Release v0.10.3 (#1098 )

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
fix: broken STS Sessions with large policies (#1096 )
2021-10-05 13:00:12 -07:00 · 2021-10-04 14:25:00 -07:00 · 2021-09-30 09:25:34 -07:00 · 2021-09-28 16:36:59 -07:00 · 2021-09-28 16:28:02 -07:00 · 2021-09-28 16:23:25 -07:00
1540 changed files with 277911 additions and 50078 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,7 @@
 node_modules/
 dist/
 target/
-mcs
-!mcs/
+console
+!console/
 portal-ui/node_modules/
+.git/
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,52 +0,0 @@
-name: "Code scanning - action"
-
-on:
-  push:
-  pull_request:
-  schedule:
-    - cron: '0 19 * * 0'
-
-jobs:
-  CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-      
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/compiles.yml
+++ b/.github/workflows/compiles.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Compiles on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
--- a/.github/workflows/crosscompile-1.yml
+++ b/.github/workflows/crosscompile-1.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Cross compile
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make crosscompile arg1="'linux/ppc64le linux/mips64'"
--- a/.github/workflows/crosscompile-2.yml
+++ b/.github/workflows/crosscompile-2.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Cross compile
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make crosscompile arg1="'linux/arm64 linux/s390x'"
--- a/.github/workflows/crosscompile-3.yml
+++ b/.github/workflows/crosscompile-3.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Cross compile
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make crosscompile arg1="'darwin/amd64 freebsd/amd64'"
--- a/.github/workflows/crosscompile-4.yml
+++ b/.github/workflows/crosscompile-4.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Cross compile
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make crosscompile arg1="'windows/amd64 linux/arm'"
--- a/.github/workflows/crosscompile-5.yml
+++ b/.github/workflows/crosscompile-5.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Cross compile
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make crosscompile arg1="'linux/386 netbsd/amd64'"
--- a/.github/workflows/go-test-pkg.yml
+++ b/.github/workflows/go-test-pkg.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Test Pkg on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make test-pkg
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -3,18 +3,18 @@ name: Go
 on:
  pull_request:
    branches:
-    - master
+      - master
  push:
    branches:
-    - master
+      - master

 jobs:
  build:
-    name: Test on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+    name: Test Restapi on Go ${{ matrix.go-version }} and ${{ matrix.os }}
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.13.x, 1.14.x]
+        go-version: [1.16.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
@@ -31,6 +31,4 @@ jobs:
          GO111MODULE: on
          GOOS: linux
        run: |
-          make verifiers
          make test
-          make mcs
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -0,0 +1,39 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Integration Tests with Latest Distributed MinIO
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+          CGO_ENABLED: 0
+        run: |
+          wget -O /tmp/minio https://dl.minio.io/server/minio/release/linux-amd64/minio
+          chmod +x /tmp/minio
+          mkdir -p /tmp/certs-dir
+          /tmp/minio server --quiet -S /tmp/certs-dir /tmp/fs{1...4} &
+          go test github.com/minio/console/integration/...
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,34 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Checking Lint
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [1.16.x]
+        os: [ubuntu-latest]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make verifiers
--- a/.github/workflows/react.yml
+++ b/.github/workflows/react.yml
@@ -0,0 +1,15 @@
+name: "React Tests"
+on:
+  push:
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install modules
+        working-directory: ./portal-ui
+        run: yarn
+      - name: Run tests
+        working-directory: ./portal-ui
+        run: yarn test
--- a/.gitignore
+++ b/.gitignore
@@ -19,11 +19,15 @@ vendor/

 # Ignore executables
 target/
-mcs
-!mcs/
+console
+!console/

 dist/

+# Ignore node_modules
+
+portal-ui/node_modules/
+
 # Ignore tls cert and key
 private.key
 public.crt
@@ -31,4 +35,5 @@ public.crt
 # Ignore VsCode files
 .vscode/
 *.code-workspace
-*~
+*~
+.eslintcache
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -12,7 +12,7 @@ linters:
    - goimports
    - misspell
    - govet
-    - golint
+    - revive
    - ineffassign
    - gosimple
    - deadcode
@@ -21,8 +21,18 @@ linters:
    - structcheck

 service:
-  golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly

+issues:
+  exclude-use-default: false
+  exclude:
+      - should have a package comment
+      # TODO(y4m4): Remove once all exported ident. have comments!      
+      - comment on exported function
+      - comment on exported type
+      - should have comment
+      - use leading k in Go names
+      - comment on exported const
 run:
  skip-dirs:
    - pkg/clientgen
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,75 +1,195 @@
 # This is an example goreleaser.yaml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
-project_name: mcs
+project_name: console
+
+release:
+   name_template: "Release version {{.Tag}}"
+   github:
+    owner: minio
+    name: console
+   extra_files:
+     - glob: "*.minisig"

 before:
  hooks:
    # you may remove this if you don't use vgo
    - go mod tidy
+
 builds:
  -
    goos:
-      - freebsd
-      - windows
      - linux
      - darwin
+      - windows
    goarch:
      - amd64
+      - ppc64le
+      - s390x
      - arm64
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+
    env:
      - CGO_ENABLED=0
-    main: ./cmd/mcs/
+
+    main: ./cmd/console/
+
    flags:
      - -trimpath
      - --tags=kqueue
+
    ldflags:
-      - -s -w -X github.com/minio/mcs/pkg.ReleaseTag={{.Tag}} -X github.com/minio/mcs/pkg.CommitID={{.FullCommit}} -X github.com/minio/mcs/pkg.Version={{.Version}} -X github.com/minio/mcs/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/mcs/pkg.ReleaseTime={{.Date}}
+      - -s -w -X github.com/minio/console/pkg.ReleaseTag={{.Tag}} -X github.com/minio/console/pkg.CommitID={{.FullCommit}} -X github.com/minio/console/pkg.Version={{.Version}} -X github.com/minio/console/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/console/pkg.ReleaseTime={{.Date}}
+
 archives:
  -
+    name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
+    format: binary
    replacements:
-      darwin: Darwin
-      linux: Linux
-      windows: Windows
-      freebsd: FreeBSD
-      amd64: x86_64
-    format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - README.md
-      - LICENSE
-checksum:
-  name_template: 'checksums.txt'
+      arm: arm
+
+signs:
+  -
+    signature: "${artifact}.minisig"
+    cmd: "sh"
+    args:
+      - '-c'
+      - 'minisign -s /media/${USER}/minio/minisign.key -Sm ${artifact} < /media/${USER}/minio/minisign-passphrase'
+    artifacts: all
+
 snapshot:
-  name_template: 'snapshot-{{ time "2006-01-02" }}'
+  name_template: v0.0.0@{{.ShortCommit}}
+
 changelog:
  sort: asc
-  filters:
-    exclude:
-      - '^docs:'
-      - '^test:'
+
 nfpms:
  -
-    vendor: MinIO Inc.
-    homepage: https://github.com/minio/mcs
-    maintainer: MinIO <minio@minio.io>
+    vendor: MinIO, Inc.
+    homepage: https://github.com/minio/console
+    maintainer: MinIO Development <dev@min.io>
    description: MinIO Console Server
    license: GNU Affero General Public License v3.0
    formats:
      - deb
      - rpm
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      freebsd: FreeBSD
-      amd64: x86_64
+    contents:
+      # Basic file that applies to all packagers
+      - src: systemd/console.service
+        dst: /etc/systemd/system/minio-console.service
+
 dockers:
-  -
-    # GOOS of the built binary that should be used.
-    goos: linux
-    # GOARCH of the built binary that should be used.
-    goarch: amd64
-    dockerfile: Dockerfile.release
-    image_templates:
-      - "minio/mcs:{{ .Tag }}"
-      - "minio/mcs:latest"
+- image_templates:
+  - "minio/console:{{ .Tag }}-amd64"
+  use: buildx
+  goarch: amd64
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/amd64"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "minio/console:{{ .Tag }}-ppc64le"
+  use: buildx
+  goarch: ppc64le
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/ppc64le"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "minio/console:{{ .Tag }}-s390x"
+  use: buildx
+  goarch: s390x
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/s390x"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "minio/console:{{ .Tag }}-arm64"
+  use: buildx
+  goarch: arm64
+  goos: linux
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/arm64"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "quay.io/minio/console:{{ .Tag }}-amd64"
+  use: buildx
+  goarch: amd64
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/amd64"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "quay.io/minio/console:{{ .Tag }}-ppc64le"
+  use: buildx
+  goarch: ppc64le
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/ppc64le"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "quay.io/minio/console:{{ .Tag }}-s390x"
+  use: buildx
+  goarch: s390x
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/s390x"
+  - "--build-arg=TAG={{ .Tag }}"
+- image_templates:
+  - "quay.io/minio/console:{{ .Tag }}-arm64"
+  use: buildx
+  goarch: arm64
+  goos: linux
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/arm64"
+  - "--build-arg=TAG={{ .Tag }}"
+docker_manifests:
+- name_template: minio/console:{{ .Tag }}
+  image_templates:
+  - minio/console:{{ .Tag }}-amd64
+  - minio/console:{{ .Tag }}-arm64
+  - minio/console:{{ .Tag }}-ppc64le
+  - minio/console:{{ .Tag }}-s390x
+- name_template: quay.io/minio/console:{{ .Tag }}
+  image_templates:
+  - quay.io/minio/console:{{ .Tag }}-amd64
+  - quay.io/minio/console:{{ .Tag }}-arm64
+  - quay.io/minio/console:{{ .Tag }}-ppc64le
+  - quay.io/minio/console:{{ .Tag }}-s390x
+- name_template: minio/console:latest
+  image_templates:
+  - minio/console:{{ .Tag }}-amd64
+  - minio/console:{{ .Tag }}-arm64
+  - minio/console:{{ .Tag }}-ppc64le
+  - minio/console:{{ .Tag }}-s390x
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,7 +20,7 @@ make swagger-gen

 This will update all the necessary code.

-`./restapi/configure_mcs.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.

 ## Unit Tests
 `./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
@@ -47,7 +47,7 @@ $ git push origin my-new-feature
 Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.

 ## FAQs
-### How does ``mcs`` manages dependencies?
+### How does ``console`` manages dependencies?
 ``MinIO`` uses `go mod` to manage its dependencies.
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.

@@ -55,5 +55,5 @@ To remove a dependency
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.

-### What are the coding guidelines for mcs?
-``mcs`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+### What are the coding guidelines for console?
+``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
--- a/6552
+++ b/6552
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -1,4 +1,4 @@
-# LDAP authentication with MCS
+# LDAP authentication with Console

 ## Setup

@@ -11,44 +11,11 @@ $ docker run --rm -p 389:389 -p 636:636 --name my-openldap-container --detach os
 Run the `billy.ldif` file using `ldapadd` command to create a new user and assign it to a group.

 ```
-$ cat > billy.ldif << EOF
-# LDIF fragment to create group branch under root
-dn: uid=billy,dc=example,dc=org
-uid: billy
-cn: billy
-sn: 3
-objectClass: top
-objectClass: posixAccount
-objectClass: inetOrgPerson
-loginShell: /bin/bash
-homeDirectory: /home/billy
-uidNumber: 14583102
-gidNumber: 14564100
-userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
-mail: billy@example.org
-gecos: Billy User
-# Create base group
-dn: ou=groups,dc=example,dc=org
-objectclass:organizationalunit
-ou: groups
-description: generic groups branch
-# create mcsAdmin group (this already exists on minio and have a policy of s3::*)
-dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
-objectClass: top
-objectClass: posixGroup
-gidNumber: 678
-# Assing group to new user
-dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
-changetype: modify
-add: memberuid
-memberuid: billy
-EOF
-
-$ docker cp billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
-$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ
+$ docker cp console/docs/ldap/billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
+$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost
 ```

-Query the ldap server to check the user billy was created correctly and got assigned to the mcsAdmin group, you should get a list 
+Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list 
 containing ldap users and groups.

 ```
@@ -73,9 +40,9 @@ Re-enter new password:
 Enter LDAP Password:
 ```

-### Add the mcsAdmin policy to user billy on MinIO
+### Add the consoleAdmin policy to user billy on MinIO
 ```
-$ cat > mcsAdmin.json << EOF
+$ cat > consoleAdmin.json << EOF
 {
  "Version": "2012-10-17",
  "Statement": [
@@ -99,8 +66,8 @@ $ cat > mcsAdmin.json << EOF
  ]
 }
 EOF
-$ mc admin policy add myminio mcsAdmin mcsAdmin.json
-$ mc admin policy set myminio mcsAdmin user=billy
+$ mc admin policy add myminio consoleAdmin consoleAdmin.json
+$ mc admin policy set myminio consoleAdmin user="uid=billy,dc=example,dc=org"
 ```

 ## Run MinIO
@@ -116,12 +83,9 @@ export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on
 ./minio server ~/Data
 ```

-## Run MCS
+## Run Console

 ```
-export MCS_ACCESS_KEY=minio
-export MCS_SECRET_KEY=minio123
-...
-export MCS_LDAP_ENABLED=on
-./mcs server
+export CONSOLE_LDAP_ENABLED=on
+./console server
 ```
--- a/38
+++ b/38
@@ -1,26 +1,42 @@
-FROM golang:1.13
+FROM node:10 as uilayer
+
+WORKDIR /app
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node
+
+FROM golang:1.16 as golayer

 RUN apt-get update -y && apt-get install -y ca-certificates

-ADD go.mod /go/src/github.com/minio/mcs/go.mod
-ADD go.sum /go/src/github.com/minio/mcs/go.sum
-WORKDIR /go/src/github.com/minio/mcs/
+ADD go.mod /go/src/github.com/minio/console/go.mod
+ADD go.sum /go/src/github.com/minio/console/go.sum
+WORKDIR /go/src/github.com/minio/console/

 # Get dependencies - will also be cached if we won't change mod/sum
 RUN go mod download

-ADD . /go/src/github.com/minio/mcs/
-WORKDIR /go/src/github.com/minio/mcs/
+ADD . /go/src/github.com/minio/console/
+WORKDIR /go/src/github.com/minio/console/

 ENV CGO_ENABLED=0

-RUN go build -ldflags "-w -s" -a -o mcs ./cmd/mcs
+COPY --from=uilayer /app/build /go/src/github.com/minio/console/portal-ui/build
+RUN go build -ldflags "-w -s" -a -o console ./cmd/console

-FROM scratch
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090

-COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=0 /go/src/github.com/minio/mcs/mcs .

-CMD ["/mcs"]
+COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=golayer /go/src/github.com/minio/console/console .
+
+ENTRYPOINT ["/console"]
--- a/Dockerfile.assets
+++ b/Dockerfile.assets
@@ -0,0 +1,13 @@
+FROM node:10 as uilayer
+
+WORKDIR /app
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node
--- a/Dockerfile.release
+++ b/Dockerfile.release
@@ -1,6 +1,23 @@
-FROM scratch
-MAINTAINER MinIO Development "dev@min.io"
-EXPOSE 9090
-COPY mcs /mcs
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4

-ENTRYPOINT ["/mcs"]
+ARG TAG
+
+COPY CREDITS /licenses/CREDITS
+COPY LICENSE /licenses/LICENSE
+
+LABEL name="MinIO" \
+      vendor="MinIO Inc <dev@min.io>" \
+      maintainer="MinIO Inc <dev@min.io>" \
+      version="${TAG}" \
+      release="${TAG}" \
+      summary="A graphical user interface for MinIO" \
+      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
+
+RUN \
+     microdnf update --nodocs && \
+     microdnf install ca-certificates --nodocs
+
+EXPOSE 9090
+COPY console /console
+
+ENTRYPOINT ["/console"]
--- a/60
+++ b/60
@@ -3,62 +3,80 @@ GOPATH := $(shell go env GOPATH)
 # Sets the build version based on the output of the following command, if we are building for a tag, that's the build else it uses the current git branch as the build
 BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
 BUILD_TIME:=$(shell date 2>/dev/null)
-TAG ?= "minio/m3:$(VERSION)-dev"
+TAG ?= "minio/console:$(BUILD_VERSION)-dev"

-default: mcs
+default: console

-.PHONY: mcs
-mcs:
-	@echo "Building mcs binary to './mcs'"
-	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o mcs ./cmd/mcs)
+.PHONY: console
+console:
+	@echo "Building Console binary to './console'"
+	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o console ./cmd/console)

 k8sdev:
 	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
 	@kind load docker-image $(TAG)
-	@echo "Done, now restart your mcs deployment"
+	@echo "Done, now restart your console deployment"

 getdeps:
 	@mkdir -p ${GOPATH}/bin
-	@which golangci-lint 1>/dev/null || (echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.27.0)
+	@which golangci-lint 1>/dev/null || (echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.40.1)

 verifiers: getdeps fmt lint

 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d restapi/
 	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/
+
+crosscompile:
+	@(env bash $(PWD)/cross-compile.sh $(arg1))

 lint:
 	@echo "Running $@ check"
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml

-install: mcs
-	@echo "Installing mcs binary to '$(GOPATH)/bin/mcs'"
-	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/mcs $(GOPATH)/bin/mcs
-	@echo "Installation successful. To learn more, try \"mcs --help\"."
+install: console
+	@echo "Installing console binary to '$(GOPATH)/bin/console'"
+	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
+	@echo "Installation successful. To learn more, try \"console --help\"."

-swagger-gen:
-	@echo "Generating swagger server code from yaml"
+swagger-gen: clean-swagger swagger-console swagger-operator
+	@echo "Done Generating swagger server code from yaml"
+
+clean-swagger:
+	@echo "cleaning"
 	@rm -rf models
 	@rm -rf restapi/operations
-	@swagger generate server -A mcs --main-package=mcs --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@rm -rf operatorapi/operations
+
+swagger-console:
+	@echo "Generating swagger server code from yaml"
+	@swagger generate server -A console --main-package=management --server-package=restapi --exclude-main -P models.Principal -f ./swagger-console.yml -r NOTICE
+
+swagger-operator:
+	@echo "Generating swagger server code from yaml"
+	@swagger generate server -A operator --main-package=operator --server-package=operatorapi --exclude-main -P models.Principal -f ./swagger-operator.yml -r NOTICE

 assets:
-	@(cd portal-ui; yarn install; make build-static; cd ..)
+	@(cd portal-ui; yarn install; make build-static; yarn prettier --write . --loglevel warn;  cd ..)

 test:
-	@(GO111MODULE=on go test -race -v github.com/minio/mcs/restapi/...)
-	@(GO111MODULE=on go test -race -v github.com/minio/mcs/pkg/...)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
+
+test-pkg:
+	@(GO111MODULE=on go test -race -v github.com/minio/console/pkg/...)

 coverage:
-	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/mcs/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)

 clean:
 	@echo "Cleaning up all the generated files"
 	@find . -name '*.test' | xargs rm -fv
 	@find . -name '*~' | xargs rm -fv
-	@rm -vf mcs
+	@rm -vf console

 docker:
 	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 This file is part of MinIO Console Server
-Copyright (c) 2020 MinIO, Inc.
+Copyright (c) 2021 MinIO, Inc.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by
--- a/README.md
+++ b/README.md
@@ -1,28 +1,83 @@
 # MinIO Console

+![build](https://github.com/minio/console/workflows/Go/badge.svg) ![license](https://img.shields.io/badge/license-AGPL%20V3-blue)
+
 A graphical user interface for [MinIO](https://github.com/minio/minio)

+| Dashboard                     | Creating a bucket             |
+| -------------                 | -------------                 |
+| ![Dashboard](images/pic1.png) | ![Dashboard](images/pic2.png) |

-| Dashboard  | Adding A User |
-| ------------- | ------------- |
-| ![Dashboard](images/pic1.png)  | ![Dashboard](images/pic2.png) |
+<!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->
+**Table of Contents**
+
+- [MinIO Console](#minio-console)
+    - [Install](#install)
+        - [Binary Releases](#binary-releases)
+        - [Docker](#docker)
+        - [Build from source](#build-from-source)
+    - [Setup](#setup)
+        - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
+        - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
+        - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
+    - [Start Console service:](#start-console-service)
+    - [Start Console service with TLS:](#start-console-service-with-tls)
+    - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
+- [Contribute to console Project](#contribute-to-console-project)
+
+<!-- markdown-toc end -->
+
+## Install
+
+### Binary Releases
+
+| OS      | ARCH    | Binary                                                                                               |
+|:-------:|:-------:|:----------------------------------------------------------------------------------------------------:|
+| Linux   | amd64   | [linux-amd64](https://github.com/minio/console/releases/latest/download/console-linux-amd64)         |
+| Linux   | arm64   | [linux-arm64](https://github.com/minio/console/releases/latest/download/console-linux-arm64)         |
+| Linux   | ppc64le | [linux-ppc64le](https://github.com/minio/console/releases/latest/download/console-linux-ppc64le)     |
+| Linux   | s390x   | [linux-s390x](https://github.com/minio/console/releases/latest/download/console-linux-s390x)         |
+| Apple   | amd64   | [darwin-amd64](https://github.com/minio/console/releases/latest/download/console-darwin-amd64)       |
+| Windows | amd64   | [windows-amd64](https://github.com/minio/console/releases/latest/download/console-windows-amd64.exe) |
+
+You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/console/releases/latest) signature file. Then run:
+```
+minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
+```
+
+### Docker
+
+Pull the latest release via:
+```
+docker pull minio/console
+```
+
+### Build from source
+
+```
+GO111MODULE=on go install github.com/minio/console/cmd/console@latest
+```
+> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
+> Minimum version required is go1.16

 ## Setup

-All `mcs` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
+All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
+
 > Note: We don't recommend using MinIO's Operator Credentials

-1. Create a user for `mcs` using `mc`. 
-```
-$ set +o history
-$ mc admin user add myminio mcs YOURMCSSECRET
-$ set -o history
+### 1. Create a user `console` using `mc`
+
+```bash
+mc admin user add myminio/
+Enter Access Key: console
+Enter Secret Key: xxxxxxxx
 ```

-2. Create a policy for `mcs` with access to everything (for testing and debugging)
+### 2. Create a policy for `console` with admin access to all resources (for testing)

-```
-$ cat > mcsAdmin.json << EOF
+```sh
+cat > admin.json << EOF
 {
 	"Version": "2012-10-17",
 	"Statement": [{
@@ -45,19 +100,21 @@ $ cat > mcsAdmin.json << EOF
 	]
 }
 EOF
-$ mc admin policy add myminio mcsAdmin mcsAdmin.json
 ```

-3. Set the policy for the new `mcs` user
-
-```
-$ mc admin policy set myminio mcsAdmin user=mcs
+```sh
+mc admin policy add myminio/ consoleAdmin admin.json
 ```

+### 3. Set the policy for the new `console` user

-### Note
-Additionally, you can create policies to limit the privileges for `mcs` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+```sh
+mc admin policy set myminio consoleAdmin user=console
 ```
+
+> NOTE: Additionally, you can create policies to limit the privileges for other `console` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+
+```json
 {
 	"Version": "2012-10-17",
 	"Statement": [{
@@ -97,34 +154,69 @@ Additionally, you can create policies to limit the privileges for `mcs` users, f
 }
 ```

-## Run MCS server
-To run the server:
+## Start Console service:

-```
-export MCS_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
+Before running console service, following environment settings must be supplied
+```sh
+# Salt to encrypt JWT payload
+export CONSOLE_PBKDF_PASSPHRASE=SECRET

-#required to encrypt jwet payload
-export MCS_PBKDF_PASSPHRASE=SECRET
+# Required to encrypt JWT payload
+export CONSOLE_PBKDF_SALT=SECRET

-#required to encrypt jwet payload
-export MCS_PBKDF_SALT=SECRET
-
-export MCS_ACCESS_KEY=mcs
-export MCS_SECRET_KEY=YOURMCSSECRET
-export MCS_MINIO_SERVER=http://localhost:9000
-./mcs server
+# MinIO Endpoint
+export CONSOLE_MINIO_SERVER=http://localhost:9000
 ```

-## Connect MCS to a Minio using TLS and a self-signed certificate
+Now start the console service.
+```
+./console server
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090
+```
+
+By default `console` runs on port `9090` this can be changed with `--port` of your choice.
+
+## Start Console service with TLS:
+
+Copy your `public.crt` and `private.key` to `~/.console/certs`, then:
+
+```sh
+./console server
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://[::]:9090
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://[::]:9443
+```
+
+For advanced users, `console` has support for multiple certificates to service clients through multiple domains.
+
+Following tree structure is expected for supporting multiple domains:
+```sh
+ certs/
+  │
+  ├─ public.crt
+  ├─ private.key
+  │
+  ├─ example.com/
+  │   │
+  │   ├─ public.crt
+  │   └─ private.key
+  └─ foobar.org/
+     │
+     ├─ public.crt
+     └─ private.key
+  ...

 ```
-...
-export MCS_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
-export MCS_MINIO_SERVER=https://localhost:9000
-./mcs server
+
+## Connect Console to a Minio using TLS and a self-signed certificate
+
+Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then:
+
+```sh
+export CONSOLE_MINIO_SERVER=https://localhost:9000
+./console server
 ```

 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`

-# Contribute to mcs Project
-Please follow mcs [Contributor's Guide](https://github.com/minio/mcs/blob/master/CONTRIBUTING.md)
+# Contribute to console Project
+Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,12 +2,12 @@

 ## Supported Versions

-We always provide security updates for the [latest release](https://github.com/minio/mcs/releases/latest).
+We always provide security updates for the [latest release](https://github.com/minio/console/releases/latest).
 Whenever there is a security update you just need to upgrade to the latest version.

 ## Reporting a Vulnerability

-All security bugs in [minio/mcs](https://github,com/minio/mcs) (or other minio/* repositories)
+All security bugs in [minio/console](https://github,com/minio/console) (or other minio/* repositories)
 should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
 and you'll receive a more detailed response to your email within 72 hours indicating the next steps
 in handling your report.
@@ -18,13 +18,13 @@ you need access credentials for a successful exploit).

 If you have not received a reply to your email within 48 hours or you have not heard from the security team
 for the past five days please contact the security team directly:
-   - Primary security coordinator: lenin@min.io
-   - Secondary coordinator: daniel@min.io, cesar@min.io
-   - If you receive no response: dev@min.io
+  - Primary security coordinator: lenin@min.io
+  - Secondary coordinator: security@min.io
+  - If you receive no response: dev@min.io

 ### Disclosure Process

-MinIO uses the following disclosure process:
+MinIO Console uses the following disclosure process:

 1. Once the security report is received one member of the security team tries to verify and reproduce
   the issue and determines the impact it has.
@@ -33,8 +33,8 @@ MinIO uses the following disclosure process:
 3. Code is audited to find any potential similar problems.
 4. Fixes are prepared for the latest release.
 5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io.
-   Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
-   the security issue. By default MinIO will **not** publish this information to protect your privacy.
+   Please inform us in your report email whether MinIO Console should mention your contribution w.r.t. fixing
+   the security issue. By default MinIO Console will **not** publish this information to protect your privacy.

 This process can take some time, especially when coordination is required with maintainers of other projects.
 Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we
--- a/VULNERABILITY_REPORT.md
+++ b/VULNERABILITY_REPORT.md
@@ -0,0 +1,38 @@
+## Vulnerability Management Policy
+
+This document formally describes the process of addressing and managing a
+reported vulnerability that has been found in the MinIO Console server code base,
+any directly connected ecosystem component or a direct / indirect dependency
+of the code base.
+
+### Scope
+
+The vulnerability management policy described in this document covers the
+process of investigating, assessing and resolving a vulnerability report
+opened by a MinIO Console employee or an external third party.
+
+Therefore, it lists pre-conditions and actions that should be performed to
+resolve and fix a reported vulnerability.
+
+### Vulnerability Management Process
+
+The vulnerability management process requires that the vulnerability report
+contains the following information:
+
+ - The project / component that contains the reported vulnerability.
+ - A description of the vulnerability. In particular, the type of the
+   reported vulnerability and how it might be exploited. Alternatively,
+   a well-established vulnerability identifier, e.g. CVE number, can be
+   used instead.
+
+Based on the description mentioned above, a MinIO Console engineer or security team
+member investigates:
+
+ - Whether the reported vulnerability exists.
+ - The conditions that are required such that the vulnerability can be exploited.
+ - The steps required to fix the vulnerability.
+
+In general, if the vulnerability exists in one of the MinIO Console code bases
+itself - not in a code dependency - then MinIO Console will, if possible, fix
+the vulnerability or implement reasonable countermeasures such that the
+vulnerability cannot be exploited anymore.
--- a/bindata_assetfs.go
+++ b/bindata_assetfs.go
--- a/cluster/cluster.go
+++ b/cluster/cluster.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Kubernetes Cloud
-// Copyright (c) 2019 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,8 @@
 package cluster

 import (
-	operator "github.com/minio/minio-operator/pkg/client/clientset/versioned"
+	direct "github.com/minio/direct-csi/pkg/clientset"
+	operator "github.com/minio/operator/pkg/client/clientset/versioned"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 	certutil "k8s.io/client-go/util/cert"
@@ -63,3 +64,8 @@ func OperatorClient(token string) (*operator.Clientset, error) {
 func K8sClient(token string) (*kubernetes.Clientset, error) {
 	return kubernetes.NewForConfig(GetK8sConfig(token))
 }
+
+// DirectCSIClient returns Direct CSI client using GetK8sConfig for its config
+func DirectCSIClient(token string) (*direct.Clientset, error) {
+	return direct.NewForConfig(GetK8sConfig(token))
+}
--- a/cluster/config.go
+++ b/cluster/config.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Kubernetes Cloud
-// Copyright (c) 2019 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -26,12 +26,11 @@ import (
 	"strings"
 	"time"

-	"github.com/minio/minio/pkg/env"
+	"github.com/minio/pkg/env"
 )

 var (
 	errCantDetermineMinIOImage = errors.New("can't determine MinIO Image")
-	errCantDetermineMCImage    = errors.New("can't determine MC Image")
 )

 func GetK8sAPIServer() string {
@@ -39,19 +38,19 @@ func GetK8sAPIServer() string {
 	// if console is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
 	// NOTE: using kubectl proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
 	// more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
-	// you can override this using MCS_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
+	// you can override this using CONSOLE_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
 	host, port := env.Get("KUBERNETES_SERVICE_HOST", ""), env.Get("KUBERNETES_SERVICE_PORT", "")
 	apiServerAddress := "http://localhost:8001"
 	if host != "" && port != "" {
 		apiServerAddress = "https://" + net.JoinHostPort(host, port)
 	}
-	return env.Get(McsK8sAPIServer, apiServerAddress)
+	return env.Get(ConsoleK8sAPIServer, apiServerAddress)
 }

-// If MCS_K8S_API_SERVER_TLS_ROOT_CA is true mcs will load the certificate into the
+// If CONSOLE_K8S_API_SERVER_TLS_ROOT_CA is true console will load the certificate into the
 // http.client rootCAs pool, this is useful for testing an k8s ApiServer or when working with self-signed certificates
 func getK8sAPIServerTLSRootCA() string {
-	return strings.TrimSpace(env.Get(McsK8SAPIServerTLSRootCA, ""))
+	return strings.TrimSpace(env.Get(ConsoleK8SAPIServerTLSRootCA, ""))
 }

 // GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
@@ -64,13 +63,8 @@ func GetNsFromFile() string {
 	return string(dat)
 }

-// This operation will run only once at console startup
-var namespace = GetNsFromFile()
-
-// Returns the namespace in which the controller is installed
-func GetNs() string {
-	return env.Get(McsNamespace, namespace)
-}
+// Namespace will run only once at console startup
+var Namespace = GetNsFromFile()

 // getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
 func getLatestMinIOImage(client HTTPClientI) (*string, error) {
@@ -98,7 +92,7 @@ func getLatestMinIOImage(client HTTPClientI) (*string, error) {
 var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
 	&HTTPClient{
 		Client: &http.Client{
-			Timeout: 4 * time.Second,
+			Timeout: 15 * time.Second,
 		},
 	})

@@ -106,7 +100,7 @@ var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
 // a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
 // if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
 func GetMinioImage() (*string, error) {
-	image := strings.TrimSpace(env.Get(McsMinioImage, ""))
+	image := strings.TrimSpace(env.Get(ConsoleMinioImage, ""))
 	// if there is a preferred image configured by the user we'll always return that
 	if image != "" {
 		return &image, nil
@@ -125,44 +119,3 @@ func GetLatestMinioImage(client HTTPClientI) (*string, error) {
 	}
 	return latestMinIOImage, nil
 }
-
-// getLatestMCImage returns the latest docker image for MC if found on the internet
-func getLatestMCImage() (*string, error) {
-	// Create an http client with a 4 second timeout
-	client := http.Client{
-		Timeout: 4 * time.Second,
-	}
-	resp, err := client.Get("https://dl.min.io/client/mc/release/linux-amd64/")
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	var re = regexp.MustCompile(`(?m)\.\/mc\.(RELEASE.*?Z)"`)
-	// look for a single match
-	matches := re.FindAllStringSubmatch(string(body), 1)
-	for i := range matches {
-		release := matches[i][1]
-		dockerImage := fmt.Sprintf("minio/mc:%s", release)
-		return &dockerImage, nil
-	}
-	return nil, errCantDetermineMCImage
-}
-
-var latestMCImage, errLatestMCImage = getLatestMCImage()
-
-func GetMCImage() (*string, error) {
-	image := strings.TrimSpace(env.Get(McsMCImage, ""))
-	// if there is a preferred image configured by the user we'll always return that
-	if image != "" {
-		return &image, nil
-	}
-	if errLatestMCImage != nil {
-		return nil, errLatestMCImage
-	}
-	return latestMCImage, nil
-}
--- a/cluster/const.go
+++ b/cluster/const.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Kubernetes Cloud
-// Copyright (c) 2019 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,9 +17,8 @@
 package cluster

 const (
-	McsK8sAPIServer          = "MCS_K8S_API_SERVER"
-	McsK8SAPIServerTLSRootCA = "MCS_K8S_API_SERVER_TLS_ROOT_CA"
-	McsMinioImage            = "MCS_MINIO_IMAGE"
-	McsMCImage               = "MCS_MC_IMAGE"
-	McsNamespace             = "MCS_NAMESPACE"
+	ConsoleK8sAPIServer          = "CONSOLE_K8S_API_SERVER"
+	ConsoleK8SAPIServerTLSRootCA = "CONSOLE_K8S_API_SERVER_TLS_ROOT_CA"
+	ConsoleMinioImage            = "CONSOLE_MINIO_IMAGE"
+	ConsoleMCImage               = "CONSOLE_MC_IMAGE"
 )
--- a/cluster/http_client.go
+++ b/cluster/http_client.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Kubernetes Cloud
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -17,6 +17,7 @@
 package cluster

 import (
+	"io"
 	"net/http"
 )

@@ -25,6 +26,8 @@ import (
 // that are used within this project.
 type HTTPClientI interface {
 	Get(url string) (resp *http.Response, err error)
+	Post(url, contentType string, body io.Reader) (resp *http.Response, err error)
+	Do(req *http.Request) (*http.Response, error)
 }

 // HTTPClient Interface implementation
@@ -38,3 +41,13 @@ type HTTPClient struct {
 func (c *HTTPClient) Get(url string) (resp *http.Response, err error) {
 	return c.Client.Get(url)
 }
+
+// Post implements http.Client.Post()
+func (c *HTTPClient) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) {
+	return c.Client.Post(url, contentType, body)
+}
+
+// Do implements http.Client.Do()
+func (c *HTTPClient) Do(req *http.Request) (*http.Response, error) {
+	return c.Client.Do(req)
+}
--- a/cmd/console/main.go
+++ b/cmd/console/main.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,17 +23,15 @@ import (
 	"sort"
 	"time"

-	"github.com/minio/mcs/pkg"
-
-	"github.com/minio/minio/pkg/console"
-	"github.com/minio/minio/pkg/trie"
-	"github.com/minio/minio/pkg/words"
-
 	"github.com/minio/cli"
+	"github.com/minio/console/pkg"
+	"github.com/minio/pkg/console"
+	"github.com/minio/pkg/trie"
+	"github.com/minio/pkg/words"
 )

-// Help template for mcs.
-var mcsHelpTemplate = `NAME:
+// Help template for Console.
+var consoleHelpTemplate = `NAME:
  {{.Name}} - {{.Usage}}

 DESCRIPTION:
@@ -54,13 +52,15 @@ VERSION:

 var appCmds = []cli.Command{
 	serverCmd,
+	updateCmd,
+	operatorCmd,
 }

 func newApp(name string) *cli.App {
-	// Collection of mcs commands currently supported are.
+	// Collection of console commands currently supported are.
 	var commands []cli.Command

-	// Collection of mcs commands currently supported in a trie tree.
+	// Collection of console commands currently supported in a trie tree.
 	commandsTree := trie.NewTrie()

 	// registerCommand registers a cli command.
@@ -76,21 +76,19 @@ func newApp(name string) *cli.App {

 	findClosestCommands := func(command string) []string {
 		var closestCommands []string
-		for _, value := range commandsTree.PrefixMatch(command) {
-			closestCommands = append(closestCommands, value.(string))
-		}
+		closestCommands = append(closestCommands, commandsTree.PrefixMatch(command)...)

 		sort.Strings(closestCommands)
 		// Suggest other close commands - allow missed, wrongly added and
 		// even transposed characters
 		for _, value := range commandsTree.Walk(commandsTree.Root()) {
-			if sort.SearchStrings(closestCommands, value.(string)) < len(closestCommands) {
+			if sort.SearchStrings(closestCommands, value) < len(closestCommands) {
 				continue
 			}
 			// 2 is arbitrary and represents the max
 			// allowed number of typed errors
-			if words.DamerauLevenshteinDistance(command, value.(string)) < 2 {
-				closestCommands = append(closestCommands, value.(string))
+			if words.DamerauLevenshteinDistance(command, value) < 2 {
+				closestCommands = append(closestCommands, value)
 			}
 		}

@@ -108,13 +106,13 @@ func newApp(name string) *cli.App {
 	app.Author = "MinIO, Inc."
 	app.Usage = "MinIO Console Server"
 	app.Description = `MinIO Console Server`
-	app.Copyright = "(c) 2020 MinIO, Inc."
+	app.Copyright = "(c) 2021 MinIO, Inc."
 	app.Compiled, _ = time.Parse(time.RFC3339, pkg.ReleaseTime)
 	app.Commands = commands
 	app.HideHelpCommand = true // Hide `help, h` command, we already have `minio --help`.
-	app.CustomAppHelpTemplate = mcsHelpTemplate
+	app.CustomAppHelpTemplate = consoleHelpTemplate
 	app.CommandNotFound = func(ctx *cli.Context, command string) {
-		console.Printf("‘%s’ is not a mcs sub-command. See ‘mcs --help’.\n", command)
+		console.Printf("‘%s’ is not a console sub-command. See ‘console --help’.\n", command)
 		closestCommands := findClosestCommands(command)
 		if len(closestCommands) > 0 {
 			console.Println()
--- a/cmd/console/operator.go
+++ b/cmd/console/operator.go
@@ -0,0 +1,246 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"path/filepath"
+	"strconv"
+	"time"
+
+	"github.com/minio/console/restapi"
+
+	"github.com/go-openapi/loads"
+	"github.com/jessevdk/go-flags"
+	"github.com/minio/cli"
+	"github.com/minio/console/operatorapi"
+	"github.com/minio/console/operatorapi/operations"
+	"github.com/minio/console/pkg/certs"
+)
+
+// starts the server
+var operatorCmd = cli.Command{
+	Name:    "operator",
+	Aliases: []string{"opr"},
+	Usage:   "Start MinIO Operator UI server",
+	Action:  startOperatorServer,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "host",
+			Value: restapi.GetHostname(),
+			Usage: "bind to a specific HOST, HOST can be an IP or hostname",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Value: restapi.GetPort(),
+			Usage: "bind to specific HTTP port",
+		},
+		// This is kept here for backward compatibility,
+		// hostname's do not have HTTP or HTTPs
+		// hostnames are opaque so using --host
+		// works for both HTTP and HTTPS setup.
+		cli.StringFlag{
+			Name:   "tls-host",
+			Value:  restapi.GetHostname(),
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:  "certs-dir",
+			Value: certs.GlobalCertsCADir.Get(),
+			Usage: "path to certs directory",
+		},
+		cli.IntFlag{
+			Name:  "tls-port",
+			Value: restapi.GetTLSPort(),
+			Usage: "bind to specific HTTPS port",
+		},
+		cli.StringFlag{
+			Name:  "tls-redirect",
+			Value: restapi.GetTLSRedirect(),
+			Usage: "toggle HTTP->HTTPS redirect",
+		},
+		cli.StringFlag{
+			Name:   "tls-certificate",
+			Value:  "",
+			Usage:  "path to TLS public certificate",
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:   "tls-key",
+			Value:  "",
+			Usage:  "path to TLS private key",
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:   "tls-ca",
+			Value:  "",
+			Usage:  "path to TLS Certificate Authority",
+			Hidden: true,
+		},
+	},
+}
+
+func buildOperatorServer() (*operatorapi.Server, error) {
+	swaggerSpec, err := loads.Embedded(operatorapi.SwaggerJSON, operatorapi.FlatSwaggerJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	api := operations.NewOperatorAPI(swaggerSpec)
+	api.Logger = operatorapi.LogInfo
+	server := operatorapi.NewServer(api)
+
+	parser := flags.NewParser(server, flags.Default)
+	parser.ShortDescription = "MinIO Console Server"
+	parser.LongDescription = swaggerSpec.Spec().Info.Description
+
+	server.ConfigureFlags()
+
+	// register all APIs
+	server.ConfigureAPI()
+
+	for _, optsGroup := range api.CommandLineOptionsGroups {
+		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if _, err := parser.Parse(); err != nil {
+		return nil, err
+	}
+
+	return server, nil
+}
+
+func loadOperatorAllCerts(ctx *cli.Context) error {
+	var err error
+	// Set all certs and CAs directories path
+	certs.GlobalCertsDir, _, err = certs.NewConfigDirFromCtx(ctx, "certs-dir", certs.DefaultCertsDir.Get)
+	if err != nil {
+		return err
+	}
+
+	certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)}
+	// check if certs and CAs directories exists or can be created
+	if err = certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()); err != nil {
+		return fmt.Errorf("unable to create certs CA directory at %s: failed with %w", certs.GlobalCertsCADir.Get(), err)
+	}
+
+	// load the certificates and the CAs
+	operatorapi.GlobalRootCAs, operatorapi.GlobalPublicCerts, operatorapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
+	if err != nil {
+		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
+	}
+
+	{
+		// TLS flags from swagger server, used to support VMware vsphere operator version.
+		swaggerServerCertificate := ctx.String("tls-certificate")
+		swaggerServerCertificateKey := ctx.String("tls-key")
+		swaggerServerCACertificate := ctx.String("tls-ca")
+		// load tls cert and key from swagger server tls-certificate and tls-key flags
+		if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
+			if err = operatorapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
+				return err
+			}
+			x509Certs, err := certs.ParsePublicCertFile(swaggerServerCertificate)
+			if err == nil {
+				operatorapi.GlobalPublicCerts = append(operatorapi.GlobalPublicCerts, x509Certs...)
+			}
+		}
+
+		// load ca cert from swagger server tls-ca flag
+		if swaggerServerCACertificate != "" {
+			caCert, caCertErr := ioutil.ReadFile(swaggerServerCACertificate)
+			if caCertErr == nil {
+				operatorapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+			}
+		}
+	}
+
+	return nil
+}
+
+// StartServer starts the console service
+func startOperatorServer(ctx *cli.Context) error {
+	if err := loadOperatorAllCerts(ctx); err != nil {
+		// Log this as a warning and continue running console without TLS certificates
+		operatorapi.LogError("Unable to load certs: %v", err)
+	}
+
+	var rctx operatorapi.Context
+	if err := rctx.Load(ctx); err != nil {
+		operatorapi.LogError("argument validation failed: %v", err)
+		return err
+	}
+
+	server, err := buildOperatorServer()
+	if err != nil {
+		operatorapi.LogError("Unable to initialize console server: %v", err)
+		return err
+	}
+
+	server.Host = rctx.Host
+	server.Port = rctx.HTTPPort
+	// set conservative timesout for uploads
+	server.ReadTimeout = 1 * time.Hour
+	// no timeouts for response for downloads
+	server.WriteTimeout = 0
+	operatorapi.Port = strconv.Itoa(server.Port)
+	operatorapi.Hostname = server.Host
+
+	if len(operatorapi.GlobalPublicCerts) > 0 {
+		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
+		// plain HTTP connections to HTTPS server
+		server.EnabledListeners = []string{"http", "https"}
+		server.TLSPort = rctx.HTTPSPort
+		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
+		operatorapi.TLSPort = strconv.Itoa(server.TLSPort)
+		operatorapi.Hostname = rctx.Host
+		operatorapi.TLSRedirect = rctx.TLSRedirect
+	}
+
+	defer server.Shutdown()
+
+	// subnet license refresh process
+	go func() {
+		// start refreshing subnet license after 5 seconds..
+		time.Sleep(time.Second * 5)
+
+		failedAttempts := 0
+		for {
+			if err := operatorapi.RefreshLicense(); err != nil {
+				operatorapi.LogError("Refreshing subnet license failed: %v", err)
+				failedAttempts++
+				// end license refresh after 3 consecutive failed attempts
+				if failedAttempts >= 3 {
+					return
+				}
+				// wait 5 minutes and retry again
+				time.Sleep(time.Minute * 5)
+				continue
+			}
+			// if license refreshed successfully reset the counter
+			failedAttempts = 0
+			// try to refresh license every 24 hrs
+			time.Sleep(time.Hour * 24)
+		}
+	}()
+
+	return server.Serve()
+}
--- a/cmd/console/server.go
+++ b/cmd/console/server.go
@@ -0,0 +1,224 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strconv"
+	"time"
+
+	"github.com/go-openapi/loads"
+	"github.com/jessevdk/go-flags"
+	"github.com/minio/cli"
+	"github.com/minio/console/pkg/certs"
+	"github.com/minio/console/restapi"
+	"github.com/minio/console/restapi/operations"
+)
+
+// starts the server
+var serverCmd = cli.Command{
+	Name:    "server",
+	Aliases: []string{"srv"},
+	Usage:   "Start MinIO Console server",
+	Action:  StartServer,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "host",
+			Value: restapi.GetHostname(),
+			Usage: "bind to a specific HOST, HOST can be an IP or hostname",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Value: restapi.GetPort(),
+			Usage: "bind to specific HTTP port",
+		},
+		// This is kept here for backward compatibility,
+		// hostname's do not have HTTP or HTTPs
+		// hostnames are opaque so using --host
+		// works for both HTTP and HTTPS setup.
+		cli.StringFlag{
+			Name:   "tls-host",
+			Value:  restapi.GetHostname(),
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:  "certs-dir",
+			Value: certs.GlobalCertsCADir.Get(),
+			Usage: "path to certs directory",
+		},
+		cli.IntFlag{
+			Name:  "tls-port",
+			Value: restapi.GetTLSPort(),
+			Usage: "bind to specific HTTPS port",
+		},
+		cli.StringFlag{
+			Name:  "tls-redirect",
+			Value: restapi.GetTLSRedirect(),
+			Usage: "toggle HTTP->HTTPS redirect",
+		},
+		cli.StringFlag{
+			Name:   "tls-certificate",
+			Value:  "",
+			Usage:  "path to TLS public certificate",
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:   "tls-key",
+			Value:  "",
+			Usage:  "path to TLS private key",
+			Hidden: true,
+		},
+		cli.StringFlag{
+			Name:   "tls-ca",
+			Value:  "",
+			Usage:  "path to TLS Certificate Authority",
+			Hidden: true,
+		},
+	},
+}
+
+func buildServer() (*restapi.Server, error) {
+	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	api := operations.NewConsoleAPI(swaggerSpec)
+	api.Logger = restapi.LogInfo
+	server := restapi.NewServer(api)
+
+	parser := flags.NewParser(server, flags.Default)
+	parser.ShortDescription = "MinIO Console Server"
+	parser.LongDescription = swaggerSpec.Spec().Info.Description
+
+	server.ConfigureFlags()
+
+	// register all APIs
+	server.ConfigureAPI()
+
+	for _, optsGroup := range api.CommandLineOptionsGroups {
+		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if _, err := parser.Parse(); err != nil {
+		return nil, err
+	}
+
+	return server, nil
+}
+
+func loadAllCerts(ctx *cli.Context) error {
+	var err error
+	// Set all certs and CAs directories path
+	certs.GlobalCertsDir, _, err = certs.NewConfigDirFromCtx(ctx, "certs-dir", certs.DefaultCertsDir.Get)
+	if err != nil {
+		return err
+	}
+
+	certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)}
+	// check if certs and CAs directories exists or can be created
+	if err = certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()); err != nil {
+		return fmt.Errorf("unable to create certs CA directory at %s: failed with %w", certs.GlobalCertsCADir.Get(), err)
+	}
+
+	// load the certificates and the CAs
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
+	if err != nil {
+		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
+	}
+
+	{
+		// TLS flags from swagger server, used to support VMware vsphere operator version.
+		swaggerServerCertificate := ctx.String("tls-certificate")
+		swaggerServerCertificateKey := ctx.String("tls-key")
+		swaggerServerCACertificate := ctx.String("tls-ca")
+		// load tls cert and key from swagger server tls-certificate and tls-key flags
+		if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
+			if err = restapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
+				return err
+			}
+			x509Certs, err := certs.ParsePublicCertFile(swaggerServerCertificate)
+			if err == nil {
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs...)
+			}
+		}
+
+		// load ca cert from swagger server tls-ca flag
+		if swaggerServerCACertificate != "" {
+			caCert, caCertErr := ioutil.ReadFile(swaggerServerCACertificate)
+			if caCertErr == nil {
+				restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+			}
+		}
+	}
+
+	return nil
+}
+
+// StartServer starts the console service
+func StartServer(ctx *cli.Context) error {
+	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
+		return startOperatorServer(ctx)
+	}
+
+	if err := loadAllCerts(ctx); err != nil {
+		// Log this as a warning and continue running console without TLS certificates
+		restapi.LogError("Unable to load certs: %v", err)
+	}
+
+	var rctx restapi.Context
+	if err := rctx.Load(ctx); err != nil {
+		restapi.LogError("argument validation failed: %v", err)
+		return err
+	}
+
+	server, err := buildServer()
+	if err != nil {
+		restapi.LogError("Unable to initialize console server: %v", err)
+		return err
+	}
+
+	server.Host = rctx.Host
+	server.Port = rctx.HTTPPort
+	// set conservative timesout for uploads
+	server.ReadTimeout = 1 * time.Hour
+	// no timeouts for response for downloads
+	server.WriteTimeout = 0
+	restapi.Port = strconv.Itoa(server.Port)
+	restapi.Hostname = server.Host
+
+	if len(restapi.GlobalPublicCerts) > 0 {
+		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
+		// plain HTTP connections to HTTPS server
+		server.EnabledListeners = []string{"http", "https"}
+		server.TLSPort = rctx.HTTPSPort
+		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
+		restapi.TLSPort = strconv.Itoa(server.TLSPort)
+		restapi.Hostname = rctx.Host
+		restapi.TLSRedirect = rctx.TLSRedirect
+	}
+
+	defer server.Shutdown()
+
+	return server.Serve()
+}
--- a/cmd/console/update.go
+++ b/cmd/console/update.go
@@ -0,0 +1,154 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/blang/semver/v4"
+	"github.com/cheggaaa/pb/v3"
+	"github.com/minio/cli"
+	"github.com/minio/console/pkg"
+	"github.com/minio/selfupdate"
+)
+
+func getUpdateTransport(timeout time.Duration) http.RoundTripper {
+	var updateTransport http.RoundTripper = &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   timeout,
+			KeepAlive: timeout,
+			DualStack: true,
+		}).DialContext,
+		IdleConnTimeout:       timeout,
+		TLSHandshakeTimeout:   timeout,
+		ExpectContinueTimeout: timeout,
+		DisableCompression:    true,
+	}
+	return updateTransport
+}
+
+func getUpdateReaderFromURL(u string, transport http.RoundTripper) (io.ReadCloser, int64, error) {
+	clnt := &http.Client{
+		Transport: transport,
+	}
+	req, err := http.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, -1, err
+	}
+
+	resp, err := clnt.Do(req)
+	if err != nil {
+		return nil, -1, err
+	}
+	return resp.Body, resp.ContentLength, nil
+}
+
+const defaultPubKey = "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+
+func getLatestRelease(tr http.RoundTripper) (string, error) {
+	releaseURL := "https://api.github.com/repos/minio/console/releases/latest"
+
+	body, _, err := getUpdateReaderFromURL(releaseURL, tr)
+	if err != nil {
+		return "", fmt.Errorf("unable to access github release URL %w", err)
+	}
+	defer body.Close()
+
+	lm := make(map[string]interface{})
+	if err = json.NewDecoder(body).Decode(&lm); err != nil {
+		return "", err
+	}
+	rel, ok := lm["tag_name"].(string)
+	if !ok {
+		return "", errors.New("unable to find latest release tag")
+	}
+	return rel, nil
+}
+
+// update console in-place
+var updateCmd = cli.Command{
+	Name:   "update",
+	Usage:  "update console to latest release",
+	Action: updateInplace,
+}
+
+func updateInplace(ctx *cli.Context) error {
+	transport := getUpdateTransport(30 * time.Second)
+	rel, err := getLatestRelease(transport)
+	if err != nil {
+		return err
+	}
+
+	latest, err := semver.Make(strings.TrimPrefix(rel, "v"))
+	if err != nil {
+		return err
+	}
+
+	current, err := semver.Make(pkg.Version)
+	if err != nil {
+		return err
+	}
+
+	if current.GTE(latest) {
+		fmt.Printf("You are already running the latest version v%v.\n", pkg.Version)
+		return nil
+	}
+
+	consoleBin := fmt.Sprintf("https://github.com/minio/console/releases/download/%s/console-%s-%s", rel, runtime.GOOS, runtime.GOARCH)
+	reader, length, err := getUpdateReaderFromURL(consoleBin, transport)
+	if err != nil {
+		return fmt.Errorf("unable to fetch binary from %s: %w", consoleBin, err)
+	}
+
+	minisignPubkey := os.Getenv("CONSOLE_MINISIGN_PUBKEY")
+	if minisignPubkey == "" {
+		minisignPubkey = defaultPubKey
+	}
+
+	v := selfupdate.NewVerifier()
+	if err = v.LoadFromURL(consoleBin+".minisig", minisignPubkey, transport); err != nil {
+		return fmt.Errorf("unable to fetch binary signature for %s: %w", consoleBin, err)
+	}
+	opts := selfupdate.Options{
+		Verifier: v,
+	}
+
+	tmpl := `{{ red "Downloading:" }} {{bar . (red "[") (green "=") (red "]")}} {{speed . | rndcolor }}`
+	bar := pb.ProgressBarTemplate(tmpl).Start64(length)
+	barReader := bar.NewProxyReader(reader)
+	if err = selfupdate.Apply(barReader, opts); err != nil {
+		bar.Finish()
+		if rerr := selfupdate.RollbackError(err); rerr != nil {
+			return rerr
+		}
+		return err
+	}
+
+	bar.Finish()
+	fmt.Printf("Updated 'console' to latest release %s\n", rel)
+	return nil
+}
--- a/cmd/mcs/server.go
+++ b/cmd/mcs/server.go
@@ -1,132 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-
-	"github.com/go-openapi/loads"
-	"github.com/jessevdk/go-flags"
-	"github.com/minio/cli"
-	"github.com/minio/mcs/restapi"
-	"github.com/minio/mcs/restapi/operations"
-)
-
-// starts the server
-var serverCmd = cli.Command{
-	Name:    "server",
-	Aliases: []string{"srv"},
-	Usage:   "starts mcs server",
-	Action:  startServer,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "host",
-			Value: restapi.GetHostname(),
-			Usage: "HTTP server hostname",
-		},
-		cli.IntFlag{
-			Name:  "port",
-			Value: restapi.GetPort(),
-			Usage: "HTTP Server port",
-		},
-		cli.StringFlag{
-			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
-			Usage: "HTTPS server hostname",
-		},
-		cli.IntFlag{
-			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
-			Usage: "HTTPS server port",
-		},
-		cli.StringFlag{
-			Name:  "tls-certificate",
-			Value: "",
-			Usage: "filename of public cert",
-		},
-		cli.StringFlag{
-			Name:  "tls-key",
-			Value: "",
-			Usage: "filename of private key",
-		},
-	},
-}
-
-// starts the controller
-func startServer(ctx *cli.Context) error {
-	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
-	if err != nil {
-		log.Fatalln(err)
-	}
-
-	api := operations.NewMcsAPI(swaggerSpec)
-	server := restapi.NewServer(api)
-	defer server.Shutdown()
-
-	parser := flags.NewParser(server, flags.Default)
-	parser.ShortDescription = "MinIO Console Server"
-	parser.LongDescription = swaggerSpec.Spec().Info.Description
-	server.ConfigureFlags()
-	for _, optsGroup := range api.CommandLineOptionsGroups {
-		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
-		if err != nil {
-			log.Fatalln(err)
-		}
-	}
-
-	if _, err := parser.Parse(); err != nil {
-		code := 1
-		if fe, ok := err.(*flags.Error); ok {
-			if fe.Type == flags.ErrHelp {
-				code = 0
-			}
-		}
-		os.Exit(code)
-	}
-
-	server.Host = ctx.String("host")
-	server.Port = ctx.Int("port")
-
-	restapi.Hostname = ctx.String("host")
-	restapi.Port = fmt.Sprintf("%v", ctx.Int("port"))
-
-	tlsCertificatePath := ctx.String("tls-certificate")
-	tlsCertificateKeyPath := ctx.String("tls-key")
-
-	if tlsCertificatePath != "" && tlsCertificateKeyPath != "" {
-		server.TLSCertificate = flags.Filename(tlsCertificatePath)
-		server.TLSCertificateKey = flags.Filename(tlsCertificateKeyPath)
-		// If TLS certificates are provided enforce the HTTPS schema, meaning mcs will redirect
-		// plain HTTP connections to HTTPS server
-		server.EnabledListeners = []string{"http", "https"}
-		server.TLSPort = ctx.Int("tls-port")
-		server.TLSHost = ctx.String("tls-host")
-		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
-		restapi.TLSPort = fmt.Sprintf("%v", ctx.Int("tls-port"))
-		restapi.TLSHostname = ctx.String("tls-host")
-		restapi.TLSRedirect = "on"
-	}
-
-	server.ConfigureAPI()
-
-	if err := server.Serve(); err != nil {
-		log.Fatalln(err)
-	}
-	return nil
-}
--- a/cross-compile.sh
+++ b/cross-compile.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -e
+# Enable tracing if set.
+[ -n "$BASH_XTRACEFD" ] && set -x
+
+## All binaries are static make sure to disable CGO.
+export CGO_ENABLED=0
+
+## List of architectures and OS to test cross compilation.
+SUPPORTED_OSARCH_DEFAULTS="linux/ppc64le linux/mips64 linux/arm64 linux/s390x darwin/amd64 freebsd/amd64 windows/amd64 linux/arm linux/386 netbsd/amd64"
+SUPPORTED_OSARCH=${1:-$SUPPORTED_OSARCH_DEFAULTS}
+
+_build() {
+    local osarch=$1
+    IFS=/ read -r -a arr <<<"$osarch"
+    os="${arr[0]}"
+    arch="${arr[1]}"
+    package=$(go list -f '{{.ImportPath}}' ./cmd/console)
+    printf -- "--> %15s:%s\n" "${osarch}" "${package}"
+
+    # go build -trimpath to build the binary.
+    GOOS=$os GOARCH=$arch GO111MODULE=on go build -trimpath --tags=kqueue --ldflags "-s -w" -o /dev/null ./cmd/console
+}
+
+main() {
+    echo "Testing builds for OS/Arch: ${SUPPORTED_OSARCH}"
+    for each_osarch in ${SUPPORTED_OSARCH}; do
+        _build "${each_osarch}"
+    done
+}
+
+main "$@"
--- a/docs/console_operator_mode.md
+++ b/docs/console_operator_mode.md
@@ -0,0 +1,39 @@
+# Running Console in Operator mode
+
+`Console` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
+in the login form, Console will validate it against Kubernetes (list apis) and if valid will generate and return a new Console sessions 
+with encrypted claims (the user Service account token will be inside the session encrypted token
+
+# Kubernetes
+
+The provided `JWT token` corresponds to the `Kubernetes service account` that `Console` will use to run tasks on behalf of the
+user, ie: list, create, edit, delete tenants, storage class, etc.
+
+
+# Development
+
+If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
+if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
+
+If you are running console in your local environment and wish to make request to `Kubernetes` you can set `CONSOLE_K8S_API_SERVER`, if
+the environment variable is not present by default `Console` will use `"http://localhost:8001"`, additionally you will need to set the
+`CONSOLE_OPERATOR_MODE=on` variable to make Console display the Operator UI.
+
+NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
+more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
+you can override this using `CONSOLE_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
+
+## Extract the Service account token and use it with Console
+
+For local development you can use the jwt associated to the `console-sa` service account, you can get the token running
+the following command in your terminal:
+
+```
+kubectl get secret $(kubectl get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
+```
+
+Then run the Console server
+
+```
+CONSOLE_OPERATOR_MODE=on ./console server
+```
--- a/docs/ldap/billy.ldif
+++ b/docs/ldap/billy.ldif
@@ -0,0 +1,35 @@
+# LDIF fragment to create group branch under root
+dn: uid=billy,dc=example,dc=org
+uid: billy
+cn: billy
+sn: 3
+objectClass: top
+objectClass: posixAccount
+objectClass: inetOrgPerson
+loginShell: /bin/bash
+homeDirectory: /home/billy
+uidNumber: 14583102
+gidNumber: 14564100
+userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
+mail: billy@example.org
+gecos: Billy User
+
+# Create base group
+dn: ou=groups,dc=example,dc=org
+objectclass:organizationalunit
+ou: groups
+description: generic groups branch
+
+# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+objectClass: top
+objectClass: posixGroup
+gidNumber: 678
+
+# Assing group to new user
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+changetype: modify
+add: memberuid
+memberuid: billy
+
+
--- a/docs/mcs_operator_mode.md
+++ b/docs/mcs_operator_mode.md
@@ -1,39 +0,0 @@
-# Running MCS in Operator mode
-
-`MCS` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
-in the login form, MCS will validate it against Kubernetes (list apis) and if valid will generate and return a new MCS sessions 
-with encrypted claims (the user Service account token will be inside the JWT in the data field)
-
-# Kubernetes
-
-The provided `JWT token` corresponds to the `Kubernetes service account` that `MCS` will use to run tasks on behalf of the
-user, ie: list, create, edit, delete tenants, storage class, etc.
-
-
-# Development
-
-If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
-if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
-
-If you are running mcs in your local environment and wish to make request to `Kubernetes` you can set `MCS_K8S_API_SERVER`, if
-the environment variable is not present by default `MCS` will use `"http://localhost:8001"`, additionally you will need to set the
-`MCS_OPERATOR_MODE=on` variable to make MCS display the Operator UI.
-
-NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
-more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
-you can override this using `MCS_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
-
-## Extract the Service account token and use it with MCS
-
-For local development you can use the jwt associated to the `m3-sa` service account, you can get the token running
-the following command in your terminal:
-
-```
-kubectl get secret $(kubectl get serviceaccount mcs-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
-```
-
-Then run the mcs server
-
-```
-MCS_OPERATOR_MODE=on ./mcs server
-```
--- a/go.mod
+++ b/go.mod
@@ -1,35 +1,42 @@
-module github.com/minio/mcs
+module github.com/minio/console

-go 1.13
+go 1.16

 require (
-	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/elazarl/go-bindata-assetfs v1.0.0
-	github.com/go-openapi/errors v0.19.6
-	github.com/go-openapi/loads v0.19.5
-	github.com/go-openapi/runtime v0.19.19
-	github.com/go-openapi/spec v0.19.8
-	github.com/go-openapi/strfmt v0.19.5
-	github.com/go-openapi/swag v0.19.9
-	github.com/go-openapi/validate v0.19.10
+	github.com/blang/semver/v4 v4.0.0
+	github.com/cheggaaa/pb/v3 v3.0.6
+	github.com/dustin/go-humanize v1.0.0
+	github.com/go-openapi/errors v0.19.9
+	github.com/go-openapi/loads v0.20.2
+	github.com/go-openapi/runtime v0.19.24
+	github.com/go-openapi/spec v0.20.3
+	github.com/go-openapi/strfmt v0.20.0
+	github.com/go-openapi/swag v0.19.14
+	github.com/go-openapi/validate v0.20.2
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
-	github.com/json-iterator/go v1.1.10
 	github.com/minio/cli v1.22.0
-	github.com/minio/mc v0.0.0-20200719194630-c8a3b7bff08c
-	github.com/minio/minio v0.0.0-20200714163805-778e9c864f67
-	github.com/minio/minio-go/v6 v6.0.58-0.20200612001654-a57fec8037ec
-	github.com/minio/minio-go/v7 v7.0.2-0.20200718235721-f0e2f3ae3678
-	github.com/minio/minio-operator v0.0.0-20200713191021-de7c5283f7e5
-	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/satori/go.uuid v1.2.0
-	github.com/stretchr/testify v1.6.1
-	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
-	golang.org/x/net v0.0.0-20200707034311-ab3426394381
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	k8s.io/api v0.18.0
-	k8s.io/apimachinery v0.18.0
-	k8s.io/client-go v0.18.0
+	github.com/minio/direct-csi v1.3.5-0.20210601185811-f7776f7961bf
+	github.com/minio/kes v0.11.0
+	github.com/minio/madmin-go v1.1.6
+	github.com/minio/mc v0.0.0-20210626002108-cebf3318546f
+	github.com/minio/minio-go/v7 v7.0.14
+	github.com/minio/operator v0.0.0-20210812082324-26350f153661
+	github.com/minio/operator/logsearchapi v0.0.0-20210812082324-26350f153661
+	github.com/minio/pkg v1.1.3
+	github.com/minio/selfupdate v0.3.1
+	github.com/mitchellh/go-homedir v1.1.0
+	github.com/rs/xid v1.2.1
+	github.com/secure-io/sio-go v0.3.1
+	github.com/stretchr/testify v1.7.0
+	github.com/unrolled/secure v1.0.9
+	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
+	golang.org/x/net v0.0.0-20210421230115-4e50805a0758
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	gopkg.in/yaml.v2 v2.4.0
+	k8s.io/api v0.21.1
+	k8s.io/apimachinery v0.21.1
+	k8s.io/client-go v0.21.1
 )
+
+replace google.golang.org/grpc => google.golang.org/grpc v1.29.1
--- a/go.sum
+++ b/go.sum
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -25,7 +25,7 @@ go get -d k8s.io/code-generator/...
 # Checkout code-generator to compatible version
 #(cd $GOPATH/src/k8s.io/code-generator && git checkout origin/release-1.14 -B release-1.14)

-REPOSITORY=github.com/minio/mcs
+REPOSITORY=github.com/minio/console
 $GOPATH/src/k8s.io/code-generator/generate-groups.sh all \
  $REPOSITORY/pkg/clientgen $REPOSITORY/pkg/apis networking.gke.io:v1beta2 \
  --go-header-file $SCRIPT_ROOT/hack/header.go.txt
--- a/images/pic1.png
+++ b/images/pic1.png
--- a/images/pic2.png
+++ b/images/pic2.png
--- a/integration/buckets_test.go
+++ b/integration/buckets_test.go
@@ -0,0 +1,340 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/go-openapi/loads"
+	"github.com/minio/console/restapi"
+	"github.com/minio/console/restapi/operations"
+
+	"github.com/minio/console/models"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var token string
+
+func initConsoleServer() (*restapi.Server, error) {
+
+	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
+
+	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	noLog := func(string, ...interface{}) {
+		// nothing to log
+	}
+
+	// Initialize MinIO loggers
+	restapi.LogInfo = noLog
+	restapi.LogError = noLog
+
+	api := operations.NewConsoleAPI(swaggerSpec)
+	api.Logger = noLog
+
+	server := restapi.NewServer(api)
+	// register all APIs
+	server.ConfigureAPI()
+
+	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
+
+	consolePort, _ := strconv.Atoi("9090")
+
+	server.Host = "0.0.0.0"
+	server.Port = consolePort
+	restapi.Port = "9090"
+	restapi.Hostname = "0.0.0.0"
+
+	return server, nil
+}
+
+func TestMain(m *testing.M) {
+
+	// start console server
+	go func() {
+		fmt.Println("start server")
+		srv, err := initConsoleServer()
+		if err != nil {
+			log.Println(err)
+			log.Println("init fail")
+			return
+		}
+		srv.Serve()
+
+	}()
+
+	fmt.Println("sleeping")
+	time.Sleep(2 * time.Second)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	// get login credentials
+
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadmin",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		loginResponse := models.LoginResponse{}
+		err = json.Unmarshal(bodyBytes, &loginResponse)
+		if err != nil {
+			log.Println(err)
+		}
+
+		token = loginResponse.SessionID
+
+	}
+
+	code := m.Run()
+
+	requestDataAdd := map[string]interface{}{
+		"name": "test1",
+	}
+
+	requestDataJSON, _ = json.Marshal(requestDataAdd)
+
+	requestDataBody = bytes.NewReader(requestDataJSON)
+
+	// get list of buckets
+	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test1", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		fmt.Println("DELETE StatusCode:", response.StatusCode)
+	}
+
+	os.Exit(code)
+}
+
+func TestAddBucket(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       "test1",
+		"versioning": false,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	// get list of buckets
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		assert.Equal(201, response.StatusCode, "Status Code is incorrect")
+	}
+}
+
+func TestBucketVersioning(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/session", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	var distributedSystem bool
+
+	if response != nil {
+
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		sessionResponse := models.SessionResponse{}
+		err = json.Unmarshal(bodyBytes, &sessionResponse)
+		if err != nil {
+			log.Println(err)
+		}
+
+		distributedSystem = sessionResponse.DistributedMode
+
+	}
+
+	requestDataVersioning := map[string]interface{}{
+		"name":       "test2",
+		"versioning": true,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataVersioning)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err = http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	fmt.Println("Versioned bucket creation test status:", response.Status)
+	if distributedSystem {
+		assert.Equal(201, response.StatusCode, "Versioning test Status Code is incorrect - bucket failed to create")
+	} else {
+		assert.NotEqual(201, response.StatusCode, "Versioning test Status Code is incorrect -  versioned bucket created on non-distributed system")
+	}
+
+	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test2", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		fmt.Println("DELETE StatusCode:", response.StatusCode)
+	}
+
+}
+
+func TestBucketsGet(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	// get list of buckets
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/buckets", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		assert.Equal(200, response.StatusCode, "Status Code is incorrect")
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		listBuckets := models.ListBucketsResponse{}
+		err = json.Unmarshal(bodyBytes, &listBuckets)
+		if err != nil {
+			log.Println(err)
+			assert.Nil(err)
+		}
+
+		assert.Greater(len(listBuckets.Buckets), 0, "No bucket was returned")
+		assert.Greater(listBuckets.Total, int64(0), "Total buckets is 0")
+
+	}
+
+}
--- a/integration/login_test.go
+++ b/integration/login_test.go
@@ -0,0 +1,71 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/minio/console/models"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoginStrategy(t *testing.T) {
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	// copy query params
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/login", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		loginDetails := models.LoginDetails{}
+
+		err = json.Unmarshal(bodyBytes, &loginDetails)
+		if err != nil {
+			log.Println(err)
+		}
+		assert.Nil(err)
+
+		assert.Equal(models.LoginDetailsLoginStrategyForm, loginDetails.LoginStrategy, "Login Details don't match")
+
+	}
+
+}
--- a/k8s/boilerplate.go.txt
+++ b/k8s/boilerplate.go.txt
@@ -1,5 +1,5 @@
 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/k8s/console/base/kustomization.yaml
+++ b/k8s/console/base/kustomization.yaml
@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-# beginning of customizations
-resources:
-  - mcs-service-account.yaml
-  - mcs-cluster-role.yaml
-  - mcs-cluster-role-binding.yaml
-  - mcs-configmap.yaml
-  - mcs-service.yaml
-  - mcs-deployment.yaml
-  - minio-operator.yaml
--- a/k8s/console/base/mcs-cluster-role.yaml
+++ b/k8s/console/base/mcs-cluster-role.yaml
@@ -1,77 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: mcs-sa-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-      - resourcequotas
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - "storage.k8s.io"
-    resources:
-      - storageclasses
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - "certificates.k8s.io"
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs:
-      - update
-      - create
-      - get
-  - apiGroups:
-      - operator.min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
--- a/k8s/console/base/mcs-configmap.yaml
+++ b/k8s/console/base/mcs-configmap.yaml
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mcs-env
-data:
-  MCS_PORT: "9090"
-  MCS_TLS_PORT: "9443"
--- a/k8s/console/base/mcs-deployment.yaml
+++ b/k8s/console/base/mcs-deployment.yaml
@@ -1,27 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: mcs
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mcs
-  template:
-    metadata:
-      labels:
-        app: mcs
-    spec:
-      serviceAccountName: m3-sa
-      containers:
-        - name: mcs
-          image: minio/mcs:latest
-          imagePullPolicy: "IfNotPresent"
-          args:
-            - /mcs
-            - server
-          ports:
-            - containerPort: 9090
-              name: http
-            - containerPort: 9433
-              name: https
--- a/k8s/console/base/minio-operator.yaml
+++ b/k8s/console/base/minio-operator.yaml
@@ -1,203 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: minioinstances.operator.min.io
-spec:
-  group: operator.min.io
-  scope: Namespaced
-  names:
-    kind: MinIOInstance
-    singular: minioinstance
-    plural: minioinstances
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        # openAPIV3Schema is the schema for validating custom objects.
-        # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
-        # for more details
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-              properties:
-                replicas:
-                  type: integer
-                  minimum: 1
-                  maximum: 32
-                image:
-                  type: string
-                serviceName:
-                  type: string
-                volumesPerServer:
-                  type: integer
-                mountPath:
-                  type: string
-                podManagementPolicy:
-                  type: string
-                  enum: [Parallel, OrderedReady]
-                  default: Parallel
-                requestAutoCert:
-                  type: boolean
-                  default: false
-                version:
-                  type: string
-                mountpath:
-                  type: string
-                subpath:
-                  type: string
-                mcs:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    mcsSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                kes:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    kesSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-            status:
-              type: object
-              properties:
-                currentState:
-                  type: string
-      subresources:
-        # status enables the status subresource.
-        status: {}
-      additionalPrinterColumns:
-        - name: Current State
-          type: string
-          jsonPath: ".status.currentState"
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: minio-operator-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - delete
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - "certificates.k8s.io"
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs:
-      - update
-      - create
-      - get
-      - delete
-  - apiGroups:
-      - operator.min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: minio-operator
-  namespace: default
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: minio-operator-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: minio-operator-role
-subjects:
-  - kind: ServiceAccount
-    name: minio-operator
-    namespace: default
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: minio-operator
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: minio-operator
-  template:
-    metadata:
-      labels:
-        name: minio-operator
-    spec:
-      serviceAccountName: minio-operator
-      containers:
-        - name: minio-operator
-          image: minio/k8s-operator:2.0.9
-          imagePullPolicy: IfNotPresent
-          # To specify cluster domain, un comment the following:
-          # env:
-          #   - name: CLUSTER_DOMAIN
-          #     value: mycluster.mydomain
--- a/k8s/create-kind.sh
+++ b/k8s/create-kind.sh
@@ -1,16 +1,16 @@
 #!/bin/bash

 # setup environment variables based on flags to see if we should build the docker containers again
-MCS_DOCKER="true"
+CONSOLE_DOCKER="true"

 # evaluate flags
-# `-m` for mcs
+# `-m` for console


 while getopts ":m:" opt; do
  case $opt in
    m)
-	  MCS_DOCKER="$OPTARG"
+	  CONSOLE_DOCKER="$OPTARG"
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
@@ -34,11 +34,11 @@ echo "install metrics server"
 kubectl apply -f metrics-dev.yaml

 # Whether or not to build the m3 container and load it to kind or just load it
-if [[ $MCS_DOCKER == "true" ]]; then
+if [[ $CONSOLE_DOCKER == "true" ]]; then
 	# Build mkube
-  make --directory=".." k8sdev TAG=minio/mcs:latest
+  make --directory=".." k8sdev TAG=minio/console:latest
 else
-	kind load docker-image minio/mcs:latest
+	kind load docker-image minio/console:latest
 fi

 echo "done"
--- a/k8s/getoperator.sh
+++ b/k8s/getoperator.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-# Get's the latest deployment file from MinIO Operator
-curl https://raw.githubusercontent.com/minio/minio-operator/master/minio-operator.yaml > operator-console/base/minio-operator.yaml
--- a/k8s/operator-console/base/console-cluster-role-binding.yaml
+++ b/k8s/operator-console/base/console-cluster-role-binding.yaml
@@ -1,12 +1,12 @@
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: mcs-sa-binding
+  name: console-sa-binding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: mcs-sa-role
+  name: console-sa-role
 subjects:
  - kind: ServiceAccount
-    name: mcs-sa
+    name: console-sa
    namespace: default
--- a/k8s/operator-console/base/console-cluster-role.yaml
+++ b/k8s/operator-console/base/console-cluster-role.yaml
@@ -0,0 +1,234 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: console-sa-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - delete
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
+      - watch
+      - update
+  - apiGroups:
+      - "storage.k8s.io"
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+      - deployments
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+      - "certificatesigningrequests/approval"
+      - "certificatesigningrequests/status"
+    verbs:
+      - update
+      - create
+      - get
+  - apiGroups:
+      - minio.min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+      - min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - create
+    - list
+    - watch
+    - update
+    - patch
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshots
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshotcontents
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - csinodes
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - volumeattachments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - volumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - directcsidrives
+    - directcsivolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - pod
+    - pods/log
+    verbs:
+    - get
+    - list
+    - watch
--- a/k8s/operator-console/base/console-configmap.yaml
+++ b/k8s/operator-console/base/console-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: console-env
+data:
+  CONSOLE_PORT: "9090"
+  CONSOLE_TLS_PORT: "9443"
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -1,27 +1,26 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: mcs
+  name: console
 spec:
  replicas: 1
  selector:
    matchLabels:
-      app: mcs
+      app: console
  template:
    metadata:
      labels:
-        app: mcs
+        app: console
    spec:
-      serviceAccountName: m3-sa
+      serviceAccountName: console-sa
      containers:
-        - name: mcs
-          image: minio/mcs:latest
+        - name: console
+          image: minio/console:v0.10.3
          imagePullPolicy: "IfNotPresent"
          env:
-            - name: MCS_OPERATOR_MODE
+            - name: CONSOLE_OPERATOR_MODE
              value: "on"
          args:
-            - /mcs
            - server
          ports:
            - containerPort: 9090
--- a/k8s/operator-console/base/console-service-account.yaml
+++ b/k8s/operator-console/base/console-service-account.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: mcs-sa
+  name: console-sa
  namespace: default
--- a/k8s/operator-console/base/console-service.yaml
+++ b/k8s/operator-console/base/console-service.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: mcs
+  name: console
  labels:
-    name: mcs
+    name: console
 spec:
  ports:
    - port: 9090
@@ -11,4 +11,4 @@ spec:
    - port: 9443
      name: https
  selector:
-    app: mcs
+    app: console
--- a/k8s/operator-console/base/kustomization.yaml
+++ b/k8s/operator-console/base/kustomization.yaml
@@ -2,10 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 # beginning of customizations
 resources:
-  - mcs-service-account.yaml
-  - mcs-cluster-role.yaml
-  - mcs-cluster-role-binding.yaml
-  - mcs-configmap.yaml
-  - mcs-service.yaml
-  - mcs-deployment.yaml
-  - minio-operator.yaml
+  - console-service-account.yaml
+  - console-cluster-role.yaml
+  - console-cluster-role-binding.yaml
+  - console-configmap.yaml
+  - console-service.yaml
+  - console-deployment.yaml
--- a/k8s/operator-console/base/mcs-cluster-role-binding.yaml
+++ b/k8s/operator-console/base/mcs-cluster-role-binding.yaml
@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: mcs-sa-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: mcs-sa-role
-subjects:
-  - kind: ServiceAccount
-    name: mcs-sa
-    namespace: default
--- a/k8s/operator-console/base/mcs-cluster-role.yaml
+++ b/k8s/operator-console/base/mcs-cluster-role.yaml
@@ -1,77 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: mcs-sa-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-      - resourcequotas
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - "storage.k8s.io"
-    resources:
-      - storageclasses
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - "certificates.k8s.io"
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs:
-      - update
-      - create
-      - get
-  - apiGroups:
-      - operator.min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
--- a/k8s/operator-console/base/mcs-configmap.yaml
+++ b/k8s/operator-console/base/mcs-configmap.yaml
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mcs-env
-data:
-  MCS_PORT: "9090"
-  MCS_TLS_PORT: "9443"
--- a/k8s/operator-console/base/mcs-service-account.yaml
+++ b/k8s/operator-console/base/mcs-service-account.yaml
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: mcs-sa
-  namespace: default
--- a/k8s/operator-console/base/mcs-service.yaml
+++ b/k8s/operator-console/base/mcs-service.yaml
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: mcs
-  labels:
-    name: mcs
-spec:
-  ports:
-    - port: 9090
-      name: http
-    - port: 9443
-      name: https
-  selector:
-    app: mcs
--- a/k8s/operator-console/base/minio-operator.yaml
+++ b/k8s/operator-console/base/minio-operator.yaml
@@ -1,203 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: minioinstances.operator.min.io
-spec:
-  group: operator.min.io
-  scope: Namespaced
-  names:
-    kind: MinIOInstance
-    singular: minioinstance
-    plural: minioinstances
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        # openAPIV3Schema is the schema for validating custom objects.
-        # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
-        # for more details
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-              properties:
-                replicas:
-                  type: integer
-                  minimum: 1
-                  maximum: 32
-                image:
-                  type: string
-                serviceName:
-                  type: string
-                volumesPerServer:
-                  type: integer
-                mountPath:
-                  type: string
-                podManagementPolicy:
-                  type: string
-                  enum: [Parallel, OrderedReady]
-                  default: Parallel
-                requestAutoCert:
-                  type: boolean
-                  default: false
-                version:
-                  type: string
-                mountpath:
-                  type: string
-                subpath:
-                  type: string
-                mcs:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    mcsSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                kes:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    kesSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-            status:
-              type: object
-              properties:
-                currentState:
-                  type: string
-      subresources:
-        # status enables the status subresource.
-        status: {}
-      additionalPrinterColumns:
-        - name: Current State
-          type: string
-          jsonPath: ".status.currentState"
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: minio-operator-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - delete
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - "certificates.k8s.io"
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs:
-      - update
-      - create
-      - get
-      - delete
-  - apiGroups:
-      - operator.min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: minio-operator
-  namespace: default
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: minio-operator-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: minio-operator-role
-subjects:
-  - kind: ServiceAccount
-    name: minio-operator
-    namespace: default
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: minio-operator
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: minio-operator
-  template:
-    metadata:
-      labels:
-        name: minio-operator
-    spec:
-      serviceAccountName: minio-operator
-      containers:
-        - name: minio-operator
-          image: minio/k8s-operator:2.0.9
-          imagePullPolicy: IfNotPresent
-          # To specify cluster domain, un comment the following:
-          # env:
-          #   - name: CLUSTER_DOMAIN
-          #     value: mycluster.mydomain
--- a/k8s/operator-console/operator/kustomization.yaml
+++ b/k8s/operator-console/operator/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+#namespace: min-ns
+
+resources:
+  - ../base
+  - https://github.com/minio/operator/?ref=v3.0.29
+
--- a/k8s/tools.go
+++ b/k8s/tools.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Kubernetes Cloud
-// Copyright (c) 2019 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.

-// This package imports things required by build scripts, to force `go mod` to see them as dependencies
+// Package k8s - this package imports things required by build scripts, to force `go mod` to see them as dependencies
 package k8s

-//import _ "k8s.io/code-generator"
+// import _ "k8s.io/code-generator"
--- a/k8s/update-codegen.sh
+++ b/k8s/update-codegen.sh
@@ -26,8 +26,8 @@ CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-
 #                  k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
 #                  instead of the $GOPATH directly. For normal projects this can be dropped.
 bash "${CODEGEN_PKG}"/generate-groups.sh "all" \
-  github.com/minio/mcs/pkg/generated \
-  github.com/minio/mcs/pkg/apis \
+  github.com/minio/console/pkg/generated \
+  github.com/minio/console/pkg/apis \
  mkube:v1 \
  --go-header-file "${SCRIPT_ROOT}"/k8s/boilerplate.go.txt

--- a/models/access_rule.go
+++ b/models/access_rule.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AccessRule access rule
+//
+// swagger:model accessRule
+type AccessRule struct {
+
+	// access
+	Access string `json:"access,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+}
+
+// Validate validates this access rule
+func (m *AccessRule) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this access rule based on context it is used
+func (m *AccessRule) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AccessRule) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AccessRule) UnmarshalBinary(b []byte) error {
+	var res AccessRule
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/account_change_password_request.go
+++ b/models/account_change_password_request.go
@@ -0,0 +1,105 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AccountChangePasswordRequest account change password request
+//
+// swagger:model accountChangePasswordRequest
+type AccountChangePasswordRequest struct {
+
+	// current secret key
+	// Required: true
+	CurrentSecretKey *string `json:"current_secret_key"`
+
+	// new secret key
+	// Required: true
+	NewSecretKey *string `json:"new_secret_key"`
+}
+
+// Validate validates this account change password request
+func (m *AccountChangePasswordRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCurrentSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNewSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AccountChangePasswordRequest) validateCurrentSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("current_secret_key", "body", m.CurrentSecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AccountChangePasswordRequest) validateNewSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("new_secret_key", "body", m.NewSecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this account change password request based on context it is used
+func (m *AccountChangePasswordRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AccountChangePasswordRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AccountChangePasswordRequest) UnmarshalBinary(b []byte) error {
+	var res AccountChangePasswordRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_bucket_lifecycle.go
+++ b/models/add_bucket_lifecycle.go
@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketLifecycle add bucket lifecycle
+//
+// swagger:model addBucketLifecycle
+type AddBucketLifecycle struct {
+
+	// Non required, toggle to disable or enable rule
+	Disable bool `json:"disable,omitempty"`
+
+	// Non required, toggle to disable or enable rule
+	ExpiredObjectDeleteMarker bool `json:"expired_object_delete_marker,omitempty"`
+
+	// Required in case of expiry_days or transition fields are not set. it defines an expiry date for ILM
+	ExpiryDate string `json:"expiry_date,omitempty"`
+
+	// Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
+	ExpiryDays int32 `json:"expiry_days,omitempty"`
+
+	// Non required, can be set in case of expiration is enabled
+	NoncurrentversionExpirationDays int32 `json:"noncurrentversion_expiration_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionDays int32 `json:"noncurrentversion_transition_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionStorageClass string `json:"noncurrentversion_transition_storage_class,omitempty"`
+
+	// Non required field, it matches a prefix to perform ILM operations on it
+	Prefix string `json:"prefix,omitempty"`
+
+	// Required only in case of transition is set. it refers to a tier
+	StorageClass string `json:"storage_class,omitempty"`
+
+	// Non required field, tags to match ILM files
+	Tags string `json:"tags,omitempty"`
+
+	// Required in case of transition_days or expiry fields are not set. it defines a transition date for ILM
+	TransitionDate string `json:"transition_date,omitempty"`
+
+	// Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
+	TransitionDays int32 `json:"transition_days,omitempty"`
+}
+
+// Validate validates this add bucket lifecycle
+func (m *AddBucketLifecycle) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this add bucket lifecycle based on context it is used
+func (m *AddBucketLifecycle) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketLifecycle) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketLifecycle) UnmarshalBinary(b []byte) error {
+	var res AddBucketLifecycle
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_bucket_replication.go
+++ b/models/add_bucket_replication.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketReplication add bucket replication
+//
+// swagger:model addBucketReplication
+type AddBucketReplication struct {
+
+	// arn
+	Arn string `json:"arn,omitempty"`
+
+	// destination bucket
+	DestinationBucket string `json:"destination_bucket,omitempty"`
+}
+
+// Validate validates this add bucket replication
+func (m *AddBucketReplication) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this add bucket replication based on context it is used
+func (m *AddBucketReplication) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketReplication) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketReplication) UnmarshalBinary(b []byte) error {
+	var res AddBucketReplication
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_group_request.go
+++ b/models/add_group_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -79,6 +81,11 @@ func (m *AddGroupRequest) validateMembers(formats strfmt.Registry) error {
 	return nil
 }

+// ContextValidate validates this add group request based on context it is used
+func (m *AddGroupRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *AddGroupRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/add_policy_request.go
+++ b/models/add_policy_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -79,6 +81,11 @@ func (m *AddPolicyRequest) validatePolicy(formats strfmt.Registry) error {
 	return nil
 }

+// ContextValidate validates this add policy request based on context it is used
+func (m *AddPolicyRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *AddPolicyRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/add_user_request.go
+++ b/models/add_user_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -42,6 +44,10 @@ type AddUserRequest struct {
 	// Required: true
 	Groups []string `json:"groups"`

+	// policies
+	// Required: true
+	Policies []string `json:"policies"`
+
 	// secret key
 	// Required: true
 	SecretKey *string `json:"secretKey"`
@@ -59,6 +65,10 @@ func (m *AddUserRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validatePolicies(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateSecretKey(formats); err != nil {
 		res = append(res, err)
 	}
@@ -87,6 +97,15 @@ func (m *AddUserRequest) validateGroups(formats strfmt.Registry) error {
 	return nil
 }

+func (m *AddUserRequest) validatePolicies(formats strfmt.Registry) error {
+
+	if err := validate.Required("policies", "body", m.Policies); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (m *AddUserRequest) validateSecretKey(formats strfmt.Registry) error {

 	if err := validate.Required("secretKey", "body", m.SecretKey); err != nil {
@@ -96,6 +115,11 @@ func (m *AddUserRequest) validateSecretKey(formats strfmt.Registry) error {
 	return nil
 }

+// ContextValidate validates this add user request based on context it is used
+func (m *AddUserRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *AddUserRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/admin_info_response.go
+++ b/models/admin_info_response.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,10 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -38,12 +42,133 @@ type AdminInfoResponse struct {
 	// objects
 	Objects int64 `json:"objects,omitempty"`

+	// servers
+	Servers []*ServerProperties `json:"servers"`
+
 	// usage
 	Usage int64 `json:"usage,omitempty"`
+
+	// widgets
+	Widgets []*Widget `json:"widgets"`
 }

 // Validate validates this admin info response
 func (m *AdminInfoResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateServers(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateWidgets(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AdminInfoResponse) validateServers(formats strfmt.Registry) error {
+	if swag.IsZero(m.Servers) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Servers); i++ {
+		if swag.IsZero(m.Servers[i]) { // not required
+			continue
+		}
+
+		if m.Servers[i] != nil {
+			if err := m.Servers[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("servers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *AdminInfoResponse) validateWidgets(formats strfmt.Registry) error {
+	if swag.IsZero(m.Widgets) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Widgets); i++ {
+		if swag.IsZero(m.Widgets[i]) { // not required
+			continue
+		}
+
+		if m.Widgets[i] != nil {
+			if err := m.Widgets[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("widgets" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this admin info response based on the context it is used
+func (m *AdminInfoResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateServers(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateWidgets(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AdminInfoResponse) contextValidateServers(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Servers); i++ {
+
+		if m.Servers[i] != nil {
+			if err := m.Servers[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("servers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *AdminInfoResponse) contextValidateWidgets(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Widgets); i++ {
+
+		if m.Widgets[i] != nil {
+			if err := m.Widgets[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("widgets" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
 	return nil
 }

--- a/models/arns_response.go
+++ b/models/arns_response.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -41,6 +43,11 @@ func (m *ArnsResponse) Validate(formats strfmt.Registry) error {
 	return nil
 }

+// ContextValidate validates this arns response based on context it is used
+func (m *ArnsResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *ArnsResponse) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/aws_configuration.go
+++ b/models/aws_configuration.go
@@ -0,0 +1,321 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AwsConfiguration aws configuration
+//
+// swagger:model awsConfiguration
+type AwsConfiguration struct {
+
+	// secretsmanager
+	// Required: true
+	Secretsmanager *AwsConfigurationSecretsmanager `json:"secretsmanager"`
+}
+
+// Validate validates this aws configuration
+func (m *AwsConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSecretsmanager(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfiguration) validateSecretsmanager(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager", "body", m.Secretsmanager); err != nil {
+		return err
+	}
+
+	if m.Secretsmanager != nil {
+		if err := m.Secretsmanager.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this aws configuration based on the context it is used
+func (m *AwsConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateSecretsmanager(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfiguration) contextValidateSecretsmanager(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Secretsmanager != nil {
+		if err := m.Secretsmanager.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfiguration) UnmarshalBinary(b []byte) error {
+	var res AwsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanager aws configuration secretsmanager
+//
+// swagger:model AwsConfigurationSecretsmanager
+type AwsConfigurationSecretsmanager struct {
+
+	// credentials
+	// Required: true
+	Credentials *AwsConfigurationSecretsmanagerCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// kmskey
+	Kmskey string `json:"kmskey,omitempty"`
+
+	// region
+	// Required: true
+	Region *string `json:"region"`
+}
+
+// Validate validates this aws configuration secretsmanager
+func (m *AwsConfigurationSecretsmanager) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegion(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateRegion(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"region", "body", m.Region); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this aws configuration secretsmanager based on the context it is used
+func (m *AwsConfigurationSecretsmanager) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateCredentials(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) contextValidateCredentials(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Credentials != nil {
+		if err := m.Credentials.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanager
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanagerCredentials aws configuration secretsmanager credentials
+//
+// swagger:model AwsConfigurationSecretsmanagerCredentials
+type AwsConfigurationSecretsmanagerCredentials struct {
+
+	// accesskey
+	// Required: true
+	Accesskey *string `json:"accesskey"`
+
+	// secretkey
+	// Required: true
+	Secretkey *string `json:"secretkey"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this aws configuration secretsmanager credentials
+func (m *AwsConfigurationSecretsmanagerCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccesskey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretkey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateAccesskey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"accesskey", "body", m.Accesskey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateSecretkey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"secretkey", "body", m.Secretkey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this aws configuration secretsmanager credentials based on context it is used
+func (m *AwsConfigurationSecretsmanagerCredentials) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanagerCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/azure_configuration.go
+++ b/models/azure_configuration.go
@@ -0,0 +1,313 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AzureConfiguration azure configuration
+//
+// swagger:model azureConfiguration
+type AzureConfiguration struct {
+
+	// keyvault
+	// Required: true
+	Keyvault *AzureConfigurationKeyvault `json:"keyvault"`
+}
+
+// Validate validates this azure configuration
+func (m *AzureConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKeyvault(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfiguration) validateKeyvault(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault", "body", m.Keyvault); err != nil {
+		return err
+	}
+
+	if m.Keyvault != nil {
+		if err := m.Keyvault.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this azure configuration based on the context it is used
+func (m *AzureConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateKeyvault(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfiguration) contextValidateKeyvault(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Keyvault != nil {
+		if err := m.Keyvault.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfiguration) UnmarshalBinary(b []byte) error {
+	var res AzureConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AzureConfigurationKeyvault azure configuration keyvault
+//
+// swagger:model AzureConfigurationKeyvault
+type AzureConfigurationKeyvault struct {
+
+	// credentials
+	Credentials *AzureConfigurationKeyvaultCredentials `json:"credentials,omitempty"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+}
+
+// Validate validates this azure configuration keyvault
+func (m *AzureConfigurationKeyvault) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) validateCredentials(formats strfmt.Registry) error {
+	if swag.IsZero(m.Credentials) { // not required
+		return nil
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this azure configuration keyvault based on the context it is used
+func (m *AzureConfigurationKeyvault) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateCredentials(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) contextValidateCredentials(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Credentials != nil {
+		if err := m.Credentials.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfigurationKeyvault) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfigurationKeyvault) UnmarshalBinary(b []byte) error {
+	var res AzureConfigurationKeyvault
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AzureConfigurationKeyvaultCredentials azure configuration keyvault credentials
+//
+// swagger:model AzureConfigurationKeyvaultCredentials
+type AzureConfigurationKeyvaultCredentials struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// client secret
+	// Required: true
+	ClientSecret *string `json:"client_secret"`
+
+	// tenant id
+	// Required: true
+	TenantID *string `json:"tenant_id"`
+}
+
+// Validate validates this azure configuration keyvault credentials
+func (m *AzureConfigurationKeyvaultCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateClientSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTenantID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateClientSecret(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"client_secret", "body", m.ClientSecret); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateTenantID(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"tenant_id", "body", m.TenantID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this azure configuration keyvault credentials based on context it is used
+func (m *AzureConfigurationKeyvaultCredentials) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfigurationKeyvaultCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfigurationKeyvaultCredentials) UnmarshalBinary(b []byte) error {
+	var res AzureConfigurationKeyvaultCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket.go
+++ b/models/bucket.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,9 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+	"encoding/json"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -35,16 +38,25 @@ import (
 type Bucket struct {

 	// access
-	Access BucketAccess `json:"access,omitempty"`
+	Access *BucketAccess `json:"access,omitempty"`

 	// creation date
 	CreationDate string `json:"creation_date,omitempty"`

+	// details
+	Details *BucketDetails `json:"details,omitempty"`
+
 	// name
 	// Required: true
 	// Min Length: 3
 	Name *string `json:"name"`

+	// objects
+	Objects int64 `json:"objects,omitempty"`
+
+	// rw access
+	RwAccess *BucketRwAccess `json:"rw_access,omitempty"`
+
 	// size
 	Size int64 `json:"size,omitempty"`
 }
@@ -57,10 +69,18 @@ func (m *Bucket) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateDetails(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}

+	if err := m.validateRwAccess(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -68,16 +88,34 @@ func (m *Bucket) Validate(formats strfmt.Registry) error {
 }

 func (m *Bucket) validateAccess(formats strfmt.Registry) error {
-
 	if swag.IsZero(m.Access) { // not required
 		return nil
 	}

-	if err := m.Access.Validate(formats); err != nil {
-		if ve, ok := err.(*errors.Validation); ok {
-			return ve.ValidateName("access")
+	if m.Access != nil {
+		if err := m.Access.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Bucket) validateDetails(formats strfmt.Registry) error {
+	if swag.IsZero(m.Details) { // not required
+		return nil
+	}
+
+	if m.Details != nil {
+		if err := m.Details.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details")
+			}
+			return err
 		}
-		return err
 	}

 	return nil
@@ -89,13 +127,94 @@ func (m *Bucket) validateName(formats strfmt.Registry) error {
 		return err
 	}

-	if err := validate.MinLength("name", "body", string(*m.Name), 3); err != nil {
+	if err := validate.MinLength("name", "body", *m.Name, 3); err != nil {
 		return err
 	}

 	return nil
 }

+func (m *Bucket) validateRwAccess(formats strfmt.Registry) error {
+	if swag.IsZero(m.RwAccess) { // not required
+		return nil
+	}
+
+	if m.RwAccess != nil {
+		if err := m.RwAccess.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("rw_access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket based on the context it is used
+func (m *Bucket) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAccess(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateDetails(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateRwAccess(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Bucket) contextValidateAccess(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Access != nil {
+		if err := m.Access.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Bucket) contextValidateDetails(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Details != nil {
+		if err := m.Details.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Bucket) contextValidateRwAccess(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.RwAccess != nil {
+		if err := m.RwAccess.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("rw_access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *Bucket) MarshalBinary() ([]byte, error) {
 	if m == nil {
@@ -113,3 +232,236 @@ func (m *Bucket) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// BucketDetails bucket details
+//
+// swagger:model BucketDetails
+type BucketDetails struct {
+
+	// locking
+	Locking bool `json:"locking,omitempty"`
+
+	// quota
+	Quota *BucketDetailsQuota `json:"quota,omitempty"`
+
+	// replication
+	Replication bool `json:"replication,omitempty"`
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+
+	// versioning
+	Versioning bool `json:"versioning,omitempty"`
+
+	// versioning suspended
+	VersioningSuspended bool `json:"versioningSuspended,omitempty"`
+}
+
+// Validate validates this bucket details
+func (m *BucketDetails) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateQuota(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketDetails) validateQuota(formats strfmt.Registry) error {
+	if swag.IsZero(m.Quota) { // not required
+		return nil
+	}
+
+	if m.Quota != nil {
+		if err := m.Quota.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details" + "." + "quota")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket details based on the context it is used
+func (m *BucketDetails) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateQuota(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketDetails) contextValidateQuota(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Quota != nil {
+		if err := m.Quota.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details" + "." + "quota")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketDetails) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketDetails) UnmarshalBinary(b []byte) error {
+	var res BucketDetails
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// BucketDetailsQuota bucket details quota
+//
+// swagger:model BucketDetailsQuota
+type BucketDetailsQuota struct {
+
+	// quota
+	Quota int64 `json:"quota,omitempty"`
+
+	// type
+	// Enum: [fifo hard]
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this bucket details quota
+func (m *BucketDetailsQuota) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var bucketDetailsQuotaTypeTypePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["fifo","hard"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketDetailsQuotaTypeTypePropEnum = append(bucketDetailsQuotaTypeTypePropEnum, v)
+	}
+}
+
+const (
+
+	// BucketDetailsQuotaTypeFifo captures enum value "fifo"
+	BucketDetailsQuotaTypeFifo string = "fifo"
+
+	// BucketDetailsQuotaTypeHard captures enum value "hard"
+	BucketDetailsQuotaTypeHard string = "hard"
+)
+
+// prop value enum
+func (m *BucketDetailsQuota) validateTypeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketDetailsQuotaTypeTypePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketDetailsQuota) validateType(formats strfmt.Registry) error {
+	if swag.IsZero(m.Type) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateTypeEnum("details"+"."+"quota"+"."+"type", "body", m.Type); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this bucket details quota based on context it is used
+func (m *BucketDetailsQuota) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketDetailsQuota) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketDetailsQuota) UnmarshalBinary(b []byte) error {
+	var res BucketDetailsQuota
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// BucketRwAccess bucket rw access
+//
+// swagger:model BucketRwAccess
+type BucketRwAccess struct {
+
+	// read
+	Read bool `json:"read,omitempty"`
+
+	// write
+	Write bool `json:"write,omitempty"`
+}
+
+// Validate validates this bucket rw access
+func (m *BucketRwAccess) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket rw access based on context it is used
+func (m *BucketRwAccess) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketRwAccess) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketRwAccess) UnmarshalBinary(b []byte) error {
+	var res BucketRwAccess
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_access.go
+++ b/models/bucket_access.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,7 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
 	"encoding/json"

 	"github.com/go-openapi/errors"
@@ -35,6 +36,11 @@ import (
 // swagger:model bucketAccess
 type BucketAccess string

+func NewBucketAccess(value BucketAccess) *BucketAccess {
+	v := value
+	return &v
+}
+
 const (

 	// BucketAccessPRIVATE captures enum value "PRIVATE"
@@ -81,3 +87,8 @@ func (m BucketAccess) Validate(formats strfmt.Registry) error {
 	}
 	return nil
 }
+
+// ContextValidate validates this bucket access based on context it is used
+func (m BucketAccess) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
--- a/models/bucket_encryption_info.go
+++ b/models/bucket_encryption_info.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionInfo bucket encryption info
+//
+// swagger:model bucketEncryptionInfo
+type BucketEncryptionInfo struct {
+
+	// algorithm
+	Algorithm string `json:"algorithm,omitempty"`
+
+	// kms master key ID
+	KmsMasterKeyID string `json:"kmsMasterKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption info
+func (m *BucketEncryptionInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket encryption info based on context it is used
+func (m *BucketEncryptionInfo) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionInfo) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_encryption_request.go
+++ b/models/bucket_encryption_request.go
@@ -0,0 +1,120 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionRequest bucket encryption request
+//
+// swagger:model bucketEncryptionRequest
+type BucketEncryptionRequest struct {
+
+	// enc type
+	EncType *BucketEncryptionType `json:"encType,omitempty"`
+
+	// kms key ID
+	KmsKeyID string `json:"kmsKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption request
+func (m *BucketEncryptionRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEncType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketEncryptionRequest) validateEncType(formats strfmt.Registry) error {
+	if swag.IsZero(m.EncType) { // not required
+		return nil
+	}
+
+	if m.EncType != nil {
+		if err := m.EncType.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("encType")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket encryption request based on the context it is used
+func (m *BucketEncryptionRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateEncType(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketEncryptionRequest) contextValidateEncType(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.EncType != nil {
+		if err := m.EncType.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("encType")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionRequest) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_encryption_type.go
+++ b/models/bucket_encryption_type.go
@@ -0,0 +1,91 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// BucketEncryptionType bucket encryption type
+//
+// swagger:model bucketEncryptionType
+type BucketEncryptionType string
+
+func NewBucketEncryptionType(value BucketEncryptionType) *BucketEncryptionType {
+	v := value
+	return &v
+}
+
+const (
+
+	// BucketEncryptionTypeSseDashS3 captures enum value "sse-s3"
+	BucketEncryptionTypeSseDashS3 BucketEncryptionType = "sse-s3"
+
+	// BucketEncryptionTypeSseDashKms captures enum value "sse-kms"
+	BucketEncryptionTypeSseDashKms BucketEncryptionType = "sse-kms"
+)
+
+// for schema
+var bucketEncryptionTypeEnum []interface{}
+
+func init() {
+	var res []BucketEncryptionType
+	if err := json.Unmarshal([]byte(`["sse-s3","sse-kms"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketEncryptionTypeEnum = append(bucketEncryptionTypeEnum, v)
+	}
+}
+
+func (m BucketEncryptionType) validateBucketEncryptionTypeEnum(path, location string, value BucketEncryptionType) error {
+	if err := validate.EnumCase(path, location, value, bucketEncryptionTypeEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this bucket encryption type
+func (m BucketEncryptionType) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateBucketEncryptionTypeEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// ContextValidate validates this bucket encryption type based on context it is used
+func (m BucketEncryptionType) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
--- a/models/bucket_event_request.go
+++ b/models/bucket_event_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -74,6 +76,34 @@ func (m *BucketEventRequest) validateConfiguration(formats strfmt.Registry) erro
 	return nil
 }

+// ContextValidate validate this bucket event request based on the context it is used
+func (m *BucketEventRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateConfiguration(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketEventRequest) contextValidateConfiguration(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Configuration != nil {
+		if err := m.Configuration.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configuration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *BucketEventRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/bucket_lifecycle_response.go
+++ b/models/bucket_lifecycle_response.go
@@ -0,0 +1,129 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketLifecycleResponse bucket lifecycle response
+//
+// swagger:model bucketLifecycleResponse
+type BucketLifecycleResponse struct {
+
+	// lifecycle
+	Lifecycle []*ObjectBucketLifecycle `json:"lifecycle"`
+}
+
+// Validate validates this bucket lifecycle response
+func (m *BucketLifecycleResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateLifecycle(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketLifecycleResponse) validateLifecycle(formats strfmt.Registry) error {
+	if swag.IsZero(m.Lifecycle) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Lifecycle); i++ {
+		if swag.IsZero(m.Lifecycle[i]) { // not required
+			continue
+		}
+
+		if m.Lifecycle[i] != nil {
+			if err := m.Lifecycle[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("lifecycle" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket lifecycle response based on the context it is used
+func (m *BucketLifecycleResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateLifecycle(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketLifecycleResponse) contextValidateLifecycle(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Lifecycle); i++ {
+
+		if m.Lifecycle[i] != nil {
+			if err := m.Lifecycle[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("lifecycle" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketLifecycleResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketLifecycleResponse) UnmarshalBinary(b []byte) error {
+	var res BucketLifecycleResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_ob_locking_response.go
+++ b/models/bucket_ob_locking_response.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObLockingResponse bucket ob locking response
+//
+// swagger:model bucketObLockingResponse
+type BucketObLockingResponse struct {
+
+	// object locking enabled
+	ObjectLockingEnabled bool `json:"object_locking_enabled,omitempty"`
+}
+
+// Validate validates this bucket ob locking response
+func (m *BucketObLockingResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket ob locking response based on context it is used
+func (m *BucketObLockingResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObLockingResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObLockingResponse) UnmarshalBinary(b []byte) error {
+	var res BucketObLockingResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_object.go
+++ b/models/bucket_object.go
@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObject bucket object
+//
+// swagger:model bucketObject
+type BucketObject struct {
+
+	// content type
+	ContentType string `json:"content_type,omitempty"`
+
+	// expiration
+	Expiration string `json:"expiration,omitempty"`
+
+	// expiration rule id
+	ExpirationRuleID string `json:"expiration_rule_id,omitempty"`
+
+	// is delete marker
+	IsDeleteMarker bool `json:"is_delete_marker,omitempty"`
+
+	// is latest
+	IsLatest bool `json:"is_latest,omitempty"`
+
+	// last modified
+	LastModified string `json:"last_modified,omitempty"`
+
+	// legal hold status
+	LegalHoldStatus string `json:"legal_hold_status,omitempty"`
+
+	// metadata
+	Metadata map[string]string `json:"metadata,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// retention mode
+	RetentionMode string `json:"retention_mode,omitempty"`
+
+	// retention until date
+	RetentionUntilDate string `json:"retention_until_date,omitempty"`
+
+	// size
+	Size int64 `json:"size,omitempty"`
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+
+	// user metadata
+	UserMetadata map[string]string `json:"user_metadata,omitempty"`
+
+	// user tags
+	UserTags map[string]string `json:"user_tags,omitempty"`
+
+	// version id
+	VersionID string `json:"version_id,omitempty"`
+}
+
+// Validate validates this bucket object
+func (m *BucketObject) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket object based on context it is used
+func (m *BucketObject) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObject) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObject) UnmarshalBinary(b []byte) error {
+	var res BucketObject
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_quota.go
+++ b/models/bucket_quota.go
@@ -0,0 +1,125 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// BucketQuota bucket quota
+//
+// swagger:model bucketQuota
+type BucketQuota struct {
+
+	// quota
+	Quota int64 `json:"quota,omitempty"`
+
+	// type
+	// Enum: [hard fifo]
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this bucket quota
+func (m *BucketQuota) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var bucketQuotaTypeTypePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["hard","fifo"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketQuotaTypeTypePropEnum = append(bucketQuotaTypeTypePropEnum, v)
+	}
+}
+
+const (
+
+	// BucketQuotaTypeHard captures enum value "hard"
+	BucketQuotaTypeHard string = "hard"
+
+	// BucketQuotaTypeFifo captures enum value "fifo"
+	BucketQuotaTypeFifo string = "fifo"
+)
+
+// prop value enum
+func (m *BucketQuota) validateTypeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketQuotaTypeTypePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketQuota) validateType(formats strfmt.Registry) error {
+	if swag.IsZero(m.Type) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateTypeEnum("type", "body", m.Type); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this bucket quota based on context it is used
+func (m *BucketQuota) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketQuota) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketQuota) UnmarshalBinary(b []byte) error {
+	var res BucketQuota
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_destination.go
+++ b/models/bucket_replication_destination.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationDestination bucket replication destination
+//
+// swagger:model bucketReplicationDestination
+type BucketReplicationDestination struct {
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+}
+
+// Validate validates this bucket replication destination
+func (m *BucketReplicationDestination) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket replication destination based on context it is used
+func (m *BucketReplicationDestination) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationDestination) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationDestination) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationDestination
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_response.go
+++ b/models/bucket_replication_response.go
@@ -0,0 +1,129 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationResponse bucket replication response
+//
+// swagger:model bucketReplicationResponse
+type BucketReplicationResponse struct {
+
+	// rules
+	Rules []*BucketReplicationRule `json:"rules"`
+}
+
+// Validate validates this bucket replication response
+func (m *BucketReplicationResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateRules(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationResponse) validateRules(formats strfmt.Registry) error {
+	if swag.IsZero(m.Rules) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Rules); i++ {
+		if swag.IsZero(m.Rules[i]) { // not required
+			continue
+		}
+
+		if m.Rules[i] != nil {
+			if err := m.Rules[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("rules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket replication response based on the context it is used
+func (m *BucketReplicationResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateRules(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationResponse) contextValidateRules(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Rules); i++ {
+
+		if m.Rules[i] != nil {
+			if err := m.Rules[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("rules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationResponse) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_rule.go
+++ b/models/bucket_replication_rule.go
@@ -0,0 +1,246 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// BucketReplicationRule bucket replication rule
+//
+// swagger:model bucketReplicationRule
+type BucketReplicationRule struct {
+
+	// bandwidth
+	Bandwidth string `json:"bandwidth,omitempty"`
+
+	// delete marker replication
+	DeleteMarkerReplication bool `json:"delete_marker_replication,omitempty"`
+
+	// deletes replication
+	DeletesReplication bool `json:"deletes_replication,omitempty"`
+
+	// destination
+	Destination *BucketReplicationDestination `json:"destination,omitempty"`
+
+	// health check period
+	HealthCheckPeriod int64 `json:"healthCheckPeriod,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+
+	// metadata replication
+	MetadataReplication bool `json:"metadata_replication,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// priority
+	Priority int32 `json:"priority,omitempty"`
+
+	// status
+	// Enum: [Enabled Disabled]
+	Status string `json:"status,omitempty"`
+
+	// sync mode
+	// Enum: [async sync]
+	SyncMode *string `json:"syncMode,omitempty"`
+
+	// tags
+	Tags string `json:"tags,omitempty"`
+}
+
+// Validate validates this bucket replication rule
+func (m *BucketReplicationRule) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDestination(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSyncMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateDestination(formats strfmt.Registry) error {
+	if swag.IsZero(m.Destination) { // not required
+		return nil
+	}
+
+	if m.Destination != nil {
+		if err := m.Destination.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("destination")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+var bucketReplicationRuleTypeStatusPropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["Enabled","Disabled"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleTypeStatusPropEnum = append(bucketReplicationRuleTypeStatusPropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleStatusEnabled captures enum value "Enabled"
+	BucketReplicationRuleStatusEnabled string = "Enabled"
+
+	// BucketReplicationRuleStatusDisabled captures enum value "Disabled"
+	BucketReplicationRuleStatusDisabled string = "Disabled"
+)
+
+// prop value enum
+func (m *BucketReplicationRule) validateStatusEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleTypeStatusPropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateStatus(formats strfmt.Registry) error {
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateStatusEnum("status", "body", m.Status); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var bucketReplicationRuleTypeSyncModePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["async","sync"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleTypeSyncModePropEnum = append(bucketReplicationRuleTypeSyncModePropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleSyncModeAsync captures enum value "async"
+	BucketReplicationRuleSyncModeAsync string = "async"
+
+	// BucketReplicationRuleSyncModeSync captures enum value "sync"
+	BucketReplicationRuleSyncModeSync string = "sync"
+)
+
+// prop value enum
+func (m *BucketReplicationRule) validateSyncModeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleTypeSyncModePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateSyncMode(formats strfmt.Registry) error {
+	if swag.IsZero(m.SyncMode) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateSyncModeEnum("syncMode", "body", *m.SyncMode); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket replication rule based on the context it is used
+func (m *BucketReplicationRule) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateDestination(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) contextValidateDestination(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Destination != nil {
+		if err := m.Destination.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("destination")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationRule) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationRule) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationRule
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_versioning_response.go
+++ b/models/bucket_versioning_response.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketVersioningResponse bucket versioning response
+//
+// swagger:model bucketVersioningResponse
+type BucketVersioningResponse struct {
+
+	// is versioned
+	IsVersioned bool `json:"is_versioned,omitempty"`
+}
+
+// Validate validates this bucket versioning response
+func (m *BucketVersioningResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket versioning response based on context it is used
+func (m *BucketVersioningResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketVersioningResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketVersioningResponse) UnmarshalBinary(b []byte) error {
+	var res BucketVersioningResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bulk_user_groups.go
+++ b/models/bulk_user_groups.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"context"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -79,6 +81,11 @@ func (m *BulkUserGroups) validateUsers(formats strfmt.Registry) error {
 	return nil
 }

+// ContextValidate validates this bulk user groups based on context it is used
+func (m *BulkUserGroups) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *BulkUserGroups) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/certificate_info.go
+++ b/models/certificate_info.go
@@ -0,0 +1,76 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CertificateInfo certificate info
+//
+// swagger:model certificateInfo
+type CertificateInfo struct {
+
+	// domains
+	Domains []string `json:"domains"`
+
+	// expiry
+	Expiry string `json:"expiry,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// serial number
+	SerialNumber string `json:"serialNumber,omitempty"`
+}
+
+// Validate validates this certificate info
+func (m *CertificateInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this certificate info based on context it is used
+func (m *CertificateInfo) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CertificateInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CertificateInfo) UnmarshalBinary(b []byte) error {
+	var res CertificateInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/change_user_password_request.go
+++ b/models/change_user_password_request.go
@@ -0,0 +1,105 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ChangeUserPasswordRequest change user password request
+//
+// swagger:model changeUserPasswordRequest
+type ChangeUserPasswordRequest struct {
+
+	// new secret key
+	// Required: true
+	NewSecretKey *string `json:"newSecretKey"`
+
+	// selected user
+	// Required: true
+	SelectedUser *string `json:"selectedUser"`
+}
+
+// Validate validates this change user password request
+func (m *ChangeUserPasswordRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateNewSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSelectedUser(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ChangeUserPasswordRequest) validateNewSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("newSecretKey", "body", m.NewSecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ChangeUserPasswordRequest) validateSelectedUser(formats strfmt.Registry) error {
+
+	if err := validate.Required("selectedUser", "body", m.SelectedUser); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this change user password request based on context it is used
+func (m *ChangeUserPasswordRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ChangeUserPasswordRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ChangeUserPasswordRequest) UnmarshalBinary(b []byte) error {
+	var res ChangeUserPasswordRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/Show More
+++ b/Show More