- fixing encryption page styles
- removing extra fields on gemalto configuration
- backend endpoints for tenant identity provider details
- force restart tenant pods when identity provider configuration change
- force restart tenant pods when tls certificates change
- existing tls secrets are not deleted from tenant namespace, just removed from the tenant
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
This PR adds a whitelist of safe files to download with
`Content-Disposition: inline;` from the backend, all other files will be
force download via `Content-Disposition: attachment;` existing svg files
will still be rendered in a secure way via the html `image` tag.
reference: https://digi.ninja/blog/svg_xss.php
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Removed old registration flow
- Add support for new online and offline cluster registration flow
- Support login accounts with mfa enabled
- Registration screens
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
* Added Prometheus monitoring CPU and memory selector.
* Minor text fixes
* Fixed memory units, improvements to get return
* Updated logic to add storageClassName to get response
* Minor fixes, removed warnings
* Removed blank entry for empty storageclassname
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
* Configure tenant monitoring tab rework on new branch
* Removed unneeded code
* Fixed empty value bug
* rebased to master
* Configure tenant monitoring tab rework on new branch
* Removed unneded imports, commented lines
* Removed endpoints.go
* Rebased to master and modified to work without endpoints.go
* Removed unused function
Currently we are using empty string as storage class for postgre and
prometheus pods when the user does not provide any value. However any
empty value as storage class has a special meaning in Kubernetes:
```
If storageClassName is set to an empty string ('') in the PVC, no
storage class will be used (i.e.; dynamic provisioning is disabled for
this PVC)
Existing, “Available”, PVs (that do not have a specified storageClassName)
will be considered for binding to the PVC.
```
This commit will avoid setting the storage class in the PVC declaration,
so the default storage class will be used.
- Some menu options were not showing even if the user has access to
perform the operations (IAM Policies)
- Deleted unecessary backend endpoints.go logic, instead using
SecureComponent to validate application routes and Menu options
rendering
- All the logic related to routes and permissions is now in the
permissions.ts file
- Added SecureComponent to List Users page
- Separated Menu options and routing logic for AdminConsole and
OperatorConsole
- Tools are hidden if user don't have access to them or MinIO is running
in fs mode (heal, audit log, etc
- Hide change-password button if user don't have access
- Hide create user button if user don't have access
- fixed some bugs when ldap/oidc is enabled
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
To enable this feature you need `CONSOLE_IDP_CALLBACK_DYNAMIC=on`
```
export CONSOLE_IDP_URL=https://gitlab.com/.well-known/openid-configuration
export CONSOLE_IDP_CLIENT_ID="b0088c3836bb029393942f71ed7c8ac0add7f0856e6c86e67b0ff98f85c48658"
export CONSOLE_IDP_SECRET="ed72087b37624e89816ac27c1355420902045274edd7baad2ae29b1b0e8436fe"
export CONSOLE_IDP_SCOPES="openid,profile,email"
export CONSOLE_IDP_USERINFO="on"
export CONSOLE_IDP_CALLBACK_DYNAMIC=on
console srv
```
if this becomes a common practice, we should enable this as default in future.
This PR includes many fixes and refactors for oauth2 authentication and
login endpoints, ie:
- Invalid login returns `403` instead of `500` error
- Removed the session token from console/operator `user credentials
login`, `oauth flow login` and `change-password` api responses
- Removed session token from localStorage
- Added styles for oauth_callback page and display more descriptive
errors for debugging
- Success logins returns `204` instead of `200`
- Removed unused swagger apis and code from both, operator and console
projects
- Operator `Oauth2` login flow was not validating anything, now it does
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
