most of our deployments use custom certificates, using DefaultClient
makes it virtually impossible to make share URL feature work.
this PR fixes this behavior in the implementation.
Bonus: re-use transports inside console, will add more changes to
take custom transport inputs in subsequent PR.
Share link duration is based on the token expiration,
this increases the IDP token expiration so the share link
is able to last longer, by using an env variable called
MINIO_STS_DURATION
Do not bother the user with an error if the IDP expiry is less than
900 seconds, since the S3 spec sets a minimum of 900 seconds for STS
expiration, use that minimum duration instead of returning an error
Co-authored-by: Anis Elleuch <anis@min.io>
Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
For registered clusters, after generating the Health Info report, Health Info is uploaded to Subnet, and latest metrics are visible in Subnet.
Authored-by: Jillian Inapurapu <jillii@Jillians-MBP.attlocal.net>
During SSO login, Console contacts MinIO server to generate new temporary credentials. When TLS is enabled, setting up a correct TLS certificate is something that needs to be done correctly by the user. However, recently, we started to skip the TLS verification when Console talks to MinIO server using a loopback address, but we missed the case of Console generating temporary credentials in case of IDP. This commit will get the configured MinIO server url to decide if the STS call needs to skip the TLS verification or not.
Co-authored-by: Anis Elleuch <anis@min.io>
This is a regression from 118cf97e1d when
env var support for passing console configuration from MinIO was
removed.
This change ensures that all MinIO nodes in a cluster are able to verify
state tokens generated by other nodes in the cluster. Without this, it
is necessary to use sticky sessions in a loadbalancer to ensure that
OIDC authorization code login flow steps for a client happens on the
same minio node.
Fixes https://github.com/minio/minio/issues/15527
* Allow multiple IDPs config to be passed via struct
* This removes support for ENV based IDP configuration for console
* Ensure default scopes are used if none are given
* Add display name field for provider config
- Added flag CONSOLE_OBJECT_BROWSER_ONLY=on to trigger between console mode & Object Browser only
- Hidden not necessary buttons for object browse
- STS Login
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
- remove the use of encodeURI and encodeURIComponent functions and
instead use encodeFileName and decodeFileName functions
- support for users with special characters
- support for users with special characters
- support for users with special characters
- fixed incorrectly group list display for policies
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Similar to MinIO now it's possible to configure webhooks to log all
triggered errors and incomming requests via env variables:
```
CONSOLE_LOGGER_WEBHOOK_ENABLE_<ID>
CONSOLE_LOGGER_WEBHOOK_ENDPOINT_<ID>
CONSOLE_LOGGER_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_LOGGER_WEBHOOK_CLIENT_KEY_<ID>
CONSOLE_LOGGER_WEBHOOK_QUEUE_SIZE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENABLE_<ID>
CONSOLE_AUDIT_WEBHOOK_ENDPOINT_<ID>
CONSOLE_AUDIT_WEBHOOK_AUTH_TOKEN_<ID>
CONSOLE_AUDIT_WEBHOOK_CLIENT_CERT_<ID>
CONSOLE_AUDIT_WEBHOOK_QUEUE_SIZE_<ID>
```
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
