Fix config parsing using madmin and mc bump up
- The config parsing client-side logic is updated in madmin-go
- This change also has fixes associated with breakage caused by bumping
up the mc dependency
Similar to MinIO now it's possible to configure webhooks to log all
triggered errors and incomming requests via env variables:
```
CONSOLE_LOGGER_WEBHOOK_ENABLE_<ID>
CONSOLE_LOGGER_WEBHOOK_ENDPOINT_<ID>
CONSOLE_LOGGER_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_KEY_<ID>
CONSOLE_LOGGER_WEBHOOK_QUEUE_SIZE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENABLE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENDPOINT_<ID>
CONSOLE_AUDIT_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_AUDIT_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_AUDIT_WEBHOOK_QUEUE_SIZE_<ID>
```
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Removed old registration flow
- Add support for new online and offline cluster registration flow
- Support login accounts with mfa enabled
- Registration screens
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Currently console only support "aws:username" as the
most basic variable for policy evaluation. This PR
extends this to add all the possible combinations
possible.
This includes all `jwt:*` and `ldap:*`
- Update operator dependency
- Don't store policy on session token, instead obtain it during session
validation
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
this update fixes dropping valid statements
as duplicates during iampolicy.ParseConfig()
fixes situations when users have overlapping
policies, then server should apply both
policies together.
- Update transport to use the same from Console in IDP Auth
- Validate provided idp URL
Co-authored-by: Harshavardhana <harsha@minio.io>
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Co-authored-by: Ricardo Katz <rkatz@vmware.com>
Co-authored-by: Harshavardhana <harsha@minio.io>
With support for GitLab OpenID service,
we need to make sure to support userInfo
endpoint for this MinIO server requires that
access_token is additionally sent along with
id_token as before to make sure we can fetch
additional claims from /userinfo endpoint.
This PR brings support on console for this
feature.
Refer https://github.com/minio/minio/pull/12469
This PR fixes two bugs one is
- incorrect termination of the HTTP connections
when the resource URL path is `/`, since `/`
doesn't exist we should never call h.ServeHTTP()
instead should be directly served from public assets.
- add SSLHostFunc() such that if the Hostname is empty
redirection is not empty and this value is handled
properly when redirecting from 9090 to 9443.
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
- fix: create tenant from operator-ui was broken due to migration from
standalone console to embedded console
- fix: refresh, activate and attach license in subscription page was
broken
- fix: tenant usage report in operator-ui
- fix: show tenant encryption enabled if MINIO_KMS_SECRET_KEY is present
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
