Previously every Handler function was receiving the session token in the
form of a jwt string, in consequence every time we want to access the
encrypted claims of the jwt we needed to run a decryption process,
additionally we were decrypting the jwt twice, first at the session
validation then inside each handler function, this was also causing a
lot of using related to the merge between m3 and mcs
What changed:
Now we validate and decrypt the jwt once in `configure_mcs.go`, this
works for both, mcs (console) and operator sessions, and then pass the
decrypted claims to all the functions that need it, so no further token
validation or decryption is need it.
This PR adds support to connect MCS to minio instances running TLS with
self-signed certificates or certificates signed by custom
Certificate Authorities
```
export MCS_MINIO_SERVER_TLS_ROOT_CAS=file1,file2,file3
```
Note: TLS Skip Verification is not supported unless there's a clear need
for it
Uses same behavior as the Trace feature using websockets.
For displaying it on the UI it needed to handle colors
since the log message comes with unicode colors embbeded
on the message.
Also a special case when an error log comes needed to be handled
to show all sources of the error.
Trace Api uses websocket to send trace information, a
valid jwt token needs to be sent either on the header
or as a cookie of the ws request to start.
Three goroutines are needed to ensure communication
if read hearbeat fails all trace should stop by cancelling
the context. WaitGroups are needed to ensure all
goroutines finish gracefully.
adds new functionality for creating a service
account for a user, for this, an admin client
is created with the user credentials so that
the service account can be assigned to him.
This also updates to minio RELEASE.2020-04-28T23-56-56Z
This commit changes the authentication mechanism between mcs and minio to an sts
(security token service) schema using the user provided credentials, previously
mcs was using master credentials. With that said in order for you to
login to MCS as an admin your user must exists first on minio and have enough
privileges to do administrative operations.
```
./mc admin user add myminio alevsk alevsk12345
```
```
cat admin.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"admin:*",
"s3:*"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
./mc admin policy add myminio admin admin.json
```
```
./mc admin policy set myminio admin user=alevsk
```
updates code to be compatible with:
- github.com/minio/mc v0.0.0-20200415193718-68b638f2f96c
- github.com/minio/minio v0.0.0-20200415191640-bde0f444dbab
Note: admin_config api is patched temporarily now to
return the target configuration as a raw string due to the
changes done on minio.
Creation of reusable componentes for mcs:
- ModalWrapper => Modal box component with MinIO styles
- InputBoxWrapper => Input box component with MinIO styles
- RadioGroupSelector => Component that generates a Radio Group Selector combo with the requested options and MinIO styles
Implementation of these new components in users creation / edit components
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
* Added structure to swagger
* Added updateUserGroups handlers
* Updated return definition for user groups.
* Logic rewrite
* Removed logs
* Added some tests to updateUserGroups
* lint fix
* Updated tests for the new API
* Lint
* Added comment about why we are setting this groups individually. & more lint fixes
* Updated tests page
* Added more tests & fixed comments for PR
* Lint utils file
* Fixed import orders
* Changed import order
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
* Implementation of RemoveUser from madmin
* Added removeUser structure.
* Added removeUserResponse actions
* Added delete API to swagger
* Added tests to removeUser functions
* Removed extra space at EOF
* Changed context to be a parameter in admin_users functions
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
adding secure middleware to enforce security headers, most
of the options can be configured via env variables
adding prefix for mcs env variables
adding http redirect to https, adding csp report only, etc
solving conflicts
passing tls port configured by cli to secure middleware
update go.sum
adding default port, tlsport, host and tlshostname
fix tlsport bug
