Correcting doc links on Configuration pages

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>

.github/workflows/deploy-tenant.sh

@@ -65,7 +65,7 @@ function main() {
 
     check_tenant_status tenant-lite storage-lite
 
-    kubectl -n minio-operator port-forward svc/console 9090 &
+    kubectl proxy &
 }
 
 main "$@"

.github/workflows/jobs.yaml

@@ -578,6 +578,210 @@ jobs:
           make cleanup-permissions
 
 
+  all-permissions-4:
+    name: Permissions Tests Part 4
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 5
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-4/ --skip-js-errors'
+
+  all-permissions-5:
+    name: Permissions Tests Part 5
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-5/ --skip-js-errors'
+
+  all-permissions-6:
+    name: Permissions Tests Part 6
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-6/ --skip-js-errors'
 
   all-operator-tests:
     name: Operator UI Tests
@@ -1142,7 +1346,7 @@ jobs:
           result=${result%\%}
           echo "result:"
           echo $result
-          threshold=54.00
+          threshold=41.2
           if (( $(echo "$result >= $threshold" |bc -l) )); then
             echo "It is equal or greater than threshold, passed!"
           else

.gitignore

@@ -19,6 +19,7 @@ vendor/
 
 # Ignore executables
 target/
+!pkg/logger/target/
 console
 !console/
 

Makefile

@@ -182,7 +182,7 @@ test-sso-integration:
 test-operator-integration:
 	@(echo "Start cd operator-integration && go test:")
 	@(pwd)
-	@(cd operator-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./operator-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/operator-api.out)
+	@(cd operator-integration && go test -coverpkg=../operatorapi -c -tags testrunmain . && mkdir -p coverage && ./operator-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/operator-api.out)
 
 test-operator:
 	@(env bash $(PWD)/portal-ui/tests/scripts/operator.sh)

cluster/config.go

@@ -23,6 +23,8 @@ import (
 	"strings"
 	"time"
 
+	xhttp "github.com/minio/console/pkg/http"
+
 	"github.com/minio/console/pkg/utils"
 
 	"github.com/minio/pkg/env"
@@ -68,7 +70,7 @@ func GetMinioImage() (*string, error) {
 		return &image, nil
 	}
 	latestMinIOImage, errLatestMinIOImage := utils.GetLatestMinIOImage(
-		&utils.HTTPClient{
+		&xhttp.Client{
 			Client: &http.Client{
 				Timeout: 5 * time.Second,
 			},

cmd/console/app_commands.go

@@ -20,10 +20,14 @@
 package main
 
 import (
+	"context"
+	"fmt"
 	"os"
 	"strconv"
 	"time"
 
+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -36,15 +40,28 @@ var appCmds = []cli.Command{
 
 // StartServer starts the console service
 func StartServer(ctx *cli.Context) error {
-	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
-		return startOperatorServer(ctx)
-	}
 
+	// Load all certificates
 	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
 		restapi.LogError("Unable to load certs: %v", err)
 	}
 
+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
+	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
+		return startOperatorServer(ctx)
+	}
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)

cmd/console/app_commands_noop.go

@@ -20,9 +20,13 @@
 package main
 
 import (
+	"context"
+	"fmt"
 	"strconv"
 	"time"
 
+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -39,6 +43,17 @@ func StartServer(ctx *cli.Context) error {
 		restapi.LogError("Unable to load certs: %v", err)
 	}
 
+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)

cmd/console/operator.go

@@ -2,7 +2,7 @@
 // +build operator
 
 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2022 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -20,6 +20,7 @@
 package main
 
 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
@@ -27,6 +28,8 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/console/restapi"
 
 	"github.com/go-openapi/loads"
@@ -106,7 +109,7 @@ func buildOperatorServer() (*operatorapi.Server, error) {
 	}
 
 	api := operations.NewOperatorAPI(swaggerSpec)
-	api.Logger = operatorapi.LogInfo
+	api.Logger = restapi.LogInfo
 	server := operatorapi.NewServer(api)
 
 	parser := flags.NewParser(server, flags.Default)
@@ -147,7 +150,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 	}
 
 	// load the certificates and the CAs
-	operatorapi.GlobalRootCAs, operatorapi.GlobalPublicCerts, operatorapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
 	if err != nil {
 		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
 	}
@@ -159,12 +162,12 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		swaggerServerCACertificate := ctx.String("tls-ca")
 		// load tls cert and key from swagger server tls-certificate and tls-key flags
 		if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
-			if err = operatorapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
+			if err = restapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
 				return err
 			}
 			x509Certs, err := certs.ParsePublicCertFile(swaggerServerCertificate)
 			if err == nil {
-				operatorapi.GlobalPublicCerts = append(operatorapi.GlobalPublicCerts, x509Certs...)
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs...)
 			}
 		}
 
@@ -172,7 +175,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		if swaggerServerCACertificate != "" {
 			caCert, caCertErr := ioutil.ReadFile(swaggerServerCACertificate)
 			if caCertErr == nil {
-				operatorapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+				restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
 			}
 		}
 	}
@@ -186,20 +189,32 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 
 // StartServer starts the console service
 func startOperatorServer(ctx *cli.Context) error {
-	if err := loadOperatorAllCerts(ctx); err != nil {
+
+	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
-		operatorapi.LogError("Unable to load certs: %v", err)
+		restapi.LogError("Unable to load certs: %v", err)
 	}
 
+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx operatorapi.Context
 	if err := rctx.Load(ctx); err != nil {
-		operatorapi.LogError("argument validation failed: %v", err)
+		restapi.LogError("argument validation failed: %v", err)
 		return err
 	}
 
 	server, err := buildOperatorServer()
 	if err != nil {
-		operatorapi.LogError("Unable to initialize console server: %v", err)
+		restapi.LogError("Unable to initialize console server: %v", err)
 		return err
 	}
 
@@ -212,7 +227,7 @@ func startOperatorServer(ctx *cli.Context) error {
 	operatorapi.Port = strconv.Itoa(server.Port)
 	operatorapi.Hostname = server.Host
 
-	if len(operatorapi.GlobalPublicCerts) > 0 {
+	if len(restapi.GlobalPublicCerts) > 0 {
 		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
 		server.EnabledListeners = []string{"http", "https"}

go.mod

@@ -6,46 +6,48 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cheggaaa/pb/v3 v3.0.8
 	github.com/dustin/go-humanize v1.0.0
+	github.com/fatih/color v1.13.0
 	github.com/go-openapi/errors v0.20.2
 	github.com/go-openapi/loads v0.21.1
-	github.com/go-openapi/runtime v0.23.1
-	github.com/go-openapi/spec v0.20.4
+	github.com/go-openapi/runtime v0.23.3
+	github.com/go-openapi/spec v0.20.5
 	github.com/go-openapi/strfmt v0.21.2
 	github.com/go-openapi/swag v0.21.1
 	github.com/go-openapi/validate v0.21.0
-	github.com/golang-jwt/jwt/v4 v4.3.0
+	github.com/golang-jwt/jwt/v4 v4.4.1
+	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/jessevdk/go-flags v1.5.0
-	github.com/klauspost/compress v1.14.4
+	github.com/klauspost/compress v1.15.1
 	github.com/minio/cli v1.22.0
-	github.com/minio/kes v0.18.0
-	github.com/minio/madmin-go v1.3.5
-	github.com/minio/mc v0.0.0-20220302011226-f13defa54577
-	github.com/minio/minio-go/v7 v7.0.23
-	github.com/minio/operator v0.0.0-20220408011517-5adaef906d93
-	github.com/minio/pkg v1.1.20
+	github.com/minio/highwayhash v1.0.2
+	github.com/minio/kes v0.19.2
+	github.com/minio/madmin-go v1.3.12
+	github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82
+	github.com/minio/minio-go/v7 v7.0.24
+	github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2
+	github.com/minio/pkg v1.1.21
 	github.com/minio/selfupdate v0.4.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/rs/xid v1.3.0
+	github.com/rs/xid v1.4.0
 	github.com/secure-io/sio-go v0.3.1
-	github.com/stretchr/testify v1.7.0
+	github.com/stretchr/testify v1.7.1
 	github.com/tidwall/gjson v1.14.0
 	github.com/unrolled/secure v1.10.0
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
-	golang.org/x/net v0.0.0-20220225172249-27dd8689420f
-	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
+	golang.org/x/net v0.0.0-20220421235706-1d1ef9303861
+	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.23.4
-	k8s.io/apimachinery v0.23.4
-	k8s.io/client-go v0.23.4
+	k8s.io/api v0.23.5
+	k8s.io/apimachinery v0.23.5
+	k8s.io/client-go v0.23.5
 )
 
 require (
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/briandowns/spinner v1.18.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/charmbracelet/bubbles v0.10.3 // indirect
 	github.com/charmbracelet/bubbletea v0.20.0 // indirect
@@ -58,7 +60,6 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/fatih/color v1.13.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/gdamore/tcell/v2 v2.4.1-0.20210905002822-f057f0a857a1 // indirect
@@ -66,7 +67,7 @@ require (
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/goccy/go-json v0.9.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -75,7 +76,6 @@ require (
 	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -97,8 +97,7 @@ require (
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/minio/argon2 v1.0.0 // indirect
-	github.com/minio/colorjson v1.0.1 // indirect
+	github.com/minio/colorjson v1.0.2 // indirect
 	github.com/minio/filepath v1.0.0 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
@@ -111,7 +110,7 @@ require (
 	github.com/navidys/tvxwidgets v0.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/philhofer/fwd v1.1.1 // indirect
+	github.com/philhofer/fwd v1.1.2-0.20210722190033-5c56ac6d0bb9 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/xattr v0.4.5 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -128,7 +127,7 @@ require (
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	github.com/tinylib/msgp v1.1.6 // indirect
+	github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e // indirect
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
@@ -140,7 +139,7 @@ require (
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect

go.sum

@@ -26,6 +26,7 @@ cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4g
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
@@ -46,10 +47,9 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
-github.com/PuerkitoBio/purell v1.1.1 h1:WEQqlqaGbrPkxLJWfBwQmfEAE1Z7ONdDLqrN38tNFfI=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 h1:d+Bc7a5rLufV/sSk/8dngufqelfh6jnri85riMAaF/M=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow=
 github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4=
@@ -59,6 +59,9 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
+github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
+github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ=
@@ -70,8 +73,12 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/briandowns/spinner v1.18.1 h1:yhQmQtM1zsqFsouh09Bk/jCjd50pC3EOGsh28gLVvwY=
+github.com/briandowns/spinner v1.18.1/go.mod h1:mQak9GHqbspjC/5iUx3qMlIho8xBS/ppAL/hX5SmPJU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
@@ -105,9 +112,9 @@ github.com/containerd/console v1.0.3 h1:lIr7SlA5PxZyMV30bDW0MGbiOPXwc63yRuCP0ARu
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
 github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -136,6 +143,7 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/fatih/color v1.10.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
 github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
@@ -168,6 +176,7 @@ github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTg
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.2 h1:ahHml/yUpnlb96Rp8HCvtYVPY8ZYpxq3g7UYchIYwbs=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
 github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/analysis v0.21.2 h1:hXFrOYFHUAMQdu6zwAiKKJHJQ8kqZs1ux/ru1P1wLJU=
@@ -180,14 +189,16 @@ github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34
 github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
-github.com/go-openapi/jsonreference v0.19.6 h1:UBIxjkht+AWIgYzCDSv2GN+E/togfwXUJFRTWhl2Jjs=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
+github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
+github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
 github.com/go-openapi/loads v0.21.1 h1:Wb3nVZpdEzDTcly8S4HMkey6fjARRzb7iEaySimlDW0=
 github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
-github.com/go-openapi/runtime v0.23.1 h1:/Drg9R96eMmgKJHVWZADz78XbE39/6QiIiB45mc+epo=
-github.com/go-openapi/runtime v0.23.1/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
-github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M=
+github.com/go-openapi/runtime v0.23.3 h1:/dxjx4KCOQI5ImBMz036F6v/DzZ2NUjSRvbLJs1rgoE=
+github.com/go-openapi/runtime v0.23.3/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
 github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
+github.com/go-openapi/spec v0.20.5 h1:skHa8av4VnAtJU5zyAUXrrdK/NDiVX8lchbG+BfcdrE=
+github.com/go-openapi/spec v0.20.5/go.mod h1:QbfOSIVt3/sac+a1wzmKbbcLXm5NdZnyBZYtCijp43o=
 github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
 github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
 github.com/go-openapi/strfmt v0.21.2 h1:5NDNgadiX1Vhemth/TH4gCGopWSTdDjxl60H3B7f+os=
@@ -234,8 +245,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
-github.com/golang-jwt/jwt/v4 v4.3.0 h1:kHL1vqdqWNfATmA0FNMdmZNMyZI1U6O31X4rlIPoBog=
-github.com/golang-jwt/jwt/v4 v4.3.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
+github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -316,6 +327,7 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c
 github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20220104163920-15ed2e8cf2bd/go.mod h1:cz9oNYuRUWGdHmLF2IodMLkAhcPtXeULvcBNagUrxTI=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
@@ -324,14 +336,30 @@ github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/ad
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
+github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
 github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
+github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
+github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
+github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
+github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
+github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
+github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
+github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
+github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
+github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
+github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
+github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
@@ -345,7 +373,6 @@ github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8Hm
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -359,9 +386,10 @@ github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaR
 github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
-github.com/klauspost/compress v1.14.4 h1:eijASRJcobkVtSt81Olfh7JX43osYLwy5krOJo6YEu4=
-github.com/klauspost/compress v1.14.4/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.15.1 h1:y9FcTHGyrebwfP0ZZqFiaxTaiDnUrGkJkI+f583BL1A=
+github.com/klauspost/compress v1.15.1/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
@@ -371,6 +399,7 @@ github.com/klauspost/cpuid/v2 v2.0.11/go.mod h1:g2LTdtYhdyuGPqyWyv7qRAmj1WBqxuOb
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -400,7 +429,7 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69
 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
 github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
-github.com/magefile/mage v1.10.0/go.mod h1:z5UZb/iS3GoOSn0JgWuiw7dxlurVYTu+/jHXqQg881A=
+github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@@ -408,6 +437,8 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
+github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
@@ -415,6 +446,7 @@ github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZb
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
 github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E=
+github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
@@ -430,39 +462,47 @@ github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI=
 github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
-github.com/minio/argon2 v1.0.0 h1:cLB/fl0EeBqiDYhsIzIPTdLZhCykRrvdx3Eu3E5oqsE=
+github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/minio/argon2 v1.0.0/go.mod h1:XtOGJ7MjwUJDPtCqqrisx5QwVB/jDx+adQHigJVsQHQ=
 github.com/minio/cli v1.22.0 h1:VTQm7lmXm3quxO917X3p+el1l0Ca5X3S4PM2ruUYO68=
 github.com/minio/cli v1.22.0/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY=
-github.com/minio/colorjson v1.0.1 h1:+hvfP8C1iMB95AT+ZFDRE+Knn9QPd9lg0CRJY9DRpos=
-github.com/minio/colorjson v1.0.1/go.mod h1:oPM3zQQY8Gz9NGtgvuBEjQ+gPZLKAGc7T+kjMlwtOgs=
+github.com/minio/colorjson v1.0.2 h1:Em3IM68MTm3h+Oxa0nxrV9VQqDgbxvC5iq5A+pqzDeI=
+github.com/minio/colorjson v1.0.2/go.mod h1:JWxcL2n8T8JVf+NY6awl6kn5nK49aAzHOeQEM33dL0k=
 github.com/minio/filepath v1.0.0 h1:fvkJu1+6X+ECRA6G3+JJETj4QeAYO9sV43I79H8ubDY=
 github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEXx9T/Bw=
-github.com/minio/kes v0.18.0 h1:HryN2oAXc/xCwr+LzsU+P/xnrsLuIRJBun3EU8PuJaw=
-github.com/minio/kes v0.18.0/go.mod h1:zrimNafasyumYOBjHonPLLIUgCuRzCef0uQ6IojITZA=
-github.com/minio/madmin-go v1.3.5 h1:YbDc4Q1oAjeGCss1u4j29kVgwJDLzoohgIGebAaLBXc=
+github.com/minio/highwayhash v1.0.2 h1:Aak5U0nElisjDCfPSG79Tgzkn2gl66NxOMspRrKnA/g=
+github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLTk+kldvVxY=
+github.com/minio/kes v0.19.2 h1:0kdMAgLMSkiDA33k8pMHC7d6erDuseuLrZF+N3017SM=
+github.com/minio/kes v0.19.2/go.mod h1:X2fMkDbAkjbSKDGOQZvyPkHxoG7nuzP6R78Jw+TzXtM=
 github.com/minio/madmin-go v1.3.5/go.mod h1:vGKGboQgGIWx4DuDUaXixjlIEZOCIp6ivJkQoiVaACc=
-github.com/minio/mc v0.0.0-20220302011226-f13defa54577 h1:ZWkSq/Ofoz7fX4syAscCg66Ie6oV5plYFTXAieYRRDg=
-github.com/minio/mc v0.0.0-20220302011226-f13defa54577/go.mod h1:lomZcm7bdn9Og7UBKBqu//8YPmWAhhMNlnkIAHmwcS8=
+github.com/minio/madmin-go v1.3.12 h1:7SmK/KtT7+d3hn3VcYBqI/c4yETfXV9gRT1j+g/U1jE=
+github.com/minio/madmin-go v1.3.12/go.mod h1:ez87VmMtsxP7DRxjKJKD4RDNW+nhO2QF9KSzwxBDQ98=
+github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82 h1:CiTaWFwpxzjd7A3sUQ0xZEX8sWfZh3/k2qbxuPip05s=
+github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82/go.mod h1:h6VCl43/2AUA3RP1GWUVMqcUiXq2NWJ4+dSei+ibf70=
 github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.11-0.20210302210017-6ae69c73ce78/go.mod h1:mTh2uJuAbEqdhMVl6CMIIZLUeiMiWtJR4JB8/5g2skw=
-github.com/minio/minio-go/v7 v7.0.23 h1:NleyGQvAn9VQMU+YHVrgV4CX+EPtxPt/78lHOOTncy4=
 github.com/minio/minio-go/v7 v7.0.23/go.mod h1:ei5JjmxwHaMrgsMrn4U/+Nmg+d8MKS1U2DAn1ou4+Do=
-github.com/minio/operator v0.0.0-20220408011517-5adaef906d93 h1:Z1RgEq5GNVwioKddT+Zb0X1x1dRtCXuHaREnWd/xjq8=
-github.com/minio/operator v0.0.0-20220408011517-5adaef906d93/go.mod h1:4Bo6a+XrBFEfCiiEtB14bw8l/nT3hcvZQKrZGZu27mA=
-github.com/minio/pkg v1.0.3/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
-github.com/minio/pkg v1.1.20 h1:NhYtoQHw/Sl1ib/lroANFwkQspE0YyTeVR1CMPEff/A=
+github.com/minio/minio-go/v7 v7.0.24 h1:HPlHiET6L5gIgrHRaw1xFo1OaN4bEP/082asWh3WJtI=
+github.com/minio/minio-go/v7 v7.0.24/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg=
+github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2 h1:GdjU5qV+Wv0P2Y/TVGRELapzBdph8Vyi6u9VjgvtVIs=
+github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2/go.mod h1:4Bo6a+XrBFEfCiiEtB14bw8l/nT3hcvZQKrZGZu27mA=
 github.com/minio/pkg v1.1.20/go.mod h1:Xo7LQshlxGa9shKwJ7NzQbgW4s8T/Wc1cOStR/eUiMY=
+github.com/minio/pkg v1.1.21 h1:sqPIwfmlMbufFd3xiEiAdrgyle7c67YIXFf+rFtCeyA=
+github.com/minio/pkg v1.1.21/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=
 github.com/minio/selfupdate v0.4.0 h1:A7t07pN4Ch1tBTIRStW0KhUVyykz+2muCqFsITQeEW8=
 github.com/minio/selfupdate v0.4.0/go.mod h1:mcDkzMgq8PRcpCRJo/NlPY7U45O5dfYl2Y0Rg7IustY=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
 github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g=
 github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM=
-github.com/minio/sio v0.2.1/go.mod h1:8b0yPp2avGThviy/+OCJBI6OMpvxoUuiLvE6F1lebhw=
+github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
+github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
+github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
+github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -477,6 +517,7 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
+github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/muesli/ansi v0.0.0-20211018074035-2e021307bc4b/go.mod h1:fQuZ0gauxyBcmsdE3ZT4NasjaRdxmbCS0jRHsrWu3Ho=
 github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 h1:kMlmsLSbjkikxQJ1IPwaM+7LJ9ltFu/fi8CRzvSnQmA=
 github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70/go.mod h1:fQuZ0gauxyBcmsdE3ZT4NasjaRdxmbCS0jRHsrWu3Ho=
@@ -493,6 +534,8 @@ github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRW
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/navidys/tvxwidgets v0.1.0 h1:cY9pU5ww+hbpwMAYC2eTEX5tKF3KD/ku7gu/XMnSulk=
 github.com/navidys/tvxwidgets v0.1.0/go.mod h1:Cr8CTnbinH2X8bY/vwb8914mku3qImHQ8fmeqxwc9Cg=
+github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
+github.com/neelance/sourcemap v0.0.0-20200213170602-2833bce08e4c/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
@@ -511,19 +554,24 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0 h1:9Luw4uT5HTjHTN8+aNcSThgH1vdXnmdJ8xIfZ4wyTRE=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
+github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
+github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
-github.com/philhofer/fwd v1.1.1 h1:GdGcTjf5RNAxwS4QLsiMzJYj5KEvPJD3Abr261yRQXQ=
 github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
+github.com/philhofer/fwd v1.1.2-0.20210722190033-5c56ac6d0bb9 h1:6ob53CVz+ja2i7easAStApZJlh7sxyq3Cm7g1Di6iqA=
+github.com/philhofer/fwd v1.1.2-0.20210722190033-5c56ac6d0bb9/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
 github.com/pkg/xattr v0.4.5 h1:P5SvUc1T07cHLto76ESJ+/x5kexU7s9127iVoeEW/hs=
 github.com/pkg/xattr v0.4.5/go.mod h1:sBD3RAqlr8Q+RC3FutZcikpT8nyDrIEEBw2J744gVWs=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
@@ -531,7 +579,6 @@ github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c h1:NRoLoZvkB
 github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
 github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
@@ -542,14 +589,12 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
 github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
@@ -566,28 +611,41 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
-github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/xid v1.4.0 h1:qd7wPTDkN6KQx2VmMBLrpHkiyQwgFXRnkOLacUiaSNY=
+github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/sahilm/fuzzy v0.1.0/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
+github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/secure-io/sio-go v0.3.1 h1:dNvY9awjabXTYGsTF1PiCySl9Ltofk9GA3VdWlo7rRc=
 github.com/secure-io/sio-go v0.3.1/go.mod h1:+xbkjDzPjwh4Axd07pRKSNriS9SCiYksWnZqdnfpQxs=
+github.com/shirou/gopsutil/v3 v3.21.6/go.mod h1:JfVbDpIBLVzT8oKbvMg9P3wEIMDDpVn+LwHTKj0ST88=
 github.com/shirou/gopsutil/v3 v3.22.2 h1:wCrArWFkHYIdDxx/FSfF5RB4dpJYW6t7rcp3+zL8uks=
 github.com/shirou/gopsutil/v3 v3.22.2/go.mod h1:WapW1AOOPlHyXr+yOyw3uYx36enocrtSoSBy0L5vUHY=
+github.com/shurcooL/go v0.0.0-20200502201357-93f07166e636/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
+github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/vfsgen v0.0.0-20200824052919-0d455de96546/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
-github.com/sirupsen/logrus v1.8.0/go.mod h1:4GuYW9TZmE769R5STWrRakJc4UqQ3+QQ95fyz7ENv1A=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
+github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I=
+github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
 github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
+github.com/spf13/cobra v1.2.1/go.mod h1:ExllRjgxM/piMAM+3tAZvg8fsklGAf3tPfi+i8t68Nk=
+github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -596,8 +654,10 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tidwall/gjson v1.14.0 h1:6aeJ0bzojgWLa82gDQHcx3S0Lr/O51I9bJ5nv6JFx5w=
 github.com/tidwall/gjson v1.14.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
 github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
@@ -605,11 +665,14 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
-github.com/tinylib/msgp v1.1.6 h1:i+SbKraHhnrf9M5MYmvQhFnbLhAXSDWF8WWsuyRdocw=
-github.com/tinylib/msgp v1.1.6/go.mod h1:75BAfg2hauQhs3qedfdDZmWAPcFMAvJE5b9rGOMufyw=
+github.com/tinylib/msgp v1.1.3/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e h1:P5tyWbssToKowBPTA1/EzqPXwrZNc8ZeNPdjgpcDEoI=
+github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e/go.mod h1:g7jEyb18KPe65d9RRhGw+ThaJr5duyBH8eaFgBUor7Y=
+github.com/tklauser/go-sysconf v0.3.6/go.mod h1:MkWzOF4RMCshBAMXuhXJs64Rte09mITnppBXY/rYEFI=
 github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
 github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw=
 github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk=
+github.com/tklauser/numcpus v0.2.2/go.mod h1:x3qojaO3uyYt0i56EW/VUYs7uBvdl2fkfZFu0T9wgjM=
 github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
 github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o=
 github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ=
@@ -626,13 +689,13 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yusufpapurcu/wmi v1.2.2 h1:KBNDSne4vP5mbSWnJbO+51IMOXJB67QiYCSBrubbPRg=
 github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.etcd.io/etcd/api/v3 v3.5.0-beta.4/go.mod h1:yF0YUmBghT48aC0/eTFrhULo+uKQAr5spQQ6sRhPauE=
+go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/api/v3 v3.5.2 h1:tXok5yLlKyuQ/SXSjtqHc4uzNaMqZi2XsoSPr/LlJXI=
 go.etcd.io/etcd/api/v3 v3.5.2/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A=
-go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.4/go.mod h1:a+pbz+UrcOpvve1Qxf6tGovi15PjgtRhi0QTO2Nlc4U=
+go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/pkg/v3 v3.5.2 h1:4hzqQ6hIb3blLyQ8usCU4h3NghkqcsohEQ3o3VetYxE=
 go.etcd.io/etcd/client/pkg/v3 v3.5.2/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
-go.etcd.io/etcd/client/v3 v3.5.0-beta.4/go.mod h1:0L1RulN1QSXq6uKPMUSX+OTAYyFkapMK7iUHXXIH/1E=
+go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ=
 go.etcd.io/etcd/client/v3 v3.5.2 h1:WdnejrUtQC4nCxK0/dLTMqKOB+U5TP/2Ya0BJL+1otA=
 go.etcd.io/etcd/client/v3 v3.5.2/go.mod h1:kOOaWFFgHygyT0WlSmL8TJiXmMysO/nNUlEsSsN6W4o=
 go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
@@ -656,27 +719,27 @@ go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-go.uber.org/zap v1.16.1-0.20210329175301-c23abee72d19/go.mod h1:aMfIlz3TDBfB0BwTCKFU1XbEmj9zevr5S5LcBr85MXw=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
+golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -715,7 +778,9 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@@ -754,11 +819,12 @@ golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLd
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
-golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 h1:yssD99+7tqHWO5Gwh81phT+67hg+KttniBr6UnEXOY8=
+golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -770,10 +836,11 @@ golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
-golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5 h1:OSnWWcOd/CtWQC2cYSBgbTSJv3ciqd8r54ySIW2y3RE=
+golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -787,11 +854,14 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190130150945-aca44879d564/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -845,6 +915,7 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -857,12 +928,13 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211213223007-03aa0b5f6827/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 h1:nhht2DYV/Sn3qOayu8lM+cU1ii9sTLUeBQwQQfUHtrs=
-golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad h1:ntjMns5wyP/fN65tdBD4g8J5w8n015+iIIs9rtjXkY0=
+golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -907,6 +979,7 @@ golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -972,6 +1045,7 @@ google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34q
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU=
 google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94=
+google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1043,7 +1117,6 @@ google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA5
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM=
 google.golang.org/grpc v1.44.0 h1:weqSxi/TMs1SqFRMHCtBgXRs8k3X39QIDEZ0pRcttUg=
 google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
@@ -1074,6 +1147,7 @@ gopkg.in/h2non/filetype.v1 v1.0.5/go.mod h1:M0yem4rwSX5lLVrkEuRRp2/NinFMD5vgJ4Dl
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
 gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
@@ -1100,12 +1174,12 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.23.4 h1:85gnfXQOWbJa1SiWGpE9EEtHs0UVvDyIsSMpEtl2D4E=
-k8s.io/api v0.23.4/go.mod h1:i77F4JfyNNrhOjZF7OwwNJS5Y1S9dpwvb9iYRYRczfI=
-k8s.io/apimachinery v0.23.4 h1:fhnuMd/xUL3Cjfl64j5ULKZ1/J9n8NuQEgNL+WXWfdM=
-k8s.io/apimachinery v0.23.4/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
-k8s.io/client-go v0.23.4 h1:YVWvPeerA2gpUudLelvsolzH7c2sFoXXR5wM/sWqNFU=
-k8s.io/client-go v0.23.4/go.mod h1:PKnIL4pqLuvYUK1WU7RLTMYKPiIh7MYShLshtRY9cj0=
+k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
+k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8=
+k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
+k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
+k8s.io/client-go v0.23.5 h1:zUXHmEuqx0RY4+CsnkOn5l0GU+skkRXKGJrhmE2SLd8=
+k8s.io/client-go v0.23.5/go.mod h1:flkeinTO1CirYgzMPRWxUCnV0G4Fbu2vLhYCObnt/r4=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=

integration/admin_api_integration_test.go

@@ -300,3 +300,41 @@ func TestGetNodes(t *testing.T) {
 	}
 
 }
+
+func ArnList() (*http.Response, error) {
+	/*
+		Helper function to get arn list
+		HTTP Verb: GET
+		URL: /api/v1/admin/arns
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/admin/arns", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestArnList(t *testing.T) {
+	assert := assert.New(t)
+	resp, err := ArnList()
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	objRsp := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200,
+			resp.StatusCode,
+			objRsp,
+		)
+	}
+}

integration/config_test.go

@@ -0,0 +1,83 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Config - Valid",
+			args: args{
+				api: "/configs",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}

integration/groups_test.go

@@ -0,0 +1,174 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member1", "testtest", []string{}, []string{"consoleAdmin"})
+
+	type args struct {
+		api     string
+		group   string
+		members []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Group - Valid",
+			args: args{
+				api:     "/groups",
+				group:   "test",
+				members: []string{"member1"},
+			},
+			expectedStatus: 201,
+			expectedError:  nil,
+		},
+		{
+			name: "Create Group - Invalid",
+			args: args{
+				api:     "/groups",
+				group:   "test",
+				members: []string{},
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			// Add policy
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["group"] = tt.args.group
+			requestDataPolicy["members"] = tt.args.members
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+
+		})
+	}
+
+}
+
+func Test_DeleteGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("grouptests1", []string{})
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+		verb           string
+	}{
+		{
+			name: "Delete Group - Valid",
+			verb: "DELETE",
+			args: args{
+				api: "/group?name=grouptests1",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Access Group After Delete - Invalid",
+			verb: "GET",
+			args: args{
+				api: "/group?name=grouptests1",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			// Add policy
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				tt.verb, fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+
+		})
+	}
+
+}

integration/login_test.go

@@ -17,7 +17,9 @@
 package integration
 
 import (
+	"bytes"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
@@ -70,3 +72,66 @@ func TestLoginStrategy(t *testing.T) {
 	}
 
 }
+
+func TestLogout(t *testing.T) {
+
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadmin",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.NotNil(response, "Login response is nil")
+	assert.Nil(err, "Login errored out")
+
+	var loginToken string
+
+	for _, cookie := range response.Cookies() {
+		if cookie.Name == "token" {
+			loginToken = cookie.Value
+			break
+		}
+	}
+
+	if loginToken == "" {
+		log.Println("authentication token not found in cookies response")
+		return
+	}
+
+	request, err = http.NewRequest("POST", "http://localhost:9090/api/v1/logout", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", loginToken))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+
+	assert.NotNil(response, "Logout response is nil")
+	assert.Nil(err, "Logout errored out")
+	assert.Equal(response.StatusCode, 200)
+
+}

integration/objects_test.go

@@ -0,0 +1,198 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"log"
+	"math/rand"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestObjectGet(t *testing.T) {
+
+	// for setup we'll create a bucket and upload a file
+	endpoint := "localhost:9000"
+	accessKeyID := "minioadmin"
+	secretAccessKey := "minioadmin"
+
+	// Initialize minio client object.
+	minioClient, err := minio.New(endpoint, &minio.Options{
+		Creds:  credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
+		Secure: false,
+	})
+	if err != nil {
+		log.Fatalln(err)
+	}
+	bucketName := fmt.Sprintf("testbucket-%d", rand.Intn(1000-1)+1)
+	err = minioClient.MakeBucket(context.Background(), bucketName, minio.MakeBucketOptions{Region: "us-east-1", ObjectLocking: true})
+
+	if err != nil {
+		fmt.Println(err)
+	}
+	// upload a simple file
+	fakeFile := "12345678"
+	fileReader := strings.NewReader(fakeFile)
+
+	_, err = minioClient.PutObject(
+		context.Background(),
+		bucketName,
+		"myobject", fileReader, int64(len(fakeFile)), minio.PutObjectOptions{ContentType: "application/octet-stream"})
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	_, err = minioClient.PutObject(
+		context.Background(),
+		bucketName,
+		"myobject.jpg", fileReader, int64(len(fakeFile)), minio.PutObjectOptions{ContentType: "application/octet-stream"})
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	assert := assert.New(t)
+	type args struct {
+		encodedPrefix string
+		versionID     string
+		bytesRange    string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Preview Object",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Preview image",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=1-4",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Range of bytes empty start",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=-4",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Invalid Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=9-12",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Larger Range of bytes empty start",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=-12",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get invalid seek start Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=12-16",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Bad Preview Object",
+			args: args{
+				encodedPrefix: "garble",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Bad Version Preview Object",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject")),
+				versionID:     "garble",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+			destination := fmt.Sprintf("/api/v1/buckets/%s/objects/download?preview=true&prefix=%s&version_id=%s", bucketName, tt.args.encodedPrefix, tt.args.versionID)
+			finalURL := fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err := http.NewRequest("GET", finalURL, nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			if tt.args.bytesRange != "" {
+				request.Header.Add("Range", tt.args.bytesRange)
+			}
+
+			response, err := client.Do(request)
+
+			assert.NotNil(response, fmt.Sprintf("%s response object is nil", tt.name))
+			assert.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, fmt.Sprintf("%s returned the wrong status code", tt.name))
+			}
+		})
+	}
+
+}

integration/policy_test.go

@@ -0,0 +1,787 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/go-openapi/swag"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func AddPolicy(name string, definition string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":   name,
+		"policy": definition,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"POST", "http://localhost:9090/api/v1/policies", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func SetPolicy(policies []string, entityName string, entityType string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       policies,
+		"entityType": entityType,
+		"entityName": entityName,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"PUT", "http://localhost:9090/api/v1/set-policy", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func Test_AddPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api    string
+		name   string
+		policy *string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Policy - Valid",
+			args: args{
+				api:  "/policies",
+				name: "test",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 201,
+			expectedError:  nil,
+		},
+
+		{
+			name: "Create Policy - Invalid",
+			args: args{
+				api:  "/policies",
+				name: "test2",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation"
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
+			if tt.args.policy != nil {
+				requestDataPolicy["policy"] = *tt.args.policy
+			}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}
+
+func Test_SetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser1", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup123", []string{})
+	AddPolicy("setpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api        string
+		entityType string
+		entityName string
+		policyName []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["entityName"] = tt.args.entityName
+			requestDataPolicy["entityType"] = tt.args.entityType
+			if tt.args.policyName != nil {
+				requestDataPolicy["name"] = tt.args.policyName
+			}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}
+
+func Test_SetPolicyMultipleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser2", "testtest", []string{}, []string{"readwrite"})
+	AddUser("policyuser3", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup1234", []string{})
+	AddPolicy("setpolicytest2", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api    string
+		users  []string
+		groups []string
+		name   []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"setpolicytest2"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"test3"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest2"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest23"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
+			requestDataPolicy["users"] = tt.args.users
+			requestDataPolicy["groups"] = tt.args.groups
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}
+
+func Test_ListPoliciesAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Policies",
+			args: args{
+				api: "/policies",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}
+
+func Test_GetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("getpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Policies - Invalid",
+			args: args{
+				api: "/policy?name=test3",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policies - Valid",
+			args: args{
+				api: "/policy?name=getpolicytest",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}
+
+func Test_PolicyListUsersAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser4", "testtest", []string{}, []string{"readwrite"})
+	AddPolicy("policylistusers", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistusers"}, "policyuser4", "user")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+				api: "/policies/policylistusers/users",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/test2/users",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"policyuser4\"]\n", string(bodyBytes))
+				}
+			}
+
+		})
+	}
+
+}
+
+func Test_PolicyListGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("testgroup12345", []string{})
+	AddPolicy("policylistgroups", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistgroups"}, "testgroup12345", "group")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+				api: "/policies/policylistgroups/groups",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/test3/groups",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"testgroup12345\"]\n", string(bodyBytes))
+				}
+			}
+
+		})
+	}
+
+}
+
+func Test_DeletePolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("testdelete", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	type args struct {
+		api    string
+		method string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Delete Policies - Valid",
+			args: args{
+				api:    "/policy?name=testdelete",
+				method: "DELETE",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policy After Delete - Invalid",
+			args: args{
+				api:    "/policy?name=testdelete",
+				method: "GET",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				tt.args.method, fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+
+}

integration/profiling_test.go

@@ -0,0 +1,121 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"archive/zip"
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestStartProfiling(t *testing.T) {
+	testAsser := assert.New(t)
+
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "start/stop profiling",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+
+			files := map[string]bool{
+				"profile-127.0.0.1:9000-goroutines.txt":                false,
+				"profile-127.0.0.1:9000-goroutines-before.txt":         false,
+				"profile-127.0.0.1:9000-goroutines-before,debug=2.txt": false,
+				"profile-127.0.0.1:9000-threads-before.pprof":          false,
+				"profile-127.0.0.1:9000-mem.pprof":                     false,
+				"profile-127.0.0.1:9000-threads.pprof":                 false,
+				"profile-127.0.0.1:9000-cpu.pprof":                     false,
+				"profile-127.0.0.1:9000-mem-before.pprof":              false,
+				"profile-127.0.0.1:9000-block.pprof":                   false,
+				"profile-127.0.0.1:9000-trace.trace":                   false,
+				"profile-127.0.0.1:9000-mutex.pprof":                   false,
+				"profile-127.0.0.1:9000-mutex-before.pprof":            false,
+			}
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			destination := "/api/v1/profiling/start"
+			finalURL := fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err := http.NewRequest("POST", finalURL, strings.NewReader("{\"type\":\"cpu,mem,block,mutex,trace,threads,goroutines\"}"))
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err := client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(201, response.StatusCode)
+
+			time.Sleep(5 * time.Second)
+
+			destination = "/api/v1/profiling/stop"
+			finalURL = fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err = http.NewRequest("POST", finalURL, nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err = client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(200, response.StatusCode)
+			zipFileBytes, err := io.ReadAll(response.Body)
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+			filetype := http.DetectContentType(zipFileBytes)
+			testAsser.Equal("application/zip", filetype)
+
+			zipReader, err := zip.NewReader(bytes.NewReader(zipFileBytes), int64(len(zipFileBytes)))
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+
+			// Read all the files from zip archive
+			for _, zipFile := range zipReader.File {
+				files[zipFile.Name] = true
+			}
+
+			for k, v := range files {
+				testAsser.Equal(true, v, fmt.Sprintf("%s : compressed file expected to have %v file inside", tt.name, k))
+			}
+		})
+	}
+}

integration/tiers_test.go

@@ -0,0 +1,55 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTiersList(t *testing.T) {
+
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/admin/tiers", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.NotNil(response, "Tiers List response is nil")
+	assert.Nil(err, "Tiers List errored out")
+	assert.Equal(response.StatusCode, 200)
+
+}

integration/user_api_bucket_test.go

@@ -2799,7 +2799,7 @@ func TestReplication(t *testing.T) {
 	}
 
 	assert.Greater(len(structBucketRepl.Rules), 0, "Number of expected rules is 0")
-	if len(structBucketRepl.Rules) == 0 {
+	if len(structBucketRepl.Rules) == 0 || len(structBucketRepl.Rules) < 3 {
 		return
 	}
 	// 4. Verify rules are enabled

k8s/operator-console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: 'minio/console:v0.15.10'
+          image: 'minio/console:v0.16.0'
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_OPERATOR_MODE

k8s/operator-console/standalone/console-deployment.yaml

@@ -32,7 +32,7 @@ spec:
     spec:
       containers:
         - name: console
-          image: 'minio/console:v0.15.10'
+          image: 'minio/console:v0.16.0'
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_MINIO_SERVER

models/create_tenant_request.go

@@ -43,6 +43,9 @@ type CreateTenantRequest struct {
 	// annotations
 	Annotations map[string]string `json:"annotations,omitempty"`
 
+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// enable console
 	EnableConsole *bool `json:"enable_console,omitempty"`
 
@@ -112,6 +115,10 @@ type CreateTenantRequest struct {
 func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateEncryption(formats); err != nil {
 		res = append(res, err)
 	}
@@ -154,6 +161,25 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *CreateTenantRequest) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
 	if swag.IsZero(m.Encryption) { // not required
 		return nil
@@ -321,6 +347,10 @@ func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
 func (m *CreateTenantRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateEncryption(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -355,6 +385,22 @@ func (m *CreateTenantRequest) ContextValidate(ctx context.Context, formats strfm
 	return nil
 }
 
+func (m *CreateTenantRequest) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) contextValidateEncryption(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Encryption != nil {

models/domains_configuration.go

@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DomainsConfiguration domains configuration
+//
+// swagger:model domainsConfiguration
+type DomainsConfiguration struct {
+
+	// console
+	Console string `json:"console,omitempty"`
+
+	// minio
+	Minio []string `json:"minio"`
+}
+
+// Validate validates this domains configuration
+func (m *DomainsConfiguration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this domains configuration based on context it is used
+func (m *DomainsConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DomainsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DomainsConfiguration) UnmarshalBinary(b []byte) error {
+	var res DomainsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/login_details.go

@@ -38,7 +38,7 @@ import (
 type LoginDetails struct {
 
 	// login strategy
-	// Enum: [form redirect service-account]
+	// Enum: [form redirect service-account redirect-service-account]
 	LoginStrategy string `json:"loginStrategy,omitempty"`
 
 	// redirect
@@ -63,7 +63,7 @@ var loginDetailsTypeLoginStrategyPropEnum []interface{}
 
 func init() {
 	var res []string
-	if err := json.Unmarshal([]byte(`["form","redirect","service-account"]`), &res); err != nil {
+	if err := json.Unmarshal([]byte(`["form","redirect","service-account","redirect-service-account"]`), &res); err != nil {
 		panic(err)
 	}
 	for _, v := range res {
@@ -81,6 +81,9 @@ const (
 
 	// LoginDetailsLoginStrategyServiceDashAccount captures enum value "service-account"
 	LoginDetailsLoginStrategyServiceDashAccount string = "service-account"
+
+	// LoginDetailsLoginStrategyRedirectDashServiceDashAccount captures enum value "redirect-service-account"
+	LoginDetailsLoginStrategyRedirectDashServiceDashAccount string = "redirect-service-account"
 )
 
 // prop value enum

models/site_replication_status_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// SiteReplicationStatusResponse site replication status response
+//
+// swagger:model siteReplicationStatusResponse
+type SiteReplicationStatusResponse struct {
+
+	// bucket stats
+	BucketStats interface{} `json:"bucketStats,omitempty"`
+
+	// enabled
+	Enabled bool `json:"enabled,omitempty"`
+
+	// group stats
+	GroupStats interface{} `json:"groupStats,omitempty"`
+
+	// max buckets
+	MaxBuckets int64 `json:"maxBuckets,omitempty"`
+
+	// max groups
+	MaxGroups int64 `json:"maxGroups,omitempty"`
+
+	// max policies
+	MaxPolicies int64 `json:"maxPolicies,omitempty"`
+
+	// max users
+	MaxUsers int64 `json:"maxUsers,omitempty"`
+
+	// policy stats
+	PolicyStats interface{} `json:"policyStats,omitempty"`
+
+	// sites
+	Sites interface{} `json:"sites,omitempty"`
+
+	// stats summary
+	StatsSummary interface{} `json:"statsSummary,omitempty"`
+
+	// user stats
+	UserStats interface{} `json:"userStats,omitempty"`
+}
+
+// Validate validates this site replication status response
+func (m *SiteReplicationStatusResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this site replication status response based on context it is used
+func (m *SiteReplicationStatusResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SiteReplicationStatusResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SiteReplicationStatusResponse) UnmarshalBinary(b []byte) error {
+	var res SiteReplicationStatusResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant.go

@@ -45,6 +45,9 @@ type Tenant struct {
 	// deletion date
 	DeletionDate string `json:"deletion_date,omitempty"`
 
+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// enable prometheus
 	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
 
@@ -95,6 +98,10 @@ type Tenant struct {
 func (m *Tenant) Validate(formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateEndpoints(formats); err != nil {
 		res = append(res, err)
 	}
@@ -117,6 +124,25 @@ func (m *Tenant) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *Tenant) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tenant) validateEndpoints(formats strfmt.Registry) error {
 	if swag.IsZero(m.Endpoints) { // not required
 		return nil
@@ -204,6 +230,10 @@ func (m *Tenant) validateSubnetLicense(formats strfmt.Registry) error {
 func (m *Tenant) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateEndpoints(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -226,6 +256,22 @@ func (m *Tenant) ContextValidate(ctx context.Context, formats strfmt.Registry) e
 	return nil
 }
 
+func (m *Tenant) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tenant) contextValidateEndpoints(ctx context.Context, formats strfmt.Registry) error {
 
 	if m.Endpoints != nil {

models/tenant_list.go

@@ -57,6 +57,9 @@ type TenantList struct {
 	// deletion date
 	DeletionDate string `json:"deletion_date,omitempty"`
 
+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// health status
 	HealthStatus string `json:"health_status,omitempty"`
 
@@ -86,6 +89,10 @@ type TenantList struct {
 func (m *TenantList) Validate(formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateTiers(formats); err != nil {
 		res = append(res, err)
 	}
@@ -96,6 +103,25 @@ func (m *TenantList) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *TenantList) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *TenantList) validateTiers(formats strfmt.Registry) error {
 	if swag.IsZero(m.Tiers) { // not required
 		return nil
@@ -126,6 +152,10 @@ func (m *TenantList) validateTiers(formats strfmt.Registry) error {
 func (m *TenantList) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateTiers(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -136,6 +166,22 @@ func (m *TenantList) ContextValidate(ctx context.Context, formats strfmt.Registr
 	return nil
 }
 
+func (m *TenantList) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *TenantList) contextValidateTiers(ctx context.Context, formats strfmt.Registry) error {
 
 	for i := 0; i < len(m.Tiers); i++ {

models/update_domains_request.go

@@ -0,0 +1,121 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UpdateDomainsRequest update domains request
+//
+// swagger:model updateDomainsRequest
+type UpdateDomainsRequest struct {
+
+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+}
+
+// Validate validates this update domains request
+func (m *UpdateDomainsRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UpdateDomainsRequest) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this update domains request based on the context it is used
+func (m *UpdateDomainsRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UpdateDomainsRequest) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UpdateDomainsRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UpdateDomainsRequest) UnmarshalBinary(b []byte) error {
+	var res UpdateDomainsRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

operator-integration/tenant_test.go

@@ -34,8 +34,8 @@ import (
 
 	"github.com/go-openapi/loads"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi"
-	"github.com/minio/console/restapi/operations"
+	"github.com/minio/console/operatorapi"
+	"github.com/minio/console/operatorapi/operations"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -87,11 +87,11 @@ func printEndFunc(functionName string) {
 	fmt.Println("")
 }
 
-func initConsoleServer() (*restapi.Server, error) {
+func initConsoleServer() (*operatorapi.Server, error) {
 
 	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
 
-	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	swaggerSpec, err := loads.Embedded(operatorapi.SwaggerJSON, operatorapi.FlatSwaggerJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -101,24 +101,22 @@ func initConsoleServer() (*restapi.Server, error) {
 	}
 
 	// Initialize MinIO loggers
-	restapi.LogInfo = noLog
-	restapi.LogError = noLog
+	operatorapi.LogInfo = noLog
+	operatorapi.LogError = noLog
 
-	api := operations.NewConsoleAPI(swaggerSpec)
+	api := operations.NewOperatorAPI(swaggerSpec)
 	api.Logger = noLog
 
-	server := restapi.NewServer(api)
+	server := operatorapi.NewServer(api)
 	// register all APIs
 	server.ConfigureAPI()
 
-	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
-
 	consolePort, _ := strconv.Atoi("9090")
 
 	server.Host = "0.0.0.0"
 	server.Port = consolePort
-	restapi.Port = "9090"
-	restapi.Hostname = "0.0.0.0"
+	operatorapi.Port = "9090"
+	operatorapi.Hostname = "0.0.0.0"
 
 	return server, nil
 }
@@ -529,3 +527,40 @@ func TestListNodeLabels(t *testing.T) {
 		strings.Contains(finalResponse, "beta.kubernetes.io/arch"),
 		finalResponse)
 }
+
+func GetPodEvents(nameSpace string, tenant string, podName string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/events
+		HTTP Verb: GET
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/pods/"+podName+"/events", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetPodEvents(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	podName := "storage-lite-pool-0-0"
+	resp, err := GetPodEvents(namespace, tenant, podName)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, "Status Code is incorrect")
+	}
+}

operatorapi/auth/operator.go

@@ -18,15 +18,14 @@ package auth
 
 import (
 	"context"
-	"errors"
+
+	errors "github.com/minio/console/restapi"
 
 	"github.com/minio/console/cluster"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	operatorClientset "github.com/minio/operator/pkg/client/clientset/versioned"
 )
 
-var errInvalidCredentials = errors.New("invalid Login")
-
 // operatorCredentialsProvider is an struct to hold the JWT (service account token)
 type operatorCredentialsProvider struct {
 	serviceAccountJWT string
@@ -76,7 +75,8 @@ func checkServiceAccountTokenValid(ctx context.Context, operatorClient OperatorC
 
 // GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login
 func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(jwt)
 	if err != nil {
 		return nil, err
@@ -85,7 +85,7 @@ func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, err
 		client: opClientClientSet,
 	}
 	if err = checkServiceAccountTokenValid(ctx, opClient); err != nil {
-		return nil, errInvalidCredentials
+		return nil, errors.ErrInvalidLogin
 	}
 	return credentials.New(operatorCredentialsProvider{serviceAccountJWT: jwt}), nil
 }

operatorapi/configure_operator.go

@@ -23,7 +23,6 @@ import (
 	"strings"
 
 	"github.com/klauspost/compress/gzhttp"
-
 	"github.com/minio/console/restapi"
 	"github.com/unrolled/secure"
 
@@ -58,7 +57,7 @@ func configureAPI(api *operations.OperatorAPI) http.Handler {
 	api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
 		// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
 		// was generated and signed by us in the first place
-		claims, err := auth.SessionTokenAuthenticate(token)
+		claims, err := auth.ParseClaimsFromToken(token)
 		if err != nil {
 			api.Logger("Unable to validate the session token %s: %v", token, err)
 			return nil, errors.New(401, "incorrect api key auth")
@@ -101,8 +100,8 @@ func configureAPI(api *operations.OperatorAPI) http.Handler {
 
 // The TLS configuration before HTTPS server starts.
 func configureTLS(tlsConfig *tls.Config) {
-	tlsConfig.RootCAs = GlobalRootCAs
-	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
+	tlsConfig.RootCAs = restapi.GlobalRootCAs
+	tlsConfig.GetCertificate = restapi.GlobalTLSCertsManager.GetCertificate
 }
 
 // As soon as server is initialized but not run yet, this function will be called.
@@ -118,24 +117,6 @@ func setupMiddlewares(handler http.Handler) http.Handler {
 	return handler
 }
 
-func AuthenticationMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		token, err := auth.GetTokenFromRequest(r)
-		if err != nil && err != auth.ErrNoAuthToken {
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return
-		}
-		// All handlers handle appropriately to return errors
-		// based on their swagger rules, we do not need to
-		// additionally return error here, let the next ServeHTTPs
-		// handle it appropriately.
-		if token != "" {
-			r.Header.Add("Authorization", "Bearer "+token)
-		}
-		next.ServeHTTP(w, r)
-	})
-}
-
 // proxyMiddleware adds the proxy capability
 func proxyMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -150,19 +131,23 @@ func proxyMiddleware(next http.Handler) http.Handler {
 // The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
 // So this is a good place to plug in a panic handling middleware, logging and metrics.
 func setupGlobalMiddleware(handler http.Handler) http.Handler {
-	// handle cookie or authorization header for session
-	next := AuthenticationMiddleware(handler)
 	// proxy requests
-	next = proxyMiddleware(next)
+	next := proxyMiddleware(handler)
+	// if audit-log is enabled console will log all incoming request
+	next = restapi.AuditLogMiddleware(next)
 	// serve static files
 	next = restapi.FileServerMiddleware(next)
+	// add information to request context
+	next = restapi.ContextMiddleware(next)
+	// handle cookie or authorization header for session
+	next = restapi.AuthenticationMiddleware(next)
 	// Secure middleware, this middleware wrap all the previous handlers and add
 	// HTTP security headers
 	secureOptions := secure.Options{
 		AllowedHosts:                    restapi.GetSecureAllowedHosts(),
 		AllowedHostsAreRegex:            restapi.GetSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               restapi.GetSecureHostsProxyHeaders(),
-		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(GlobalPublicCerts) > 0,
+		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(restapi.GlobalPublicCerts) > 0,
 		SSLHost:                         restapi.GetSecureTLSHost(),
 		STSSeconds:                      restapi.GetSecureSTSSeconds(),
 		STSIncludeSubdomains:            restapi.GetSecureSTSIncludeSubdomains(),

operatorapi/embedded_spec.go

@@ -208,7 +208,7 @@ func init() {
       "get": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Returns login strategy, form or sso.",
         "operationId": "LoginDetail",
@@ -232,7 +232,7 @@ func init() {
       "post": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Identity Provider oauth2 callback endpoint.",
         "operationId": "LoginOauth2Auth",
@@ -263,7 +263,7 @@ func init() {
       "post": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Login to Operator Console.",
         "operationId": "LoginOperator",
@@ -293,7 +293,7 @@ func init() {
     "/logout": {
       "post": {
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Logout from Operator.",
         "operationId": "Logout",
@@ -620,6 +620,48 @@ func init() {
         }
       }
     },
+    "/namespaces/{namespace}/tenants/{tenant}/domains": {
+      "put": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "Update Domains for a Tenant",
+        "operationId": "UpdateTenantDomains",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "tenant",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/updateDomainsRequest"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
     "/namespaces/{namespace}/tenants/{tenant}/enable-logging": {
       "post": {
         "tags": [
@@ -1623,7 +1665,7 @@ func init() {
     "/session": {
       "get": {
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Endpoint to check if your session is still valid",
         "operationId": "SessionCheck",
@@ -2000,6 +2042,10 @@ func init() {
             "type": "string"
           }
         },
+        "domains": {
+          "type": "object",
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "enable_console": {
           "type": "boolean",
           "default": true
@@ -2158,6 +2204,20 @@ func init() {
         }
       }
     },
+    "domainsConfiguration": {
+      "type": "object",
+      "properties": {
+        "console": {
+          "type": "string"
+        },
+        "minio": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "encryptionConfiguration": {
       "allOf": [
         {
@@ -2736,7 +2796,8 @@ func init() {
           "enum": [
             "form",
             "redirect",
-            "service-account"
+            "service-account",
+            "redirect-service-account"
           ]
         },
         "redirect": {
@@ -3430,6 +3491,9 @@ func init() {
         "deletion_date": {
           "type": "string"
         },
+        "domains": {
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "enable_prometheus": {
           "type": "boolean"
         },
@@ -3517,6 +3581,10 @@ func init() {
         "deletion_date": {
           "type": "string"
         },
+        "domains": {
+          "type": "object",
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "health_status": {
           "type": "string"
         },
@@ -3833,6 +3901,14 @@ func init() {
         }
       }
     },
+    "updateDomainsRequest": {
+      "type": "object",
+      "properties": {
+        "domains": {
+          "$ref": "#/definitions/domainsConfiguration"
+        }
+      }
+    },
     "updateTenantRequest": {
       "type": "object",
       "properties": {
@@ -4202,7 +4278,7 @@ func init() {
       "get": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Returns login strategy, form or sso.",
         "operationId": "LoginDetail",
@@ -4226,7 +4302,7 @@ func init() {
       "post": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Identity Provider oauth2 callback endpoint.",
         "operationId": "LoginOauth2Auth",
@@ -4257,7 +4333,7 @@ func init() {
       "post": {
         "security": [],
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Login to Operator Console.",
         "operationId": "LoginOperator",
@@ -4287,7 +4363,7 @@ func init() {
     "/logout": {
       "post": {
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Logout from Operator.",
         "operationId": "Logout",
@@ -4614,6 +4690,48 @@ func init() {
         }
       }
     },
+    "/namespaces/{namespace}/tenants/{tenant}/domains": {
+      "put": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "Update Domains for a Tenant",
+        "operationId": "UpdateTenantDomains",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "tenant",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/updateDomainsRequest"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
     "/namespaces/{namespace}/tenants/{tenant}/enable-logging": {
       "post": {
         "tags": [
@@ -5617,7 +5735,7 @@ func init() {
     "/session": {
       "get": {
         "tags": [
-          "UserAPI"
+          "Auth"
         ],
         "summary": "Endpoint to check if your session is still valid",
         "operationId": "SessionCheck",
@@ -6837,6 +6955,10 @@ func init() {
             "type": "string"
           }
         },
+        "domains": {
+          "type": "object",
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "enable_console": {
           "type": "boolean",
           "default": true
@@ -6995,6 +7117,20 @@ func init() {
         }
       }
     },
+    "domainsConfiguration": {
+      "type": "object",
+      "properties": {
+        "console": {
+          "type": "string"
+        },
+        "minio": {
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        }
+      }
+    },
     "encryptionConfiguration": {
       "allOf": [
         {
@@ -7561,7 +7697,8 @@ func init() {
           "enum": [
             "form",
             "redirect",
-            "service-account"
+            "service-account",
+            "redirect-service-account"
           ]
         },
         "redirect": {
@@ -8120,6 +8257,9 @@ func init() {
         "deletion_date": {
           "type": "string"
         },
+        "domains": {
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "enable_prometheus": {
           "type": "boolean"
         },
@@ -8207,6 +8347,10 @@ func init() {
         "deletion_date": {
           "type": "string"
         },
+        "domains": {
+          "type": "object",
+          "$ref": "#/definitions/domainsConfiguration"
+        },
         "health_status": {
           "type": "string"
         },
@@ -8523,6 +8667,14 @@ func init() {
         }
       }
     },
+    "updateDomainsRequest": {
+      "type": "object",
+      "properties": {
+        "domains": {
+          "$ref": "#/definitions/domainsConfiguration"
+        }
+      }
+    },
     "updateTenantRequest": {
       "type": "object",
       "properties": {

operatorapi/error.go

@@ -1,219 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package operatorapi
-
-import (
-	"errors"
-	"runtime"
-	"strings"
-
-	"github.com/go-openapi/swag"
-	"github.com/minio/console/models"
-	"github.com/minio/madmin-go"
-	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
-)
-
-var (
-	// Generic error messages
-	errorGeneric               = errors.New("an error occurred, please try again")
-	errInvalidCredentials      = errors.New("invalid Login")
-	errorGenericInvalidSession = errors.New("invalid session")
-	errorGenericUnauthorized   = errors.New("unauthorized")
-	errorGenericForbidden      = errors.New("forbidden")
-	// ErrorGenericNotFound Generic error for not found
-	ErrorGenericNotFound = errors.New("not found")
-	// Explicit error messages
-	errorInvalidErasureCodingValue        = errors.New("invalid Erasure Coding Value")
-	errorUnableToGetTenantUsage           = errors.New("unable to get tenant usage")
-	errorUnableToGetTenantLogs            = errors.New("unable to get tenant logs")
-	errorUnableToUpdateTenantCertificates = errors.New("unable to update tenant certificates")
-	errorUpdatingEncryptionConfig         = errors.New("unable to update encryption configuration")
-	errorDeletingEncryptionConfig         = errors.New("error disabling tenant encryption")
-	errorEncryptionConfigNotFound         = errors.New("encryption configuration not found")
-	errBucketBodyNotInRequest             = errors.New("error bucket body not in request")
-	errBucketNameNotInRequest             = errors.New("error bucket name not in request")
-	errGroupBodyNotInRequest              = errors.New("error group body not in request")
-	errGroupNameNotInRequest              = errors.New("error group name not in request")
-	errPolicyNameNotInRequest             = errors.New("error policy name not in request")
-	errPolicyBodyNotInRequest             = errors.New("error policy body not in request")
-	errSSENotConfigured                   = errors.New("error server side encryption configuration not found")
-	errBucketLifeCycleNotConfigured       = errors.New("error bucket life cycle configuration not found")
-	errChangePassword                     = errors.New("error please check your current password")
-	errInvalidLicense                     = errors.New("invalid license key")
-	errLicenseNotFound                    = errors.New("license not found")
-	errAvoidSelfAccountDelete             = errors.New("logged in user cannot be deleted by itself")
-	errAccessDenied                       = errors.New("access denied")
-	errTooManyNodes                       = errors.New("cannot request more nodes than what is available in the cluster")
-	errTooFewNodes                        = errors.New("there are not enough nodes in the cluster to support this tenant")
-	errTooFewSchedulableNodes             = errors.New("there is not enough schedulable nodes to satisfy this requirement")
-	errFewerThanFourNodes                 = errors.New("at least 4 nodes are required for a tenant")
-)
-
-// prepareError receives an error object and parse it against k8sErrors, returns the right error code paired with a generic error message
-func prepareError(err ...error) *models.Error {
-	errorCode := int32(500)
-	errorMessage := errorGeneric.Error()
-	if len(err) > 0 {
-		frame := getFrame(2)
-		fileParts := strings.Split(frame.File, "/")
-		LogError("original error -> (%s:%d: %v)", fileParts[len(fileParts)-1], frame.Line, err[0])
-		if k8sErrors.IsUnauthorized(err[0]) {
-			errorCode = 401
-			errorMessage = errorGenericUnauthorized.Error()
-		}
-		if k8sErrors.IsForbidden(err[0]) {
-			errorCode = 403
-			errorMessage = errorGenericForbidden.Error()
-		}
-		if k8sErrors.IsNotFound(err[0]) {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if err[0] == ErrorGenericNotFound {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidCredentials) {
-			errorCode = 401
-			errorMessage = errInvalidCredentials.Error()
-		}
-		// console invalid erasure coding value
-		if errors.Is(err[0], errorInvalidErasureCodingValue) {
-			errorCode = 400
-			errorMessage = errorInvalidErasureCodingValue.Error()
-		}
-		if errors.Is(err[0], errBucketBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errBucketNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyBodyNotInRequest.Error()
-		}
-		// console invalid session error
-		if errors.Is(err[0], errorGenericInvalidSession) {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// Bucket life cycle not configured
-		if errors.Is(err[0], errBucketLifeCycleNotConfigured) {
-			errorCode = 404
-			errorMessage = errBucketLifeCycleNotConfigured.Error()
-		}
-		// Encryption not configured
-		if errors.Is(err[0], errSSENotConfigured) {
-			errorCode = 404
-			errorMessage = errSSENotConfigured.Error()
-		}
-		// account change password
-		if madmin.ToErrorResponse(err[0]).Code == "SignatureDoesNotMatch" {
-			errorCode = 403
-			errorMessage = errChangePassword.Error()
-		}
-		if errors.Is(err[0], errLicenseNotFound) {
-			errorCode = 404
-			errorMessage = errLicenseNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidLicense) {
-			errorCode = 404
-			errorMessage = errInvalidLicense.Error()
-		}
-		if errors.Is(err[0], errAvoidSelfAccountDelete) {
-			errorCode = 403
-			errorMessage = errAvoidSelfAccountDelete.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "AccessDenied" {
-			errorCode = 403
-			errorMessage = errAccessDenied.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "InvalidAccessKeyId" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// console invalid session error
-		if madmin.ToErrorResponse(err[0]).Code == "XMinioAdminNoSuchUser" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// if we received a second error take that as friendly message but dont override the code
-		if len(err) > 1 && err[1] != nil {
-			LogError("friendly error: %v", err[1].Error())
-			errorMessage = err[1].Error()
-		}
-		// if we receive third error we just print that as debugging
-		if len(err) > 2 && err[2] != nil {
-			LogError("debugging error: %v", err[2].Error())
-		}
-
-		errRemoteTierExists := errors.New("Specified remote tier already exists") //nolint
-		if errors.Is(err[0], errRemoteTierExists) {
-			errorMessage = err[0].Error()
-		}
-		if errors.Is(err[0], errTooFewNodes) {
-			errorCode = 507
-			errorMessage = errTooFewNodes.Error()
-		}
-		if errors.Is(err[0], errTooFewSchedulableNodes) {
-			errorCode = 507
-			errorMessage = errTooFewSchedulableNodes.Error()
-		}
-		if errors.Is(err[0], errFewerThanFourNodes) {
-			errorCode = 507
-			errorMessage = errFewerThanFourNodes.Error()
-		}
-	}
-	return &models.Error{Code: errorCode, Message: swag.String(errorMessage), DetailedMessage: swag.String(err[0].Error())}
-}
-
-func getFrame(skipFrames int) runtime.Frame {
-	// We need the frame at index skipFrames+2, since we never want runtime.Callers and getFrame
-	targetFrameIndex := skipFrames + 2
-
-	// Set size to targetFrameIndex+2 to ensure we have room for one more caller than we need
-	programCounters := make([]uintptr, targetFrameIndex+2)
-	n := runtime.Callers(0, programCounters)
-
-	frame := runtime.Frame{Function: "unknown"}
-	if n > 0 {
-		frames := runtime.CallersFrames(programCounters[:n])
-		for more, frameIndex := true, 0; more && frameIndex <= targetFrameIndex; frameIndex++ {
-			var frameCandidate runtime.Frame
-			frameCandidate, more = frames.Next()
-			if frameIndex == targetFrameIndex {
-				frame = frameCandidate
-			}
-		}
-	}
-
-	return frame
-}

operatorapi/login.go

@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"math/rand"
 	"net/http"
-	"time"
 
 	xoauth2 "golang.org/x/oauth2"
 
@@ -34,44 +33,45 @@ import (
 	"github.com/minio/console/models"
 	opauth "github.com/minio/console/operatorapi/auth"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
+
 	"github.com/minio/console/pkg/auth"
 	"github.com/minio/console/pkg/auth/idp/oauth2"
 )
 
 func registerLoginHandlers(api *operations.OperatorAPI) {
 	// GET login strategy
-	api.UserAPILoginDetailHandler = user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-		loginDetails, err := getLoginDetailsResponse(params.HTTPRequest)
+	api.AuthLoginDetailHandler = authApi.LoginDetailHandlerFunc(func(params authApi.LoginDetailParams) middleware.Responder {
+		loginDetails, err := getLoginDetailsResponse(params)
 		if err != nil {
-			return user_api.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
 		}
-		return user_api.NewLoginDetailOK().WithPayload(loginDetails)
+		return authApi.NewLoginDetailOK().WithPayload(loginDetails)
 	})
 	// POST login using k8s service account token
-	api.UserAPILoginOperatorHandler = user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-		loginResponse, err := getLoginOperatorResponse(params.Body)
+	api.AuthLoginOperatorHandler = authApi.LoginOperatorHandlerFunc(func(params authApi.LoginOperatorParams) middleware.Responder {
+		loginResponse, err := getLoginOperatorResponse(params)
 		if err != nil {
-			return user_api.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOperatorNoContent().WriteResponse(w, p)
+			authApi.NewLoginOperatorNoContent().WriteResponse(w, p)
 		})
 	})
 	// POST login using external IDP
-	api.UserAPILoginOauth2AuthHandler = user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-		loginResponse, err := getLoginOauth2AuthResponse(params.HTTPRequest, params.Body)
+	api.AuthLoginOauth2AuthHandler = authApi.LoginOauth2AuthHandlerFunc(func(params authApi.LoginOauth2AuthParams) middleware.Responder {
+		loginResponse, err := getLoginOauth2AuthResponse(params)
 		if err != nil {
-			return user_api.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
+			authApi.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
 		})
 	})
 }
@@ -87,23 +87,28 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
 	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), nil)
 	if err != nil {
-		LogError("error authenticating user: %v", err)
-		return nil, errInvalidCredentials
+		restapi.LogError("error authenticating user: %v", err)
+		return nil, restapi.ErrInvalidLogin
 	}
 	return &token, nil
 }
 
 // getLoginDetailsResponse returns information regarding the Console authentication mechanism.
-func getLoginDetailsResponse(r *http.Request) (*models.LoginDetails, *models.Error) {
+func getLoginDetailsResponse(params authApi.LoginDetailParams) (*models.LoginDetails, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	r := params.HTTPRequest
+
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""
 
 	if oauth2.IsIDPEnabled() {
-		loginStrategy = models.LoginDetailsLoginStrategyRedirect
+		loginStrategy = models.LoginDetailsLoginStrategyRedirectDashServiceDashAccount
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// Validate user against IDP
 		identityProvider := &auth.IdentityProvider{Client: oauth2Client}
@@ -126,31 +131,35 @@ func verifyUserAgainstIDP(ctx context.Context, provider auth.IdentityProviderI,
 	return oauth2Token, nil
 }
 
-func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthRequest) (*models.LoginResponse, *models.Error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
+
+	r := params.HTTPRequest
+	lr := params.Body
+
 	if oauth2.IsIDPEnabled() {
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// initialize new identity provider
 		identityProvider := auth.IdentityProvider{Client: oauth2Client}
 		// Validate user against IDP
 		_, err = verifyUserAgainstIDP(ctx, identityProvider, *lr.Code, *lr.State)
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// If we pass here that means the IDP correctly authenticate the user with the operator resource
 		// we proceed to use the service account token configured in the operator-console pod
 		creds, err := newConsoleCredentials(getK8sSAToken())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		token, err := login(restapi.ConsoleCredentials{ConsoleCredentials: creds})
 		if err != nil {
-			return nil, prepareError(errInvalidCredentials, nil, err)
+			return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 		}
 		// serialize output
 		loginResponse := &models.LoginResponse{
@@ -158,7 +167,7 @@ func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthReque
 		}
 		return loginResponse, nil
 	}
-	return nil, prepareError(errorGeneric)
+	return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)
 }
 
 func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
@@ -170,17 +179,22 @@ func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
 }
 
 // getLoginOperatorResponse validate the provided service account token against k8s api
-func getLoginOperatorResponse(lmr *models.LoginOperatorRequest) (*models.LoginResponse, *models.Error) {
+func getLoginOperatorResponse(params authApi.LoginOperatorParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	lmr := params.Body
+
 	creds, err := newConsoleCredentials(*lmr.Jwt)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	consoleCreds := restapi.ConsoleCredentials{ConsoleCredentials: creds}
 	// Set a random as access key as session identifier
 	consoleCreds.AccountAccessKey = fmt.Sprintf("%d", rand.Intn(100000-10000)+10000)
 	token, err := login(consoleCreds)
 	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
+		return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 	}
 	// serialize output
 	loginResponse := &models.LoginResponse{

operatorapi/logout.go

@@ -23,20 +23,20 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/restapi"
 )
 
 func registerLogoutHandlers(api *operations.OperatorAPI) {
 	// logout from console
-	api.UserAPILogoutHandler = user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, session *models.Principal) middleware.Responder {
+	api.AuthLogoutHandler = authApi.LogoutHandlerFunc(func(params authApi.LogoutParams, session *models.Principal) middleware.Responder {
 		// Custom response writer to expire the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			expiredCookie := restapi.ExpireSessionCookie()
 			// this will tell the browser to clear the cookie and invalidate user session
 			// additionally we are deleting the cookie from the client side
 			http.SetCookie(w, &expiredCookie)
-			user_api.NewLogoutOK().WriteResponse(w, p)
+			authApi.NewLogoutOK().WriteResponse(w, p)
 		})
 	})
 }

operatorapi/namespaces.go

@@ -20,12 +20,13 @@ import (
 	"context"
 	"errors"
 
-	"github.com/minio/console/operatorapi/operations/operator_api"
+	xerrors "github.com/minio/console/restapi"
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/cluster"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
+	"github.com/minio/console/operatorapi/operations/operator_api"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -44,12 +45,12 @@ func registerNamespaceHandlers(api *operations.OperatorAPI) {
 }
 
 func getNamespaceCreatedResponse(session *models.Principal, params operator_api.CreateNamespaceParams) *models.Error {
-	ctx := context.Background()
-
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 
 	if err != nil {
-		return prepareError(err)
+		return xerrors.ErrorWithContext(ctx, err)
 	}
 
 	namespace := *params.Body.Name
@@ -57,7 +58,7 @@ func getNamespaceCreatedResponse(session *models.Principal, params operator_api.
 	errCreation := getNamespaceCreated(ctx, clientset.CoreV1(), namespace)
 
 	if errCreation != nil {
-		return prepareError(errCreation)
+		return xerrors.ErrorWithContext(ctx, errCreation)
 	}
 
 	return nil

operatorapi/nodes.go

@@ -21,6 +21,8 @@ import (
 	"errors"
 	"sort"
 
+	xerrors "github.com/minio/console/restapi"
+
 	"github.com/minio/minio-go/v7/pkg/set"
 
 	"github.com/minio/console/operatorapi/operations/operator_api"
@@ -52,8 +54,8 @@ func registerNodesHandlers(api *operations.OperatorAPI) {
 		return operator_api.NewListNodeLabelsOK().WithPayload(*resp)
 	})
 
-	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
-		resp, err := getAllocatableResourcesResponse(params.NumNodes, principal)
+	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, session *models.Principal) middleware.Responder {
+		resp, err := getAllocatableResourcesResponse(session, params)
 		if err != nil {
 			return operator_api.NewGetAllocatableResourcesDefault(int(err.Code)).WithPayload(err)
 		}
@@ -71,7 +73,7 @@ type NodeResourceInfo struct {
 func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface, numNodes int32) (*models.MaxAllocatableMemResponse, error) {
 	// can't request less than 4 nodes
 	if numNodes < 4 {
-		return nil, errFewerThanFourNodes
+		return nil, xerrors.ErrFewerThanFourNodes
 	}
 
 	// get all nodes from cluster
@@ -97,15 +99,15 @@ func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface,
 	}
 	// requesting more nodes than schedulable and less than total number of workers
 	if int(numNodes) > schedulableNodes && int(numNodes) < nonMasterNodes {
-		return nil, errTooManyNodes
+		return nil, xerrors.ErrTooManyNodes
 	}
 	if nonMasterNodes < int(numNodes) {
-		return nil, errTooFewNodes
+		return nil, xerrors.ErrTooFewNodes
 	}
 
 	// not enough schedulable nodes
 	if schedulableNodes < int(numNodes) {
-		return nil, errTooFewSchedulableNodes
+		return nil, xerrors.ErrTooFewAvailableNodes
 	}
 
 	availableMemSizes := []int64{}
@@ -177,12 +179,12 @@ func min(x, y int64) int64 {
 func getMaxAllocatableMemoryResponse(ctx context.Context, session *models.Principal, numNodes int32) (*models.MaxAllocatableMemResponse, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 
 	clusterResources, err := getMaxAllocatableMemory(ctx, client.CoreV1(), numNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
@@ -217,12 +219,12 @@ func getNodeLabels(ctx context.Context, clientset v1.CoreV1Interface) (*models.N
 func getNodeLabelsResponse(ctx context.Context, session *models.Principal) (*models.NodeLabels, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 
 	clusterResources, err := getNodeLabels(ctx, client.CoreV1())
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
@@ -357,16 +359,16 @@ OUTER:
 
 // Get allocatable resources response
 
-func getAllocatableResourcesResponse(numNodes int32, session *models.Principal) (*models.AllocatableResourcesResponse, *models.Error) {
-	ctx := context.Background()
+func getAllocatableResourcesResponse(session *models.Principal, params operator_api.GetAllocatableResourcesParams) (*models.AllocatableResourcesResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
-
-	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), numNodes)
+	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), params.NumNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }

operatorapi/operations/auth/login_detail.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginDetail(ctx *middleware.Context, handler LoginDetailHandler) *LoginD
 	return &LoginDetail{Context: ctx, Handler: handler}
 }
 
-/* LoginDetail swagger:route GET /login UserAPI loginDetail
+/* LoginDetail swagger:route GET /login Auth loginDetail
 
 Returns login strategy, form or sso.
 

operatorapi/operations/auth/login_detail_parameters.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_detail_responses.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_detail_urlbuilder.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

operatorapi/operations/auth/login_oauth2_auth.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOauth2Auth(ctx *middleware.Context, handler LoginOauth2AuthHandler)
 	return &LoginOauth2Auth{Context: ctx, Handler: handler}
 }
 
-/* LoginOauth2Auth swagger:route POST /login/oauth2/auth UserAPI loginOauth2Auth
+/* LoginOauth2Auth swagger:route POST /login/oauth2/auth Auth loginOauth2Auth
 
 Identity Provider oauth2 callback endpoint.
 

operatorapi/operations/auth/login_oauth2_auth_parameters.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_oauth2_auth_responses.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_oauth2_auth_urlbuilder.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

operatorapi/operations/auth/login_operator.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOperator(ctx *middleware.Context, handler LoginOperatorHandler) *Lo
 	return &LoginOperator{Context: ctx, Handler: handler}
 }
 
-/* LoginOperator swagger:route POST /login/operator UserAPI loginOperator
+/* LoginOperator swagger:route POST /login/operator Auth loginOperator
 
 Login to Operator Console.
 

operatorapi/operations/auth/login_operator_parameters.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_operator_responses.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/login_operator_urlbuilder.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

operatorapi/operations/auth/logout.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewLogout(ctx *middleware.Context, handler LogoutHandler) *Logout {
 	return &Logout{Context: ctx, Handler: handler}
 }
 
-/* Logout swagger:route POST /logout UserAPI logout
+/* Logout swagger:route POST /logout Auth logout
 
 Logout from Operator.
 

operatorapi/operations/auth/logout_parameters.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/logout_responses.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/logout_urlbuilder.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

operatorapi/operations/auth/session_check.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewSessionCheck(ctx *middleware.Context, handler SessionCheckHandler) *Sess
 	return &SessionCheck{Context: ctx, Handler: handler}
 }
 
-/* SessionCheck swagger:route GET /session UserAPI sessionCheck
+/* SessionCheck swagger:route GET /session Auth sessionCheck
 
 Endpoint to check if your session is still valid
 

operatorapi/operations/auth/session_check_parameters.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/session_check_responses.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command

operatorapi/operations/auth/session_check_urlbuilder.go

@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package user_api
+package auth
 
 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command

operatorapi/operations/operator_api.go

@@ -37,6 +37,7 @@ import (
 	"github.com/go-openapi/swag"
 
 	"github.com/minio/console/models"
+	"github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/operatorapi/operations/operator_api"
 	"github.com/minio/console/operatorapi/operations/user_api"
 )
@@ -141,23 +142,23 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIListTenantsHandler: operator_api.ListTenantsHandlerFunc(func(params operator_api.ListTenantsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListTenants has not yet been implemented")
 		}),
-		UserAPILoginDetailHandler: user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginDetail has not yet been implemented")
+		AuthLoginDetailHandler: auth.LoginDetailHandlerFunc(func(params auth.LoginDetailParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginDetail has not yet been implemented")
 		}),
-		UserAPILoginOauth2AuthHandler: user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOauth2Auth has not yet been implemented")
+		AuthLoginOauth2AuthHandler: auth.LoginOauth2AuthHandlerFunc(func(params auth.LoginOauth2AuthParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOauth2Auth has not yet been implemented")
 		}),
-		UserAPILoginOperatorHandler: user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOperator has not yet been implemented")
+		AuthLoginOperatorHandler: auth.LoginOperatorHandlerFunc(func(params auth.LoginOperatorParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOperator has not yet been implemented")
 		}),
-		UserAPILogoutHandler: user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.Logout has not yet been implemented")
+		AuthLogoutHandler: auth.LogoutHandlerFunc(func(params auth.LogoutParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Logout has not yet been implemented")
 		}),
 		OperatorAPIPutTenantYAMLHandler: operator_api.PutTenantYAMLHandlerFunc(func(params operator_api.PutTenantYAMLParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.PutTenantYAML has not yet been implemented")
 		}),
-		UserAPISessionCheckHandler: user_api.SessionCheckHandlerFunc(func(params user_api.SessionCheckParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.SessionCheck has not yet been implemented")
+		AuthSessionCheckHandler: auth.SessionCheckHandlerFunc(func(params auth.SessionCheckParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.SessionCheck has not yet been implemented")
 		}),
 		OperatorAPISetTenantLogsHandler: operator_api.SetTenantLogsHandlerFunc(func(params operator_api.SetTenantLogsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.SetTenantLogs has not yet been implemented")
@@ -207,6 +208,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIUpdateTenantHandler: operator_api.UpdateTenantHandlerFunc(func(params operator_api.UpdateTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.UpdateTenant has not yet been implemented")
 		}),
+		OperatorAPIUpdateTenantDomainsHandler: operator_api.UpdateTenantDomainsHandlerFunc(func(params operator_api.UpdateTenantDomainsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.UpdateTenantDomains has not yet been implemented")
+		}),
 		OperatorAPIUpdateTenantIdentityProviderHandler: operator_api.UpdateTenantIdentityProviderHandlerFunc(func(params operator_api.UpdateTenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.UpdateTenantIdentityProvider has not yet been implemented")
 		}),
@@ -314,18 +318,18 @@ type OperatorAPI struct {
 	OperatorAPIListPVCsForTenantHandler operator_api.ListPVCsForTenantHandler
 	// OperatorAPIListTenantsHandler sets the operation handler for the list tenants operation
 	OperatorAPIListTenantsHandler operator_api.ListTenantsHandler
-	// UserAPILoginDetailHandler sets the operation handler for the login detail operation
-	UserAPILoginDetailHandler user_api.LoginDetailHandler
-	// UserAPILoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
-	UserAPILoginOauth2AuthHandler user_api.LoginOauth2AuthHandler
-	// UserAPILoginOperatorHandler sets the operation handler for the login operator operation
-	UserAPILoginOperatorHandler user_api.LoginOperatorHandler
-	// UserAPILogoutHandler sets the operation handler for the logout operation
-	UserAPILogoutHandler user_api.LogoutHandler
+	// AuthLoginDetailHandler sets the operation handler for the login detail operation
+	AuthLoginDetailHandler auth.LoginDetailHandler
+	// AuthLoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
+	AuthLoginOauth2AuthHandler auth.LoginOauth2AuthHandler
+	// AuthLoginOperatorHandler sets the operation handler for the login operator operation
+	AuthLoginOperatorHandler auth.LoginOperatorHandler
+	// AuthLogoutHandler sets the operation handler for the logout operation
+	AuthLogoutHandler auth.LogoutHandler
 	// OperatorAPIPutTenantYAMLHandler sets the operation handler for the put tenant y a m l operation
 	OperatorAPIPutTenantYAMLHandler operator_api.PutTenantYAMLHandler
-	// UserAPISessionCheckHandler sets the operation handler for the session check operation
-	UserAPISessionCheckHandler user_api.SessionCheckHandler
+	// AuthSessionCheckHandler sets the operation handler for the session check operation
+	AuthSessionCheckHandler auth.SessionCheckHandler
 	// OperatorAPISetTenantLogsHandler sets the operation handler for the set tenant logs operation
 	OperatorAPISetTenantLogsHandler operator_api.SetTenantLogsHandler
 	// OperatorAPISetTenantMonitoringHandler sets the operation handler for the set tenant monitoring operation
@@ -358,6 +362,8 @@ type OperatorAPI struct {
 	OperatorAPITenantUpdatePoolsHandler operator_api.TenantUpdatePoolsHandler
 	// OperatorAPIUpdateTenantHandler sets the operation handler for the update tenant operation
 	OperatorAPIUpdateTenantHandler operator_api.UpdateTenantHandler
+	// OperatorAPIUpdateTenantDomainsHandler sets the operation handler for the update tenant domains operation
+	OperatorAPIUpdateTenantDomainsHandler operator_api.UpdateTenantDomainsHandler
 	// OperatorAPIUpdateTenantIdentityProviderHandler sets the operation handler for the update tenant identity provider operation
 	OperatorAPIUpdateTenantIdentityProviderHandler operator_api.UpdateTenantIdentityProviderHandler
 	// OperatorAPIUpdateTenantSecurityHandler sets the operation handler for the update tenant security operation
@@ -521,23 +527,23 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIListTenantsHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListTenantsHandler")
 	}
-	if o.UserAPILoginDetailHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginDetailHandler")
+	if o.AuthLoginDetailHandler == nil {
+		unregistered = append(unregistered, "auth.LoginDetailHandler")
 	}
-	if o.UserAPILoginOauth2AuthHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOauth2AuthHandler")
+	if o.AuthLoginOauth2AuthHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOauth2AuthHandler")
 	}
-	if o.UserAPILoginOperatorHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOperatorHandler")
+	if o.AuthLoginOperatorHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOperatorHandler")
 	}
-	if o.UserAPILogoutHandler == nil {
-		unregistered = append(unregistered, "user_api.LogoutHandler")
+	if o.AuthLogoutHandler == nil {
+		unregistered = append(unregistered, "auth.LogoutHandler")
 	}
 	if o.OperatorAPIPutTenantYAMLHandler == nil {
 		unregistered = append(unregistered, "operator_api.PutTenantYAMLHandler")
 	}
-	if o.UserAPISessionCheckHandler == nil {
-		unregistered = append(unregistered, "user_api.SessionCheckHandler")
+	if o.AuthSessionCheckHandler == nil {
+		unregistered = append(unregistered, "auth.SessionCheckHandler")
 	}
 	if o.OperatorAPISetTenantLogsHandler == nil {
 		unregistered = append(unregistered, "operator_api.SetTenantLogsHandler")
@@ -587,6 +593,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIUpdateTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.UpdateTenantHandler")
 	}
+	if o.OperatorAPIUpdateTenantDomainsHandler == nil {
+		unregistered = append(unregistered, "operator_api.UpdateTenantDomainsHandler")
+	}
 	if o.OperatorAPIUpdateTenantIdentityProviderHandler == nil {
 		unregistered = append(unregistered, "operator_api.UpdateTenantIdentityProviderHandler")
 	}
@@ -798,19 +807,19 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/login"] = user_api.NewLoginDetail(o.context, o.UserAPILoginDetailHandler)
+	o.handlers["GET"]["/login"] = auth.NewLoginDetail(o.context, o.AuthLoginDetailHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/oauth2/auth"] = user_api.NewLoginOauth2Auth(o.context, o.UserAPILoginOauth2AuthHandler)
+	o.handlers["POST"]["/login/oauth2/auth"] = auth.NewLoginOauth2Auth(o.context, o.AuthLoginOauth2AuthHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/operator"] = user_api.NewLoginOperator(o.context, o.UserAPILoginOperatorHandler)
+	o.handlers["POST"]["/login/operator"] = auth.NewLoginOperator(o.context, o.AuthLoginOperatorHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/logout"] = user_api.NewLogout(o.context, o.UserAPILogoutHandler)
+	o.handlers["POST"]["/logout"] = auth.NewLogout(o.context, o.AuthLogoutHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
@@ -818,7 +827,7 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/session"] = user_api.NewSessionCheck(o.context, o.UserAPISessionCheckHandler)
+	o.handlers["GET"]["/session"] = auth.NewSessionCheck(o.context, o.AuthSessionCheckHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
@@ -883,6 +892,10 @@ func (o *OperatorAPI) initHandlerCache() {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
 	o.handlers["PUT"]["/namespaces/{namespace}/tenants/{tenant}"] = operator_api.NewUpdateTenant(o.context, o.OperatorAPIUpdateTenantHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/namespaces/{namespace}/tenants/{tenant}/domains"] = operator_api.NewUpdateTenantDomains(o.context, o.OperatorAPIUpdateTenantDomainsHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}

operatorapi/operations/operator_api/update_tenant_domains.go

@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// UpdateTenantDomainsHandlerFunc turns a function with the right signature into a update tenant domains handler
+type UpdateTenantDomainsHandlerFunc func(UpdateTenantDomainsParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn UpdateTenantDomainsHandlerFunc) Handle(params UpdateTenantDomainsParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// UpdateTenantDomainsHandler interface for that can handle valid update tenant domains params
+type UpdateTenantDomainsHandler interface {
+	Handle(UpdateTenantDomainsParams, *models.Principal) middleware.Responder
+}
+
+// NewUpdateTenantDomains creates a new http.Handler for the update tenant domains operation
+func NewUpdateTenantDomains(ctx *middleware.Context, handler UpdateTenantDomainsHandler) *UpdateTenantDomains {
+	return &UpdateTenantDomains{Context: ctx, Handler: handler}
+}
+
+/* UpdateTenantDomains swagger:route PUT /namespaces/{namespace}/tenants/{tenant}/domains OperatorAPI updateTenantDomains
+
+Update Domains for a Tenant
+
+*/
+type UpdateTenantDomains struct {
+	Context *middleware.Context
+	Handler UpdateTenantDomainsHandler
+}
+
+func (o *UpdateTenantDomains) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewUpdateTenantDomainsParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}

operatorapi/operations/operator_api/update_tenant_domains_parameters.go

@@ -0,0 +1,151 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"io"
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+
+	"github.com/minio/console/models"
+)
+
+// NewUpdateTenantDomainsParams creates a new UpdateTenantDomainsParams object
+//
+// There are no default values defined in the spec.
+func NewUpdateTenantDomainsParams() UpdateTenantDomainsParams {
+
+	return UpdateTenantDomainsParams{}
+}
+
+// UpdateTenantDomainsParams contains all the bound params for the update tenant domains operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters UpdateTenantDomains
+type UpdateTenantDomainsParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: body
+	*/
+	Body *models.UpdateDomainsRequest
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewUpdateTenantDomainsParams() beforehand.
+func (o *UpdateTenantDomainsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body models.UpdateDomainsRequest
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			if err == io.EOF {
+				res = append(res, errors.Required("body", "body", ""))
+			} else {
+				res = append(res, errors.NewParseError("body", "body", "", err))
+			}
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			ctx := validate.WithOperationRequest(context.Background())
+			if err := body.ContextValidate(ctx, route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = &body
+			}
+		}
+	} else {
+		res = append(res, errors.Required("body", "body", ""))
+	}
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *UpdateTenantDomainsParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *UpdateTenantDomainsParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}

operatorapi/operations/operator_api/update_tenant_domains_responses.go

@@ -0,0 +1,113 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// UpdateTenantDomainsNoContentCode is the HTTP code returned for type UpdateTenantDomainsNoContent
+const UpdateTenantDomainsNoContentCode int = 204
+
+/*UpdateTenantDomainsNoContent A successful response.
+
+swagger:response updateTenantDomainsNoContent
+*/
+type UpdateTenantDomainsNoContent struct {
+}
+
+// NewUpdateTenantDomainsNoContent creates UpdateTenantDomainsNoContent with default headers values
+func NewUpdateTenantDomainsNoContent() *UpdateTenantDomainsNoContent {
+
+	return &UpdateTenantDomainsNoContent{}
+}
+
+// WriteResponse to the client
+func (o *UpdateTenantDomainsNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(204)
+}
+
+/*UpdateTenantDomainsDefault Generic error response.
+
+swagger:response updateTenantDomainsDefault
+*/
+type UpdateTenantDomainsDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewUpdateTenantDomainsDefault creates UpdateTenantDomainsDefault with default headers values
+func NewUpdateTenantDomainsDefault(code int) *UpdateTenantDomainsDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &UpdateTenantDomainsDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the update tenant domains default response
+func (o *UpdateTenantDomainsDefault) WithStatusCode(code int) *UpdateTenantDomainsDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the update tenant domains default response
+func (o *UpdateTenantDomainsDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the update tenant domains default response
+func (o *UpdateTenantDomainsDefault) WithPayload(payload *models.Error) *UpdateTenantDomainsDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the update tenant domains default response
+func (o *UpdateTenantDomainsDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *UpdateTenantDomainsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}

operatorapi/operations/operator_api/update_tenant_domains_urlbuilder.go

@@ -0,0 +1,124 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// UpdateTenantDomainsURL generates an URL for the update tenant domains operation
+type UpdateTenantDomainsURL struct {
+	Namespace string
+	Tenant    string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *UpdateTenantDomainsURL) WithBasePath(bp string) *UpdateTenantDomainsURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *UpdateTenantDomainsURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *UpdateTenantDomainsURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/namespaces/{namespace}/tenants/{tenant}/domains"
+
+	namespace := o.Namespace
+	if namespace != "" {
+		_path = strings.Replace(_path, "{namespace}", namespace, -1)
+	} else {
+		return nil, errors.New("namespace is required on UpdateTenantDomainsURL")
+	}
+
+	tenant := o.Tenant
+	if tenant != "" {
+		_path = strings.Replace(_path, "{tenant}", tenant, -1)
+	} else {
+		return nil, errors.New("tenant is required on UpdateTenantDomainsURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *UpdateTenantDomainsURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *UpdateTenantDomainsURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *UpdateTenantDomainsURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on UpdateTenantDomainsURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on UpdateTenantDomainsURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *UpdateTenantDomainsURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

operatorapi/parity.go

@@ -17,9 +17,10 @@
 package operatorapi
 
 import (
+	"context"
 	"fmt"
 
-	"github.com/minio/console/restapi"
+	errors "github.com/minio/console/restapi"
 
 	"github.com/minio/console/pkg/utils"
 
@@ -50,14 +51,14 @@ func GetParityInfo(nodes int64, disksPerNode int64) (models.ParityResponse, erro
 }
 
 func getParityResponse(params operator_api.GetParityParams) (models.ParityResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	nodes := params.Nodes
 	disksPerNode := params.DisksPerNode
-
 	parityValues, err := GetParityInfo(nodes, disksPerNode)
 	if err != nil {
-		restapi.LogError("error getting parity info: %v", err)
-		return nil, prepareError(err)
+		errors.LogError("error getting parity info: %v", err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
-
 	return parityValues, nil
 }

operatorapi/proxy.go

@@ -29,6 +29,9 @@ import (
 	"net/http/cookiejar"
 	url2 "net/url"
 	"strings"
+	"time"
+
+	"github.com/gorilla/websocket"
 
 	v2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
 
@@ -181,11 +184,15 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 		}
 		defer loginResp.Body.Close()
 	}
+
 	if tenantCookie == nil {
 		log.Println(errors.New("couldn't login to tenant and get cookie"))
-		responseWriter.WriteHeader(500)
+		responseWriter.WriteHeader(403)
 		return
 	}
+	// at this point we have a valid cookie ready to either route HTTP or WS
+	// now we need to know if we are doing an  /api/ call (http) or /ws/ call (ws)
+	callType := urlParts[5]
 
 	targetURL, err := url2.Parse(tenantURL)
 	if err != nil {
@@ -206,7 +213,16 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 
 	proxyCookieJar, _ := cookiejar.New(nil)
 	proxyCookieJar.SetCookies(targetURL, []*http.Cookie{proxiedCookie})
+	switch callType {
+	case "ws":
+		handleWSRequest(responseWriter, req, proxyCookieJar, targetURL, tenantSchema)
+	default:
+		handleHTTPRequest(responseWriter, req, proxyCookieJar, tenantBase, targetURL)
+	}
 
+}
+
+func handleHTTPRequest(responseWriter http.ResponseWriter, req *http.Request, proxyCookieJar *cookiejar.Jar, tenantBase string, targetURL *url2.URL) {
 	tr := &http.Transport{
 		// FIXME: use restapi.GetConsoleHTTPClient()
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
@@ -259,5 +275,75 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 	responseWriter.WriteHeader(resp.StatusCode)
 
 	io.Copy(responseWriter, resp.Body)
-
+}
+
+var upgrader = websocket.Upgrader{
+	ReadBufferSize:  0,
+	WriteBufferSize: 1024,
+}
+
+func handleWSRequest(responseWriter http.ResponseWriter, req *http.Request, proxyCookieJar *cookiejar.Jar, targetURL *url2.URL, schema string) {
+	dialer := &websocket.Dialer{
+		Proxy:            http.ProxyFromEnvironment,
+		HandshakeTimeout: 45 * time.Second,
+		Jar:              proxyCookieJar,
+	}
+
+	upgrader.CheckOrigin = func(r *http.Request) bool {
+		return true
+	}
+
+	c, err := upgrader.Upgrade(responseWriter, req, nil)
+	if err != nil {
+		log.Print("error upgrade connection:", err)
+		return
+	}
+	defer c.Close()
+	if schema == "http" {
+		targetURL.Scheme = "ws"
+	} else {
+		targetURL.Scheme = "wss"
+	}
+
+	// establish a websocket to the tenant
+	tenantConn, _, err := dialer.Dial(targetURL.String(), nil)
+	if err != nil {
+		log.Println("dial:", err)
+		return
+	}
+	defer tenantConn.Close()
+
+	doneTenant := make(chan struct{})
+	done := make(chan struct{})
+
+	// start read pump from tenant connection
+	go func() {
+		defer close(doneTenant)
+		for {
+			msgType, message, err := tenantConn.ReadMessage()
+			if err != nil {
+				log.Println("error read from tenant:", err)
+				return
+			}
+			c.WriteMessage(msgType, message)
+		}
+	}()
+
+	// start read pump from tenant connection
+	go func() {
+		defer close(done)
+		for {
+			msgType, message, err := c.ReadMessage()
+			if err != nil {
+				log.Println("error read from client:", err)
+				return
+			}
+			tenantConn.WriteMessage(msgType, message)
+		}
+	}()
+
+	select {
+	case <-done:
+	case <-doneTenant:
+	}
 }

operatorapi/resource_quota.go

@@ -20,6 +20,8 @@ import (
 	"context"
 	"fmt"
 
+	xerrors "github.com/minio/console/restapi"
+
 	"k8s.io/apimachinery/pkg/api/errors"
 
 	"github.com/minio/console/cluster"
@@ -94,17 +96,18 @@ func getResourceQuota(ctx context.Context, client K8sClientI, namespace, resourc
 }
 
 func getResourceQuotaResponse(session *models.Principal, params operator_api.GetResourceQuotaParams) (*models.ResourceQuota, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	k8sClient := &k8sClient{
 		client: client,
 	}
 	resourceQuota, err := getResourceQuota(ctx, k8sClient, params.Namespace, params.ResourceQuotaName)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return resourceQuota, nil
 }

operatorapi/resource_quota_test.go

@@ -74,7 +74,8 @@ func Test_ResourceQuota(t *testing.T) {
 	// k8sclientGetResourceQuotaMock = func(ctx context.Context, namespace, resource string, opts metav1.GetOptions) (*v1.ResourceQuota, error) {
 	// 	return nil, nil
 	// }
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	kClient := k8sClientMock{}
 	type args struct {
 		ctx    context.Context

operatorapi/session.go

@@ -17,30 +17,35 @@
 package operatorapi
 
 import (
+	"context"
 	"fmt"
 
+	errors "github.com/minio/console/restapi"
+
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
 )
 
 func registerSessionHandlers(api *operations.OperatorAPI) {
 	// session check
-	api.UserAPISessionCheckHandler = user_api.SessionCheckHandlerFunc(func(params user_api.SessionCheckParams, session *models.Principal) middleware.Responder {
-		sessionResp, err := getSessionResponse(session)
+	api.AuthSessionCheckHandler = authApi.SessionCheckHandlerFunc(func(params authApi.SessionCheckParams, session *models.Principal) middleware.Responder {
+		sessionResp, err := getSessionResponse(session, params)
 		if err != nil {
-			return user_api.NewSessionCheckDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewSessionCheckDefault(int(err.Code)).WithPayload(err)
 		}
-		return user_api.NewSessionCheckOK().WithPayload(sessionResp)
+		return authApi.NewSessionCheckOK().WithPayload(sessionResp)
 	})
 }
 
 // getSessionResponse parse the token of the current session and returns a list of allowed actions to render in the UI
-func getSessionResponse(session *models.Principal) (*models.OperatorSessionResponse, *models.Error) {
+func getSessionResponse(session *models.Principal, params authApi.SessionCheckParams) (*models.OperatorSessionResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// serialize output
 	if session == nil {
-		return nil, prepareError(errorGenericInvalidSession)
+		return nil, errors.ErrorWithContext(ctx, errors.ErrInvalidSession)
 	}
 	sessionResp := &models.OperatorSessionResponse{
 		Status:      models.OperatorSessionResponseStatusOk,

operatorapi/tenant_add.go

@@ -41,7 +41,8 @@ import (
 func getTenantCreatedResponse(session *models.Principal, params operator_api.CreateTenantParams) (response *models.CreateTenantResponse, mError *models.Error) {
 	tenantReq := params.Body
 	minioImage := tenantReq.Image
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	if minioImage == "" {
 		minImg, err := cluster.GetMinioImage()
 		// we can live without figuring out the latest version of MinIO, Operator will use a hardcoded value
@@ -55,7 +56,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		client: clientSet,
 	}
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	ns := *tenantReq.Namespace
@@ -97,7 +98,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 
 	_, err = clientSet.CoreV1().Secrets(ns).Create(ctx, &instanceSecret, metav1.CreateOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	// Enable/Disable console object browser for MinIO tenant (default is on)
@@ -109,7 +110,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	tenantConfigurationENV["MINIO_ROOT_USER"] = accessKey
 	tenantConfigurationENV["MINIO_ROOT_PASSWORD"] = secretKey
 
-	// delete secrets created if an error occurred during tenant creation,
+	// delete secrets created if an errors occurred during tenant creation,
 	defer func() {
 		if mError != nil {
 			restapi.LogError("deleting secrets created for failed tenant: %s if any: %v", tenantName, mError)
@@ -126,7 +127,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	// Check the Erasure Coding Parity for validity and pass it to Tenant
 	if tenantReq.ErasureCodingParity > 0 {
 		if tenantReq.ErasureCodingParity < 2 || tenantReq.ErasureCodingParity > 8 {
-			return nil, prepareError(errorInvalidErasureCodingValue)
+			return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidErasureCodingValue)
 		}
 		tenantConfigurationENV["MINIO_STORAGE_CLASS_STANDARD"] = fmt.Sprintf("EC:%d", tenantReq.ErasureCodingParity)
 	}
@@ -203,7 +204,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 				}
 				_, err := clientSet.CoreV1().Secrets(ns).Create(ctx, &userSecret, metav1.CreateOptions{})
 				if err != nil {
-					return nil, prepareError(err)
+					return nil, restapi.ErrorWithContext(ctx, err)
 				}
 			}
 			// attach the users to the tenant
@@ -247,7 +248,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 				}
 				_, err := clientSet.CoreV1().Secrets(ns).Create(ctx, &userSecret, metav1.CreateOptions{})
 				if err != nil {
-					return nil, prepareError(err)
+					return nil, restapi.ErrorWithContext(ctx, err)
 				}
 			}
 			// attach the users to the tenant
@@ -273,7 +274,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		externalCertSecretName := fmt.Sprintf("%s-instance-external-certificates", secretName)
 		externalCertSecret, err := createOrReplaceExternalCertSecrets(ctx, &k8sClient, ns, tenantReq.TLS.Minio, externalCertSecretName, tenantName)
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		minInst.Spec.ExternalCertSecret = externalCertSecret
 	}
@@ -285,7 +286,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 			certificates := []*models.KeyPairConfiguration{tenantReq.Encryption.Client}
 			certificateSecrets, err := createOrReplaceExternalCertSecrets(ctx, &k8sClient, ns, certificates, tenantExternalClientCertSecretName, tenantName)
 			if err != nil {
-				return nil, prepareError(restapi.ErrorGeneric)
+				return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)
 			}
 			if len(certificateSecrets) > 0 {
 				minInst.Spec.ExternalClientCertSecret = certificateSecrets[0]
@@ -295,7 +296,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		// KES configuration for Tenant instance
 		minInst.Spec.KES, err = getKESConfiguration(ctx, &k8sClient, ns, tenantReq.Encryption, secretName, tenantName)
 		if err != nil {
-			return nil, prepareError(restapi.ErrorGeneric)
+			return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)
 		}
 		// Set Labels, Annotations and Node Selector for KES
 		minInst.Spec.KES.Labels = tenantReq.Encryption.Labels
@@ -305,7 +306,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.Encryption.SecurityContext != nil {
 			sc, err := convertModelSCToK8sSC(tenantReq.Encryption.SecurityContext)
 			if err != nil {
-				return nil, prepareError(err)
+				return nil, restapi.ErrorWithContext(ctx, err)
 			}
 			minInst.Spec.KES.SecurityContext = sc
 		}
@@ -316,7 +317,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		for i, caCertificate := range tenantReq.TLS.CaCertificates {
 			certificateContent, err := base64.StdEncoding.DecodeString(caCertificate)
 			if err != nil {
-				return nil, prepareError(restapi.ErrorGeneric, nil, err)
+				return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault, nil, err)
 			}
 			caCertificates = append(caCertificates, tenantSecret{
 				Name: fmt.Sprintf("ca-certificate-%d", i),
@@ -328,7 +329,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if len(caCertificates) > 0 {
 			certificateSecrets, err := createOrReplaceSecrets(ctx, &k8sClient, ns, caCertificates, tenantName)
 			if err != nil {
-				return nil, prepareError(restapi.ErrorGeneric, nil, err)
+				return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault, nil, err)
 			}
 			minInst.Spec.ExternalCaCertSecret = certificateSecrets
 		}
@@ -346,7 +347,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		pool, err := parseTenantPoolRequest(pool)
 		if err != nil {
 			restapi.LogError("parseTenantPoolRequest failed: %v", err)
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		minInst.Spec.Pools = append(minInst.Spec.Pools, *pool)
 	}
@@ -362,7 +363,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	if tenantReq.ImagePullSecret != "" {
 		imagePullSecret = tenantReq.ImagePullSecret
 	} else if imagePullSecret, err = setImageRegistry(ctx, tenantReq.ImageRegistry, clientSet.CoreV1(), ns, tenantName); err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	// pass the image pull secret to the Tenant
 	if imagePullSecret != "" {
@@ -409,7 +410,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.LogSearchConfiguration.SecurityContext != nil {
 			sc, err := convertModelSCToK8sSC(tenantReq.LogSearchConfiguration.SecurityContext)
 			if err != nil {
-				return nil, prepareError(err)
+				return nil, restapi.ErrorWithContext(ctx, err)
 			}
 			logSearchSecurityContext = sc
 		}
@@ -417,7 +418,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.LogSearchConfiguration.PostgresSecurityContext != nil {
 			sc, err := convertModelSCToK8sSC(tenantReq.LogSearchConfiguration.PostgresSecurityContext)
 			if err != nil {
-				return nil, prepareError(err)
+				return nil, restapi.ErrorWithContext(ctx, err)
 			}
 			logSearchPgSecurityContext = sc
 		}
@@ -429,6 +430,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if (diskSpaceFromAPI / humanize.GiByte) < int64(auditMaxCap) {
 			auditMaxCap = int(diskSpaceFromAPI / humanize.GiByte)
 		}
+
 		// default activate lgo search and prometheus
 		minInst.Spec.Log = &miniov2.LogConfig{
 			Audit: &miniov2.AuditConfig{DiskCapacityGB: swag.Int(auditMaxCap)},
@@ -512,7 +514,7 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.PrometheusConfiguration != nil && tenantReq.PrometheusConfiguration.SecurityContext != nil {
 			sc, err := convertModelSCToK8sSC(tenantReq.PrometheusConfiguration.SecurityContext)
 			if err != nil {
-				return nil, prepareError(err)
+				return nil, restapi.ErrorWithContext(ctx, err)
 			}
 			minInst.Spec.Prometheus.SecurityContext = sc
 		}
@@ -536,26 +538,44 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		},
 	}, tenantName)
 	if err != nil {
-		return nil, prepareError(restapi.ErrorGeneric, nil, err)
+		return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault, nil, err)
 	}
 	minInst.Spec.Configuration = &corev1.LocalObjectReference{Name: tenantConfigurationName}
 
+	if tenantReq.Domains != nil {
+		var features miniov2.Features
+		var domains miniov2.TenantDomains
+
+		// tenant domains
+		if tenantReq.Domains.Console != "" {
+			domains.Console = tenantReq.Domains.Console
+		}
+
+		if tenantReq.Domains.Minio != nil {
+			domains.Minio = tenantReq.Domains.Minio
+		}
+
+		features.Domains = &domains
+
+		minInst.Spec.Features = &features
+	}
+
 	opClient, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	_, err = opClient.MinioV2().Tenants(ns).Create(context.Background(), &minInst, metav1.CreateOptions{})
 	if err != nil {
 		restapi.LogError("Creating new tenant failed with: %v", err)
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	// Integrations
 	if os.Getenv("GKE_INTEGRATION") != "" {
 		err := gkeIntegration(clientSet, tenantName, ns, session.STSSessionToken)
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 	}
 	response = &models.CreateTenantResponse{

operatorapi/tenant_get.go

@@ -19,23 +19,22 @@ package operatorapi
 import (
 	"context"
 	"fmt"
-	"time"
+
+	errors "github.com/minio/console/restapi"
 
 	"github.com/minio/console/cluster"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations/operator_api"
-	"github.com/minio/console/restapi"
 	miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func getTenantDetailsResponse(session *models.Principal, params operator_api.TenantDetailsParams) (*models.Tenant, *models.Error) {
-	// 5 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 
 	opClient := &operatorClient{
@@ -44,7 +43,7 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 
 	info := getTenantInfo(minTenant)
@@ -52,7 +51,7 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 
 	k8sClient := k8sClient{
@@ -61,7 +60,7 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 
 	tenantConfiguration, err := GetTenantConfiguration(ctx, &k8sClient, minTenant)
 	if err != nil {
-		restapi.LogError("unable to fetch configuration for tenant %s: %v", minTenant.Name, err)
+		errors.LogError("unable to fetch configuration for tenant %s: %v", minTenant.Name, err)
 	}
 
 	// detect if AD/LDAP is enabled
@@ -107,14 +106,14 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 	//minio service
 	minSvc, err := k8sClient.getService(ctx, minTenant.Namespace, minTenant.MinIOCIServiceName(), metav1.GetOptions{})
 	if err != nil {
-		// we can tolerate this error
-		restapi.LogError("Unable to get MinIO service name: %v, continuing", err)
+		// we can tolerate this errors
+		errors.LogError("Unable to get MinIO service name: %v, continuing", err)
 	}
 	//console service
 	conSvc, err := k8sClient.getService(ctx, minTenant.Namespace, minTenant.ConsoleCIServiceName(), metav1.GetOptions{})
 	if err != nil {
-		// we can tolerate this error
-		restapi.LogError("Unable to get MinIO console service name: %v, continuing", err)
+		// we can tolerate this errors
+		errors.LogError("Unable to get MinIO console service name: %v, continuing", err)
 	}
 
 	schema := "http"
@@ -152,5 +151,16 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 		}
 	}
 
+	var domains models.DomainsConfiguration
+
+	if minTenant.Spec.Features != nil && minTenant.Spec.Features.Domains != nil {
+		domains = models.DomainsConfiguration{
+			Console: minTenant.Spec.Features.Domains.Console,
+			Minio:   minTenant.Spec.Features.Domains.Minio,
+		}
+	}
+
+	info.Domains = &domains
+
 	return info, nil
 }

operatorapi/tenant_update.go

@@ -22,9 +22,12 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/minio/console/restapi"
+
+	"github.com/minio/console/pkg/http"
+
 	"github.com/minio/console/operatorapi/operations/operator_api"
 	utils2 "github.com/minio/console/pkg/utils"
-	"github.com/minio/console/restapi"
 	miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -32,7 +35,7 @@ import (
 )
 
 // updateTenantAction does an update on the minioTenant by patching the desired changes
-func updateTenantAction(ctx context.Context, operatorClient OperatorClientI, clientset v1.CoreV1Interface, httpCl utils2.HTTPClientI, namespace string, params operator_api.UpdateTenantParams) error {
+func updateTenantAction(ctx context.Context, operatorClient OperatorClientI, clientset v1.CoreV1Interface, httpCl http.ClientI, namespace string, params operator_api.UpdateTenantParams) error {
 	imageToUpdate := params.Body.Image
 	imageRegistryReq := params.Body.ImageRegistry
 

operatorapi/tenants.go

@@ -33,9 +33,10 @@ import (
 	"strings"
 	"time"
 
-	utils2 "github.com/minio/console/pkg/utils"
+	utils2 "github.com/minio/console/pkg/http"
 
 	"github.com/dustin/go-humanize"
+	"github.com/minio/madmin-go"
 
 	"github.com/minio/console/restapi"
 
@@ -51,11 +52,9 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 
-	"github.com/minio/console/cluster"
-	"github.com/minio/madmin-go"
-
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/cluster"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
 	miniov2 "github.com/minio/operator/pkg/apis/minio.min.io/v2"
@@ -343,18 +342,28 @@ func registerTenantHandlers(api *operations.OperatorAPI) {
 		}
 		return operator_api.NewGetTenantEventsOK().WithPayload(payload)
 	})
+	// Update Tenant Domains
+	api.OperatorAPIUpdateTenantDomainsHandler = operator_api.UpdateTenantDomainsHandlerFunc(func(params operator_api.UpdateTenantDomainsParams, principal *models.Principal) middleware.Responder {
+		err := getUpdateDomainsResponse(principal, params)
+		if err != nil {
+			operator_api.NewUpdateTenantDomainsDefault(int(err.Code)).WithPayload(err)
+		}
+		return operator_api.NewUpdateTenantDomainsNoContent()
+	})
 }
 
 // getDeleteTenantResponse gets the output of deleting a minio instance
 func getDeleteTenantResponse(session *models.Principal, params operator_api.DeleteTenantParams) *models.Error {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
@@ -366,12 +375,12 @@ func getDeleteTenantResponse(session *models.Principal, params operator_api.Dele
 
 	tenant, err := opClient.TenantGet(params.HTTPRequest.Context(), params.Namespace, params.Tenant, metav1.GetOptions{})
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	tenant.EnsureDefaults()
 
 	if err = deleteTenantAction(params.HTTPRequest.Context(), opClient, clientset.CoreV1(), tenant, deleteTenantPVCs); err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	return nil
 }
@@ -389,7 +398,7 @@ func deleteTenantAction(
 	err := operatorClient.TenantDelete(ctx, tenant.Namespace, tenant.Name, metav1.DeleteOptions{})
 	if err != nil {
 		// try to delete pvc even if the tenant doesn't exist anymore but only if deletePvcs is set to true,
-		// else, we return the error
+		// else, we return the errors
 		if (deletePvcs && !k8sErrors.IsNotFound(err)) || !deletePvcs {
 			return err
 		}
@@ -433,18 +442,19 @@ func deleteTenantAction(
 
 // getDeleteTenantResponse gets the output of deleting a minio instance
 func getDeletePodResponse(session *models.Principal, params operator_api.DeletePodParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	listOpts := metav1.ListOptions{
 		LabelSelector: fmt.Sprintf("v1.min.io/tenant=%s", params.Tenant),
 		FieldSelector: fmt.Sprintf("metadata.name=%s%s", params.Tenant, params.PodName[len(params.Tenant):]),
 	}
 	if err = clientset.CoreV1().Pods(params.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, listOpts); err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	return nil
 }
@@ -486,12 +496,12 @@ func getTenantCreds(ctx context.Context, client K8sClientI, tenant *miniov2.Tena
 	tenantAccessKey, ok := tenantConfiguration["accesskey"]
 	if !ok {
 		restapi.LogError("tenant's secret doesn't contain accesskey")
-		return nil, restapi.ErrorGeneric
+		return nil, restapi.ErrDefault
 	}
 	tenantSecretKey, ok := tenantConfiguration["secretkey"]
 	if !ok {
 		restapi.LogError("tenant's secret doesn't contain secretkey")
-		return nil, restapi.ErrorGeneric
+		return nil, restapi.ErrDefault
 	}
 	return &tenantKeys{accessKey: tenantAccessKey, secretKey: tenantSecretKey}, nil
 }
@@ -833,20 +843,20 @@ func updateTenantIdentityProvider(ctx context.Context, operatorClient OperatorCl
 }
 
 func getTenantIdentityProviderResponse(session *models.Principal, params operator_api.TenantIdentityProviderParams) (*models.IdpConfiguration, *models.Error) {
-	// 5 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
@@ -854,27 +864,27 @@ func getTenantIdentityProviderResponse(session *models.Principal, params operato
 		client: clientSet,
 	}
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	info, err := getTenantIdentityProvider(ctx, &k8sClient, minTenant)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	return info, nil
 }
 
 func getUpdateTenantIdentityProviderResponse(session *models.Principal, params operator_api.UpdateTenantIdentityProviderParams) *models.Error {
-	// 5 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	k8sClient := k8sClient{
 		client: clientSet,
@@ -883,25 +893,25 @@ func getUpdateTenantIdentityProviderResponse(session *models.Principal, params o
 		client: opClientClientSet,
 	}
 	if err := updateTenantIdentityProvider(ctx, opClient, &k8sClient, params.Namespace, params); err != nil {
-		return prepareError(err, errors.New("unable to update tenant"))
+		return restapi.ErrorWithContext(ctx, err, errors.New("unable to update tenant"))
 	}
 	return nil
 }
 
 func getTenantSecurityResponse(session *models.Principal, params operator_api.TenantSecurityParams) (*models.TenantSecurityResponse, *models.Error) {
-	// 5 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
@@ -909,27 +919,27 @@ func getTenantSecurityResponse(session *models.Principal, params operator_api.Te
 		client: clientSet,
 	}
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	info, err := getTenantSecurity(ctx, &k8sClient, minTenant)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	return info, nil
 }
 
 func getUpdateTenantSecurityResponse(session *models.Principal, params operator_api.UpdateTenantSecurityParams) *models.Error {
-	// 5 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	k8sClient := k8sClient{
 		client: clientSet,
@@ -938,7 +948,7 @@ func getUpdateTenantSecurityResponse(session *models.Principal, params operator_
 		client: opClientClientSet,
 	}
 	if err := updateTenantSecurity(ctx, opClient, &k8sClient, params.Namespace, params); err != nil {
-		return prepareError(err, errors.New("unable to update tenant"))
+		return restapi.ErrorWithContext(ctx, err, errors.New("unable to update tenant"))
 	}
 	return nil
 }
@@ -1073,6 +1083,15 @@ func listTenants(ctx context.Context, operatorClient OperatorClientI, namespace
 			tiers = append(tiers, tierItem)
 		}
 
+		var domains models.DomainsConfiguration
+
+		if tenant.Spec.Features != nil && tenant.Spec.Features.Domains != nil {
+			domains = models.DomainsConfiguration{
+				Console: tenant.Spec.Features.Domains.Console,
+				Minio:   tenant.Spec.Features.Domains.Minio,
+			}
+		}
+
 		tenants = append(tenants, &models.TenantList{
 			CreationDate:     tenant.ObjectMeta.CreationTimestamp.Format(time.RFC3339),
 			DeletionDate:     deletion,
@@ -1089,6 +1108,7 @@ func listTenants(ctx context.Context, operatorClient OperatorClientI, namespace
 			Capacity:         tenant.Status.Usage.Capacity,
 			CapacityUsage:    tenant.Status.Usage.Usage,
 			Tiers:            tiers,
+			Domains:          &domains,
 		})
 	}
 
@@ -1099,34 +1119,36 @@ func listTenants(ctx context.Context, operatorClient OperatorClientI, namespace
 }
 
 func getListAllTenantsResponse(session *models.Principal, params operator_api.ListAllTenantsParams) (*models.ListTenantsResponse, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
 	listT, err := listTenants(ctx, opClient, "", params.Limit)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	return listT, nil
 }
 
 // getListTenantsResponse list tenants by namespace
 func getListTenantsResponse(session *models.Principal, params operator_api.ListTenantsParams) (*models.ListTenantsResponse, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
 	listT, err := listTenants(ctx, opClient, params.Namespace, params.Limit)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	return listT, nil
 }
@@ -1213,26 +1235,27 @@ func removeAnnotations(annotationsOne, annotationsTwo map[string]string) map[str
 }
 
 func getUpdateTenantResponse(session *models.Principal, params operator_api.UpdateTenantParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
-	httpC := &utils2.HTTPClient{
+	httpC := &utils2.Client{
 		Client: &http.Client{
 			Timeout: 4 * time.Second,
 		},
 	}
 	if err := updateTenantAction(ctx, opClient, clientSet.CoreV1(), httpC, params.Namespace, params); err != nil {
-		return prepareError(err, errors.New("unable to update tenant"))
+		return restapi.ErrorWithContext(ctx, err, errors.New("unable to update tenant"))
 	}
 	return nil
 }
@@ -1263,33 +1286,34 @@ func addTenantPool(ctx context.Context, operatorClient OperatorClientI, params o
 }
 
 func getTenantAddPoolResponse(session *models.Principal, params operator_api.TenantAddPoolParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	opClient := &operatorClient{
 		client: opClientClientSet,
 	}
 	if err := addTenantPool(ctx, opClient, params); err != nil {
-		return prepareError(err, errors.New("unable to add pool"))
+		return restapi.ErrorWithContext(ctx, err, errors.New("unable to add pool"))
 	}
 	return nil
 }
 
 // getTenantUsageResponse returns the usage of a tenant
 func getTenantUsageResponse(session *models.Principal, params operator_api.GetTenantUsageParams) (*models.TenantUsage, *models.Error) {
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantUsage)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantUsage)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	opClient := &operatorClient{
@@ -1301,7 +1325,7 @@ func getTenantUsageResponse(session *models.Principal, params operator_api.GetTe
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantUsage)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	minTenant.EnsureDefaults()
 
@@ -1314,7 +1338,7 @@ func getTenantUsageResponse(session *models.Principal, params operator_api.GetTe
 		svcURL,
 	)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantUsage)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	// create a minioClient interface implementation
 	// defining the client to be used
@@ -1322,7 +1346,7 @@ func getTenantUsageResponse(session *models.Principal, params operator_api.GetTe
 	// serialize output
 	adminInfo, err := restapi.GetAdminInfo(ctx, adminClient)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantUsage)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	info := &models.TenantUsage{Used: adminInfo.Usage, DiskUsed: adminInfo.DisksUsage}
 	return info, nil
@@ -1330,13 +1354,13 @@ func getTenantUsageResponse(session *models.Principal, params operator_api.GetTe
 
 // getTenantLogsResponse returns the logs of a tenant
 func getTenantLogsResponse(session *models.Principal, params operator_api.GetTenantLogsParams) (*models.TenantLogs, *models.Error) {
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantLogs)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantLogs)
 	}
 
 	opClient := &operatorClient{
@@ -1345,7 +1369,7 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return nil, prepareError(err, errorUnableToGetTenantLogs)
+		return nil, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantLogs)
 	}
 	if minTenant.Spec.Log == nil {
 		retval := &models.TenantLogs{
@@ -1428,13 +1452,12 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
 // setTenantLogsResponse returns the logs of a tenant
 func setTenantLogsResponse(session *models.Principal, params operator_api.SetTenantLogsParams) (bool, *models.Error) {
 
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	opClient := &operatorClient{
@@ -1443,7 +1466,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	var labels = make(map[string]string)
@@ -1472,7 +1495,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 	if reflect.TypeOf(params.Data.LogCPURequest).Kind() == reflect.String && params.Data.LogCPURequest != "0Gi" && params.Data.LogCPURequest != "" {
 		cpuQuantity, err := resource.ParseQuantity(params.Data.LogCPURequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		logResourceRequest["cpu"] = cpuQuantity
 		minTenant.Spec.Log.Resources.Requests = logResourceRequest
@@ -1480,7 +1503,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 	if reflect.TypeOf(params.Data.LogMemRequest).Kind() == reflect.String {
 		memQuantity, err := resource.ParseQuantity(params.Data.LogMemRequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 
 		logResourceRequest["memory"] = memQuantity
@@ -1517,7 +1540,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 	if reflect.TypeOf(params.Data.LogDBCPURequest).Kind() == reflect.String && params.Data.LogDBCPURequest != "0Gi" && params.Data.LogDBCPURequest != "" {
 		dbCPUQuantity, err := resource.ParseQuantity(params.Data.LogDBCPURequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		logDBResourceRequest["cpu"] = dbCPUQuantity
 		minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
@@ -1525,7 +1548,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 	if reflect.TypeOf(params.Data.LogDBMemRequest).Kind() == reflect.String {
 		dbMemQuantity, err := resource.ParseQuantity(params.Data.LogDBMemRequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		logDBResourceRequest["memory"] = dbMemQuantity
 		minTenant.Spec.Log.Db.Resources.Requests = logDBResourceRequest
@@ -1588,20 +1611,20 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 
 	_, err = opClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
 	if err != nil {
-		return false, prepareError(err)
+		return false, restapi.ErrorWithContext(ctx, err)
 	}
 	return true, nil
 }
 
 // enableTenantLoggingResponse enables Tenant Logging
 func enableTenantLoggingResponse(session *models.Principal, params operator_api.EnableTenantLoggingParams) (bool, *models.Error) {
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	opClient := &operatorClient{
@@ -1610,7 +1633,7 @@ func enableTenantLoggingResponse(session *models.Principal, params operator_api.
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	minTenant.EnsureDefaults()
 
@@ -1649,23 +1672,23 @@ func enableTenantLoggingResponse(session *models.Principal, params operator_api.
 
 	_, err = opClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
 	if err != nil {
-		return false, prepareError(err)
+		return false, restapi.ErrorWithContext(ctx, err)
 	}
 	return true, nil
 }
 
 // disableTenantLoggingResponse disables Tenant Logging
 func disableTenantLoggingResponse(session *models.Principal, params operator_api.DisableTenantLoggingParams) (bool, *models.Error) {
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	opClient := &operatorClient{
@@ -1674,30 +1697,31 @@ func disableTenantLoggingResponse(session *models.Principal, params operator_api
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 	minTenant.EnsureDefaults()
 	minTenant.Spec.Log = nil
 
 	_, err = opClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
 	if err != nil {
-		return false, prepareError(err)
+		return false, restapi.ErrorWithContext(ctx, err)
 	}
 	return true, nil
 }
 
 func getTenantPodsResponse(session *models.Principal, params operator_api.GetTenantPodsParams) ([]*models.TenantPod, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	listOpts := metav1.ListOptions{
 		LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, params.Tenant),
 	}
 	pods, err := clientset.CoreV1().Pods(params.Namespace).List(ctx, listOpts)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	retval := []*models.TenantPod{}
 	for _, pod := range pods.Items {
@@ -1721,33 +1745,35 @@ func getTenantPodsResponse(session *models.Principal, params operator_api.GetTen
 }
 
 func getPodLogsResponse(session *models.Principal, params operator_api.GetPodLogsParams) (string, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return "", prepareError(err)
+		return "", restapi.ErrorWithContext(ctx, err)
 	}
 	listOpts := &corev1.PodLogOptions{}
 	logs := clientset.CoreV1().Pods(params.Namespace).GetLogs(params.PodName, listOpts)
 	buff, err := logs.DoRaw(ctx)
 	if err != nil {
-		return "", prepareError(err)
+		return "", restapi.ErrorWithContext(ctx, err)
 	}
 	return string(buff), nil
 }
 
 func getPodEventsResponse(session *models.Principal, params operator_api.GetPodEventsParams) (models.EventListWrapper, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	pod, err := clientset.CoreV1().Pods(params.Namespace).Get(ctx, params.PodName, metav1.GetOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	events, err := clientset.CoreV1().Events(params.Namespace).List(ctx, metav1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.uid=%s", pod.UID)})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	retval := models.EventListWrapper{}
 	for i := 0; i < len(events.Items); i++ {
@@ -1767,11 +1793,12 @@ func getPodEventsResponse(session *models.Principal, params operator_api.GetPodE
 
 //get values for prometheus metrics
 func getTenantMonitoringResponse(session *models.Principal, params operator_api.GetTenantMonitoringParams) (*models.TenantMonitoringInfo, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	opClient := &operatorClient{
@@ -1780,7 +1807,7 @@ func getTenantMonitoringResponse(session *models.Principal, params operator_api.
 
 	minInst, err := opClient.TenantGet(ctx, params.Namespace, params.Tenant, metav1.GetOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	monitoringInfo := &models.TenantMonitoringInfo{}
@@ -1860,13 +1887,13 @@ func getTenantMonitoringResponse(session *models.Principal, params operator_api.
 
 //sets tenant Prometheus monitoring cofiguration fields to values provided
 func setTenantMonitoringResponse(session *models.Principal, params operator_api.SetTenantMonitoringParams) (bool, *models.Error) {
-	// 30 seconds timeout
-	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	opClient := &operatorClient{
@@ -1875,7 +1902,7 @@ func setTenantMonitoringResponse(session *models.Principal, params operator_api.
 
 	minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
 	if err != nil {
-		return false, prepareError(err, errorUnableToGetTenantUsage)
+		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
 	}
 
 	if params.Data.Toggle {
@@ -1891,7 +1918,7 @@ func setTenantMonitoringResponse(session *models.Principal, params operator_api.
 		}
 		_, err = opClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		return true, nil
 	}
@@ -1919,7 +1946,7 @@ func setTenantMonitoringResponse(session *models.Principal, params operator_api.
 	if params.Data.MonitoringCPURequest != "" {
 		cpuQuantity, err := resource.ParseQuantity(params.Data.MonitoringCPURequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		monitoringResourceRequest["cpu"] = cpuQuantity
 	}
@@ -1927,7 +1954,7 @@ func setTenantMonitoringResponse(session *models.Principal, params operator_api.
 	if params.Data.MonitoringMemRequest != "" {
 		memQuantity, err := resource.ParseQuantity(params.Data.MonitoringMemRequest)
 		if err != nil {
-			return false, prepareError(err)
+			return false, restapi.ErrorWithContext(ctx, err)
 		}
 		monitoringResourceRequest["memory"] = memQuantity
 	}
@@ -1952,7 +1979,7 @@ func setTenantMonitoringResponse(session *models.Principal, params operator_api.
 	minTenant.Spec.Prometheus.ServiceAccountName = params.Data.ServiceAccountName
 	_, err = opClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
 	if err != nil {
-		return false, prepareError(err)
+		return false, restapi.ErrorWithContext(ctx, err)
 	}
 
 	return true, nil
@@ -2397,10 +2424,11 @@ func parseNodeSelectorTerm(term *corev1.NodeSelectorTerm) *models.NodeSelectorTe
 }
 
 func getTenantUpdatePoolResponse(session *models.Principal, params operator_api.TenantUpdatePoolsParams) (*models.Tenant, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	opClient := &operatorClient{
@@ -2410,7 +2438,7 @@ func getTenantUpdatePoolResponse(session *models.Principal, params operator_api.
 	t, err := updateTenantPools(ctx, opClient, params.Namespace, params.Tenant, params.Body.Pools)
 	if err != nil {
 		restapi.LogError("error updating Tenant's pools: %v", err)
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	// parse it to models.Tenant
@@ -2461,20 +2489,19 @@ func updateTenantPools(
 }
 
 func getTenantYAML(session *models.Principal, params operator_api.GetTenantYAMLParams) (*models.TenantYAML, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
-
 	opClient, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
-
 	tenant, err := opClient.MinioV2().Tenants(params.Namespace).Get(params.HTTPRequest.Context(), params.Tenant, metav1.GetOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	// remove managed fields
 	tenant.ManagedFields = []metav1.ManagedFieldsEntry{}
-
 	//yb, err := yaml.Marshal(tenant)
 	j8sJSONSerializer := k8sJson.NewSerializerWithOptions(
 		k8sJson.DefaultMetaFactory, nil, nil,
@@ -2488,7 +2515,7 @@ func getTenantYAML(session *models.Principal, params operator_api.GetTenantYAMLP
 
 	err = j8sJSONSerializer.Encode(tenant, buf)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 
 	yb := buf.String()
@@ -2497,6 +2524,8 @@ func getTenantYAML(session *models.Principal, params operator_api.GetTenantYAMLP
 }
 
 func getUpdateTenantYAML(session *models.Principal, params operator_api.PutTenantYAMLParams) *models.Error {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// https://godoc.org/k8s.io/apimachinery/pkg/runtime#Scheme
 	scheme := runtime.NewScheme()
 
@@ -2514,12 +2543,12 @@ func getUpdateTenantYAML(session *models.Principal, params operator_api.PutTenan
 	// get Kubernetes Client
 	opClient, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 
 	tenant, err := opClient.MinioV2().Tenants(params.Namespace).Get(params.HTTPRequest.Context(), params.Tenant, metav1.GetOptions{})
 	if err != nil {
-		return prepareError(err)
+		return restapi.ErrorWithContext(ctx, err)
 	}
 	upTenant := tenant.DeepCopy()
 	// only update safe fields: spec, metadata.finalizers, metadata.labels and metadata.annotations
@@ -2537,22 +2566,23 @@ func getUpdateTenantYAML(session *models.Principal, params operator_api.PutTenan
 }
 
 func getTenantEventsResponse(session *models.Principal, params operator_api.GetTenantEventsParams) (models.EventListWrapper, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	client, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	tenant, err := client.MinioV2().Tenants(params.Namespace).Get(ctx, params.Tenant, metav1.GetOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	events, err := clientset.CoreV1().Events(params.Namespace).List(ctx, metav1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.uid=%s", tenant.UID)})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	retval := models.EventListWrapper{}
 	for _, event := range events.Items {
@@ -2569,3 +2599,62 @@ func getTenantEventsResponse(session *models.Principal, params operator_api.GetT
 	})
 	return retval, nil
 }
+
+func getUpdateDomainsResponse(session *models.Principal, params operator_api.UpdateTenantDomainsParams) *models.Error {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	operatorCli, err := cluster.OperatorClient(session.STSSessionToken)
+	if err != nil {
+		return restapi.ErrorWithContext(ctx, err)
+	}
+
+	opClient := &operatorClient{
+		client: operatorCli,
+	}
+
+	err = updateTenantDomains(ctx, opClient, params.Namespace, params.Tenant, params.Body.Domains)
+
+	if err != nil {
+		return restapi.ErrorWithContext(ctx, err)
+	}
+
+	return nil
+}
+
+func updateTenantDomains(ctx context.Context, operatorClient OperatorClientI, namespace string, tenantName string, domainConfig *models.DomainsConfiguration) error {
+
+	minTenant, err := getTenant(ctx, operatorClient, namespace, tenantName)
+	if err != nil {
+		return err
+	}
+
+	var features miniov2.Features
+	var domains miniov2.TenantDomains
+
+	// We include current value for BucketDNS. Domains will be overwritten as we are passing all the values that must be saved.
+	if minTenant.Spec.Features != nil {
+		features = miniov2.Features{
+			BucketDNS: minTenant.Spec.Features.BucketDNS,
+		}
+	}
+
+	if domainConfig != nil {
+		// tenant domains
+		if domainConfig.Console != "" {
+			domains.Console = domainConfig.Console
+		}
+
+		if domainConfig.Minio != nil {
+			domains.Minio = domainConfig.Minio
+		}
+
+		features.Domains = &domains
+	}
+
+	minTenant.Spec.Features = &features
+
+	_, err = operatorClient.TenantUpdate(ctx, minTenant, metav1.UpdateOptions{})
+
+	return err
+}

operatorapi/tenants_helper.go

@@ -27,6 +27,8 @@ import (
 	"strconv"
 	"time"
 
+	xerrors "github.com/minio/console/restapi"
+
 	"github.com/minio/console/operatorapi/operations/operator_api"
 
 	"errors"
@@ -108,24 +110,25 @@ func tenantUpdateCertificates(ctx context.Context, operatorClient OperatorClient
 
 // getTenantUpdateCertificatesResponse wrapper of tenantUpdateCertificates
 func getTenantUpdateCertificatesResponse(session *models.Principal, params operator_api.TenantUpdateCertificateParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err, errorUnableToUpdateTenantCertificates)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUnableToUpdateTenantCertificates)
 	}
 	k8sClient := k8sClient{
 		client: clientSet,
 	}
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err, errorUnableToUpdateTenantCertificates)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUnableToUpdateTenantCertificates)
 	}
 	opClient := operatorClient{
 		client: opClientClientSet,
 	}
 	if err := tenantUpdateCertificates(ctx, &opClient, &k8sClient, params.Namespace, params); err != nil {
-		return prepareError(err, errorUnableToUpdateTenantCertificates)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUnableToUpdateTenantCertificates)
 	}
 	return nil
 }
@@ -238,40 +241,42 @@ func tenantUpdateEncryption(ctx context.Context, operatorClient OperatorClientI,
 
 // getTenantDeleteEncryptionResponse is a wrapper for tenantDeleteEncryption
 func getTenantDeleteEncryptionResponse(session *models.Principal, params operator_api.TenantDeleteEncryptionParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err, errorDeletingEncryptionConfig)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrDeletingEncryptionConfig)
 	}
 	opClient := operatorClient{
 		client: opClientClientSet,
 	}
 	if err := tenantDeleteEncryption(ctx, &opClient, params.Namespace, params); err != nil {
-		return prepareError(err, errorDeletingEncryptionConfig)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrDeletingEncryptionConfig)
 	}
 	return nil
 }
 
 // getTenantUpdateEncryptionResponse is a wrapper for tenantUpdateEncryption
 func getTenantUpdateEncryptionResponse(session *models.Principal, params operator_api.TenantUpdateEncryptionParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err, errorUpdatingEncryptionConfig)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUpdatingEncryptionConfig)
 	}
 	k8sClient := k8sClient{
 		client: clientSet,
 	}
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err, errorUpdatingEncryptionConfig)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUpdatingEncryptionConfig)
 	}
 	opClient := operatorClient{
 		client: opClientClientSet,
 	}
 	if err := tenantUpdateEncryption(ctx, &opClient, &k8sClient, params.Namespace, params); err != nil {
-		return prepareError(err, errorUpdatingEncryptionConfig)
+		return xerrors.ErrorWithContext(ctx, err, xerrors.ErrUpdatingEncryptionConfig)
 	}
 	return nil
 }
@@ -450,25 +455,26 @@ func tenantEncryptionInfo(ctx context.Context, operatorClient OperatorClientI, c
 
 // getTenantEncryptionResponse is a wrapper for tenantEncryptionInfo
 func getTenantEncryptionInfoResponse(session *models.Principal, params operator_api.TenantEncryptionInfoParams) (*models.EncryptionConfigurationResponse, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
 	clientSet, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err, errorEncryptionConfigNotFound)
+		return nil, xerrors.ErrorWithContext(ctx, err, xerrors.ErrEncryptionConfigNotFound)
 	}
 	k8sClient := k8sClient{
 		client: clientSet,
 	}
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err, errorEncryptionConfigNotFound)
+		return nil, xerrors.ErrorWithContext(ctx, err, xerrors.ErrEncryptionConfigNotFound)
 	}
 	opClient := operatorClient{
 		client: opClientClientSet,
 	}
 	configuration, err := tenantEncryptionInfo(ctx, &opClient, &k8sClient, params.Namespace, params)
 	if err != nil {
-		return nil, prepareError(err, errorEncryptionConfigNotFound)
+		return nil, xerrors.ErrorWithContext(ctx, err, xerrors.ErrEncryptionConfigNotFound)
 	}
 	return configuration, nil
 }
@@ -537,8 +543,8 @@ func createOrReplaceSecrets(ctx context.Context, clientSet K8sClientI, ns string
 			// delete secret with same name if exists
 			err := clientSet.deleteSecret(ctx, ns, secret.Name, metav1.DeleteOptions{})
 			if err != nil {
-				// log the error if any and continue
-				LogError("deleting secret name %s failed: %v, continuing..", secret.Name, err)
+				// log the errors if any and continue
+				xerrors.LogError("deleting secret name %s failed: %v, continuing..", secret.Name, err)
 			}
 			k8sSecret := &corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
@@ -575,8 +581,8 @@ func createOrReplaceExternalCertSecrets(ctx context.Context, clientSet K8sClient
 		// delete secret with same name if exists
 		err := clientSet.deleteSecret(ctx, ns, keyPairSecretName, metav1.DeleteOptions{})
 		if err != nil {
-			// log the error if any and continue
-			LogError("deleting secret name %s failed: %v, continuing..", keyPairSecretName, err)
+			// log the errors if any and continue
+			xerrors.LogError("deleting secret name %s failed: %v, continuing..", keyPairSecretName, err)
 		}
 		imm := true
 		tlsCrt, err := base64.StdEncoding.DecodeString(*keyPair.Crt)
@@ -621,13 +627,13 @@ func createOrReplaceExternalCertSecrets(ctx context.Context, clientSet K8sClient
 func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sClientI, ns string, encryptionCfg *models.EncryptionConfiguration, kesConfigurationSecretName, kesClientCertSecretName, tenantName string) (*corev1.LocalObjectReference, *miniov2.LocalCertificateReference, error) {
 	// delete KES configuration secret if exists
 	if err := clientSet.deleteSecret(ctx, ns, kesConfigurationSecretName, metav1.DeleteOptions{}); err != nil {
-		// log the error if any and continue
-		LogError("deleting secret name %s failed: %v, continuing..", kesConfigurationSecretName, err)
+		// log the errors if any and continue
+		xerrors.LogError("deleting secret name %s failed: %v, continuing..", kesConfigurationSecretName, err)
 	}
 	// delete KES client cert secret if exists
 	if err := clientSet.deleteSecret(ctx, ns, kesClientCertSecretName, metav1.DeleteOptions{}); err != nil {
-		// log the error if any and continue
-		LogError("deleting secret name %s failed: %v, continuing..", kesClientCertSecretName, err)
+		// log the errors if any and continue
+		xerrors.LogError("deleting secret name %s failed: %v, continuing..", kesClientCertSecretName, err)
 	}
 	// if autoCert is enabled then Operator will generate the client certificates, calculate the client cert identity
 	// and pass it to KES via the ${MINIO_KES_IDENTITY} variable

operatorapi/tenants_test.go

@@ -28,7 +28,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/minio/console/pkg/utils"
+	xhttp "github.com/minio/console/pkg/http"
 
 	"github.com/minio/console/operatorapi/operations/operator_api"
 
@@ -106,7 +106,8 @@ func (c k8sClientMock) getService(ctx context.Context, namespace, serviceName st
 }
 
 func Test_TenantInfoTenantAdminClient(t *testing.T) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	kClient := k8sClientMock{}
 	type args struct {
 		ctx        context.Context
@@ -896,7 +897,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 	type args struct {
 		ctx               context.Context
 		operatorClient    OperatorClientI
-		httpCl            utils.HTTPClientI
+		httpCl            xhttp.ClientI
 		nameSpace         string
 		tenantName        string
 		mockTenantPatch   func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error)
@@ -1079,3 +1080,133 @@ func Test_UpdateTenantAction(t *testing.T) {
 		})
 	}
 }
+
+func Test_UpdateDomainsResponse(t *testing.T) {
+	opClient := opClientMock{}
+
+	type args struct {
+		ctx              context.Context
+		operatorClient   OperatorClientI
+		nameSpace        string
+		tenantName       string
+		mockTenantUpdate func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error)
+		mockTenantGet    func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error)
+		domains          *models.DomainsConfiguration
+	}
+	tests := []struct {
+		name    string
+		args    args
+		objs    []runtime.Object
+		wantErr bool
+	}{
+		{
+			name: "Update console & minio domains OK",
+			args: args{
+				ctx:            context.Background(),
+				operatorClient: opClient,
+				nameSpace:      "default",
+				tenantName:     "minio-tenant",
+				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
+					return &miniov2.Tenant{}, nil
+				},
+				mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
+					return &miniov2.Tenant{}, nil
+				},
+				domains: &models.DomainsConfiguration{
+					Console: "http://console.min.io",
+					Minio:   []string{"http://domain1.min.io", "http://domain2.min.io", "http://domain3.min.io"},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "Error occurs getting minioTenant",
+			args: args{
+				ctx:            context.Background(),
+				operatorClient: opClient,
+				nameSpace:      "default",
+				tenantName:     "minio-tenant",
+				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
+					return &miniov2.Tenant{}, nil
+				},
+				mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
+					return nil, errors.New("error-getting-tenant-info")
+				},
+				domains: &models.DomainsConfiguration{
+					Console: "http://console.min.io",
+					Minio:   []string{"http://domain1.min.io", "http://domain2.min.io", "http://domain3.min.io"},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "Tenant already has domains",
+			args: args{
+				ctx:            context.Background(),
+				operatorClient: opClient,
+				nameSpace:      "default",
+				tenantName:     "minio-tenant",
+				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
+					return &miniov2.Tenant{}, nil
+				},
+				mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
+					domains := miniov2.TenantDomains{
+						Console: "http://onerandomdomain.min.io",
+						Minio: []string{
+							"http://oneDomain.min.io",
+							"http://twoDomains.min.io",
+						},
+					}
+
+					features := miniov2.Features{
+						Domains: &domains,
+					}
+
+					return &miniov2.Tenant{
+						Spec: miniov2.TenantSpec{Features: &features},
+					}, nil
+				},
+				domains: &models.DomainsConfiguration{
+					Console: "http://console.min.io",
+					Minio:   []string{"http://domain1.min.io", "http://domain2.min.io", "http://domain3.min.io"},
+				},
+			},
+			wantErr: false,
+		},
+		{
+			name: "Tenant features only have BucketDNS",
+			args: args{
+				ctx:            context.Background(),
+				operatorClient: opClient,
+				nameSpace:      "default",
+				tenantName:     "minio-tenant",
+				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
+					return &miniov2.Tenant{}, nil
+				},
+				mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*miniov2.Tenant, error) {
+					features := miniov2.Features{
+						BucketDNS: true,
+					}
+
+					return &miniov2.Tenant{
+						Spec: miniov2.TenantSpec{Features: &features},
+					}, nil
+				},
+				domains: &models.DomainsConfiguration{
+					Console: "http://console.min.io",
+					Minio:   []string{"http://domain1.min.io", "http://domain2.min.io", "http://domain3.min.io"},
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		opClientTenantGetMock = tt.args.mockTenantGet
+		opClientTenantUpdateMock = tt.args.mockTenantUpdate
+		t.Run(tt.name, func(t *testing.T) {
+			if err := updateTenantDomains(tt.args.ctx, tt.args.operatorClient, tt.args.nameSpace, tt.args.tenantName, tt.args.domains); (err != nil) != tt.wantErr {
+				t.Errorf("updateTenantDomains() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

operatorapi/version.go

@@ -17,20 +17,24 @@
 package operatorapi
 
 import (
+	"context"
+	"net/http"
+	"time"
+
+	errors "github.com/minio/console/restapi"
+
+	xhttp "github.com/minio/console/pkg/http"
+
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
 	"github.com/minio/console/operatorapi/operations/user_api"
-
-	"net/http"
-	"time"
-
 	"github.com/minio/console/pkg/utils"
 )
 
 func registerVersionHandlers(api *operations.OperatorAPI) {
 	api.UserAPICheckMinIOVersionHandler = user_api.CheckMinIOVersionHandlerFunc(func(params user_api.CheckMinIOVersionParams) middleware.Responder {
-		versionResponse, err := getVersionResponse()
+		versionResponse, err := getVersionResponse(params)
 		if err != nil {
 			return user_api.NewCheckMinIOVersionDefault(int(err.Code)).WithPayload(err)
 		}
@@ -39,13 +43,15 @@ func registerVersionHandlers(api *operations.OperatorAPI) {
 }
 
 // getSessionResponse parse the token of the current session and returns a list of allowed actions to render in the UI
-func getVersionResponse() (*models.CheckOperatorVersionResponse, *models.Error) {
-	ver, err := utils.GetLatestMinIOImage(&utils.HTTPClient{
+func getVersionResponse(params user_api.CheckMinIOVersionParams) (*models.CheckOperatorVersionResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+	ver, err := utils.GetLatestMinIOImage(&xhttp.Client{
 		Client: &http.Client{
 			Timeout: 15 * time.Second,
 		}})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 	return &models.CheckOperatorVersionResponse{
 		LatestVersion: *ver,

operatorapi/volumes.go

@@ -21,6 +21,8 @@ import (
 	"fmt"
 	"sort"
 
+	errors "github.com/minio/console/restapi"
+
 	miniov1 "github.com/minio/operator/pkg/apis/minio.min.io/v1"
 
 	"github.com/go-openapi/runtime/middleware"
@@ -33,7 +35,7 @@ import (
 
 func registerVolumesHandlers(api *operations.OperatorAPI) {
 	api.OperatorAPIListPVCsHandler = operator_api.ListPVCsHandlerFunc(func(params operator_api.ListPVCsParams, session *models.Principal) middleware.Responder {
-		payload, err := getPVCsResponse(session)
+		payload, err := getPVCsResponse(session, params)
 
 		if err != nil {
 			return operator_api.NewListPVCsDefault(int(err.Code)).WithPayload(err)
@@ -72,12 +74,13 @@ func registerVolumesHandlers(api *operations.OperatorAPI) {
 
 }
 
-func getPVCsResponse(session *models.Principal) (*models.ListPVCsResponse, *models.Error) {
-	ctx := context.Background()
+func getPVCsResponse(session *models.Principal, params operator_api.ListPVCsParams) (*models.ListPVCsResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 
 	// Filter Tenant PVCs. They keep their v1 tenant annotation
@@ -89,7 +92,7 @@ func getPVCsResponse(session *models.Principal) (*models.ListPVCsResponse, *mode
 	listAllPvcs, err2 := clientset.CoreV1().PersistentVolumeClaims("").List(ctx, listOpts)
 
 	if err2 != nil {
-		return nil, prepareError(err2)
+		return nil, errors.ErrorWithContext(ctx, err2)
 	}
 
 	var ListPVCs []*models.PvcsListResponse
@@ -120,11 +123,12 @@ func getPVCsResponse(session *models.Principal) (*models.ListPVCsResponse, *mode
 }
 
 func getPVCsForTenantResponse(session *models.Principal, params operator_api.ListPVCsForTenantParams) (*models.ListPVCsResponse, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 
 	// Filter Tenant PVCs. They keep their v1 tenant annotation
@@ -136,7 +140,7 @@ func getPVCsForTenantResponse(session *models.Principal, params operator_api.Lis
 	listAllPvcs, err2 := clientset.CoreV1().PersistentVolumeClaims(params.Namespace).List(ctx, listOpts)
 
 	if err2 != nil {
-		return nil, prepareError(err2)
+		return nil, errors.ErrorWithContext(ctx, err2)
 	}
 
 	var ListPVCs []*models.PvcsListResponse
@@ -167,35 +171,37 @@ func getPVCsForTenantResponse(session *models.Principal, params operator_api.Lis
 }
 
 func getDeletePVCResponse(session *models.Principal, params operator_api.DeletePVCParams) *models.Error {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	// get Kubernetes Client
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return prepareError(err)
+		return errors.ErrorWithContext(ctx, err)
 	}
 	listOpts := metav1.ListOptions{
 		LabelSelector: fmt.Sprintf("v1.min.io/tenant=%s", params.Tenant),
 		FieldSelector: fmt.Sprintf("metadata.name=%s", params.PVCName),
 	}
 	if err = clientset.CoreV1().PersistentVolumeClaims(params.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, listOpts); err != nil {
-		return prepareError(err)
+		return errors.ErrorWithContext(ctx, err)
 	}
 	return nil
 }
 
 func getPVCEventsResponse(session *models.Principal, params operator_api.GetPVCEventsParams) (models.EventListWrapper, *models.Error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 	PVC, err := clientset.CoreV1().PersistentVolumeClaims(params.Namespace).Get(ctx, params.PVCName, metav1.GetOptions{})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 	events, err := clientset.CoreV1().Events(params.Namespace).List(ctx, metav1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.uid=%s", PVC.UID)})
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, errors.ErrorWithContext(ctx, err)
 	}
 	retval := models.EventListWrapper{}
 	for i := 0; i < len(events.Items); i++ {

pkg/auth/token.go

@@ -89,11 +89,14 @@ func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
 	if token == "" {
 		return nil, ErrNoAuthToken
 	}
-	// decrypt encrypted token
-	claimTokens, err := decryptClaims(token)
+	decryptedToken, err := DecryptToken(token)
 	if err != nil {
-		// we print decryption token error information for debugging purposes
-		// we return a generic error that doesn't give any information to attackers
+		// fail decrypting token
+		return nil, errReadingToken
+	}
+	claimTokens, err := ParseClaimsFromToken(string(decryptedToken))
+	if err != nil {
+		// fail unmarshalling token into data structure
 		return nil, errReadingToken
 	}
 	// claimsTokens contains the decrypted JWT for Console
@@ -136,21 +139,26 @@ func encryptClaims(credentials *TokenClaims) (string, error) {
 	return base64.StdEncoding.EncodeToString(ciphertext), nil
 }
 
-// decryptClaims() receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces a *TokenClaims object
-func decryptClaims(ciphertext string) (*TokenClaims, error) {
+// ParseClaimsFromToken receive token claims in string format, then unmarshal them to produce a *TokenClaims object
+func ParseClaimsFromToken(claims string) (*TokenClaims, error) {
+	tokenClaims := &TokenClaims{}
+	if err := json.Unmarshal([]byte(claims), tokenClaims); err != nil {
+		return nil, err
+	}
+	return tokenClaims, nil
+}
+
+// DecryptToken receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces []byte
+func DecryptToken(ciphertext string) (plaintext []byte, err error) {
 	decoded, err := base64.StdEncoding.DecodeString(ciphertext)
 	if err != nil {
 		return nil, err
 	}
-	plaintext, err := decrypt(decoded, []byte{})
+	plaintext, err = decrypt(decoded, []byte{})
 	if err != nil {
 		return nil, err
 	}
-	tokenClaims := &TokenClaims{}
-	if err = json.Unmarshal(plaintext, tokenClaims); err != nil {
-		return nil, err
-	}
-	return tokenClaims, nil
+	return plaintext, nil
 }
 
 const (

pkg/certs/certs.go

@@ -234,7 +234,8 @@ func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) {
 }
 
 func GetTLSConfig() (x509Certs []*x509.Certificate, manager *xcerts.Manager, err error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 
 	if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) {
 		return nil, nil, nil
@@ -331,3 +332,12 @@ func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Ma
 	}
 	return rootCAs, publicCerts, certsManager, nil
 }
+
+// EnsureCertAndKey checks if both client certificate and key paths are provided
+func EnsureCertAndKey(clientCert, clientKey string) error {
+	if (clientCert != "" && clientKey == "") ||
+		(clientCert == "" && clientKey != "") {
+		return errors.New("cert and key must be specified as a pair")
+	}
+	return nil
+}

pkg/http/headers.go

@@ -0,0 +1,23 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package http
+
+// Standard S3 HTTP response constants
+const (
+	ETag        = "ETag"
+	ContentType = "Content-Type"
+)

pkg/http/http.go

@@ -14,40 +14,61 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package utils
+package http
 
 import (
 	"io"
+	"io/ioutil"
 	"net/http"
 )
 
-// HTTPClientI interface with all functions to be implemented
+// ClientI interface with all functions to be implemented
 // by mock when testing, it should include all HttpClient respective api calls
 // that are used within this project.
-type HTTPClientI interface {
+type ClientI interface {
 	Get(url string) (resp *http.Response, err error)
 	Post(url, contentType string, body io.Reader) (resp *http.Response, err error)
 	Do(req *http.Request) (*http.Response, error)
 }
 
-// HTTPClient Interface implementation
+// Client is an HTTP Interface implementation
 //
 // Define the structure of a http client and define the functions that are actually used
-type HTTPClient struct {
+type Client struct {
 	Client *http.Client
 }
 
 // Get implements http.Client.Get()
-func (c *HTTPClient) Get(url string) (resp *http.Response, err error) {
+func (c *Client) Get(url string) (resp *http.Response, err error) {
 	return c.Client.Get(url)
 }
 
 // Post implements http.Client.Post()
-func (c *HTTPClient) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) {
+func (c *Client) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) {
 	return c.Client.Post(url, contentType, body)
 }
 
 // Do implement http.Client.Do()
-func (c *HTTPClient) Do(req *http.Request) (*http.Response, error) {
+func (c *Client) Do(req *http.Request) (*http.Response, error) {
 	return c.Client.Do(req)
 }
+
+// DrainBody close non nil response with any response Body.
+// convenient wrapper to drain any remaining data on response body.
+//
+// Subsequently this allows golang http RoundTripper
+// to re-use the same connection for future requests.
+func DrainBody(respBody io.ReadCloser) {
+	// Callers should close resp.Body when done reading from it.
+	// If resp.Body is not closed, the Client's underlying RoundTripper
+	// (typically Transport) may not be able to re-use a persistent TCP
+	// connection to the server for a subsequent "keep-alive" request.
+	if respBody != nil {
+		// Drain any remaining Body and then close the connection.
+		// Without this closing connection would disallow re-using
+		// the same connection for future uses.
+		//  - http://stackoverflow.com/a/17961593/4465767
+		defer respBody.Close()
+		io.Copy(ioutil.Discard, respBody)
+	}
+}

pkg/logger/audit.go

@@ -0,0 +1,228 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"strconv"
+	"sync/atomic"
+	"time"
+
+	"github.com/minio/console/pkg/utils"
+
+	"github.com/minio/console/pkg/logger/message/audit"
+)
+
+// ResponseWriter - is a wrapper to trap the http response status code.
+type ResponseWriter struct {
+	http.ResponseWriter
+	StatusCode int
+	// Log body of 4xx or 5xx responses
+	LogErrBody bool
+	// Log body of all responses
+	LogAllBody bool
+
+	TimeToFirstByte time.Duration
+	StartTime       time.Time
+	// number of bytes written
+	bytesWritten int
+	// Internal recording buffer
+	headers bytes.Buffer
+	body    bytes.Buffer
+	// Indicate if headers are written in the log
+	headersLogged bool
+}
+
+// NewResponseWriter - returns a wrapped response writer to trap
+// http status codes for auditing purposes.
+func NewResponseWriter(w http.ResponseWriter) *ResponseWriter {
+	return &ResponseWriter{
+		ResponseWriter: w,
+		StatusCode:     http.StatusOK,
+		StartTime:      time.Now().UTC(),
+	}
+}
+
+func (lrw *ResponseWriter) Write(p []byte) (int, error) {
+	if !lrw.headersLogged {
+		// We assume the response code to be '200 OK' when WriteHeader() is not called,
+		// that way following Golang HTTP response behavior.
+		lrw.WriteHeader(http.StatusOK)
+	}
+	n, err := lrw.ResponseWriter.Write(p)
+	lrw.bytesWritten += n
+	if lrw.TimeToFirstByte == 0 {
+		lrw.TimeToFirstByte = time.Now().UTC().Sub(lrw.StartTime)
+	}
+	if (lrw.LogErrBody && lrw.StatusCode >= http.StatusBadRequest) || lrw.LogAllBody {
+		// Always logging error responses.
+		lrw.body.Write(p)
+	}
+	if err != nil {
+		return n, err
+	}
+	return n, err
+}
+
+// Write the headers into the given buffer
+func (lrw *ResponseWriter) writeHeaders(w io.Writer, statusCode int, headers http.Header) {
+	n, _ := fmt.Fprintf(w, "%d %s\n", statusCode, http.StatusText(statusCode))
+	lrw.bytesWritten += n
+	for k, v := range headers {
+		n, _ := fmt.Fprintf(w, "%s: %s\n", k, v[0])
+		lrw.bytesWritten += n
+	}
+}
+
+// BodyPlaceHolder returns a dummy body placeholder
+var BodyPlaceHolder = []byte("<BODY>")
+
+// Body - Return response body.
+func (lrw *ResponseWriter) Body() []byte {
+	// If there was an error response or body logging is enabled
+	// then we return the body contents
+	if (lrw.LogErrBody && lrw.StatusCode >= http.StatusBadRequest) || lrw.LogAllBody {
+		return lrw.body.Bytes()
+	}
+	// ... otherwise we return the <BODY> place holder
+	return BodyPlaceHolder
+}
+
+// WriteHeader - writes http status code
+func (lrw *ResponseWriter) WriteHeader(code int) {
+	if !lrw.headersLogged {
+		lrw.StatusCode = code
+		lrw.writeHeaders(&lrw.headers, code, lrw.ResponseWriter.Header())
+		lrw.headersLogged = true
+		lrw.ResponseWriter.WriteHeader(code)
+	}
+}
+
+// Flush - Calls the underlying Flush.
+func (lrw *ResponseWriter) Flush() {
+	lrw.ResponseWriter.(http.Flusher).Flush()
+}
+
+// Size - reutrns the number of bytes written
+func (lrw *ResponseWriter) Size() int {
+	return lrw.bytesWritten
+}
+
+// SetAuditEntry sets Audit info in the context.
+func SetAuditEntry(ctx context.Context, audit *audit.Entry) context.Context {
+	if ctx == nil {
+		LogIf(context.Background(), fmt.Errorf("context is nil"))
+		return nil
+	}
+	return context.WithValue(ctx, utils.ContextAuditKey, audit)
+}
+
+// GetAuditEntry returns Audit entry if set.
+func GetAuditEntry(ctx context.Context) *audit.Entry {
+	if ctx != nil {
+		r, ok := ctx.Value(utils.ContextAuditKey).(*audit.Entry)
+		if ok {
+			return r
+		}
+		r = &audit.Entry{
+			Version: audit.Version,
+			//DeploymentID: globalDeploymentID,
+			Time: time.Now().UTC(),
+		}
+		SetAuditEntry(ctx, r)
+		return r
+	}
+	return nil
+}
+
+// AuditLog - logs audit logs to all audit targets.
+func AuditLog(ctx context.Context, w *ResponseWriter, r *http.Request, reqClaims map[string]interface{}, filterKeys ...string) {
+	// Fast exit if there is not audit target configured
+	if atomic.LoadInt32(&nAuditTargets) == 0 {
+		return
+	}
+
+	var entry audit.Entry
+
+	if w != nil && r != nil {
+		reqInfo := GetReqInfo(ctx)
+		if reqInfo == nil {
+			return
+		}
+		entry = audit.ToEntry(w, r, reqClaims, GetGlobalDeploymentID())
+		// indicates all requests for this API call are inbound
+		entry.Trigger = "incoming"
+
+		for _, filterKey := range filterKeys {
+			delete(entry.ReqClaims, filterKey)
+			delete(entry.ReqQuery, filterKey)
+			delete(entry.ReqHeader, filterKey)
+			delete(entry.RespHeader, filterKey)
+		}
+
+		var (
+			statusCode      int
+			timeToResponse  time.Duration
+			timeToFirstByte time.Duration
+			outputBytes     int64 = -1 // -1: unknown output bytes
+		)
+
+		if w != nil {
+			statusCode = w.StatusCode
+			timeToResponse = time.Now().UTC().Sub(w.StartTime)
+			timeToFirstByte = w.TimeToFirstByte
+			outputBytes = int64(w.Size())
+		}
+
+		entry.API.Path = r.URL.Path
+
+		entry.API.Status = http.StatusText(statusCode)
+		entry.API.StatusCode = statusCode
+		entry.API.Method = r.Method
+		entry.API.InputBytes = r.ContentLength
+		entry.API.OutputBytes = outputBytes
+		entry.RequestID = reqInfo.RequestID
+
+		entry.API.TimeToResponse = strconv.FormatInt(timeToResponse.Nanoseconds(), 10) + "ns"
+		entry.Tags = reqInfo.GetTagsMap()
+		// ttfb will be recorded only for GET requests, Ignore such cases where ttfb will be empty.
+		if timeToFirstByte != 0 {
+			entry.API.TimeToFirstByte = strconv.FormatInt(timeToFirstByte.Nanoseconds(), 10) + "ns"
+		}
+	} else {
+		auditEntry := GetAuditEntry(ctx)
+		if auditEntry != nil {
+			entry = *auditEntry
+		}
+	}
+
+	if anonFlag {
+		entry.SessionID = hashString(entry.SessionID)
+		entry.RemoteHost = hashString(entry.RemoteHost)
+	}
+
+	// Send audit logs only to http targets.
+	for _, t := range AuditTargets() {
+		if err := t.Send(entry, string(All)); err != nil {
+			LogAlwaysIf(context.Background(), fmt.Errorf("event(%v) was not sent to Audit target (%v): %v", entry, t, err), All)
+		}
+	}
+}

pkg/logger/color/color.go

@@ -0,0 +1,60 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package color
+
+import (
+	"fmt"
+
+	"github.com/fatih/color"
+)
+
+// global colors.
+var (
+	// Check if we stderr, stdout are dumb terminals, we do not apply
+	// ansi coloring on dumb terminals.
+	IsTerminal = func() bool {
+		return !color.NoColor
+	}
+
+	Bold = func() func(a ...interface{}) string {
+		if IsTerminal() {
+			return color.New(color.Bold).SprintFunc()
+		}
+		return fmt.Sprint
+	}()
+
+	FgRed = func() func(a ...interface{}) string {
+		if IsTerminal() {
+			return color.New(color.FgRed).SprintFunc()
+		}
+		return fmt.Sprint
+	}()
+
+	BgRed = func() func(format string, a ...interface{}) string {
+		if IsTerminal() {
+			return color.New(color.BgRed).SprintfFunc()
+		}
+		return fmt.Sprintf
+	}()
+
+	FgWhite = func() func(format string, a ...interface{}) string {
+		if IsTerminal() {
+			return color.New(color.FgWhite).SprintfFunc()
+		}
+		return fmt.Sprintf
+	}()
+)

pkg/logger/config.go

@@ -0,0 +1,213 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"errors"
+	"strconv"
+	"strings"
+
+	"github.com/google/uuid"
+
+	"github.com/minio/console/pkg/logger/config"
+	"github.com/minio/console/pkg/logger/target/http"
+	"github.com/minio/pkg/env"
+)
+
+// NewConfig - initialize new logger config.
+func NewConfig() Config {
+	cfg := Config{
+		HTTP:         make(map[string]http.Config),
+		AuditWebhook: make(map[string]http.Config),
+	}
+
+	return cfg
+}
+
+func lookupLoggerWebhookConfig() (Config, error) {
+	cfg := NewConfig()
+	envs := env.List(EnvLoggerWebhookEndpoint)
+	var loggerTargets []string
+	for _, k := range envs {
+		target := strings.TrimPrefix(k, EnvLoggerWebhookEndpoint+config.Default)
+		if target == EnvLoggerWebhookEndpoint {
+			target = config.Default
+		}
+		loggerTargets = append(loggerTargets, target)
+	}
+
+	// Load HTTP logger from the environment if found
+	for _, target := range loggerTargets {
+		if v, ok := cfg.HTTP[target]; ok && v.Enabled {
+			// This target is already enabled using the
+			// legacy environment variables, ignore.
+			continue
+		}
+		enableEnv := EnvLoggerWebhookEnable
+		if target != config.Default {
+			enableEnv = EnvLoggerWebhookEnable + config.Default + target
+		}
+		enable, err := config.ParseBool(env.Get(enableEnv, ""))
+		if err != nil || !enable {
+			continue
+		}
+		endpointEnv := EnvLoggerWebhookEndpoint
+		if target != config.Default {
+			endpointEnv = EnvLoggerWebhookEndpoint + config.Default + target
+		}
+		authTokenEnv := EnvLoggerWebhookAuthToken
+		if target != config.Default {
+			authTokenEnv = EnvLoggerWebhookAuthToken + config.Default + target
+		}
+		clientCertEnv := EnvLoggerWebhookClientCert
+		if target != config.Default {
+			clientCertEnv = EnvLoggerWebhookClientCert + config.Default + target
+		}
+		clientKeyEnv := EnvLoggerWebhookClientKey
+		if target != config.Default {
+			clientKeyEnv = EnvLoggerWebhookClientKey + config.Default + target
+		}
+		err = config.EnsureCertAndKey(env.Get(clientCertEnv, ""), env.Get(clientKeyEnv, ""))
+		if err != nil {
+			return cfg, err
+		}
+		queueSizeEnv := EnvLoggerWebhookQueueSize
+		if target != config.Default {
+			queueSizeEnv = EnvLoggerWebhookQueueSize + config.Default + target
+		}
+		queueSize, err := strconv.Atoi(env.Get(queueSizeEnv, "100000"))
+		if err != nil {
+			return cfg, err
+		}
+		if queueSize <= 0 {
+			return cfg, errors.New("invalid queue_size value")
+		}
+		cfg.HTTP[target] = http.Config{
+			Enabled:    true,
+			Endpoint:   env.Get(endpointEnv, ""),
+			AuthToken:  env.Get(authTokenEnv, ""),
+			ClientCert: env.Get(clientCertEnv, ""),
+			ClientKey:  env.Get(clientKeyEnv, ""),
+			QueueSize:  queueSize,
+		}
+	}
+
+	return cfg, nil
+}
+
+func lookupAuditWebhookConfig() (Config, error) {
+	cfg := NewConfig()
+	var loggerAuditTargets []string
+	envs := env.List(EnvAuditWebhookEndpoint)
+	for _, k := range envs {
+		target := strings.TrimPrefix(k, EnvAuditWebhookEndpoint+config.Default)
+		if target == EnvAuditWebhookEndpoint {
+			target = config.Default
+		}
+		loggerAuditTargets = append(loggerAuditTargets, target)
+	}
+
+	for _, target := range loggerAuditTargets {
+		if v, ok := cfg.AuditWebhook[target]; ok && v.Enabled {
+			// This target is already enabled using the
+			// legacy environment variables, ignore.
+			continue
+		}
+		enableEnv := EnvAuditWebhookEnable
+		if target != config.Default {
+			enableEnv = EnvAuditWebhookEnable + config.Default + target
+		}
+		enable, err := config.ParseBool(env.Get(enableEnv, ""))
+		if err != nil || !enable {
+			continue
+		}
+		endpointEnv := EnvAuditWebhookEndpoint
+		if target != config.Default {
+			endpointEnv = EnvAuditWebhookEndpoint + config.Default + target
+		}
+		authTokenEnv := EnvAuditWebhookAuthToken
+		if target != config.Default {
+			authTokenEnv = EnvAuditWebhookAuthToken + config.Default + target
+		}
+		clientCertEnv := EnvAuditWebhookClientCert
+		if target != config.Default {
+			clientCertEnv = EnvAuditWebhookClientCert + config.Default + target
+		}
+		clientKeyEnv := EnvAuditWebhookClientKey
+		if target != config.Default {
+			clientKeyEnv = EnvAuditWebhookClientKey + config.Default + target
+		}
+		err = config.EnsureCertAndKey(env.Get(clientCertEnv, ""), env.Get(clientKeyEnv, ""))
+		if err != nil {
+			return cfg, err
+		}
+		queueSizeEnv := EnvAuditWebhookQueueSize
+		if target != config.Default {
+			queueSizeEnv = EnvAuditWebhookQueueSize + config.Default + target
+		}
+		queueSize, err := strconv.Atoi(env.Get(queueSizeEnv, "100000"))
+		if err != nil {
+			return cfg, err
+		}
+		if queueSize <= 0 {
+			return cfg, errors.New("invalid queue_size value")
+		}
+		cfg.AuditWebhook[target] = http.Config{
+			Enabled:    true,
+			Endpoint:   env.Get(endpointEnv, ""),
+			AuthToken:  env.Get(authTokenEnv, ""),
+			ClientCert: env.Get(clientCertEnv, ""),
+			ClientKey:  env.Get(clientKeyEnv, ""),
+			QueueSize:  queueSize,
+		}
+	}
+
+	return cfg, nil
+}
+
+// LookupConfigForSubSys - lookup logger config, override with ENVs if set, for the given sub-system
+func LookupConfigForSubSys(subSys string) (cfg Config, err error) {
+	switch subSys {
+	case config.LoggerWebhookSubSys:
+		if cfg, err = lookupLoggerWebhookConfig(); err != nil {
+			return cfg, err
+		}
+	case config.AuditWebhookSubSys:
+		if cfg, err = lookupAuditWebhookConfig(); err != nil {
+			return cfg, err
+		}
+	}
+	return cfg, nil
+}
+
+// GetGlobalDeploymentID :
+func GetGlobalDeploymentID() string {
+	if globalDeploymentID != "" {
+		return globalDeploymentID
+	}
+	globalDeploymentID = env.Get(EnvGlobalDeploymentID, mustGetUUID())
+	return globalDeploymentID
+}
+
+// mustGetUUID - get a random UUID.
+func mustGetUUID() string {
+	u, err := uuid.NewRandom()
+	if err != nil {
+		CriticalIf(GlobalContext, err)
+	}
+	return u.String()
+}

pkg/logger/config/bool-flag.go

@@ -0,0 +1,80 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+	"encoding/json"
+	"fmt"
+	"strconv"
+	"strings"
+)
+
+// BoolFlag - wrapper bool type.
+type BoolFlag bool
+
+// String - returns string of BoolFlag.
+func (bf BoolFlag) String() string {
+	if bf {
+		return "on"
+	}
+
+	return "off"
+}
+
+// MarshalJSON - converts BoolFlag into JSON data.
+func (bf BoolFlag) MarshalJSON() ([]byte, error) {
+	return json.Marshal(bf.String())
+}
+
+// UnmarshalJSON - parses given data into BoolFlag.
+func (bf *BoolFlag) UnmarshalJSON(data []byte) (err error) {
+	var s string
+	if err = json.Unmarshal(data, &s); err == nil {
+		b := BoolFlag(true)
+		if s == "" {
+			// Empty string is treated as valid.
+			*bf = b
+		} else if b, err = ParseBoolFlag(s); err == nil {
+			*bf = b
+		}
+	}
+
+	return err
+}
+
+// ParseBool returns the boolean value represented by the string.
+func ParseBool(str string) (bool, error) {
+	switch str {
+	case "1", "t", "T", "true", "TRUE", "True", "on", "ON", "On":
+		return true, nil
+	case "0", "f", "F", "false", "FALSE", "False", "off", "OFF", "Off":
+		return false, nil
+	}
+	if strings.EqualFold(str, "enabled") {
+		return true, nil
+	}
+	if strings.EqualFold(str, "disabled") {
+		return false, nil
+	}
+	return false, fmt.Errorf("ParseBool: parsing '%s': %w", str, strconv.ErrSyntax)
+}
+
+// ParseBoolFlag - parses string into BoolFlag.
+func ParseBoolFlag(s string) (bf BoolFlag, err error) {
+	b, err := ParseBool(s)
+	return BoolFlag(b), err
+}

pkg/logger/config/bool-flag_test.go

@@ -0,0 +1,126 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import "testing"
+
+// Test BoolFlag.String()
+func TestBoolFlagString(t *testing.T) {
+	var bf BoolFlag
+
+	testCases := []struct {
+		flag           BoolFlag
+		expectedResult string
+	}{
+		{bf, "off"},
+		{BoolFlag(true), "on"},
+		{BoolFlag(false), "off"},
+	}
+
+	for _, testCase := range testCases {
+		str := testCase.flag.String()
+		if testCase.expectedResult != str {
+			t.Fatalf("expected: %v, got: %v", testCase.expectedResult, str)
+		}
+	}
+}
+
+// Test BoolFlag.MarshalJSON()
+func TestBoolFlagMarshalJSON(t *testing.T) {
+	var bf BoolFlag
+
+	testCases := []struct {
+		flag           BoolFlag
+		expectedResult string
+	}{
+		{bf, `"off"`},
+		{BoolFlag(true), `"on"`},
+		{BoolFlag(false), `"off"`},
+	}
+
+	for _, testCase := range testCases {
+		data, _ := testCase.flag.MarshalJSON()
+		if testCase.expectedResult != string(data) {
+			t.Fatalf("expected: %v, got: %v", testCase.expectedResult, string(data))
+		}
+	}
+}
+
+// Test BoolFlag.UnmarshalJSON()
+func TestBoolFlagUnmarshalJSON(t *testing.T) {
+	testCases := []struct {
+		data           []byte
+		expectedResult BoolFlag
+		expectedErr    bool
+	}{
+		{[]byte(`{}`), BoolFlag(false), true},
+		{[]byte(`["on"]`), BoolFlag(false), true},
+		{[]byte(`"junk"`), BoolFlag(false), true},
+		{[]byte(`""`), BoolFlag(true), false},
+		{[]byte(`"on"`), BoolFlag(true), false},
+		{[]byte(`"off"`), BoolFlag(false), false},
+		{[]byte(`"true"`), BoolFlag(true), false},
+		{[]byte(`"false"`), BoolFlag(false), false},
+		{[]byte(`"ON"`), BoolFlag(true), false},
+		{[]byte(`"OFF"`), BoolFlag(false), false},
+	}
+
+	for _, testCase := range testCases {
+		var flag BoolFlag
+		err := (&flag).UnmarshalJSON(testCase.data)
+		if !testCase.expectedErr && err != nil {
+			t.Fatalf("error: expected = <nil>, got = %v", err)
+		}
+		if testCase.expectedErr && err == nil {
+			t.Fatalf("error: expected error, got = <nil>")
+		}
+		if err == nil && testCase.expectedResult != flag {
+			t.Fatalf("result: expected: %v, got: %v", testCase.expectedResult, flag)
+		}
+	}
+}
+
+// Test ParseBoolFlag()
+func TestParseBoolFlag(t *testing.T) {
+	testCases := []struct {
+		flagStr        string
+		expectedResult BoolFlag
+		expectedErr    bool
+	}{
+		{"", BoolFlag(false), true},
+		{"junk", BoolFlag(false), true},
+		{"true", BoolFlag(true), false},
+		{"false", BoolFlag(false), false},
+		{"ON", BoolFlag(true), false},
+		{"OFF", BoolFlag(false), false},
+		{"on", BoolFlag(true), false},
+		{"off", BoolFlag(false), false},
+	}
+
+	for _, testCase := range testCases {
+		bf, err := ParseBoolFlag(testCase.flagStr)
+		if !testCase.expectedErr && err != nil {
+			t.Fatalf("error: expected = <nil>, got = %v", err)
+		}
+		if testCase.expectedErr && err == nil {
+			t.Fatalf("error: expected error, got = <nil>")
+		}
+		if err == nil && testCase.expectedResult != bf {
+			t.Fatalf("result: expected: %v, got: %v", testCase.expectedResult, bf)
+		}
+	}
+}

pkg/logger/config/certs.go

@@ -0,0 +1,30 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+	"errors"
+)
+
+// EnsureCertAndKey checks if both client certificate and key paths are provided
+func EnsureCertAndKey(clientCert, clientKey string) error {
+	if (clientCert != "" && clientKey == "") ||
+		(clientCert == "" && clientKey != "") {
+		return errors.New("cert and key must be specified as a pair")
+	}
+	return nil
+}

pkg/logger/config/config.go

@@ -0,0 +1,34 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+	"github.com/minio/madmin-go"
+)
+
+// Default keys
+const (
+	Default = madmin.Default
+	Enable  = madmin.EnableKey
+	License = "license" // Deprecated Dec 2021
+)
+
+// Top level config constants.
+const (
+	LoggerWebhookSubSys = "logger_webhook"
+	AuditWebhookSubSys  = "audit_webhook"
+)

pkg/logger/console.go

@@ -0,0 +1,223 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/minio/console/pkg/logger/color"
+	"github.com/minio/console/pkg/logger/message/log"
+	c "github.com/minio/pkg/console"
+)
+
+// ConsoleLoggerTgt is a stringified value to represent console logging
+const ConsoleLoggerTgt = "console+http"
+
+// Logger interface describes the methods that need to be implemented to satisfy the interface requirements.
+type Logger interface {
+	json(msg string, args ...interface{})
+	quiet(msg string, args ...interface{})
+	pretty(msg string, args ...interface{})
+}
+
+func consoleLog(console Logger, msg string, args ...interface{}) {
+	switch {
+	case jsonFlag:
+		// Strip escape control characters from json message
+		msg = ansiRE.ReplaceAllLiteralString(msg, "")
+		console.json(msg, args...)
+	case quietFlag:
+		console.quiet(msg+"\n", args...)
+	default:
+		console.pretty(msg+"\n", args...)
+	}
+}
+
+// Fatal prints only fatal errors message with no stack trace
+// it will be called for input validation failures
+func Fatal(err error, msg string, data ...interface{}) {
+	fatal(err, msg, data...)
+}
+
+func fatal(err error, msg string, data ...interface{}) {
+	var errMsg string
+	if msg != "" {
+		errMsg = errorFmtFunc(fmt.Sprintf(msg, data...), err, jsonFlag)
+	} else {
+		errMsg = err.Error()
+	}
+	consoleLog(fatalMessage, errMsg)
+}
+
+var fatalMessage fatalMsg
+
+type fatalMsg struct{}
+
+func (f fatalMsg) json(msg string, args ...interface{}) {
+	var message string
+	if msg != "" {
+		message = fmt.Sprintf(msg, args...)
+	} else {
+		message = fmt.Sprint(args...)
+	}
+	logJSON, err := json.Marshal(&log.Entry{
+		Level:   FatalLvl.String(),
+		Message: message,
+		Time:    time.Now().UTC(),
+		Trace:   &log.Trace{Message: message, Source: []string{getSource(6)}},
+	})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println(string(logJSON))
+
+	os.Exit(1)
+}
+
+func (f fatalMsg) quiet(msg string, args ...interface{}) {
+	f.pretty(msg, args...)
+}
+
+var (
+	logTag      = "ERROR"
+	logBanner   = color.BgRed(color.FgWhite(color.Bold(logTag))) + " "
+	emptyBanner = color.BgRed(strings.Repeat(" ", len(logTag))) + " "
+	bannerWidth = len(logTag) + 1
+)
+
+func (f fatalMsg) pretty(msg string, args ...interface{}) {
+	// Build the passed errors message
+	errMsg := fmt.Sprintf(msg, args...)
+
+	tagPrinted := false
+
+	// Print the errors message: the following code takes care
+	// of splitting errors text and always pretty printing the
+	// red banner along with the errors message. Since the errors
+	// message itself contains some colored text, we needed
+	// to use some ANSI control escapes to cursor color state
+	// and freely move in the screen.
+	for _, line := range strings.Split(errMsg, "\n") {
+		if len(line) == 0 {
+			// No more text to print, just quit.
+			break
+		}
+
+		for {
+			// Save the attributes of the current cursor helps
+			// us save the text color of the passed errors message
+			ansiSaveAttributes()
+			// Print banner with or without the log tag
+			if !tagPrinted {
+				c.Print(logBanner)
+				tagPrinted = true
+			} else {
+				c.Print(emptyBanner)
+			}
+			// Restore the text color of the errors message
+			ansiRestoreAttributes()
+			ansiMoveRight(bannerWidth)
+			// Continue  errors message printing
+			c.Println(line)
+			break
+		}
+	}
+
+	// Exit because this is a fatal errors message
+	os.Exit(1)
+}
+
+type infoMsg struct{}
+
+var info infoMsg
+
+func (i infoMsg) json(msg string, args ...interface{}) {
+	var message string
+	if msg != "" {
+		message = fmt.Sprintf(msg, args...)
+	} else {
+		message = fmt.Sprint(args...)
+	}
+	logJSON, err := json.Marshal(&log.Entry{
+		Level:   InformationLvl.String(),
+		Message: message,
+		Time:    time.Now().UTC(),
+	})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println(string(logJSON))
+}
+
+func (i infoMsg) quiet(msg string, args ...interface{}) {
+}
+
+func (i infoMsg) pretty(msg string, args ...interface{}) {
+	if msg == "" {
+		c.Println(args...)
+	}
+	c.Printf(msg, args...)
+}
+
+type errorMsg struct{}
+
+var errorm errorMsg
+
+func (i errorMsg) json(msg string, args ...interface{}) {
+	var message string
+	if msg != "" {
+		message = fmt.Sprintf(msg, args...)
+	} else {
+		message = fmt.Sprint(args...)
+	}
+	logJSON, err := json.Marshal(&log.Entry{
+		Level:   ErrorLvl.String(),
+		Message: message,
+		Time:    time.Now().UTC(),
+		Trace:   &log.Trace{Message: message, Source: []string{getSource(6)}},
+	})
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println(string(logJSON))
+}
+
+func (i errorMsg) quiet(msg string, args ...interface{}) {
+	i.pretty(msg, args...)
+}
+
+func (i errorMsg) pretty(msg string, args ...interface{}) {
+	if msg == "" {
+		c.Println(args...)
+	}
+	c.Printf(msg, args...)
+	c.Printf("\n")
+}
+
+// Error :
+func Error(msg string, data ...interface{}) {
+	consoleLog(errorm, msg, data...)
+}
+
+// Info :
+func Info(msg string, data ...interface{}) {
+	consoleLog(info, msg, data...)
+}

pkg/logger/const.go

@@ -0,0 +1,56 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"context"
+
+	"github.com/minio/console/pkg/logger/target/http"
+)
+
+// Audit/Logger constants
+const (
+	EnvLoggerJSONEnable      = "CONSOLE_LOGGER_JSON_ENABLE"
+	EnvLoggerAnonymousEnable = "CONSOLE_LOGGER_ANONYMOUS_ENABLE"
+	EnvLoggerQuietEnable     = "CONSOLE_LOGGER_QUIET_ENABLE"
+
+	EnvGlobalDeploymentID      = "CONSOLE_GLOBAL_DEPLOYMENT_ID"
+	EnvLoggerWebhookEnable     = "CONSOLE_LOGGER_WEBHOOK_ENABLE"
+	EnvLoggerWebhookEndpoint   = "CONSOLE_LOGGER_WEBHOOK_ENDPOINT"
+	EnvLoggerWebhookAuthToken  = "CONSOLE_LOGGER_WEBHOOK_AUTH_TOKEN"
+	EnvLoggerWebhookClientCert = "CONSOLE_LOGGER_WEBHOOK_CLIENT_CERT"
+	EnvLoggerWebhookClientKey  = "CONSOLE_LOGGER_WEBHOOK_CLIENT_KEY"
+	EnvLoggerWebhookQueueSize  = "CONSOLE_LOGGER_WEBHOOK_QUEUE_SIZE"
+
+	EnvAuditWebhookEnable     = "CONSOLE_AUDIT_WEBHOOK_ENABLE"
+	EnvAuditWebhookEndpoint   = "CONSOLE_AUDIT_WEBHOOK_ENDPOINT"
+	EnvAuditWebhookAuthToken  = "CONSOLE_AUDIT_WEBHOOK_AUTH_TOKEN"
+	EnvAuditWebhookClientCert = "CONSOLE_AUDIT_WEBHOOK_CLIENT_CERT"
+	EnvAuditWebhookClientKey  = "CONSOLE_AUDIT_WEBHOOK_CLIENT_KEY"
+	EnvAuditWebhookQueueSize  = "CONSOLE_AUDIT_WEBHOOK_QUEUE_SIZE"
+)
+
+// Config console and http logger targets
+type Config struct {
+	HTTP         map[string]http.Config `json:"http"`
+	AuditWebhook map[string]http.Config `json:"audit"`
+}
+
+var (
+	globalDeploymentID string
+	GlobalContext      context.Context
+)

pkg/logger/logger.go

@@ -0,0 +1,480 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"context"
+	"crypto/tls"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"go/build"
+	"net/http"
+	"path/filepath"
+	"reflect"
+	"runtime"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/minio/pkg/env"
+
+	"github.com/minio/console/pkg"
+	"github.com/minio/pkg/certs"
+
+	"github.com/minio/console/pkg/logger/config"
+	"github.com/minio/console/pkg/logger/message/log"
+	"github.com/minio/highwayhash"
+	"github.com/minio/minio-go/v7/pkg/set"
+)
+
+// HighwayHash key for logging in anonymous mode
+var magicHighwayHash256Key = []byte("\x4b\xe7\x34\xfa\x8e\x23\x8a\xcd\x26\x3e\x83\xe6\xbb\x96\x85\x52\x04\x0f\x93\x5d\xa3\x9f\x44\x14\x97\xe0\x9d\x13\x22\xde\x36\xa0")
+
+// Disable disables all logging, false by default. (used for "go test")
+var Disable = false
+
+// Level type
+type Level int8
+
+// Enumerated level types
+const (
+	InformationLvl Level = iota + 1
+	ErrorLvl
+	FatalLvl
+)
+
+var trimStrings []string
+
+// TimeFormat - logging time format.
+const TimeFormat string = "15:04:05 MST 01/02/2006"
+
+var matchingFuncNames = [...]string{
+	"http.HandlerFunc.ServeHTTP",
+	"cmd.serverMain",
+	"cmd.StartGateway",
+	// add more here ..
+}
+
+func (level Level) String() string {
+	var lvlStr string
+	switch level {
+	case InformationLvl:
+		lvlStr = "INFO"
+	case ErrorLvl:
+		lvlStr = "ERROR"
+	case FatalLvl:
+		lvlStr = "FATAL"
+	}
+	return lvlStr
+}
+
+// quietFlag: Hide startup messages if enabled
+// jsonFlag: Display in JSON format, if enabled
+var (
+	quietFlag, jsonFlag, anonFlag bool
+	// Custom function to format errors
+	errorFmtFunc func(string, error, bool) string
+)
+
+// EnableQuiet - turns quiet option on.
+func EnableQuiet() {
+	quietFlag = true
+}
+
+// EnableJSON - outputs logs in json format.
+func EnableJSON() {
+	jsonFlag = true
+	quietFlag = true
+}
+
+// EnableAnonymous - turns anonymous flag
+// to avoid printing sensitive information.
+func EnableAnonymous() {
+	anonFlag = true
+}
+
+// IsAnonymous - returns true if anonFlag is true
+func IsAnonymous() bool {
+	return anonFlag
+}
+
+// IsJSON - returns true if jsonFlag is true
+func IsJSON() bool {
+	return jsonFlag
+}
+
+// IsQuiet - returns true if quietFlag is true
+func IsQuiet() bool {
+	return quietFlag
+}
+
+// RegisterError registers the specified rendering function. This latter
+// will be called for a pretty rendering of fatal errors.
+func RegisterError(f func(string, error, bool) string) {
+	errorFmtFunc = f
+}
+
+// Remove any duplicates and return unique entries.
+func uniqueEntries(paths []string) []string {
+	m := make(set.StringSet)
+	for _, p := range paths {
+		if !m.Contains(p) {
+			m.Add(p)
+		}
+	}
+	return m.ToSlice()
+}
+
+// Init sets the trimStrings to possible GOPATHs
+// and GOROOT directories. Also append github.com/minio/minio
+// This is done to clean up the filename, when stack trace is
+// displayed when an errors happens.
+func Init(goPath string, goRoot string) {
+	var goPathList []string
+	var goRootList []string
+	var defaultgoPathList []string
+	var defaultgoRootList []string
+	pathSeperator := ":"
+	// Add all possible GOPATH paths into trimStrings
+	// Split GOPATH depending on the OS type
+	if runtime.GOOS == "windows" {
+		pathSeperator = ";"
+	}
+
+	goPathList = strings.Split(goPath, pathSeperator)
+	goRootList = strings.Split(goRoot, pathSeperator)
+	defaultgoPathList = strings.Split(build.Default.GOPATH, pathSeperator)
+	defaultgoRootList = strings.Split(build.Default.GOROOT, pathSeperator)
+
+	// Add trim string "{GOROOT}/src/" into trimStrings
+	trimStrings = []string{filepath.Join(runtime.GOROOT(), "src") + string(filepath.Separator)}
+
+	// Add all possible path from GOPATH=path1:path2...:pathN
+	// as "{path#}/src/" into trimStrings
+	for _, goPathString := range goPathList {
+		trimStrings = append(trimStrings, filepath.Join(goPathString, "src")+string(filepath.Separator))
+	}
+
+	for _, goRootString := range goRootList {
+		trimStrings = append(trimStrings, filepath.Join(goRootString, "src")+string(filepath.Separator))
+	}
+
+	for _, defaultgoPathString := range defaultgoPathList {
+		trimStrings = append(trimStrings, filepath.Join(defaultgoPathString, "src")+string(filepath.Separator))
+	}
+
+	for _, defaultgoRootString := range defaultgoRootList {
+		trimStrings = append(trimStrings, filepath.Join(defaultgoRootString, "src")+string(filepath.Separator))
+	}
+
+	// Remove duplicate entries.
+	trimStrings = uniqueEntries(trimStrings)
+
+	// Add "github.com/minio/minio" as the last to cover
+	// paths like "{GOROOT}/src/github.com/minio/minio"
+	// and "{GOPATH}/src/github.com/minio/minio"
+	trimStrings = append(trimStrings, filepath.Join("github.com", "minio", "minio")+string(filepath.Separator))
+}
+
+func trimTrace(f string) string {
+	for _, trimString := range trimStrings {
+		f = strings.TrimPrefix(filepath.ToSlash(f), filepath.ToSlash(trimString))
+	}
+	return filepath.FromSlash(f)
+}
+
+func getSource(level int) string {
+	pc, file, lineNumber, ok := runtime.Caller(level)
+	if ok {
+		// Clean up the common prefixes
+		file = trimTrace(file)
+		_, funcName := filepath.Split(runtime.FuncForPC(pc).Name())
+		return fmt.Sprintf("%v:%v:%v()", file, lineNumber, funcName)
+	}
+	return ""
+}
+
+// getTrace method - creates and returns stack trace
+func getTrace(traceLevel int) []string {
+	var trace []string
+	pc, file, lineNumber, ok := runtime.Caller(traceLevel)
+
+	for ok && file != "" {
+		// Clean up the common prefixes
+		file = trimTrace(file)
+		// Get the function name
+		_, funcName := filepath.Split(runtime.FuncForPC(pc).Name())
+		// Skip duplicate traces that start with file name, "<autogenerated>"
+		// and also skip traces with function name that starts with "runtime."
+		if !strings.HasPrefix(file, "<autogenerated>") &&
+			!strings.HasPrefix(funcName, "runtime.") {
+			// Form and append a line of stack trace into a
+			// collection, 'trace', to build full stack trace
+			trace = append(trace, fmt.Sprintf("%v:%v:%v()", file, lineNumber, funcName))
+
+			// Ignore trace logs beyond the following conditions
+			for _, name := range matchingFuncNames {
+				if funcName == name {
+					return trace
+				}
+			}
+		}
+		traceLevel++
+		// Read stack trace information from PC
+		pc, file, lineNumber, ok = runtime.Caller(traceLevel)
+	}
+	return trace
+}
+
+// Return the highway hash of the passed string
+func hashString(input string) string {
+	hh, _ := highwayhash.New(magicHighwayHash256Key)
+	hh.Write([]byte(input))
+	return hex.EncodeToString(hh.Sum(nil))
+}
+
+// Kind specifies the kind of errors log
+type Kind string
+
+const (
+	// Minio errors
+	Minio Kind = "CONSOLE"
+	// Application errors
+	Application Kind = "APPLICATION"
+	// All errors
+	All Kind = "ALL"
+)
+
+// LogAlwaysIf prints a detailed errors message during
+// the execution of the server.
+func LogAlwaysIf(ctx context.Context, err error, errKind ...interface{}) {
+	if err == nil {
+		return
+	}
+
+	logIf(ctx, err, errKind...)
+}
+
+// LogIf prints a detailed errors message during
+// the execution of the server
+func LogIf(ctx context.Context, err error, errKind ...interface{}) {
+	if err == nil {
+		return
+	}
+
+	if errors.Is(err, context.Canceled) {
+		return
+	}
+	logIf(ctx, err, errKind...)
+}
+
+// logIf prints a detailed errors message during
+// the execution of the server.
+func logIf(ctx context.Context, err error, errKind ...interface{}) {
+	if Disable {
+		return
+	}
+	logKind := string(Minio)
+	if len(errKind) > 0 {
+		if ek, ok := errKind[0].(Kind); ok {
+			logKind = string(ek)
+		}
+	}
+	req := GetReqInfo(ctx)
+
+	if req == nil {
+		req = &ReqInfo{API: "SYSTEM"}
+	}
+
+	kv := req.GetTags()
+	tags := make(map[string]interface{}, len(kv))
+	for _, entry := range kv {
+		tags[entry.Key] = entry.Val
+	}
+
+	// Get full stack trace
+	trace := getTrace(3)
+
+	// Get the cause for the Error
+	message := fmt.Sprintf("%v (%T)", err, err)
+	if req.DeploymentID == "" {
+		req.DeploymentID = GetGlobalDeploymentID()
+	}
+
+	entry := log.Entry{
+		DeploymentID: req.DeploymentID,
+		Level:        ErrorLvl.String(),
+		LogKind:      logKind,
+		RemoteHost:   req.RemoteHost,
+		Host:         req.Host,
+		RequestID:    req.RequestID,
+		SessionID:    req.SessionID,
+		UserAgent:    req.UserAgent,
+		Time:         time.Now().UTC(),
+		Trace: &log.Trace{
+			Message:   message,
+			Source:    trace,
+			Variables: tags,
+		},
+	}
+
+	if anonFlag {
+		entry.SessionID = hashString(entry.SessionID)
+		entry.RemoteHost = hashString(entry.RemoteHost)
+		entry.Trace.Message = reflect.TypeOf(err).String()
+		entry.Trace.Variables = make(map[string]interface{})
+	}
+
+	// Iterate over all logger targets to send the log entry
+	for _, t := range SystemTargets() {
+		if err := t.Send(entry, entry.LogKind); err != nil {
+			if consoleTgt != nil {
+				entry.Trace.Message = fmt.Sprintf("event(%#v) was not sent to Logger target (%#v): %#v", entry, t, err)
+				consoleTgt.Send(entry, entry.LogKind)
+			}
+		}
+	}
+}
+
+// ErrCritical is the value panic'd whenever CriticalIf is called.
+var ErrCritical struct{}
+
+// CriticalIf logs the provided errors on the console. It fails the
+// current go-routine by causing a `panic(ErrCritical)`.
+func CriticalIf(ctx context.Context, err error, errKind ...interface{}) {
+	if err != nil {
+		LogIf(ctx, err, errKind...)
+		panic(ErrCritical)
+	}
+}
+
+// FatalIf is similar to Fatal() but it ignores passed nil errors
+func FatalIf(err error, msg string, data ...interface{}) {
+	if err == nil {
+		return
+	}
+	fatal(err, msg, data...)
+}
+
+func applyDynamicConfigForSubSys(ctx context.Context, transport *http.Transport, subSys string) error {
+	switch subSys {
+	case config.LoggerWebhookSubSys:
+		loggerCfg, err := LookupConfigForSubSys(config.LoggerWebhookSubSys)
+		if err != nil {
+			LogIf(ctx, fmt.Errorf("unable to load logger webhook config: %w", err))
+			return err
+		}
+		userAgent := getUserAgent()
+		for n, l := range loggerCfg.HTTP {
+			if l.Enabled {
+				l.LogOnce = LogOnceIf
+				l.UserAgent = userAgent
+				l.Transport = NewHTTPTransportWithClientCerts(transport, l.ClientCert, l.ClientKey)
+				loggerCfg.HTTP[n] = l
+			}
+		}
+		err = UpdateSystemTargets(loggerCfg)
+		if err != nil {
+			LogIf(ctx, fmt.Errorf("unable to update logger webhook config: %w", err))
+			return err
+		}
+	case config.AuditWebhookSubSys:
+		loggerCfg, err := LookupConfigForSubSys(config.AuditWebhookSubSys)
+		if err != nil {
+			LogIf(ctx, fmt.Errorf("unable to load audit webhook config: %w", err))
+			return err
+		}
+		userAgent := getUserAgent()
+		for n, l := range loggerCfg.AuditWebhook {
+			if l.Enabled {
+				l.LogOnce = LogOnceIf
+				l.UserAgent = userAgent
+				l.Transport = NewHTTPTransportWithClientCerts(transport, l.ClientCert, l.ClientKey)
+				loggerCfg.AuditWebhook[n] = l
+			}
+		}
+
+		err = UpdateAuditWebhookTargets(loggerCfg)
+		if err != nil {
+			LogIf(ctx, fmt.Errorf("Unable to update audit webhook targets: %w", err))
+			return err
+		}
+	}
+	return nil
+}
+
+// InitializeLogger :
+func InitializeLogger(ctx context.Context, transport *http.Transport) error {
+	err := applyDynamicConfigForSubSys(ctx, transport, config.LoggerWebhookSubSys)
+	if err != nil {
+		return err
+	}
+	err = applyDynamicConfigForSubSys(ctx, transport, config.AuditWebhookSubSys)
+	if err != nil {
+		return err
+	}
+
+	if enable, _ := config.ParseBool(env.Get(EnvLoggerJSONEnable, "")); enable {
+		EnableJSON()
+	}
+	if enable, _ := config.ParseBool(env.Get(EnvLoggerAnonymousEnable, "")); enable {
+		EnableAnonymous()
+	}
+	if enable, _ := config.ParseBool(env.Get(EnvLoggerQuietEnable, "")); enable {
+		EnableQuiet()
+	}
+
+	return nil
+}
+
+func getUserAgent() string {
+	userAgentParts := []string{}
+	// Helper function to concisely append a pair of strings to a
+	// the user-agent slice.
+	uaAppend := func(p, q string) {
+		userAgentParts = append(userAgentParts, p, q)
+	}
+	uaAppend("Console (", runtime.GOOS)
+	uaAppend("; ", runtime.GOARCH)
+	uaAppend(") Console/", pkg.Version)
+	uaAppend(" Console/", pkg.ReleaseTag)
+	uaAppend(" Console/", pkg.CommitID)
+
+	return strings.Join(userAgentParts, "")
+}
+
+// NewHTTPTransportWithClientCerts returns a new http configuration
+// used while communicating with the cloud backends.
+func NewHTTPTransportWithClientCerts(parentTransport *http.Transport, clientCert, clientKey string) *http.Transport {
+	transport := parentTransport.Clone()
+	if clientCert != "" && clientKey != "" {
+		ctx, cancel := context.WithCancel(context.Background())
+		defer cancel()
+		c, err := certs.NewManager(ctx, clientCert, clientKey, tls.LoadX509KeyPair)
+		if err != nil {
+			LogIf(ctx, fmt.Errorf("failed to load client key and cert, please check your endpoint configuration: %s",
+				err.Error()))
+		}
+		if c != nil {
+			c.UpdateReloadDuration(10 * time.Second)
+			c.ReloadOnSignal(syscall.SIGHUP) // allow reloads upon SIGHUP
+			transport.TLSClientConfig.GetClientCertificate = c.GetClientCertificate
+		}
+	}
+	return transport
+}

pkg/logger/logger_test.go

@@ -0,0 +1,243 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+	"testing"
+)
+
+func testServer(w http.ResponseWriter, r *http.Request) {
+}
+
+func TestInitializeLogger(t *testing.T) {
+	testServerWillStart := make(chan interface{})
+	http.HandleFunc("/", testServer)
+	go func() {
+		close(testServerWillStart)
+		err := http.ListenAndServe("127.0.0.1:1337", nil)
+		if err != nil {
+			return
+		}
+	}()
+	<-testServerWillStart
+
+	loggerWebhookEnable := fmt.Sprintf("%s_TEST", EnvLoggerWebhookEnable)
+	loggerWebhookEndpoint := fmt.Sprintf("%s_TEST", EnvLoggerWebhookEndpoint)
+	loggerWebhookAuthToken := fmt.Sprintf("%s_TEST", EnvLoggerWebhookAuthToken)
+	loggerWebhookClientCert := fmt.Sprintf("%s_TEST", EnvLoggerWebhookClientCert)
+	loggerWebhookClientKey := fmt.Sprintf("%s_TEST", EnvLoggerWebhookClientKey)
+	loggerWebhookQueueSize := fmt.Sprintf("%s_TEST", EnvLoggerWebhookQueueSize)
+
+	auditWebhookEnable := fmt.Sprintf("%s_TEST", EnvAuditWebhookEnable)
+	auditWebhookEndpoint := fmt.Sprintf("%s_TEST", EnvAuditWebhookEndpoint)
+	auditWebhookAuthToken := fmt.Sprintf("%s_TEST", EnvAuditWebhookAuthToken)
+	auditWebhookClientCert := fmt.Sprintf("%s_TEST", EnvAuditWebhookClientCert)
+	auditWebhookClientKey := fmt.Sprintf("%s_TEST", EnvAuditWebhookClientKey)
+	auditWebhookQueueSize := fmt.Sprintf("%s_TEST", EnvAuditWebhookQueueSize)
+
+	type args struct {
+		ctx       context.Context
+		transport *http.Transport
+	}
+	tests := []struct {
+		name         string
+		args         args
+		wantErr      bool
+		setEnvVars   func()
+		unsetEnvVars func()
+	}{
+		{
+			name: "logger or auditlog is not enabled",
+			args: args{
+				ctx:       context.Background(),
+				transport: http.DefaultTransport.(*http.Transport).Clone(),
+			},
+			wantErr: false,
+			setEnvVars: func() {
+			},
+			unsetEnvVars: func() {
+			},
+		},
+		{
+			name: "logger webhook initialized correctly",
+			args: args{
+				ctx:       context.Background(),
+				transport: http.DefaultTransport.(*http.Transport).Clone(),
+			},
+			wantErr: false,
+			setEnvVars: func() {
+				os.Setenv(loggerWebhookEnable, "on")
+				os.Setenv(loggerWebhookEndpoint, "http://127.0.0.1:1337/logger")
+				os.Setenv(loggerWebhookAuthToken, "test")
+				os.Setenv(loggerWebhookClientCert, "")
+				os.Setenv(loggerWebhookClientKey, "")
+				os.Setenv(loggerWebhookQueueSize, "1000")
+			},
+			unsetEnvVars: func() {
+				os.Unsetenv(loggerWebhookEnable)
+				os.Unsetenv(loggerWebhookEndpoint)
+				os.Unsetenv(loggerWebhookAuthToken)
+				os.Unsetenv(loggerWebhookClientCert)
+				os.Unsetenv(loggerWebhookClientKey)
+				os.Unsetenv(loggerWebhookQueueSize)
+			},
+		},
+		{
+			name: "logger webhook failed to initialize",
+			args: args{
+				ctx:       context.Background(),
+				transport: http.DefaultTransport.(*http.Transport).Clone(),
+			},
+			wantErr: true,
+			setEnvVars: func() {
+				os.Setenv(loggerWebhookEnable, "on")
+				os.Setenv(loggerWebhookEndpoint, "https://aklsjdakljdjkalsd.com")
+				os.Setenv(loggerWebhookAuthToken, "test")
+				os.Setenv(loggerWebhookClientCert, "")
+				os.Setenv(loggerWebhookClientKey, "")
+				os.Setenv(loggerWebhookQueueSize, "1000")
+			},
+			unsetEnvVars: func() {
+				os.Unsetenv(loggerWebhookEnable)
+				os.Unsetenv(loggerWebhookEndpoint)
+				os.Unsetenv(loggerWebhookAuthToken)
+				os.Unsetenv(loggerWebhookClientCert)
+				os.Unsetenv(loggerWebhookClientKey)
+				os.Unsetenv(loggerWebhookQueueSize)
+			},
+		},
+		{
+			name: "auditlog webhook initialized correctly",
+			args: args{
+				ctx:       context.Background(),
+				transport: http.DefaultTransport.(*http.Transport).Clone(),
+			},
+			wantErr: false,
+			setEnvVars: func() {
+				os.Setenv(auditWebhookEnable, "on")
+				os.Setenv(auditWebhookEndpoint, "http://127.0.0.1:1337/audit")
+				os.Setenv(auditWebhookAuthToken, "test")
+				os.Setenv(auditWebhookClientCert, "")
+				os.Setenv(auditWebhookClientKey, "")
+				os.Setenv(auditWebhookQueueSize, "1000")
+			},
+			unsetEnvVars: func() {
+				os.Unsetenv(auditWebhookEnable)
+				os.Unsetenv(auditWebhookEndpoint)
+				os.Unsetenv(auditWebhookAuthToken)
+				os.Unsetenv(auditWebhookClientCert)
+				os.Unsetenv(auditWebhookClientKey)
+				os.Unsetenv(auditWebhookQueueSize)
+			},
+		},
+		{
+			name: "auditlog webhook failed to initialize",
+			args: args{
+				ctx:       context.Background(),
+				transport: http.DefaultTransport.(*http.Transport).Clone(),
+			},
+			wantErr: true,
+			setEnvVars: func() {
+				os.Setenv(auditWebhookEnable, "on")
+				os.Setenv(auditWebhookEndpoint, "https://aklsjdakljdjkalsd.com")
+				os.Setenv(auditWebhookAuthToken, "test")
+				os.Setenv(auditWebhookClientCert, "")
+				os.Setenv(auditWebhookClientKey, "")
+				os.Setenv(auditWebhookQueueSize, "1000")
+			},
+			unsetEnvVars: func() {
+				os.Unsetenv(auditWebhookEnable)
+				os.Unsetenv(auditWebhookEndpoint)
+				os.Unsetenv(auditWebhookAuthToken)
+				os.Unsetenv(auditWebhookClientCert)
+				os.Unsetenv(auditWebhookClientKey)
+				os.Unsetenv(auditWebhookQueueSize)
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setEnvVars != nil {
+				tt.setEnvVars()
+			}
+			if err := InitializeLogger(tt.args.ctx, tt.args.transport); (err != nil) != tt.wantErr {
+				t.Errorf("InitializeLogger() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if tt.unsetEnvVars != nil {
+				tt.unsetEnvVars()
+			}
+		})
+	}
+}
+
+func TestEnableJSON(t *testing.T) {
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "enable json",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			EnableJSON()
+			if !IsJSON() {
+				t.Errorf("EnableJSON() = %v, want %v", IsJSON(), true)
+			}
+		})
+	}
+}
+
+func TestEnableQuiet(t *testing.T) {
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "enable quiet",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			EnableQuiet()
+			if !IsQuiet() {
+				t.Errorf("EnableQuiet() = %v, want %v", IsQuiet(), true)
+			}
+		})
+	}
+}
+
+func TestEnableAnonymous(t *testing.T) {
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "enable anonymous",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			EnableAnonymous()
+			if !IsAnonymous() {
+				t.Errorf("EnableAnonymous() = %v, want %v", IsAnonymous(), true)
+			}
+		})
+	}
+}

pkg/logger/logonce.go

@@ -0,0 +1,92 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"sync"
+	"time"
+)
+
+// Holds a map of recently logged errors.
+type logOnceType struct {
+	IDMap map[interface{}]error
+	sync.Mutex
+}
+
+// One log message per errors.
+func (l *logOnceType) logOnceIf(ctx context.Context, err error, id interface{}, errKind ...interface{}) {
+	if err == nil {
+		return
+	}
+	l.Lock()
+	shouldLog := false
+	prevErr := l.IDMap[id]
+	if prevErr == nil {
+		l.IDMap[id] = err
+		shouldLog = true
+	} else if prevErr.Error() != err.Error() {
+		l.IDMap[id] = err
+		shouldLog = true
+	}
+	l.Unlock()
+
+	if shouldLog {
+		LogIf(ctx, err, errKind...)
+	}
+}
+
+// Cleanup the map every 30 minutes so that the log message is printed again for the user to notice.
+func (l *logOnceType) cleanupRoutine() {
+	for {
+		l.Lock()
+		l.IDMap = make(map[interface{}]error)
+		l.Unlock()
+
+		time.Sleep(30 * time.Minute)
+	}
+}
+
+// Returns logOnceType
+func newLogOnceType() *logOnceType {
+	l := &logOnceType{IDMap: make(map[interface{}]error)}
+	go l.cleanupRoutine()
+	return l
+}
+
+var logOnce = newLogOnceType()
+
+// LogOnceIf - Logs notification errors - once per errors.
+// id is a unique identifier for related log messages, refer to cmd/notification.go
+// on how it is used.
+func LogOnceIf(ctx context.Context, err error, id interface{}, errKind ...interface{}) {
+	if err == nil {
+		return
+	}
+
+	if errors.Is(err, context.Canceled) {
+		return
+	}
+
+	if err.Error() == http.ErrServerClosed.Error() || err.Error() == "disk not found" {
+		return
+	}
+
+	logOnce.logOnceIf(ctx, err, id, errKind...)
+}

pkg/logger/message/audit/entry.go

@@ -0,0 +1,130 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package audit
+
+import (
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/golang-jwt/jwt/v4"
+
+	"github.com/minio/console/pkg/utils"
+
+	xhttp "github.com/minio/console/pkg/http"
+)
+
+// Version - represents the current version of audit log structure.
+const Version = "1"
+
+// ObjectVersion object version key/versionId
+type ObjectVersion struct {
+	ObjectName string `json:"objectName"`
+	VersionID  string `json:"versionId,omitempty"`
+}
+
+// Entry - audit entry logs.
+type Entry struct {
+	Version      string    `json:"version"`
+	DeploymentID string    `json:"deploymentid,omitempty"`
+	Time         time.Time `json:"time"`
+	Trigger      string    `json:"trigger"`
+	API          struct {
+		Path            string `json:"path,omitempty"`
+		Status          string `json:"status,omitempty"`
+		Method          string `json:"method"`
+		StatusCode      int    `json:"statusCode,omitempty"`
+		InputBytes      int64  `json:"rx"`
+		OutputBytes     int64  `json:"tx"`
+		TimeToFirstByte string `json:"timeToFirstByte,omitempty"`
+		TimeToResponse  string `json:"timeToResponse,omitempty"`
+	} `json:"api"`
+	RemoteHost string                 `json:"remotehost,omitempty"`
+	RequestID  string                 `json:"requestID,omitempty"`
+	SessionID  string                 `json:"sessionID,omitempty"`
+	UserAgent  string                 `json:"userAgent,omitempty"`
+	ReqClaims  map[string]interface{} `json:"requestClaims,omitempty"`
+	ReqQuery   map[string]string      `json:"requestQuery,omitempty"`
+	ReqHeader  map[string]string      `json:"requestHeader,omitempty"`
+	RespHeader map[string]string      `json:"responseHeader,omitempty"`
+	Tags       map[string]interface{} `json:"tags,omitempty"`
+}
+
+// NewEntry - constructs an audit entry object with some fields filled
+func NewEntry(deploymentID string) Entry {
+	return Entry{
+		Version:      Version,
+		DeploymentID: deploymentID,
+		Time:         time.Now().UTC(),
+	}
+}
+
+// ToEntry - constructs an audit entry from a http request
+func ToEntry(w http.ResponseWriter, r *http.Request, reqClaims map[string]interface{}, deploymentID string) Entry {
+	entry := NewEntry(deploymentID)
+
+	entry.RemoteHost = r.RemoteAddr
+	entry.UserAgent = r.UserAgent()
+	entry.ReqClaims = reqClaims
+
+	q := r.URL.Query()
+	reqQuery := make(map[string]string, len(q))
+	for k, v := range q {
+		reqQuery[k] = strings.Join(v, ",")
+	}
+	entry.ReqQuery = reqQuery
+
+	reqHeader := make(map[string]string, len(r.Header))
+	for k, v := range r.Header {
+		reqHeader[k] = strings.Join(v, ",")
+	}
+	entry.ReqHeader = reqHeader
+
+	wh := w.Header()
+
+	var requestID interface{}
+	requestID = r.Context().Value(utils.ContextRequestID)
+	if requestID == nil {
+		requestID, _ = utils.NewUUID()
+	}
+	entry.RequestID = requestID.(string)
+
+	if val := r.Context().Value(utils.ContextRequestUserID); val != nil {
+		sessionID := val.(string)
+		if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
+			claims := jwt.MapClaims{}
+			_, _ = jwt.ParseWithClaims(sessionID, claims, nil)
+			if sub, ok := claims["sub"]; ok {
+				sessionID = sub.(string)
+			}
+		}
+		entry.SessionID = sessionID
+	}
+
+	respHeader := make(map[string]string, len(wh))
+	for k, v := range wh {
+		respHeader[k] = strings.Join(v, ",")
+	}
+	entry.RespHeader = respHeader
+
+	if etag := respHeader[xhttp.ETag]; etag != "" {
+		respHeader[xhttp.ETag] = strings.Trim(etag, `"`)
+	}
+
+	return entry
+}

pkg/logger/message/audit/entry_test.go

@@ -0,0 +1,126 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package audit
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/minio/console/pkg/utils"
+)
+
+func TestNewEntry(t *testing.T) {
+	type args struct {
+		deploymentID string
+	}
+	tests := []struct {
+		name string
+		args args
+		want Entry
+	}{
+		{
+			name: "constructs an audit entry object with some fields filled",
+			args: args{
+				deploymentID: "1",
+			},
+			want: Entry{
+				Version:      Version,
+				DeploymentID: "1",
+				Time:         time.Now().UTC(),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := NewEntry(tt.args.deploymentID); got.DeploymentID != tt.want.DeploymentID {
+				t.Errorf("NewEntry() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestToEntry(t *testing.T) {
+
+	req := httptest.NewRequest(http.MethodGet, "/api/v1/tenants?test=xyz", nil)
+	req.Header.Set("Authorization", "xyz")
+	req.Header.Set("ETag", "\"ABCDE\"")
+
+	// applying context information
+	ctx := context.WithValue(req.Context(), utils.ContextRequestUserID, "eyJhbGciOiJSUzI1NiIsImtpZCI6Ing5cS0wSkEwQzFMWDJlRlR3dHo2b0t0NVNnRzJad0llMGVNczMxbjU0b2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtaW5pby1vcGVyYXRvciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjb25zb2xlLXNhLXRva2VuLWJrZzZwIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNvbnNvbGUtc2EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhZTE2ZGVkNS01MmM3LTRkZTQtOWUxYS1iNmI4NGU2OGMzM2UiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bWluaW8tb3BlcmF0b3I6Y29uc29sZS1zYSJ9.AjhzekAPC59SQVBQL5sr-1dqr57-jH8a5LVazpnEr_cC0JqT4jXYjdfbrZSF9yaL4gHRv2l0kOhBlrjRK7y-IpMbxE71Fne_lSzaptSuqgI5I9dFvpVfZWP1yMAqav8mrlUoWkWDq9IAkyH4bvvZrVgQJGgd5t9U_7DQCVwbkQvy0wGS5zoMcZhYenn_Ub1BoxWcviADQ1aY1wQju8OP0IOwKTIMXMQqciOFdJ9T5-tQEGUrikTu_tW-1shUHzOxBcEzGVtBvBy2OmbNnRFYogbhmp-Dze6EAi035bY32bfL7XKBUNCW6_3VbN_h3pQNAuT2NJOSKuhJ3cGldCB2zg")
+	req = req.WithContext(ctx)
+
+	w := httptest.NewRecorder()
+	w.Header().Set("Authorization", "xyz")
+	w.Header().Set("ETag", "\"ABCDE\"")
+
+	type args struct {
+		w            http.ResponseWriter
+		r            *http.Request
+		reqClaims    map[string]interface{}
+		deploymentID string
+	}
+	tests := []struct {
+		name     string
+		args     args
+		want     Entry
+		preFunc  func()
+		postFunc func()
+	}{
+		{
+			preFunc: func() {
+				os.Setenv("CONSOLE_OPERATOR_MODE", "on")
+			},
+			postFunc: func() {
+				os.Unsetenv("CONSOLE_OPERATOR_MODE")
+
+			},
+			name: "constructs an audit entry from a http request",
+			args: args{
+				w:            w,
+				r:            req,
+				reqClaims:    map[string]interface{}{},
+				deploymentID: "1",
+			},
+			want: Entry{
+				Version:      "1",
+				DeploymentID: "1",
+				SessionID:    "system:serviceaccount:minio-operator:console-sa",
+				ReqQuery:     map[string]string{"test": "xyz"},
+				ReqHeader:    map[string]string{"test": "xyz"},
+				RespHeader:   map[string]string{"test": "xyz", "ETag": "ABCDE"},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.preFunc != nil {
+				tt.preFunc()
+			}
+			if got := ToEntry(tt.args.w, tt.args.r, tt.args.reqClaims, tt.args.deploymentID); !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("ToEntry() = %v, want %v", got, tt.want)
+			}
+			if tt.postFunc != nil {
+				tt.postFunc()
+			}
+		})
+	}
+}

pkg/logger/message/log/entry.go

@@ -0,0 +1,64 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package log
+
+import (
+	"time"
+)
+
+// ObjectVersion object version key/versionId
+type ObjectVersion struct {
+	ObjectName string `json:"objectName"`
+	VersionID  string `json:"versionId,omitempty"`
+}
+
+// Args - defines the arguments for the API.
+type Args struct {
+	Bucket    string            `json:"bucket,omitempty"`
+	Object    string            `json:"object,omitempty"`
+	VersionID string            `json:"versionId,omitempty"`
+	Objects   []ObjectVersion   `json:"objects,omitempty"`
+	Metadata  map[string]string `json:"metadata,omitempty"`
+}
+
+// Trace - defines the trace.
+type Trace struct {
+	Message   string                 `json:"message,omitempty"`
+	Source    []string               `json:"source,omitempty"`
+	Variables map[string]interface{} `json:"variables,omitempty"`
+}
+
+// API - defines the api type and its args.
+type API struct {
+	Name string `json:"name,omitempty"`
+}
+
+// Entry - defines fields and values of each log entry.
+type Entry struct {
+	DeploymentID string    `json:"deploymentid,omitempty"`
+	Level        string    `json:"level"`
+	LogKind      string    `json:"errKind"`
+	Time         time.Time `json:"time"`
+	API          *API      `json:"api,omitempty"`
+	RemoteHost   string    `json:"remotehost,omitempty"`
+	Host         string    `json:"host,omitempty"`
+	RequestID    string    `json:"requestID,omitempty"`
+	SessionID    string    `json:"sessionID,omitempty"`
+	UserAgent    string    `json:"userAgent,omitempty"`
+	Message      string    `json:"message,omitempty"`
+	Trace        *Trace    `json:"errors,omitempty"`
+}

pkg/logger/reqinfo.go

@@ -0,0 +1,117 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/minio/console/pkg/utils"
+)
+
+// KeyVal - appended to ReqInfo.Tags
+type KeyVal struct {
+	Key string
+	Val interface{}
+}
+
+// ObjectVersion object version key/versionId
+type ObjectVersion struct {
+	ObjectName string
+	VersionID  string `json:"VersionId,omitempty"`
+}
+
+// ReqInfo stores the request info.
+type ReqInfo struct {
+	RemoteHost   string          // Client Host/IP
+	Host         string          // Node Host/IP
+	UserAgent    string          // User Agent
+	DeploymentID string          // x-minio-deployment-id
+	RequestID    string          // x-amz-request-id
+	SessionID    string          // custom session id
+	API          string          // API name - GetObject PutObject NewMultipartUpload etc.
+	BucketName   string          `json:",omitempty"` // Bucket name
+	ObjectName   string          `json:",omitempty"` // Object name
+	VersionID    string          `json:",omitempty"` // corresponding versionID for the object
+	Objects      []ObjectVersion `json:",omitempty"` // Only set during MultiObject delete handler.
+	AccessKey    string          // Access Key
+	tags         []KeyVal        // Any additional info not accommodated by above fields
+	sync.RWMutex
+}
+
+// GetTags - returns the user defined tags
+func (r *ReqInfo) GetTags() []KeyVal {
+	if r == nil {
+		return nil
+	}
+	r.RLock()
+	defer r.RUnlock()
+	return append([]KeyVal(nil), r.tags...)
+}
+
+// GetTagsMap - returns the user defined tags in a map structure
+func (r *ReqInfo) GetTagsMap() map[string]interface{} {
+	if r == nil {
+		return nil
+	}
+	r.RLock()
+	defer r.RUnlock()
+	m := make(map[string]interface{}, len(r.tags))
+	for _, t := range r.tags {
+		m[t.Key] = t.Val
+	}
+	return m
+}
+
+// SetReqInfo sets ReqInfo in the context.
+func SetReqInfo(ctx context.Context, req *ReqInfo) context.Context {
+	if ctx == nil {
+		LogIf(context.Background(), fmt.Errorf("context is nil"))
+		return nil
+	}
+	return context.WithValue(ctx, utils.ContextLogKey, req)
+}
+
+// GetReqInfo returns ReqInfo if set.
+func GetReqInfo(ctx context.Context) *ReqInfo {
+	if ctx != nil {
+		r, ok := ctx.Value(utils.ContextLogKey).(*ReqInfo)
+		if ok {
+			return r
+		}
+		r = &ReqInfo{}
+		if val, o := ctx.Value(utils.ContextRequestID).(string); o {
+			r.RequestID = val
+		}
+		if val, o := ctx.Value(utils.ContextRequestUserID).(string); o {
+			r.SessionID = val
+		}
+		if val, o := ctx.Value(utils.ContextRequestUserAgent).(string); o {
+			r.UserAgent = val
+		}
+		if val, o := ctx.Value(utils.ContextRequestHost).(string); o {
+			r.Host = val
+		}
+		if val, o := ctx.Value(utils.ContextRequestRemoteAddr).(string); o {
+			r.RemoteHost = val
+		}
+		SetReqInfo(ctx, r)
+		return r
+	}
+	return nil
+}

pkg/logger/target/http/http.go

@@ -0,0 +1,226 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package http
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	xhttp "github.com/minio/console/pkg/http"
+	"github.com/minio/console/pkg/logger/target/types"
+)
+
+// Timeout for the webhook http call
+const webhookCallTimeout = 5 * time.Second
+
+// Config http logger target
+type Config struct {
+	Enabled    bool              `json:"enabled"`
+	Name       string            `json:"name"`
+	UserAgent  string            `json:"userAgent"`
+	Endpoint   string            `json:"endpoint"`
+	AuthToken  string            `json:"authToken"`
+	ClientCert string            `json:"clientCert"`
+	ClientKey  string            `json:"clientKey"`
+	QueueSize  int               `json:"queueSize"`
+	Transport  http.RoundTripper `json:"-"`
+
+	// Custom logger
+	LogOnce func(ctx context.Context, err error, id interface{}, errKind ...interface{}) `json:"-"`
+}
+
+// Target implements logger.Target and sends the json
+// format of a log entry to the configured http endpoint.
+// An internal buffer of logs is maintained but when the
+// buffer is full, new logs are just ignored and an errors
+// is returned to the caller.
+type Target struct {
+	status int32
+	wg     sync.WaitGroup
+
+	// Channel of log entries
+	logCh chan interface{}
+
+	config Config
+}
+
+// Endpoint returns the backend endpoint
+func (h *Target) Endpoint() string {
+	return h.config.Endpoint
+}
+
+func (h *Target) String() string {
+	return h.config.Name
+}
+
+// Init validate and initialize the http target
+func (h *Target) Init() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 2*webhookCallTimeout)
+	defer cancel()
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, h.config.Endpoint, strings.NewReader(`{}`))
+	if err != nil {
+		return err
+	}
+
+	req.Header.Set(xhttp.ContentType, "application/json")
+
+	// Set user-agent to indicate MinIO release
+	// version to the configured log endpoint
+	req.Header.Set("User-Agent", h.config.UserAgent)
+
+	if h.config.AuthToken != "" {
+		req.Header.Set("Authorization", h.config.AuthToken)
+	}
+
+	client := http.Client{Transport: h.config.Transport}
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+
+	// Drain any response.
+	xhttp.DrainBody(resp.Body)
+
+	if !acceptedResponseStatusCode(resp.StatusCode) {
+		switch resp.StatusCode {
+		case http.StatusForbidden:
+			return fmt.Errorf("%s returned '%s', please check if your auth token is correctly set",
+				h.config.Endpoint, resp.Status)
+		}
+		return fmt.Errorf("%s returned '%s', please check your endpoint configuration",
+			h.config.Endpoint, resp.Status)
+	}
+
+	h.status = 1
+	go h.startHTTPLogger()
+	return nil
+}
+
+// Accepted HTTP Status Codes
+var acceptedStatusCodeMap = map[int]bool{http.StatusOK: true, http.StatusCreated: true, http.StatusAccepted: true, http.StatusNoContent: true}
+
+func acceptedResponseStatusCode(code int) bool {
+	return acceptedStatusCodeMap[code]
+}
+
+func (h *Target) logEntry(entry interface{}) {
+	logJSON, err := json.Marshal(&entry)
+	if err != nil {
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), webhookCallTimeout)
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost,
+		h.config.Endpoint, bytes.NewReader(logJSON))
+	if err != nil {
+		h.config.LogOnce(ctx, fmt.Errorf("%s returned '%w', please check your endpoint configuration", h.config.Endpoint, err), h.config.Endpoint)
+		cancel()
+		return
+	}
+	req.Header.Set(xhttp.ContentType, "application/json")
+
+	// Set user-agent to indicate MinIO release
+	// version to the configured log endpoint
+	req.Header.Set("User-Agent", h.config.UserAgent)
+
+	if h.config.AuthToken != "" {
+		req.Header.Set("Authorization", h.config.AuthToken)
+	}
+
+	client := http.Client{Transport: h.config.Transport}
+	resp, err := client.Do(req)
+	cancel()
+	if err != nil {
+		h.config.LogOnce(ctx, fmt.Errorf("%s returned '%w', please check your endpoint configuration", h.config.Endpoint, err), h.config.Endpoint)
+		return
+	}
+
+	// Drain any response.
+	xhttp.DrainBody(resp.Body)
+
+	if !acceptedResponseStatusCode(resp.StatusCode) {
+		switch resp.StatusCode {
+		case http.StatusForbidden:
+			h.config.LogOnce(ctx, fmt.Errorf("%s returned '%s', please check if your auth token is correctly set", h.config.Endpoint, resp.Status), h.config.Endpoint)
+		default:
+			h.config.LogOnce(ctx, fmt.Errorf("%s returned '%s', please check your endpoint configuration", h.config.Endpoint, resp.Status), h.config.Endpoint)
+		}
+	}
+}
+
+func (h *Target) startHTTPLogger() {
+	// Create a routine which sends json logs received
+	// from an internal channel.
+	go func() {
+		h.wg.Add(1)
+		defer h.wg.Done()
+		for entry := range h.logCh {
+			h.logEntry(entry)
+		}
+	}()
+}
+
+// New initializes a new logger target which
+// sends log over http to the specified endpoint
+func New(config Config) *Target {
+	h := &Target{
+		logCh:  make(chan interface{}, config.QueueSize),
+		config: config,
+	}
+
+	return h
+}
+
+// Send log message 'e' to http target.
+func (h *Target) Send(entry interface{}, errKind string) error {
+	if atomic.LoadInt32(&h.status) == 0 {
+		// Channel was closed or used before init.
+		return nil
+	}
+
+	select {
+	case h.logCh <- entry:
+	default:
+		// log channel is full, do not wait and return
+		// an errors immediately to the caller
+		return errors.New("log buffer full")
+	}
+
+	return nil
+}
+
+// Cancel - cancels the target
+func (h *Target) Cancel() {
+	if atomic.CompareAndSwapInt32(&h.status, 1, 0) {
+		close(h.logCh)
+	}
+	h.wg.Wait()
+}
+
+// Type - returns type of the target
+func (h *Target) Type() types.TargetType {
+	return types.TargetHTTP
+}

pkg/logger/target/types/types.go

@@ -0,0 +1,27 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package types
+
+// TargetType indicates type of the target e.g. console, http, kafka
+type TargetType uint8
+
+// Constants for target types
+const (
+	_ TargetType = iota
+	TargetConsole
+	TargetHTTP
+)

pkg/logger/targets.go

@@ -0,0 +1,151 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"sync"
+	"sync/atomic"
+
+	"github.com/minio/console/pkg/logger/target/http"
+	"github.com/minio/console/pkg/logger/target/types"
+)
+
+// Target is the entity that we will receive
+// a single log entry and Send it to the log target
+//   e.g. Send the log to a http server
+type Target interface {
+	String() string
+	Endpoint() string
+	Init() error
+	Cancel()
+	Send(entry interface{}, errKind string) error
+	Type() types.TargetType
+}
+
+var (
+	// swapMu must be held while reading slice info or swapping targets or auditTargets.
+	swapMu sync.Mutex
+
+	// systemTargets is the set of enabled loggers.
+	// Must be immutable at all times.
+	// Can be swapped to another while holding swapMu
+	systemTargets = []Target{}
+
+	// This is always set represent /dev/console target
+	consoleTgt Target
+
+	nTargets int32 // atomic count of len(targets)
+)
+
+// SystemTargets returns active targets.
+// Returned slice may not be modified in any way.
+func SystemTargets() []Target {
+	if atomic.LoadInt32(&nTargets) == 0 {
+		// Lock free if none...
+		return nil
+	}
+	swapMu.Lock()
+	res := systemTargets
+	swapMu.Unlock()
+	return res
+}
+
+// AuditTargets returns active audit targets.
+// Returned slice may not be modified in any way.
+func AuditTargets() []Target {
+	if atomic.LoadInt32(&nAuditTargets) == 0 {
+		// Lock free if none...
+		return nil
+	}
+	swapMu.Lock()
+	res := auditTargets
+	swapMu.Unlock()
+	return res
+}
+
+// auditTargets is the list of enabled audit loggers
+// Must be immutable at all times.
+// Can be swapped to another while holding swapMu
+var (
+	auditTargets  = []Target{}
+	nAuditTargets int32 // atomic count of len(auditTargets)
+)
+
+func cancelAllSystemTargets() {
+	for _, tgt := range systemTargets {
+		tgt.Cancel()
+	}
+}
+
+func initSystemTargets(cfgMap map[string]http.Config) (tgts []Target, err error) {
+	for _, l := range cfgMap {
+		if l.Enabled {
+			t := http.New(l)
+			if err = t.Init(); err != nil {
+				return tgts, err
+			}
+			tgts = append(tgts, t)
+		}
+	}
+	return tgts, err
+}
+
+// UpdateSystemTargets swaps targets with newly loaded ones from the cfg
+func UpdateSystemTargets(cfg Config) error {
+	updated, err := initSystemTargets(cfg.HTTP)
+	if err != nil {
+		return err
+	}
+
+	swapMu.Lock()
+	for _, tgt := range systemTargets {
+		// Preserve console target when dynamically updating
+		// other HTTP targets, console target is always present.
+		if tgt.Type() == types.TargetConsole {
+			updated = append(updated, tgt)
+			break
+		}
+	}
+	atomic.StoreInt32(&nTargets, int32(len(updated)))
+	cancelAllSystemTargets() // cancel running targets
+	systemTargets = updated
+	swapMu.Unlock()
+	return nil
+}
+
+func cancelAuditTargetType(t types.TargetType) {
+	for _, tgt := range auditTargets {
+		if tgt.Type() == t {
+			tgt.Cancel()
+		}
+	}
+}
+
+// UpdateAuditWebhookTargets swaps audit webhook targets with newly loaded ones from the cfg
+func UpdateAuditWebhookTargets(cfg Config) error {
+	updated, err := initSystemTargets(cfg.AuditWebhook)
+	if err != nil {
+		return err
+	}
+
+	swapMu.Lock()
+	atomic.StoreInt32(&nAuditTargets, int32(len(updated)))
+	cancelAuditTargetType(types.TargetHTTP) // cancel running targets
+	auditTargets = updated
+	swapMu.Unlock()
+	return nil
+}

pkg/logger/utils.go

@@ -0,0 +1,60 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package logger
+
+import (
+	"fmt"
+	"regexp"
+	"runtime"
+
+	"github.com/minio/console/pkg/logger/color"
+)
+
+var ansiRE = regexp.MustCompile("(\x1b[^m]*m)")
+
+// Print ANSI Control escape
+func ansiEscape(format string, args ...interface{}) {
+	Esc := "\x1b"
+	fmt.Printf("%s%s", Esc, fmt.Sprintf(format, args...))
+}
+
+func ansiMoveRight(n int) {
+	if runtime.GOOS == "windows" {
+		return
+	}
+	if color.IsTerminal() {
+		ansiEscape("[%dC", n)
+	}
+}
+
+func ansiSaveAttributes() {
+	if runtime.GOOS == "windows" {
+		return
+	}
+	if color.IsTerminal() {
+		ansiEscape("7")
+	}
+}
+
+func ansiRestoreAttributes() {
+	if runtime.GOOS == "windows" {
+		return
+	}
+	if color.IsTerminal() {
+		ansiEscape("8")
+	}
+}

pkg/subnet/subnet.go

@@ -24,7 +24,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/minio/console/pkg/utils"
+	"github.com/minio/console/pkg/http"
 
 	"github.com/minio/pkg/licverifier"
 
@@ -34,7 +34,7 @@ import (
 	"github.com/tidwall/gjson"
 )
 
-func LoginWithMFA(client utils.HTTPClientI, username, mfaToken, otp string) (*LoginResp, error) {
+func LoginWithMFA(client http.ClientI, username, mfaToken, otp string) (*LoginResp, error) {
 	mfaLoginReq := MfaReq{Username: username, OTP: otp, Token: mfaToken}
 	resp, err := subnetPostReq(client, subnetMFAURL(), mfaLoginReq, nil)
 	if err != nil {
@@ -47,7 +47,7 @@ func LoginWithMFA(client utils.HTTPClientI, username, mfaToken, otp string) (*Lo
 	return nil, errors.New("access token not found in response")
 }
 
-func Login(client utils.HTTPClientI, username, password string) (*LoginResp, error) {
+func Login(client http.ClientI, username, password string) (*LoginResp, error) {
 	loginReq := map[string]string{
 		"username": username,
 		"password": password,
@@ -71,7 +71,7 @@ func Login(client utils.HTTPClientI, username, password string) (*LoginResp, err
 	return nil, errors.New("access token not found in response")
 }
 
-func GetOrganizations(client utils.HTTPClientI, token string) ([]*models.SubnetOrganization, error) {
+func GetOrganizations(client http.ClientI, token string) ([]*models.SubnetOrganization, error) {
 	headers := subnetAuthHeaders(token)
 	respStr, err := subnetGetReq(client, subnetOrgsURL(), headers)
 	if err != nil {
@@ -90,7 +90,7 @@ type LicenseTokenConfig struct {
 	Proxy   string
 }
 
-func Register(client utils.HTTPClientI, admInfo madmin.InfoMessage, apiKey, token, accountID string) (*LicenseTokenConfig, error) {
+func Register(client http.ClientI, admInfo madmin.InfoMessage, apiKey, token, accountID string) (*LicenseTokenConfig, error) {
 	var headers map[string]string
 	regInfo := GetClusterRegInfo(admInfo)
 	regURL := subnetRegisterURL()
@@ -128,7 +128,7 @@ func Register(client utils.HTTPClientI, admInfo madmin.InfoMessage, apiKey, toke
 const publicKey = "/downloads/license-pubkey.pem"
 
 // downloadSubnetPublicKey will download the current subnet public key.
-func downloadSubnetPublicKey(client utils.HTTPClientI) (string, error) {
+func downloadSubnetPublicKey(client http.ClientI) (string, error) {
 	// Get the public key directly from Subnet
 	url := fmt.Sprintf("%s%s", subnetBaseURL(), publicKey)
 	resp, err := client.Get(url)
@@ -145,7 +145,7 @@ func downloadSubnetPublicKey(client utils.HTTPClientI) (string, error) {
 }
 
 // ParseLicense parses the license with the bundle public key and return it's information
-func ParseLicense(client utils.HTTPClientI, license string) (*licverifier.LicenseInfo, error) {
+func ParseLicense(client http.ClientI, license string) (*licverifier.LicenseInfo, error) {
 	var publicKeys []string
 
 	subnetPubKey, err := downloadSubnetPublicKey(client)