- fix: create tenant from operator-ui was broken due to migration from
standalone console to embedded console
- fix: refresh, activate and attach license in subscription page was
broken
- fix: tenant usage report in operator-ui
- fix: show tenant encryption enabled if MINIO_KMS_SECRET_KEY is present
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
- Added support for MinIO configuration file
- fix: tenant deployment with oidc integration
- fix: tenant deployment with ldap integration
- fix: certificate parsing for domains and IP addresses on security tab
- fix: console certificate upload was not working
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
Security Tab allow users to set various configurations related to TLS
certificates for MinIO and Console
- Enable/Disable AutoCert
- Add/Delete MinIO and Console Certificates
- Add/Delete MinIO and Console CA Certificates
Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
all libraries in pkg/* should never be called Fatal()
internally, the console is imported now and it is important
that the failure logging etc is all well controlled.
Bonus: update to latest minio/pkg v1.0.6 to get trial
customer license verification fixes.
- fixed issue when deploying tenant with tls disabled
- applied new design for tenant details and license screens
- added license refresh job to operator console
- added new refresh license endpoint
- console operator not longer store CONSOLE_ACCESS_KEY and
CONSOLE_SECRET_KEY values in the tenant-console-secret
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
* Upgrade to Go 1.16. Remove Go-Bind-assets in favor of embed. Checking Portal-UI Build folder.
* lint
* Remove assets references
* Fixes for sub fs
* Fix lint
iam/policies now support wildcard actions for
all actions such as 's3:Get*', 's3:Put*'
new policies such as CreateBucket now honors
LocationConstraint set but rejecting calls
that do not honor region.
Implemented Log Search API & Prometheus functionality in console, also fixed minor issues in all the platform
Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
* Move heal and watch to tenant details view on operator-ui
* TLS skip verify in wss/watch endpoint
Use insecure: true in the meantime so the wss/watch endpoint works while
we add support for custotm TLS transport in the S3 client library.
Removed "InsecureSkipVerify: true" from s3AdminClient and s3Client HTTP clients
- We preserve the insecure parameter in the `newS3Config` and `NewAdminClientWithInsecure` functions for debugging and testing purposes.
- By default InsecureSkipVerify is false, therefore in order for Operator-Console to verify the TLS connections to MinIO tenants with self-signed certificates it requires the `ca.crt` or the `public.crt` of the tenant to exists under `~/.console/certs/CAs` which is the right way to do it.
Co-authored-by: Cesar Nieto <ces.nietor@gmail.com>
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
Use insecure: true in the meantime so the wss/watch endpoint works while
we add support for custotm TLS transport in the S3 client library.
Removed "InsecureSkipVerify: true" from s3AdminClient and s3Client HTTP clients
- If MinIO is configured with LDAP then users and groups are external, and
the credentials provided in the CONSOLE_ACCESS_KEY and
CONSOLE_SECRET_KEY env vars will belong to an existing user in the active
directory, therefore we need to authenticate first with
`credentials.NewLDAPIdentity`
- Fixed race condition bug in which TLS RootCAs certs were not loading
correctly (certPool was always null)
- Fixed TLS bug in which if Console was deployed without TLS enabled
RootCAs certs were not loading
- Initialize LDAP Admin credentials once
- Initialize stsClient once
- update operator version to latest version
- create tenant endpoint now supports multiple TLS certificates for
MinIO TLS configuration
- update certificates endpoint now support multiple TLS certificates
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
Supports single and multiple objects which needs to be defined by recursive flag.
An object to be deleted needs to be defined by a query parameter, path, since it can be
an object or a folder.
