenantEncryption = ({
value={awsConfiguration?.secretsmanager?.kmskey || ""} value={awsConfiguration?.secretsmanager?.kmskey || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Credentials Credentials
</legend> </legend>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_accessKey" id="aws_accessKey"
name="aws_accessKey" name="aws_accessKey"
@@ -1381,7 +1392,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_secretKey" id="aws_secretKey"
name="aws_secretKey" name="aws_secretKey"
@@ -1407,7 +1418,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="aws_token" id="aws_token"
name="aws_token" name="aws_token"
@@ -1437,7 +1448,7 @@ const TenantEncryption = ({
)} )}
{encryptionType === "gemalto" && ( {encryptionType === "gemalto" && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gemalto_endpoint" id="gemalto_endpoint"
name="gemalto_endpoint" name="gemalto_endpoint"
@@ -1462,12 +1473,13 @@ const TenantEncryption = ({
style={{ style={{
marginBottom: 15, marginBottom: 15,
}} }}
className={classes.formFieldRow}
> >
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Credentials Credentials
</legend> </legend>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gemalto_token" id="gemalto_token"
name="gemalto_token" name="gemalto_token"
@@ -1492,7 +1504,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
id="gemalto_domain" id="gemalto_domain"
name="gemalto_domain" name="gemalto_domain"
@@ -1517,7 +1529,7 @@ const TenantEncryption = ({
required required
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
type="number" type="number"
min="0" min="0"
@@ -1551,19 +1563,12 @@ const TenantEncryption = ({
style={{ style={{
marginBottom: 15, marginBottom: 15,
}} }}
className={classes.formFieldRow}
> >
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Custom CA Root certificate verification Custom CA Root certificate verification
</legend> </legend>
<FileSelector
onChange={(encodedValue, fileName) => {}}
accept=".cer,.crt,.cert,.pem"
id="gemalto_ca"
name="gemalto_ca"
label="CA"
value={""}
/>
{gemaltoCACertificateSecret ? ( {gemaltoCACertificateSecret ? (
<TLSCertificate <TLSCertificate
certificateInfo={gemaltoCACertificateSecret} certificateInfo={gemaltoCACertificateSecret}
@@ -1594,7 +1599,7 @@ const TenantEncryption = ({
</Grid> </Grid>
</Fragment> </Fragment>
)} )}
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<Stack> <Stack>
<StackRow <StackRow
sx={{ sx={{
@@ -1608,7 +1613,7 @@ const TenantEncryption = ({
marginBottom: 8, marginBottom: 8,
}} }}
> >
Additional Configurations Additional Configuration for KES
</h3> </h3>
</StackRow> </StackRow>
@@ -1617,7 +1622,7 @@ const TenantEncryption = ({
id="enableCustomCertsForKES" id="enableCustomCertsForKES"
name="enableCustomCertsForKES" name="enableCustomCertsForKES"
checked={enabledCustomCertificates} checked={enabledCustomCertificates}
onChange={(e) => onChange={() =>
setEnabledCustomCertificates(!enabledCustomCertificates) setEnabledCustomCertificates(!enabledCustomCertificates)
} }
label={"Custom Certificates"} label={"Custom Certificates"}
@@ -1626,10 +1631,10 @@ const TenantEncryption = ({
</Grid> </Grid>
{enabledCustomCertificates && ( {enabledCustomCertificates && (
<Fragment> <Fragment>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<fieldset className={classes.fieldGroup}> <fieldset className={classes.fieldGroup}>
<legend className={classes.descriptionText}> <legend className={classes.descriptionText}>
Encryption Service Certificates KES server TLS Certificates (optional)
</legend> </legend>
{serverTLSCertificateSecret ? ( {serverTLSCertificateSecret ? (
<TLSCertificate <TLSCertificate
@@ -1679,70 +1684,61 @@ const TenantEncryption = ({
)} )}
</fieldset> </fieldset>
</Grid> </Grid>
<Grid container spacing={1} style={{ marginBottom: 15 }}> <Grid item xs={12} className={classes.formFieldRow}>
<Grid item xs={12}> <fieldset className={classes.fieldGroup}>
<Stack> <legend className={classes.descriptionText}>
<StackRow Mutual TLS authentication with MinIO (optional)
sx={{ </legend>
borderBottom: "1px solid #eaeaea", {mTLSCertificateSecret ? (
margin: 0, <TLSCertificate
marginBottom: 1, certificateInfo={mTLSCertificateSecret}
}} onDelete={() =>
> removeCertificate(mTLSCertificateSecret)
Mutual TLS authentication with MinIO }
</StackRow> />
{mTLSCertificateSecret ? ( ) : (
<TLSCertificate <Fragment>
certificateInfo={mTLSCertificateSecret} <FileSelector
onDelete={() => onChange={(encodedValue, fileName) => {
removeCertificate(mTLSCertificateSecret) setMTLSCertificate({
} encoded_key: encodedValue || "",
id: mTLSCertificate?.id || "",
key: fileName || "",
cert: mTLSCertificate?.cert || "",
encoded_cert: mTLSCertificate?.encoded_cert || "",
});
cleanValidation("clientKey");
}}
accept=".key,.pem"
id="clientKey"
name="clientKey"
label="Key"
value={mTLSCertificate?.key}
/> />
) : ( <FileSelector
<Fragment> onChange={(encodedValue, fileName) => {
<FileSelector setMTLSCertificate({
onChange={(encodedValue, fileName) => { encoded_key: mTLSCertificate?.encoded_key || "",
setMTLSCertificate({ id: mTLSCertificate?.id || "",
encoded_key: encodedValue || "", key: mTLSCertificate?.key || "",
id: mTLSCertificate?.id || "", cert: fileName || "",
key: fileName || "", encoded_cert: encodedValue || "",
cert: mTLSCertificate?.cert || "", });
encoded_cert: cleanValidation("clientCert");
mTLSCertificate?.encoded_cert || "", }}
}); accept=".cer,.crt,.cert,.pem"
cleanValidation("clientKey"); id="clientCert"
}} name="clientCert"
accept=".key,.pem" label="Cert"
id="clientKey" value={mTLSCertificate?.cert}
name="clientKey" />
label="Key" </Fragment>
value={mTLSCertificate?.key} )}
/> </fieldset>
<FileSelector
onChange={(encodedValue, fileName) => {
setMTLSCertificate({
encoded_key: mTLSCertificate?.encoded_key || "",
id: mTLSCertificate?.id || "",
key: mTLSCertificate?.key || "",
cert: fileName || "",
encoded_cert: encodedValue || "",
});
cleanValidation("clientCert");
}}
accept=".cer,.crt,.cert,.pem"
id="clientCert"
name="clientCert"
label="Cert"
value={mTLSCertificate?.cert}
/>
</Fragment>
)}
</Stack>
</Grid>
</Grid> </Grid>
</Fragment> </Fragment>
)} )}
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
type="text" type="text"
id="image" id="image"
@@ -1755,7 +1751,7 @@ const TenantEncryption = ({
value={image} value={image}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper <InputBoxWrapper
type="number" type="number"
min="1" min="1"
@@ -1770,7 +1766,7 @@ const TenantEncryption = ({
error={validationErrors["replicas"] || ""} error={validationErrors["replicas"] || ""}
/> />
</Grid> </Grid>
<Grid item xs={12}> <Grid item xs={12} className={classes.formFieldRow}>
<Stack> <Stack>
<StackRow <StackRow
sx={{ sx={{
@@ -1784,7 +1780,7 @@ const TenantEncryption = ({
marginBottom: 10, marginBottom: 10,
}} }}
> >
SecurityContext for KES pods SecurityContext for KES
</h3> </h3>
</StackRow> </StackRow>
<Grid item xs={12} className={classes.kesSecurityContext}> <Grid item xs={12} className={classes.kesSecurityContext}>

617
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantIdentityProvider.tsx Normal file
View File

@@ -0,0 +1,617 @@
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
import { ITenant } from "../ListTenants/types";
import { ITenantIdentityProviderResponse } from "../types";
import { Theme } from "@mui/material/styles";
import createStyles from "@mui/styles/createStyles";
import withStyles from "@mui/styles/withStyles";
import {
containerForHeader,
createTenantCommon,
formFieldStyles,
modalBasic,
spacingUtils,
tenantDetailsStyles,
wizardCommon,
} from "../../Common/FormComponents/common/styleLibrary";
import Paper from "@mui/material/Paper";
import Grid from "@mui/material/Grid";
import React, { Fragment, useCallback, useEffect, useState } from "react";
import { Button, DialogContentText, Typography } from "@mui/material";
import api from "../../../../common/api";
import { setErrorSnackMessage } from "../../../../actions";
import { connect } from "react-redux";
import { AppState } from "../../../../store";
import { ErrorResponseHandler } from "../../../../common/types";
import Loader from "../../Common/Loader/Loader";
import RadioGroupSelector from "../../Common/FormComponents/RadioGroupSelector/RadioGroupSelector";
import InputBoxWrapper from "../../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
import { clearValidationError } from "../utils";
import {
commonFormValidation,
IValidation,
} from "../../../../utils/validationFunctions";
import FormSwitchWrapper from "../../Common/FormComponents/FormSwitchWrapper/FormSwitchWrapper";
import VisibilityOffIcon from "@mui/icons-material/VisibilityOff";
import RemoveRedEyeIcon from "@mui/icons-material/RemoveRedEye";
import ConfirmDialog from "../../Common/ModalWrapper/ConfirmDialog";
import { ConfirmModalIcon } from "../../../../icons";
interface ITenantIdentityProvider {
classes: any;
loadingTenant: boolean;
tenant: ITenant | null;
setErrorSnackMessage: typeof setErrorSnackMessage;
}
const styles = (theme: Theme) =>
createStyles({
...tenantDetailsStyles,
...spacingUtils,
loaderAlign: {
textAlign: "center",
},
title: {
marginTop: 35,
},
bold: { fontWeight: "bold" },
italic: { fontStyle: "italic" },
paperContainer: {
padding: "15px 15px 15px 50px",
},
fileItem: {
marginRight: 10,
display: "flex",
"& div label": {
minWidth: 50,
},
"@media (max-width: 900px)": {
flexFlow: "column",
},
},
...containerForHeader(theme.spacing(4)),
...createTenantCommon,
...formFieldStyles,
...modalBasic,
...wizardCommon,
});
const TenantIdentityProvider = ({
classes,
tenant,
loadingTenant,
setErrorSnackMessage,
}: ITenantIdentityProvider) => {
const [isSending, setIsSending] = useState<boolean>(false);
const [dialogOpen, setDialogOpen] = useState<boolean>(false);
const [idpSelection, setIdpSelection] = useState<string>("Built-in");
const [openIDConfigurationURL, setOpenIDConfigurationURL] =
useState<string>("");
const [openIDClientID, setOpenIDClientID] = useState<string>("");
const [openIDSecretID, setOpenIDSecretID] = useState<string>("");
const [showOIDCSecretID, setShowOIDCSecretID] = useState<boolean>(false);
const [openIDCallbackURL, setOpenIDCallbackURL] = useState<string>("");
const [openIDClaimName, setOpenIDClaimName] = useState<string>("");
const [openIDScopes, setOpenIDScopes] = useState<string>("");
const [ADURL, setADURL] = useState<string>("");
const [ADLookupBindDN, setADLookupBindDN] = useState<string>("");
const [ADLookupBindPassword, setADLookupBindPassword] = useState<string>("");
const [showADLookupBindPassword, setShowADLookupBindPassword] =
useState<boolean>(false);
const [ADUserDNSearchBaseDN, setADUserDNSearchBaseDN] = useState<string>("");
const [ADUserDNSearchFilter, setADUserDNSearchFilter] = useState<string>("");
const [ADGroupSearchBaseDN, setADGroupSearchBaseDN] = useState<string>("");
const [ADGroupSearchFilter, setADGroupSearchFilter] = useState<string>("");
const [ADSkipTLS, setADSkipTLS] = useState<boolean>(false);
const [ADServerInsecure, setADServerInsecure] = useState<boolean>(false);
const [ADServerStartTLS, setADServerStartTLS] = useState<boolean>(false);
const [validationErrors, setValidationErrors] = useState<any>({});
const cleanValidation = (fieldName: string) => {
setValidationErrors(clearValidationError(validationErrors, fieldName));
};
const [isFormValid, setIsFormValid] = useState<boolean>(false);
// Validation
useEffect(() => {
let identityProviderValidation: IValidation[] = [];
if (idpSelection === "OpenID") {
identityProviderValidation = [
...identityProviderValidation,
{
fieldKey: "openID_CONFIGURATION_URL",
required: true,
value: openIDConfigurationURL,
},
{
fieldKey: "openID_clientID",
required: true,
value: openIDClientID,
},
{
fieldKey: "openID_secretID",
required: true,
value: openIDSecretID,
},
{
fieldKey: "openID_claimName",
required: true,
value: openIDClaimName,
},
];
}
if (idpSelection === "AD") {
identityProviderValidation = [
...identityProviderValidation,
{
fieldKey: "AD_URL",
required: true,
value: ADURL,
},
{
fieldKey: "ad_lookupBindDN",
required: true,
value: ADLookupBindDN,
},
];
}
const commonVal = commonFormValidation(identityProviderValidation);
setIsFormValid(Object.keys(commonVal).length === 0);
setValidationErrors(commonVal);
}, [
idpSelection,
openIDConfigurationURL,
openIDClientID,
openIDSecretID,
openIDClaimName,
ADURL,
ADLookupBindDN,
]);
const getTenantIdentityProviderInfo = useCallback(() => {
api
.invoke(
"GET",
`/api/v1/namespaces/${tenant?.namespace}/tenants/${tenant?.name}/identity-provider`
)
.then((res: ITenantIdentityProviderResponse) => {
if (res) {
if (res.oidc) {
setIdpSelection("OpenID");
setOpenIDConfigurationURL(res.oidc.configuration_url);
setOpenIDClientID(res.oidc.client_id);
setOpenIDSecretID(res.oidc.secret_id);
setOpenIDCallbackURL(res.oidc.callback_url);
setOpenIDClaimName(res.oidc.claim_name);
setOpenIDScopes(res.oidc.scopes);
} else if (res.active_directory) {
setIdpSelection("AD");
setADURL(res.active_directory.url);
setADLookupBindDN(res.active_directory.lookup_bind_dn);
setADLookupBindPassword(res.active_directory.lookup_bind_password);
setADUserDNSearchBaseDN(
res.active_directory.user_dn_search_base_dn
);
setADUserDNSearchFilter(res.active_directory.user_dn_search_filter);
setADGroupSearchBaseDN(res.active_directory.group_search_base_dn);
setADGroupSearchFilter(res.active_directory.group_search_filter);
setADSkipTLS(res.active_directory.skip_tls_verification);
setADServerInsecure(res.active_directory.server_insecure);
setADServerStartTLS(res.active_directory.server_start_tls);
}
}
})
.catch((err: ErrorResponseHandler) => {
setErrorSnackMessage(err);
});
}, [tenant, setErrorSnackMessage]);
useEffect(() => {
if (tenant) {
getTenantIdentityProviderInfo();
}
}, [tenant, getTenantIdentityProviderInfo]);
const updateTenantIdentityProvider = () => {
setIsSending(true);
let payload: ITenantIdentityProviderResponse = {};
switch (idpSelection) {
case "AD":
payload.active_directory = {
url: ADURL,
lookup_bind_dn: ADLookupBindDN,
lookup_bind_password: ADLookupBindPassword,
user_dn_search_base_dn: ADUserDNSearchBaseDN,
user_dn_search_filter: ADUserDNSearchFilter,
group_search_base_dn: ADGroupSearchBaseDN,
group_search_filter: ADGroupSearchFilter,
skip_tls_verification: ADSkipTLS,
server_insecure: ADServerInsecure,
server_start_tls: ADServerStartTLS,
};
break;
case "OpenID":
payload.oidc = {
configuration_url: openIDConfigurationURL,
client_id: openIDClientID,
secret_id: openIDSecretID,
callback_url: openIDCallbackURL,
claim_name: openIDClaimName,
scopes: openIDScopes,
};
break;
default:
// Built-in IDP will be used by default
}
api
.invoke(
"POST",
`/api/v1/namespaces/${tenant?.namespace}/tenants/${tenant?.name}/identity-provider`,
payload
)
.then(() => {
setIsSending(false);
// Close confirmation modal
setDialogOpen(false);
getTenantIdentityProviderInfo();
})
.catch((err: ErrorResponseHandler) => {
setErrorSnackMessage(err);
setIsSending(false);
});
};
return (
<React.Fragment>
<ConfirmDialog
title={"Save and Restart"}
confirmText={"Restart"}
cancelText="Cancel"
titleIcon={<ConfirmModalIcon />}
isLoading={isSending}
onClose={() => setDialogOpen(false)}
isOpen={dialogOpen}
onConfirm={updateTenantIdentityProvider}
confirmationContent={
<DialogContentText>
Are you sure you want to save the changes and restart the service?
</DialogContentText>
}
/>
{loadingTenant ? (
<Paper className={classes.paperContainer}>
<div className={classes.loaderAlign}>
<Loader />
</div>
</Paper>
) : (
<Fragment>
<h1 className={classes.sectionTitle}>Identity Provider</h1>
<Paper className={classes.paperContainer}>
<Grid item xs={12} className={classes.protocolRadioOptions}>
<label>Protocol</label>
<RadioGroupSelector
currentSelection={idpSelection}
id="idp-options"
name="idp-options"
label=" "
onChange={(e) => {
setIdpSelection(e.target.value);
}}
selectorOptions={[
{ label: "Built-in", value: "Built-in" },
{ label: "OpenID", value: "OpenID" },
{ label: "Active Directory", value: "AD" },
]}
/>
</Grid>
{idpSelection === "OpenID" && (
<Fragment>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="openID_CONFIGURATION_URL"
name="openID_CONFIGURATION_URL"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDConfigurationURL(e.target.value);
cleanValidation("openID_CONFIGURATION_URL");
}}
label="Configuration URL"
value={openIDConfigurationURL}
placeholder="https://your-identity-provider.com/.well-known/openid-configuration"
error={validationErrors["openID_CONFIGURATION_URL"] || ""}
required
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="openID_clientID"
name="openID_clientID"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDClientID(e.target.value);
cleanValidation("openID_clientID");
}}
label="Client ID"
value={openIDClientID}
error={validationErrors["openID_clientID"] || ""}
required
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
type={showOIDCSecretID ? "text" : "password"}
id="openID_secretID"
name="openID_secretID"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDSecretID(e.target.value);
cleanValidation("openID_secretID");
}}
label="Secret ID"
value={openIDSecretID}
error={validationErrors["openID_secretID"] || ""}
required
overlayIcon={
showOIDCSecretID ? (
<VisibilityOffIcon />
) : (
<RemoveRedEyeIcon />
)
}
overlayAction={() => setShowOIDCSecretID(!showOIDCSecretID)}
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="openID_callbackURL"
name="openID_callbackURL"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDCallbackURL(e.target.value);
cleanValidation("openID_callbackURL");
}}
label="Callback URL"
value={openIDCallbackURL}
placeholder="https://your-console-endpoint:9443/oauth_callback"
error={validationErrors["openID_callbackURL"] || ""}
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="openID_claimName"
name="openID_claimName"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDClaimName(e.target.value);
cleanValidation("openID_claimName");
}}
label="Claim Name"
value={openIDClaimName}
error={validationErrors["openID_claimName"] || ""}
required
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="openID_scopes"
name="openID_scopes"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setOpenIDScopes(e.target.value);
cleanValidation("openID_scopes");
}}
label="Scopes"
value={openIDScopes}
/>
</Grid>
</Fragment>
)}
{idpSelection === "AD" && (
<Fragment>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="AD_URL"
name="AD_URL"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADURL(e.target.value);
cleanValidation("AD_URL");
}}
label="LDAP Server Address"
value={ADURL}
placeholder="ldap-server:636"
error={validationErrors["AD_URL"] || ""}
required
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<FormSwitchWrapper
value="ad_skipTLS"
id="ad_skipTLS"
name="ad_skipTLS"
checked={ADSkipTLS}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
setADSkipTLS(checked);
}}
label={"Skip TLS Verification"}
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<FormSwitchWrapper
value="ad_serverInsecure"
id="ad_serverInsecure"
name="ad_serverInsecure"
checked={ADServerInsecure}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
setADServerInsecure(checked);
}}
label={"Server Insecure"}
/>
</Grid>
{ADServerInsecure ? (
<Grid item xs={12}>
<Typography
className={classes.error}
variant="caption"
display="block"
gutterBottom
>
Warning: All traffic with Active Directory will be
unencrypted
</Typography>
<br />
</Grid>
) : null}
<Grid item xs={12} className={classes.formFieldRow}>
<FormSwitchWrapper
value="ad_serverStartTLS"
id="ad_serverStartTLS"
name="ad_serverStartTLS"
checked={ADServerStartTLS}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
setADServerStartTLS(checked);
}}
label={"Start TLS connection to AD/LDAP server"}
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="ad_lookupBindDN"
name="ad_lookupBindDN"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADLookupBindDN(e.target.value);
cleanValidation("ad_lookupBindDN");
}}
label="Lookup Bind DN"
value={ADLookupBindDN}
placeholder="cn=admin,dc=min,dc=io"
error={validationErrors["ad_lookupBindDN"] || ""}
required
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
type={showADLookupBindPassword ? "text" : "password"}
id="ad_lookupBindPassword"
name="ad_lookupBindPassword"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADLookupBindPassword(e.target.value);
}}
label="Lookup Bind Password"
value={ADLookupBindPassword}
placeholder="admin"
overlayIcon={
showADLookupBindPassword ? (
<VisibilityOffIcon />
) : (
<RemoveRedEyeIcon />
)
}
overlayAction={() =>
setShowADLookupBindPassword(!showADLookupBindPassword)
}
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="ad_userDNSearchBaseDN"
name="ad_userDNSearchBaseDN"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADUserDNSearchBaseDN(e.target.value);
}}
label="User DN Search Base DN"
value={ADUserDNSearchBaseDN}
placeholder="dc=min,dc=io"
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="ad_userDNSearchFilter"
name="ad_userDNSearchFilter"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADUserDNSearchFilter(e.target.value);
}}
label="User DN Search Filter"
value={ADUserDNSearchFilter}
placeholder="(sAMAcountName=%s)"
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="ad_groupSearchBaseDN"
name="ad_groupSearchBaseDN"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADGroupSearchBaseDN(e.target.value);
}}
label="Group Search Base DN"
value={ADGroupSearchBaseDN}
placeholder="ou=hwengg,dc=min,dc=io;ou=swengg,dc=min,dc=io"
/>
</Grid>
<Grid item xs={12} className={classes.formFieldRow}>
<InputBoxWrapper
id="ad_groupSearchFilter"
name="ad_groupSearchFilter"
onChange={(e: React.ChangeEvent<HTMLInputElement>) => {
setADGroupSearchFilter(e.target.value);
}}
label="Group Search Filter"
value={ADGroupSearchFilter}
placeholder="(&(objectclass=groupOfNames)(member=%s))"
/>
</Grid>
</Fragment>
)}
<Grid item xs={12} className={classes.buttonContainer}>
<Button
type="submit"
variant="contained"
color="primary"
disabled={!isFormValid || isSending}
onClick={() => setDialogOpen(true)}
>
Save
</Button>
</Grid>
</Paper>
</Fragment>
)}
</React.Fragment>
);
};
const mapState = (state: AppState) => ({
loadingTenant: state.tenants.tenantDetails.loadingTenant,
selectedTenant: state.tenants.tenantDetails.currentTenant,
tenant: state.tenants.tenantDetails.tenantInfo,
});
const mapDispatchToProps = {
setErrorSnackMessage,
};
const connector = connect(mapState, mapDispatchToProps);
export default withStyles(styles)(connector(TenantIdentityProvider));

90
portal-ui/src/screens/Console/Tenants/TenantDetails/TenantSecurity.tsx
View File

@@ -21,8 +21,12 @@ import createStyles from "@mui/styles/createStyles";
import withStyles from "@mui/styles/withStyles"; import withStyles from "@mui/styles/withStyles";
import { import {
containerForHeader, containerForHeader,
createTenantCommon,
formFieldStyles,
modalBasic,
spacingUtils, spacingUtils,
tenantDetailsStyles, tenantDetailsStyles,
wizardCommon,
} from "../../Common/FormComponents/common/styleLibrary"; } from "../../Common/FormComponents/common/styleLibrary";
import Paper from "@mui/material/Paper"; import Paper from "@mui/material/Paper";
import Grid from "@mui/material/Grid"; import Grid from "@mui/material/Grid";
@@ -36,7 +40,6 @@ import { setErrorSnackMessage } from "../../../../actions";
import { connect } from "react-redux"; import { connect } from "react-redux";
import { AppState } from "../../../../store"; import { AppState } from "../../../../store";
import { ErrorResponseHandler } from "../../../../common/types"; import { ErrorResponseHandler } from "../../../../common/types";
import { setTenantDetailsLoad } from "../actions";
import ConfirmDialog from "../../Common/ModalWrapper/ConfirmDialog"; import ConfirmDialog from "../../Common/ModalWrapper/ConfirmDialog";
import { AddIcon, ConfirmModalIcon } from "../../../../icons"; import { AddIcon, ConfirmModalIcon } from "../../../../icons";
import Loader from "../../Common/Loader/Loader"; import Loader from "../../Common/Loader/Loader";
@@ -47,7 +50,6 @@ interface ITenantSecurity {
loadingTenant: boolean; loadingTenant: boolean;
tenant: ITenant | null; tenant: ITenant | null;
setErrorSnackMessage: typeof setErrorSnackMessage; setErrorSnackMessage: typeof setErrorSnackMessage;
setTenantDetailsLoad: typeof setTenantDetailsLoad;
} }
const styles = (theme: Theme) => const styles = (theme: Theme) =>
@@ -89,6 +91,10 @@ const styles = (theme: Theme) =>
marginBottom: 10, marginBottom: 10,
}, },
...containerForHeader(theme.spacing(4)), ...containerForHeader(theme.spacing(4)),
...createTenantCommon,
...formFieldStyles,
...modalBasic,
...wizardCommon,
}); });
const TenantSecurity = ({ const TenantSecurity = ({
@@ -96,7 +102,6 @@ const TenantSecurity = ({
tenant, tenant,
loadingTenant, loadingTenant,
setErrorSnackMessage, setErrorSnackMessage,
setTenantDetailsLoad,
}: ITenantSecurity) => { }: ITenantSecurity) => {
const [isSending, setIsSending] = useState<boolean>(false); const [isSending, setIsSending] = useState<boolean>(false);
const [dialogOpen, setDialogOpen] = useState<boolean>(false); const [dialogOpen, setDialogOpen] = useState<boolean>(false);
@@ -346,41 +351,45 @@ const TenantSecurity = ({
<h1 className={classes.sectionTitle}>Security</h1> <h1 className={classes.sectionTitle}>Security</h1>
<Paper className={classes.paperContainer}> <Paper className={classes.paperContainer}>
<Grid item xs={12} className={classes.title}> <Grid item xs={12} className={classes.title}>
<FormSwitchWrapper <Grid item xs={12} className={classes.formFieldRow}>
value="enableAutoCert" <FormSwitchWrapper
id="enableAutoCert" value="enableAutoCert"
name="enableAutoCert" id="enableAutoCert"
checked={enableAutoCert} name="enableAutoCert"
onChange={(e) => { checked={enableAutoCert}
const targetD = e.target; onChange={(e) => {
const checked = targetD.checked; const targetD = e.target;
setEnableAutoCert(checked); const checked = targetD.checked;
}} setEnableAutoCert(checked);
label={"TLS"} }}
description={ label={"TLS"}
"The internode certificates will be generated and managed by MinIO Operator" description={
} "The internode certificates will be generated and managed by MinIO Operator"
/> }
<FormSwitchWrapper />
value="enableCustomCerts" </Grid>
id="enableCustomCerts" <Grid item xs={12} className={classes.formFieldRow}>
name="enableCustomCerts" <FormSwitchWrapper
checked={enableCustomCerts} value="enableCustomCerts"
onChange={(e) => { id="enableCustomCerts"
const targetD = e.target; name="enableCustomCerts"
const checked = targetD.checked; checked={enableCustomCerts}
setEnableCustomCerts(checked); onChange={(e) => {
}} const targetD = e.target;
label={"Custom Certificates"} const checked = targetD.checked;
/> setEnableCustomCerts(checked);
}}
label={"Custom Certificates"}
/>
</Grid>
</Grid> </Grid>
{enableCustomCerts && ( {enableCustomCerts && (
<Grid container> <Fragment>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
<h4>MinIO Certificates</h4> <h4>MinIO Certificates</h4>
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
{minioTLSCertificateSecrets.map( {minioTLSCertificateSecrets.map(
(certificateInfo: ICertificateInfo) => ( (certificateInfo: ICertificateInfo) => (
<TLSCertificate <TLSCertificate
@@ -391,7 +400,7 @@ const TenantSecurity = ({
)} )}
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
{minioCertificates.map((keyPair) => ( {minioCertificates.map((keyPair) => (
<Grid <Grid
item item
@@ -449,7 +458,7 @@ const TenantSecurity = ({
</Grid> </Grid>
))} ))}
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
<Button <Button
variant="outlined" variant="outlined"
color="primary" color="primary"
@@ -460,10 +469,10 @@ const TenantSecurity = ({
</Button> </Button>
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
<h4>MinIO CA Certificates</h4> <h4>MinIO CA Certificates</h4>
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
{minioTLSCaCertificateSecrets.map( {minioTLSCaCertificateSecrets.map(
(certificateInfo: ICertificateInfo) => ( (certificateInfo: ICertificateInfo) => (
<TLSCertificate <TLSCertificate
@@ -474,7 +483,7 @@ const TenantSecurity = ({
)} )}
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
{minioCaCertificates.map((keyPair: KeyPair) => ( {minioCaCertificates.map((keyPair: KeyPair) => (
<Grid <Grid
item item
@@ -512,7 +521,7 @@ const TenantSecurity = ({
</Grid> </Grid>
))} ))}
</Grid> </Grid>
<Grid container item xs={12}> <Grid container item xs={12} className={classes.formFieldRow}>
<Button <Button
variant="outlined" variant="outlined"
color="primary" color="primary"
@@ -522,7 +531,7 @@ const TenantSecurity = ({
Add CA Certificate Add CA Certificate
</Button> </Button>
</Grid> </Grid>
</Grid> </Fragment>
)} )}
<Grid item xs={12} className={classes.buttonContainer}> <Grid item xs={12} className={classes.buttonContainer}>
@@ -551,7 +560,6 @@ const mapState = (state: AppState) => ({
const mapDispatchToProps = { const mapDispatchToProps = {
setErrorSnackMessage, setErrorSnackMessage,
setTenantDetailsLoad,
}; };
const connector = connect(mapState, mapDispatchToProps); const connector = connect(mapState, mapDispatchToProps);

23
portal-ui/src/screens/Console/Tenants/types.ts
View File

@@ -421,6 +421,29 @@ export interface IAddPool {
fields: IAddPoolFields; fields: IAddPoolFields;
} }
export interface ITenantIdentityProviderResponse {
oidc?: {
callback_url: string;
claim_name: string;
client_id: string;
configuration_url: string;
scopes: string;
secret_id: string;
};
active_directory?: {
lookup_bind_dn: string;
lookup_bind_password: string;
server_start_tls: boolean;
skip_tls_verification: boolean;
url: string;
group_search_base_dn: string;
group_search_filter: string;
server_insecure: boolean;
user_dn_search_base_dn: string;
user_dn_search_filter: string;
};
}
interface SetTenantWizardPage { interface SetTenantWizardPage {
type: typeof ADD_TENANT_SET_CURRENT_PAGE; type: typeof ADD_TENANT_SET_CURRENT_PAGE;
page: number; page: number;

53
swagger-operator.yml
View File

@@ -310,6 +310,57 @@ paths:
tags: tags:
- OperatorAPI - OperatorAPI
/namespaces/{namespace}/tenants/{tenant}/identity-provider:
get:
summary: Tenant Identity Provider
operationId: TenantIdentityProvider
parameters:
- name: namespace
in: path
required: true
type: string
- name: tenant
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/idpConfiguration"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- OperatorAPI
post:
summary: Update Tenant Identity Provider
operationId: UpdateTenantIdentityProvider
parameters:
- name: namespace
in: path
required: true
type: string
- name: tenant
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/idpConfiguration"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- OperatorAPI
/namespaces/{namespace}/tenants/{tenant}/security: /namespaces/{namespace}/tenants/{tenant}/security:
get: get:
summary: Tenant Security summary: Tenant Security
@@ -1275,6 +1326,7 @@ definitions:
capacity_usage: capacity_usage:
type: integer type: integer
format: int64 format: int64
tenantSecurityResponse: tenantSecurityResponse:
type: object type: object
properties: properties:
@@ -1647,6 +1699,7 @@ definitions:
type: object type: object
required: required:
- url - url
- lookup_bind_dn
properties: properties:
url: url:
type: string type: string