Currently console only support "aws:username" as the
most basic variable for policy evaluation. This PR
extends this to add all the possible combinations
possible.
This includes all `jwt:*` and `ldap:*`
- Update operator dependency
- Don't store policy on session token, instead obtain it during session
validation
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
this update fixes dropping valid statements
as duplicates during iampolicy.ParseConfig()
fixes situations when users have overlapping
policies, then server should apply both
policies together.
- Update transport to use the same from Console in IDP Auth
- Validate provided idp URL
Co-authored-by: Harshavardhana <harsha@minio.io>
Signed-off-by: Ricardo Katz <rkatz@vmware.com>
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Co-authored-by: Ricardo Katz <rkatz@vmware.com>
Co-authored-by: Harshavardhana <harsha@minio.io>
With support for GitLab OpenID service,
we need to make sure to support userInfo
endpoint for this MinIO server requires that
access_token is additionally sent along with
id_token as before to make sure we can fetch
additional claims from /userinfo endpoint.
This PR brings support on console for this
feature.
Refer https://github.com/minio/minio/pull/12469
This PR fixes two bugs one is
- incorrect termination of the HTTP connections
when the resource URL path is `/`, since `/`
doesn't exist we should never call h.ServeHTTP()
instead should be directly served from public assets.
- add SSLHostFunc() such that if the Hostname is empty
redirection is not empty and this value is handled
properly when redirecting from 9090 to 9443.
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
- fix: create tenant from operator-ui was broken due to migration from
standalone console to embedded console
- fix: refresh, activate and attach license in subscription page was
broken
- fix: tenant usage report in operator-ui
- fix: show tenant encryption enabled if MINIO_KMS_SECRET_KEY is present
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Added support for MinIO configuration file
- fix: tenant deployment with oidc integration
- fix: tenant deployment with ldap integration
- fix: certificate parsing for domains and IP addresses on security tab
- fix: console certificate upload was not working
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Security Tab allow users to set various configurations related to TLS
certificates for MinIO and Console
- Enable/Disable AutoCert
- Add/Delete MinIO and Console Certificates
- Add/Delete MinIO and Console CA Certificates
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
all libraries in pkg/* should never be called Fatal()
internally, the console is imported now and it is important
that the failure logging etc is all well controlled.
Bonus: update to latest minio/pkg v1.0.6 to get trial
customer license verification fixes.
- fixed issue when deploying tenant with tls disabled
- applied new design for tenant details and license screens
- added license refresh job to operator console
- added new refresh license endpoint
- console operator not longer store CONSOLE_ACCESS_KEY and
CONSOLE_SECRET_KEY values in the tenant-console-secret
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
* Upgrade to Go 1.16. Remove Go-Bind-assets in favor of embed. Checking Portal-UI Build folder.
* lint
* Remove assets references
* Fixes for sub fs
* Fix lint
iam/policies now support wildcard actions for
all actions such as 's3:Get*', 's3:Put*'
new policies such as CreateBucket now honors
LocationConstraint set but rejecting calls
that do not honor region.
Implemented Log Search API & Prometheus functionality in console, also fixed minor issues in all the platform
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
