update to v0.3.23

Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>

.dockerignore

@@ -1,5 +1,6 @@
 node_modules/
 dist/
 target/
-mcs
-!mcs/
+console
+!console/
+portal-ui/node_modules/

.github/workflows/codeql.yml

@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 19 * * 0'
+
+jobs:
+  CodeQL-Build:
+
+    # CodeQL runs on ubuntu-latest and windows-latest
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+      
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/go.yml

@@ -14,25 +14,23 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.14.x]
+        go-version: [1.13.x, 1.14.x]
         os: [ubuntu-latest]
     steps:
       - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v2
         with:
           go-version: ${{ matrix.go-version }}
         id: go
 
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v1
+        uses: actions/checkout@v2
 
       - name: Build on ${{ matrix.os }}
         env:
           GO111MODULE: on
           GOOS: linux
         run: |
-          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0
-          $(go env GOPATH)/bin/golangci-lint run --timeout=5m --config ./.golangci.yml
-          go mod vendor
-          go test -v -race ./...
-          make mcs
+          make verifiers
+          make test
+          make console

.github/workflows/release.yml

@@ -1,48 +0,0 @@
-name: goreleaser
-
-on:
-  pull_request:
-  push:
-
-jobs:
-  goreleaser:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-      -
-        name: Unshallow
-        run: git fetch --prune --unshallow
-      -
-        name: Set up Go
-        uses: actions/setup-go@v1
-        with:
-          go-version: 1.14.x
-      -
-        name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@53acad1befee355d46f71cccf6ab4d885eb4f77f
-        with:
-          version: latest
-          args: release --skip-publish --rm-dist --snapshot
-      -
-        name: Upload Win64 Binaries
-        uses: actions/upload-artifact@v1
-        if: success()
-        with:
-          name: MCS-Snapshot-Build-Win64
-          path: dist/mcs_windows_amd64
-      -
-        name: Upload Linux Binaries
-        uses: actions/upload-artifact@v1
-        if: success()
-        with:
-          name: MCS-Snapshot-Build-Linux-amd64
-          path: dist/mcs_linux_amd64
-      -
-        name: Upload MacOS Binaries
-        uses: actions/upload-artifact@v1
-        if: success()
-        with:
-          name: MCS-Snapshot-Build-MacOSX-amd64
-          path: dist/mcs_darwin_amd64

.gitignore

@@ -19,8 +19,8 @@ vendor/
 
 # Ignore executables
 target/
-mcs
-!mcs/
+console
+!console/
 
 dist/
 
@@ -31,3 +31,4 @@ public.crt
 # Ignore VsCode files
 .vscode/
 *.code-workspace
+*~

.golangci.yml

@@ -1,4 +1,7 @@
 linters-settings:
+  golint:
+    min-confidence: 0
+
   misspell:
     locale: US
 
@@ -14,4 +17,12 @@ linters:
     - gosimple
     - deadcode
     - unparam
+    - unused
     - structcheck
+
+service:
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
+
+run:
+  skip-dirs:
+    - pkg/clientgen

.goreleaser.yml

@@ -1,11 +1,18 @@
 # This is an example goreleaser.yaml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
-project_name: mcs
+project_name: console
+
+release:
+   name_template: "Version {{.Version}}"
+   github:
+    owner: minio
+    name: console
 
 before:
   hooks:
     # you may remove this if you don't use vgo
     - go mod tidy
+
 builds:
   -
     goos:
@@ -16,14 +23,41 @@ builds:
     goarch:
       - amd64
       - arm64
+
+    ignore:
+      - goos: darwin
+        goarch: arm64
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+
     env:
       - CGO_ENABLED=0
-    main: ./cmd/mcs/
+    main: ./cmd/console/
     flags:
       - -trimpath
       - --tags=kqueue
     ldflags:
-      - -s -w -X github.com/minio/mcs/pkg.ReleaseTag={{.Tag}} -X github.com/minio/warp/pkg.CommitID={{.FullCommit}} -X github.com/minio/warp/pkg.Version={{.Version}} -X github.com/minio/warp/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/warp/pkg.ReleaseTime={{.Date}}
+      - -s -w -X github.com/minio/console/pkg.ReleaseTag={{.Tag}} -X github.com/minio/console/pkg.CommitID={{.FullCommit}} -X github.com/minio/console/pkg.Version={{.Version}} -X github.com/minio/console/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/console/pkg.ReleaseTime={{.Date}}
 archives:
   -
     replacements:
@@ -51,7 +85,7 @@ changelog:
 nfpms:
   -
     vendor: MinIO Inc.
-    homepage: https://github.com/minio/mcs
+    homepage: https://github.com/minio/console
     maintainer: MinIO <minio@minio.io>
     description: MinIO Console Server
     license: GNU Affero General Public License v3.0
@@ -71,5 +105,5 @@ dockers:
     goarch: amd64
     dockerfile: Dockerfile.release
     image_templates:
-      - "minio/mcs:{{ .Tag }}"
-      - "minio/mcs:latest"
+      - "minio/console:{{ .Tag }}"
+      - "minio/console:latest"

CONTRIBUTING.md

@@ -20,7 +20,7 @@ make swagger-gen
 
 This will update all the necessary code.
 
-`./restapi/configure_mcs.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
 
 ## Unit Tests
 `./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
@@ -47,7 +47,7 @@ $ git push origin my-new-feature
 Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
 
 ## FAQs
-### How does ``mcs`` manages dependencies?
+### How does ``console`` manages dependencies?
 ``MinIO`` uses `go mod` to manage its dependencies.
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
 
@@ -55,5 +55,5 @@ To remove a dependency
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
 
-### What are the coding guidelines for mcs?
-``mcs`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+### What are the coding guidelines for console?
+``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).

DEVELOPMENT.md

@@ -0,0 +1,127 @@
+# LDAP authentication with Console
+
+## Setup
+
+Run openLDAP with docker.
+
+```
+$ docker run --rm -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.3.0
+```
+
+Run the `billy.ldif` file using `ldapadd` command to create a new user and assign it to a group.
+
+```
+$ cat > billy.ldif << EOF
+# LDIF fragment to create group branch under root
+dn: uid=billy,dc=example,dc=org
+uid: billy
+cn: billy
+sn: 3
+objectClass: top
+objectClass: posixAccount
+objectClass: inetOrgPerson
+loginShell: /bin/bash
+homeDirectory: /home/billy
+uidNumber: 14583102
+gidNumber: 14564100
+userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
+mail: billy@example.org
+gecos: Billy User
+# Create base group
+dn: ou=groups,dc=example,dc=org
+objectclass:organizationalunit
+ou: groups
+description: generic groups branch
+# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+objectClass: top
+objectClass: posixGroup
+gidNumber: 678
+# Assing group to new user
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+changetype: modify
+add: memberuid
+memberuid: billy
+EOF
+
+$ docker cp billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
+$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ
+```
+
+Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list 
+containing ldap users and groups.
+
+```
+$ docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+```
+
+Query the ldap server again, this time filtering only for the user `billy`, you should see only 1 record.
+
+```
+$ docker exec my-openldap-container ldapsearch -x -H ldap://localhost -b uid=billy,dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
+```
+
+### Change the password for user billy
+
+Set the new password for `billy` to `minio123` and enter `admin` as the default `LDAP Password` 
+
+```
+$ docker exec -it my-openldap-container /bin/bash
+# ldappasswd -H ldap://localhost -x -D "cn=admin,dc=example,dc=org" -W -S "uid=billy,dc=example,dc=org"
+New password:
+Re-enter new password:
+Enter LDAP Password:
+```
+
+### Add the consoleAdmin policy to user billy on MinIO
+```
+$ cat > consoleAdmin.json << EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "admin:*"
+      ],
+      "Effect": "Allow",
+      "Sid": ""
+    },
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::*"
+      ],
+      "Sid": ""
+    }
+  ]
+}
+EOF
+$ mc admin policy add myminio consoleAdmin consoleAdmin.json
+$ mc admin policy set myminio consoleAdmin user=billy
+```
+
+## Run MinIO
+
+```
+export MINIO_ACCESS_KEY=minio
+export MINIO_SECRET_KEY=minio123
+export MINIO_IDENTITY_LDAP_SERVER_ADDR='localhost:389'
+export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='uid=%s,dc=example,dc=org'
+export MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER='(|(objectclass=posixAccount)(uid=%s))'
+export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on
+export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on
+./minio server ~/Data
+```
+
+## Run Console
+
+```
+export CONSOLE_ACCESS_KEY=minio
+export CONSOLE_SECRET_KEY=minio123
+...
+export CONSOLE_LDAP_ENABLED=on
+./console server
+```

Dockerfile

@@ -1,24 +1,26 @@
-FROM golang:1.14.1
+FROM golang:1.13
+
+RUN apt-get update -y && apt-get install -y ca-certificates
+
+ADD go.mod /go/src/github.com/minio/console/go.mod
+ADD go.sum /go/src/github.com/minio/console/go.sum
+WORKDIR /go/src/github.com/minio/console/
 
-ADD go.mod /go/src/github.com/minio/mcs/go.mod
-ADD go.sum /go/src/github.com/minio/mcs/go.sum
-WORKDIR /go/src/github.com/minio/mcs/
 # Get dependencies - will also be cached if we won't change mod/sum
 RUN go mod download
 
-ADD . /go/src/github.com/minio/mcs/
-WORKDIR /go/src/github.com/minio/mcs/
+ADD . /go/src/github.com/minio/console/
+WORKDIR /go/src/github.com/minio/console/
 
 ENV CGO_ENABLED=0
 
-RUN apt-get update -y && apt-get install -y ca-certificates
-RUN go build -ldflags "-w -s" -a -o mcs ./cmd/mcs
+RUN go build -ldflags "-w -s" -a -o console ./cmd/console
 
 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
 
 COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=0 /go/src/github.com/minio/mcs/mcs .
+COPY --from=0 /go/src/github.com/minio/console/console .
 
-CMD ["/mcs"]
+ENTRYPOINT ["/console"]

Dockerfile.release

@@ -1,6 +1,12 @@
+FROM ubuntu:18.04 as certs
+
+RUN apt-get update -y && apt-get install -y ca-certificates
+
 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
-COPY mcs /mcs
+COPY console /console
 
-ENTRYPOINT ["/mcs"]
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+ENTRYPOINT ["/console"]

Makefile

@@ -1,34 +1,66 @@
 PWD := $(shell pwd)
 GOPATH := $(shell go env GOPATH)
+# Sets the build version based on the output of the following command, if we are building for a tag, that's the build else it uses the current git branch as the build
+BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
+BUILD_TIME:=$(shell date 2>/dev/null)
+TAG ?= "minio/console:$(VERSION)-dev"
 
-default: mcs
+default: console
 
-.PHONY: mcs
-mcs:
-	@echo "Building mcs binary to './mcs'"
-	@(CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o mcs ./cmd/mcs)
+.PHONY: console
+console:
+	@echo "Building Console binary to './console'"
+	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o console ./cmd/console)
 
-install: mcs
-	@echo "Installing mcs binary to '$(GOPATH)/bin/mcs'"
-	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/mcs $(GOPATH)/bin/mcs
-	@echo "Installation successful. To learn more, try \"mcs --help\"."
+k8sdev:
+	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@kind load docker-image $(TAG)
+	@echo "Done, now restart your console deployment"
+
+getdeps:
+	@mkdir -p ${GOPATH}/bin
+	@which golangci-lint 1>/dev/null || (echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.27.0)
+
+verifiers: getdeps fmt lint
+
+fmt:
+	@echo "Running $@ check"
+	@GO111MODULE=on gofmt -d restapi/
+	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/
+
+lint:
+	@echo "Running $@ check"
+	@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
+	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml
+
+install: console
+	@echo "Installing console binary to '$(GOPATH)/bin/console'"
+	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
+	@echo "Installation successful. To learn more, try \"console --help\"."
 
 swagger-gen:
 	@echo "Generating swagger server code from yaml"
-	@swagger generate server -A mcs --main-package=mcs --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@rm -rf models
+	@rm -rf restapi/operations
+	@swagger generate server -A console --main-package=console --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
 
 assets:
 	@(cd portal-ui; yarn install; make build-static; cd ..)
 
 test:
-	@(go test -race -v github.com/minio/mcs/restapi/...)
-	@(go test -race -v github.com/minio/mcs/pkg/auth/...)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/pkg/...)
 
 coverage:
-	@(go test -v -coverprofile=coverage.out github.com/minio/mcs/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)
 
 clean:
 	@echo "Cleaning up all the generated files"
 	@find . -name '*.test' | xargs rm -fv
 	@find . -name '*~' | xargs rm -fv
-	@rm -vf mcs
+	@rm -vf console
+
+docker:
+	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .

README.md

@@ -1,74 +1,130 @@
-# Minio Console Server
+# MinIO Console
 
 A graphical user interface for [MinIO](https://github.com/minio/minio)
 
+
+| Dashboard  | Adding A User |
+| ------------- | ------------- |
+| ![Dashboard](images/pic1.png)  | ![Dashboard](images/pic2.png) |
+
 ## Setup
 
-All `mcs` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
+All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
 > Note: We don't recommend using MinIO's Operator Credentials
 
-1. Create a user for `mcs` using `mc`. 
+1. Create a user for `console` using `mc`. 
 ```
 $ set +o history
-$ mc admin user add myminio mcs YOURMCSSECRET
+$ mc admin user add myminio console YOURCONSOLESECRET
 $ set -o history
 ```
 
-2. Create a policy for `mcs`
+2. Create a policy for `console` with access to everything (for testing and debugging)
 
 ```
-$ cat > mcsAdmin.json << EOF
+$ cat > consoleAdmin.json << EOF
 {
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "admin:*"
-      ],
-      "Effect": "Allow",
-      "Sid": ""
-    },
-    {
-      "Action": [
-        "s3:*"
-      ],
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws:s3:::*"
-      ],
-      "Sid": ""
-    }
-  ]
+	"Version": "2012-10-17",
+	"Statement": [{
+			"Action": [
+				"admin:*"
+			],
+			"Effect": "Allow",
+			"Sid": ""
+		},
+		{
+			"Action": [
+                "s3:*"
+			],
+			"Effect": "Allow",
+			"Resource": [
+				"arn:aws:s3:::*"
+			],
+			"Sid": ""
+		}
+	]
 }
 EOF
-$ mc admin policy add myminio mcsAdmin mcsAdmin.json
+$ mc admin policy add myminio consoleAdmin consoleAdmin.json
 ```
 
-3. Set the policy for the new `mcs` user
+3. Set the policy for the new `console` user
 
 ```
-$ mc admin policy set myminio mcsAdmin user=mcs
+$ mc admin policy set myminio consoleAdmin user=console
 ```
 
-## Run MCS server
+
+### Note
+Additionally, you can create policies to limit the privileges for `console` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+```
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+			"Action": [
+				"admin:ServerInfo"
+			],
+			"Effect": "Allow",
+			"Sid": ""
+		},
+		{
+			"Action": [
+				"s3:ListenBucketNotification",
+				"s3:PutBucketNotification",
+				"s3:GetBucketNotification",
+				"s3:ListMultipartUploadParts",
+				"s3:ListBucketMultipartUploads",
+				"s3:ListBucket",
+				"s3:HeadBucket",
+				"s3:GetObject",
+				"s3:GetBucketLocation",
+				"s3:AbortMultipartUpload",
+				"s3:CreateBucket",
+				"s3:PutObject",
+				"s3:DeleteObject",
+				"s3:DeleteBucket",
+				"s3:PutBucketPolicy",
+				"s3:DeleteBucketPolicy",
+				"s3:GetBucketPolicy"
+			],
+			"Effect": "Allow",
+			"Resource": [
+				"arn:aws:s3:::*"
+			],
+			"Sid": ""
+		}
+	]
+}
+```
+
+## Run Console server
 To run the server:
 
 ```
-export MCS_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
+export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
 
 #required to encrypt jwet payload
-export MCS_PBKDF_PASSPHRASE=SECRET
+export CONSOLE_PBKDF_PASSPHRASE=SECRET
 
 #required to encrypt jwet payload
-export MCS_PBKDF_SALT=SECRET
+export CONSOLE_PBKDF_SALT=SECRET
 
-export MCS_ACCESS_KEY=mcs
-export MCS_SECRET_KEY=YOURMCSSECRET
-export MCS_MINIO_SERVER=http://localhost:9000
-./mcs server
+export CONSOLE_ACCESS_KEY=console
+export CONSOLE_SECRET_KEY=YOURCONSOLESECRET
+export CONSOLE_MINIO_SERVER=http://localhost:9000
+./console server
+```
+
+## Connect Console to a Minio using TLS and a self-signed certificate
+
+```
+...
+export CONSOLE_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
+export CONSOLE_MINIO_SERVER=https://localhost:9000
+./console server
 ```
 
 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`
 
-# Contribute to mcs Project
-Please follow mcs [Contributor's Guide](https://github.com/minio/mcs/blob/master/CONTRIBUTING.md)
+# Contribute to console Project
+Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)

SECURITY.md

@@ -2,12 +2,12 @@
 
 ## Supported Versions
 
-We always provide security updates for the [latest release](https://github.com/minio/mcs/releases/latest).
+We always provide security updates for the [latest release](https://github.com/minio/console/releases/latest).
 Whenever there is a security update you just need to upgrade to the latest version.
 
 ## Reporting a Vulnerability
 
-All security bugs in [minio/mcs](https://github,com/minio/mcs) (or other minio/* repositories)
+All security bugs in [minio/console](https://github,com/minio/console) (or other minio/* repositories)
 should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
 and you'll receive a more detailed response to your email within 72 hours indicating the next steps
 in handling your report.

cluster/cluster.go

@@ -0,0 +1,65 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2019 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	operator "github.com/minio/operator/pkg/client/clientset/versioned"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	certutil "k8s.io/client-go/util/cert"
+)
+
+// getTLSClientConfig will return the right TLS configuration for the K8S client based on the configured TLS certificate
+func getTLSClientConfig() rest.TLSClientConfig {
+	var defaultRootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	var customRootCAFile = getK8sAPIServerTLSRootCA()
+	tlsClientConfig := rest.TLSClientConfig{}
+	// if console is running inside k8s by default he will have access to the CA Cert from the k8s local authority
+	if _, err := certutil.NewPool(defaultRootCAFile); err == nil {
+		tlsClientConfig.CAFile = defaultRootCAFile
+	}
+	// if the user explicitly define a custom CA certificate, instead, we will use that
+	if customRootCAFile != "" {
+		if _, err := certutil.NewPool(customRootCAFile); err == nil {
+			tlsClientConfig.CAFile = customRootCAFile
+		}
+	}
+	return tlsClientConfig
+}
+
+// This operation will run only once at console startup
+var tlsClientConfig = getTLSClientConfig()
+
+func GetK8sConfig(token string) *rest.Config {
+	config := &rest.Config{
+		Host:            GetK8sAPIServer(),
+		TLSClientConfig: tlsClientConfig,
+		APIPath:         "/",
+		BearerToken:     token,
+	}
+	return config
+}
+
+// OperatorClient returns an operator client using GetK8sConfig for its config
+func OperatorClient(token string) (*operator.Clientset, error) {
+	return operator.NewForConfig(GetK8sConfig(token))
+}
+
+// K8sClient returns kubernetes client using GetK8sConfig for its config
+func K8sClient(token string) (*kubernetes.Clientset, error) {
+	return kubernetes.NewForConfig(GetK8sConfig(token))
+}

cluster/config.go

@@ -0,0 +1,168 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2019 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/minio/minio/pkg/env"
+)
+
+var (
+	errCantDetermineMinIOImage = errors.New("can't determine MinIO Image")
+	errCantDetermineMCImage    = errors.New("can't determine MC Image")
+)
+
+func GetK8sAPIServer() string {
+	// if console is running inside a k8s pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT will contain the k8s api server apiServerAddress
+	// if console is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
+	// NOTE: using kubectl proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
+	// more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
+	// you can override this using CONSOLE_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
+	host, port := env.Get("KUBERNETES_SERVICE_HOST", ""), env.Get("KUBERNETES_SERVICE_PORT", "")
+	apiServerAddress := "http://localhost:8001"
+	if host != "" && port != "" {
+		apiServerAddress = "https://" + net.JoinHostPort(host, port)
+	}
+	return env.Get(ConsoleK8sAPIServer, apiServerAddress)
+}
+
+// If CONSOLE_K8S_API_SERVER_TLS_ROOT_CA is true console will load the certificate into the
+// http.client rootCAs pool, this is useful for testing an k8s ApiServer or when working with self-signed certificates
+func getK8sAPIServerTLSRootCA() string {
+	return strings.TrimSpace(env.Get(ConsoleK8SAPIServerTLSRootCA, ""))
+}
+
+// GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
+// /var/run/secrets/kubernetes.io/serviceaccount/namespace file
+func GetNsFromFile() string {
+	dat, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+	if err != nil {
+		return "default"
+	}
+	return string(dat)
+}
+
+// This operation will run only once at console startup
+var namespace = GetNsFromFile()
+
+// Returns the namespace in which the controller is installed
+func GetNs() string {
+	return env.Get(ConsoleNamespace, namespace)
+}
+
+// getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
+func getLatestMinIOImage(client HTTPClientI) (*string, error) {
+	resp, err := client.Get("https://dl.min.io/server/minio/release/linux-amd64/")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var re = regexp.MustCompile(`(?m)\.\/minio\.(RELEASE.*?Z)"`)
+	// look for a single match
+	matches := re.FindAllStringSubmatch(string(body), 1)
+	for i := range matches {
+		release := matches[i][1]
+		dockerImage := fmt.Sprintf("minio/minio:%s", release)
+		return &dockerImage, nil
+	}
+	return nil, errCantDetermineMinIOImage
+}
+
+var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
+	&HTTPClient{
+		Client: &http.Client{
+			Timeout: 15 * time.Second,
+		},
+	})
+
+// GetMinioImage returns the image URL to be used when deploying a MinIO instance, if there is
+// a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
+// if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
+func GetMinioImage() (*string, error) {
+	image := strings.TrimSpace(env.Get(ConsoleMinioImage, ""))
+	// if there is a preferred image configured by the user we'll always return that
+	if image != "" {
+		return &image, nil
+	}
+	if errLatestMinIOImage != nil {
+		return nil, errLatestMinIOImage
+	}
+	return latestMinIOImage, nil
+}
+
+// GetLatestMinioImage returns the latest image URL on minio repository
+func GetLatestMinioImage(client HTTPClientI) (*string, error) {
+	latestMinIOImage, err := getLatestMinIOImage(client)
+	if err != nil {
+		return nil, err
+	}
+	return latestMinIOImage, nil
+}
+
+// getLatestMCImage returns the latest docker image for MC if found on the internet
+func getLatestMCImage() (*string, error) {
+	// Create an http client with a 4 second timeout
+	client := http.Client{
+		Timeout: 4 * time.Second,
+	}
+	resp, err := client.Get("https://dl.min.io/client/mc/release/linux-amd64/")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var re = regexp.MustCompile(`(?m)\.\/mc\.(RELEASE.*?Z)"`)
+	// look for a single match
+	matches := re.FindAllStringSubmatch(string(body), 1)
+	for i := range matches {
+		release := matches[i][1]
+		dockerImage := fmt.Sprintf("minio/mc:%s", release)
+		return &dockerImage, nil
+	}
+	return nil, errCantDetermineMCImage
+}
+
+var latestMCImage, errLatestMCImage = getLatestMCImage()
+
+func GetMCImage() (*string, error) {
+	image := strings.TrimSpace(env.Get(ConsoleMCImage, ""))
+	// if there is a preferred image configured by the user we'll always return that
+	if image != "" {
+		return &image, nil
+	}
+	if errLatestMCImage != nil {
+		return nil, errLatestMCImage
+	}
+	return latestMCImage, nil
+}

cluster/const.go

@@ -0,0 +1,25 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2019 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+const (
+	ConsoleK8sAPIServer          = "CONSOLE_K8S_API_SERVER"
+	ConsoleK8SAPIServerTLSRootCA = "CONSOLE_K8S_API_SERVER_TLS_ROOT_CA"
+	ConsoleMinioImage            = "CONSOLE_MINIO_IMAGE"
+	ConsoleMCImage               = "CONSOLE_MC_IMAGE"
+	ConsoleNamespace             = "CONSOLE_NAMESPACE"
+)

cluster/http_client.go

@@ -0,0 +1,40 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	"net/http"
+)
+
+// HTTPClientI interface with all functions to be implemented
+// by mock when testing, it should include all HttpClient respective api calls
+// that are used within this project.
+type HTTPClientI interface {
+	Get(url string) (resp *http.Response, err error)
+}
+
+// HTTPClient Interface implementation
+//
+// Define the structure of a http client and define the functions that are actually used
+type HTTPClient struct {
+	Client *http.Client
+}
+
+// Get implements http.Client.Get()
+func (c *HTTPClient) Get(url string) (resp *http.Response, err error) {
+	return c.Client.Get(url)
+}

cmd/console/main.go

@@ -21,8 +21,9 @@ import (
 	"os"
 	"path/filepath"
 	"sort"
+	"time"
 
-	"github.com/minio/mcs/pkg"
+	"github.com/minio/console/pkg"
 
 	"github.com/minio/minio/pkg/console"
 	"github.com/minio/minio/pkg/trie"
@@ -31,8 +32,8 @@ import (
 	"github.com/minio/cli"
 )
 
-// Help template for mcs.
-var mcsHelpTemplate = `NAME:
+// Help template for Console.
+var consoleHelpTemplate = `NAME:
   {{.Name}} - {{.Usage}}
 
 DESCRIPTION:
@@ -56,10 +57,10 @@ var appCmds = []cli.Command{
 }
 
 func newApp(name string) *cli.App {
-	// Collection of mcs commands currently supported are.
+	// Collection of console commands currently supported are.
 	var commands []cli.Command
 
-	// Collection of mcs commands currently supported in a trie tree.
+	// Collection of console commands currently supported in a trie tree.
 	commandsTree := trie.NewTrie()
 
 	// registerCommand registers a cli command.
@@ -103,15 +104,17 @@ func newApp(name string) *cli.App {
 
 	app := cli.NewApp()
 	app.Name = name
-	app.Version = pkg.Version
+	app.Version = pkg.Version + " - " + pkg.ShortCommitID
 	app.Author = "MinIO, Inc."
-	app.Usage = "mcs"
+	app.Usage = "MinIO Console Server"
 	app.Description = `MinIO Console Server`
+	app.Copyright = "(c) 2020 MinIO, Inc."
+	app.Compiled, _ = time.Parse(time.RFC3339, pkg.ReleaseTime)
 	app.Commands = commands
 	app.HideHelpCommand = true // Hide `help, h` command, we already have `minio --help`.
-	app.CustomAppHelpTemplate = mcsHelpTemplate
+	app.CustomAppHelpTemplate = consoleHelpTemplate
 	app.CommandNotFound = func(ctx *cli.Context, command string) {
-		console.Printf("‘%s’ is not a mcs sub-command. See ‘mcs --help’.\n", command)
+		console.Printf("‘%s’ is not a console sub-command. See ‘console --help’.\n", command)
 		closestCommands := findClosestCommands(command)
 		if len(closestCommands) > 0 {
 			console.Println()

cmd/console/server.go

@@ -24,15 +24,15 @@ import (
 	"github.com/go-openapi/loads"
 	"github.com/jessevdk/go-flags"
 	"github.com/minio/cli"
-	"github.com/minio/mcs/restapi"
-	"github.com/minio/mcs/restapi/operations"
+	"github.com/minio/console/restapi"
+	"github.com/minio/console/restapi/operations"
 )
 
 // starts the server
 var serverCmd = cli.Command{
 	Name:    "server",
 	Aliases: []string{"srv"},
-	Usage:   "starts mcs server",
+	Usage:   "starts Console server",
 	Action:  startServer,
 	Flags: []cli.Flag{
 		cli.StringFlag{
@@ -47,12 +47,12 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
+			Value: restapi.GetTLSHostname(),
 			Usage: "HTTPS server hostname",
 		},
 		cli.IntFlag{
 			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
+			Value: restapi.GetTLSPort(),
 			Usage: "HTTPS server port",
 		},
 		cli.StringFlag{
@@ -75,7 +75,7 @@ func startServer(ctx *cli.Context) error {
 		log.Fatalln(err)
 	}
 
-	api := operations.NewMcsAPI(swaggerSpec)
+	api := operations.NewConsoleAPI(swaggerSpec)
 	server := restapi.NewServer(api)
 	defer server.Shutdown()
 
@@ -112,7 +112,7 @@ func startServer(ctx *cli.Context) error {
 	if tlsCertificatePath != "" && tlsCertificateKeyPath != "" {
 		server.TLSCertificate = flags.Filename(tlsCertificatePath)
 		server.TLSCertificateKey = flags.Filename(tlsCertificateKeyPath)
-		// If TLS certificates are provided enforce the HTTPS schema, meaning mcs will redirect
+		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
 		server.EnabledListeners = []string{"http", "https"}
 		server.TLSPort = ctx.Int("tls-port")

docs/console_operator_mode.md

@@ -0,0 +1,39 @@
+# Running Console in Operator mode
+
+`Console` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
+in the login form, Console will validate it against Kubernetes (list apis) and if valid will generate and return a new Console sessions 
+with encrypted claims (the user Service account token will be inside the JWT in the data field)
+
+# Kubernetes
+
+The provided `JWT token` corresponds to the `Kubernetes service account` that `Console` will use to run tasks on behalf of the
+user, ie: list, create, edit, delete tenants, storage class, etc.
+
+
+# Development
+
+If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
+if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
+
+If you are running console in your local environment and wish to make request to `Kubernetes` you can set `CONSOLE_K8S_API_SERVER`, if
+the environment variable is not present by default `Console` will use `"http://localhost:8001"`, additionally you will need to set the
+`CONSOLE_OPERATOR_MODE=on` variable to make Console display the Operator UI.
+
+NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
+more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
+you can override this using `CONSOLE_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
+
+## Extract the Service account token and use it with Console
+
+For local development you can use the jwt associated to the `console-sa` service account, you can get the token running
+the following command in your terminal:
+
+```
+kubectl get secret $(kubectl get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
+```
+
+Then run the Console server
+
+```
+CONSOLE_OPERATOR_MODE=on ./console server
+```

go.mod

@@ -1,30 +1,34 @@
-module github.com/minio/mcs
+module github.com/minio/console
 
-go 1.14
+go 1.13
 
 require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/elazarl/go-bindata-assetfs v1.0.0
-	github.com/go-openapi/errors v0.19.4
+	github.com/go-openapi/errors v0.19.6
 	github.com/go-openapi/loads v0.19.5
-	github.com/go-openapi/runtime v0.19.12
-	github.com/go-openapi/spec v0.19.7
+	github.com/go-openapi/runtime v0.19.19
+	github.com/go-openapi/spec v0.19.8
 	github.com/go-openapi/strfmt v0.19.5
-	github.com/go-openapi/swag v0.19.8
-	github.com/go-openapi/validate v0.19.7
+	github.com/go-openapi/swag v0.19.9
+	github.com/go-openapi/validate v0.19.10
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
-	github.com/json-iterator/go v1.1.9
 	github.com/minio/cli v1.22.0
-	github.com/minio/mc v0.0.0-20200415193718-68b638f2f96c
-	github.com/minio/minio v0.0.0-20200428222040-c3c3e9087bc1
-	github.com/minio/minio-go/v6 v6.0.55-0.20200424204115-7506d2996b22
+	github.com/minio/kes v0.11.0
+	github.com/minio/mc v0.0.0-20200808005614-7e52c104bee1
+	github.com/minio/minio v0.0.0-20200808024306-2a9819aff876
+	github.com/minio/minio-go/v7 v7.0.5-0.20200807085956-d7db33ea7618
+	github.com/minio/operator v0.0.0-20200904194631-b8aa01dc5d70
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/satori/go.uuid v1.2.0
-	github.com/stretchr/testify v1.5.1
+	github.com/secure-io/sio-go v0.3.1
+	github.com/stretchr/testify v1.6.1
 	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
-	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
-	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/net v0.0.0-20200707034311-ab3426394381
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	gopkg.in/yaml.v2 v2.3.0
+	k8s.io/api v0.18.6
+	k8s.io/apimachinery v0.18.6
+	k8s.io/client-go v0.18.6
 )

hack/update-codegen.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/..
+
+go get -d k8s.io/code-generator/...
+
+# Checkout code-generator to compatible version
+#(cd $GOPATH/src/k8s.io/code-generator && git checkout origin/release-1.14 -B release-1.14)
+
+REPOSITORY=github.com/minio/console
+$GOPATH/src/k8s.io/code-generator/generate-groups.sh all \
+  $REPOSITORY/pkg/clientgen $REPOSITORY/pkg/apis networking.gke.io:v1beta2 \
+  --go-header-file $SCRIPT_ROOT/hack/header.go.txt

k8s/boilerplate.go.txt

@@ -0,0 +1,15 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.

k8s/console/base/console-cluster-role-binding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-sa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: console-sa-role
+subjects:
+  - kind: ServiceAccount
+    name: console-sa
+    namespace: default

k8s/console/base/console-cluster-role.yaml

@@ -0,0 +1,77 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: console-sa-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - secrets
+      - pods
+      - services
+      - events
+      - resourcequotas
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - "storage.k8s.io"
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+      - deployments
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+      - "certificatesigningrequests/approval"
+      - "certificatesigningrequests/status"
+    verbs:
+      - update
+      - create
+      - get
+  - apiGroups:
+      - minio.min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+      - min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"

k8s/console/base/console-configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: console-env
+data:
+  CONSOLE_PORT: "9090"
+  CONSOLE_TLS_PORT: "9443"

k8s/console/base/console-deployment.yaml

@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: console
+  template:
+    metadata:
+      labels:
+        app: console
+    spec:
+      serviceAccountName: console-sa
+      containers:
+        - name: console
+          image: minio/console:v0.3.23
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https

k8s/console/base/console-service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-sa
+  namespace: default

k8s/console/base/console-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  labels:
+    name: console
+spec:
+  ports:
+    - port: 9090
+      name: http
+    - port: 9443
+      name: https
+  selector:
+    app: console

k8s/console/base/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+resources:
+  - console-service-account.yaml
+  - console-cluster-role.yaml
+  - console-cluster-role-binding.yaml
+  - console-configmap.yaml
+  - console-service.yaml
+  - console-deployment.yaml
+  - https://github.com/minio/operator/?ref=v3.0.10

k8s/create-kind.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# setup environment variables based on flags to see if we should build the docker containers again
+CONSOLE_DOCKER="true"
+
+# evaluate flags
+# `-m` for console
+
+
+while getopts ":m:" opt; do
+  case $opt in
+    m)
+	  CONSOLE_DOCKER="$OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+    :)
+      echo "Option -$OPTARG requires an argument." >&2
+      exit 1
+      ;;
+  esac
+done
+
+echo "Provisioning Kind"
+kind create cluster  --config kind-cluster.yaml
+echo "Remove Master Taint"
+kubectl taint nodes --all node-role.kubernetes.io/master-
+echo "Install Contour"
+kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
+kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'
+echo "install metrics server"
+kubectl apply -f metrics-dev.yaml
+
+# Whether or not to build the m3 container and load it to kind or just load it
+if [[ $CONSOLE_DOCKER == "true" ]]; then
+	# Build mkube
+  make --directory=".." k8sdev TAG=minio/console:latest
+else
+	kind load docker-image minio/console:latest
+fi
+
+echo "done"

k8s/kind-cluster.yaml

@@ -0,0 +1,22 @@
+# three node (two workers) cluster config
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+    - containerPort: 80
+      hostPort: 8844
+      protocol: TCP
+    - containerPort: 443
+      hostPort: 8843
+      protocol: TCP
+#- role: worker
+#- role: worker
+#- role: worker
+#- role: worker

k8s/metrics-dev.yaml

@@ -0,0 +1,153 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - nodes
+      - nodes/stats
+      - namespaces
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: main-port
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+        # mount in tmp so we can safely use from-scratch images and/or read-only containers
+        - name: tmp-dir
+          emptyDir: {}
+      containers:
+        - name: metrics-server
+          image: k8s.gcr.io/metrics-server-amd64:v0.3.6
+          args:
+            - --cert-dir=/tmp
+            - --secure-port=4443
+            - --kubelet-insecure-tls
+            - --kubelet-preferred-address-types=InternalIP
+          ports:
+            - name: main-port
+              containerPort: 4443
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: tmp-dir
+              mountPath: /tmp
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+        kubernetes.io/arch: "amd64"

k8s/operator-console/base/console-cluster-role-binding.yaml

@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-sa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: console-sa-role
+subjects:
+  - kind: ServiceAccount
+    name: console-sa
+    namespace: default

k8s/operator-console/base/console-cluster-role.yaml

@@ -0,0 +1,97 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: console-sa-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
+  - apiGroups:
+      - "storage.k8s.io"
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+      - deployments
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+      - "certificatesigningrequests/approval"
+      - "certificatesigningrequests/status"
+    verbs:
+      - update
+      - create
+      - get
+  - apiGroups:
+      - minio.min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+      - min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"

k8s/operator-console/base/console-configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: console-env
+data:
+  CONSOLE_PORT: "9090"
+  CONSOLE_TLS_PORT: "9443"

k8s/operator-console/base/console-deployment.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: console
+  template:
+    metadata:
+      labels:
+        app: console
+    spec:
+      serviceAccountName: console-sa
+      containers:
+        - name: console
+          image: minio/console:v0.3.23
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: CONSOLE_OPERATOR_MODE
+              value: "on"
+          args:
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https

k8s/operator-console/base/console-service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-sa
+  namespace: default

k8s/operator-console/base/console-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  labels:
+    name: console
+spec:
+  ports:
+    - port: 9090
+      name: http
+    - port: 9443
+      name: https
+  selector:
+    app: console

k8s/operator-console/base/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+resources:
+  - console-service-account.yaml
+  - console-cluster-role.yaml
+  - console-cluster-role-binding.yaml
+  - console-configmap.yaml
+  - console-service.yaml
+  - console-deployment.yaml
+  - https://github.com/minio/operator/?ref=v3.0.10

k8s/tools.go

@@ -0,0 +1,20 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2019 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// This package imports things required by build scripts, to force `go mod` to see them as dependencies
+package k8s
+
+//import _ "k8s.io/code-generator"

k8s/update-codegen.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
+
+# generate the code with:
+# --output-base    because this script should also be able to run inside the vendor dir of
+#                  k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
+#                  instead of the $GOPATH directly. For normal projects this can be dropped.
+bash "${CODEGEN_PKG}"/generate-groups.sh "all" \
+  github.com/minio/console/pkg/generated \
+  github.com/minio/console/pkg/apis \
+  mkube:v1 \
+  --go-header-file "${SCRIPT_ROOT}"/k8s/boilerplate.go.txt
+
+# To use your own boilerplate text append:
+#   --go-header-file "${SCRIPT_ROOT}"/hack/custom-boilerplate.go.txt

models/add_notification_endpoint.go

@@ -1,147 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
-
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-import (
-	"encoding/json"
-
-	"github.com/go-openapi/errors"
-	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
-)
-
-// AddNotificationEndpoint add notification endpoint
-//
-// swagger:model addNotificationEndpoint
-type AddNotificationEndpoint struct {
-
-	// account
-	Account string `json:"account,omitempty"`
-
-	// properties
-	Properties map[string]string `json:"properties,omitempty"`
-
-	// service
-	// Enum: [webhook amqp kafka mqtt nats nsq mysql postgres elasticsearch redis]
-	Service string `json:"service,omitempty"`
-}
-
-// Validate validates this add notification endpoint
-func (m *AddNotificationEndpoint) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateService(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-var addNotificationEndpointTypeServicePropEnum []interface{}
-
-func init() {
-	var res []string
-	if err := json.Unmarshal([]byte(`["webhook","amqp","kafka","mqtt","nats","nsq","mysql","postgres","elasticsearch","redis"]`), &res); err != nil {
-		panic(err)
-	}
-	for _, v := range res {
-		addNotificationEndpointTypeServicePropEnum = append(addNotificationEndpointTypeServicePropEnum, v)
-	}
-}
-
-const (
-
-	// AddNotificationEndpointServiceWebhook captures enum value "webhook"
-	AddNotificationEndpointServiceWebhook string = "webhook"
-
-	// AddNotificationEndpointServiceAmqp captures enum value "amqp"
-	AddNotificationEndpointServiceAmqp string = "amqp"
-
-	// AddNotificationEndpointServiceKafka captures enum value "kafka"
-	AddNotificationEndpointServiceKafka string = "kafka"
-
-	// AddNotificationEndpointServiceMqtt captures enum value "mqtt"
-	AddNotificationEndpointServiceMqtt string = "mqtt"
-
-	// AddNotificationEndpointServiceNats captures enum value "nats"
-	AddNotificationEndpointServiceNats string = "nats"
-
-	// AddNotificationEndpointServiceNsq captures enum value "nsq"
-	AddNotificationEndpointServiceNsq string = "nsq"
-
-	// AddNotificationEndpointServiceMysql captures enum value "mysql"
-	AddNotificationEndpointServiceMysql string = "mysql"
-
-	// AddNotificationEndpointServicePostgres captures enum value "postgres"
-	AddNotificationEndpointServicePostgres string = "postgres"
-
-	// AddNotificationEndpointServiceElasticsearch captures enum value "elasticsearch"
-	AddNotificationEndpointServiceElasticsearch string = "elasticsearch"
-
-	// AddNotificationEndpointServiceRedis captures enum value "redis"
-	AddNotificationEndpointServiceRedis string = "redis"
-)
-
-// prop value enum
-func (m *AddNotificationEndpoint) validateServiceEnum(path, location string, value string) error {
-	if err := validate.Enum(path, location, value, addNotificationEndpointTypeServicePropEnum); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (m *AddNotificationEndpoint) validateService(formats strfmt.Registry) error {
-
-	if swag.IsZero(m.Service) { // not required
-		return nil
-	}
-
-	// value enum
-	if err := m.validateServiceEnum("service", "body", m.Service); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *AddNotificationEndpoint) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *AddNotificationEndpoint) UnmarshalBinary(b []byte) error {
-	var res AddNotificationEndpoint
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}

models/aws_configuration.go

@@ -0,0 +1,258 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AwsConfiguration aws configuration
+//
+// swagger:model awsConfiguration
+type AwsConfiguration struct {
+
+	// secretsmanager
+	// Required: true
+	Secretsmanager *AwsConfigurationSecretsmanager `json:"secretsmanager"`
+}
+
+// Validate validates this aws configuration
+func (m *AwsConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSecretsmanager(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfiguration) validateSecretsmanager(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager", "body", m.Secretsmanager); err != nil {
+		return err
+	}
+
+	if m.Secretsmanager != nil {
+		if err := m.Secretsmanager.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfiguration) UnmarshalBinary(b []byte) error {
+	var res AwsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanager aws configuration secretsmanager
+//
+// swagger:model AwsConfigurationSecretsmanager
+type AwsConfigurationSecretsmanager struct {
+
+	// credentials
+	// Required: true
+	Credentials *AwsConfigurationSecretsmanagerCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// kmskey
+	Kmskey string `json:"kmskey,omitempty"`
+
+	// region
+	// Required: true
+	Region *string `json:"region"`
+}
+
+// Validate validates this aws configuration secretsmanager
+func (m *AwsConfigurationSecretsmanager) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegion(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateRegion(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"region", "body", m.Region); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanager
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanagerCredentials aws configuration secretsmanager credentials
+//
+// swagger:model AwsConfigurationSecretsmanagerCredentials
+type AwsConfigurationSecretsmanagerCredentials struct {
+
+	// accesskey
+	// Required: true
+	Accesskey *string `json:"accesskey"`
+
+	// secretkey
+	// Required: true
+	Secretkey *string `json:"secretkey"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this aws configuration secretsmanager credentials
+func (m *AwsConfigurationSecretsmanagerCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccesskey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretkey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateAccesskey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"accesskey", "body", m.Accesskey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateSecretkey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"secretkey", "body", m.Secretkey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanagerCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_access.go

@@ -61,7 +61,7 @@ func init() {
 }
 
 func (m BucketAccess) validateBucketAccessEnum(path, location string, value BucketAccess) error {
-	if err := validate.Enum(path, location, value, bucketAccessEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, bucketAccessEnum, true); err != nil {
 		return err
 	}
 	return nil

models/create_tenant_request.go

@@ -0,0 +1,274 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// CreateTenantRequest create tenant request
+//
+// swagger:model createTenantRequest
+type CreateTenantRequest struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// console image
+	ConsoleImage string `json:"console_image,omitempty"`
+
+	// enable console
+	EnableConsole *bool `json:"enable_console,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus *bool `json:"enable_prometheus,omitempty"`
+
+	// enable tls
+	EnableTLS *bool `json:"enable_tls,omitempty"`
+
+	// encryption
+	Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
+
+	// erasure coding parity
+	ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
+
+	// idp
+	Idp *IdpConfiguration `json:"idp,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// image pull secret
+	ImagePullSecret string `json:"image_pull_secret,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+
+	// mounth path
+	MounthPath string `json:"mounth_path,omitempty"`
+
+	// name
+	// Required: true
+	// Pattern: ^[a-z0-9-]{3,63}$
+	Name *string `json:"name"`
+
+	// namespace
+	// Required: true
+	Namespace *string `json:"namespace"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+
+	// service name
+	ServiceName string `json:"service_name,omitempty"`
+
+	// tls
+	TLS *TLSConfiguration `json:"tls,omitempty"`
+
+	// zones
+	// Required: true
+	Zones []*Zone `json:"zones"`
+}
+
+// Validate validates this create tenant request
+func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEncryption(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateIdp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateName(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNamespace(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateZones(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Encryption) { // not required
+		return nil
+	}
+
+	if m.Encryption != nil {
+		if err := m.Encryption.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("encryption")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Idp) { // not required
+		return nil
+	}
+
+	if m.Idp != nil {
+		if err := m.Idp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("idp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
+
+	if err := validate.Required("name", "body", m.Name); err != nil {
+		return err
+	}
+
+	if err := validate.Pattern("name", "body", string(*m.Name), `^[a-z0-9-]{3,63}$`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateNamespace(formats strfmt.Registry) error {
+
+	if err := validate.Required("namespace", "body", m.Namespace); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateZones(formats strfmt.Registry) error {
+
+	if err := validate.Required("zones", "body", m.Zones); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.Zones); i++ {
+		if swag.IsZero(m.Zones[i]) { // not required
+			continue
+		}
+
+		if m.Zones[i] != nil {
+			if err := m.Zones[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("zones" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantRequest) UnmarshalBinary(b []byte) error {
+	var res CreateTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/create_tenant_response.go

@@ -0,0 +1,129 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CreateTenantResponse create tenant response
+//
+// swagger:model createTenantResponse
+type CreateTenantResponse struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// console
+	Console *CreateTenantResponseConsole `json:"console,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this create tenant response
+func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
+	var res CreateTenantResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// CreateTenantResponseConsole create tenant response console
+//
+// swagger:model CreateTenantResponseConsole
+type CreateTenantResponseConsole struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this create tenant response console
+func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
+	var res CreateTenantResponseConsole
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/delete_tenant_request.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DeleteTenantRequest delete tenant request
+//
+// swagger:model deleteTenantRequest
+type DeleteTenantRequest struct {
+
+	// delete pvcs
+	DeletePvcs bool `json:"delete_pvcs,omitempty"`
+}
+
+// Validate validates this delete tenant request
+func (m *DeleteTenantRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DeleteTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DeleteTenantRequest) UnmarshalBinary(b []byte) error {
+	var res DeleteTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/encryption_configuration.go

@@ -0,0 +1,191 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EncryptionConfiguration encryption configuration
+//
+// swagger:model encryptionConfiguration
+type EncryptionConfiguration struct {
+
+	// aws
+	Aws *AwsConfiguration `json:"aws,omitempty"`
+
+	// client
+	Client *KeyPairConfiguration `json:"client,omitempty"`
+
+	// gemalto
+	Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// server
+	Server *KeyPairConfiguration `json:"server,omitempty"`
+
+	// vault
+	Vault *VaultConfiguration `json:"vault,omitempty"`
+}
+
+// Validate validates this encryption configuration
+func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAws(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateClient(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateGemalto(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServer(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVault(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateAws(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Aws) { // not required
+		return nil
+	}
+
+	if m.Aws != nil {
+		if err := m.Aws.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("aws")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Client) { // not required
+		return nil
+	}
+
+	if m.Client != nil {
+		if err := m.Client.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("client")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Gemalto) { // not required
+		return nil
+	}
+
+	if m.Gemalto != nil {
+		if err := m.Gemalto.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("gemalto")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Server) { // not required
+		return nil
+	}
+
+	if m.Server != nil {
+		if err := m.Server.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("server")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateVault(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Vault) { // not required
+		return nil
+	}
+
+	if m.Vault != nil {
+		if err := m.Vault.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("vault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *EncryptionConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
+	var res EncryptionConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/error.go

@@ -35,7 +35,7 @@ import (
 type Error struct {
 
 	// code
-	Code int64 `json:"code,omitempty"`
+	Code int32 `json:"code,omitempty"`
 
 	// message
 	// Required: true

models/gemalto_configuration.go

@@ -0,0 +1,314 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// GemaltoConfiguration gemalto configuration
+//
+// swagger:model gemaltoConfiguration
+type GemaltoConfiguration struct {
+
+	// keysecure
+	// Required: true
+	Keysecure *GemaltoConfigurationKeysecure `json:"keysecure"`
+}
+
+// Validate validates this gemalto configuration
+func (m *GemaltoConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKeysecure(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfiguration) validateKeysecure(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure", "body", m.Keysecure); err != nil {
+		return err
+	}
+
+	if m.Keysecure != nil {
+		if err := m.Keysecure.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfiguration) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecure gemalto configuration keysecure
+//
+// swagger:model GemaltoConfigurationKeysecure
+type GemaltoConfigurationKeysecure struct {
+
+	// credentials
+	// Required: true
+	Credentials *GemaltoConfigurationKeysecureCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// tls
+	TLS *GemaltoConfigurationKeysecureTLS `json:"tls,omitempty"`
+}
+
+// Validate validates this gemalto configuration keysecure
+func (m *GemaltoConfigurationKeysecure) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure" + "." + "tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecure) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecure) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecure
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecureCredentials gemalto configuration keysecure credentials
+//
+// swagger:model GemaltoConfigurationKeysecureCredentials
+type GemaltoConfigurationKeysecureCredentials struct {
+
+	// domain
+	// Required: true
+	Domain *string `json:"domain"`
+
+	// retry
+	Retry int64 `json:"retry,omitempty"`
+
+	// token
+	// Required: true
+	Token *string `json:"token"`
+}
+
+// Validate validates this gemalto configuration keysecure credentials
+func (m *GemaltoConfigurationKeysecureCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDomain(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateToken(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureCredentials) validateDomain(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials"+"."+"domain", "body", m.Domain); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureCredentials) validateToken(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials"+"."+"token", "body", m.Token); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureCredentials) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecureCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecureTLS gemalto configuration keysecure TLS
+//
+// swagger:model GemaltoConfigurationKeysecureTLS
+type GemaltoConfigurationKeysecureTLS struct {
+
+	// ca
+	// Required: true
+	Ca *string `json:"ca"`
+}
+
+// Validate validates this gemalto configuration keysecure TLS
+func (m *GemaltoConfigurationKeysecureTLS) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCa(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureTLS) validateCa(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureTLS) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureTLS) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecureTLS
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/idp_configuration.go

@@ -0,0 +1,299 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// IdpConfiguration idp configuration
+//
+// swagger:model idpConfiguration
+type IdpConfiguration struct {
+
+	// active directory
+	ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
+
+	// oidc
+	Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
+}
+
+// Validate validates this idp configuration
+func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateActiveDirectory(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOidc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ActiveDirectory) { // not required
+		return nil
+	}
+
+	if m.ActiveDirectory != nil {
+		if err := m.ActiveDirectory.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("active_directory")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Oidc) { // not required
+		return nil
+	}
+
+	if m.Oidc != nil {
+		if err := m.Oidc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("oidc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
+	var res IdpConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationActiveDirectory idp configuration active directory
+//
+// swagger:model IdpConfigurationActiveDirectory
+type IdpConfigurationActiveDirectory struct {
+
+	// group name attribute
+	GroupNameAttribute string `json:"group_name_attribute,omitempty"`
+
+	// group search base dn
+	GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
+
+	// group search filter
+	GroupSearchFilter string `json:"group_search_filter,omitempty"`
+
+	// server insecure
+	ServerInsecure bool `json:"server_insecure,omitempty"`
+
+	// skip tls verification
+	SkipTLSVerification bool `json:"skip_tls_verification,omitempty"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+
+	// user search filter
+	// Required: true
+	UserSearchFilter *string `json:"user_search_filter"`
+
+	// username format
+	// Required: true
+	UsernameFormat *string `json:"username_format"`
+}
+
+// Validate validates this idp configuration active directory
+func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUserSearchFilter(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsernameFormat(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUserSearchFilter(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"user_search_filter", "body", m.UserSearchFilter); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUsernameFormat(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"username_format", "body", m.UsernameFormat); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationActiveDirectory
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationOidc idp configuration oidc
+//
+// swagger:model IdpConfigurationOidc
+type IdpConfigurationOidc struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// secret id
+	// Required: true
+	SecretID *string `json:"secret_id"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+}
+
+// Validate validates this idp configuration oidc
+func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"secret_id", "body", m.SecretID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationOidc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationOidc) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationOidc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/image_registry.go

@@ -0,0 +1,115 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ImageRegistry image registry
+//
+// swagger:model imageRegistry
+type ImageRegistry struct {
+
+	// password
+	// Required: true
+	Password *string `json:"password"`
+
+	// registry
+	// Required: true
+	Registry *string `json:"registry"`
+
+	// username
+	// Required: true
+	Username *string `json:"username"`
+}
+
+// Validate validates this image registry
+func (m *ImageRegistry) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePassword(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsername(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ImageRegistry) validatePassword(formats strfmt.Registry) error {
+
+	if err := validate.Required("password", "body", m.Password); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ImageRegistry) validateRegistry(formats strfmt.Registry) error {
+
+	if err := validate.Required("registry", "body", m.Registry); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ImageRegistry) validateUsername(formats strfmt.Registry) error {
+
+	if err := validate.Required("username", "body", m.Username); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ImageRegistry) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ImageRegistry) UnmarshalBinary(b []byte) error {
+	var res ImageRegistry
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/key_pair_configuration.go

@@ -0,0 +1,98 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// KeyPairConfiguration key pair configuration
+//
+// swagger:model keyPairConfiguration
+type KeyPairConfiguration struct {
+
+	// crt
+	// Required: true
+	Crt *string `json:"crt"`
+
+	// key
+	// Required: true
+	Key *string `json:"key"`
+}
+
+// Validate validates this key pair configuration
+func (m *KeyPairConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCrt(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateCrt(formats strfmt.Registry) error {
+
+	if err := validate.Required("crt", "body", m.Crt); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *KeyPairConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *KeyPairConfiguration) UnmarshalBinary(b []byte) error {
+	var res KeyPairConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/list_tenants_response.go

@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ListTenantsResponse list tenants response
+//
+// swagger:model listTenantsResponse
+type ListTenantsResponse struct {
+
+	// list of resulting tenants
+	Tenants []*TenantList `json:"tenants"`
+
+	// number of tenants accessible to tenant user
+	Total int64 `json:"total,omitempty"`
+}
+
+// Validate validates this list tenants response
+func (m *ListTenantsResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateTenants(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListTenantsResponse) validateTenants(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Tenants) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Tenants); i++ {
+		if swag.IsZero(m.Tenants[i]) { // not required
+			continue
+		}
+
+		if m.Tenants[i] != nil {
+			if err := m.Tenants[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tenants" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListTenantsResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListTenantsResponse) UnmarshalBinary(b []byte) error {
+	var res ListTenantsResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/login_details.go

@@ -37,7 +37,7 @@ import (
 type LoginDetails struct {
 
 	// login strategy
-	// Enum: [form redirect]
+	// Enum: [form redirect service-account]
 	LoginStrategy string `json:"loginStrategy,omitempty"`
 
 	// redirect
@@ -62,7 +62,7 @@ var loginDetailsTypeLoginStrategyPropEnum []interface{}
 
 func init() {
 	var res []string
-	if err := json.Unmarshal([]byte(`["form","redirect"]`), &res); err != nil {
+	if err := json.Unmarshal([]byte(`["form","redirect","service-account"]`), &res); err != nil {
 		panic(err)
 	}
 	for _, v := range res {
@@ -77,11 +77,14 @@ const (
 
 	// LoginDetailsLoginStrategyRedirect captures enum value "redirect"
 	LoginDetailsLoginStrategyRedirect string = "redirect"
+
+	// LoginDetailsLoginStrategyServiceAccount captures enum value "service-account"
+	LoginDetailsLoginStrategyServiceAccount string = "service-account"
 )
 
 // prop value enum
 func (m *LoginDetails) validateLoginStrategyEnum(path, location string, value string) error {
-	if err := validate.Enum(path, location, value, loginDetailsTypeLoginStrategyPropEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, loginDetailsTypeLoginStrategyPropEnum, true); err != nil {
 		return err
 	}
 	return nil

models/login_operator_request.go

@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// LoginOperatorRequest login operator request
+//
+// swagger:model loginOperatorRequest
+type LoginOperatorRequest struct {
+
+	// jwt
+	// Required: true
+	Jwt *string `json:"jwt"`
+}
+
+// Validate validates this login operator request
+func (m *LoginOperatorRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateJwt(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *LoginOperatorRequest) validateJwt(formats strfmt.Registry) error {
+
+	if err := validate.Required("jwt", "body", m.Jwt); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *LoginOperatorRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *LoginOperatorRequest) UnmarshalBinary(b []byte) error {
+	var res LoginOperatorRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/max_allocatable_mem_response.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MaxAllocatableMemResponse max allocatable mem response
+//
+// swagger:model maxAllocatableMemResponse
+type MaxAllocatableMemResponse struct {
+
+	// max memory
+	MaxMemory int64 `json:"max_memory,omitempty"`
+}
+
+// Validate validates this max allocatable mem response
+func (m *MaxAllocatableMemResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MaxAllocatableMemResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MaxAllocatableMemResponse) UnmarshalBinary(b []byte) error {
+	var res MaxAllocatableMemResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/node_selector_term.go

@@ -0,0 +1,272 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// NodeSelectorTerm A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+//
+// swagger:model nodeSelectorTerm
+type NodeSelectorTerm struct {
+
+	// A list of node selector requirements by node's labels.
+	MatchExpressions []*NodeSelectorTermMatchExpressionsItems0 `json:"matchExpressions"`
+
+	// A list of node selector requirements by node's fields.
+	MatchFields []*NodeSelectorTermMatchFieldsItems0 `json:"matchFields"`
+}
+
+// Validate validates this node selector term
+func (m *NodeSelectorTerm) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateMatchExpressions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMatchFields(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *NodeSelectorTerm) validateMatchExpressions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.MatchExpressions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.MatchExpressions); i++ {
+		if swag.IsZero(m.MatchExpressions[i]) { // not required
+			continue
+		}
+
+		if m.MatchExpressions[i] != nil {
+			if err := m.MatchExpressions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("matchExpressions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *NodeSelectorTerm) validateMatchFields(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.MatchFields) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.MatchFields); i++ {
+		if swag.IsZero(m.MatchFields[i]) { // not required
+			continue
+		}
+
+		if m.MatchFields[i] != nil {
+			if err := m.MatchFields[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("matchFields" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *NodeSelectorTerm) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *NodeSelectorTerm) UnmarshalBinary(b []byte) error {
+	var res NodeSelectorTerm
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// NodeSelectorTermMatchExpressionsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+//
+// swagger:model NodeSelectorTermMatchExpressionsItems0
+type NodeSelectorTermMatchExpressionsItems0 struct {
+
+	// The label key that the selector applies to.
+	// Required: true
+	Key *string `json:"key"`
+
+	// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+	// Required: true
+	Operator *string `json:"operator"`
+
+	// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+	Values []string `json:"values"`
+}
+
+// Validate validates this node selector term match expressions items0
+func (m *NodeSelectorTermMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOperator(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *NodeSelectorTermMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *NodeSelectorTermMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
+
+	if err := validate.Required("operator", "body", m.Operator); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *NodeSelectorTermMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *NodeSelectorTermMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
+	var res NodeSelectorTermMatchExpressionsItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// NodeSelectorTermMatchFieldsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+//
+// swagger:model NodeSelectorTermMatchFieldsItems0
+type NodeSelectorTermMatchFieldsItems0 struct {
+
+	// The label key that the selector applies to.
+	// Required: true
+	Key *string `json:"key"`
+
+	// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+	// Required: true
+	Operator *string `json:"operator"`
+
+	// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
+	Values []string `json:"values"`
+}
+
+// Validate validates this node selector term match fields items0
+func (m *NodeSelectorTermMatchFieldsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOperator(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *NodeSelectorTermMatchFieldsItems0) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *NodeSelectorTermMatchFieldsItems0) validateOperator(formats strfmt.Registry) error {
+
+	if err := validate.Required("operator", "body", m.Operator); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *NodeSelectorTermMatchFieldsItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *NodeSelectorTermMatchFieldsItems0) UnmarshalBinary(b []byte) error {
+	var res NodeSelectorTermMatchFieldsItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/nofitication_service.go

@@ -82,7 +82,7 @@ func init() {
 }
 
 func (m NofiticationService) validateNofiticationServiceEnum(path, location string, value NofiticationService) error {
-	if err := validate.Enum(path, location, value, nofiticationServiceEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, nofiticationServiceEnum, true); err != nil {
 		return err
 	}
 	return nil

models/notification_event_type.go

@@ -61,7 +61,7 @@ func init() {
 }
 
 func (m NotificationEventType) validateNotificationEventTypeEnum(path, location string, value NotificationEventType) error {
-	if err := validate.Enum(path, location, value, notificationEventTypeEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, notificationEventTypeEnum, true); err != nil {
 		return err
 	}
 	return nil

models/pod_affinity_term.go

@@ -0,0 +1,251 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// PodAffinityTerm Required. A pod affinity term, associated with the corresponding weight.
+//
+// swagger:model podAffinityTerm
+type PodAffinityTerm struct {
+
+	// label selector
+	LabelSelector *PodAffinityTermLabelSelector `json:"labelSelector,omitempty"`
+
+	// namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace"
+	Namespaces []string `json:"namespaces"`
+
+	// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
+	// Required: true
+	TopologyKey *string `json:"topologyKey"`
+}
+
+// Validate validates this pod affinity term
+func (m *PodAffinityTerm) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateLabelSelector(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTopologyKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PodAffinityTerm) validateLabelSelector(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.LabelSelector) { // not required
+		return nil
+	}
+
+	if m.LabelSelector != nil {
+		if err := m.LabelSelector.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("labelSelector")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *PodAffinityTerm) validateTopologyKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("topologyKey", "body", m.TopologyKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PodAffinityTerm) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PodAffinityTerm) UnmarshalBinary(b []byte) error {
+	var res PodAffinityTerm
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// PodAffinityTermLabelSelector A label query over a set of resources, in this case pods.
+//
+// swagger:model PodAffinityTermLabelSelector
+type PodAffinityTermLabelSelector struct {
+
+	// matchExpressions is a list of label selector requirements. The requirements are ANDed.
+	MatchExpressions []*PodAffinityTermLabelSelectorMatchExpressionsItems0 `json:"matchExpressions"`
+
+	// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+	MatchLabels map[string]string `json:"matchLabels,omitempty"`
+}
+
+// Validate validates this pod affinity term label selector
+func (m *PodAffinityTermLabelSelector) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateMatchExpressions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PodAffinityTermLabelSelector) validateMatchExpressions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.MatchExpressions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.MatchExpressions); i++ {
+		if swag.IsZero(m.MatchExpressions[i]) { // not required
+			continue
+		}
+
+		if m.MatchExpressions[i] != nil {
+			if err := m.MatchExpressions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labelSelector" + "." + "matchExpressions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PodAffinityTermLabelSelector) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PodAffinityTermLabelSelector) UnmarshalBinary(b []byte) error {
+	var res PodAffinityTermLabelSelector
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// PodAffinityTermLabelSelectorMatchExpressionsItems0 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+//
+// swagger:model PodAffinityTermLabelSelectorMatchExpressionsItems0
+type PodAffinityTermLabelSelectorMatchExpressionsItems0 struct {
+
+	// key is the label key that the selector applies to.
+	// Required: true
+	Key *string `json:"key"`
+
+	// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+	// Required: true
+	Operator *string `json:"operator"`
+
+	// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+	Values []string `json:"values"`
+}
+
+// Validate validates this pod affinity term label selector match expressions items0
+func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOperator(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
+
+	if err := validate.Required("operator", "body", m.Operator); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
+	var res PodAffinityTermLabelSelectorMatchExpressionsItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/policy_entity.go

@@ -58,7 +58,7 @@ func init() {
 }
 
 func (m PolicyEntity) validatePolicyEntityEnum(path, location string, value PolicyEntity) error {
-	if err := validate.Enum(path, location, value, policyEntityEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, policyEntityEnum, true); err != nil {
 		return err
 	}
 	return nil

models/principal.go

@@ -24,14 +24,46 @@ package models
 
 import (
 	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
 )
 
 // Principal principal
 //
 // swagger:model principal
-type Principal string
+type Principal struct {
+
+	// access key ID
+	AccessKeyID string `json:"accessKeyID,omitempty"`
+
+	// actions
+	Actions []string `json:"actions"`
+
+	// secret access key
+	SecretAccessKey string `json:"secretAccessKey,omitempty"`
+
+	// session token
+	SessionToken string `json:"sessionToken,omitempty"`
+}
 
 // Validate validates this principal
-func (m Principal) Validate(formats strfmt.Registry) error {
+func (m *Principal) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Principal) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Principal) UnmarshalBinary(b []byte) error {
+	var res Principal
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
 	return nil
 }

models/profiler_type.go

@@ -73,7 +73,7 @@ func init() {
 }
 
 func (m ProfilerType) validateProfilerTypeEnum(path, location string, value ProfilerType) error {
-	if err := validate.Enum(path, location, value, profilerTypeEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, profilerTypeEnum, true); err != nil {
 		return err
 	}
 	return nil

models/resource_quota.go

@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ResourceQuota resource quota
+//
+// swagger:model resourceQuota
+type ResourceQuota struct {
+
+	// elements
+	Elements []*ResourceQuotaElement `json:"elements"`
+
+	// name
+	Name string `json:"name,omitempty"`
+}
+
+// Validate validates this resource quota
+func (m *ResourceQuota) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateElements(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ResourceQuota) validateElements(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Elements) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Elements); i++ {
+		if swag.IsZero(m.Elements[i]) { // not required
+			continue
+		}
+
+		if m.Elements[i] != nil {
+			if err := m.Elements[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("elements" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ResourceQuota) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ResourceQuota) UnmarshalBinary(b []byte) error {
+	var res ResourceQuota
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/resource_quota_element.go

@@ -27,34 +27,28 @@ import (
 	"github.com/go-openapi/swag"
 )
 
-// PolicyStatement policy statement
+// ResourceQuotaElement resource quota element
 //
-// swagger:model policyStatement
-type PolicyStatement struct {
+// swagger:model resourceQuotaElement
+type ResourceQuotaElement struct {
 
-	// action
-	Action []string `json:"Action"`
+	// hard
+	Hard int64 `json:"hard,omitempty"`
 
-	// condition
-	Condition string `json:"Condition,omitempty"`
+	// name
+	Name string `json:"name,omitempty"`
 
-	// effect
-	Effect string `json:"Effect,omitempty"`
-
-	// resource
-	Resource string `json:"Resource,omitempty"`
-
-	// sid
-	Sid string `json:"Sid,omitempty"`
+	// used
+	Used int64 `json:"used,omitempty"`
 }
 
-// Validate validates this policy statement
-func (m *PolicyStatement) Validate(formats strfmt.Registry) error {
+// Validate validates this resource quota element
+func (m *ResourceQuotaElement) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
 // MarshalBinary interface implementation
-func (m *PolicyStatement) MarshalBinary() ([]byte, error) {
+func (m *ResourceQuotaElement) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@@ -62,8 +56,8 @@ func (m *PolicyStatement) MarshalBinary() ([]byte, error) {
 }
 
 // UnmarshalBinary interface implementation
-func (m *PolicyStatement) UnmarshalBinary(b []byte) error {
-	var res PolicyStatement
+func (m *ResourceQuotaElement) UnmarshalBinary(b []byte) error {
+	var res ResourceQuotaElement
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}

models/service_account_request.go

@@ -27,22 +27,22 @@ import (
 	"github.com/go-openapi/swag"
 )
 
-// ServiceAccount service account
+// ServiceAccountRequest service account request
 //
-// swagger:model serviceAccount
-type ServiceAccount struct {
+// swagger:model serviceAccountRequest
+type ServiceAccountRequest struct {
 
 	// policy to be applied to the Service Account if any
 	Policy string `json:"policy,omitempty"`
 }
 
-// Validate validates this service account
-func (m *ServiceAccount) Validate(formats strfmt.Registry) error {
+// Validate validates this service account request
+func (m *ServiceAccountRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
 // MarshalBinary interface implementation
-func (m *ServiceAccount) MarshalBinary() ([]byte, error) {
+func (m *ServiceAccountRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@@ -50,8 +50,8 @@ func (m *ServiceAccount) MarshalBinary() ([]byte, error) {
 }
 
 // UnmarshalBinary interface implementation
-func (m *ServiceAccount) UnmarshalBinary(b []byte) error {
-	var res ServiceAccount
+func (m *ServiceAccountRequest) UnmarshalBinary(b []byte) error {
+	var res ServiceAccountRequest
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}

models/service_accounts.go

@@ -0,0 +1,37 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+)
+
+// ServiceAccounts service accounts
+//
+// swagger:model serviceAccounts
+type ServiceAccounts []string
+
+// Validate validates this service accounts
+func (m ServiceAccounts) Validate(formats strfmt.Registry) error {
+	return nil
+}

models/session_response.go

@@ -36,6 +36,9 @@ import (
 // swagger:model sessionResponse
 type SessionResponse struct {
 
+	// pages
+	Pages []string `json:"pages"`
+
 	// status
 	// Enum: [ok]
 	Status string `json:"status,omitempty"`
@@ -75,7 +78,7 @@ const (
 
 // prop value enum
 func (m *SessionResponse) validateStatusEnum(path, location string, value string) error {
-	if err := validate.Enum(path, location, value, sessionResponseTypeStatusPropEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, sessionResponseTypeStatusPropEnum, true); err != nil {
 		return err
 	}
 	return nil

models/tenant.go

@@ -0,0 +1,124 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Tenant tenant
+//
+// swagger:model tenant
+type Tenant struct {
+
+	// console image
+	ConsoleImage string `json:"console_image,omitempty"`
+
+	// creation date
+	CreationDate string `json:"creation_date,omitempty"`
+
+	// current state
+	CurrentState string `json:"currentState,omitempty"`
+
+	// deletion date
+	DeletionDate string `json:"deletion_date,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// total size
+	TotalSize int64 `json:"total_size,omitempty"`
+
+	// zones
+	Zones []*Zone `json:"zones"`
+}
+
+// Validate validates this tenant
+func (m *Tenant) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateZones(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Tenant) validateZones(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Zones) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Zones); i++ {
+		if swag.IsZero(m.Zones[i]) { // not required
+			continue
+		}
+
+		if m.Zones[i] != nil {
+			if err := m.Zones[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("zones" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Tenant) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Tenant) UnmarshalBinary(b []byte) error {
+	var res Tenant
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant_list.go

@@ -0,0 +1,84 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TenantList tenant list
+//
+// swagger:model tenantList
+type TenantList struct {
+
+	// creation date
+	CreationDate string `json:"creation_date,omitempty"`
+
+	// current state
+	CurrentState string `json:"currentState,omitempty"`
+
+	// deletion date
+	DeletionDate string `json:"deletion_date,omitempty"`
+
+	// instance count
+	InstanceCount int64 `json:"instance_count,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// total size
+	TotalSize int64 `json:"total_size,omitempty"`
+
+	// volume count
+	VolumeCount int64 `json:"volume_count,omitempty"`
+
+	// zone count
+	ZoneCount int64 `json:"zone_count,omitempty"`
+}
+
+// Validate validates this tenant list
+func (m *TenantList) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantList) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantList) UnmarshalBinary(b []byte) error {
+	var res TenantList
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant_usage.go

@@ -23,40 +23,41 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
-	"strconv"
-
-	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
 
-// PolicyStatements policy statements
+// TenantUsage tenant usage
 //
-// swagger:model policyStatements
-type PolicyStatements []*PolicyStatement
+// swagger:model tenantUsage
+type TenantUsage struct {
 
-// Validate validates this policy statements
-func (m PolicyStatements) Validate(formats strfmt.Registry) error {
-	var res []error
+	// disk used
+	DiskUsed int64 `json:"disk_used,omitempty"`
 
-	for i := 0; i < len(m); i++ {
-		if swag.IsZero(m[i]) { // not required
-			continue
-		}
+	// used
+	Used int64 `json:"used,omitempty"`
+}
 
-		if m[i] != nil {
-			if err := m[i].Validate(formats); err != nil {
-				if ve, ok := err.(*errors.Validation); ok {
-					return ve.ValidateName(strconv.Itoa(i))
-				}
-				return err
-			}
-		}
-
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
+// Validate validates this tenant usage
+func (m *TenantUsage) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantUsage) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantUsage) UnmarshalBinary(b []byte) error {
+	var res TenantUsage
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
 	return nil
 }

models/tls_configuration.go

@@ -0,0 +1,113 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TLSConfiguration tls configuration
+//
+// swagger:model tlsConfiguration
+type TLSConfiguration struct {
+
+	// console
+	Console *KeyPairConfiguration `json:"console,omitempty"`
+
+	// minio
+	Minio *KeyPairConfiguration `json:"minio,omitempty"`
+}
+
+// Validate validates this tls configuration
+func (m *TLSConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMinio(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TLSConfiguration) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *TLSConfiguration) validateMinio(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Minio) { // not required
+		return nil
+	}
+
+	if m.Minio != nil {
+		if err := m.Minio.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("minio")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TLSConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TLSConfiguration) UnmarshalBinary(b []byte) error {
+	var res TLSConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/update_tenant_request.go

@@ -0,0 +1,137 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// UpdateTenantRequest update tenant request
+//
+// swagger:model updateTenantRequest
+type UpdateTenantRequest struct {
+
+	// console image
+	// Pattern: ^((.*?)/(.*?):(.+))$
+	ConsoleImage string `json:"console_image,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
+
+	// image
+	// Pattern: ^((.*?)/(.*?):(.+))$
+	Image string `json:"image,omitempty"`
+
+	// image pull secret
+	ImagePullSecret string `json:"image_pull_secret,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+}
+
+// Validate validates this update tenant request
+func (m *UpdateTenantRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsoleImage(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImage(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UpdateTenantRequest) validateConsoleImage(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ConsoleImage) { // not required
+		return nil
+	}
+
+	if err := validate.Pattern("console_image", "body", string(m.ConsoleImage), `^((.*?)/(.*?):(.+))$`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Image) { // not required
+		return nil
+	}
+
+	if err := validate.Pattern("image", "body", string(m.Image), `^((.*?)/(.*?):(.+))$`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *UpdateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UpdateTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UpdateTenantRequest) UnmarshalBinary(b []byte) error {
+	var res UpdateTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/vault_configuration.go

@@ -0,0 +1,310 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// VaultConfiguration vault configuration
+//
+// swagger:model vaultConfiguration
+type VaultConfiguration struct {
+
+	// approle
+	// Required: true
+	Approle *VaultConfigurationApprole `json:"approle"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// engine
+	Engine string `json:"engine,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// status
+	Status *VaultConfigurationStatus `json:"status,omitempty"`
+
+	// tls
+	TLS *VaultConfigurationTLS `json:"tls,omitempty"`
+}
+
+// Validate validates this vault configuration
+func (m *VaultConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateApprole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *VaultConfiguration) validateApprole(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle", "body", m.Approle); err != nil {
+		return err
+	}
+
+	if m.Approle != nil {
+		if err := m.Approle.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("approle")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	if m.Status != nil {
+		if err := m.Status.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("status")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfiguration) UnmarshalBinary(b []byte) error {
+	var res VaultConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationApprole vault configuration approle
+//
+// swagger:model VaultConfigurationApprole
+type VaultConfigurationApprole struct {
+
+	// engine
+	Engine string `json:"engine,omitempty"`
+
+	// id
+	// Required: true
+	ID *string `json:"id"`
+
+	// retry
+	Retry int64 `json:"retry,omitempty"`
+
+	// secret
+	// Required: true
+	Secret *string `json:"secret"`
+}
+
+// Validate validates this vault configuration approle
+func (m *VaultConfigurationApprole) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *VaultConfigurationApprole) validateID(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle"+"."+"id", "body", m.ID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *VaultConfigurationApprole) validateSecret(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle"+"."+"secret", "body", m.Secret); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationApprole) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationApprole) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationApprole
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationStatus vault configuration status
+//
+// swagger:model VaultConfigurationStatus
+type VaultConfigurationStatus struct {
+
+	// ping
+	Ping int64 `json:"ping,omitempty"`
+}
+
+// Validate validates this vault configuration status
+func (m *VaultConfigurationStatus) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationStatus) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationStatus
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationTLS vault configuration TLS
+//
+// swagger:model VaultConfigurationTLS
+type VaultConfigurationTLS struct {
+
+	// ca
+	Ca string `json:"ca,omitempty"`
+
+	// crt
+	Crt string `json:"crt,omitempty"`
+
+	// key
+	Key string `json:"key,omitempty"`
+}
+
+// Validate validates this vault configuration TLS
+func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationTLS
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone.go

@@ -0,0 +1,260 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// Zone zone
+//
+// swagger:model zone
+type Zone struct {
+
+	// affinity
+	Affinity *ZoneAffinity `json:"affinity,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+	NodeSelector map[string]string `json:"node_selector,omitempty"`
+
+	// resources
+	Resources *ZoneResources `json:"resources,omitempty"`
+
+	// servers
+	// Required: true
+	Servers *int64 `json:"servers"`
+
+	// tolerations
+	Tolerations ZoneTolerations `json:"tolerations,omitempty"`
+
+	// volume configuration
+	// Required: true
+	VolumeConfiguration *ZoneVolumeConfiguration `json:"volume_configuration"`
+
+	// volumes per server
+	// Required: true
+	VolumesPerServer *int32 `json:"volumes_per_server"`
+}
+
+// Validate validates this zone
+func (m *Zone) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAffinity(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateResources(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServers(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTolerations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVolumeConfiguration(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVolumesPerServer(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Zone) validateAffinity(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Affinity) { // not required
+		return nil
+	}
+
+	if m.Affinity != nil {
+		if err := m.Affinity.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("affinity")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Zone) validateResources(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Resources) { // not required
+		return nil
+	}
+
+	if m.Resources != nil {
+		if err := m.Resources.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("resources")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Zone) validateServers(formats strfmt.Registry) error {
+
+	if err := validate.Required("servers", "body", m.Servers); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *Zone) validateTolerations(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Tolerations) { // not required
+		return nil
+	}
+
+	if err := m.Tolerations.Validate(formats); err != nil {
+		if ve, ok := err.(*errors.Validation); ok {
+			return ve.ValidateName("tolerations")
+		}
+		return err
+	}
+
+	return nil
+}
+
+func (m *Zone) validateVolumeConfiguration(formats strfmt.Registry) error {
+
+	if err := validate.Required("volume_configuration", "body", m.VolumeConfiguration); err != nil {
+		return err
+	}
+
+	if m.VolumeConfiguration != nil {
+		if err := m.VolumeConfiguration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("volume_configuration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Zone) validateVolumesPerServer(formats strfmt.Registry) error {
+
+	if err := validate.Required("volumes_per_server", "body", m.VolumesPerServer); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Zone) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Zone) UnmarshalBinary(b []byte) error {
+	var res Zone
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneVolumeConfiguration zone volume configuration
+//
+// swagger:model ZoneVolumeConfiguration
+type ZoneVolumeConfiguration struct {
+
+	// labels
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// size
+	// Required: true
+	Size *int64 `json:"size"`
+
+	// storage class name
+	StorageClassName string `json:"storage_class_name,omitempty"`
+}
+
+// Validate validates this zone volume configuration
+func (m *ZoneVolumeConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSize(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneVolumeConfiguration) validateSize(formats strfmt.Registry) error {
+
+	if err := validate.Required("volume_configuration"+"."+"size", "body", m.Size); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneVolumeConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneVolumeConfiguration) UnmarshalBinary(b []byte) error {
+	var res ZoneVolumeConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_affinity.go

@@ -0,0 +1,726 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneAffinity If specified, affinity will define the pod's scheduling constraints
+//
+// swagger:model zoneAffinity
+type ZoneAffinity struct {
+
+	// node affinity
+	NodeAffinity *ZoneAffinityNodeAffinity `json:"nodeAffinity,omitempty"`
+
+	// pod affinity
+	PodAffinity *ZoneAffinityPodAffinity `json:"podAffinity,omitempty"`
+
+	// pod anti affinity
+	PodAntiAffinity *ZoneAffinityPodAntiAffinity `json:"podAntiAffinity,omitempty"`
+}
+
+// Validate validates this zone affinity
+func (m *ZoneAffinity) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateNodeAffinity(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePodAffinity(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePodAntiAffinity(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinity) validateNodeAffinity(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.NodeAffinity) { // not required
+		return nil
+	}
+
+	if m.NodeAffinity != nil {
+		if err := m.NodeAffinity.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("nodeAffinity")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinity) validatePodAffinity(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PodAffinity) { // not required
+		return nil
+	}
+
+	if m.PodAffinity != nil {
+		if err := m.PodAffinity.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("podAffinity")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinity) validatePodAntiAffinity(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PodAntiAffinity) { // not required
+		return nil
+	}
+
+	if m.PodAntiAffinity != nil {
+		if err := m.PodAntiAffinity.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("podAntiAffinity")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinity) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinity) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinity
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityNodeAffinity Describes node affinity scheduling rules for the pod.
+//
+// swagger:model ZoneAffinityNodeAffinity
+type ZoneAffinityNodeAffinity struct {
+
+	// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
+	PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
+
+	// required during scheduling ignored during execution
+	RequiredDuringSchedulingIgnoredDuringExecution *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution `json:"requiredDuringSchedulingIgnoredDuringExecution,omitempty"`
+}
+
+// Validate validates this zone affinity node affinity
+func (m *ZoneAffinityNodeAffinity) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityNodeAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
+		if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
+			continue
+		}
+
+		if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
+			if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityNodeAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	if m.RequiredDuringSchedulingIgnoredDuringExecution != nil {
+		if err := m.RequiredDuringSchedulingIgnoredDuringExecution.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinity) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinity) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityNodeAffinity
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+//
+// swagger:model ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+type ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
+
+	// A node selector term, associated with the corresponding weight.
+	// Required: true
+	Preference *NodeSelectorTerm `json:"preference"`
+
+	// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+	// Required: true
+	Weight *int32 `json:"weight"`
+}
+
+// Validate validates this zone affinity node affinity preferred during scheduling ignored during execution items0
+func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePreference(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateWeight(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePreference(formats strfmt.Registry) error {
+
+	if err := validate.Required("preference", "body", m.Preference); err != nil {
+		return err
+	}
+
+	if m.Preference != nil {
+		if err := m.Preference.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("preference")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
+
+	if err := validate.Required("weight", "body", m.Weight); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
+//
+// swagger:model ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
+type ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution struct {
+
+	// Required. A list of node selector terms. The terms are ORed.
+	// Required: true
+	NodeSelectorTerms []*NodeSelectorTerm `json:"nodeSelectorTerms"`
+}
+
+// Validate validates this zone affinity node affinity required during scheduling ignored during execution
+func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateNodeSelectorTerms(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) validateNodeSelectorTerms(formats strfmt.Registry) error {
+
+	if err := validate.Required("nodeAffinity"+"."+"requiredDuringSchedulingIgnoredDuringExecution"+"."+"nodeSelectorTerms", "body", m.NodeSelectorTerms); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.NodeSelectorTerms); i++ {
+		if swag.IsZero(m.NodeSelectorTerms[i]) { // not required
+			continue
+		}
+
+		if m.NodeSelectorTerms[i] != nil {
+			if err := m.NodeSelectorTerms[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + "nodeSelectorTerms" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityPodAffinity Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+//
+// swagger:model ZoneAffinityPodAffinity
+type ZoneAffinityPodAffinity struct {
+
+	// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+	PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
+
+	// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+	RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
+}
+
+// Validate validates this zone affinity pod affinity
+func (m *ZoneAffinityPodAffinity) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityPodAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
+		if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
+			continue
+		}
+
+		if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
+			if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("podAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityPodAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
+		if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
+			continue
+		}
+
+		if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
+			if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("podAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityPodAffinity) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityPodAffinity) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityPodAffinity
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+//
+// swagger:model ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+type ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
+
+	// pod affinity term
+	// Required: true
+	PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
+
+	// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+	// Required: true
+	Weight *int32 `json:"weight"`
+}
+
+// Validate validates this zone affinity pod affinity preferred during scheduling ignored during execution items0
+func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePodAffinityTerm(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateWeight(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
+
+	if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
+		return err
+	}
+
+	if m.PodAffinityTerm != nil {
+		if err := m.PodAffinityTerm.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("podAffinityTerm")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
+
+	if err := validate.Required("weight", "body", m.Weight); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityPodAntiAffinity Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+//
+// swagger:model ZoneAffinityPodAntiAffinity
+type ZoneAffinityPodAntiAffinity struct {
+
+	// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
+	PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
+
+	// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
+	RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
+}
+
+// Validate validates this zone affinity pod anti affinity
+func (m *ZoneAffinityPodAntiAffinity) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityPodAntiAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
+		if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
+			continue
+		}
+
+		if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
+			if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("podAntiAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityPodAntiAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
+		if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
+			continue
+		}
+
+		if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
+			if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("podAntiAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityPodAntiAffinity) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityPodAntiAffinity) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityPodAntiAffinity
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+//
+// swagger:model ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+type ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
+
+	// pod affinity term
+	// Required: true
+	PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
+
+	// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
+	// Required: true
+	Weight *int32 `json:"weight"`
+}
+
+// Validate validates this zone affinity pod anti affinity preferred during scheduling ignored during execution items0
+func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePodAffinityTerm(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateWeight(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
+
+	if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
+		return err
+	}
+
+	if m.PodAffinityTerm != nil {
+		if err := m.PodAffinityTerm.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("podAffinityTerm")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
+
+	if err := validate.Required("weight", "body", m.Weight); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
+	var res ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_resources.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ZoneResources If provided, use these requests and limit for cpu/memory resource allocation
+//
+// swagger:model zoneResources
+type ZoneResources struct {
+
+	// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+	Limits map[string]int64 `json:"limits,omitempty"`
+
+	// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+	Requests map[string]int64 `json:"requests,omitempty"`
+}
+
+// Validate validates this zone resources
+func (m *ZoneResources) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneResources) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneResources) UnmarshalBinary(b []byte) error {
+	var res ZoneResources
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_toleration_seconds.go

@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneTolerationSeconds TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+//
+// swagger:model zoneTolerationSeconds
+type ZoneTolerationSeconds struct {
+
+	// seconds
+	// Required: true
+	Seconds *int64 `json:"seconds"`
+}
+
+// Validate validates this zone toleration seconds
+func (m *ZoneTolerationSeconds) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationSeconds) validateSeconds(formats strfmt.Registry) error {
+
+	if err := validate.Required("seconds", "body", m.Seconds); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) UnmarshalBinary(b []byte) error {
+	var res ZoneTolerationSeconds
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_tolerations.go

@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ZoneTolerations Tolerations allows users to set entries like effect, key, operator, value.
+//
+// swagger:model zoneTolerations
+type ZoneTolerations []*ZoneTolerationsItems0
+
+// Validate validates this zone tolerations
+func (m ZoneTolerations) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	for i := 0; i < len(m); i++ {
+		if swag.IsZero(m[i]) { // not required
+			continue
+		}
+
+		if m[i] != nil {
+			if err := m[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName(strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// ZoneTolerationsItems0 The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
+//
+// swagger:model ZoneTolerationsItems0
+type ZoneTolerationsItems0 struct {
+
+	// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+	Effect string `json:"effect,omitempty"`
+
+	// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+	Key string `json:"key,omitempty"`
+
+	// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
+	Operator string `json:"operator,omitempty"`
+
+	// toleration seconds
+	TolerationSeconds *ZoneTolerationSeconds `json:"tolerationSeconds,omitempty"`
+
+	// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this zone tolerations items0
+func (m *ZoneTolerationsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateTolerationSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationsItems0) validateTolerationSeconds(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TolerationSeconds) { // not required
+		return nil
+	}
+
+	if m.TolerationSeconds != nil {
+		if err := m.TolerationSeconds.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tolerationSeconds")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneTolerationsItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneTolerationsItems0) UnmarshalBinary(b []byte) error {
+	var res ZoneTolerationsItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_update_request.go

@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneUpdateRequest zone update request
+//
+// swagger:model zoneUpdateRequest
+type ZoneUpdateRequest struct {
+
+	// zones
+	// Required: true
+	Zones []*Zone `json:"zones"`
+}
+
+// Validate validates this zone update request
+func (m *ZoneUpdateRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateZones(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneUpdateRequest) validateZones(formats strfmt.Registry) error {
+
+	if err := validate.Required("zones", "body", m.Zones); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.Zones); i++ {
+		if swag.IsZero(m.Zones[i]) { // not required
+			continue
+		}
+
+		if m.Zones[i] != nil {
+			if err := m.Zones[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("zones" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneUpdateRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneUpdateRequest) UnmarshalBinary(b []byte) error {
+	var res ZoneUpdateRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

pkg/acl/config.go

@@ -0,0 +1,28 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package acl
+
+import (
+	"strings"
+
+	"github.com/minio/minio/pkg/env"
+)
+
+// GetOperatorMode gets Console Operator mode status set on env variable or default one
+func GetOperatorMode() bool {
+	return strings.ToLower(env.Get(consoleOperatorMode, "off")) == "on"
+}

pkg/acl/const.go

@@ -14,11 +14,8 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package jwt
+package acl
 
 const (
-	McsHmacJWTSecret            = "MCS_HMAC_JWT_SECRET"
-	McsSTSAndJWTDurationSeconds = "MCS_STS_AND_JWT_DURATION_SECONDS"
-	McsPBKDFPassphrase          = "MCS_PBKDF_PASSPHRASE"
-	McsPBKDFSalt                = "MCS_PBKDF_SALT"
+	consoleOperatorMode = "CONSOLE_OPERATOR_MODE"
 )

pkg/acl/endpoints.go

@@ -0,0 +1,315 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package acl
+
+import (
+	iampolicy "github.com/minio/minio/pkg/iam/policy"
+)
+
+// endpoints definition
+var (
+	configuration   = "/configurations-list"
+	users           = "/users"
+	groups          = "/groups"
+	iamPolicies     = "/policies"
+	dashboard       = "/dashboard"
+	profiling       = "/profiling"
+	trace           = "/trace"
+	logs            = "/logs"
+	watch           = "/watch"
+	notifications   = "/notification-endpoints"
+	buckets         = "/buckets"
+	bucketsDetail   = "/buckets/:bucketName"
+	serviceAccounts = "/service-accounts"
+	tenants         = "/tenants"
+	tenantsDetail   = "/tenants/:tenantName"
+	heal            = "/heal"
+)
+
+type ConfigurationActionSet struct {
+	actionTypes iampolicy.ActionSet
+	actions     iampolicy.ActionSet
+}
+
+// configurationActionSet contains the list of admin actions required for this endpoint to work
+var configurationActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ConfigUpdateAdminAction,
+	),
+}
+
+// logsActionSet contains the list of admin actions required for this endpoint to work
+var logsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ConsoleLogAdminAction,
+	),
+}
+
+// dashboardActionSet contains the list of admin actions required for this endpoint to work
+var dashboardActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ServerInfoAdminAction,
+	),
+}
+
+// groupsActionSet contains the list of admin actions required for this endpoint to work
+var groupsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ListGroupsAdminAction,
+		iampolicy.AddUserToGroupAdminAction,
+		//iampolicy.GetGroupAdminAction,
+		iampolicy.EnableGroupAdminAction,
+		iampolicy.DisableGroupAdminAction,
+	),
+}
+
+// iamPoliciesActionSet contains the list of admin actions required for this endpoint to work
+var iamPoliciesActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.GetPolicyAdminAction,
+		iampolicy.DeletePolicyAdminAction,
+		iampolicy.CreatePolicyAdminAction,
+		iampolicy.AttachPolicyAdminAction,
+		iampolicy.ListUserPoliciesAdminAction,
+	),
+}
+
+// profilingActionSet contains the list of admin actions required for this endpoint to work
+var profilingActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ProfilingAdminAction,
+	),
+}
+
+// traceActionSet contains the list of admin actions required for this endpoint to work
+var traceActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.TraceAdminAction,
+	),
+}
+
+// usersActionSet contains the list of admin actions required for this endpoint to work
+var usersActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ListUsersAdminAction,
+		iampolicy.CreateUserAdminAction,
+		iampolicy.DeleteUserAdminAction,
+		iampolicy.GetUserAdminAction,
+		iampolicy.EnableUserAdminAction,
+		iampolicy.DisableUserAdminAction,
+	),
+}
+
+// watchActionSet contains the list of admin actions required for this endpoint to work
+var watchActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ListenBucketNotificationAction,
+	),
+}
+
+// notificationsActionSet contains the list of admin actions required for this endpoint to work
+var notificationsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ListenBucketNotificationAction,
+		iampolicy.PutBucketNotificationAction,
+		iampolicy.GetBucketNotificationAction,
+	),
+}
+
+// bucketsActionSet contains the list of admin actions required for this endpoint to work
+var bucketsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllActions,
+	),
+	actions: iampolicy.NewActionSet(
+		// Read access to buckets
+		iampolicy.ListMultipartUploadPartsAction,
+		iampolicy.ListBucketMultipartUploadsAction,
+		iampolicy.ListBucketAction,
+		iampolicy.HeadBucketAction,
+		iampolicy.GetObjectAction,
+		iampolicy.GetBucketLocationAction,
+		// Write access to buckets
+		iampolicy.AbortMultipartUploadAction,
+		iampolicy.CreateBucketAction,
+		iampolicy.PutObjectAction,
+		iampolicy.DeleteObjectAction,
+		iampolicy.DeleteBucketAction,
+		// Assign bucket policies
+		iampolicy.PutBucketPolicyAction,
+		iampolicy.DeleteBucketPolicyAction,
+		iampolicy.GetBucketPolicyAction,
+	),
+}
+
+// serviceAccountsActionSet no actions needed for this module to work
+var serviceAccountsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
+}
+
+// tenantsActionSet temporally no actions needed for tenants sections to work
+var tenantsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
+}
+
+// healActionSet contains the list of admin actions required for this endpoint to work
+var healActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.HealAdminAction,
+	),
+}
+
+// endpointRules contains the mapping between endpoints and ActionSets, additional rules can be added here
+var endpointRules = map[string]ConfigurationActionSet{
+	configuration:   configurationActionSet,
+	users:           usersActionSet,
+	groups:          groupsActionSet,
+	iamPolicies:     iamPoliciesActionSet,
+	dashboard:       dashboardActionSet,
+	profiling:       profilingActionSet,
+	trace:           traceActionSet,
+	logs:            logsActionSet,
+	watch:           watchActionSet,
+	notifications:   notificationsActionSet,
+	buckets:         bucketsActionSet,
+	bucketsDetail:   bucketsActionSet,
+	serviceAccounts: serviceAccountsActionSet,
+	heal:            healActionSet,
+}
+
+// operatorRules contains the mapping between endpoints and ActionSets for operator only mode
+var operatorRules = map[string]ConfigurationActionSet{
+	tenants:       tenantsActionSet,
+	tenantsDetail: tenantsActionSet,
+}
+
+// operatorOnly ENV variable
+var operatorOnly = GetOperatorMode()
+
+// GetActionsStringFromPolicy extract the admin/s3 actions from a given policy and return them in []string format
+//
+// ie:
+//	{
+//		"Version": "2012-10-17",
+//		"Statement": [{
+//				"Action": [
+//					"admin:ServerInfo",
+//					"admin:CreatePolicy",
+//					"admin:GetUser"
+//				],
+//				...
+//			},
+//			{
+//				"Action": [
+//					"s3:ListenBucketNotification",
+//					"s3:PutBucketNotification"
+//				],
+//				...
+//			}
+//		]
+//	}
+// Will produce an array like: ["admin:ServerInfo", "admin:CreatePolicy", "admin:GetUser", "s3:ListenBucketNotification", "s3:PutBucketNotification"]\
+func GetActionsStringFromPolicy(policy *iampolicy.Policy) []string {
+	var actions []string
+	for _, statement := range policy.Statements {
+		// We only care about allowed actions
+		if statement.Effect.IsAllowed(true) {
+			for _, action := range statement.Actions.ToSlice() {
+				actions = append(actions, string(action))
+			}
+		}
+	}
+	return actions
+}
+
+// actionsStringToActionSet convert a given string array to iampolicy.ActionSet structure
+// this avoids ending with duplicate actions
+func actionsStringToActionSet(actions []string) iampolicy.ActionSet {
+	actionsSet := iampolicy.ActionSet{}
+	for _, action := range actions {
+		actionsSet.Add(iampolicy.Action(action))
+	}
+	return actionsSet
+}
+
+// GetAuthorizedEndpoints return a list of allowed endpoint based on a provided *iampolicy.Policy
+// ie: pages the user should have access based on his current privileges
+func GetAuthorizedEndpoints(actions []string) []string {
+	rangeTake := endpointRules
+
+	if operatorOnly {
+		rangeTake = operatorRules
+	}
+
+	if len(actions) == 0 {
+		return []string{}
+	}
+	// Prepare new ActionSet structure that will hold all the user actions
+	userAllowedAction := actionsStringToActionSet(actions)
+	allowedEndpoints := []string{}
+	for endpoint, rules := range rangeTake {
+		// check if user policy matches s3:* or admin:* typesIntersection
+		endpointActionTypes := rules.actionTypes
+		typesIntersection := endpointActionTypes.Intersection(userAllowedAction)
+		if len(typesIntersection) == len(endpointActionTypes.ToSlice()) {
+			allowedEndpoints = append(allowedEndpoints, endpoint)
+			continue
+		}
+		// check if user policy matches explicitly defined endpoint required actions
+		endpointRequiredActions := rules.actions
+		actionsIntersection := endpointRequiredActions.Intersection(userAllowedAction)
+		if len(actionsIntersection) == len(endpointRequiredActions.ToSlice()) {
+			allowedEndpoints = append(allowedEndpoints, endpoint)
+		}
+	}
+	return allowedEndpoints
+}

pkg/acl/endpoints_test.go

@@ -0,0 +1,190 @@
+// This file is part of MinIO Orchestrator
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package acl
+
+import (
+	"reflect"
+	"testing"
+
+	iampolicy "github.com/minio/minio/pkg/iam/policy"
+)
+
+type args struct {
+	actions []string
+}
+
+type endpoint struct {
+	name string
+	args args
+	want int
+}
+
+func validateEndpoints(t *testing.T, configs []endpoint) {
+	for _, tt := range configs {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := GetAuthorizedEndpoints(tt.args.actions); !reflect.DeepEqual(len(got), tt.want) {
+				t.Errorf("GetAuthorizedEndpoints() = %v, want %v", len(got), tt.want)
+			}
+		})
+	}
+}
+
+func TestGetAuthorizedEndpoints(t *testing.T) {
+	tests := []endpoint{
+		{
+			name: "dashboard endpoint",
+			args: args{
+				[]string{"admin:ServerInfo"},
+			},
+			want: 2,
+		},
+		{
+			name: "policies endpoint",
+			args: args{
+				[]string{
+					"admin:CreatePolicy",
+					"admin:DeletePolicy",
+					"admin:GetPolicy",
+					"admin:AttachUserOrGroupPolicy",
+					"admin:ListUserPolicies",
+				},
+			},
+			want: 2,
+		},
+		{
+			name: "all admin endpoints",
+			args: args{
+				[]string{
+					"admin:*",
+				},
+			},
+			want: 11,
+		},
+		{
+			name: "all s3 endpoints",
+			args: args{
+				[]string{
+					"s3:*",
+				},
+			},
+			want: 4,
+		},
+		{
+			name: "all admin and s3 endpoints",
+			args: args{
+				[]string{
+					"admin:*",
+					"s3:*",
+				},
+			},
+			want: 14,
+		},
+		{
+			name: "no endpoints",
+			args: args{
+				[]string{},
+			},
+			want: 0,
+		},
+	}
+
+	validateEndpoints(t, tests)
+}
+
+func TestOperatorOnlyEndpoints(t *testing.T) {
+	operatorOnly = true
+
+	tests := []endpoint{
+		{
+			name: "Operator Only - all admin endpoints",
+			args: args{
+				[]string{
+					"admin:*",
+				},
+			},
+			want: 2,
+		},
+		{
+			name: "Operator Only - all s3 endpoints",
+			args: args{
+				[]string{
+					"s3:*",
+				},
+			},
+			want: 2,
+		},
+		{
+			name: "Operator Only - all admin and s3 endpoints",
+			args: args{
+				[]string{
+					"admin:*",
+					"s3:*",
+				},
+			},
+			want: 2,
+		},
+		{
+			name: "Operator Only - no endpoints",
+			args: args{
+				[]string{},
+			},
+			want: 0,
+		},
+	}
+
+	validateEndpoints(t, tests)
+}
+
+func TestGetActionsStringFromPolicy(t *testing.T) {
+	type args struct {
+		policy *iampolicy.Policy
+	}
+	tests := []struct {
+		name string
+		args args
+		want int
+	}{
+		{
+			name: "parse ReadOnly policy",
+			args: args{
+				policy: &iampolicy.ReadOnly,
+			},
+			want: 2,
+		},
+		{
+			name: "parse WriteOnly policy",
+			args: args{
+				policy: &iampolicy.WriteOnly,
+			},
+			want: 1,
+		},
+		{
+			name: "parse AdminDiagnostics policy",
+			args: args{
+				policy: &iampolicy.AdminDiagnostics,
+			},
+			want: 6,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := GetActionsStringFromPolicy(tt.args.policy); !reflect.DeepEqual(len(got), tt.want) {
+				t.Errorf("GetActionsStringFromPolicy() = %v, want %v", len(got), tt.want)
+			}
+		})
+	}
+}

pkg/apis/networking.gke.io/v1beta1/doc.go

@@ -0,0 +1,21 @@
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package,register
+
+// Package v1beta1 is v1beta1 version of the API.
+// +groupName=networking.gke.io
+package v1beta1

pkg/apis/networking.gke.io/v1beta1/register.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: "networking.gke.io", Version: "v1beta1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// SchemeBuilder points to a list of functions added to Scheme.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	// AddToScheme applies all stored functions to Scheme.
+	AddToScheme = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to api.Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&ManagedCertificate{},
+		&ManagedCertificateList{},
+	)
+	v1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/networking.gke.io/v1beta1/types.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ManagedCertificateList is a list of ManagedCertificate objects.
+type ManagedCertificateList struct {
+	metav1.TypeMeta `json:",inline"`
+	// metdata is the standard list metadata.
+	// +optional
+	metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
+
+	// items is the list of managed certificate objects.
+	Items []ManagedCertificate `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ManagedCertificate configures the domains for which client requests a managed certificate. It also provides the current status of the certficate.
+type ManagedCertificate struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// Specification of the managed certificate.
+	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.
+	// +optional
+	Spec ManagedCertificateSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+
+	// Current information about the managed certificate.
+	// +optional
+	Status ManagedCertificateStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+}
+
+// ManagedCertificateSpec configures the domains for which client requests a managed certificate.
+type ManagedCertificateSpec struct {
+	// Specifies a list of domains populated by the user for which he requests a managed certificate.
+	Domains []string `json:"domains" protobuf:"bytes,2,rep,name=domains"`
+}
+
+// ManagedCertificateStatus provides the current state of the certificate.
+type ManagedCertificateStatus struct {
+	// Specifies the status of the managed certificate.
+	// +optional
+	CertificateStatus string `json:"certificateStatus,omitempty" protobuf:"bytes,2,opt,name=certificateStatus"`
+
+	// Specifies the status of certificate provisioning for domains selected by the user.
+	DomainStatus []DomainStatus `json:"domainStatus" protobuf:"bytes,3,rep,name=domainStatus"`
+
+	// Specifies the name of the provisioned managed certificate.
+	// +optional
+	CertificateName string `json:"certificateName,omitempty" protobuf:"bytes,4,opt,name=certificateName"`
+
+	// Specifies the expire time of the provisioned managed certificate.
+	// +optional
+	ExpireTime string `json:"expireTime,omitempty" protobuf:"bytes,5,opt,name=expireTime"`
+}
+
+// DomainStatus is a pair which associates domain name with status of certificate provisioning for this domain.
+type DomainStatus struct {
+	// The domain name.
+	Domain string `json:"domain" protobuf:"bytes,1,name=domain"`
+
+	// The status.
+	Status string `json:"status" protobuf:"bytes,2,name=status"`
+}

pkg/apis/networking.gke.io/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,144 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1beta1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DomainStatus) DeepCopyInto(out *DomainStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainStatus.
+func (in *DomainStatus) DeepCopy() *DomainStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(DomainStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificate) DeepCopyInto(out *ManagedCertificate) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificate.
+func (in *ManagedCertificate) DeepCopy() *ManagedCertificate {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificate)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManagedCertificate) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateList) DeepCopyInto(out *ManagedCertificateList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ManagedCertificate, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateList.
+func (in *ManagedCertificateList) DeepCopy() *ManagedCertificateList {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManagedCertificateList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateSpec) DeepCopyInto(out *ManagedCertificateSpec) {
+	*out = *in
+	if in.Domains != nil {
+		in, out := &in.Domains, &out.Domains
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateSpec.
+func (in *ManagedCertificateSpec) DeepCopy() *ManagedCertificateSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateStatus) DeepCopyInto(out *ManagedCertificateStatus) {
+	*out = *in
+	if in.DomainStatus != nil {
+		in, out := &in.DomainStatus, &out.DomainStatus
+		*out = make([]DomainStatus, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateStatus.
+func (in *ManagedCertificateStatus) DeepCopy() *ManagedCertificateStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateStatus)
+	in.DeepCopyInto(out)
+	return out
+}

pkg/apis/networking.gke.io/v1beta2/doc.go

@@ -0,0 +1,21 @@
+/*
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package,register
+
+// Package v1beta2 is v1beta2 version of the API.
+// +groupName=networking.gke.io
+package v1beta2

pkg/apis/networking.gke.io/v1beta2/register.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: "networking.gke.io", Version: "v1beta2"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// SchemeBuilder points to a list of functions added to Scheme.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	// AddToScheme applies all stored functions to Scheme.
+	AddToScheme = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to api.Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&ManagedCertificate{},
+		&ManagedCertificateList{},
+	)
+	v1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

pkg/apis/networking.gke.io/v1beta2/types.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ManagedCertificateList is a list of ManagedCertificate objects.
+type ManagedCertificateList struct {
+	metav1.TypeMeta `json:",inline"`
+	// metdata is the standard list metadata.
+	// +optional
+	metav1.ListMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"`
+
+	// items is the list of managed certificate objects.
+	Items []ManagedCertificate `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ManagedCertificate configures the domains for which client requests a managed certificate. It also provides the current status of the certficate.
+type ManagedCertificate struct {
+	metav1.TypeMeta `json:",inline"`
+	// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// Specification of the managed certificate.
+	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status.
+	// +optional
+	Spec ManagedCertificateSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+
+	// Current information about the managed certificate.
+	// +optional
+	Status ManagedCertificateStatus `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"`
+}
+
+// ManagedCertificateSpec configures the domains for which client requests a managed certificate.
+type ManagedCertificateSpec struct {
+	// Specifies a list of domains populated by the user for which he requests a managed certificate.
+	Domains []string `json:"domains" protobuf:"bytes,2,rep,name=domains"`
+}
+
+// ManagedCertificateStatus provides the current state of the certificate.
+type ManagedCertificateStatus struct {
+	// Specifies the status of the managed certificate.
+	// +optional
+	CertificateStatus string `json:"certificateStatus,omitempty" protobuf:"bytes,2,opt,name=certificateStatus"`
+
+	// Specifies the status of certificate provisioning for domains selected by the user.
+	DomainStatus []DomainStatus `json:"domainStatus" protobuf:"bytes,3,rep,name=domainStatus"`
+
+	// Specifies the name of the provisioned managed certificate.
+	// +optional
+	CertificateName string `json:"certificateName,omitempty" protobuf:"bytes,4,opt,name=certificateName"`
+
+	// Specifies the expire time of the provisioned managed certificate.
+	// +optional
+	ExpireTime string `json:"expireTime,omitempty" protobuf:"bytes,5,opt,name=expireTime"`
+}
+
+// DomainStatus is a pair which associates domain name with status of certificate provisioning for this domain.
+type DomainStatus struct {
+	// The domain name.
+	Domain string `json:"domain" protobuf:"bytes,1,name=domain"`
+
+	// The status.
+	Status string `json:"status" protobuf:"bytes,2,name=status"`
+}

pkg/apis/networking.gke.io/v1beta2/zz_generated.deepcopy.go

@@ -0,0 +1,144 @@
+// +build !ignore_autogenerated
+
+/*
+Copyright 2020 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1beta2
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *DomainStatus) DeepCopyInto(out *DomainStatus) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DomainStatus.
+func (in *DomainStatus) DeepCopy() *DomainStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(DomainStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificate) DeepCopyInto(out *ManagedCertificate) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	in.Status.DeepCopyInto(&out.Status)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificate.
+func (in *ManagedCertificate) DeepCopy() *ManagedCertificate {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificate)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManagedCertificate) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateList) DeepCopyInto(out *ManagedCertificateList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ManagedCertificate, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateList.
+func (in *ManagedCertificateList) DeepCopy() *ManagedCertificateList {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ManagedCertificateList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateSpec) DeepCopyInto(out *ManagedCertificateSpec) {
+	*out = *in
+	if in.Domains != nil {
+		in, out := &in.Domains, &out.Domains
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateSpec.
+func (in *ManagedCertificateSpec) DeepCopy() *ManagedCertificateSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ManagedCertificateStatus) DeepCopyInto(out *ManagedCertificateStatus) {
+	*out = *in
+	if in.DomainStatus != nil {
+		in, out := &in.DomainStatus, &out.DomainStatus
+		*out = make([]DomainStatus, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedCertificateStatus.
+func (in *ManagedCertificateStatus) DeepCopy() *ManagedCertificateStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(ManagedCertificateStatus)
+	in.DeepCopyInto(out)
+	return out
+}

pkg/auth/idp.go

@@ -19,7 +19,7 @@ package auth
 import (
 	"context"
 
-	"github.com/minio/mcs/pkg/auth/idp/oauth2"
+	"github.com/minio/console/pkg/auth/idp/oauth2"
 )
 
 // IdentityProviderClient interface with all functions to be implemented