Release v0.17.2 (#2030 )

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
fix: getTimeFromTimestamp() incorrect padding for days (#2029 )
2022-05-23 11:18:47 -07:00 · 2022-05-23 02:51:59 -05:00 · 2022-05-23 00:14:24 -05:00 · 2022-05-23 00:00:14 -05:00 · 2022-05-22 23:30:47 -05:00 · 2022-05-21 20:24:43 -07:00
1686 changed files with 50467 additions and 26918 deletions
--- a/.github/workflows/console-sa-secret.yaml
+++ b/.github/workflows/console-sa-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: console-sa-secret
+  namespace: minio-operator
+  annotations:
+    kubernetes.io/service-account.name: console-sa
+type: kubernetes.io/service-account-token
--- a/.github/workflows/deploy-tenant.sh
+++ b/.github/workflows/deploy-tenant.sh
@@ -65,7 +65,15 @@ function main() {

    check_tenant_status tenant-lite storage-lite

-    kubectl -n minio-operator port-forward svc/console 9090 &
+    kubectl proxy &
+
+    # Beginning  Kubernetes 1.24 ----> Service Account Token Secrets are not 
+    # automatically generated, to generate them manually, users must manually
+    # create the secret, for our examples where we lead people to get the JWT
+    # from the console-sa service account, they additionally need to manually
+    # generate the secret via
+    kubectl apply -f "${SCRIPT_DIR}/console-sa-secret.yaml"
+
 }

 main "$@"
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -24,6 +24,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -92,6 +93,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -160,6 +162,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -256,6 +259,22 @@ jobs:
          curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-${nancy_version}-linux-amd64 && chmod +x nancy
          go list -deps -json ./... | jq -s 'unique_by(.Module.Path)|.[]|select(has("Module"))|.Module' | ./nancy sleuth

+  semgrep-static-code-analysis:
+    name: "semgrep checks"
+    runs-on: ${{ matrix.os }}
+    container:
+      image: "returntocorp/semgrep"
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out source code
+        uses: actions/checkout@v2
+      - name: Scanning code on ${{ matrix.os }}
+        continue-on-error: false
+        run: |
+          semgrep --config semgrep.yaml $(pwd)/portal-ui --error
+
  no-warnings-and-make-assets:
    name: "React Code Has No Warnings and then Make Assets"
    runs-on: ${{ matrix.os }}
@@ -350,6 +369,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -428,6 +448,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -506,6 +527,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -578,6 +600,282 @@ jobs:
          make cleanup-permissions


+  all-permissions-4:
+    name: Permissions Tests Part 4
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 5
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-4/ --skip-js-errors'
+
+  all-permissions-5:
+    name: Permissions Tests Part 5
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-5/ --skip-js-errors'
+
+  all-permissions-6:
+    name: Permissions Tests Part 6
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-6/ --skip-js-errors'
+
+  all-permissions-7:
+    name: Permissions Tests Part 7
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-7/ --skip-js-errors'

  all-operator-tests:
    name: Operator UI Tests
@@ -586,6 +884,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -659,6 +958,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -696,6 +996,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -733,6 +1034,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -770,6 +1072,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -807,6 +1110,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -844,6 +1148,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -881,6 +1186,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -918,6 +1224,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -956,6 +1263,52 @@ jobs:
            ./restapi/coverage/
          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}

+  test-operatorapi-on-go:
+    name: Test Operatorapi on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make test-unit-test-operator
+
+      - uses: actions/cache@v2
+        id: coverage-cache-unittest-operatorapi
+        name: Coverage Cache unit test operatorAPI
+        with:
+          path: |
+            ./operatorapi/coverage/
+          key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
+
  b-integration-tests:
    name: Integration Tests with Latest Distributed MinIO
    needs:
@@ -963,6 +1316,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -1031,6 +1385,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
@@ -1046,6 +1401,7 @@ jobs:
    needs:
      - b-integration-tests
      - test-restapi-on-go
+      - test-operatorapi-on-go
      - c-operator-api-tests
      - test-pkg-on-go
      - sso-integration
@@ -1116,6 +1472,14 @@ jobs:
            ./restapi/coverage/
          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}

+      - uses: actions/cache@v2
+        id: coverage-cache-unittest-operatorapi
+        name: Coverage Cache unit test operatorAPI
+        with:
+          path: |
+            ./operatorapi/coverage/
+          key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
+
      - uses: actions/cache@v2
        id: coverage-cache-pkg
        name: Coverage Cache Pkg
@@ -1135,17 +1499,32 @@ jobs:
          echo "go build gocoverage.go"
          go build gocovmerge.go
          echo "put together the outs for final coverage resolution"
-          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out > all.out
+          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out ../operatorapi/coverage/coverage-unit-test-operatorapi.out > all.out
+          echo "Download mc for Ubuntu"
+          wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
+          echo "Change the permissions to execute mc command"
+          chmod +x mc
+          echo "Create the folder to put the all.out file"
+          ./mc mb --ignore-existing play/builds/
+          echo "Copy the all.out file to play bucket"
+          echo ${{ github.repository }}
+          echo ${{ github.event.number }}
+          echo ${{ github.run_id }}
+          ./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/
+          ./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/
+          go tool cover -html=all.out -o coverage.html
+          ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/
+          ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/
          echo "grep to obtain the result"
          go tool cover -func=all.out | grep total > tmp2
          result=`cat tmp2 | awk 'END {print $3}'`
          result=${result%\%}
-          echo "result:"
-          echo $result
-          threshold=54.00
+          threshold=47.7
+          echo "Result:"
+          echo "$result%"
          if (( $(echo "$result >= $threshold" |bc -l) )); then
-            echo "It is equal or greater than threshold, passed!"
+            echo "It is equal or greater than threshold ($threshold%), passed!"
          else
-            echo "It is smaller than threshold value, failed!"
+            echo "It is smaller than threshold ($threshold%) value, failed!"
            exit 1
          fi
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@ vendor/

 # Ignore executables
 target/
+!pkg/logger/target/
 console
 !console/

--- a/.golangci.yml
+++ b/.golangci.yml
@@ -16,10 +16,17 @@ linters:
    - ineffassign
    - gosimple
    - deadcode
-    - unparam
+    - structcheck
+    - gomodguard
+    - gofmt
    - unused
    - structcheck
-    - goheader
+    - unconvert
+    - varcheck
+    - gocritic
+    - gofumpt
+    - tenv
+    - durationcheck

 linters-settings:
  goheader:
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -0,0 +1,33 @@
+# Ignore git items
+.gitignore
+.git/
+:include .gitignore
+
+# Common large paths
+node_modules/
+portal-ui/node_modules/
+build/
+dist/
+.idea/
+vendor/
+.env/
+.venv/
+.tox/
+*.min.js
+
+# Common test paths
+test/
+tests/
+*_test.go
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Ignore VsCode files
+.vscode/
+*.code-workspace
+*~
+.eslintcache
--- a/81
+++ b/81
@@ -131,29 +131,25 @@ test-replication:
 test-sso-integration:
 	@echo "create the network in bridge mode to communicate all containers"
 	@(docker network create my-net)
-	@echo "execute latest keycloak container"
+	@echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest"
 	@(docker run \
-	--rm \
-	--name keycloak-container \
-	--network my-net \
-	-p 8080:8080 \
-	-e KEYCLOAK_USER=admin \
-	-e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &)
-	@echo "wait 60 sec until keycloak is listenning on port, then go for minio server"
-	@(sleep 60)
-	@echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO"
+		-e LDAP_ORGANIZATION="MinIO Inc" \
+		-e LDAP_DOMAIN="min.io" \
+		-e LDAP_ADMIN_PASSWORD="admin" \
+		--network my-net \
+		-p 389:389 \
+		-p 636:636 \
+		--name openldap \
+		--detach quay.io/minio/openldap:latest)
+	@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
 	@(docker run \
-	--rm \
-	--network my-net \
-	--name keycloak-config-cli \
-	-e KEYCLOAK_URL=http://keycloak-container:8080/auth \
-	-e KEYCLOAK_USER="admin" \
-	-e KEYCLOAK_PASSWORD="admin" \
-	-e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \
-	-e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \
-	-e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \
-	-v /home/runner/work/console/console/sso-integration/config:/config \
-	adorsys/keycloak-config-cli:latest)
+		-e DEX_ISSUER=http://dex:5556/dex \
+		-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
+		-e DEX_LDAP_SERVER=openldap:389 \
+		--network my-net \
+		-p 5556:5556 \
+		--name dex \
+		--detach quay.io/minio/dex:latest)
 	@echo "running minio server"
 	@(docker run \
 	-v /data1 -v /data2 -v /data3 -v /data4 \
@@ -163,26 +159,29 @@ test-sso-integration:
 	--rm \
 	-p 9000:9000 \
 	-p 9001:9001 \
-	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \
+	-e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \
+	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
+	-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
+	-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
+	-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
 	-e MINIO_ROOT_USER=minio \
 	-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
-	@(sleep 60)
-	@echo "run mc commands"
+	@echo "run mc commands to set the policy"
 	@(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc)
 	@(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123)
-	@(docker exec minio-client mc admin config set myminio identity_openid config_url="http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration" client_id="account")
-	@(docker exec minio-client mc admin service restart myminio)
+	@echo "adding policy to Dillon Harper to be able to login:"
+	@(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy add myminio "Dillon Harper" allaccess.json)
 	@echo "starting bash script"
 	@(env bash $(PWD)/sso-integration/set-sso.sh)
-	@echo "install jq"
-	@(sudo apt install jq)
+	@echo "add python module"
+	@(pip3 install bs4)
 	@echo "Executing the test:"
 	@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)

 test-operator-integration:
 	@(echo "Start cd operator-integration && go test:")
 	@(pwd)
-	@(cd operator-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./operator-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/operator-api.out)
+	@(cd operator-integration && go test -coverpkg=../operatorapi -c -tags testrunmain . && mkdir -p coverage && ./operator-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/operator-api.out)

 test-operator:
 	@(env bash $(PWD)/portal-ui/tests/scripts/operator.sh)
@@ -203,6 +202,26 @@ test-permissions-3:
 	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-3/")
 	@(docker stop minio)

+test-permissions-4:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-4/")
+	@(docker stop minio)
+
+test-permissions-5:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-5/")
+	@(docker stop minio)
+
+test-permissions-6:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-6/")
+	@(docker stop minio)
+
+test-permissions-7:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-7/")
+	@(docker stop minio)
+
 test-apply-permissions:
 	@(env bash $(PWD)/portal-ui/tests/scripts/initialize-env.sh)

@@ -223,6 +242,10 @@ test:
 	@echo "execute test and get coverage"
 	@(cd restapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage.out)

+test-unit-test-operator:
+	@echo "execute unit test and get coverage for operatorapi"
+	@(cd operatorapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-unit-test-operatorapi.out)
+
 test-pkg:
 	@echo "execute test and get coverage"
 	@(cd pkg && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-pkg.out)
--- a/cluster/cluster.go
+++ b/cluster/cluster.go
@@ -25,8 +25,8 @@ import (

 // getTLSClientConfig will return the right TLS configuration for the K8S client based on the configured TLS certificate
 func getTLSClientConfig() rest.TLSClientConfig {
-	var defaultRootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-	var customRootCAFile = getK8sAPIServerTLSRootCA()
+	defaultRootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	customRootCAFile := getK8sAPIServerTLSRootCA()
 	tlsClientConfig := rest.TLSClientConfig{}
 	// if console is running inside k8s by default he will have access to the CA Cert from the k8s local authority
 	if _, err := certutil.NewPool(defaultRootCAFile); err == nil {
--- a/cluster/config.go
+++ b/cluster/config.go
@@ -23,6 +23,8 @@ import (
 	"strings"
 	"time"

+	xhttp "github.com/minio/console/pkg/http"
+
 	"github.com/minio/console/pkg/utils"

 	"github.com/minio/pkg/env"
@@ -68,7 +70,7 @@ func GetMinioImage() (*string, error) {
 		return &image, nil
 	}
 	latestMinIOImage, errLatestMinIOImage := utils.GetLatestMinIOImage(
-		&utils.HTTPClient{
+		&xhttp.Client{
 			Client: &http.Client{
 				Timeout: 5 * time.Second,
 			},
--- a/cmd/console/app_commands.go
+++ b/cmd/console/app_commands.go
@@ -20,10 +20,14 @@
 package main

 import (
+	"context"
+	"fmt"
 	"os"
 	"strconv"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -36,15 +40,27 @@ var appCmds = []cli.Command{

 // StartServer starts the console service
 func StartServer(ctx *cli.Context) error {
-	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
-		return startOperatorServer(ctx)
-	}
-
+	// Load all certificates
 	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
 		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
+	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
+		return startOperatorServer(ctx)
+	}
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)
--- a/cmd/console/app_commands_noop.go
+++ b/cmd/console/app_commands_noop.go
@@ -20,9 +20,13 @@
 package main

 import (
+	"context"
+	"fmt"
 	"strconv"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -39,6 +43,17 @@ func StartServer(ctx *cli.Context) error {
 		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)
--- a/cmd/console/operator.go
+++ b/cmd/console/operator.go
@@ -2,7 +2,7 @@
 // +build operator

 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2022 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -20,6 +20,7 @@
 package main

 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
@@ -27,6 +28,8 @@ import (
 	"syscall"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/console/restapi"

 	"github.com/go-openapi/loads"
@@ -106,7 +109,7 @@ func buildOperatorServer() (*operatorapi.Server, error) {
 	}

 	api := operations.NewOperatorAPI(swaggerSpec)
-	api.Logger = operatorapi.LogInfo
+	api.Logger = restapi.LogInfo
 	server := operatorapi.NewServer(api)

 	parser := flags.NewParser(server, flags.Default)
@@ -147,7 +150,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 	}

 	// load the certificates and the CAs
-	operatorapi.GlobalRootCAs, operatorapi.GlobalPublicCerts, operatorapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
 	if err != nil {
 		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
 	}
@@ -159,12 +162,12 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		swaggerServerCACertificate := ctx.String("tls-ca")
 		// load tls cert and key from swagger server tls-certificate and tls-key flags
 		if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
-			if err = operatorapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
+			if err = restapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
 				return err
 			}
 			x509Certs, err := certs.ParsePublicCertFile(swaggerServerCertificate)
 			if err == nil {
-				operatorapi.GlobalPublicCerts = append(operatorapi.GlobalPublicCerts, x509Certs...)
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs...)
 			}
 		}

@@ -172,7 +175,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		if swaggerServerCACertificate != "" {
 			caCert, caCertErr := ioutil.ReadFile(swaggerServerCACertificate)
 			if caCertErr == nil {
-				operatorapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+				restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
 			}
 		}
 	}
@@ -186,20 +189,31 @@ func loadOperatorAllCerts(ctx *cli.Context) error {

 // StartServer starts the console service
 func startOperatorServer(ctx *cli.Context) error {
-	if err := loadOperatorAllCerts(ctx); err != nil {
+	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
-		operatorapi.LogError("Unable to load certs: %v", err)
+		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx operatorapi.Context
 	if err := rctx.Load(ctx); err != nil {
-		operatorapi.LogError("argument validation failed: %v", err)
+		restapi.LogError("argument validation failed: %v", err)
 		return err
 	}

 	server, err := buildOperatorServer()
 	if err != nil {
-		operatorapi.LogError("Unable to initialize console server: %v", err)
+		restapi.LogError("Unable to initialize console server: %v", err)
 		return err
 	}

@@ -212,7 +226,7 @@ func startOperatorServer(ctx *cli.Context) error {
 	operatorapi.Port = strconv.Itoa(server.Port)
 	operatorapi.Hostname = server.Host

-	if len(operatorapi.GlobalPublicCerts) > 0 {
+	if len(restapi.GlobalPublicCerts) > 0 {
 		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
 		server.EnabledListeners = []string{"http", "https"}
--- a/go.mod
+++ b/go.mod
@@ -6,46 +6,49 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cheggaaa/pb/v3 v3.0.8
 	github.com/dustin/go-humanize v1.0.0
+	github.com/fatih/color v1.13.0
 	github.com/go-openapi/errors v0.20.2
 	github.com/go-openapi/loads v0.21.1
-	github.com/go-openapi/runtime v0.23.1
-	github.com/go-openapi/spec v0.20.4
+	github.com/go-openapi/runtime v0.23.3
+	github.com/go-openapi/spec v0.20.5
 	github.com/go-openapi/strfmt v0.21.2
 	github.com/go-openapi/swag v0.21.1
 	github.com/go-openapi/validate v0.21.0
-	github.com/golang-jwt/jwt/v4 v4.3.0
+	github.com/golang-jwt/jwt/v4 v4.4.1
+	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/jessevdk/go-flags v1.5.0
-	github.com/klauspost/compress v1.14.4
+	github.com/klauspost/compress v1.15.1
 	github.com/minio/cli v1.22.0
-	github.com/minio/kes v0.18.0
-	github.com/minio/madmin-go v1.3.5
-	github.com/minio/mc v0.0.0-20220302011226-f13defa54577
-	github.com/minio/minio-go/v7 v7.0.23
-	github.com/minio/operator v0.0.0-20220401213108-1e35dbf22c40
-	github.com/minio/pkg v1.1.20
+	github.com/minio/highwayhash v1.0.2
+	github.com/minio/kes v0.19.2
+	github.com/minio/madmin-go v1.3.14
+	github.com/minio/mc v0.0.0-20220512134321-aa60a8db1e4d
+	github.com/minio/minio-go/v7 v7.0.26
+	github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2
+	github.com/minio/pkg v1.1.23
 	github.com/minio/selfupdate v0.4.0
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/rs/xid v1.3.0
+	github.com/rs/xid v1.4.0
 	github.com/secure-io/sio-go v0.3.1
-	github.com/stretchr/testify v1.7.0
+	github.com/stretchr/testify v1.7.1
 	github.com/tidwall/gjson v1.14.0
 	github.com/unrolled/secure v1.10.0
-	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
-	golang.org/x/net v0.0.0-20220225172249-27dd8689420f
-	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
+	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
+	golang.org/x/net v0.0.0-20220421235706-1d1ef9303861
+	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.23.4
-	k8s.io/apimachinery v0.23.4
-	k8s.io/client-go v0.23.4
+	k8s.io/api v0.23.5
+	k8s.io/apimachinery v0.23.5
+	k8s.io/client-go v0.23.5
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
 )

 require (
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/briandowns/spinner v1.18.1 // indirect
 	github.com/cespare/xxhash/v2 v2.1.2 // indirect
 	github.com/charmbracelet/bubbles v0.10.3 // indirect
 	github.com/charmbracelet/bubbletea v0.20.0 // indirect
@@ -58,7 +61,6 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/fatih/color v1.13.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/gdamore/tcell/v2 v2.4.1-0.20210905002822-f057f0a857a1 // indirect
@@ -66,7 +68,7 @@ require (
 	github.com/go-ole/go-ole v1.2.6 // indirect
 	github.com/go-openapi/analysis v0.21.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
 	github.com/go-stack/stack v1.8.1 // indirect
 	github.com/goccy/go-json v0.9.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -75,7 +77,6 @@ require (
 	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -97,21 +98,21 @@ require (
 	github.com/mattn/go-isatty v0.0.14 // indirect
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
-	github.com/minio/argon2 v1.0.0 // indirect
-	github.com/minio/colorjson v1.0.1 // indirect
+	github.com/minio/colorjson v1.0.2 // indirect
 	github.com/minio/filepath v1.0.0 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/sha256-simd v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/montanaflynn/stats v0.6.6 // indirect
 	github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/termenv v0.11.1-0.20220212125758-44cd13922739 // indirect
 	github.com/navidys/tvxwidgets v0.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/philhofer/fwd v1.1.1 // indirect
+	github.com/philhofer/fwd v1.1.2-0.20210722190033-5c56ac6d0bb9 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/xattr v0.4.5 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -119,8 +120,9 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
 	github.com/prometheus/client_golang v1.12.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/common v0.33.0 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/prom2json v1.3.1 // indirect
 	github.com/rivo/tview v0.0.0-20220216162559-96063d6082f3 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rjeczalik/notify v0.9.2 // indirect
@@ -128,7 +130,7 @@ require (
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	github.com/tinylib/msgp v1.1.6 // indirect
+	github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e // indirect
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
@@ -140,7 +142,7 @@ require (
 	go.uber.org/multierr v1.8.0 // indirect
 	go.uber.org/zap v1.21.0 // indirect
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
-	golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9 // indirect
+	golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect
 	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20220224211638-0e9765cccd65 // indirect
@@ -154,7 +156,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	k8s.io/klog/v2 v2.40.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	maze.io/x/duration v0.0.0-20160924141736-faac084b6075 // indirect
 	sigs.k8s.io/controller-runtime v0.11.1 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
--- a/go.sum
+++ b/go.sum
--- a/integration/access_rules_test.go
+++ b/integration/access_rules_test.go
@@ -0,0 +1,96 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddAccessRuleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddBucket("testaccessruleadd", false, false, nil, nil)
+
+	type args struct {
+		prefix string
+		access string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Access Rule - Valid",
+			args: args{
+				prefix: "/test/",
+				access: "readonly",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Create Group - Invalid",
+			args: args{
+				prefix: "/test/",
+				access: "readonl",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["prefix"] = tt.args.prefix
+			requestDataPolicy["access"] = tt.args.access
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", "http://localhost:9090/api/v1/bucket/testaccessruleadd/access-rules", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
--- a/integration/admin_api_integration_test.go
+++ b/integration/admin_api_integration_test.go
@@ -154,7 +154,6 @@ func NotifyPostgres() (*http.Response, error) {
 }

 func TestNotifyPostgres(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)

@@ -170,11 +169,9 @@ func TestNotifyPostgres(t *testing.T) {
 	if response != nil {
 		assert.Equal(200, response.StatusCode, finalResponse)
 	}
-
 }

 func TestRestartService(t *testing.T) {
-
 	assert := assert.New(t)
 	restartResponse, restartError := RestartService()
 	assert.Nil(restartError)
@@ -190,7 +187,6 @@ func TestRestartService(t *testing.T) {
 			addObjRsp,
 		)
 	}
-
 }

 func ListPoliciesWithBucket(bucketName string) (*http.Response, error) {
@@ -214,7 +210,6 @@ func ListPoliciesWithBucket(bucketName string) (*http.Response, error) {
 }

 func TestListPoliciesWithBucket(t *testing.T) {
-
 	// Test Variables
 	bucketName := "testlistpolicieswithbucket"
 	assert := assert.New(t)
@@ -234,7 +229,6 @@ func TestListPoliciesWithBucket(t *testing.T) {
 			parsedResponse,
 		)
 	}
-
 }

 func ListUsersWithAccessToBucket(bucketName string) (*http.Response, error) {
@@ -258,7 +252,6 @@ func ListUsersWithAccessToBucket(bucketName string) (*http.Response, error) {
 }

 func TestListUsersWithAccessToBucket(t *testing.T) {
-
 	// Test Variables
 	bucketName := "testlistuserswithaccesstobucket1"
 	assert := assert.New(t)
@@ -278,11 +271,9 @@ func TestListUsersWithAccessToBucket(t *testing.T) {
 			parsedResponse,
 		)
 	}
-
 }

 func TestGetNodes(t *testing.T) {
-
 	assert := assert.New(t)
 	getNodesResponse, getNodesError := GetNodes()
 	assert.Nil(getNodesError)
@@ -298,5 +289,42 @@ func TestGetNodes(t *testing.T) {
 			addObjRsp,
 		)
 	}
-
+}
+
+func ArnList() (*http.Response, error) {
+	/*
+		Helper function to get arn list
+		HTTP Verb: GET
+		URL: /api/v1/admin/arns
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/admin/arns", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestArnList(t *testing.T) {
+	assert := assert.New(t)
+	resp, err := ArnList()
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	objRsp := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200,
+			resp.StatusCode,
+			objRsp,
+		)
+	}
 }
--- a/integration/buckets_test.go
+++ b/integration/buckets_test.go
@@ -56,8 +56,7 @@ func inspectHTTPResponse(httpResponse *http.Response) string {
 }

 func initConsoleServer() (*restapi.Server, error) {
-
-	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
+	// os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")

 	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
 	if err != nil {
@@ -79,7 +78,7 @@ func initConsoleServer() (*restapi.Server, error) {
 	// register all APIs
 	server.ConfigureAPI()

-	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
+	// restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts

 	consolePort, _ := strconv.Atoi("9090")

@@ -92,7 +91,6 @@ func initConsoleServer() (*restapi.Server, error) {
 }

 func TestMain(m *testing.M) {
-
 	// start console server
 	go func() {
 		fmt.Println("start server")
@@ -103,7 +101,6 @@ func TestMain(m *testing.M) {
 			return
 		}
 		srv.Serve()
-
 	}()

 	fmt.Println("sleeping")
@@ -132,7 +129,6 @@ func TestMain(m *testing.M) {
 	request.Header.Add("Content-Type", "application/json")

 	response, err := client.Do(request)
-
 	if err != nil {
 		log.Println(err)
 		return
@@ -162,7 +158,7 @@ func TestMain(m *testing.M) {

 	requestDataBody = bytes.NewReader(requestDataJSON)

-	// get list of buckets
+	// delete bucket
 	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test1", requestDataBody)
 	if err != nil {
 		log.Println(err)
--- a/integration/config_test.go
+++ b/integration/config_test.go
@@ -0,0 +1,250 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	tests := []struct {
+		name           string
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name:           "Config - Valid",
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/configs", nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_GetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Config - Valid",
+			args: args{
+				name: "storage_class",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Config - Invalid",
+			args: args{
+				name: "asdf",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s", tt.args.name), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name      string
+		keyValues []map[string]interface{}
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Config - Valid",
+			args: args{
+				name:      "region",
+				keyValues: []map[string]interface{}{{"key": "name", "value": "testServer"}, {"key": "region", "value": "us-west-1"}},
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Config - Invalid",
+			args: args{
+				name:      "regiontest",
+				keyValues: []map[string]interface{}{{"key": "name", "value": "testServer"}, {"key": "region", "value": "us-west-1"}},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataPolicy["key_values"] = tt.args.keyValues
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s", tt.args.name), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_ResetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Reset Config - Valid",
+			args: args{
+				name: "region",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Reset Config - Invalid",
+			args: args{
+				name: "regiontest",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s/reset", tt.args.name), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
--- a/integration/groups_test.go
+++ b/integration/groups_test.go
@@ -0,0 +1,351 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member1", "testtest", []string{}, []string{"consoleAdmin"})
+
+	type args struct {
+		group   string
+		members []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Group - Valid",
+			args: args{
+				group:   "test",
+				members: []string{"member1"},
+			},
+			expectedStatus: 201,
+			expectedError:  nil,
+		},
+		{
+			name: "Create Group - Invalid",
+			args: args{
+				group:   "test",
+				members: []string{},
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["group"] = tt.args.group
+			requestDataPolicy["members"] = tt.args.members
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", "http://localhost:9090/api/v1/groups", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_GetGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member2", "testtest", []string{}, []string{"consoleAdmin"})
+	AddGroup("getgroup1", []string{"member2"})
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Group - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("getgroup1")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Group - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("askfjalkd")),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_ListGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	tests := []struct {
+		name           string
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name:           "Get Group - Valid",
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"GET", "http://localhost:9090/api/v1/groups", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_PutGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member3", "testtest", []string{}, []string{"consoleAdmin"})
+	AddGroup("putgroup1", []string{})
+
+	type args struct {
+		api     string
+		members []string
+		status  string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Put Group - Valid",
+			args: args{
+				api:     base64.StdEncoding.EncodeToString([]byte("putgroup1")),
+				members: []string{"member3"},
+				status:  "enabled",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Put Group - Invalid",
+			args: args{
+				api:     base64.StdEncoding.EncodeToString([]byte("gdgfdfgd")),
+				members: []string{"member3"},
+				status:  "enabled",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataPolicy["members"] = tt.args.members
+			requestDataPolicy["status"] = tt.args.status
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_DeleteGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("grouptests1", []string{})
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+		verb           string
+	}{
+		{
+			name: "Delete Group - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests1")),
+			},
+			verb:           "DELETE",
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Delete Group - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests12345")),
+			},
+			verb:           "DELETE",
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+		{
+			name: "Access Group After Delete - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests1")),
+			},
+			verb:           "GET",
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				tt.verb, fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
--- a/integration/inspect_test.go
+++ b/integration/inspect_test.go
@@ -0,0 +1,106 @@
+package integration
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Inspect(volume string, file string, enc bool) (*http.Response, error) {
+	requestURL := fmt.Sprintf("http://localhost:9090/api/v1/admin/inspect?volume=%s&file=%s&encrypt=%t", volume, file, enc)
+	request, err := http.NewRequest(
+		"GET", requestURL, nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestInspect(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		volume  string
+		file    string
+		encrypt bool
+	}
+
+	// Inspect returns successful response always
+	tests := []struct {
+		name          string
+		args          args
+		expStatusCode int
+		expectedError bool
+	}{
+		{
+			name: "Test Invalid Path",
+			args: args{
+				volume:  "/test-with-slash",
+				file:    "/test-with-slash",
+				encrypt: false,
+			},
+			expStatusCode: 200,
+			expectedError: false,
+		},
+
+		{
+			name: "Test Invalid characters in Path",
+			args: args{
+				volume:  "//test",
+				file:    "//bucket",
+				encrypt: false,
+			},
+			expStatusCode: 200,
+			expectedError: true,
+		},
+		{
+			name: "Test valid bucket",
+			args: args{
+				volume:  "test-bucket",
+				file:    "test.txt",
+				encrypt: true,
+			},
+			expStatusCode: 200,
+			expectedError: false,
+		},
+		{
+			name: "Test Empty Path", // Un processable entity error
+			args: args{
+				volume:  "",
+				file:    "",
+				encrypt: false,
+			},
+			expStatusCode: 422,
+			expectedError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resp, err := Inspect(tt.args.volume, tt.args.file, tt.args.encrypt)
+			if tt.expectedError {
+				assert.Nil(err)
+				if err != nil {
+					log.Println(err)
+					return
+				}
+			}
+			if resp != nil {
+				assert.Equal(
+					tt.expStatusCode,
+					resp.StatusCode,
+				)
+			}
+		})
+	}
+}
--- a/integration/login_test.go
+++ b/integration/login_test.go
@@ -17,7 +17,9 @@
 package integration

 import (
+	"bytes"
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
@@ -30,7 +32,6 @@ import (
 )

 func TestLoginStrategy(t *testing.T) {
-
 	assert := assert.New(t)

 	// image for now:
@@ -68,5 +69,95 @@ func TestLoginStrategy(t *testing.T) {
 		assert.Equal(models.LoginDetailsLoginStrategyForm, loginDetails.LoginStrategy, "Login Details don't match")

 	}
-
+}
+
+func TestLogout(t *testing.T) {
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadmin",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.NotNil(response, "Login response is nil")
+	assert.Nil(err, "Login errored out")
+
+	var loginToken string
+
+	for _, cookie := range response.Cookies() {
+		if cookie.Name == "token" {
+			loginToken = cookie.Value
+			break
+		}
+	}
+
+	if loginToken == "" {
+		log.Println("authentication token not found in cookies response")
+		return
+	}
+
+	request, err = http.NewRequest("POST", "http://localhost:9090/api/v1/logout", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", loginToken))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+
+	assert.NotNil(response, "Logout response is nil")
+	assert.Nil(err, "Logout errored out")
+	assert.Equal(response.StatusCode, 200)
+}
+
+func TestBadLogin(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadminbad",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.Equal(response.StatusCode, 500, "Login request not rejected")
+	assert.NotNil(response, "Login response is  nil")
+	assert.Nil(err, "Login errored out")
 }
--- a/integration/objects_test.go
+++ b/integration/objects_test.go
@@ -0,0 +1,196 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"log"
+	"math/rand"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestObjectGet(t *testing.T) {
+	// for setup we'll create a bucket and upload a file
+	endpoint := "localhost:9000"
+	accessKeyID := "minioadmin"
+	secretAccessKey := "minioadmin"
+
+	// Initialize minio client object.
+	minioClient, err := minio.New(endpoint, &minio.Options{
+		Creds:  credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
+		Secure: false,
+	})
+	if err != nil {
+		log.Fatalln(err)
+	}
+	bucketName := fmt.Sprintf("testbucket-%d", rand.Intn(1000-1)+1)
+	err = minioClient.MakeBucket(context.Background(), bucketName, minio.MakeBucketOptions{Region: "us-east-1", ObjectLocking: true})
+
+	if err != nil {
+		fmt.Println(err)
+	}
+	// upload a simple file
+	fakeFile := "12345678"
+	fileReader := strings.NewReader(fakeFile)
+
+	_, err = minioClient.PutObject(
+		context.Background(),
+		bucketName,
+		"myobject", fileReader, int64(len(fakeFile)), minio.PutObjectOptions{ContentType: "application/octet-stream"})
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+	_, err = minioClient.PutObject(
+		context.Background(),
+		bucketName,
+		"myobject.jpg", fileReader, int64(len(fakeFile)), minio.PutObjectOptions{ContentType: "application/octet-stream"})
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	assert := assert.New(t)
+	type args struct {
+		encodedPrefix string
+		versionID     string
+		bytesRange    string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Preview Object",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Preview image",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=1-4",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Range of bytes empty start",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=-4",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Invalid Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=9-12",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Larger Range of bytes empty start",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=-12",
+			},
+			expectedStatus: 206,
+			expectedError:  nil,
+		},
+		{
+			name: "Get invalid seek start Range of bytes",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject.jpg")),
+				bytesRange:    "bytes=12-16",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Bad Preview Object",
+			args: args{
+				encodedPrefix: "garble",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+		{
+			name: "Bad Version Preview Object",
+			args: args{
+				encodedPrefix: base64.StdEncoding.EncodeToString([]byte("myobject")),
+				versionID:     "garble",
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+			destination := fmt.Sprintf("/api/v1/buckets/%s/objects/download?preview=true&prefix=%s&version_id=%s", bucketName, tt.args.encodedPrefix, tt.args.versionID)
+			finalURL := fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err := http.NewRequest("GET", finalURL, nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			if tt.args.bytesRange != "" {
+				request.Header.Add("Range", tt.args.bytesRange)
+			}
+
+			response, err := client.Do(request)
+
+			assert.NotNil(response, fmt.Sprintf("%s response object is nil", tt.name))
+			assert.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, fmt.Sprintf("%s returned the wrong status code", tt.name))
+			}
+		})
+	}
+}
--- a/integration/policy_test.go
+++ b/integration/policy_test.go
@@ -0,0 +1,796 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/go-openapi/swag"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func AddPolicy(name, definition string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":   name,
+		"policy": definition,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"POST", "http://localhost:9090/api/v1/policies", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func SetPolicy(policies []string, entityName, entityType string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       policies,
+		"entityType": entityType,
+		"entityName": entityName,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"PUT", "http://localhost:9090/api/v1/set-policy", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func Test_AddPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api    string
+		name   string
+		policy *string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Policy - Valid",
+			args: args{
+				api:  "/policies",
+				name: "test",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 201,
+			expectedError:  nil,
+		},
+
+		{
+			name: "Create Policy - Invalid",
+			args: args{
+				api:  "/policies",
+				name: "test2",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation"
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Create Policy - Space in Name",
+			args: args{
+				api:  "/policies",
+				name: "space test",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
+			if tt.args.policy != nil {
+				requestDataPolicy["policy"] = *tt.args.policy
+			}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser1", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup123", []string{})
+	AddPolicy("setpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api        string
+		entityType string
+		entityName string
+		policyName []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["entityName"] = tt.args.entityName
+			requestDataPolicy["entityType"] = tt.args.entityType
+			if tt.args.policyName != nil {
+				requestDataPolicy["name"] = tt.args.policyName
+			}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetPolicyMultipleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser2", "testtest", []string{}, []string{"readwrite"})
+	AddUser("policyuser3", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup1234", []string{})
+	AddPolicy("setpolicytest2", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api    string
+		users  []string
+		groups []string
+		name   []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"setpolicytest2"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"test3"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest2"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest23"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
+			requestDataPolicy["users"] = tt.args.users
+			requestDataPolicy["groups"] = tt.args.groups
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_ListPoliciesAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Policies",
+			args: args{
+				api: "/policies",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_GetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("getpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Policies - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("test3")),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policies - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("getpolicytest")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/policy/%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_PolicyListUsersAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser4", "testtest", []string{}, []string{"readwrite"})
+	AddPolicy("policylistusers", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistusers"}, "policyuser4", "user")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("policylistusers")) + "/users",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("test2")) + "/users",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"policyuser4\"]\n", string(bodyBytes))
+				}
+			}
+		})
+	}
+}
+
+func Test_PolicyListGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("testgroup12345", []string{})
+	AddPolicy("policylistgroups", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistgroups"}, "testgroup12345", "group")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("policylistgroups")) + "/groups",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("test3")) + "/groups",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"testgroup12345\"]\n", string(bodyBytes))
+				}
+			}
+		})
+	}
+}
+
+func Test_DeletePolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("testdelete", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	type args struct {
+		api    string
+		method string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Delete Policies - Valid",
+			args: args{
+				api:    base64.StdEncoding.EncodeToString([]byte("testdelete")),
+				method: "DELETE",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policy After Delete - Invalid",
+			args: args{
+				api:    base64.StdEncoding.EncodeToString([]byte("testdelete")),
+				method: "GET",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				tt.args.method, fmt.Sprintf("http://localhost:9090/api/v1/policy/%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
--- a/integration/profiling_test.go
+++ b/integration/profiling_test.go
@@ -0,0 +1,120 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"archive/zip"
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestStartProfiling(t *testing.T) {
+	testAsser := assert.New(t)
+
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "start/stop profiling",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			files := map[string]bool{
+				"profile-127.0.0.1:9000-goroutines.txt":                false,
+				"profile-127.0.0.1:9000-goroutines-before.txt":         false,
+				"profile-127.0.0.1:9000-goroutines-before,debug=2.txt": false,
+				"profile-127.0.0.1:9000-threads-before.pprof":          false,
+				"profile-127.0.0.1:9000-mem.pprof":                     false,
+				"profile-127.0.0.1:9000-threads.pprof":                 false,
+				"profile-127.0.0.1:9000-cpu.pprof":                     false,
+				"profile-127.0.0.1:9000-mem-before.pprof":              false,
+				"profile-127.0.0.1:9000-block.pprof":                   false,
+				"profile-127.0.0.1:9000-trace.trace":                   false,
+				"profile-127.0.0.1:9000-mutex.pprof":                   false,
+				"profile-127.0.0.1:9000-mutex-before.pprof":            false,
+			}
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			destination := "/api/v1/profiling/start"
+			finalURL := fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err := http.NewRequest("POST", finalURL, strings.NewReader("{\"type\":\"cpu,mem,block,mutex,trace,threads,goroutines\"}"))
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err := client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(201, response.StatusCode)
+
+			time.Sleep(5 * time.Second)
+
+			destination = "/api/v1/profiling/stop"
+			finalURL = fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err = http.NewRequest("POST", finalURL, nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err = client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(200, response.StatusCode)
+			zipFileBytes, err := io.ReadAll(response.Body)
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+			filetype := http.DetectContentType(zipFileBytes)
+			testAsser.Equal("application/zip", filetype)
+
+			zipReader, err := zip.NewReader(bytes.NewReader(zipFileBytes), int64(len(zipFileBytes)))
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+
+			// Read all the files from zip archive
+			for _, zipFile := range zipReader.File {
+				files[zipFile.Name] = true
+			}
+
+			for k, v := range files {
+				testAsser.Equal(true, v, fmt.Sprintf("%s : compressed file expected to have %v file inside", tt.name, k))
+			}
+		})
+	}
+}
--- a/integration/service_account_test.go
+++ b/integration/service_account_test.go
@@ -18,6 +18,7 @@ package integration

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -74,7 +75,8 @@ func TestAddServiceAccount(t *testing.T) {
 		assert.Equal(201, response.StatusCode, "Status Code is incorrect")
 	}

-	requestDataPolicy := map[string]interface{}{"policy": `
+	requestDataPolicy := map[string]interface{}{
+		"policy": `
  {
  "Version": "2012-10-17",
  "Statement": [
@@ -94,7 +96,7 @@ func TestAddServiceAccount(t *testing.T) {
 	requestDataJSON, _ = json.Marshal(requestDataPolicy)
 	requestDataBody = bytes.NewReader(requestDataJSON)
 	request, err = http.NewRequest(
-		"PUT", "http://localhost:9090/api/v1/service-accounts/testuser1/policy", requestDataBody)
+		"PUT", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", requestDataBody)
 	if err != nil {
 		log.Println(err)
 		return
@@ -113,7 +115,7 @@ func TestAddServiceAccount(t *testing.T) {

 	// Test policy
 	request, err = http.NewRequest(
-		"GET", "http://localhost:9090/api/v1/service-accounts/testuser1/policy", nil)
+		"GET", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", nil)
 	if err != nil {
 		log.Println(err)
 		return
@@ -145,7 +147,7 @@ func TestAddServiceAccount(t *testing.T) {
 	// {{baseUrl}}/user?name=proident velit
 	// Investiga como se borra en el browser.
 	request, err = http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/service-accounts/testuser1", nil)
+		"DELETE", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1")), nil)
 	if err != nil {
 		log.Println(err)
 		return
@@ -161,7 +163,6 @@ func TestAddServiceAccount(t *testing.T) {
 		fmt.Println("DELETE StatusCode:", response.StatusCode)
 		assert.Equal(204, response.StatusCode, "has to be 204 when delete user")
 	}
-
 }

 func Test_ServiceAccountsAPI(t *testing.T) {
@@ -238,7 +239,6 @@ func Test_ServiceAccountsAPI(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			client := &http.Client{
 				Timeout: 3 * time.Second,
 			}
@@ -268,10 +268,8 @@ func Test_ServiceAccountsAPI(t *testing.T) {
 			if response != nil {
 				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
 			}
-
 		})
 	}
-
 }

 func DeleteMultipleServiceAccounts(serviceAccounts []string) (*http.Response, error) {
@@ -310,9 +308,9 @@ func TestCreateServiceAccountForUserWithCredentials(t *testing.T) {
 	serviceAccountLengthInBytes := 40 // As observed, update as needed

 	// 1. Create the user
-	var groups = []string{}
-	var policies = []string{}
-	var secretKey = "testcreateserviceaccountforuserwithcrede"
+	groups := []string{}
+	policies := []string{}
+	secretKey := "testcreateserviceaccountforuserwithcrede"
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -405,5 +403,4 @@ func TestCreateServiceAccountForUserWithCredentials(t *testing.T) {
 			inspectHTTPResponse(response),
 		)
 	}
-
 }
--- a/integration/tiers_test.go
+++ b/integration/tiers_test.go
@@ -0,0 +1,53 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTiersList(t *testing.T) {
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/admin/tiers", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.NotNil(response, "Tiers List response is nil")
+	assert.Nil(err, "Tiers List errored out")
+	assert.Equal(response.StatusCode, 200)
+}
--- a/integration/user_api_bucket_test.go
+++ b/integration/user_api_bucket_test.go
@@ -20,6 +20,7 @@ package integration

 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -34,10 +35,12 @@ import (
 	"time"

 	"github.com/minio/console/models"
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
 	"github.com/stretchr/testify/assert"
 )

-func AddBucket(name string, locking bool, versioning bool, quota map[string]interface{}, retention map[string]interface{}) (*http.Response, error) {
+func AddBucket(name string, locking, versioning bool, quota, retention map[string]interface{}) (*http.Response, error) {
 	/*
 	   This is an atomic function that we can re-use to create a bucket on any
 	   desired test.
@@ -69,7 +72,7 @@ func AddBucket(name string, locking bool, versioning bool, quota map[string]inte
 	return response, err
 }

-func BucketGotAdded(name string, locking bool, versioning bool, quota map[string]interface{}, retention map[string]interface{}, assert *assert.Assertions, expected int) bool {
+func BucketGotAdded(name string, locking, versioning bool, quota, retention map[string]interface{}, assert *assert.Assertions, expected int) bool {
 	/*
 		The intention of this function is to return either true or false to
 		reduce the code by performing the verification in one place only.
@@ -148,7 +151,7 @@ func BucketInfo(name string) (*http.Response, error) {
 	return response, err
 }

-func SetBucketRetention(bucketName string, mode string, unit string, validity int) (*http.Response, error) {
+func SetBucketRetention(bucketName, mode, unit string, validity int) (*http.Response, error) {
 	/*
 		Helper function to set bucket's retention
 		PUT: {{baseUrl}}/buckets/:bucket_name/retention
@@ -199,7 +202,7 @@ func GetBucketRetention(bucketName string) (*http.Response, error) {
 	return response, err
 }

-func PutObjectTags(bucketName string, prefix string, tags map[string]string, versionID string) (*http.Response, error) {
+func PutObjectTags(bucketName, prefix string, tags map[string]string, versionID string) (*http.Response, error) {
 	/*
 		Helper function to put object's tags.
 		PUT: /buckets/{bucket_name}/objects/tags?prefix=prefix
@@ -267,7 +270,7 @@ func DeleteMultipleObjects(bucketName string, files []map[string]interface{}) (*
 	return response, err
 }

-func DownloadObject(bucketName string, path string) (*http.Response, error) {
+func DownloadObject(bucketName, path string) (*http.Response, error) {
 	/*
 	   Helper function to download an object from a bucket.
 	   GET: {{baseUrl}}/buckets/bucketName/objects/download?prefix=file
@@ -290,7 +293,7 @@ func DownloadObject(bucketName string, path string) (*http.Response, error) {
 	return response, err
 }

-func UploadAnObject(bucketName string, fileName string) (*http.Response, error) {
+func UploadAnObject(bucketName, fileName string) (*http.Response, error) {
 	/*
 		Helper function to upload a file to a bucket for testing.
 		POST {{baseUrl}}/buckets/:bucket_name/objects/upload
@@ -299,10 +302,10 @@ func UploadAnObject(bucketName string, fileName string) (*http.Response, error)
 	boundaryStart := "------" + boundary + "\r\n"
 	contentDispositionOne := "Content-Disposition: form-data; name=\"2\"; "
 	contentDispositionTwo := "filename=\"" + fileName + "\"\r\n"
-	contenType := "Content-Type: text/plain\r\n\r\na\n\r\n"
+	contentType := "Content-Type: text/plain\r\n\r\na\n\r\n"
 	boundaryEnd := "------" + boundary + "--\r\n"
 	file := boundaryStart + contentDispositionOne + contentDispositionTwo +
-		contenType + boundaryEnd
+		contentType + boundaryEnd
 	arrayOfBytes := []byte(file)
 	requestDataBody := bytes.NewReader(arrayOfBytes)
 	request, err := http.NewRequest(
@@ -325,7 +328,7 @@ func UploadAnObject(bucketName string, fileName string) (*http.Response, error)
 	return response, err
 }

-func DeleteObject(bucketName string, path string, recursive bool, allVersions bool) (*http.Response, error) {
+func DeleteObject(bucketName, path string, recursive, allVersions bool) (*http.Response, error) {
 	/*
 	   Helper function to delete an object from a given bucket.
 	   DELETE:
@@ -351,7 +354,7 @@ func DeleteObject(bucketName string, path string, recursive bool, allVersions bo
 	return response, err
 }

-func ListObjects(bucketName string, prefix string, withVersions string) (*http.Response, error) {
+func ListObjects(bucketName, prefix, withVersions string) (*http.Response, error) {
 	/*
 		Helper function to list objects in a bucket.
 		GET: {{baseUrl}}/buckets/:bucket_name/objects
@@ -371,7 +374,7 @@ func ListObjects(bucketName string, prefix string, withVersions string) (*http.R
 	return response, err
 }

-func SharesAnObjectOnAUrl(bucketName string, prefix string, versionID string, expires string) (*http.Response, error) {
+func SharesAnObjectOnAUrl(bucketName, prefix, versionID, expires string) (*http.Response, error) {
 	// Helper function to share an object on a url
 	request, err := http.NewRequest(
 		"GET",
@@ -390,7 +393,7 @@ func SharesAnObjectOnAUrl(bucketName string, prefix string, versionID string, ex
 	return response, err
 }

-func PutObjectsRetentionStatus(bucketName string, prefix string, versionID string, mode string, expires string, governanceBypass bool) (*http.Response, error) {
+func PutObjectsRetentionStatus(bucketName, prefix, versionID, mode, expires string, governanceBypass bool) (*http.Response, error) {
 	requestDataAdd := map[string]interface{}{
 		"mode":              mode,
 		"expires":           expires,
@@ -415,7 +418,7 @@ func PutObjectsRetentionStatus(bucketName string, prefix string, versionID strin
 	return response, err
 }

-func GetsTheMetadataOfAnObject(bucketName string, prefix string) (*http.Response, error) {
+func GetsTheMetadataOfAnObject(bucketName, prefix string) (*http.Response, error) {
 	/*
 		Gets the metadata of an object
 		GET
@@ -466,7 +469,7 @@ func PutBucketsTags(bucketName string, tags map[string]string) (*http.Response,
 	return response, err
 }

-func RestoreObjectToASelectedVersion(bucketName string, prefix string, versionID string) (*http.Response, error) {
+func RestoreObjectToASelectedVersion(bucketName, prefix, versionID string) (*http.Response, error) {
 	request, err := http.NewRequest(
 		"PUT",
 		"http://localhost:9090/api/v1/buckets/"+bucketName+"/objects/restore?prefix="+prefix+"&version_id="+versionID,
@@ -484,7 +487,7 @@ func RestoreObjectToASelectedVersion(bucketName string, prefix string, versionID
 	return response, err
 }

-func BucketSetPolicy(bucketName string, access string, definition string) (*http.Response, error) {
+func BucketSetPolicy(bucketName, access, definition string) (*http.Response, error) {
 	/*
 		Helper function to set policy on a bucket
 		Name: Bucket Set Policy
@@ -519,7 +522,7 @@ func BucketSetPolicy(bucketName string, access string, definition string) (*http
 	return response, err
 }

-func DeleteObjectsRetentionStatus(bucketName string, prefix string, versionID string) (*http.Response, error) {
+func DeleteObjectsRetentionStatus(bucketName, prefix, versionID string) (*http.Response, error) {
 	/*
 		Helper function to Delete Object Retention Status
 		DELETE:
@@ -629,7 +632,7 @@ func GetBucketQuota(bucketName string) (*http.Response, error) {
 	return response, err
 }

-func PutObjectsLegalholdStatus(bucketName string, prefix string, status string, versionID string) (*http.Response, error) {
+func PutObjectsLegalholdStatus(bucketName, prefix, status, versionID string) (*http.Response, error) {
 	// Helper function to test "Put Object's legalhold status" end point
 	requestDataAdd := map[string]interface{}{
 		"status": status,
@@ -654,7 +657,6 @@ func PutObjectsLegalholdStatus(bucketName string, prefix string, status string,
 }

 func TestPutObjectsLegalholdStatus(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "testputobjectslegalholdstatus"
@@ -742,11 +744,9 @@ func TestPutObjectsLegalholdStatus(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestGetBucketQuota(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	validBucket := "testgetbucketquota"
@@ -821,11 +821,9 @@ func TestGetBucketQuota(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestPutBucketQuota(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	validBucket := "testputbucketquota"
@@ -882,11 +880,9 @@ func TestPutBucketQuota(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestListBucketEvents(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	validBucket := "testlistbucketevents"
@@ -922,7 +918,6 @@ func TestListBucketEvents(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			restResp, restErr := ListBucketEvents(
 				tt.args.bucketName,
 			)
@@ -939,14 +934,11 @@ func TestListBucketEvents(t *testing.T) {
 					finalResponse,
 				)
 			}
-
 		})
 	}
-
 }

 func TestDeleteObjectsRetentionStatus(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "testdeleteobjectslegalholdstatus"
@@ -1053,11 +1045,9 @@ func TestDeleteObjectsRetentionStatus(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestBucketSetPolicy(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	validBucketName := "testbucketsetpolicy"
@@ -1093,7 +1083,6 @@ func TestBucketSetPolicy(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			// Set Policy
 			restResp, restErr := BucketSetPolicy(
 				tt.args.bucketName,
@@ -1113,14 +1102,11 @@ func TestBucketSetPolicy(t *testing.T) {
 					finalResponse,
 				)
 			}
-
 		})
 	}
-
 }

 func TestRestoreObjectToASelectedVersion(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "testrestoreobjectstoselectedversion"
@@ -1208,11 +1194,9 @@ func TestRestoreObjectToASelectedVersion(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestPutBucketsTags(t *testing.T) {
-
 	// Focused test for "Put Bucket's tags" endpoint

 	// 1. Create the bucket
@@ -1247,7 +1231,6 @@ func TestPutBucketsTags(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			// 2. Add a tag to the bucket
 			tags := make(map[string]string)
 			tags["tag2"] = "tag2"
@@ -1263,14 +1246,11 @@ func TestPutBucketsTags(t *testing.T) {
 					tt.expectedStatus, putBucketTagResponse.StatusCode,
 					inspectHTTPResponse(putBucketTagResponse))
 			}
-
 		})
 	}
-
 }

 func TestGetsTheMetadataOfAnObject(t *testing.T) {
-
 	// Vars
 	assert := assert.New(t)
 	bucketName := "testgetsthemetadataofanobject"
@@ -1324,7 +1304,6 @@ func TestGetsTheMetadataOfAnObject(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			// 3. Get the metadata from an object
 			getRsp, getErr := GetsTheMetadataOfAnObject(
 				bucketName, tt.args.prefix)
@@ -1340,14 +1319,11 @@ func TestGetsTheMetadataOfAnObject(t *testing.T) {
 					inspectHTTPResponse(getRsp),
 				)
 			}
-
 		})
 	}
-
 }

 func TestPutObjectsRetentionStatus(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "testputobjectsretentionstatus"
@@ -1436,7 +1412,6 @@ func TestPutObjectsRetentionStatus(t *testing.T) {
 			}
 		})
 	}
-
 }

 func TestShareObjectOnURL(t *testing.T) {
@@ -1498,7 +1473,6 @@ func TestShareObjectOnURL(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			// 3. Share the object on a URL
 			shareResponse, shareError := SharesAnObjectOnAUrl(bucketName, tt.args.prefix, versionID, "604800s")
 			assert.Nil(shareError)
@@ -1514,10 +1488,8 @@ func TestShareObjectOnURL(t *testing.T) {
 					finalResponse,
 				)
 			}
-
 		})
 	}
-
 }

 func TestListObjects(t *testing.T) {
@@ -1564,7 +1536,6 @@ func TestListObjects(t *testing.T) {
 	assert.True(
 		strings.Contains(finalResponse, "testlistobjecttobucket1"),
 		finalResponse)
-
 }

 func TestDeleteObject(t *testing.T) {
@@ -1633,7 +1604,6 @@ func TestDeleteObject(t *testing.T) {
 		strings.Contains(
 			finalResponse,
 			"testdeleteobjectfile1.txt"), finalResponse) // Gone
-
 }

 func TestUploadObjectToBucket(t *testing.T) {
@@ -1664,7 +1634,6 @@ func TestUploadObjectToBucket(t *testing.T) {
 	if uploadResponse != nil {
 		assert.Equal(200, uploadResponse.StatusCode, finalResponse)
 	}
-
 }

 func TestDownloadObject(t *testing.T) {
@@ -1731,7 +1700,6 @@ func TestDownloadObject(t *testing.T) {
 		// path/to/whatever does not exist
 		assert.Fail("File wasn't downloaded")
 	}
-
 }

 func TestDeleteMultipleObjects(t *testing.T) {
@@ -1806,7 +1774,6 @@ func TestDeleteMultipleObjects(t *testing.T) {
 	// 5. Verify empty list is obtained as we deleted all the objects
 	expected := "Http Response: {\"objects\":null}\n"
 	assert.Equal(expected, finalResponse, finalResponse)
-
 }

 func TestPutObjectTag(t *testing.T) {
@@ -1872,7 +1839,6 @@ func TestPutObjectTag(t *testing.T) {
 	assert.True(
 		strings.Contains(finalResponse, tags["tag"]),
 		finalResponse)
-
 }

 func TestBucketRetention(t *testing.T) {
@@ -1941,7 +1907,6 @@ func TestBucketRetention(t *testing.T) {
 	}
 	expected := "Http Response: {\"mode\":\"compliance\",\"unit\":\"years\",\"validity\":3}\n"
 	assert.Equal(expected, finalResponse, finalResponse)
-
 }

 func TestBucketInformationGenericErrorResponse(t *testing.T) {
@@ -1987,7 +1952,6 @@ func TestBucketInformationGenericErrorResponse(t *testing.T) {
 	// Since bucketinformation3 hasn't been created, then it is expected that
 	// tag2 is not part of the response, this is why assert.False is used.
 	assert.False(strings.Contains(finalResponse, "tag2"), finalResponse)
-
 }

 func TestBucketInformationSuccessfulResponse(t *testing.T) {
@@ -2038,51 +2002,66 @@ func TestBucketInformationSuccessfulResponse(t *testing.T) {
 	assert.True(
 		strings.Contains(debugResponse, "tag1"),
 		inspectHTTPResponse(bucketInfoResponse))
-
 }

 func TestDeleteBucket(t *testing.T) {
 	/*
 		Test to delete a bucket
 	*/
-
-	// 1. Create the bucket
 	assert := assert.New(t)
-	if !BucketGotAdded("testdeletebucket1", false, false, nil, nil, assert, 201) {
-		return
+	type args struct {
+		bucketName       string
+		createBucketName string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+	}{
+		{
+			name:           "Delete a bucket",
+			expectedStatus: 204,
+			args: args{
+				bucketName:       "testdeletebucket1",
+				createBucketName: "testdeletebucket1",
+			},
+		}, {
+			name:           "Delete invalid bucket",
+			expectedStatus: 404,
+			args: args{
+				bucketName:       "nonexistingbucket",
+				createBucketName: "",
+			},
+		},
 	}

-	// 2. Delete the bucket
-	deleteBucketResponse, deleteBucketError := DeleteBucket("testdeletebucket1")
-	assert.Nil(deleteBucketError)
-	if deleteBucketError != nil {
-		log.Println(deleteBucketError)
-		return
-	}
-	if deleteBucketResponse != nil {
-		assert.Equal(
-			204, deleteBucketResponse.StatusCode, "Status Code is incorrect")
+	// Initialize minio client object.
+	minioClient, err := minio.New("localhost:9000", &minio.Options{
+		Creds:  credentials.NewStaticV4("minioadmin", "minioadmin", ""),
+		Secure: false,
+	})
+	if err != nil {
+		log.Fatalln(err)
 	}

-	// 3. Verify the bucket is gone by trying to put a tag
-	tags := make(map[string]string)
-	tags["tag1"] = "tag1"
-	putBucketTagResponse, putBucketTagError := PutBucketsTags(
-		"testdeletebucket1", tags)
-	if putBucketTagError != nil {
-		log.Println(putBucketTagError)
-		assert.Fail("Error adding a tag to the bucket")
-		return
-	}
-	finalResponse := inspectHTTPResponse(putBucketTagResponse)
-	if putBucketTagResponse != nil {
-		assert.Equal(
-			500, putBucketTagResponse.StatusCode,
-			finalResponse)
-	}
-	assert.True(
-		strings.Contains(finalResponse, "The specified bucket does not exist"))
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Create bucket if needed for the test
+			if tt.args.createBucketName != "" {
+				if err := minioClient.MakeBucket(context.Background(), tt.args.createBucketName, minio.MakeBucketOptions{}); err != nil {
+					assert.Failf("Failed to create bucket", "Could not create bucket %s: %v", tt.args.createBucketName, err)
+				}
+			}

+			// Delete the bucket
+			deleteBucketResponse, deleteBucketError := DeleteBucket(tt.args.bucketName)
+			assert.Nil(deleteBucketError)
+			if deleteBucketResponse != nil {
+				assert.Equal(
+					tt.expectedStatus, deleteBucketResponse.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
 }

 func TestListBuckets(t *testing.T) {
@@ -2093,7 +2072,7 @@ func TestListBuckets(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create buckets
-	var numberOfBuckets = 3
+	numberOfBuckets := 3
 	for i := 1; i <= numberOfBuckets; i++ {
 		if !BucketGotAdded("testlistbuckets"+strconv.Itoa(i), false, false, nil, nil, assert, 201) {
 			return
@@ -2122,11 +2101,9 @@ func TestListBuckets(t *testing.T) {
 		assert.True(strings.Contains(string(b),
 			"testlistbuckets"+strconv.Itoa(i)))
 	}
-
 }

 func TestBucketsGet(t *testing.T) {
-
 	assert := assert.New(t)

 	client := &http.Client{
@@ -2164,11 +2141,9 @@ func TestBucketsGet(t *testing.T) {
 		assert.Greater(listBuckets.Total, int64(0), "Total buckets is 0")

 	}
-
 }

 func TestBucketVersioning(t *testing.T) {
-
 	assert := assert.New(t)

 	client := &http.Client{
@@ -2268,11 +2243,9 @@ func TestBucketVersioning(t *testing.T) {
 	if response != nil {
 		fmt.Println("DELETE StatusCode:", response.StatusCode)
 	}
-
 }

 func TestSetBucketTags(t *testing.T) {
-
 	assert := assert.New(t)

 	client := &http.Client{
@@ -2338,11 +2311,9 @@ func TestSetBucketTags(t *testing.T) {
 	}

 	assert.Equal("TAG", bucket.Details.Tags["test"], "Failed to add tag")
-
 }

 func TestGetBucket(t *testing.T) {
-
 	assert := assert.New(t)

 	client := &http.Client{
@@ -2373,11 +2344,9 @@ func TestGetBucket(t *testing.T) {
 	if response != nil {
 		assert.Equal(200, response.StatusCode, "Status Code is incorrect")
 	}
-
 }

 func TestAddBucket(t *testing.T) {
-
 	assert := assert.New(t)
 	type args struct {
 		bucketName string
@@ -2409,10 +2378,9 @@ func TestAddBucket(t *testing.T) {
 			}
 		})
 	}
-
 }

-func CreateBucketEvent(bucketName string, ignoreExisting bool, arn string, prefix string, suffix string, events []string) (*http.Response, error) {
+func CreateBucketEvent(bucketName string, ignoreExisting bool, arn, prefix, suffix string, events []string) (*http.Response, error) {
 	/*
 		Helper function to create bucket event
 		POST: /buckets/{bucket_name}/events
@@ -2456,7 +2424,7 @@ func CreateBucketEvent(bucketName string, ignoreExisting bool, arn string, prefi
 	return response, err
 }

-func DeleteBucketEvent(bucketName string, arn string, events []string, prefix string, suffix string) (*http.Response, error) {
+func DeleteBucketEvent(bucketName, arn string, events []string, prefix, suffix string) (*http.Response, error) {
 	/*
 		Helper function to test Delete Bucket Event
 		DELETE: /buckets/{bucket_name}/events/{arn}
@@ -2491,7 +2459,6 @@ func DeleteBucketEvent(bucketName string, arn string, events []string, prefix st
 }

 func TestDeleteBucketEvent(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)

@@ -2571,10 +2538,9 @@ func TestDeleteBucketEvent(t *testing.T) {
 			efinalResponseEvent,
 		)
 	}
-
 }

-func SetMultiBucketReplication(accessKey string, secretKey string, targetURL string, region string, originBucket string, destinationBucket string, syncMode string, bandwidth int, healthCheckPeriod int, prefix string, tags string, replicateDeleteMarkers bool, replicateDeletes bool, priority int, storageClass string, replicateMetadata bool) (*http.Response, error) {
+func SetMultiBucketReplication(accessKey, secretKey, targetURL, region, originBucket, destinationBucket, syncMode string, bandwidth, healthCheckPeriod int, prefix, tags string, replicateDeleteMarkers, replicateDeletes bool, priority int, storageClass string, replicateMetadata bool) (*http.Response, error) {
 	/*
 		Helper function
 		URL: /buckets-replication
@@ -2716,7 +2682,7 @@ func DeleteMultipleReplicationRules(bucketName string, rules []string) (*http.Re
 	return response, err
 }

-func DeleteBucketReplicationRule(bucketName string, ruleID string) (*http.Response, error) {
+func DeleteBucketReplicationRule(bucketName, ruleID string) (*http.Response, error) {
 	/*
 		Helper function to delete a bucket's replication rule
 		URL: /buckets/{bucket_name}/replication/{rule_id}
@@ -2740,7 +2706,6 @@ func DeleteBucketReplicationRule(bucketName string, ruleID string) (*http.Respon
 }

 func TestReplication(t *testing.T) {
-
 	// Vars
 	assert := assert.New(t)
 	originBucket := "testputobjectslegalholdstatus"
@@ -2799,7 +2764,7 @@ func TestReplication(t *testing.T) {
 	}

 	assert.Greater(len(structBucketRepl.Rules), 0, "Number of expected rules is 0")
-	if len(structBucketRepl.Rules) == 0 {
+	if len(structBucketRepl.Rules) == 0 || len(structBucketRepl.Rules) < 3 {
 		return
 	}
 	// 4. Verify rules are enabled
@@ -2898,7 +2863,7 @@ func ReturnsTheStatusOfObjectLockingSupportOnTheBucket(bucketName string) (*http
 	return BaseGetFunction(bucketName, endPoint)
 }

-func BaseGetFunction(bucketName string, endPoint string) (*http.Response, error) {
+func BaseGetFunction(bucketName, endPoint string) (*http.Response, error) {
 	request, err := http.NewRequest(
 		"GET",
 		"http://localhost:9090/api/v1/buckets/"+bucketName+"/"+endPoint, nil)
@@ -2947,7 +2912,6 @@ func TestReturnsTheStatusOfObjectLockingSupportOnTheBucket(t *testing.T) {
 		true,
 		structBucketLocking,
 	)
-
 }

 func SetBucketVersioning(bucketName string, versioning bool) (*http.Response, error) {
@@ -2975,7 +2939,6 @@ func SetBucketVersioning(bucketName string, versioning bool) (*http.Response, er
 }

 func TestSetBucketVersioning(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucket := "test-set-bucket-versioning"
@@ -3018,20 +2981,17 @@ func TestSetBucketVersioning(t *testing.T) {
 		assert.Nil(err)
 	}
 	assert.Equal(false, result.IsVersioned, result)
-
 }

-func EnableBucketEncryption(bucketName string, encType string, kmsKeyID string) (*http.Response, error) {
-	/*
-		Helper function to enable bucket encryption
-		HTTP Verb: POST
-		URL: /buckets/{bucket_name}/encryption/enable
-		Body:
-		{
-			"encType":"sse-s3",
-			"kmsKeyID":""
-		}
-	*/
+func EnableBucketEncryption(bucketName, encType, kmsKeyID string) (*http.Response, error) {
+	// Helper function to enable bucket encryption
+	// HTTP Verb: POST
+	// URL: /buckets/{bucket_name}/encryption/enable
+	// Body:
+	// {
+	// 	"encType":"sse-s3",
+	// 	"kmsKeyID":""
+	// }
 	requestDataAdd := map[string]interface{}{
 		"encType":  encType,
 		"kmsKeyID": kmsKeyID,
@@ -3055,7 +3015,6 @@ func EnableBucketEncryption(bucketName string, encType string, kmsKeyID string)
 }

 func TestEnableBucketEncryption(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "test-enable-bucket-encryption"
@@ -3133,7 +3092,6 @@ func TestEnableBucketEncryption(t *testing.T) {
 	}
 	dereferencedPointerDetailedMessage := *result2.DetailedMessage
 	assert.Equal("error server side encryption configuration not found", dereferencedPointerDetailedMessage, dereferencedPointerDetailedMessage)
-
 }

 func GetBucketEncryptionInformation(bucketName string) (*http.Response, error) {
@@ -3180,24 +3138,23 @@ func DisableBucketEncryption(bucketName string) (*http.Response, error) {
 	return response, err
 }

-func UpdateLifecycleRule(bucketName string, Type string, disable bool, prefix string, tags string, expiredObjectDeleteMarker bool, expiryDays int64, noncurrentversionExpirationDays int64, lifecycleID string) (*http.Response, error) {
-	/*
-		Helper function to update lifecycle rule
-		HTTP Verb: PUT
-		URL: /buckets/{bucket_name}/lifecycle/{lifecycle_id}
-		Body Example:
-		{
-			"type":"expiry",
-			"disable":false,
-			"prefix":"",
-			"tags":"",
-			"expired_object_delete_marker":false,
-			"expiry_days":2,
-			"noncurrentversion_expiration_days":0
-		}
-	*/
+func UpdateLifecycleRule(bucketName, ltype string, disable bool, prefix, tags string, expiredObjectDeleteMarker bool, expiryDays, noncurrentversionExpirationDays int64, lifecycleID string) (*http.Response, error) {
+	// Helper function to update lifecycle rule
+	// HTTP Verb: PUT
+	// URL: /buckets/{bucket_name}/lifecycle/{lifecycle_id}
+	// Body Example:
+	// {
+	// 	"type":"expiry",
+	// 	"disable":false,
+	// 	"prefix":"",
+	// 	"tags":"",
+	// 	"expired_object_delete_marker":false,
+	// 	"expiry_days":2,
+	// 	"noncurrentversion_expiration_days":0
+	// }
+
 	requestDataAdd := map[string]interface{}{
-		"type":                              Type,
+		"type":                              ltype,
 		"disable":                           disable,
 		"prefix":                            prefix,
 		"tags":                              tags,
@@ -3223,28 +3180,26 @@ func UpdateLifecycleRule(bucketName string, Type string, disable bool, prefix st
 }

 func GetBucketLifeCycle(bucketName string) (*http.Response, error) {
-	/*
-		Get Bucket Lifecycle
-		HTTP Verb: GET
-		URL: /buckets/{bucket_name}/lifecycle
-		Response Example:
-		{
-			"lifecycle": [
-				{
-					"expiration": {
-						"date": "0001-01-01T00:00:00Z",
-						"days": 1
-					},
-					"id": "c8nmpte49b3m6uu3pac0",
-					"status": "Enabled",
-					"tags": null,
-					"transition": {
-						"date": "0001-01-01T00:00:00Z"
-					}
-				}
-			]
-		}
-	*/
+	// Get Bucket Lifecycle
+	// HTTP Verb: GET
+	// URL: /buckets/{bucket_name}/lifecycle
+	// Response Example:
+	// {
+	// 	"lifecycle": [
+	// 		{
+	// 			"expiration": {
+	// 				"date": "0001-01-01T00:00:00Z",
+	// 				"days": 1
+	// 			},
+	// 			"id": "c8nmpte49b3m6uu3pac0",
+	// 			"status": "Enabled",
+	// 			"tags": null,
+	// 			"transition": {
+	// 				"date": "0001-01-01T00:00:00Z"
+	// 			}
+	// 		}
+	// 	]
+	// }
 	request, err := http.NewRequest(
 		"GET", "http://localhost:9090/api/v1/buckets/"+bucketName+"/lifecycle", nil)
 	if err != nil {
@@ -3259,24 +3214,22 @@ func GetBucketLifeCycle(bucketName string) (*http.Response, error) {
 	return response, err
 }

-func AddBucketLifecycle(bucketName string, Type string, prefix string, tags string, expiredObjectDeleteMarker bool, expiryDays int64, noncurrentversionExpirationDays int64) (*http.Response, error) {
-	/*
-		Helper function to add bucket lifecycle
-		URL: /buckets/{bucket_name}/lifecycle
-		HTTP Verb: POST
-		Body Example:
-		{
-			"type":"expiry",
-			"prefix":"",
-			"tags":"",
-			"expired_object_delete_marker":false,
-			"expiry_days":1,
-			"noncurrentversion_expiration_days":null
-		}
-	*/
+func AddBucketLifecycle(bucketName, ltype, prefix, tags string, expiredObjectDeleteMarker bool, expiryDays, noncurrentversionExpirationDays int64) (*http.Response, error) {
+	// Helper function to add bucket lifecycle
+	// URL: /buckets/{bucket_name}/lifecycle
+	// HTTP Verb: POST
+	// Body Example:
+	// {
+	// 	"type":"expiry",
+	// 	"prefix":"",
+	// 	"tags":"",
+	// 	"expired_object_delete_marker":false,
+	// 	"expiry_days":1,
+	// 	"noncurrentversion_expiration_days":null
+	// }
 	// Needed Parameters for API Call
 	requestDataAdd := map[string]interface{}{
-		"type":                              Type,
+		"type":                              ltype,
 		"prefix":                            prefix,
 		"tags":                              tags,
 		"expired_object_delete_marker":      expiredObjectDeleteMarker,
@@ -3306,12 +3259,10 @@ func AddBucketLifecycle(bucketName string, Type string, prefix string, tags stri
 	return response, err
 }

-func DeleteLifecycleRule(bucketName string, lifecycleID string) (*http.Response, error) {
-	/*
-		Helper function to delete lifecycle rule
-		HTTP Verb: DELETE
-		URL: /buckets/{bucket_name}/lifecycle/{lifecycle_id}
-	*/
+func DeleteLifecycleRule(bucketName, lifecycleID string) (*http.Response, error) {
+	// Helper function to delete lifecycle rule
+	// HTTP Verb: DELETE
+	// URL: /buckets/{bucket_name}/lifecycle/{lifecycle_id}
 	request, err := http.NewRequest(
 		"DELETE", "http://localhost:9090/api/v1/buckets/"+bucketName+"/lifecycle/"+lifecycleID, nil)
 	if err != nil {
@@ -3327,13 +3278,12 @@ func DeleteLifecycleRule(bucketName string, lifecycleID string) (*http.Response,
 }

 func TestBucketLifeCycle(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "test-bucket-life-cycle"
 	locking := false
 	versioning := false
-	Type := "expiry"
+	ltype := "expiry"
 	prefix := ""
 	tags := ""
 	var expiryDays int64 = 1
@@ -3350,7 +3300,7 @@ func TestBucketLifeCycle(t *testing.T) {
 	// 2. Add Bucket Lifecycle
 	resp, err := AddBucketLifecycle(
 		bucketName,
-		Type,
+		ltype,
 		prefix,
 		tags,
 		expiredObjectDeleteMarker,
@@ -3394,7 +3344,7 @@ func TestBucketLifeCycle(t *testing.T) {
 	// 4. Update from 1 day expiration to 2 days expiration
 	resp, err = UpdateLifecycleRule(
 		bucketName,
-		Type,
+		ltype,
 		disable,
 		prefix,
 		tags,
@@ -3457,10 +3407,9 @@ func TestBucketLifeCycle(t *testing.T) {
 		assert.Equal(
 			404, resp.StatusCode, "Status Code is incorrect")
 	}
-
 }

-func SetAccessRuleWithBucket(bucketName string, prefix string, access string) (*http.Response, error) {
+func SetAccessRuleWithBucket(bucketName, prefix, access string) (*http.Response, error) {
 	/*
 		Helper function to Set Access Rule within Bucket
 		HTTP Verb: PUT
@@ -3515,7 +3464,7 @@ func ListAccessRulesWithBucket(bucketName string) (*http.Response, error) {
 	return response, err
 }

-func DeleteAccessRuleWithBucket(bucketName string, prefix string) (*http.Response, error) {
+func DeleteAccessRuleWithBucket(bucketName, prefix string) (*http.Response, error) {
 	/*
 		Helper function to Delete Access Rule With Bucket
 		HTTP Verb: DELETE
@@ -3545,7 +3494,6 @@ func DeleteAccessRuleWithBucket(bucketName string, prefix string) (*http.Respons
 }

 func TestAccessRule(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "test-access-rule-bucket"
@@ -3637,10 +3585,9 @@ func TestAccessRule(t *testing.T) {
 	} else {
 		assert.Fail("Access Rule not deleted")
 	}
-
 }

-func GetBucketRewind(bucketName string, date string) (*http.Response, error) {
+func GetBucketRewind(bucketName, date string) (*http.Response, error) {
 	/*
 		Helper function to get objects in a bucket for a rewind date
 		HTTP Verb: GET
@@ -3664,7 +3611,6 @@ func GetBucketRewind(bucketName string, date string) (*http.Response, error) {
 }

 func TestGetBucketRewind(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)
 	bucketName := "test-get-bucket-rewind"
@@ -3681,5 +3627,4 @@ func TestGetBucketRewind(t *testing.T) {
 		assert.Equal(
 			200, resp.StatusCode, inspectHTTPResponse(resp))
 	}
-
 }
--- a/integration/users_test.go
+++ b/integration/users_test.go
@@ -18,6 +18,7 @@ package integration

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -31,7 +32,7 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func AddUser(accessKey string, secretKey string, groups []string, policies []string) (*http.Response, error) {
+func AddUser(accessKey, secretKey string, groups, policies []string) (*http.Response, error) {
 	/*
 		This is an atomic function to add user and can be reused across
 		different functions.
@@ -62,6 +63,7 @@ func AddUser(accessKey string, secretKey string, groups []string, policies []str
 }

 func DeleteUser(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		This is an atomic function to delete user and can be reused across
 		different functions.
@@ -70,7 +72,7 @@ func DeleteUser(userName string) (*http.Response, error) {
 		Timeout: 3 * time.Second,
 	}
 	request, err := http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/user?name="+userName, nil)
+		"DELETE", "http://localhost:9090/api/v1/user/"+userName, nil)
 	if err != nil {
 		log.Println(err)
 	}
@@ -80,7 +82,7 @@ func DeleteUser(userName string) (*http.Response, error) {
 	return response, err
 }

-func ListUsers(offset string, limit string) (*http.Response, error) {
+func ListUsers(offset, limit string) (*http.Response, error) {
 	/*
 		This is an atomic function to list users.
 		{{baseUrl}}/users?offset=-5480083&limit=-5480083
@@ -102,6 +104,7 @@ func ListUsers(offset string, limit string) (*http.Response, error) {
 }

 func GetUserInformation(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to get user information via API:
 		{{baseUrl}}/user?name=proident velit
@@ -111,7 +114,7 @@ func GetUserInformation(userName string) (*http.Response, error) {
 	}
 	request, err := http.NewRequest(
 		"GET",
-		"http://localhost:9090/api/v1/user?name="+userName,
+		"http://localhost:9090/api/v1/user/"+userName,
 		nil)
 	if err != nil {
 		log.Println(err)
@@ -122,7 +125,8 @@ func GetUserInformation(userName string) (*http.Response, error) {
 	return response, err
 }

-func UpdateUserInformation(name string, status string, groups []string) (*http.Response, error) {
+func UpdateUserInformation(name, status string, groups []string) (*http.Response, error) {
+	name = base64.StdEncoding.EncodeToString([]byte(name))
 	/*
 		Helper function to update user information:
 		PUT: {{baseUrl}}/user?name=proident velit
@@ -145,7 +149,7 @@ func UpdateUserInformation(name string, status string, groups []string) (*http.R
 	requestDataJSON, _ := json.Marshal(requestDataAdd)
 	requestDataBody := bytes.NewReader(requestDataJSON)
 	request, err := http.NewRequest(
-		"PUT", "http://localhost:9090/api/v1/user?name="+name, requestDataBody)
+		"PUT", "http://localhost:9090/api/v1/user/"+name, requestDataBody)
 	if err != nil {
 		log.Println(err)
 	}
@@ -156,6 +160,7 @@ func UpdateUserInformation(name string, status string, groups []string) (*http.R
 }

 func RemoveUser(name string) (*http.Response, error) {
+	name = base64.StdEncoding.EncodeToString([]byte(name))
 	/*
 		Helper function to remove user.
 		DELETE: {{baseUrl}}/user?name=proident velit
@@ -164,7 +169,7 @@ func RemoveUser(name string) (*http.Response, error) {
 		Timeout: 3 * time.Second,
 	}
 	request, err := http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/user?name="+name, nil)
+		"DELETE", "http://localhost:9090/api/v1/user/"+name, nil)
 	if err != nil {
 		log.Println(err)
 	}
@@ -175,6 +180,7 @@ func RemoveUser(name string) (*http.Response, error) {
 }

 func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to update groups for a user
 		PUT: {{baseUrl}}/user/groups?name=username
@@ -195,7 +201,7 @@ func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, err
 	requestDataBody := bytes.NewReader(requestDataJSON)
 	request, err := http.NewRequest(
 		"PUT",
-		"http://localhost:9090/api/v1/user/groups?name="+userName,
+		"http://localhost:9090/api/v1/user/"+userName+"/groups",
 		requestDataBody,
 	)
 	if err != nil {
@@ -207,7 +213,8 @@ func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, err
 	return response, err
 }

-func CreateServiceAccountForUser(userName string, policy string) (*http.Response, error) {
+func CreateServiceAccountForUser(userName, policy string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to Create Service Account for user
 		POST: api/v1/user/username/service-accounts
@@ -237,7 +244,8 @@ func CreateServiceAccountForUser(userName string, policy string) (*http.Response
 	return response, err
 }

-func CreateServiceAccountForUserWithCredentials(userName string, policy string, accessKey string, secretKey string) (*http.Response, error) {
+func CreateServiceAccountForUserWithCredentials(userName, policy, accessKey, secretKey string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	// Helper function to test "Create Service Account for User With Credentials" end point.
 	client := &http.Client{
 		Timeout: 3 * time.Second,
@@ -264,6 +272,7 @@ func CreateServiceAccountForUserWithCredentials(userName string, policy string,
 }

 func ReturnsAListOfServiceAccountsForAUser(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to return a list of service accounts for a user.
 		GET: {{baseUrl}}/user/:name/service-accounts
@@ -312,7 +321,7 @@ func AddGroup(group string, members []string) (*http.Response, error) {
 	return response, err
 }

-func UsersGroupsBulk(users []string, groups []string) (*http.Response, error) {
+func UsersGroupsBulk(users, groups []string) (*http.Response, error) {
 	/*
 		Helper function to test Bulk functionality to Add Users to Groups.
 		PUT: {{baseUrl}}/users-groups-bulk
@@ -363,8 +372,8 @@ func TestAddUser(t *testing.T) {
 	assert := assert.New(t)

 	// With no groups & no policies
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser("accessKey", "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -384,7 +393,6 @@ func TestAddUser(t *testing.T) {
 		fmt.Println("DELETE StatusCode:", response.StatusCode)
 		assert.Equal(204, response.StatusCode, "has to be 204 when delete user")
 	}
-
 }

 func TestListUsers(t *testing.T) {
@@ -398,8 +406,8 @@ func TestListUsers(t *testing.T) {
 	assert := assert.New(t)

 	// With no groups & no policies
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}

 	// 1. Create the users
 	numberOfUsers := 5
@@ -454,7 +462,6 @@ func TestListUsers(t *testing.T) {
 				response.StatusCode, "has to be 204 when delete user")
 		}
 	}
-
 }

 func TestGetUserInfo(t *testing.T) {
@@ -465,8 +472,8 @@ func TestGetUserInfo(t *testing.T) {
 	// 1. Create the user
 	fmt.Println("TestGetUserInfo(): 1. Create the user")
 	assert := assert.New(t)
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser("accessKey", "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -500,7 +507,6 @@ func TestGetUserInfo(t *testing.T) {
 	expected := "{\"accessKey\":\"accessKey\",\"memberOf\":null,\"policy\":[],\"status\":\"enabled\"}\n"
 	obtained := string(b)
 	assert.Equal(expected, obtained, "User Information is wrong")
-
 }

 func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
@@ -511,8 +517,8 @@ func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"updateuser", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -545,7 +551,6 @@ func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
 		log.Fatalln(err)
 	}
 	assert.True(strings.Contains(string(b), "disabled"))
-
 }

 func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
@@ -556,8 +561,8 @@ func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"updateusererror", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -590,7 +595,6 @@ func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
 		log.Fatalln(err)
 	}
 	assert.True(strings.Contains(string(b), "status not valid"))
-
 }

 func TestRemoveUserSuccessfulResponse(t *testing.T) {
@@ -601,8 +605,8 @@ func TestRemoveUserSuccessfulResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"testremoveuser1", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -644,7 +648,6 @@ func TestRemoveUserSuccessfulResponse(t *testing.T) {
 	fmt.Println(finalResponse)
 	assert.True(strings.Contains(
 		finalResponse, "The specified user does not exist"), finalResponse)
-
 }

 func TestUpdateGroupsForAUser(t *testing.T) {
@@ -657,8 +660,8 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 	groupName := "updategroupforausergroup"
 	userName := "updategroupsforauser1"
 	assert := assert.New(t)
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -670,7 +673,7 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 	}

 	// 2. Update the groups of the created user with newGroups
-	var newGroups = make([]string, 3)
+	newGroups := make([]string, 3)
 	for i := 0; i < numberOfGroups; i++ {
 		newGroups[i] = groupName + strconv.Itoa(i)
 	}
@@ -701,7 +704,6 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 		assert.True(strings.Contains(
 			finalResponse, groupName+strconv.Itoa(i)), finalResponse)
 	}
-
 }

 func TestCreateServiceAccountForUser(t *testing.T) {
@@ -716,8 +718,8 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 	serviceAccountLengthInBytes := 40 // As observed, update as needed

 	// 1. Create the user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -747,8 +749,10 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 	}

 	// 3. Verify the service account for the user
-	listOfAccountsResponse,
-		listOfAccountsError := ReturnsAListOfServiceAccountsForAUser(userName)
+	listOfAccountsResponse, listOfAccountsError := ReturnsAListOfServiceAccountsForAUser(userName)
+
+	fmt.Println(listOfAccountsResponse, listOfAccountsError)
+
 	if listOfAccountsError != nil {
 		log.Println(listOfAccountsError)
 		assert.Fail("Error in listOfAccountsError")
@@ -761,8 +765,8 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 			finalResponse,
 		)
 	}
-	assert.Equal(len(finalResponse), serviceAccountLengthInBytes, finalResponse)

+	assert.Equal(len(finalResponse), serviceAccountLengthInBytes, finalResponse)
 }

 func TestUsersGroupsBulk(t *testing.T) {
@@ -774,11 +778,11 @@ func TestUsersGroupsBulk(t *testing.T) {
 	assert := assert.New(t)
 	numberOfUsers := 5
 	numberOfGroups := 1
-	//var groups = []string{}
-	var policies = []string{}
+	// var groups = []string{}
+	policies := []string{}
 	username := "testusersgroupbulk"
 	groupName := "testusersgroupsbulkgroupone"
-	var members = []string{}
+	members := []string{}
 	users := make([]string, numberOfUsers)
 	groups := make([]string, numberOfGroups)

@@ -850,7 +854,69 @@ func TestUsersGroupsBulk(t *testing.T) {
 			assert.Equal(200, responseGetUserInfo.StatusCode, finalResponse)
 		}
 		// Make sure the user belongs to the created group
-		assert.True(strings.Contains(string(finalResponse), groupName))
+		assert.True(strings.Contains(finalResponse, groupName))
+	}
+}
+
+func Test_GetUserPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	// 1. Create an active user with valid policy
+	groups := []string{}
+	policies := []string{"readwrite"}
+	addUserResponse, addUserError := AddUser(
+		"getpolicyuser", "secretKey", groups, policies)
+	if addUserError != nil {
+		log.Println(addUserError)
+		return
+	}
+	if addUserResponse != nil {
+		fmt.Println("StatusCode:", addUserResponse.StatusCode)
+		assert.Equal(
+			201, addUserResponse.StatusCode, "Status Code is incorrect")
 	}

+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get User Policies",
+			args: args{
+				api: "/user/policy",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
 }
--- a/integration/version_test.go
+++ b/integration/version_test.go
@@ -68,8 +68,6 @@ func Test_VersionAPI(t *testing.T) {
 			if response != nil {
 				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
 			}
-
 		})
 	}
-
 }
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: 'minio/console:v0.15.9'
+          image: 'minio/console:v0.17.2'
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_OPERATOR_MODE
--- a/k8s/operator-console/standalone/console-deployment.yaml
+++ b/k8s/operator-console/standalone/console-deployment.yaml
@@ -32,7 +32,7 @@ spec:
    spec:
      containers:
        - name: console
-          image: 'minio/console:v0.15.9'
+          image: 'minio/console:v0.17.2'
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_MINIO_SERVER
--- a/models/condition.go
+++ b/models/condition.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Condition condition
+//
+// swagger:model condition
+type Condition struct {
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// type
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this condition
+func (m *Condition) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this condition based on context it is used
+func (m *Condition) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Condition) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Condition) UnmarshalBinary(b []byte) error {
+	var res Condition
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/config_map.go
+++ b/models/config_map.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ConfigMap config map
+//
+// swagger:model configMap
+type ConfigMap struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// optional
+	Optional bool `json:"optional,omitempty"`
+}
+
+// Validate validates this config map
+func (m *ConfigMap) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this config map based on context it is used
+func (m *ConfigMap) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ConfigMap) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ConfigMap) UnmarshalBinary(b []byte) error {
+	var res ConfigMap
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/container.go
+++ b/models/container.go
@@ -0,0 +1,309 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Container container
+//
+// swagger:model container
+type Container struct {
+
+	// args
+	Args []string `json:"args"`
+
+	// container ID
+	ContainerID string `json:"containerID,omitempty"`
+
+	// environment variables
+	EnvironmentVariables []*EnvironmentVariable `json:"environmentVariables"`
+
+	// host ports
+	HostPorts []string `json:"hostPorts"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// image ID
+	ImageID string `json:"imageID,omitempty"`
+
+	// last state
+	LastState *State `json:"lastState,omitempty"`
+
+	// mounts
+	Mounts []*Mount `json:"mounts"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// ports
+	Ports []string `json:"ports"`
+
+	// ready
+	Ready bool `json:"ready,omitempty"`
+
+	// restart count
+	RestartCount int64 `json:"restartCount,omitempty"`
+
+	// state
+	State *State `json:"state,omitempty"`
+}
+
+// Validate validates this container
+func (m *Container) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEnvironmentVariables(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLastState(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMounts(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateState(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Container) validateEnvironmentVariables(formats strfmt.Registry) error {
+	if swag.IsZero(m.EnvironmentVariables) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.EnvironmentVariables); i++ {
+		if swag.IsZero(m.EnvironmentVariables[i]) { // not required
+			continue
+		}
+
+		if m.EnvironmentVariables[i] != nil {
+			if err := m.EnvironmentVariables[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) validateLastState(formats strfmt.Registry) error {
+	if swag.IsZero(m.LastState) { // not required
+		return nil
+	}
+
+	if m.LastState != nil {
+		if err := m.LastState.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("lastState")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("lastState")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Container) validateMounts(formats strfmt.Registry) error {
+	if swag.IsZero(m.Mounts) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Mounts); i++ {
+		if swag.IsZero(m.Mounts[i]) { // not required
+			continue
+		}
+
+		if m.Mounts[i] != nil {
+			if err := m.Mounts[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("mounts" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("mounts" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) validateState(formats strfmt.Registry) error {
+	if swag.IsZero(m.State) { // not required
+		return nil
+	}
+
+	if m.State != nil {
+		if err := m.State.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("state")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("state")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this container based on the context it is used
+func (m *Container) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateEnvironmentVariables(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLastState(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateMounts(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateState(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Container) contextValidateEnvironmentVariables(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.EnvironmentVariables); i++ {
+
+		if m.EnvironmentVariables[i] != nil {
+			if err := m.EnvironmentVariables[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateLastState(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.LastState != nil {
+		if err := m.LastState.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("lastState")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("lastState")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateMounts(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Mounts); i++ {
+
+		if m.Mounts[i] != nil {
+			if err := m.Mounts[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("mounts" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("mounts" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateState(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.State != nil {
+		if err := m.State.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("state")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("state")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Container) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Container) UnmarshalBinary(b []byte) error {
+	var res Container
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/create_tenant_request.go
+++ b/models/create_tenant_request.go
@@ -43,6 +43,9 @@ type CreateTenantRequest struct {
 	// annotations
 	Annotations map[string]string `json:"annotations,omitempty"`

+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// enable console
 	EnableConsole *bool `json:"enable_console,omitempty"`

@@ -112,6 +115,10 @@ type CreateTenantRequest struct {
 func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateEncryption(formats); err != nil {
 		res = append(res, err)
 	}
@@ -154,6 +161,25 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *CreateTenantRequest) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
 	if swag.IsZero(m.Encryption) { // not required
 		return nil
@@ -321,6 +347,10 @@ func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
 func (m *CreateTenantRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error

+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateEncryption(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -355,6 +385,22 @@ func (m *CreateTenantRequest) ContextValidate(ctx context.Context, formats strfm
 	return nil
 }

+func (m *CreateTenantRequest) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) contextValidateEncryption(ctx context.Context, formats strfmt.Registry) error {

 	if m.Encryption != nil {
--- a/models/csr_element.go
+++ b/models/csr_element.go
@@ -0,0 +1,154 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CsrElement csr element
+//
+// swagger:model csrElement
+type CsrElement struct {
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// deletion grace period seconds
+	DeletionGracePeriodSeconds int64 `json:"deletion_grace_period_seconds,omitempty"`
+
+	// generate name
+	GenerateName string `json:"generate_name,omitempty"`
+
+	// generation
+	Generation int64 `json:"generation,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// resource version
+	ResourceVersion string `json:"resource_version,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+}
+
+// Validate validates this csr element
+func (m *CsrElement) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElement) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this csr element based on the context it is used
+func (m *CsrElement) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElement) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsrElement) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsrElement) UnmarshalBinary(b []byte) error {
+	var res CsrElement
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/describe_p_v_c_wrapper.go
+++ b/models/describe_p_v_c_wrapper.go
@@ -0,0 +1,217 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DescribePVCWrapper describe p v c wrapper
+//
+// swagger:model describePVCWrapper
+type DescribePVCWrapper struct {
+
+	// access modes
+	AccessModes []string `json:"accessModes"`
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// capacity
+	Capacity string `json:"capacity,omitempty"`
+
+	// finalizers
+	Finalizers []string `json:"finalizers"`
+
+	// labels
+	Labels []*Label `json:"labels"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// volume
+	Volume string `json:"volume,omitempty"`
+
+	// volume mode
+	VolumeMode string `json:"volumeMode,omitempty"`
+}
+
+// Validate validates this describe p v c wrapper
+func (m *DescribePVCWrapper) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLabels(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePVCWrapper) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePVCWrapper) validateLabels(formats strfmt.Registry) error {
+	if swag.IsZero(m.Labels) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Labels); i++ {
+		if swag.IsZero(m.Labels[i]) { // not required
+			continue
+		}
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this describe p v c wrapper based on the context it is used
+func (m *DescribePVCWrapper) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLabels(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePVCWrapper) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePVCWrapper) contextValidateLabels(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Labels); i++ {
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DescribePVCWrapper) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DescribePVCWrapper) UnmarshalBinary(b []byte) error {
+	var res DescribePVCWrapper
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/describe_pod_wrapper.go
+++ b/models/describe_pod_wrapper.go
@@ -0,0 +1,517 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DescribePodWrapper describe pod wrapper
+//
+// swagger:model describePodWrapper
+type DescribePodWrapper struct {
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// conditions
+	Conditions []*Condition `json:"conditions"`
+
+	// containers
+	Containers []*Container `json:"containers"`
+
+	// controller ref
+	ControllerRef string `json:"controllerRef,omitempty"`
+
+	// deletion grace period seconds
+	DeletionGracePeriodSeconds int64 `json:"deletionGracePeriodSeconds,omitempty"`
+
+	// deletion timestamp
+	DeletionTimestamp string `json:"deletionTimestamp,omitempty"`
+
+	// labels
+	Labels []*Label `json:"labels"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// node name
+	NodeName string `json:"nodeName,omitempty"`
+
+	// node selector
+	NodeSelector []*NodeSelector `json:"nodeSelector"`
+
+	// phase
+	Phase string `json:"phase,omitempty"`
+
+	// pod IP
+	PodIP string `json:"podIP,omitempty"`
+
+	// priority
+	Priority int64 `json:"priority,omitempty"`
+
+	// priority class name
+	PriorityClassName string `json:"priorityClassName,omitempty"`
+
+	// qos class
+	QosClass string `json:"qosClass,omitempty"`
+
+	// reason
+	Reason string `json:"reason,omitempty"`
+
+	// start time
+	StartTime string `json:"startTime,omitempty"`
+
+	// tolerations
+	Tolerations []*Toleration `json:"tolerations"`
+
+	// volumes
+	Volumes []*Volume `json:"volumes"`
+}
+
+// Validate validates this describe pod wrapper
+func (m *DescribePodWrapper) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateConditions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateContainers(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLabels(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNodeSelector(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTolerations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVolumes(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePodWrapper) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateConditions(formats strfmt.Registry) error {
+	if swag.IsZero(m.Conditions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Conditions); i++ {
+		if swag.IsZero(m.Conditions[i]) { // not required
+			continue
+		}
+
+		if m.Conditions[i] != nil {
+			if err := m.Conditions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("conditions" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("conditions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateContainers(formats strfmt.Registry) error {
+	if swag.IsZero(m.Containers) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Containers); i++ {
+		if swag.IsZero(m.Containers[i]) { // not required
+			continue
+		}
+
+		if m.Containers[i] != nil {
+			if err := m.Containers[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("containers" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("containers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateLabels(formats strfmt.Registry) error {
+	if swag.IsZero(m.Labels) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Labels); i++ {
+		if swag.IsZero(m.Labels[i]) { // not required
+			continue
+		}
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateNodeSelector(formats strfmt.Registry) error {
+	if swag.IsZero(m.NodeSelector) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.NodeSelector); i++ {
+		if swag.IsZero(m.NodeSelector[i]) { // not required
+			continue
+		}
+
+		if m.NodeSelector[i] != nil {
+			if err := m.NodeSelector[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateTolerations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Tolerations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Tolerations); i++ {
+		if swag.IsZero(m.Tolerations[i]) { // not required
+			continue
+		}
+
+		if m.Tolerations[i] != nil {
+			if err := m.Tolerations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateVolumes(formats strfmt.Registry) error {
+	if swag.IsZero(m.Volumes) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Volumes); i++ {
+		if swag.IsZero(m.Volumes[i]) { // not required
+			continue
+		}
+
+		if m.Volumes[i] != nil {
+			if err := m.Volumes[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("volumes" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("volumes" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this describe pod wrapper based on the context it is used
+func (m *DescribePodWrapper) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateConditions(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateContainers(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLabels(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateNodeSelector(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateTolerations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateVolumes(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateConditions(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Conditions); i++ {
+
+		if m.Conditions[i] != nil {
+			if err := m.Conditions[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("conditions" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("conditions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateContainers(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Containers); i++ {
+
+		if m.Containers[i] != nil {
+			if err := m.Containers[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("containers" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("containers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateLabels(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Labels); i++ {
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateNodeSelector(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.NodeSelector); i++ {
+
+		if m.NodeSelector[i] != nil {
+			if err := m.NodeSelector[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateTolerations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Tolerations); i++ {
+
+		if m.Tolerations[i] != nil {
+			if err := m.Tolerations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateVolumes(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Volumes); i++ {
+
+		if m.Volumes[i] != nil {
+			if err := m.Volumes[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("volumes" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("volumes" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DescribePodWrapper) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DescribePodWrapper) UnmarshalBinary(b []byte) error {
+	var res DescribePodWrapper
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/domains_configuration.go
+++ b/models/domains_configuration.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DomainsConfiguration domains configuration
+//
+// swagger:model domainsConfiguration
+type DomainsConfiguration struct {
+
+	// console
+	Console string `json:"console,omitempty"`
+
+	// minio
+	Minio []string `json:"minio"`
+}
+
+// Validate validates this domains configuration
+func (m *DomainsConfiguration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this domains configuration based on context it is used
+func (m *DomainsConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DomainsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DomainsConfiguration) UnmarshalBinary(b []byte) error {
+	var res DomainsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/environment_variable.go
+++ b/models/environment_variable.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EnvironmentVariable environment variable
+//
+// swagger:model environmentVariable
+type EnvironmentVariable struct {
+
+	// key
+	Key string `json:"key,omitempty"`
+
+	// value
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this environment variable
+func (m *EnvironmentVariable) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this environment variable based on context it is used
+func (m *EnvironmentVariable) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *EnvironmentVariable) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *EnvironmentVariable) UnmarshalBinary(b []byte) error {
+	var res EnvironmentVariable
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/idp_configuration.go
+++ b/models/idp_configuration.go
@@ -237,7 +237,8 @@ type IdpConfigurationActiveDirectory struct {
 	GroupSearchFilter string `json:"group_search_filter,omitempty"`

 	// lookup bind dn
-	LookupBindDn string `json:"lookup_bind_dn,omitempty"`
+	// Required: true
+	LookupBindDn *string `json:"lookup_bind_dn"`

 	// lookup bind password
 	LookupBindPassword string `json:"lookup_bind_password,omitempty"`
@@ -269,6 +270,10 @@ type IdpConfigurationActiveDirectory struct {
 func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateLookupBindDn(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateURL(formats); err != nil {
 		res = append(res, err)
 	}
@@ -279,6 +284,15 @@ func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) erro
 	return nil
 }

+func (m *IdpConfigurationActiveDirectory) validateLookupBindDn(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"lookup_bind_dn", "body", m.LookupBindDn); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {

 	if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
--- a/models/login_details.go
+++ b/models/login_details.go
@@ -38,7 +38,7 @@ import (
 type LoginDetails struct {

 	// login strategy
-	// Enum: [form redirect service-account]
+	// Enum: [form redirect service-account redirect-service-account]
 	LoginStrategy string `json:"loginStrategy,omitempty"`

 	// redirect
@@ -63,7 +63,7 @@ var loginDetailsTypeLoginStrategyPropEnum []interface{}

 func init() {
 	var res []string
-	if err := json.Unmarshal([]byte(`["form","redirect","service-account"]`), &res); err != nil {
+	if err := json.Unmarshal([]byte(`["form","redirect","service-account","redirect-service-account"]`), &res); err != nil {
 		panic(err)
 	}
 	for _, v := range res {
@@ -81,6 +81,9 @@ const (

 	// LoginDetailsLoginStrategyServiceDashAccount captures enum value "service-account"
 	LoginDetailsLoginStrategyServiceDashAccount string = "service-account"
+
+	// LoginDetailsLoginStrategyRedirectDashServiceDashAccount captures enum value "redirect-service-account"
+	LoginDetailsLoginStrategyRedirectDashServiceDashAccount string = "redirect-service-account"
 )

 // prop value enum
--- a/models/mount.go
+++ b/models/mount.go
@@ -0,0 +1,76 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Mount mount
+//
+// swagger:model mount
+type Mount struct {
+
+	// mount path
+	MountPath string `json:"mountPath,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// read only
+	ReadOnly bool `json:"readOnly,omitempty"`
+
+	// sub path
+	SubPath string `json:"subPath,omitempty"`
+}
+
+// Validate validates this mount
+func (m *Mount) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this mount based on context it is used
+func (m *Mount) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Mount) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Mount) UnmarshalBinary(b []byte) error {
+	var res Mount
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/permission_resource.go
+++ b/models/permission_resource.go
@@ -0,0 +1,73 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PermissionResource permission resource
+//
+// swagger:model permissionResource
+type PermissionResource struct {
+
+	// condition operator
+	ConditionOperator string `json:"conditionOperator,omitempty"`
+
+	// prefixes
+	Prefixes []string `json:"prefixes"`
+
+	// resource
+	Resource string `json:"resource,omitempty"`
+}
+
+// Validate validates this permission resource
+func (m *PermissionResource) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this permission resource based on context it is used
+func (m *PermissionResource) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PermissionResource) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PermissionResource) UnmarshalBinary(b []byte) error {
+	var res PermissionResource
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/projected_volume.go
+++ b/models/projected_volume.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ProjectedVolume projected volume
+//
+// swagger:model projectedVolume
+type ProjectedVolume struct {
+
+	// sources
+	Sources []*ProjectedVolumeSource `json:"sources"`
+}
+
+// Validate validates this projected volume
+func (m *ProjectedVolume) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSources(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolume) validateSources(formats strfmt.Registry) error {
+	if swag.IsZero(m.Sources) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Sources); i++ {
+		if swag.IsZero(m.Sources[i]) { // not required
+			continue
+		}
+
+		if m.Sources[i] != nil {
+			if err := m.Sources[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("sources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("sources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this projected volume based on the context it is used
+func (m *ProjectedVolume) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateSources(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolume) contextValidateSources(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Sources); i++ {
+
+		if m.Sources[i] != nil {
+			if err := m.Sources[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("sources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("sources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ProjectedVolume) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ProjectedVolume) UnmarshalBinary(b []byte) error {
+	var res ProjectedVolume
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/projected_volume_source.go
+++ b/models/projected_volume_source.go
@@ -0,0 +1,216 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ProjectedVolumeSource projected volume source
+//
+// swagger:model projectedVolumeSource
+type ProjectedVolumeSource struct {
+
+	// config map
+	ConfigMap *ConfigMap `json:"configMap,omitempty"`
+
+	// downward Api
+	DownwardAPI bool `json:"downwardApi,omitempty"`
+
+	// secret
+	Secret *Secret `json:"secret,omitempty"`
+
+	// service account token
+	ServiceAccountToken *ServiceAccountToken `json:"serviceAccountToken,omitempty"`
+}
+
+// Validate validates this projected volume source
+func (m *ProjectedVolumeSource) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConfigMap(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServiceAccountToken(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateConfigMap(formats strfmt.Registry) error {
+	if swag.IsZero(m.ConfigMap) { // not required
+		return nil
+	}
+
+	if m.ConfigMap != nil {
+		if err := m.ConfigMap.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configMap")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configMap")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateSecret(formats strfmt.Registry) error {
+	if swag.IsZero(m.Secret) { // not required
+		return nil
+	}
+
+	if m.Secret != nil {
+		if err := m.Secret.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secret")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("secret")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateServiceAccountToken(formats strfmt.Registry) error {
+	if swag.IsZero(m.ServiceAccountToken) { // not required
+		return nil
+	}
+
+	if m.ServiceAccountToken != nil {
+		if err := m.ServiceAccountToken.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("serviceAccountToken")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("serviceAccountToken")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this projected volume source based on the context it is used
+func (m *ProjectedVolumeSource) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateConfigMap(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateSecret(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateServiceAccountToken(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateConfigMap(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ConfigMap != nil {
+		if err := m.ConfigMap.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configMap")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configMap")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateSecret(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Secret != nil {
+		if err := m.Secret.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secret")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("secret")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateServiceAccountToken(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ServiceAccountToken != nil {
+		if err := m.ServiceAccountToken.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("serviceAccountToken")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("serviceAccountToken")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ProjectedVolumeSource) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ProjectedVolumeSource) UnmarshalBinary(b []byte) error {
+	var res ProjectedVolumeSource
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/pvc.go
+++ b/models/pvc.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Pvc pvc
+//
+// swagger:model pvc
+type Pvc struct {
+
+	// claim name
+	ClaimName string `json:"claimName,omitempty"`
+
+	// read only
+	ReadOnly bool `json:"readOnly,omitempty"`
+}
+
+// Validate validates this pvc
+func (m *Pvc) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this pvc based on context it is used
+func (m *Pvc) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Pvc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Pvc) UnmarshalBinary(b []byte) error {
+	var res Pvc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/secret.go
+++ b/models/secret.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Secret secret
+//
+// swagger:model secret
+type Secret struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// optional
+	Optional bool `json:"optional,omitempty"`
+}
+
+// Validate validates this secret
+func (m *Secret) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this secret based on context it is used
+func (m *Secret) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Secret) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Secret) UnmarshalBinary(b []byte) error {
+	var res Secret
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/service_account_token.go
+++ b/models/service_account_token.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ServiceAccountToken service account token
+//
+// swagger:model serviceAccountToken
+type ServiceAccountToken struct {
+
+	// expiration seconds
+	ExpirationSeconds int64 `json:"expirationSeconds,omitempty"`
+}
+
+// Validate validates this service account token
+func (m *ServiceAccountToken) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this service account token based on context it is used
+func (m *ServiceAccountToken) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ServiceAccountToken) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ServiceAccountToken) UnmarshalBinary(b []byte) error {
+	var res ServiceAccountToken
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/session_response.go
+++ b/models/session_response.go
@@ -25,6 +25,7 @@ package models
 import (
 	"context"
 	"encoding/json"
+	"strconv"

 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
@@ -37,6 +38,9 @@ import (
 // swagger:model sessionResponse
 type SessionResponse struct {

+	// allow resources
+	AllowResources []*PermissionResource `json:"allowResources"`
+
 	// distributed mode
 	DistributedMode bool `json:"distributedMode,omitempty"`

@@ -58,6 +62,10 @@ type SessionResponse struct {
 func (m *SessionResponse) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateAllowResources(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateStatus(formats); err != nil {
 		res = append(res, err)
 	}
@@ -68,6 +76,32 @@ func (m *SessionResponse) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *SessionResponse) validateAllowResources(formats strfmt.Registry) error {
+	if swag.IsZero(m.AllowResources) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.AllowResources); i++ {
+		if swag.IsZero(m.AllowResources[i]) { // not required
+			continue
+		}
+
+		if m.AllowResources[i] != nil {
+			if err := m.AllowResources[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
 var sessionResponseTypeStatusPropEnum []interface{}

 func init() {
@@ -107,8 +141,37 @@ func (m *SessionResponse) validateStatus(formats strfmt.Registry) error {
 	return nil
 }

-// ContextValidate validates this session response based on context it is used
+// ContextValidate validate this session response based on the context it is used
 func (m *SessionResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAllowResources(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SessionResponse) contextValidateAllowResources(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.AllowResources); i++ {
+
+		if m.AllowResources[i] != nil {
+			if err := m.AllowResources[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
 	return nil
 }

--- a/models/site_replication_status_response.go
+++ b/models/site_replication_status_response.go
@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// SiteReplicationStatusResponse site replication status response
+//
+// swagger:model siteReplicationStatusResponse
+type SiteReplicationStatusResponse struct {
+
+	// bucket stats
+	BucketStats interface{} `json:"bucketStats,omitempty"`
+
+	// enabled
+	Enabled bool `json:"enabled,omitempty"`
+
+	// group stats
+	GroupStats interface{} `json:"groupStats,omitempty"`
+
+	// max buckets
+	MaxBuckets int64 `json:"maxBuckets,omitempty"`
+
+	// max groups
+	MaxGroups int64 `json:"maxGroups,omitempty"`
+
+	// max policies
+	MaxPolicies int64 `json:"maxPolicies,omitempty"`
+
+	// max users
+	MaxUsers int64 `json:"maxUsers,omitempty"`
+
+	// policy stats
+	PolicyStats interface{} `json:"policyStats,omitempty"`
+
+	// sites
+	Sites interface{} `json:"sites,omitempty"`
+
+	// stats summary
+	StatsSummary interface{} `json:"statsSummary,omitempty"`
+
+	// user stats
+	UserStats interface{} `json:"userStats,omitempty"`
+}
+
+// Validate validates this site replication status response
+func (m *SiteReplicationStatusResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this site replication status response based on context it is used
+func (m *SiteReplicationStatusResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SiteReplicationStatusResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SiteReplicationStatusResponse) UnmarshalBinary(b []byte) error {
+	var res SiteReplicationStatusResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/state.go
+++ b/models/state.go
@@ -0,0 +1,85 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// State state
+//
+// swagger:model state
+type State struct {
+
+	// exit code
+	ExitCode int64 `json:"exitCode,omitempty"`
+
+	// finished
+	Finished string `json:"finished,omitempty"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// reason
+	Reason string `json:"reason,omitempty"`
+
+	// signal
+	Signal int64 `json:"signal,omitempty"`
+
+	// started
+	Started string `json:"started,omitempty"`
+
+	// state
+	State string `json:"state,omitempty"`
+}
+
+// Validate validates this state
+func (m *State) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this state based on context it is used
+func (m *State) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *State) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *State) UnmarshalBinary(b []byte) error {
+	var res State
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/tenant.go
+++ b/models/tenant.go
@@ -45,6 +45,9 @@ type Tenant struct {
 	// deletion date
 	DeletionDate string `json:"deletion_date,omitempty"`

+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// enable prometheus
 	EnablePrometheus bool `json:"enable_prometheus,omitempty"`

@@ -95,6 +98,10 @@ type Tenant struct {
 func (m *Tenant) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateEndpoints(formats); err != nil {
 		res = append(res, err)
 	}
@@ -117,6 +124,25 @@ func (m *Tenant) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *Tenant) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tenant) validateEndpoints(formats strfmt.Registry) error {
 	if swag.IsZero(m.Endpoints) { // not required
 		return nil
@@ -204,6 +230,10 @@ func (m *Tenant) validateSubnetLicense(formats strfmt.Registry) error {
 func (m *Tenant) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error

+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateEndpoints(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -226,6 +256,22 @@ func (m *Tenant) ContextValidate(ctx context.Context, formats strfmt.Registry) e
 	return nil
 }

+func (m *Tenant) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Tenant) contextValidateEndpoints(ctx context.Context, formats strfmt.Registry) error {

 	if m.Endpoints != nil {
--- a/models/tenant_list.go
+++ b/models/tenant_list.go
@@ -57,6 +57,9 @@ type TenantList struct {
 	// deletion date
 	DeletionDate string `json:"deletion_date,omitempty"`

+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+
 	// health status
 	HealthStatus string `json:"health_status,omitempty"`

@@ -86,6 +89,10 @@ type TenantList struct {
 func (m *TenantList) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateTiers(formats); err != nil {
 		res = append(res, err)
 	}
@@ -96,6 +103,25 @@ func (m *TenantList) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *TenantList) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *TenantList) validateTiers(formats strfmt.Registry) error {
 	if swag.IsZero(m.Tiers) { // not required
 		return nil
@@ -126,6 +152,10 @@ func (m *TenantList) validateTiers(formats strfmt.Registry) error {
 func (m *TenantList) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error

+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateTiers(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -136,6 +166,22 @@ func (m *TenantList) ContextValidate(ctx context.Context, formats strfmt.Registr
 	return nil
 }

+func (m *TenantList) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *TenantList) contextValidateTiers(ctx context.Context, formats strfmt.Registry) error {

 	for i := 0; i < len(m.Tiers); i++ {
--- a/models/tier_azure.go
+++ b/models/tier_azure.go
@@ -49,11 +49,20 @@ type TierAzure struct {
 	// name
 	Name string `json:"name,omitempty"`

+	// objects
+	Objects string `json:"objects,omitempty"`
+
 	// prefix
 	Prefix string `json:"prefix,omitempty"`

 	// region
 	Region string `json:"region,omitempty"`
+
+	// usage
+	Usage string `json:"usage,omitempty"`
+
+	// versions
+	Versions string `json:"versions,omitempty"`
 }

 // Validate validates this tier azure
--- a/models/tier_gcs.go
+++ b/models/tier_gcs.go
@@ -46,11 +46,20 @@ type TierGcs struct {
 	// name
 	Name string `json:"name,omitempty"`

+	// objects
+	Objects string `json:"objects,omitempty"`
+
 	// prefix
 	Prefix string `json:"prefix,omitempty"`

 	// region
 	Region string `json:"region,omitempty"`
+
+	// usage
+	Usage string `json:"usage,omitempty"`
+
+	// versions
+	Versions string `json:"versions,omitempty"`
 }

 // Validate validates this tier gcs
--- a/models/tier_s3.go
+++ b/models/tier_s3.go
@@ -46,6 +46,9 @@ type TierS3 struct {
 	// name
 	Name string `json:"name,omitempty"`

+	// objects
+	Objects string `json:"objects,omitempty"`
+
 	// prefix
 	Prefix string `json:"prefix,omitempty"`

@@ -57,6 +60,12 @@ type TierS3 struct {

 	// storageclass
 	Storageclass string `json:"storageclass,omitempty"`
+
+	// usage
+	Usage string `json:"usage,omitempty"`
+
+	// versions
+	Versions string `json:"versions,omitempty"`
 }

 // Validate validates this tier s3
--- a/models/toleration.go
+++ b/models/toleration.go
@@ -0,0 +1,79 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Toleration toleration
+//
+// swagger:model toleration
+type Toleration struct {
+
+	// effect
+	Effect string `json:"effect,omitempty"`
+
+	// key
+	Key string `json:"key,omitempty"`
+
+	// operator
+	Operator string `json:"operator,omitempty"`
+
+	// toleration seconds
+	TolerationSeconds int64 `json:"tolerationSeconds,omitempty"`
+
+	// value
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this toleration
+func (m *Toleration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this toleration based on context it is used
+func (m *Toleration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Toleration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Toleration) UnmarshalBinary(b []byte) error {
+	var res Toleration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/update_domains_request.go
+++ b/models/update_domains_request.go
@@ -0,0 +1,121 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UpdateDomainsRequest update domains request
+//
+// swagger:model updateDomainsRequest
+type UpdateDomainsRequest struct {
+
+	// domains
+	Domains *DomainsConfiguration `json:"domains,omitempty"`
+}
+
+// Validate validates this update domains request
+func (m *UpdateDomainsRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDomains(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UpdateDomainsRequest) validateDomains(formats strfmt.Registry) error {
+	if swag.IsZero(m.Domains) { // not required
+		return nil
+	}
+
+	if m.Domains != nil {
+		if err := m.Domains.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this update domains request based on the context it is used
+func (m *UpdateDomainsRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateDomains(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UpdateDomainsRequest) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Domains != nil {
+		if err := m.Domains.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("domains")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("domains")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UpdateDomainsRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UpdateDomainsRequest) UnmarshalBinary(b []byte) error {
+	var res UpdateDomainsRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/user_service_account_item.go
+++ b/models/user_service_account_item.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UserServiceAccountItem user service account item
+//
+// swagger:model userServiceAccountItem
+type UserServiceAccountItem struct {
+
+	// num s as
+	NumSAs int64 `json:"numSAs,omitempty"`
+
+	// user name
+	UserName string `json:"userName,omitempty"`
+}
+
+// Validate validates this user service account item
+func (m *UserServiceAccountItem) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this user service account item based on context it is used
+func (m *UserServiceAccountItem) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UserServiceAccountItem) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UserServiceAccountItem) UnmarshalBinary(b []byte) error {
+	var res UserServiceAccountItem
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/user_service_account_summary.go
+++ b/models/user_service_account_summary.go
@@ -0,0 +1,136 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UserServiceAccountSummary user service account summary
+//
+// swagger:model userServiceAccountSummary
+type UserServiceAccountSummary struct {
+
+	// has s a
+	HasSA bool `json:"hasSA,omitempty"`
+
+	// list of users with number of service accounts
+	UserServiceAccountList []*UserServiceAccountItem `json:"userServiceAccountList"`
+}
+
+// Validate validates this user service account summary
+func (m *UserServiceAccountSummary) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateUserServiceAccountList(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UserServiceAccountSummary) validateUserServiceAccountList(formats strfmt.Registry) error {
+	if swag.IsZero(m.UserServiceAccountList) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.UserServiceAccountList); i++ {
+		if swag.IsZero(m.UserServiceAccountList[i]) { // not required
+			continue
+		}
+
+		if m.UserServiceAccountList[i] != nil {
+			if err := m.UserServiceAccountList[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this user service account summary based on the context it is used
+func (m *UserServiceAccountSummary) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateUserServiceAccountList(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UserServiceAccountSummary) contextValidateUserServiceAccountList(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.UserServiceAccountList); i++ {
+
+		if m.UserServiceAccountList[i] != nil {
+			if err := m.UserServiceAccountList[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UserServiceAccountSummary) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UserServiceAccountSummary) UnmarshalBinary(b []byte) error {
+	var res UserServiceAccountSummary
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/volume.go
+++ b/models/volume.go
@@ -0,0 +1,170 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Volume volume
+//
+// swagger:model volume
+type Volume struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// projected
+	Projected *ProjectedVolume `json:"projected,omitempty"`
+
+	// pvc
+	Pvc *Pvc `json:"pvc,omitempty"`
+}
+
+// Validate validates this volume
+func (m *Volume) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateProjected(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePvc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Volume) validateProjected(formats strfmt.Registry) error {
+	if swag.IsZero(m.Projected) { // not required
+		return nil
+	}
+
+	if m.Projected != nil {
+		if err := m.Projected.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("projected")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("projected")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Volume) validatePvc(formats strfmt.Registry) error {
+	if swag.IsZero(m.Pvc) { // not required
+		return nil
+	}
+
+	if m.Pvc != nil {
+		if err := m.Pvc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("pvc")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("pvc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this volume based on the context it is used
+func (m *Volume) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateProjected(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidatePvc(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Volume) contextValidateProjected(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Projected != nil {
+		if err := m.Projected.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("projected")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("projected")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Volume) contextValidatePvc(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Pvc != nil {
+		if err := m.Pvc.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("pvc")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("pvc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Volume) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Volume) UnmarshalBinary(b []byte) error {
+	var res Volume
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/operator-integration/tenant_test.go
+++ b/operator-integration/tenant_test.go
@@ -34,8 +34,8 @@ import (

 	"github.com/go-openapi/loads"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi"
-	"github.com/minio/console/restapi/operations"
+	"github.com/minio/console/operatorapi"
+	"github.com/minio/console/operatorapi/operations"
 	"github.com/stretchr/testify/assert"
 )

@@ -87,11 +87,10 @@ func printEndFunc(functionName string) {
 	fmt.Println("")
 }

-func initConsoleServer() (*restapi.Server, error) {
+func initConsoleServer() (*operatorapi.Server, error) {
+	// os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")

-	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
-
-	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	swaggerSpec, err := loads.Embedded(operatorapi.SwaggerJSON, operatorapi.FlatSwaggerJSON)
 	if err != nil {
 		return nil, err
 	}
@@ -101,24 +100,22 @@ func initConsoleServer() (*restapi.Server, error) {
 	}

 	// Initialize MinIO loggers
-	restapi.LogInfo = noLog
-	restapi.LogError = noLog
+	operatorapi.LogInfo = noLog
+	operatorapi.LogError = noLog

-	api := operations.NewConsoleAPI(swaggerSpec)
+	api := operations.NewOperatorAPI(swaggerSpec)
 	api.Logger = noLog

-	server := restapi.NewServer(api)
+	server := operatorapi.NewServer(api)
 	// register all APIs
 	server.ConfigureAPI()

-	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
-
 	consolePort, _ := strconv.Atoi("9090")

 	server.Host = "0.0.0.0"
 	server.Port = consolePort
-	restapi.Port = "9090"
-	restapi.Hostname = "0.0.0.0"
+	operatorapi.Port = "9090"
+	operatorapi.Hostname = "0.0.0.0"

 	return server, nil
 }
@@ -129,51 +126,40 @@ func TestMain(m *testing.M) {
 	go func() {
 		fmt.Println("start server")
 		srv, err := initConsoleServer()
+		fmt.Println("Server has been started at this point")
 		if err != nil {
+			fmt.Println("There is an error in console server: ", err)
 			log.Println(err)
 			log.Println("init fail")
 			return
 		}
+		fmt.Println("Start serving with Serve() function")
 		srv.Serve()
-
+		fmt.Println("After Serve() function")
 	}()

 	fmt.Println("sleeping")
 	time.Sleep(2 * time.Second)
+	fmt.Println("after 2 seconds sleep")

+	fmt.Println("creating the client")
 	client := &http.Client{
 		Timeout: 2 * time.Second,
 	}

-	// kubectl to get token
-	app := "kubectl"
-	arg0 := "get"
-	arg1 := "serviceaccount"
-	arg2 := "console-sa"
-	arg3 := "--namespace"
-	arg4 := "minio-operator"
-	arg5 := "-o"
-	arg6 := "jsonpath=\"{.secrets[0].name}\""
-	cmd := exec.Command(app, arg0, arg1, arg2, arg3, arg4, arg5, arg6)
-	var out bytes.Buffer
-	var stderr bytes.Buffer
-	cmd.Stdout = &out
-	cmd.Stderr = &stderr
-	err := cmd.Run()
-	if err != nil {
-		fmt.Println(fmt.Sprint(err) + ": " + stderr.String())
-		return
-	}
-	secret := out.String() // "console-sa-token-kxdw2" <-- secret
+	// SA_TOKEN=$(kubectl -n minio-operator  get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
+	fmt.Println("Where we have the secret already: ")
 	app2 := "kubectl"
 	argu0 := "--namespace"
 	argu1 := "minio-operator"
 	argu2 := "get"
 	argu3 := "secret"
-	argu4 := secret[1 : len(secret)-1]
+	argu4 := "console-sa-secret"
 	argu5 := "-o"
 	argu6 := "jsonpath=\"{.data.token}\""
+	fmt.Println("Prior executing second command to get the token")
 	cmd2 := exec.Command(app2, argu0, argu1, argu2, argu3, argu4, argu5, argu6)
+	fmt.Println("after executing second command to get the token")
 	var out2 bytes.Buffer
 	var stderr2 bytes.Buffer
 	cmd2.Stdout = &out2
@@ -185,9 +171,14 @@ func TestMain(m *testing.M) {
 	}
 	secret2 := out2.String()
 	secret3 := decodeBase64(secret2[1 : len(secret2)-1])
+	if secret3 == "" {
+		fmt.Println("jwt cannot be empty string")
+		os.Exit(-1)
+	}
 	requestData := map[string]string{
 		"jwt": secret3,
 	}
+	fmt.Println("requestData: ", requestData)

 	requestDataJSON, _ := json.Marshal(requestData)

@@ -202,7 +193,6 @@ func TestMain(m *testing.M) {
 	request.Header.Add("Content-Type", "application/json")

 	response, err := client.Do(request)
-
 	if err != nil {
 		log.Println(err)
 		return
@@ -529,3 +519,123 @@ func TestListNodeLabels(t *testing.T) {
 		strings.Contains(finalResponse, "beta.kubernetes.io/arch"),
 		finalResponse)
 }
+
+func GetPodEvents(nameSpace string, tenant string, podName string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/events
+		HTTP Verb: GET
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/pods/"+podName+"/events", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetPodEvents(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	podName := "storage-lite-pool-0-0"
+	resp, err := GetPodEvents(namespace, tenant, podName)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, "Status Code is incorrect")
+	}
+}
+
+func GetPodDescribe(nameSpace string, tenant string, podName string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/events
+		HTTP Verb: GET
+	*/
+	fmt.Println(nameSpace)
+	fmt.Println(tenant)
+	fmt.Println(podName)
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/pods/"+podName+"/describe", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetPodDescribe(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	podName := "storage-lite-pool-0-0"
+	resp, err := GetPodDescribe(namespace, tenant, podName)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	finalResponse := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, finalResponse)
+	}
+	/*if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, "Status Code is incorrect")
+	}*/
+}
+
+func GetCSR(nameSpace string, tenant string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/csr
+		HTTP Verb: GET
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/csr/", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetCSR(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	resp, err := GetCSR(namespace, tenant)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	finalResponse := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, finalResponse)
+	}
+	assert.Equal(strings.Contains(finalResponse, "Automatically approved by MinIO Operator"), true)
+}
--- a/operatorapi/auth/operator.go
+++ b/operatorapi/auth/operator.go
@@ -18,15 +18,14 @@ package auth

 import (
 	"context"
-	"errors"
+
+	errors "github.com/minio/console/restapi"

 	"github.com/minio/console/cluster"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	operatorClientset "github.com/minio/operator/pkg/client/clientset/versioned"
 )

-var errInvalidCredentials = errors.New("invalid Login")
-
 // operatorCredentialsProvider is an struct to hold the JWT (service account token)
 type operatorCredentialsProvider struct {
 	serviceAccountJWT string
@@ -76,7 +75,8 @@ func checkServiceAccountTokenValid(ctx context.Context, operatorClient OperatorC

 // GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login
 func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
-	ctx := context.Background()
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
 	opClientClientSet, err := cluster.OperatorClient(jwt)
 	if err != nil {
 		return nil, err
@@ -85,7 +85,7 @@ func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, err
 		client: opClientClientSet,
 	}
 	if err = checkServiceAccountTokenValid(ctx, opClient); err != nil {
-		return nil, errInvalidCredentials
+		return nil, errors.ErrInvalidLogin
 	}
 	return credentials.New(operatorCredentialsProvider{serviceAccountJWT: jwt}), nil
 }
--- a/operatorapi/config_test.go
+++ b/operatorapi/config_test.go
@@ -0,0 +1,98 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package operatorapi
+
+import (
+	"os"
+	"testing"
+)
+
+func Test_getK8sSAToken(t *testing.T) {
+	tests := []struct {
+		name string
+		want string
+		envs map[string]string
+	}{
+		{
+			name: "Missing file, empty",
+			want: "",
+			envs: nil,
+		},
+		{
+			name: "Missing file, return env",
+			want: "x",
+			envs: map[string]string{
+				ConsoleOperatorSAToken: "x",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.envs != nil {
+				for k, v := range tt.envs {
+					os.Setenv(k, v)
+				}
+			}
+			if got := getK8sSAToken(); got != tt.want {
+				t.Errorf("getK8sSAToken() = %v, want %v", got, tt.want)
+			}
+			if tt.envs != nil {
+				for k := range tt.envs {
+					os.Unsetenv(k)
+				}
+			}
+		})
+	}
+}
+
+func Test_getMarketplace(t *testing.T) {
+	tests := []struct {
+		name string
+		want string
+		envs map[string]string
+	}{
+		{
+			name: "Nothing set",
+			want: "",
+			envs: nil,
+		},
+		{
+			name: "Value set",
+			want: "x",
+			envs: map[string]string{
+				ConsoleMarketplace: "x",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.envs != nil {
+				for k, v := range tt.envs {
+					os.Setenv(k, v)
+				}
+			}
+			if got := getMarketplace(); got != tt.want {
+				t.Errorf("getMarketplace() = %v, want %v", got, tt.want)
+			}
+			if tt.envs != nil {
+				for k := range tt.envs {
+					os.Unsetenv(k)
+				}
+			}
+		})
+	}
+}
--- a/operatorapi/configure_operator.go
+++ b/operatorapi/configure_operator.go
@@ -23,7 +23,6 @@ import (
 	"strings"

 	"github.com/klauspost/compress/gzhttp"
-
 	"github.com/minio/console/restapi"
 	"github.com/unrolled/secure"

@@ -53,12 +52,11 @@ func configureFlags(api *operations.OperatorAPI) {
 }

 func configureAPI(api *operations.OperatorAPI) http.Handler {
-
 	// Applies when the "x-token" header is set
 	api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
 		// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
 		// was generated and signed by us in the first place
-		claims, err := auth.SessionTokenAuthenticate(token)
+		claims, err := auth.ParseClaimsFromToken(token)
 		if err != nil {
 			api.Logger("Unable to validate the session token %s: %v", token, err)
 			return nil, errors.New(401, "incorrect api key auth")
@@ -101,8 +99,8 @@ func configureAPI(api *operations.OperatorAPI) http.Handler {

 // The TLS configuration before HTTPS server starts.
 func configureTLS(tlsConfig *tls.Config) {
-	tlsConfig.RootCAs = GlobalRootCAs
-	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
+	tlsConfig.RootCAs = restapi.GlobalRootCAs
+	tlsConfig.GetCertificate = restapi.GlobalTLSCertsManager.GetCertificate
 }

 // As soon as server is initialized but not run yet, this function will be called.
@@ -118,24 +116,6 @@ func setupMiddlewares(handler http.Handler) http.Handler {
 	return handler
 }

-func AuthenticationMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		token, err := auth.GetTokenFromRequest(r)
-		if err != nil && err != auth.ErrNoAuthToken {
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return
-		}
-		// All handlers handle appropriately to return errors
-		// based on their swagger rules, we do not need to
-		// additionally return error here, let the next ServeHTTPs
-		// handle it appropriately.
-		if token != "" {
-			r.Header.Add("Authorization", "Bearer "+token)
-		}
-		next.ServeHTTP(w, r)
-	})
-}
-
 // proxyMiddleware adds the proxy capability
 func proxyMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -150,19 +130,23 @@ func proxyMiddleware(next http.Handler) http.Handler {
 // The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
 // So this is a good place to plug in a panic handling middleware, logging and metrics.
 func setupGlobalMiddleware(handler http.Handler) http.Handler {
-	// handle cookie or authorization header for session
-	next := AuthenticationMiddleware(handler)
 	// proxy requests
-	next = proxyMiddleware(next)
+	next := proxyMiddleware(handler)
+	// if audit-log is enabled console will log all incoming request
+	next = restapi.AuditLogMiddleware(next)
 	// serve static files
 	next = restapi.FileServerMiddleware(next)
+	// add information to request context
+	next = restapi.ContextMiddleware(next)
+	// handle cookie or authorization header for session
+	next = restapi.AuthenticationMiddleware(next)
 	// Secure middleware, this middleware wrap all the previous handlers and add
 	// HTTP security headers
 	secureOptions := secure.Options{
 		AllowedHosts:                    restapi.GetSecureAllowedHosts(),
 		AllowedHostsAreRegex:            restapi.GetSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               restapi.GetSecureHostsProxyHeaders(),
-		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(GlobalPublicCerts) > 0,
+		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(restapi.GlobalPublicCerts) > 0,
 		SSLHost:                         restapi.GetSecureTLSHost(),
 		STSSeconds:                      restapi.GetSecureSTSSeconds(),
 		STSIncludeSubdomains:            restapi.GetSecureSTSIncludeSubdomains(),
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
--- a/operatorapi/error.go
+++ b/operatorapi/error.go
@@ -1,219 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package operatorapi
-
-import (
-	"errors"
-	"runtime"
-	"strings"
-
-	"github.com/go-openapi/swag"
-	"github.com/minio/console/models"
-	"github.com/minio/madmin-go"
-	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
-)
-
-var (
-	// Generic error messages
-	errorGeneric               = errors.New("an error occurred, please try again")
-	errInvalidCredentials      = errors.New("invalid Login")
-	errorGenericInvalidSession = errors.New("invalid session")
-	errorGenericUnauthorized   = errors.New("unauthorized")
-	errorGenericForbidden      = errors.New("forbidden")
-	// ErrorGenericNotFound Generic error for not found
-	ErrorGenericNotFound = errors.New("not found")
-	// Explicit error messages
-	errorInvalidErasureCodingValue        = errors.New("invalid Erasure Coding Value")
-	errorUnableToGetTenantUsage           = errors.New("unable to get tenant usage")
-	errorUnableToGetTenantLogs            = errors.New("unable to get tenant logs")
-	errorUnableToUpdateTenantCertificates = errors.New("unable to update tenant certificates")
-	errorUpdatingEncryptionConfig         = errors.New("unable to update encryption configuration")
-	errorDeletingEncryptionConfig         = errors.New("error disabling tenant encryption")
-	errorEncryptionConfigNotFound         = errors.New("encryption configuration not found")
-	errBucketBodyNotInRequest             = errors.New("error bucket body not in request")
-	errBucketNameNotInRequest             = errors.New("error bucket name not in request")
-	errGroupBodyNotInRequest              = errors.New("error group body not in request")
-	errGroupNameNotInRequest              = errors.New("error group name not in request")
-	errPolicyNameNotInRequest             = errors.New("error policy name not in request")
-	errPolicyBodyNotInRequest             = errors.New("error policy body not in request")
-	errSSENotConfigured                   = errors.New("error server side encryption configuration not found")
-	errBucketLifeCycleNotConfigured       = errors.New("error bucket life cycle configuration not found")
-	errChangePassword                     = errors.New("error please check your current password")
-	errInvalidLicense                     = errors.New("invalid license key")
-	errLicenseNotFound                    = errors.New("license not found")
-	errAvoidSelfAccountDelete             = errors.New("logged in user cannot be deleted by itself")
-	errAccessDenied                       = errors.New("access denied")
-	errTooManyNodes                       = errors.New("cannot request more nodes than what is available in the cluster")
-	errTooFewNodes                        = errors.New("there are not enough nodes in the cluster to support this tenant")
-	errTooFewSchedulableNodes             = errors.New("there is not enough schedulable nodes to satisfy this requirement")
-	errFewerThanFourNodes                 = errors.New("at least 4 nodes are required for a tenant")
-)
-
-// prepareError receives an error object and parse it against k8sErrors, returns the right error code paired with a generic error message
-func prepareError(err ...error) *models.Error {
-	errorCode := int32(500)
-	errorMessage := errorGeneric.Error()
-	if len(err) > 0 {
-		frame := getFrame(2)
-		fileParts := strings.Split(frame.File, "/")
-		LogError("original error -> (%s:%d: %v)", fileParts[len(fileParts)-1], frame.Line, err[0])
-		if k8sErrors.IsUnauthorized(err[0]) {
-			errorCode = 401
-			errorMessage = errorGenericUnauthorized.Error()
-		}
-		if k8sErrors.IsForbidden(err[0]) {
-			errorCode = 403
-			errorMessage = errorGenericForbidden.Error()
-		}
-		if k8sErrors.IsNotFound(err[0]) {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if err[0] == ErrorGenericNotFound {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidCredentials) {
-			errorCode = 401
-			errorMessage = errInvalidCredentials.Error()
-		}
-		// console invalid erasure coding value
-		if errors.Is(err[0], errorInvalidErasureCodingValue) {
-			errorCode = 400
-			errorMessage = errorInvalidErasureCodingValue.Error()
-		}
-		if errors.Is(err[0], errBucketBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errBucketNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyBodyNotInRequest.Error()
-		}
-		// console invalid session error
-		if errors.Is(err[0], errorGenericInvalidSession) {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// Bucket life cycle not configured
-		if errors.Is(err[0], errBucketLifeCycleNotConfigured) {
-			errorCode = 404
-			errorMessage = errBucketLifeCycleNotConfigured.Error()
-		}
-		// Encryption not configured
-		if errors.Is(err[0], errSSENotConfigured) {
-			errorCode = 404
-			errorMessage = errSSENotConfigured.Error()
-		}
-		// account change password
-		if madmin.ToErrorResponse(err[0]).Code == "SignatureDoesNotMatch" {
-			errorCode = 403
-			errorMessage = errChangePassword.Error()
-		}
-		if errors.Is(err[0], errLicenseNotFound) {
-			errorCode = 404
-			errorMessage = errLicenseNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidLicense) {
-			errorCode = 404
-			errorMessage = errInvalidLicense.Error()
-		}
-		if errors.Is(err[0], errAvoidSelfAccountDelete) {
-			errorCode = 403
-			errorMessage = errAvoidSelfAccountDelete.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "AccessDenied" {
-			errorCode = 403
-			errorMessage = errAccessDenied.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "InvalidAccessKeyId" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// console invalid session error
-		if madmin.ToErrorResponse(err[0]).Code == "XMinioAdminNoSuchUser" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// if we received a second error take that as friendly message but dont override the code
-		if len(err) > 1 && err[1] != nil {
-			LogError("friendly error: %v", err[1].Error())
-			errorMessage = err[1].Error()
-		}
-		// if we receive third error we just print that as debugging
-		if len(err) > 2 && err[2] != nil {
-			LogError("debugging error: %v", err[2].Error())
-		}
-
-		errRemoteTierExists := errors.New("Specified remote tier already exists") //nolint
-		if errors.Is(err[0], errRemoteTierExists) {
-			errorMessage = err[0].Error()
-		}
-		if errors.Is(err[0], errTooFewNodes) {
-			errorCode = 507
-			errorMessage = errTooFewNodes.Error()
-		}
-		if errors.Is(err[0], errTooFewSchedulableNodes) {
-			errorCode = 507
-			errorMessage = errTooFewSchedulableNodes.Error()
-		}
-		if errors.Is(err[0], errFewerThanFourNodes) {
-			errorCode = 507
-			errorMessage = errFewerThanFourNodes.Error()
-		}
-	}
-	return &models.Error{Code: errorCode, Message: swag.String(errorMessage), DetailedMessage: swag.String(err[0].Error())}
-}
-
-func getFrame(skipFrames int) runtime.Frame {
-	// We need the frame at index skipFrames+2, since we never want runtime.Callers and getFrame
-	targetFrameIndex := skipFrames + 2
-
-	// Set size to targetFrameIndex+2 to ensure we have room for one more caller than we need
-	programCounters := make([]uintptr, targetFrameIndex+2)
-	n := runtime.Callers(0, programCounters)
-
-	frame := runtime.Frame{Function: "unknown"}
-	if n > 0 {
-		frames := runtime.CallersFrames(programCounters[:n])
-		for more, frameIndex := true, 0; more && frameIndex <= targetFrameIndex; frameIndex++ {
-			var frameCandidate runtime.Frame
-			frameCandidate, more = frames.Next()
-			if frameIndex == targetFrameIndex {
-				frame = frameCandidate
-			}
-		}
-	}
-
-	return frame
-}
--- a/operatorapi/integrations.go
+++ b/operatorapi/integrations.go
@@ -112,7 +112,6 @@ func gkeIntegration(clientset *kubernetes.Clientset, tenantName string, namespac
 			Name: tenantNpSvc,
 		},
 		Spec: corev1.ServiceSpec{
-
 			Selector: map[string]string{
 				"v1.min.io/instance": tenantName,
 			},
@@ -132,7 +131,7 @@ func gkeIntegration(clientset *kubernetes.Clientset, tenantName string, namespac
 		return err
 	}

-	//NOW FOR Console
+	// NOW FOR Console
 	// create consoleManagedCertificate

 	// get a nodeport port for this tenant and create a nodeport for it
--- a/operatorapi/k8s_client.go
+++ b/operatorapi/k8s_client.go
@@ -38,6 +38,7 @@ type K8sClientI interface {
 	deleteSecret(ctx context.Context, namespace string, name string, opts metav1.DeleteOptions) error
 	createSecret(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.CreateOptions) (*v1.Secret, error)
 	updateSecret(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.UpdateOptions) (*v1.Secret, error)
+	getPVC(ctx context.Context, namespace string, pvcName string, opts metav1.GetOptions) (*v1.PersistentVolumeClaim, error)
 }

 // Interface implementation
@@ -82,3 +83,7 @@ func (c *k8sClient) getNamespace(ctx context.Context, name string, opts metav1.G
 func (c *k8sClient) getStorageClasses(ctx context.Context, opts metav1.ListOptions) (*storagev1.StorageClassList, error) {
 	return c.client.StorageV1().StorageClasses().List(ctx, opts)
 }
+
+func (c *k8sClient) getPVC(ctx context.Context, namespace string, pvcName string, opts metav1.GetOptions) (*v1.PersistentVolumeClaim, error) {
+	return c.client.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, pvcName, opts)
+}
--- a/operatorapi/login.go
+++ b/operatorapi/login.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 	"math/rand"
 	"net/http"
-	"time"

 	xoauth2 "golang.org/x/oauth2"

@@ -34,44 +33,45 @@ import (
 	"github.com/minio/console/models"
 	opauth "github.com/minio/console/operatorapi/auth"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
+
 	"github.com/minio/console/pkg/auth"
 	"github.com/minio/console/pkg/auth/idp/oauth2"
 )

 func registerLoginHandlers(api *operations.OperatorAPI) {
 	// GET login strategy
-	api.UserAPILoginDetailHandler = user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-		loginDetails, err := getLoginDetailsResponse(params.HTTPRequest)
+	api.AuthLoginDetailHandler = authApi.LoginDetailHandlerFunc(func(params authApi.LoginDetailParams) middleware.Responder {
+		loginDetails, err := getLoginDetailsResponse(params)
 		if err != nil {
-			return user_api.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
 		}
-		return user_api.NewLoginDetailOK().WithPayload(loginDetails)
+		return authApi.NewLoginDetailOK().WithPayload(loginDetails)
 	})
 	// POST login using k8s service account token
-	api.UserAPILoginOperatorHandler = user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-		loginResponse, err := getLoginOperatorResponse(params.Body)
+	api.AuthLoginOperatorHandler = authApi.LoginOperatorHandlerFunc(func(params authApi.LoginOperatorParams) middleware.Responder {
+		loginResponse, err := getLoginOperatorResponse(params)
 		if err != nil {
-			return user_api.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOperatorNoContent().WriteResponse(w, p)
+			authApi.NewLoginOperatorNoContent().WriteResponse(w, p)
 		})
 	})
 	// POST login using external IDP
-	api.UserAPILoginOauth2AuthHandler = user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-		loginResponse, err := getLoginOauth2AuthResponse(params.HTTPRequest, params.Body)
+	api.AuthLoginOauth2AuthHandler = authApi.LoginOauth2AuthHandlerFunc(func(params authApi.LoginOauth2AuthParams) middleware.Responder {
+		loginResponse, err := getLoginOauth2AuthResponse(params)
 		if err != nil {
-			return user_api.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
+			authApi.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
 		})
 	})
 }
@@ -87,23 +87,28 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
 	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), nil)
 	if err != nil {
-		LogError("error authenticating user: %v", err)
-		return nil, errInvalidCredentials
+		restapi.LogError("error authenticating user: %v", err)
+		return nil, restapi.ErrInvalidLogin
 	}
 	return &token, nil
 }

 // getLoginDetailsResponse returns information regarding the Console authentication mechanism.
-func getLoginDetailsResponse(r *http.Request) (*models.LoginDetails, *models.Error) {
+func getLoginDetailsResponse(params authApi.LoginDetailParams) (*models.LoginDetails, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	r := params.HTTPRequest
+
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""

 	if oauth2.IsIDPEnabled() {
-		loginStrategy = models.LoginDetailsLoginStrategyRedirect
+		loginStrategy = models.LoginDetailsLoginStrategyRedirectDashServiceDashAccount
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// Validate user against IDP
 		identityProvider := &auth.IdentityProvider{Client: oauth2Client}
@@ -126,31 +131,35 @@ func verifyUserAgainstIDP(ctx context.Context, provider auth.IdentityProviderI,
 	return oauth2Token, nil
 }

-func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthRequest) (*models.LoginResponse, *models.Error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
+
+	r := params.HTTPRequest
+	lr := params.Body
+
 	if oauth2.IsIDPEnabled() {
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// initialize new identity provider
 		identityProvider := auth.IdentityProvider{Client: oauth2Client}
 		// Validate user against IDP
 		_, err = verifyUserAgainstIDP(ctx, identityProvider, *lr.Code, *lr.State)
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// If we pass here that means the IDP correctly authenticate the user with the operator resource
 		// we proceed to use the service account token configured in the operator-console pod
 		creds, err := newConsoleCredentials(getK8sSAToken())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		token, err := login(restapi.ConsoleCredentials{ConsoleCredentials: creds})
 		if err != nil {
-			return nil, prepareError(errInvalidCredentials, nil, err)
+			return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 		}
 		// serialize output
 		loginResponse := &models.LoginResponse{
@@ -158,7 +167,7 @@ func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthReque
 		}
 		return loginResponse, nil
 	}
-	return nil, prepareError(errorGeneric)
+	return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)
 }

 func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
@@ -170,17 +179,22 @@ func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
 }

 // getLoginOperatorResponse validate the provided service account token against k8s api
-func getLoginOperatorResponse(lmr *models.LoginOperatorRequest) (*models.LoginResponse, *models.Error) {
+func getLoginOperatorResponse(params authApi.LoginOperatorParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	lmr := params.Body
+
 	creds, err := newConsoleCredentials(*lmr.Jwt)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	consoleCreds := restapi.ConsoleCredentials{ConsoleCredentials: creds}
 	// Set a random as access key as session identifier
 	consoleCreds.AccountAccessKey = fmt.Sprintf("%d", rand.Intn(100000-10000)+10000)
 	token, err := login(consoleCreds)
 	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
+		return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 	}
 	// serialize output
 	loginResponse := &models.LoginResponse{
--- a/operatorapi/logout.go
+++ b/operatorapi/logout.go
@@ -23,20 +23,20 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/restapi"
 )

 func registerLogoutHandlers(api *operations.OperatorAPI) {
 	// logout from console
-	api.UserAPILogoutHandler = user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, session *models.Principal) middleware.Responder {
+	api.AuthLogoutHandler = authApi.LogoutHandlerFunc(func(params authApi.LogoutParams, session *models.Principal) middleware.Responder {
 		// Custom response writer to expire the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			expiredCookie := restapi.ExpireSessionCookie()
 			// this will tell the browser to clear the cookie and invalidate user session
 			// additionally we are deleting the cookie from the client side
 			http.SetCookie(w, &expiredCookie)
-			user_api.NewLogoutOK().WriteResponse(w, p)
+			authApi.NewLogoutOK().WriteResponse(w, p)
 		})
 	})
 }
--- a/operatorapi/logs.go
+++ b/operatorapi/logs.go
@@ -25,8 +25,10 @@ import (
 	"github.com/minio/cli"
 )

-var infoLog = log.New(os.Stdout, "I: ", log.LstdFlags)
-var errorLog = log.New(os.Stdout, "E: ", log.LstdFlags)
+var (
+	infoLog  = log.New(os.Stdout, "I: ", log.LstdFlags)
+	errorLog = log.New(os.Stdout, "E: ", log.LstdFlags)
+)

 func logInfo(msg string, data ...interface{}) {
 	infoLog.Printf(msg+"\n", data...)
--- a/operatorapi/minio_operator_mock.go
+++ b/operatorapi/minio_operator_mock.go
@@ -16,5 +16,28 @@

 package operatorapi

-type opClientMock struct{}
-type httpClientMock struct{}
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type (
+	opClientMock   struct{}
+	httpClientMock struct{}
+)
+
+func createMockPVC(pvcMockName, pvcMockNamespace string) *v1.PersistentVolumeClaim {
+	var mockVolumeMode v1.PersistentVolumeMode = "mockVolumeMode"
+	mockStorage := "mockStorage"
+
+	return &v1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      pvcMockName,
+			Namespace: pvcMockNamespace,
+		},
+		Spec: v1.PersistentVolumeClaimSpec{
+			StorageClassName: &mockStorage,
+			VolumeMode:       &mockVolumeMode,
+		},
+	}
+}
--- a/operatorapi/namespaces.go
+++ b/operatorapi/namespaces.go
@@ -20,12 +20,13 @@ import (
 	"context"
 	"errors"

-	"github.com/minio/console/operatorapi/operations/operator_api"
+	xerrors "github.com/minio/console/restapi"

 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/cluster"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
+	"github.com/minio/console/operatorapi/operations/operator_api"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -33,7 +34,7 @@ import (

 func registerNamespaceHandlers(api *operations.OperatorAPI) {
 	// Add Namespace
-	//api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
+	// api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
 	api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
 		err := getNamespaceCreatedResponse(session, params)
 		if err != nil {
@@ -44,12 +45,11 @@ func registerNamespaceHandlers(api *operations.OperatorAPI) {
 }

 func getNamespaceCreatedResponse(session *models.Principal, params operator_api.CreateNamespaceParams) *models.Error {
-	ctx := context.Background()
-
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
-
 	if err != nil {
-		return prepareError(err)
+		return xerrors.ErrorWithContext(ctx, err)
 	}

 	namespace := *params.Body.Name
@@ -57,7 +57,7 @@ func getNamespaceCreatedResponse(session *models.Principal, params operator_api.
 	errCreation := getNamespaceCreated(ctx, clientset.CoreV1(), namespace)

 	if errCreation != nil {
-		return prepareError(errCreation)
+		return xerrors.ErrorWithContext(ctx, errCreation)
 	}

 	return nil
--- a/operatorapi/nodes.go
+++ b/operatorapi/nodes.go
@@ -21,6 +21,8 @@ import (
 	"errors"
 	"sort"

+	xerrors "github.com/minio/console/restapi"
+
 	"github.com/minio/minio-go/v7/pkg/set"

 	"github.com/minio/console/operatorapi/operations/operator_api"
@@ -52,8 +54,8 @@ func registerNodesHandlers(api *operations.OperatorAPI) {
 		return operator_api.NewListNodeLabelsOK().WithPayload(*resp)
 	})

-	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
-		resp, err := getAllocatableResourcesResponse(params.NumNodes, principal)
+	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, session *models.Principal) middleware.Responder {
+		resp, err := getAllocatableResourcesResponse(session, params)
 		if err != nil {
 			return operator_api.NewGetAllocatableResourcesDefault(int(err.Code)).WithPayload(err)
 		}
@@ -71,7 +73,7 @@ type NodeResourceInfo struct {
 func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface, numNodes int32) (*models.MaxAllocatableMemResponse, error) {
 	// can't request less than 4 nodes
 	if numNodes < 4 {
-		return nil, errFewerThanFourNodes
+		return nil, xerrors.ErrFewerThanFourNodes
 	}

 	// get all nodes from cluster
@@ -97,15 +99,15 @@ func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface,
 	}
 	// requesting more nodes than schedulable and less than total number of workers
 	if int(numNodes) > schedulableNodes && int(numNodes) < nonMasterNodes {
-		return nil, errTooManyNodes
+		return nil, xerrors.ErrTooManyNodes
 	}
 	if nonMasterNodes < int(numNodes) {
-		return nil, errTooFewNodes
+		return nil, xerrors.ErrTooFewNodes
 	}

 	// not enough schedulable nodes
 	if schedulableNodes < int(numNodes) {
-		return nil, errTooFewSchedulableNodes
+		return nil, xerrors.ErrTooFewAvailableNodes
 	}

 	availableMemSizes := []int64{}
@@ -177,12 +179,12 @@ func min(x, y int64) int64 {
 func getMaxAllocatableMemoryResponse(ctx context.Context, session *models.Principal, numNodes int32) (*models.MaxAllocatableMemResponse, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}

 	clusterResources, err := getMaxAllocatableMemory(ctx, client.CoreV1(), numNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
@@ -217,18 +219,17 @@ func getNodeLabels(ctx context.Context, clientset v1.CoreV1Interface) (*models.N
 func getNodeLabelsResponse(ctx context.Context, session *models.Principal) (*models.NodeLabels, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}

 	clusterResources, err := getNodeLabels(ctx, client.CoreV1())
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }

 func getClusterResourcesInfo(numNodes int32, inNodesResources []NodeResourceInfo) *models.AllocatableResourcesResponse {
-
 	// purge any nodes with 0 cpu
 	var nodesResources []NodeResourceInfo
 	for _, n := range inNodesResources {
@@ -357,16 +358,16 @@ OUTER:

 // Get allocatable resources response

-func getAllocatableResourcesResponse(numNodes int32, session *models.Principal) (*models.AllocatableResourcesResponse, *models.Error) {
-	ctx := context.Background()
+func getAllocatableResourcesResponse(session *models.Principal, params operator_api.GetAllocatableResourcesParams) (*models.AllocatableResourcesResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
-
-	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), numNodes)
+	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), params.NumNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
--- a/operatorapi/nodes_test.go
+++ b/operatorapi/nodes_test.go
@@ -30,7 +30,7 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 )

-func Test_MaxAllocatableMemory(t *testing.T) {
+func NoTestMaxAllocatableMemory(t *testing.T) {
 	type args struct {
 		ctx      context.Context
 		numNodes int32
--- a/operatorapi/operations/user_api/login_detail.go
+++ b/operatorapi/operations/user_api/login_detail.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginDetail(ctx *middleware.Context, handler LoginDetailHandler) *LoginD
 	return &LoginDetail{Context: ctx, Handler: handler}
 }

-/* LoginDetail swagger:route GET /login UserAPI loginDetail
+/* LoginDetail swagger:route GET /login Auth loginDetail

 Returns login strategy, form or sso.

--- a/operatorapi/operations/auth/login_detail_parameters.go
+++ b/operatorapi/operations/auth/login_detail_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/login_detail_responses.go
+++ b/operatorapi/operations/auth/login_detail_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_detail_urlbuilder.go
+++ b/operatorapi/operations/user_api/login_detail_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/auth/login_oauth2_auth.go
+++ b/operatorapi/operations/auth/login_oauth2_auth.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOauth2Auth(ctx *middleware.Context, handler LoginOauth2AuthHandler)
 	return &LoginOauth2Auth{Context: ctx, Handler: handler}
 }

-/* LoginOauth2Auth swagger:route POST /login/oauth2/auth UserAPI loginOauth2Auth
+/* LoginOauth2Auth swagger:route POST /login/oauth2/auth Auth loginOauth2Auth

 Identity Provider oauth2 callback endpoint.

--- a/operatorapi/operations/auth/login_oauth2_auth_parameters.go
+++ b/operatorapi/operations/auth/login_oauth2_auth_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_oauth2_auth_responses.go
+++ b/operatorapi/operations/user_api/login_oauth2_auth_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/login_oauth2_auth_urlbuilder.go
+++ b/operatorapi/operations/auth/login_oauth2_auth_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/login_operator.go
+++ b/operatorapi/operations/user_api/login_operator.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOperator(ctx *middleware.Context, handler LoginOperatorHandler) *Lo
 	return &LoginOperator{Context: ctx, Handler: handler}
 }

-/* LoginOperator swagger:route POST /login/operator UserAPI loginOperator
+/* LoginOperator swagger:route POST /login/operator Auth loginOperator

 Login to Operator Console.

--- a/operatorapi/operations/user_api/login_operator_parameters.go
+++ b/operatorapi/operations/user_api/login_operator_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_operator_responses.go
+++ b/operatorapi/operations/user_api/login_operator_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_operator_urlbuilder.go
+++ b/operatorapi/operations/user_api/login_operator_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/logout.go
+++ b/operatorapi/operations/user_api/logout.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewLogout(ctx *middleware.Context, handler LogoutHandler) *Logout {
 	return &Logout{Context: ctx, Handler: handler}
 }

-/* Logout swagger:route POST /logout UserAPI logout
+/* Logout swagger:route POST /logout Auth logout

 Logout from Operator.

--- a/operatorapi/operations/auth/logout_parameters.go
+++ b/operatorapi/operations/auth/logout_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/logout_responses.go
+++ b/operatorapi/operations/user_api/logout_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/logout_urlbuilder.go
+++ b/operatorapi/operations/auth/logout_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/session_check.go
+++ b/operatorapi/operations/user_api/session_check.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewSessionCheck(ctx *middleware.Context, handler SessionCheckHandler) *Sess
 	return &SessionCheck{Context: ctx, Handler: handler}
 }

-/* SessionCheck swagger:route GET /session UserAPI sessionCheck
+/* SessionCheck swagger:route GET /session Auth sessionCheck

 Endpoint to check if your session is still valid

--- a/operatorapi/operations/auth/session_check_parameters.go
+++ b/operatorapi/operations/auth/session_check_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/session_check_responses.go
+++ b/operatorapi/operations/user_api/session_check_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/session_check_urlbuilder.go
+++ b/operatorapi/operations/user_api/session_check_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/operator_api.go
+++ b/operatorapi/operations/operator_api.go
@@ -37,6 +37,7 @@ import (
 	"github.com/go-openapi/swag"

 	"github.com/minio/console/models"
+	"github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/operatorapi/operations/operator_api"
 	"github.com/minio/console/operatorapi/operations/user_api"
 )
@@ -81,6 +82,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIDeleteTenantHandler: operator_api.DeleteTenantHandlerFunc(func(params operator_api.DeleteTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.DeleteTenant has not yet been implemented")
 		}),
+		OperatorAPIDescribePodHandler: operator_api.DescribePodHandlerFunc(func(params operator_api.DescribePodParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.DescribePod has not yet been implemented")
+		}),
 		OperatorAPIDisableTenantLoggingHandler: operator_api.DisableTenantLoggingHandlerFunc(func(params operator_api.DisableTenantLoggingParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.DisableTenantLogging has not yet been implemented")
 		}),
@@ -93,6 +97,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIGetMaxAllocatableMemHandler: operator_api.GetMaxAllocatableMemHandlerFunc(func(params operator_api.GetMaxAllocatableMemParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.GetMaxAllocatableMem has not yet been implemented")
 		}),
+		OperatorAPIGetPVCDescribeHandler: operator_api.GetPVCDescribeHandlerFunc(func(params operator_api.GetPVCDescribeParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.GetPVCDescribe has not yet been implemented")
+		}),
 		OperatorAPIGetPVCEventsHandler: operator_api.GetPVCEventsHandlerFunc(func(params operator_api.GetPVCEventsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.GetPVCEvents has not yet been implemented")
 		}),
@@ -138,26 +145,29 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIListPVCsForTenantHandler: operator_api.ListPVCsForTenantHandlerFunc(func(params operator_api.ListPVCsForTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListPVCsForTenant has not yet been implemented")
 		}),
+		OperatorAPIListTenantCertificateSigningRequestHandler: operator_api.ListTenantCertificateSigningRequestHandlerFunc(func(params operator_api.ListTenantCertificateSigningRequestParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.ListTenantCertificateSigningRequest has not yet been implemented")
+		}),
 		OperatorAPIListTenantsHandler: operator_api.ListTenantsHandlerFunc(func(params operator_api.ListTenantsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListTenants has not yet been implemented")
 		}),
-		UserAPILoginDetailHandler: user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginDetail has not yet been implemented")
+		AuthLoginDetailHandler: auth.LoginDetailHandlerFunc(func(params auth.LoginDetailParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginDetail has not yet been implemented")
 		}),
-		UserAPILoginOauth2AuthHandler: user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOauth2Auth has not yet been implemented")
+		AuthLoginOauth2AuthHandler: auth.LoginOauth2AuthHandlerFunc(func(params auth.LoginOauth2AuthParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOauth2Auth has not yet been implemented")
 		}),
-		UserAPILoginOperatorHandler: user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOperator has not yet been implemented")
+		AuthLoginOperatorHandler: auth.LoginOperatorHandlerFunc(func(params auth.LoginOperatorParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOperator has not yet been implemented")
 		}),
-		UserAPILogoutHandler: user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.Logout has not yet been implemented")
+		AuthLogoutHandler: auth.LogoutHandlerFunc(func(params auth.LogoutParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Logout has not yet been implemented")
 		}),
 		OperatorAPIPutTenantYAMLHandler: operator_api.PutTenantYAMLHandlerFunc(func(params operator_api.PutTenantYAMLParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.PutTenantYAML has not yet been implemented")
 		}),
-		UserAPISessionCheckHandler: user_api.SessionCheckHandlerFunc(func(params user_api.SessionCheckParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.SessionCheck has not yet been implemented")
+		AuthSessionCheckHandler: auth.SessionCheckHandlerFunc(func(params auth.SessionCheckParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.SessionCheck has not yet been implemented")
 		}),
 		OperatorAPISetTenantLogsHandler: operator_api.SetTenantLogsHandlerFunc(func(params operator_api.SetTenantLogsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.SetTenantLogs has not yet been implemented")
@@ -189,6 +199,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPITenantEncryptionInfoHandler: operator_api.TenantEncryptionInfoHandlerFunc(func(params operator_api.TenantEncryptionInfoParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.TenantEncryptionInfo has not yet been implemented")
 		}),
+		OperatorAPITenantIdentityProviderHandler: operator_api.TenantIdentityProviderHandlerFunc(func(params operator_api.TenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.TenantIdentityProvider has not yet been implemented")
+		}),
 		OperatorAPITenantSecurityHandler: operator_api.TenantSecurityHandlerFunc(func(params operator_api.TenantSecurityParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.TenantSecurity has not yet been implemented")
 		}),
@@ -204,6 +217,12 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIUpdateTenantHandler: operator_api.UpdateTenantHandlerFunc(func(params operator_api.UpdateTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.UpdateTenant has not yet been implemented")
 		}),
+		OperatorAPIUpdateTenantDomainsHandler: operator_api.UpdateTenantDomainsHandlerFunc(func(params operator_api.UpdateTenantDomainsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.UpdateTenantDomains has not yet been implemented")
+		}),
+		OperatorAPIUpdateTenantIdentityProviderHandler: operator_api.UpdateTenantIdentityProviderHandlerFunc(func(params operator_api.UpdateTenantIdentityProviderParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.UpdateTenantIdentityProvider has not yet been implemented")
+		}),
 		OperatorAPIUpdateTenantSecurityHandler: operator_api.UpdateTenantSecurityHandlerFunc(func(params operator_api.UpdateTenantSecurityParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.UpdateTenantSecurity has not yet been implemented")
 		}),
@@ -268,6 +287,8 @@ type OperatorAPI struct {
 	OperatorAPIDeletePodHandler operator_api.DeletePodHandler
 	// OperatorAPIDeleteTenantHandler sets the operation handler for the delete tenant operation
 	OperatorAPIDeleteTenantHandler operator_api.DeleteTenantHandler
+	// OperatorAPIDescribePodHandler sets the operation handler for the describe pod operation
+	OperatorAPIDescribePodHandler operator_api.DescribePodHandler
 	// OperatorAPIDisableTenantLoggingHandler sets the operation handler for the disable tenant logging operation
 	OperatorAPIDisableTenantLoggingHandler operator_api.DisableTenantLoggingHandler
 	// OperatorAPIEnableTenantLoggingHandler sets the operation handler for the enable tenant logging operation
@@ -276,6 +297,8 @@ type OperatorAPI struct {
 	OperatorAPIGetAllocatableResourcesHandler operator_api.GetAllocatableResourcesHandler
 	// OperatorAPIGetMaxAllocatableMemHandler sets the operation handler for the get max allocatable mem operation
 	OperatorAPIGetMaxAllocatableMemHandler operator_api.GetMaxAllocatableMemHandler
+	// OperatorAPIGetPVCDescribeHandler sets the operation handler for the get p v c describe operation
+	OperatorAPIGetPVCDescribeHandler operator_api.GetPVCDescribeHandler
 	// OperatorAPIGetPVCEventsHandler sets the operation handler for the get p v c events operation
 	OperatorAPIGetPVCEventsHandler operator_api.GetPVCEventsHandler
 	// OperatorAPIGetParityHandler sets the operation handler for the get parity operation
@@ -306,20 +329,22 @@ type OperatorAPI struct {
 	OperatorAPIListPVCsHandler operator_api.ListPVCsHandler
 	// OperatorAPIListPVCsForTenantHandler sets the operation handler for the list p v cs for tenant operation
 	OperatorAPIListPVCsForTenantHandler operator_api.ListPVCsForTenantHandler
+	// OperatorAPIListTenantCertificateSigningRequestHandler sets the operation handler for the list tenant certificate signing request operation
+	OperatorAPIListTenantCertificateSigningRequestHandler operator_api.ListTenantCertificateSigningRequestHandler
 	// OperatorAPIListTenantsHandler sets the operation handler for the list tenants operation
 	OperatorAPIListTenantsHandler operator_api.ListTenantsHandler
-	// UserAPILoginDetailHandler sets the operation handler for the login detail operation
-	UserAPILoginDetailHandler user_api.LoginDetailHandler
-	// UserAPILoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
-	UserAPILoginOauth2AuthHandler user_api.LoginOauth2AuthHandler
-	// UserAPILoginOperatorHandler sets the operation handler for the login operator operation
-	UserAPILoginOperatorHandler user_api.LoginOperatorHandler
-	// UserAPILogoutHandler sets the operation handler for the logout operation
-	UserAPILogoutHandler user_api.LogoutHandler
+	// AuthLoginDetailHandler sets the operation handler for the login detail operation
+	AuthLoginDetailHandler auth.LoginDetailHandler
+	// AuthLoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
+	AuthLoginOauth2AuthHandler auth.LoginOauth2AuthHandler
+	// AuthLoginOperatorHandler sets the operation handler for the login operator operation
+	AuthLoginOperatorHandler auth.LoginOperatorHandler
+	// AuthLogoutHandler sets the operation handler for the logout operation
+	AuthLogoutHandler auth.LogoutHandler
 	// OperatorAPIPutTenantYAMLHandler sets the operation handler for the put tenant y a m l operation
 	OperatorAPIPutTenantYAMLHandler operator_api.PutTenantYAMLHandler
-	// UserAPISessionCheckHandler sets the operation handler for the session check operation
-	UserAPISessionCheckHandler user_api.SessionCheckHandler
+	// AuthSessionCheckHandler sets the operation handler for the session check operation
+	AuthSessionCheckHandler auth.SessionCheckHandler
 	// OperatorAPISetTenantLogsHandler sets the operation handler for the set tenant logs operation
 	OperatorAPISetTenantLogsHandler operator_api.SetTenantLogsHandler
 	// OperatorAPISetTenantMonitoringHandler sets the operation handler for the set tenant monitoring operation
@@ -340,6 +365,8 @@ type OperatorAPI struct {
 	OperatorAPITenantDetailsHandler operator_api.TenantDetailsHandler
 	// OperatorAPITenantEncryptionInfoHandler sets the operation handler for the tenant encryption info operation
 	OperatorAPITenantEncryptionInfoHandler operator_api.TenantEncryptionInfoHandler
+	// OperatorAPITenantIdentityProviderHandler sets the operation handler for the tenant identity provider operation
+	OperatorAPITenantIdentityProviderHandler operator_api.TenantIdentityProviderHandler
 	// OperatorAPITenantSecurityHandler sets the operation handler for the tenant security operation
 	OperatorAPITenantSecurityHandler operator_api.TenantSecurityHandler
 	// OperatorAPITenantUpdateCertificateHandler sets the operation handler for the tenant update certificate operation
@@ -350,6 +377,10 @@ type OperatorAPI struct {
 	OperatorAPITenantUpdatePoolsHandler operator_api.TenantUpdatePoolsHandler
 	// OperatorAPIUpdateTenantHandler sets the operation handler for the update tenant operation
 	OperatorAPIUpdateTenantHandler operator_api.UpdateTenantHandler
+	// OperatorAPIUpdateTenantDomainsHandler sets the operation handler for the update tenant domains operation
+	OperatorAPIUpdateTenantDomainsHandler operator_api.UpdateTenantDomainsHandler
+	// OperatorAPIUpdateTenantIdentityProviderHandler sets the operation handler for the update tenant identity provider operation
+	OperatorAPIUpdateTenantIdentityProviderHandler operator_api.UpdateTenantIdentityProviderHandler
 	// OperatorAPIUpdateTenantSecurityHandler sets the operation handler for the update tenant security operation
 	OperatorAPIUpdateTenantSecurityHandler operator_api.UpdateTenantSecurityHandler

@@ -451,6 +482,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIDeleteTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.DeleteTenantHandler")
 	}
+	if o.OperatorAPIDescribePodHandler == nil {
+		unregistered = append(unregistered, "operator_api.DescribePodHandler")
+	}
 	if o.OperatorAPIDisableTenantLoggingHandler == nil {
 		unregistered = append(unregistered, "operator_api.DisableTenantLoggingHandler")
 	}
@@ -463,6 +497,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIGetMaxAllocatableMemHandler == nil {
 		unregistered = append(unregistered, "operator_api.GetMaxAllocatableMemHandler")
 	}
+	if o.OperatorAPIGetPVCDescribeHandler == nil {
+		unregistered = append(unregistered, "operator_api.GetPVCDescribeHandler")
+	}
 	if o.OperatorAPIGetPVCEventsHandler == nil {
 		unregistered = append(unregistered, "operator_api.GetPVCEventsHandler")
 	}
@@ -508,26 +545,29 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIListPVCsForTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListPVCsForTenantHandler")
 	}
+	if o.OperatorAPIListTenantCertificateSigningRequestHandler == nil {
+		unregistered = append(unregistered, "operator_api.ListTenantCertificateSigningRequestHandler")
+	}
 	if o.OperatorAPIListTenantsHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListTenantsHandler")
 	}
-	if o.UserAPILoginDetailHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginDetailHandler")
+	if o.AuthLoginDetailHandler == nil {
+		unregistered = append(unregistered, "auth.LoginDetailHandler")
 	}
-	if o.UserAPILoginOauth2AuthHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOauth2AuthHandler")
+	if o.AuthLoginOauth2AuthHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOauth2AuthHandler")
 	}
-	if o.UserAPILoginOperatorHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOperatorHandler")
+	if o.AuthLoginOperatorHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOperatorHandler")
 	}
-	if o.UserAPILogoutHandler == nil {
-		unregistered = append(unregistered, "user_api.LogoutHandler")
+	if o.AuthLogoutHandler == nil {
+		unregistered = append(unregistered, "auth.LogoutHandler")
 	}
 	if o.OperatorAPIPutTenantYAMLHandler == nil {
 		unregistered = append(unregistered, "operator_api.PutTenantYAMLHandler")
 	}
-	if o.UserAPISessionCheckHandler == nil {
-		unregistered = append(unregistered, "user_api.SessionCheckHandler")
+	if o.AuthSessionCheckHandler == nil {
+		unregistered = append(unregistered, "auth.SessionCheckHandler")
 	}
 	if o.OperatorAPISetTenantLogsHandler == nil {
 		unregistered = append(unregistered, "operator_api.SetTenantLogsHandler")
@@ -559,6 +599,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPITenantEncryptionInfoHandler == nil {
 		unregistered = append(unregistered, "operator_api.TenantEncryptionInfoHandler")
 	}
+	if o.OperatorAPITenantIdentityProviderHandler == nil {
+		unregistered = append(unregistered, "operator_api.TenantIdentityProviderHandler")
+	}
 	if o.OperatorAPITenantSecurityHandler == nil {
 		unregistered = append(unregistered, "operator_api.TenantSecurityHandler")
 	}
@@ -574,6 +617,12 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIUpdateTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.UpdateTenantHandler")
 	}
+	if o.OperatorAPIUpdateTenantDomainsHandler == nil {
+		unregistered = append(unregistered, "operator_api.UpdateTenantDomainsHandler")
+	}
+	if o.OperatorAPIUpdateTenantIdentityProviderHandler == nil {
+		unregistered = append(unregistered, "operator_api.UpdateTenantIdentityProviderHandler")
+	}
 	if o.OperatorAPIUpdateTenantSecurityHandler == nil {
 		unregistered = append(unregistered, "operator_api.UpdateTenantSecurityHandler")
 	}
@@ -699,6 +748,10 @@ func (o *OperatorAPI) initHandlerCache() {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}
 	o.handlers["DELETE"]["/namespaces/{namespace}/tenants/{tenant}"] = operator_api.NewDeleteTenant(o.context, o.OperatorAPIDeleteTenantHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pods/{podName}/describe"] = operator_api.NewDescribePod(o.context, o.OperatorAPIDescribePodHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
@@ -718,6 +771,10 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/describe"] = operator_api.NewGetPVCDescribe(o.context, o.OperatorAPIGetPVCDescribeHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/events"] = operator_api.NewGetPVCEvents(o.context, o.OperatorAPIGetPVCEventsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
@@ -778,23 +835,27 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/csr"] = operator_api.NewListTenantCertificateSigningRequest(o.context, o.OperatorAPIListTenantCertificateSigningRequestHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/namespaces/{namespace}/tenants"] = operator_api.NewListTenants(o.context, o.OperatorAPIListTenantsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/login"] = user_api.NewLoginDetail(o.context, o.UserAPILoginDetailHandler)
+	o.handlers["GET"]["/login"] = auth.NewLoginDetail(o.context, o.AuthLoginDetailHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/oauth2/auth"] = user_api.NewLoginOauth2Auth(o.context, o.UserAPILoginOauth2AuthHandler)
+	o.handlers["POST"]["/login/oauth2/auth"] = auth.NewLoginOauth2Auth(o.context, o.AuthLoginOauth2AuthHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/operator"] = user_api.NewLoginOperator(o.context, o.UserAPILoginOperatorHandler)
+	o.handlers["POST"]["/login/operator"] = auth.NewLoginOperator(o.context, o.AuthLoginOperatorHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/logout"] = user_api.NewLogout(o.context, o.UserAPILogoutHandler)
+	o.handlers["POST"]["/logout"] = auth.NewLogout(o.context, o.AuthLogoutHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
@@ -802,7 +863,7 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/session"] = user_api.NewSessionCheck(o.context, o.UserAPISessionCheckHandler)
+	o.handlers["GET"]["/session"] = auth.NewSessionCheck(o.context, o.AuthSessionCheckHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
@@ -846,6 +907,10 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/identity-provider"] = operator_api.NewTenantIdentityProvider(o.context, o.OperatorAPITenantIdentityProviderHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/security"] = operator_api.NewTenantSecurity(o.context, o.OperatorAPITenantSecurityHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
@@ -863,6 +928,14 @@ func (o *OperatorAPI) initHandlerCache() {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
 	o.handlers["PUT"]["/namespaces/{namespace}/tenants/{tenant}"] = operator_api.NewUpdateTenant(o.context, o.OperatorAPIUpdateTenantHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/namespaces/{namespace}/tenants/{tenant}/domains"] = operator_api.NewUpdateTenantDomains(o.context, o.OperatorAPIUpdateTenantDomainsHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/namespaces/{namespace}/tenants/{tenant}/identity-provider"] = operator_api.NewUpdateTenantIdentityProvider(o.context, o.OperatorAPIUpdateTenantIdentityProviderHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
--- a/operatorapi/operations/operator_api/describe_pod.go
+++ b/operatorapi/operations/operator_api/describe_pod.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// DescribePodHandlerFunc turns a function with the right signature into a describe pod handler
+type DescribePodHandlerFunc func(DescribePodParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn DescribePodHandlerFunc) Handle(params DescribePodParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// DescribePodHandler interface for that can handle valid describe pod params
+type DescribePodHandler interface {
+	Handle(DescribePodParams, *models.Principal) middleware.Responder
+}
+
+// NewDescribePod creates a new http.Handler for the describe pod operation
+func NewDescribePod(ctx *middleware.Context, handler DescribePodHandler) *DescribePod {
+	return &DescribePod{Context: ctx, Handler: handler}
+}
+
+/* DescribePod swagger:route GET /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/describe OperatorAPI describePod
+
+Describe Pod
+
+*/
+type DescribePod struct {
+	Context *middleware.Context
+	Handler DescribePodHandler
+}
+
+func (o *DescribePod) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewDescribePodParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/describe_pod_parameters.go
+++ b/operatorapi/operations/operator_api/describe_pod_parameters.go
@@ -0,0 +1,136 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewDescribePodParams creates a new DescribePodParams object
+//
+// There are no default values defined in the spec.
+func NewDescribePodParams() DescribePodParams {
+
+	return DescribePodParams{}
+}
+
+// DescribePodParams contains all the bound params for the describe pod operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters DescribePod
+type DescribePodParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	PodName string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewDescribePodParams() beforehand.
+func (o *DescribePodParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rPodName, rhkPodName, _ := route.Params.GetOK("podName")
+	if err := o.bindPodName(rPodName, rhkPodName, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *DescribePodParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindPodName binds and validates parameter PodName from path.
+func (o *DescribePodParams) bindPodName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.PodName = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *DescribePodParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}
--- a/Show More
+++ b/Show More