mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
806 Commits 11 Branches 205 Tags
410b4555e38165abf6808d3fe5145d7060057fb9
Commit Graph

7 Commits

Author SHA1 Message Date
Lenin Alevski
410b4555e3 Refactor session token (#1109) 
- Update operator dependency
- Don't store policy on session token, instead obtain it during session
  validation

Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
 2021-10-12 21:25:02 -07:00
Lenin Alevski
c48a024310 Remove user secret key from encrypted session token (#652) 
User secret key is not really need it to be stored inside the encrypted
session key, since the `change-password` endpoint requires the user to
provide the current `secret key` that password will be used to
initialize a new minio client then we will leverage on the
`SetUser` operation, this api only works with actual user credentials
and not sts credentials
 2021-03-18 10:27:27 -07:00
Alex
3617ff2aef Updated copyright year in all the files (#565) 
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
 2021-01-19 15:04:13 -08:00
Lenin Alevski
e2d86354fc Change Password support for Console (#457) 
- Account change password endpoints
- Change account password modal
- Grouped account settings and service accounts
- Removed the SuperAdmin credentials from almost all places, only
  missing place is Oauth login
- Renamed service-accounts UI labels to account in Menu

Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
 2020-12-07 15:11:08 -08:00
Lenin Alevski
f6ac7e047e Invalidate console session when minio user doesn't exists (#332) 2020-10-19 15:32:21 -07:00
Lenin Alevski
f880e3976f encrypt token session using aes-gcm if cpu support it or ChaCha20 (#248) 
Harsha's improvement to use binary encoding instead of json encoding
 2020-08-18 12:42:13 -07:00
Lenin Alevski
ee8242d72a TLS with user provided certificates and KES support for MinIO (#213) 
This PR adds the following features:

- Allow user to provide its own keypair certificates for enable TLS in
  MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
  encrypted session tokens

Enable TLS between client and MinIO with user provided certificates

Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`

Enable encryption at rest configuring KES

User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.

eg of body request for create-tenant

```
{
    "name": "honeywell",
    "access_key": "minio",
    "secret_key": "minio123",
    "enable_mcs": false,
    "enable_ssl": false,
    "service_name": "honeywell",
    "zones": [
        {
            "name": "honeywell-zone-1",
            "servers": 1,
            "volumes_per_server": 4,
            "volume_configuration": {
                "size": 256000000,
                "storage_class": "vsan-default-storage-policy"
            }
        }
    ],
    "namespace": "default",
    "tls": {
      "tls.crt": "",
      "tls.key": ""
    },
    "encryption": {
        "server": {
          "tls.crt": "",
          "tls.key": ""
        },
        "client": {
          "tls.crt": "",
          "tls.key": ""
        },
      "vault": {
        "endpoint": "http://vault:8200",
        "prefix": "",
        "approle": {
          "id": "",
          "secret": ""
        }
      }
    }
}
```
 2020-07-30 17:49:56 -07:00