Similar to MinIO now it's possible to configure webhooks to log all
triggered errors and incomming requests via env variables:
```
CONSOLE_LOGGER_WEBHOOK_ENABLE_<ID>
CONSOLE_LOGGER_WEBHOOK_ENDPOINT_<ID>
CONSOLE_LOGGER_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_KEY_<ID>
CONSOLE_LOGGER_WEBHOOK_QUEUE_SIZE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENABLE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENDPOINT_<ID>
CONSOLE_AUDIT_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_AUDIT_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_AUDIT_WEBHOOK_QUEUE_SIZE_<ID>
```
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Previously any user with a validate session in console could query the
`/api/v1/logs/search` endpoint which was not ideal, now we are
limiting that to users with the `admin:OBDInfo` iam action
- Removing deprecated `has-permission` endpoint and backend code
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This PR includes many fixes and refactors for oauth2 authentication and
login endpoints, ie:
- Invalid login returns `403` instead of `500` error
- Removed the session token from console/operator `user credentials
login`, `oauth flow login` and `change-password` api responses
- Removed session token from localStorage
- Added styles for oauth_callback page and display more descriptive
errors for debugging
- Success logins returns `204` instead of `200`
- Removed unused swagger apis and code from both, operator and console
projects
- Operator `Oauth2` login flow was not validating anything, now it does
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Update operator dependency
- Don't store policy on session token, instead obtain it during session
validation
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- enhance logging throughout the codebase
- all packages at pkg/ should never log
or perform log.Fatal() instead packages
should return errors through functions.
- simplified various user, group mapping
and removed redundant functions.
- deprecate older flags like --tls-certificate
--tls-key and --tls-ca as we do not use
them anymore, keep them for backward compatibility
for some time.
* Added refresh tenant functionality
add icon to Users page to change password
commit work to date to github for ongoing use
add modal with fields for current and new password on icon click
missing swagger files
remove unneeded files
move changeUserPassword to admin_api, remove field for current password,
include selected user
Please enter the commit message for your changes. Lines starting
added missing js files
asset and function signature
formatting changes
* fixed lint
* removed Current Password field, returned Groups label, added
selectedUser to modal text
* disabled save button if newPasssword and reNewPassword don't match, removed commented out code
* Added refresh tenant functionality
add icon to Users page to change password
commit work to date to github for ongoing use
add modal with fields for current and new password on icon click
missing swagger files
remove unneeded files
move changeUserPassword to admin_api, remove field for current password,
include selected user
Please enter the commit message for your changes. Lines starting
added missing js files
asset and function signature
formatting changes
* removed Current Password field, returned Groups label, added
selectedUser to modal text
* changed Swagger parameters to camel case
Co-authored-by: Jill <jill@minio.io>
User secret key is not really need it to be stored inside the encrypted
session key, since the `change-password` endpoint requires the user to
provide the current `secret key` that password will be used to
initialize a new minio client then we will leverage on the
`SetUser` operation, this api only works with actual user credentials
and not sts credentials
- Account change password endpoints
- Change account password modal
- Grouped account settings and service accounts
- Removed the SuperAdmin credentials from almost all places, only
missing place is Oauth login
- Renamed service-accounts UI labels to account in Menu
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
