- Removed old registration flow
- Add support for new online and offline cluster registration flow
- Support login accounts with mfa enabled
- Registration screens
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Added Edit option for replication
- Sorted by priority in replication list
- Fixed an issue where storage class was not saved for replication rule
- Added metadata replication selector to both add & edit windows
Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
- Previously any user with a validate session in console could query the
`/api/v1/logs/search` endpoint which was not ideal, now we are
limiting that to users with the `admin:OBDInfo` iam action
- Removing deprecated `has-permission` endpoint and backend code
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Some menu options were not showing even if the user has access to
perform the operations (IAM Policies)
- Deleted unecessary backend endpoints.go logic, instead using
SecureComponent to validate application routes and Menu options
rendering
- All the logic related to routes and permissions is now in the
permissions.ts file
- Added SecureComponent to List Users page
- Separated Menu options and routing logic for AdminConsole and
OperatorConsole
- Tools are hidden if user don't have access to them or MinIO is running
in fs mode (heal, audit log, etc
- Hide change-password button if user don't have access
- Hide create user button if user don't have access
- fixed some bugs when ldap/oidc is enabled
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
* Fixed share/download object regression
* Adding tests for computeObjectURLWithoutEncode function
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Policy listing in the Audit list tab was not displaying all the policies
with access to the current bucket
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Currently console only support "aws:username" as the
most basic variable for policy evaluation. This PR
extends this to add all the possible combinations
possible.
This includes all `jwt:*` and `ldap:*`
- Make Users & Policies clickeable only if user has permissions to view
in bucket page
- Add SecureComponent to policy detail page: api calls, menu options,
raw policy editor, etc.
- Add missing click action to groups in policy detail page
- Fix NPE in list groups for policy endpoint
- Added SecureComponent to ListPolicies page
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
To enable this feature you need `CONSOLE_IDP_CALLBACK_DYNAMIC=on`
```
export CONSOLE_IDP_URL=https://gitlab.com/.well-known/openid-configuration
export CONSOLE_IDP_CLIENT_ID="b0088c3836bb029393942f71ed7c8ac0add7f0856e6c86e67b0ff98f85c48658"
export CONSOLE_IDP_SECRET="ed72087b37624e89816ac27c1355420902045274edd7baad2ae29b1b0e8436fe"
export CONSOLE_IDP_SCOPES="openid,profile,email"
export CONSOLE_IDP_USERINFO="on"
export CONSOLE_IDP_CALLBACK_DYNAMIC=on
console srv
```
if this becomes a common practice, we should enable this as default in future.
This PR includes many fixes and refactors for oauth2 authentication and
login endpoints, ie:
- Invalid login returns `403` instead of `500` error
- Removed the session token from console/operator `user credentials
login`, `oauth flow login` and `change-password` api responses
- Removed session token from localStorage
- Added styles for oauth_callback page and display more descriptive
errors for debugging
- Success logins returns `204` instead of `200`
- Removed unused swagger apis and code from both, operator and console
projects
- Operator `Oauth2` login flow was not validating anything, now it does
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
