- Update operator dependency
- Don't store policy on session token, instead obtain it during session
validation
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Update transport to use the same from Console in IDP Auth
- Validate provided idp URL
Co-authored-by: Harshavardhana <harsha@minio.io>
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Co-authored-by: Ricardo Katz <rkatz@vmware.com>
Co-authored-by: Harshavardhana <harsha@minio.io>
With support for GitLab OpenID service,
we need to make sure to support userInfo
endpoint for this MinIO server requires that
access_token is additionally sent along with
id_token as before to make sure we can fetch
additional claims from /userinfo endpoint.
This PR brings support on console for this
feature.
Refer https://github.com/minio/minio/pull/12469
- fix: create tenant from operator-ui was broken due to migration from
standalone console to embedded console
- fix: refresh, activate and attach license in subscription page was
broken
- fix: tenant usage report in operator-ui
- fix: show tenant encryption enabled if MINIO_KMS_SECRET_KEY is present
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Embedded console was ignoring values set by CONSOLE_PBKDF_PASSPHRASE and
CONSOLE_PBKDF_SALT for generating new session tokens, derivedKey is used
to encrypt/decrypt session tokens generated by console
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
x/oauth2 always wants a context with a custom http client embedded
when performing various requests. Ensure that the custom http client is
passed when requesting for a token.
Security Tab allow users to set various configurations related to TLS
certificates for MinIO and Console
- Enable/Disable AutoCert
- Add/Delete MinIO and Console Certificates
- Add/Delete MinIO and Console CA Certificates
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
all libraries in pkg/* should never be called Fatal()
internally, the console is imported now and it is important
that the failure logging etc is all well controlled.
Bonus: update to latest minio/pkg v1.0.6 to get trial
customer license verification fixes.
Read-only file-system, ie: when console is running as container in kubernetes, was
preventing console to run because of an error during creating
directories
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- enhance logging throughout the codebase
- all packages at pkg/ should never log
or perform log.Fatal() instead packages
should return errors through functions.
- simplified various user, group mapping
and removed redundant functions.
- deprecate older flags like --tls-certificate
--tls-key and --tls-ca as we do not use
them anymore, keep them for backward compatibility
for some time.
- fixed issue when deploying tenant with tls disabled
- applied new design for tenant details and license screens
- added license refresh job to operator console
- added new refresh license endpoint
- console operator not longer store CONSOLE_ACCESS_KEY and
CONSOLE_SECRET_KEY values in the tenant-console-secret
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
User secret key is not really need it to be stored inside the encrypted
session key, since the `change-password` endpoint requires the user to
provide the current `secret key` that password will be used to
initialize a new minio client then we will leverage on the
`SetUser` operation, this api only works with actual user credentials
and not sts credentials
