Release v0.18.1 (#2088 )

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
Test logout in Operator API (#2085 )
2022-06-04 10:12:11 -07:00 · 2022-06-03 22:15:13 -07:00 · 2022-06-03 21:54:06 -07:00 · 2022-06-03 21:39:12 -07:00 · 2022-06-03 21:24:18 -07:00 · 2022-06-03 21:19:01 -05:00
1704 changed files with 42372 additions and 29667 deletions
--- a/.github/workflows/console-sa-secret.yaml
+++ b/.github/workflows/console-sa-secret.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: console-sa-secret
+  namespace: minio-operator
+  annotations:
+    kubernetes.io/service-account.name: console-sa
+type: kubernetes.io/service-account-token
--- a/.github/workflows/deploy-tenant.sh
+++ b/.github/workflows/deploy-tenant.sh
@@ -20,17 +20,17 @@ export SCRIPT_DIR

 source "${SCRIPT_DIR}/common.sh"

+function install_tenants() {
+	echo "Installing tenants"

+	# Install lite & kes tenants
+	try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/tenant-lite"
+	try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/tenant-kes-encryption"

-function install_tenant() {
-    echo "Installing lite tenant"
-
-	try kubectl apply -k "${SCRIPT_DIR}/../../portal-ui/tests/scripts/tenant"
-
-    echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled"
-    waitdone=0
-    totalwait=0
-    while true; do
+	echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled"
+	waitdone=0
+	totalwait=0
+	while true; do
 	waitdone=$(kubectl -n tenant-lite get pods -l v1.min.io/tenant=storage-lite --no-headers | wc -l)
 	if [ "$waitdone" -ne 0 ]; then
 	    echo "Found $waitdone pods"
@@ -39,33 +39,34 @@ function install_tenant() {
 	sleep 5
 	totalwait=$((totalwait + 5))
 	if [ "$totalwait" -gt 300 ]; then
-	    echo "Tenant never created statefulset after 5 minutes"
-	    try false
+		echo "Tenant never created statefulset after 5 minutes"
+		try false
 	fi
-    done
+	done

-    echo "Waiting for tenant pods to come online (5m timeout)"
-    try kubectl wait --namespace tenant-lite \
+	echo "Waiting for tenant pods to come online (5m timeout)"
+	try kubectl wait --namespace tenant-lite \
 	--for=condition=ready pod \
 	--selector="v1.min.io/tenant=storage-lite" \
 	--timeout=300s

-    echo "Build passes basic tenant creation"
+	echo "Build passes basic tenant creation"
 }


 function main() {
-    destroy_kind
-
-    setup_kind
-
-    install_operator
-
-    install_tenant
-
-    check_tenant_status tenant-lite storage-lite
-
-    kubectl -n minio-operator port-forward svc/console 9090 &
+	destroy_kind
+	setup_kind
+	install_operator
+	install_tenants
+	check_tenant_status tenant-lite storage-lite
+	kubectl proxy &
+	# Beginning  Kubernetes 1.24 ----> Service Account Token Secrets are not 
+	# automatically generated, to generate them manually, users must manually
+	# create the secret, for our examples where we lead people to get the JWT
+	# from the console-sa service account, they additionally need to manually
+	# generate the secret via
+	kubectl apply -f "${SCRIPT_DIR}/console-sa-secret.yaml"
 }

 main "$@"
--- a/.github/workflows/jobs.yaml
+++ b/.github/workflows/jobs.yaml
@@ -24,6 +24,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -92,6 +93,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -160,6 +162,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -256,6 +259,22 @@ jobs:
          curl -L -o nancy https://github.com/sonatype-nexus-community/nancy/releases/download/${nancy_version}/nancy-${nancy_version}-linux-amd64 && chmod +x nancy
          go list -deps -json ./... | jq -s 'unique_by(.Module.Path)|.[]|select(has("Module"))|.Module' | ./nancy sleuth

+  semgrep-static-code-analysis:
+    name: "semgrep checks"
+    runs-on: ${{ matrix.os }}
+    container:
+      image: "returntocorp/semgrep"
+    strategy:
+      matrix:
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out source code
+        uses: actions/checkout@v2
+      - name: Scanning code on ${{ matrix.os }}
+        continue-on-error: false
+        run: |
+          semgrep --config semgrep.yaml $(pwd)/portal-ui --error
+
  no-warnings-and-make-assets:
    name: "React Code Has No Warnings and then Make Assets"
    runs-on: ${{ matrix.os }}
@@ -350,6 +369,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -428,6 +448,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -506,6 +527,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -585,6 +607,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    timeout-minutes: 5
    strategy:
@@ -654,6 +677,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -722,6 +746,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -783,6 +808,75 @@ jobs:
        with:
          args: '"chrome:headless" portal-ui/tests/permissions-6/ --skip-js-errors'

+  all-permissions-7:
+    name: Permissions Tests Part 7
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '16'
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+      - name: Get yarn cache directory path
+        id: yarn-cache-dir-path
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - uses: actions/cache@v2
+        id: yarn-cache
+        name: Yarn Cache
+        with:
+          path: |
+            ${{ steps.yarn-cache-dir-path.outputs.dir }}
+            ./portal-ui/node_modules/
+            ./portal-ui/build/
+          key: ${{ runner.os }}-yarn-${{ hashFiles('./portal-ui/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+      - uses: actions/cache@v2
+        id: assets-cache
+        name: Assets Cache
+        with:
+          path: |
+            ./portal-ui/build/
+          key: ${{ runner.os }}-assets-${{ github.run_id }}
+          restore-keys: |
+            ${{ runner.os }}-assets-
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+      - name: Build Console on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make console
+      - name: Start Console, front-end app and initialize users/policies
+        run: |
+          (./console server) & (make initialize-permissions)
+      - name: Run TestCafe Tests
+        timeout-minutes: 5
+        uses: DevExpress/testcafe-action@latest
+        with:
+          args: '"chrome:headless" portal-ui/tests/permissions-7/ --skip-js-errors'
+
  all-operator-tests:
    name: Operator UI Tests
    needs:
@@ -790,6 +884,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -863,6 +958,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -900,6 +996,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -937,6 +1034,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -974,6 +1072,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -1011,6 +1110,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -1048,6 +1148,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -1085,6 +1186,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -1122,6 +1224,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
@@ -1160,6 +1263,52 @@ jobs:
            ./restapi/coverage/
          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}

+  test-operatorapi-on-go:
+    name: Test Operatorapi on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+    needs:
+      - lint-job
+      - no-warnings-and-make-assets
+      - reuse-golang-dependencies
+      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.17.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - uses: actions/cache@v2
+        name: Go Mod Cache
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ github.run_id }}
+
+      - name: Build on ${{ matrix.os }}
+        env:
+          GO111MODULE: on
+          GOOS: linux
+        run: |
+          make test-unit-test-operator
+
+      - uses: actions/cache@v2
+        id: coverage-cache-unittest-operatorapi
+        name: Coverage Cache unit test operatorAPI
+        with:
+          path: |
+            ./operatorapi/coverage/
+          key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
+
  b-integration-tests:
    name: Integration Tests with Latest Distributed MinIO
    needs:
@@ -1167,6 +1316,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest

    strategy:
@@ -1218,7 +1368,22 @@ jobs:
          echo "We are going to use the built image on test-integration";
          VERSION="minio/minio:$VERSION";
          echo $VERSION;
-          make test-integration MINIO_VERSION=$VERSION;
+          
+          echo "Create bucket for replication with versioning"
+          echo "Download mc for Ubuntu"
+          wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
+          echo "Change the permissions to execute mc command"
+          chmod +x mc
+          echo "Create the folder to put the all.out file"
+          TARGET_BUCKET=`echo $RANDOM | md5sum | head -c 20; echo;`
+          echo "TARGET_BUCKET: ${TARGET_BUCKET}"
+          ./mc mb --ignore-existing play/${TARGET_BUCKET}/
+          ./mc version enable play/${TARGET_BUCKET}
+          # Via API we are going to test:
+          # mc admin bucket remote add myminio/source https://minioadmin:minioadmin@play.min.io/target --service "replication"
+          # expected output is: Remote ARN = `arn:minio:replication::f5bdb8d7-541d-415e-aaf4-592979484ba9:target`.
+          
+          make test-integration MINIO_VERSION=$VERSION TARGET_BUCKET=$TARGET_BUCKET;

      - uses: actions/cache@v2
        id: coverage-cache
@@ -1235,6 +1400,7 @@ jobs:
      - no-warnings-and-make-assets
      - reuse-golang-dependencies
      - vulnerable-dependencies-checks
+      - semgrep-static-code-analysis
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
@@ -1250,6 +1416,7 @@ jobs:
    needs:
      - b-integration-tests
      - test-restapi-on-go
+      - test-operatorapi-on-go
      - c-operator-api-tests
      - test-pkg-on-go
      - sso-integration
@@ -1320,6 +1487,14 @@ jobs:
            ./restapi/coverage/
          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}

+      - uses: actions/cache@v2
+        id: coverage-cache-unittest-operatorapi
+        name: Coverage Cache unit test operatorAPI
+        with:
+          path: |
+            ./operatorapi/coverage/
+          key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
+
      - uses: actions/cache@v2
        id: coverage-cache-pkg
        name: Coverage Cache Pkg
@@ -1339,17 +1514,34 @@ jobs:
          echo "go build gocoverage.go"
          go build gocovmerge.go
          echo "put together the outs for final coverage resolution"
-          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out > all.out
+          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out ../operatorapi/coverage/coverage-unit-test-operatorapi.out > all.out
+          echo "Download mc for Ubuntu"
+          wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
+          echo "Change the permissions to execute mc command"
+          chmod +x mc
+          echo "Create the folder to put the all.out file"
+          ./mc mb --ignore-existing play/builds/
+          echo "Copy the all.out file to play bucket"
+          echo ${{ github.repository }}
+          echo ${{ github.event.number }}
+          echo ${{ github.run_id }}
+          # mc cp can fail due to lack of space: mc: <ERROR> Failed to copy `all.out`.
+          # Storage backend has reached its minimum free disk threshold. Please delete a few objects to proceed.
+          ./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+          ./mc cp all.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+          go tool cover -html=all.out -o coverage.html
+          ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+          ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
          echo "grep to obtain the result"
          go tool cover -func=all.out | grep total > tmp2
          result=`cat tmp2 | awk 'END {print $3}'`
          result=${result%\%}
-          echo "result:"
-          echo $result
-          threshold=36.6
+          threshold=51.50
+          echo "Result:"
+          echo "$result%"
          if (( $(echo "$result >= $threshold" |bc -l) )); then
-            echo "It is equal or greater than threshold, passed!"
+            echo "It is equal or greater than threshold ($threshold%), passed!"
          else
-            echo "It is smaller than threshold value, failed!"
+            echo "It is smaller than threshold ($threshold%) value, failed!"
            exit 1
          fi
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@ vendor/

 # Ignore executables
 target/
+!pkg/logger/target/
 console
 !console/

--- a/.golangci.yml
+++ b/.golangci.yml
@@ -16,10 +16,17 @@ linters:
    - ineffassign
    - gosimple
    - deadcode
-    - unparam
+    - structcheck
+    - gomodguard
+    - gofmt
    - unused
    - structcheck
-    - goheader
+    - unconvert
+    - varcheck
+    - gocritic
+    - gofumpt
+    - tenv
+    - durationcheck

 linters-settings:
  goheader:
--- a/.semgrepignore
+++ b/.semgrepignore
@@ -0,0 +1,33 @@
+# Ignore git items
+.gitignore
+.git/
+:include .gitignore
+
+# Common large paths
+node_modules/
+portal-ui/node_modules/
+build/
+dist/
+.idea/
+vendor/
+.env/
+.venv/
+.tox/
+*.min.js
+
+# Common test paths
+test/
+tests/
+*_test.go
+
+# Semgrep rules folder
+.semgrep
+
+# Semgrep-action log folder
+.semgrep_logs/
+
+# Ignore VsCode files
+.vscode/
+*.code-workspace
+*~
+.eslintcache
--- a/84
+++ b/84
@@ -5,6 +5,7 @@ BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty=
 BUILD_TIME:=$(shell date 2>/dev/null)
 TAG ?= "minio/console:$(BUILD_VERSION)-dev"
 MINIO_VERSION ?= "quay.io/minio/minio:latest"
+TARGET_BUCKET ?= "target"

 default: console

@@ -74,8 +75,8 @@ test-integration:
 	@echo $(MINIO_VERSION)
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 --net=mynet123 -d --name minio --rm -p 9000:9000 -p 9001:9001 -e MINIO_KMS_SECRET_KEY=my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw= $(MINIO_VERSION) server /data{1...4} --console-address ':9001' && sleep 5)
 	@(docker run --net=mynet123 --ip=173.18.0.3 --name pgsqlcontainer --rm -p 5432:5432 -e POSTGRES_PASSWORD=password -d postgres && sleep 5)
-	@echo "execute test and get coverage"
-	@(cd integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
+	@echo "execute test and get coverage for test-integration:"
+	@(cd integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && export THETARGET=$(TARGET_BUCKET) && echo "THETARGET: ${THETARGET}" && ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
 	@(docker stop pgsqlcontainer)
 	@(docker stop minio)
 	@(docker network rm mynet123)
@@ -131,29 +132,25 @@ test-replication:
 test-sso-integration:
 	@echo "create the network in bridge mode to communicate all containers"
 	@(docker network create my-net)
-	@echo "execute latest keycloak container"
+	@echo "run openldap container using MinIO Image: quay.io/minio/openldap:latest"
 	@(docker run \
-	--rm \
-	--name keycloak-container \
-	--network my-net \
-	-p 8080:8080 \
-	-e KEYCLOAK_USER=admin \
-	-e KEYCLOAK_PASSWORD=admin jboss/keycloak:latest -b 0.0.0.0 -bprivate 127.0.0.1 &)
-	@echo "wait 60 sec until keycloak is listenning on port, then go for minio server"
-	@(sleep 60)
-	@echo "execute keycloak-config-cli container to configure keycloak for Single Sign On with MinIO"
+		-e LDAP_ORGANIZATION="MinIO Inc" \
+		-e LDAP_DOMAIN="min.io" \
+		-e LDAP_ADMIN_PASSWORD="admin" \
+		--network my-net \
+		-p 389:389 \
+		-p 636:636 \
+		--name openldap \
+		--detach quay.io/minio/openldap:latest)
+	@echo "Run Dex container using MinIO Image: quay.io/minio/dex:latest"
 	@(docker run \
-	--rm \
-	--network my-net \
-	--name keycloak-config-cli \
-	-e KEYCLOAK_URL=http://keycloak-container:8080/auth \
-	-e KEYCLOAK_USER="admin" \
-	-e KEYCLOAK_PASSWORD="admin" \
-	-e KEYCLOAK_AVAILABILITYCHECK_ENABLED=true \
-	-e KEYCLOAK_AVAILABILITYCHECK_TIMEOUT=120s \
-	-e IMPORT_FILES_LOCATIONS='/config/realm-export.json' \
-	-v /home/runner/work/console/console/sso-integration/config:/config \
-	adorsys/keycloak-config-cli:latest)
+		-e DEX_ISSUER=http://dex:5556/dex \
+		-e DEX_CLIENT_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
+		-e DEX_LDAP_SERVER=openldap:389 \
+		--network my-net \
+		-p 5556:5556 \
+		--name dex \
+		--detach quay.io/minio/dex:latest)
 	@echo "running minio server"
 	@(docker run \
 	-v /data1 -v /data2 -v /data3 -v /data4 \
@@ -163,19 +160,22 @@ test-sso-integration:
 	--rm \
 	-p 9000:9000 \
 	-p 9001:9001 \
-	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET=0nfJuqIt0iPnRIUJkvetve5l38C6gi9W \
+	-e MINIO_IDENTITY_OPENID_CLIENT_ID="minio-client-app" \
+	-e MINIO_IDENTITY_OPENID_CLIENT_SECRET="minio-client-app-secret" \
+	-e MINIO_IDENTITY_OPENID_CLAIM_NAME=name \
+	-e MINIO_IDENTITY_OPENID_CONFIG_URL=http://dex:5556/dex/.well-known/openid-configuration \
+	-e MINIO_IDENTITY_OPENID_REDIRECT_URI=http://127.0.0.1:9090/oauth_callback \
 	-e MINIO_ROOT_USER=minio \
 	-e MINIO_ROOT_PASSWORD=minio123 $(MINIO_VERSION) server /data{1...4} --address :9000 --console-address :9001)
-	@(sleep 60)
-	@echo "run mc commands"
+	@echo "run mc commands to set the policy"
 	@(docker run --name minio-client --network my-net -dit --entrypoint=/bin/sh minio/mc)
 	@(docker exec minio-client mc alias set myminio/ http://minio:9000 minio minio123)
-	@(docker exec minio-client mc admin config set myminio identity_openid config_url="http://keycloak-container:8080/auth/realms/myrealm/.well-known/openid-configuration" client_id="account")
-	@(docker exec minio-client mc admin service restart myminio)
+	@echo "adding policy to Dillon Harper to be able to login:"
+	@(cd sso-integration && docker cp allaccess.json minio-client:/ && docker exec minio-client mc admin policy add myminio "Dillon Harper" allaccess.json)
 	@echo "starting bash script"
 	@(env bash $(PWD)/sso-integration/set-sso.sh)
-	@echo "install jq"
-	@(sudo apt install jq)
+	@echo "add python module"
+	@(pip3 install bs4)
 	@echo "Executing the test:"
 	@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)

@@ -203,6 +203,26 @@ test-permissions-3:
 	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-3/")
 	@(docker stop minio)

+test-permissions-4:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-4/")
+	@(docker stop minio)
+
+test-permissions-5:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-5/")
+	@(docker stop minio)
+
+test-permissions-6:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-6/")
+	@(docker stop minio)
+
+test-permissions-7:
+	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
+	@(env bash $(PWD)/portal-ui/tests/scripts/permissions.sh "portal-ui/tests/permissions-7/")
+	@(docker stop minio)
+
 test-apply-permissions:
 	@(env bash $(PWD)/portal-ui/tests/scripts/initialize-env.sh)

@@ -223,6 +243,10 @@ test:
 	@echo "execute test and get coverage"
 	@(cd restapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage.out)

+test-unit-test-operator:
+	@echo "execute unit test and get coverage for operatorapi"
+	@(cd operatorapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-unit-test-operatorapi.out)
+
 test-pkg:
 	@echo "execute test and get coverage"
 	@(cd pkg && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-pkg.out)
--- a/cluster/cluster.go
+++ b/cluster/cluster.go
@@ -25,8 +25,8 @@ import (

 // getTLSClientConfig will return the right TLS configuration for the K8S client based on the configured TLS certificate
 func getTLSClientConfig() rest.TLSClientConfig {
-	var defaultRootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-	var customRootCAFile = getK8sAPIServerTLSRootCA()
+	defaultRootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	customRootCAFile := getK8sAPIServerTLSRootCA()
 	tlsClientConfig := rest.TLSClientConfig{}
 	// if console is running inside k8s by default he will have access to the CA Cert from the k8s local authority
 	if _, err := certutil.NewPool(defaultRootCAFile); err == nil {
--- a/cluster/config.go
+++ b/cluster/config.go
@@ -23,6 +23,8 @@ import (
 	"strings"
 	"time"

+	xhttp "github.com/minio/console/pkg/http"
+
 	"github.com/minio/console/pkg/utils"

 	"github.com/minio/pkg/env"
@@ -68,7 +70,7 @@ func GetMinioImage() (*string, error) {
 		return &image, nil
 	}
 	latestMinIOImage, errLatestMinIOImage := utils.GetLatestMinIOImage(
-		&utils.HTTPClient{
+		&xhttp.Client{
 			Client: &http.Client{
 				Timeout: 5 * time.Second,
 			},
--- a/cmd/console/app_commands.go
+++ b/cmd/console/app_commands.go
@@ -20,10 +20,14 @@
 package main

 import (
+	"context"
+	"fmt"
 	"os"
 	"strconv"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -36,15 +40,27 @@ var appCmds = []cli.Command{

 // StartServer starts the console service
 func StartServer(ctx *cli.Context) error {
-	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
-		return startOperatorServer(ctx)
-	}
-
+	// Load all certificates
 	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
 		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
+	if os.Getenv("CONSOLE_OPERATOR_MODE") != "" && os.Getenv("CONSOLE_OPERATOR_MODE") == "on" {
+		return startOperatorServer(ctx)
+	}
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)
--- a/cmd/console/app_commands_noop.go
+++ b/cmd/console/app_commands_noop.go
@@ -20,9 +20,13 @@
 package main

 import (
+	"context"
+	"fmt"
 	"strconv"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/cli"
 	"github.com/minio/console/restapi"
 )
@@ -39,6 +43,17 @@ func StartServer(ctx *cli.Context) error {
 		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx restapi.Context
 	if err := rctx.Load(ctx); err != nil {
 		restapi.LogError("argument validation failed: %v", err)
--- a/cmd/console/operator.go
+++ b/cmd/console/operator.go
@@ -2,7 +2,7 @@
 // +build operator

 // This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2022 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -20,6 +20,7 @@
 package main

 import (
+	"context"
 	"fmt"
 	"io/ioutil"
 	"path/filepath"
@@ -27,6 +28,8 @@ import (
 	"syscall"
 	"time"

+	"github.com/minio/console/pkg/logger"
+
 	"github.com/minio/console/restapi"

 	"github.com/go-openapi/loads"
@@ -106,7 +109,7 @@ func buildOperatorServer() (*operatorapi.Server, error) {
 	}

 	api := operations.NewOperatorAPI(swaggerSpec)
-	api.Logger = operatorapi.LogInfo
+	api.Logger = restapi.LogInfo
 	server := operatorapi.NewServer(api)

 	parser := flags.NewParser(server, flags.Default)
@@ -147,7 +150,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 	}

 	// load the certificates and the CAs
-	operatorapi.GlobalRootCAs, operatorapi.GlobalPublicCerts, operatorapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager, err = certs.GetAllCertificatesAndCAs()
 	if err != nil {
 		return fmt.Errorf("unable to load certificates at %s: failed with %w", certs.GlobalCertsDir.Get(), err)
 	}
@@ -159,12 +162,12 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		swaggerServerCACertificate := ctx.String("tls-ca")
 		// load tls cert and key from swagger server tls-certificate and tls-key flags
 		if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
-			if err = operatorapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
+			if err = restapi.GlobalTLSCertsManager.AddCertificate(swaggerServerCertificate, swaggerServerCertificateKey); err != nil {
 				return err
 			}
 			x509Certs, err := certs.ParsePublicCertFile(swaggerServerCertificate)
 			if err == nil {
-				operatorapi.GlobalPublicCerts = append(operatorapi.GlobalPublicCerts, x509Certs...)
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs...)
 			}
 		}

@@ -172,7 +175,7 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		if swaggerServerCACertificate != "" {
 			caCert, caCertErr := ioutil.ReadFile(swaggerServerCACertificate)
 			if caCertErr == nil {
-				operatorapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+				restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
 			}
 		}
 	}
@@ -186,20 +189,31 @@ func loadOperatorAllCerts(ctx *cli.Context) error {

 // StartServer starts the console service
 func startOperatorServer(ctx *cli.Context) error {
-	if err := loadOperatorAllCerts(ctx); err != nil {
+	if err := loadAllCerts(ctx); err != nil {
 		// Log this as a warning and continue running console without TLS certificates
-		operatorapi.LogError("Unable to load certs: %v", err)
+		restapi.LogError("Unable to load certs: %v", err)
 	}

+	xctx := context.Background()
+	transport := restapi.PrepareSTSClientTransport(false)
+	if err := logger.InitializeLogger(xctx, transport); err != nil {
+		fmt.Println("error InitializeLogger", err)
+		logger.CriticalIf(xctx, err)
+	}
+	// custom error configuration
+	restapi.LogInfo = logger.Info
+	restapi.LogError = logger.Error
+	restapi.LogIf = logger.LogIf
+
 	var rctx operatorapi.Context
 	if err := rctx.Load(ctx); err != nil {
-		operatorapi.LogError("argument validation failed: %v", err)
+		restapi.LogError("argument validation failed: %v", err)
 		return err
 	}

 	server, err := buildOperatorServer()
 	if err != nil {
-		operatorapi.LogError("Unable to initialize console server: %v", err)
+		restapi.LogError("Unable to initialize console server: %v", err)
 		return err
 	}

@@ -212,7 +226,7 @@ func startOperatorServer(ctx *cli.Context) error {
 	operatorapi.Port = strconv.Itoa(server.Port)
 	operatorapi.Hostname = server.Host

-	if len(operatorapi.GlobalPublicCerts) > 0 {
+	if len(restapi.GlobalPublicCerts) > 0 {
 		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
 		server.EnabledListeners = []string{"http", "https"}
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cheggaaa/pb/v3 v3.0.8
 	github.com/dustin/go-humanize v1.0.0
+	github.com/fatih/color v1.13.0
 	github.com/go-openapi/errors v0.20.2
 	github.com/go-openapi/loads v0.21.1
 	github.com/go-openapi/runtime v0.23.3
@@ -14,16 +15,18 @@ require (
 	github.com/go-openapi/swag v0.21.1
 	github.com/go-openapi/validate v0.21.0
 	github.com/golang-jwt/jwt/v4 v4.4.1
+	github.com/google/uuid v1.3.0
 	github.com/gorilla/websocket v1.5.0
 	github.com/jessevdk/go-flags v1.5.0
 	github.com/klauspost/compress v1.15.1
 	github.com/minio/cli v1.22.0
+	github.com/minio/highwayhash v1.0.2
 	github.com/minio/kes v0.19.2
-	github.com/minio/madmin-go v1.3.12
-	github.com/minio/mc v0.0.0-20220419155441-cc4ff3a0cc82
-	github.com/minio/minio-go/v7 v7.0.24
+	github.com/minio/madmin-go v1.3.14
+	github.com/minio/mc v0.0.0-20220512134321-aa60a8db1e4d
+	github.com/minio/minio-go/v7 v7.0.26
 	github.com/minio/operator v0.0.0-20220414212219-ba4c097324b2
-	github.com/minio/pkg v1.1.21
+	github.com/minio/pkg v1.1.23
 	github.com/minio/selfupdate v0.4.0
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/rs/xid v1.4.0
@@ -38,6 +41,7 @@ require (
 	k8s.io/api v0.23.5
 	k8s.io/apimachinery v0.23.5
 	k8s.io/client-go v0.23.5
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
 )

 require (
@@ -57,7 +61,6 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
-	github.com/fatih/color v1.13.0 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/gdamore/tcell/v2 v2.4.1-0.20210905002822-f057f0a857a1 // indirect
@@ -74,7 +77,6 @@ require (
 	github.com/google/go-cmp v0.5.7 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/gnostic v0.5.5 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -103,13 +105,14 @@ require (
 	github.com/mitchellh/mapstructure v1.4.3 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/montanaflynn/stats v0.6.6 // indirect
 	github.com/muesli/ansi v0.0.0-20211031195517-c9f0611b6c70 // indirect
 	github.com/muesli/reflow v0.3.0 // indirect
 	github.com/muesli/termenv v0.11.1-0.20220212125758-44cd13922739 // indirect
 	github.com/navidys/tvxwidgets v0.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
-	github.com/philhofer/fwd v1.1.1 // indirect
+	github.com/philhofer/fwd v1.1.2-0.20210722190033-5c56ac6d0bb9 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pkg/xattr v0.4.5 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
@@ -117,8 +120,9 @@ require (
 	github.com/power-devops/perfstat v0.0.0-20220216144756-c35f1ee13d7c // indirect
 	github.com/prometheus/client_golang v1.12.1 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/common v0.33.0 // indirect
 	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/prom2json v1.3.1 // indirect
 	github.com/rivo/tview v0.0.0-20220216162559-96063d6082f3 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/rjeczalik/notify v0.9.2 // indirect
@@ -126,7 +130,7 @@ require (
 	github.com/sirupsen/logrus v1.8.1 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
-	github.com/tinylib/msgp v1.1.6 // indirect
+	github.com/tinylib/msgp v1.1.7-0.20211026165309-e818a1881b0e // indirect
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
@@ -152,7 +156,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	k8s.io/klog/v2 v2.40.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect
-	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
 	maze.io/x/duration v0.0.0-20160924141736-faac084b6075 // indirect
 	sigs.k8s.io/controller-runtime v0.11.1 // indirect
 	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
--- a/go.sum
+++ b/go.sum
--- a/integration/access_rules_test.go
+++ b/integration/access_rules_test.go
@@ -0,0 +1,216 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddAccessRuleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddBucket("testaccessruleadd", false, false, nil, nil)
+
+	type args struct {
+		bucket string
+		prefix string
+		access string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Access Rule - Valid",
+			args: args{
+				bucket: "testaccessruleadd",
+				prefix: "/test/",
+				access: "readonly",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Add Access Rule - Invalid",
+			args: args{
+				bucket: "testaccessruleadd",
+				prefix: "/test/",
+				access: "readonl",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Add Access Rule - Invalid Bucket",
+			args: args{
+				bucket: "fakebucket",
+				prefix: "/test/",
+				access: "readonl",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["prefix"] = tt.args.prefix
+			requestDataPolicy["access"] = tt.args.access
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1/bucket/%s/access-rules", tt.args.bucket), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_GetAccessRulesAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddBucket("testaccessruleget", false, false, nil, nil)
+
+	type args struct {
+		bucket string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Access Rule - Valid",
+			args: args{
+				bucket: "testaccessruleget",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/bucket/%s/access-rules", tt.args.bucket), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_DeleteAccessRuleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddBucket("testaccessruledelete", false, false, nil, nil)
+
+	type args struct {
+		prefix string
+		access string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Delete Access Rule - Valid",
+			args: args{
+				prefix: "/test/",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["prefix"] = tt.args.prefix
+			requestDataPolicy["access"] = tt.args.access
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"DELETE", "http://localhost:9090/api/v1/bucket/testaccessruledelete/access-rules", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
--- a/integration/admin_api_integration_test.go
+++ b/integration/admin_api_integration_test.go
@@ -154,7 +154,6 @@ func NotifyPostgres() (*http.Response, error) {
 }

 func TestNotifyPostgres(t *testing.T) {
-
 	// Variables
 	assert := assert.New(t)

@@ -170,11 +169,9 @@ func TestNotifyPostgres(t *testing.T) {
 	if response != nil {
 		assert.Equal(200, response.StatusCode, finalResponse)
 	}
-
 }

 func TestRestartService(t *testing.T) {
-
 	assert := assert.New(t)
 	restartResponse, restartError := RestartService()
 	assert.Nil(restartError)
@@ -190,7 +187,6 @@ func TestRestartService(t *testing.T) {
 			addObjRsp,
 		)
 	}
-
 }

 func ListPoliciesWithBucket(bucketName string) (*http.Response, error) {
@@ -214,7 +210,6 @@ func ListPoliciesWithBucket(bucketName string) (*http.Response, error) {
 }

 func TestListPoliciesWithBucket(t *testing.T) {
-
 	// Test Variables
 	bucketName := "testlistpolicieswithbucket"
 	assert := assert.New(t)
@@ -234,7 +229,6 @@ func TestListPoliciesWithBucket(t *testing.T) {
 			parsedResponse,
 		)
 	}
-
 }

 func ListUsersWithAccessToBucket(bucketName string) (*http.Response, error) {
@@ -258,7 +252,6 @@ func ListUsersWithAccessToBucket(bucketName string) (*http.Response, error) {
 }

 func TestListUsersWithAccessToBucket(t *testing.T) {
-
 	// Test Variables
 	bucketName := "testlistuserswithaccesstobucket1"
 	assert := assert.New(t)
@@ -278,11 +271,9 @@ func TestListUsersWithAccessToBucket(t *testing.T) {
 			parsedResponse,
 		)
 	}
-
 }

 func TestGetNodes(t *testing.T) {
-
 	assert := assert.New(t)
 	getNodesResponse, getNodesError := GetNodes()
 	assert.Nil(getNodesError)
@@ -298,7 +289,6 @@ func TestGetNodes(t *testing.T) {
 			addObjRsp,
 		)
 	}
-
 }

 func ArnList() (*http.Response, error) {
--- a/integration/buckets_test.go
+++ b/integration/buckets_test.go
@@ -56,8 +56,7 @@ func inspectHTTPResponse(httpResponse *http.Response) string {
 }

 func initConsoleServer() (*restapi.Server, error) {
-
-	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
+	// os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")

 	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
 	if err != nil {
@@ -79,7 +78,7 @@ func initConsoleServer() (*restapi.Server, error) {
 	// register all APIs
 	server.ConfigureAPI()

-	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
+	// restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts

 	consolePort, _ := strconv.Atoi("9090")

@@ -92,7 +91,6 @@ func initConsoleServer() (*restapi.Server, error) {
 }

 func TestMain(m *testing.M) {
-
 	// start console server
 	go func() {
 		fmt.Println("start server")
@@ -103,7 +101,6 @@ func TestMain(m *testing.M) {
 			return
 		}
 		srv.Serve()
-
 	}()

 	fmt.Println("sleeping")
@@ -132,7 +129,6 @@ func TestMain(m *testing.M) {
 	request.Header.Add("Content-Type", "application/json")

 	response, err := client.Do(request)
-
 	if err != nil {
 		log.Println(err)
 		return
@@ -162,7 +158,7 @@ func TestMain(m *testing.M) {

 	requestDataBody = bytes.NewReader(requestDataJSON)

-	// get list of buckets
+	// delete bucket
 	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test1", requestDataBody)
 	if err != nil {
 		log.Println(err)
--- a/integration/config_test.go
+++ b/integration/config_test.go
@@ -0,0 +1,250 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_ConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	tests := []struct {
+		name           string
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name:           "Config - Valid",
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/configs", nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_GetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Config - Valid",
+			args: args{
+				name: "storage_class",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Config - Invalid",
+			args: args{
+				name: "asdf",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s", tt.args.name), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name      string
+		keyValues []map[string]interface{}
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Config - Valid",
+			args: args{
+				name:      "region",
+				keyValues: []map[string]interface{}{{"key": "name", "value": "testServer"}, {"key": "region", "value": "us-west-1"}},
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Config - Invalid",
+			args: args{
+				name:      "regiontest",
+				keyValues: []map[string]interface{}{{"key": "name", "value": "testServer"}, {"key": "region", "value": "us-west-1"}},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataPolicy["key_values"] = tt.args.keyValues
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s", tt.args.name), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_ResetConfigAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		name string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Reset Config - Valid",
+			args: args{
+				name: "region",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Reset Config - Invalid",
+			args: args{
+				name: "regiontest",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", fmt.Sprintf("http://localhost:9090/api/v1/configs/%s/reset", tt.args.name), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
--- a/integration/groups_test.go
+++ b/integration/groups_test.go
@@ -0,0 +1,351 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_AddGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member1", "testtest", []string{}, []string{"consoleAdmin"})
+
+	type args struct {
+		group   string
+		members []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Create Group - Valid",
+			args: args{
+				group:   "test",
+				members: []string{"member1"},
+			},
+			expectedStatus: 201,
+			expectedError:  nil,
+		},
+		{
+			name: "Create Group - Invalid",
+			args: args{
+				group:   "test",
+				members: []string{},
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["group"] = tt.args.group
+			requestDataPolicy["members"] = tt.args.members
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"POST", "http://localhost:9090/api/v1/groups", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_GetGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member2", "testtest", []string{}, []string{"consoleAdmin"})
+	AddGroup("getgroup1", []string{"member2"})
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Group - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("getgroup1")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Group - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("askfjalkd")),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_ListGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	tests := []struct {
+		name           string
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name:           "Get Group - Valid",
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"GET", "http://localhost:9090/api/v1/groups", requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_PutGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("member3", "testtest", []string{}, []string{"consoleAdmin"})
+	AddGroup("putgroup1", []string{})
+
+	type args struct {
+		api     string
+		members []string
+		status  string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Put Group - Valid",
+			args: args{
+				api:     base64.StdEncoding.EncodeToString([]byte("putgroup1")),
+				members: []string{"member3"},
+				status:  "enabled",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "Put Group - Invalid",
+			args: args{
+				api:     base64.StdEncoding.EncodeToString([]byte("gdgfdfgd")),
+				members: []string{"member3"},
+				status:  "enabled",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataPolicy["members"] = tt.args.members
+			requestDataPolicy["status"] = tt.args.status
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
+
+func Test_DeleteGroupAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("grouptests1", []string{})
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+		verb           string
+	}{
+		{
+			name: "Delete Group - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests1")),
+			},
+			verb:           "DELETE",
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Delete Group - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests12345")),
+			},
+			verb:           "DELETE",
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+		{
+			name: "Access Group After Delete - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("grouptests1")),
+			},
+			verb:           "GET",
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				tt.verb, fmt.Sprintf("http://localhost:9090/api/v1/group/%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+			}
+		})
+	}
+}
--- a/integration/inspect_test.go
+++ b/integration/inspect_test.go
@@ -0,0 +1,106 @@
+package integration
+
+import (
+	"fmt"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Inspect(volume string, file string, enc bool) (*http.Response, error) {
+	requestURL := fmt.Sprintf("http://localhost:9090/api/v1/admin/inspect?volume=%s&file=%s&encrypt=%t", volume, file, enc)
+	request, err := http.NewRequest(
+		"GET", requestURL, nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestInspect(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		volume  string
+		file    string
+		encrypt bool
+	}
+
+	// Inspect returns successful response always
+	tests := []struct {
+		name          string
+		args          args
+		expStatusCode int
+		expectedError bool
+	}{
+		{
+			name: "Test Invalid Path",
+			args: args{
+				volume:  "/test-with-slash",
+				file:    "/test-with-slash",
+				encrypt: false,
+			},
+			expStatusCode: 200,
+			expectedError: false,
+		},
+
+		{
+			name: "Test Invalid characters in Path",
+			args: args{
+				volume:  "//test",
+				file:    "//bucket",
+				encrypt: false,
+			},
+			expStatusCode: 200,
+			expectedError: true,
+		},
+		{
+			name: "Test valid bucket",
+			args: args{
+				volume:  "test-bucket",
+				file:    "test.txt",
+				encrypt: true,
+			},
+			expStatusCode: 200,
+			expectedError: false,
+		},
+		{
+			name: "Test Empty Path", // Un processable entity error
+			args: args{
+				volume:  "",
+				file:    "",
+				encrypt: false,
+			},
+			expStatusCode: 422,
+			expectedError: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resp, err := Inspect(tt.args.volume, tt.args.file, tt.args.encrypt)
+			if tt.expectedError {
+				assert.Nil(err)
+				if err != nil {
+					log.Println(err)
+					return
+				}
+			}
+			if resp != nil {
+				assert.Equal(
+					tt.expStatusCode,
+					resp.StatusCode,
+				)
+			}
+		})
+	}
+}
--- a/integration/login_test.go
+++ b/integration/login_test.go
@@ -32,7 +32,6 @@ import (
 )

 func TestLoginStrategy(t *testing.T) {
-
 	assert := assert.New(t)

 	// image for now:
@@ -70,11 +69,9 @@ func TestLoginStrategy(t *testing.T) {
 		assert.Equal(models.LoginDetailsLoginStrategyForm, loginDetails.LoginStrategy, "Login Details don't match")

 	}
-
 }

 func TestLogout(t *testing.T) {
-
 	assert := assert.New(t)

 	// image for now:
@@ -133,5 +130,34 @@ func TestLogout(t *testing.T) {
 	assert.NotNil(response, "Logout response is nil")
 	assert.Nil(err, "Logout errored out")
 	assert.Equal(response.StatusCode, 200)
-
+}
+
+func TestBadLogin(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadminbad",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	assert.Equal(response.StatusCode, 500, "Login request not rejected")
+	assert.NotNil(response, "Login response is  nil")
+	assert.Nil(err, "Login errored out")
 }
--- a/integration/objects_test.go
+++ b/integration/objects_test.go
@@ -34,7 +34,6 @@ import (
 )

 func TestObjectGet(t *testing.T) {
-
 	// for setup we'll create a bucket and upload a file
 	endpoint := "localhost:9000"
 	accessKeyID := "minioadmin"
@@ -194,5 +193,4 @@ func TestObjectGet(t *testing.T) {
 			}
 		})
 	}
-
 }
--- a/integration/policy_test.go
+++ b/integration/policy_test.go
@@ -18,8 +18,10 @@ package integration

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"testing"
@@ -30,7 +32,64 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func Test_PolicyAPI(t *testing.T) {
+func AddPolicy(name, definition string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":   name,
+		"policy": definition,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"POST", "http://localhost:9090/api/v1/policies", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func SetPolicy(policies []string, entityName, entityType string) (*http.Response, error) {
+	/*
+		This is an atomic function to add user and can be reused across
+		different functions.
+	*/
+	client := &http.Client{
+		Timeout: 3 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       policies,
+		"entityType": entityType,
+		"entityName": entityName,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"PUT", "http://localhost:9090/api/v1/set-policy", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	return response, err
+}
+
+func Test_AddPolicyAPI(t *testing.T) {
 	assert := assert.New(t)

 	type args struct {
@@ -69,11 +128,12 @@ func Test_PolicyAPI(t *testing.T) {
 			expectedStatus: 201,
 			expectedError:  nil,
 		},
+
 		{
 			name: "Create Policy - Invalid",
 			args: args{
 				api:  "/policies",
-				name: "test",
+				name: "test2",
 				policy: swag.String(`
  {
  "Version": "2012-10-17",
@@ -94,20 +154,42 @@ func Test_PolicyAPI(t *testing.T) {
 			expectedStatus: 500,
 			expectedError:  nil,
 		},
+		{
+			name: "Create Policy - Space in Name",
+			args: args{
+				api:  "/policies",
+				name: "space test",
+				policy: swag.String(`
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}`),
+			},
+			expectedStatus: 400,
+			expectedError:  nil,
+		},
 	}

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			client := &http.Client{
 				Timeout: 3 * time.Second,
 			}

-			// Add policy
-
 			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
 			if tt.args.policy != nil {
-				requestDataPolicy["name"] = tt.args.name
 				requestDataPolicy["policy"] = *tt.args.policy
 			}

@@ -127,10 +209,654 @@ func Test_PolicyAPI(t *testing.T) {
 				return
 			}
 			if response != nil {
-				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser1", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup123", []string{})
+	AddPolicy("setpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api        string
+		entityType string
+		entityName string
+		policyName []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "user",
+				entityName: "policyuser1",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"setpolicytest"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Invalid",
+			args: args{
+				api:        "/set-policy",
+				policyName: []string{"test3"},
+				entityType: "group",
+				entityName: "testgroup123",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["entityName"] = tt.args.entityName
+			requestDataPolicy["entityType"] = tt.args.entityType
+			if tt.args.policyName != nil {
+				requestDataPolicy["name"] = tt.args.policyName
+			}
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_SetPolicyMultipleAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser2", "testtest", []string{}, []string{"readwrite"})
+	AddUser("policyuser3", "testtest", []string{}, []string{"readwrite"})
+	AddGroup("testgroup1234", []string{})
+	AddPolicy("setpolicytest2", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api    string
+		users  []string
+		groups []string
+		name   []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Set Policy - Valid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"setpolicytest2"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy - Invalid",
+			args: args{
+				api:   "/set-policy-multi",
+				name:  []string{"test3"},
+				users: []string{"policyuser2", "policyuser3"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest2"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Set Policy Group - Valid",
+			args: args{
+				api:    "/set-policy-multi",
+				name:   []string{"setpolicytest23"},
+				groups: []string{"testgroup1234"},
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			requestDataPolicy := map[string]interface{}{}
+			requestDataPolicy["name"] = tt.args.name
+			requestDataPolicy["users"] = tt.args.users
+			requestDataPolicy["groups"] = tt.args.groups
+
+			requestDataJSON, _ := json.Marshal(requestDataPolicy)
+			requestDataBody := bytes.NewReader(requestDataJSON)
+			request, err := http.NewRequest(
+				"PUT", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), requestDataBody)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_ListPoliciesAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Policies",
+			args: args{
+				api: "/policies",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_GetPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("getpolicytest", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get Policies - Invalid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("test3")),
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policies - Valid",
+			args: args{
+				api: base64.StdEncoding.EncodeToString([]byte("getpolicytest")),
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1/policy/%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_PolicyListUsersAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddUser("policyuser4", "testtest", []string{}, []string{"readwrite"})
+	AddPolicy("policylistusers", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistusers"}, "policyuser4", "user")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("policylistusers")) + "/users",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("test2")) + "/users",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"policyuser4\"]\n", string(bodyBytes))
+				}
+			}
+		})
+	}
+}
+
+func Test_PolicyListGroupsAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddGroup("testgroup12345", []string{})
+	AddPolicy("policylistgroups", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	SetPolicy([]string{"policylistgroups"}, "testgroup12345", "group")
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "List Users for Policy - Valid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("policylistgroups")) + "/groups",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+		{
+			name: "List Users for Policy - Invalid",
+			args: args{
+				api: "/policies/" + base64.StdEncoding.EncodeToString([]byte("test3")) + "/groups",
+			},
+			expectedStatus: 404,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				bodyBytes, _ := ioutil.ReadAll(response.Body)
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+				if response.StatusCode == 200 {
+					assert.Equal("[\"testgroup12345\"]\n", string(bodyBytes))
+				}
+			}
+		})
+	}
+}
+
+func Test_DeletePolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	AddPolicy("testdelete", `
+  {
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:GetObject"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+  }`)
+	type args struct {
+		api    string
+		method string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Delete Policies - Valid",
+			args: args{
+				api:    base64.StdEncoding.EncodeToString([]byte("testdelete")),
+				method: "DELETE",
+			},
+			expectedStatus: 204,
+			expectedError:  nil,
+		},
+		{
+			name: "Get Policy After Delete - Invalid",
+			args: args{
+				api:    base64.StdEncoding.EncodeToString([]byte("testdelete")),
+				method: "GET",
+			},
+			expectedStatus: 500,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				tt.args.method, fmt.Sprintf("http://localhost:9090/api/v1/policy/%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
+}
+
+func Test_GetAUserPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+	// Create a User with a Policy to use for testing
+	groups := []string{}
+	policies := []string{"readwrite"}
+	_, err := AddUser("getuserpolicyuser", "secretKey", groups, policies)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	// encode usernames to pass to api
+	bName := []byte("getuserpolicyuser")
+	fName := []byte("failname")
+	encodedName := base64.URLEncoding.EncodeToString(bName)
+	encodedFailName := base64.URLEncoding.EncodeToString(fName)
+
+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get User Policy - Invalid",
+			args: args{
+				api: "/user/" + encodedFailName + "/policies",
+			},
+			expectedStatus: 401,
+			expectedError:  nil,
+		},
+		{
+			name: "Get User Policy - Valid",
+			args: args{
+				api: "/user/" + encodedName + "/policies",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
 			}
-
 		})
 	}
-
 }
--- a/integration/profiling_test.go
+++ b/integration/profiling_test.go
@@ -0,0 +1,120 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"archive/zip"
+	"bytes"
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestStartProfiling(t *testing.T) {
+	testAsser := assert.New(t)
+
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "start/stop profiling",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			files := map[string]bool{
+				"profile-127.0.0.1:9000-goroutines.txt":                false,
+				"profile-127.0.0.1:9000-goroutines-before.txt":         false,
+				"profile-127.0.0.1:9000-goroutines-before,debug=2.txt": false,
+				"profile-127.0.0.1:9000-threads-before.pprof":          false,
+				"profile-127.0.0.1:9000-mem.pprof":                     false,
+				"profile-127.0.0.1:9000-threads.pprof":                 false,
+				"profile-127.0.0.1:9000-cpu.pprof":                     false,
+				"profile-127.0.0.1:9000-mem-before.pprof":              false,
+				"profile-127.0.0.1:9000-block.pprof":                   false,
+				"profile-127.0.0.1:9000-trace.trace":                   false,
+				"profile-127.0.0.1:9000-mutex.pprof":                   false,
+				"profile-127.0.0.1:9000-mutex-before.pprof":            false,
+			}
+
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			destination := "/api/v1/profiling/start"
+			finalURL := fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err := http.NewRequest("POST", finalURL, strings.NewReader("{\"type\":\"cpu,mem,block,mutex,trace,threads,goroutines\"}"))
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err := client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(201, response.StatusCode)
+
+			time.Sleep(5 * time.Second)
+
+			destination = "/api/v1/profiling/stop"
+			finalURL = fmt.Sprintf("http://localhost:9090%s", destination)
+			request, err = http.NewRequest("POST", finalURL, nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+
+			response, err = client.Do(request)
+
+			testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			testAsser.Equal(200, response.StatusCode)
+			zipFileBytes, err := io.ReadAll(response.Body)
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+			filetype := http.DetectContentType(zipFileBytes)
+			testAsser.Equal("application/zip", filetype)
+
+			zipReader, err := zip.NewReader(bytes.NewReader(zipFileBytes), int64(len(zipFileBytes)))
+			if err != nil {
+				testAsser.Nil(err, fmt.Sprintf("%s returned an error: %v", tt.name, err))
+			}
+
+			// Read all the files from zip archive
+			for _, zipFile := range zipReader.File {
+				files[zipFile.Name] = true
+			}
+
+			for k, v := range files {
+				testAsser.Equal(true, v, fmt.Sprintf("%s : compressed file expected to have %v file inside", tt.name, k))
+			}
+		})
+	}
+}
--- a/integration/service_account_test.go
+++ b/integration/service_account_test.go
@@ -18,6 +18,7 @@ package integration

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"log"
@@ -74,7 +75,8 @@ func TestAddServiceAccount(t *testing.T) {
 		assert.Equal(201, response.StatusCode, "Status Code is incorrect")
 	}

-	requestDataPolicy := map[string]interface{}{"policy": `
+	requestDataPolicy := map[string]interface{}{
+		"policy": `
  {
  "Version": "2012-10-17",
  "Statement": [
@@ -94,7 +96,7 @@ func TestAddServiceAccount(t *testing.T) {
 	requestDataJSON, _ = json.Marshal(requestDataPolicy)
 	requestDataBody = bytes.NewReader(requestDataJSON)
 	request, err = http.NewRequest(
-		"PUT", "http://localhost:9090/api/v1/service-accounts/testuser1/policy", requestDataBody)
+		"PUT", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", requestDataBody)
 	if err != nil {
 		log.Println(err)
 		return
@@ -113,7 +115,7 @@ func TestAddServiceAccount(t *testing.T) {

 	// Test policy
 	request, err = http.NewRequest(
-		"GET", "http://localhost:9090/api/v1/service-accounts/testuser1/policy", nil)
+		"GET", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", nil)
 	if err != nil {
 		log.Println(err)
 		return
@@ -145,7 +147,7 @@ func TestAddServiceAccount(t *testing.T) {
 	// {{baseUrl}}/user?name=proident velit
 	// Investiga como se borra en el browser.
 	request, err = http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/service-accounts/testuser1", nil)
+		"DELETE", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1")), nil)
 	if err != nil {
 		log.Println(err)
 		return
@@ -161,7 +163,6 @@ func TestAddServiceAccount(t *testing.T) {
 		fmt.Println("DELETE StatusCode:", response.StatusCode)
 		assert.Equal(204, response.StatusCode, "has to be 204 when delete user")
 	}
-
 }

 func Test_ServiceAccountsAPI(t *testing.T) {
@@ -238,7 +239,6 @@ func Test_ServiceAccountsAPI(t *testing.T) {

 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-
 			client := &http.Client{
 				Timeout: 3 * time.Second,
 			}
@@ -268,10 +268,8 @@ func Test_ServiceAccountsAPI(t *testing.T) {
 			if response != nil {
 				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
 			}
-
 		})
 	}
-
 }

 func DeleteMultipleServiceAccounts(serviceAccounts []string) (*http.Response, error) {
@@ -310,9 +308,9 @@ func TestCreateServiceAccountForUserWithCredentials(t *testing.T) {
 	serviceAccountLengthInBytes := 40 // As observed, update as needed

 	// 1. Create the user
-	var groups = []string{}
-	var policies = []string{}
-	var secretKey = "testcreateserviceaccountforuserwithcrede"
+	groups := []string{}
+	policies := []string{}
+	secretKey := "testcreateserviceaccountforuserwithcrede"
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -405,5 +403,4 @@ func TestCreateServiceAccountForUserWithCredentials(t *testing.T) {
 			inspectHTTPResponse(response),
 		)
 	}
-
 }
--- a/integration/tiers_test.go
+++ b/integration/tiers_test.go
@@ -27,7 +27,6 @@ import (
 )

 func TestTiersList(t *testing.T) {
-
 	assert := assert.New(t)

 	// image for now:
@@ -51,5 +50,4 @@ func TestTiersList(t *testing.T) {
 	assert.NotNil(response, "Tiers List response is nil")
 	assert.Nil(err, "Tiers List errored out")
 	assert.Equal(response.StatusCode, 200)
-
 }
--- a/integration/user_api_bucket_test.go
+++ b/integration/user_api_bucket_test.go
--- a/integration/users_test.go
+++ b/integration/users_test.go
@@ -18,6 +18,7 @@ package integration

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -31,7 +32,7 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func AddUser(accessKey string, secretKey string, groups []string, policies []string) (*http.Response, error) {
+func AddUser(accessKey, secretKey string, groups, policies []string) (*http.Response, error) {
 	/*
 		This is an atomic function to add user and can be reused across
 		different functions.
@@ -62,6 +63,7 @@ func AddUser(accessKey string, secretKey string, groups []string, policies []str
 }

 func DeleteUser(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		This is an atomic function to delete user and can be reused across
 		different functions.
@@ -70,7 +72,7 @@ func DeleteUser(userName string) (*http.Response, error) {
 		Timeout: 3 * time.Second,
 	}
 	request, err := http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/user?name="+userName, nil)
+		"DELETE", "http://localhost:9090/api/v1/user/"+userName, nil)
 	if err != nil {
 		log.Println(err)
 	}
@@ -80,7 +82,7 @@ func DeleteUser(userName string) (*http.Response, error) {
 	return response, err
 }

-func ListUsers(offset string, limit string) (*http.Response, error) {
+func ListUsers(offset, limit string) (*http.Response, error) {
 	/*
 		This is an atomic function to list users.
 		{{baseUrl}}/users?offset=-5480083&limit=-5480083
@@ -102,6 +104,7 @@ func ListUsers(offset string, limit string) (*http.Response, error) {
 }

 func GetUserInformation(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to get user information via API:
 		{{baseUrl}}/user?name=proident velit
@@ -111,7 +114,7 @@ func GetUserInformation(userName string) (*http.Response, error) {
 	}
 	request, err := http.NewRequest(
 		"GET",
-		"http://localhost:9090/api/v1/user?name="+userName,
+		"http://localhost:9090/api/v1/user/"+userName,
 		nil)
 	if err != nil {
 		log.Println(err)
@@ -122,7 +125,8 @@ func GetUserInformation(userName string) (*http.Response, error) {
 	return response, err
 }

-func UpdateUserInformation(name string, status string, groups []string) (*http.Response, error) {
+func UpdateUserInformation(name, status string, groups []string) (*http.Response, error) {
+	name = base64.StdEncoding.EncodeToString([]byte(name))
 	/*
 		Helper function to update user information:
 		PUT: {{baseUrl}}/user?name=proident velit
@@ -145,7 +149,7 @@ func UpdateUserInformation(name string, status string, groups []string) (*http.R
 	requestDataJSON, _ := json.Marshal(requestDataAdd)
 	requestDataBody := bytes.NewReader(requestDataJSON)
 	request, err := http.NewRequest(
-		"PUT", "http://localhost:9090/api/v1/user?name="+name, requestDataBody)
+		"PUT", "http://localhost:9090/api/v1/user/"+name, requestDataBody)
 	if err != nil {
 		log.Println(err)
 	}
@@ -156,6 +160,7 @@ func UpdateUserInformation(name string, status string, groups []string) (*http.R
 }

 func RemoveUser(name string) (*http.Response, error) {
+	name = base64.StdEncoding.EncodeToString([]byte(name))
 	/*
 		Helper function to remove user.
 		DELETE: {{baseUrl}}/user?name=proident velit
@@ -164,7 +169,7 @@ func RemoveUser(name string) (*http.Response, error) {
 		Timeout: 3 * time.Second,
 	}
 	request, err := http.NewRequest(
-		"DELETE", "http://localhost:9090/api/v1/user?name="+name, nil)
+		"DELETE", "http://localhost:9090/api/v1/user/"+name, nil)
 	if err != nil {
 		log.Println(err)
 	}
@@ -175,6 +180,7 @@ func RemoveUser(name string) (*http.Response, error) {
 }

 func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to update groups for a user
 		PUT: {{baseUrl}}/user/groups?name=username
@@ -195,7 +201,7 @@ func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, err
 	requestDataBody := bytes.NewReader(requestDataJSON)
 	request, err := http.NewRequest(
 		"PUT",
-		"http://localhost:9090/api/v1/user/groups?name="+userName,
+		"http://localhost:9090/api/v1/user/"+userName+"/groups",
 		requestDataBody,
 	)
 	if err != nil {
@@ -207,7 +213,8 @@ func UpdateGroupsForAUser(userName string, groups []string) (*http.Response, err
 	return response, err
 }

-func CreateServiceAccountForUser(userName string, policy string) (*http.Response, error) {
+func CreateServiceAccountForUser(userName, policy string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to Create Service Account for user
 		POST: api/v1/user/username/service-accounts
@@ -237,7 +244,8 @@ func CreateServiceAccountForUser(userName string, policy string) (*http.Response
 	return response, err
 }

-func CreateServiceAccountForUserWithCredentials(userName string, policy string, accessKey string, secretKey string) (*http.Response, error) {
+func CreateServiceAccountForUserWithCredentials(userName, policy, accessKey, secretKey string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	// Helper function to test "Create Service Account for User With Credentials" end point.
 	client := &http.Client{
 		Timeout: 3 * time.Second,
@@ -264,6 +272,7 @@ func CreateServiceAccountForUserWithCredentials(userName string, policy string,
 }

 func ReturnsAListOfServiceAccountsForAUser(userName string) (*http.Response, error) {
+	userName = base64.StdEncoding.EncodeToString([]byte(userName))
 	/*
 		Helper function to return a list of service accounts for a user.
 		GET: {{baseUrl}}/user/:name/service-accounts
@@ -312,7 +321,7 @@ func AddGroup(group string, members []string) (*http.Response, error) {
 	return response, err
 }

-func UsersGroupsBulk(users []string, groups []string) (*http.Response, error) {
+func UsersGroupsBulk(users, groups []string) (*http.Response, error) {
 	/*
 		Helper function to test Bulk functionality to Add Users to Groups.
 		PUT: {{baseUrl}}/users-groups-bulk
@@ -363,8 +372,8 @@ func TestAddUser(t *testing.T) {
 	assert := assert.New(t)

 	// With no groups & no policies
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser("accessKey", "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -384,7 +393,6 @@ func TestAddUser(t *testing.T) {
 		fmt.Println("DELETE StatusCode:", response.StatusCode)
 		assert.Equal(204, response.StatusCode, "has to be 204 when delete user")
 	}
-
 }

 func TestListUsers(t *testing.T) {
@@ -398,8 +406,8 @@ func TestListUsers(t *testing.T) {
 	assert := assert.New(t)

 	// With no groups & no policies
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}

 	// 1. Create the users
 	numberOfUsers := 5
@@ -454,7 +462,6 @@ func TestListUsers(t *testing.T) {
 				response.StatusCode, "has to be 204 when delete user")
 		}
 	}
-
 }

 func TestGetUserInfo(t *testing.T) {
@@ -465,8 +472,8 @@ func TestGetUserInfo(t *testing.T) {
 	// 1. Create the user
 	fmt.Println("TestGetUserInfo(): 1. Create the user")
 	assert := assert.New(t)
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser("accessKey", "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -500,7 +507,6 @@ func TestGetUserInfo(t *testing.T) {
 	expected := "{\"accessKey\":\"accessKey\",\"memberOf\":null,\"policy\":[],\"status\":\"enabled\"}\n"
 	obtained := string(b)
 	assert.Equal(expected, obtained, "User Information is wrong")
-
 }

 func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
@@ -511,8 +517,8 @@ func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"updateuser", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -545,7 +551,6 @@ func TestUpdateUserInfoSuccessfulResponse(t *testing.T) {
 		log.Fatalln(err)
 	}
 	assert.True(strings.Contains(string(b), "disabled"))
-
 }

 func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
@@ -556,8 +561,8 @@ func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"updateusererror", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -590,7 +595,6 @@ func TestUpdateUserInfoGenericErrorResponse(t *testing.T) {
 		log.Fatalln(err)
 	}
 	assert.True(strings.Contains(string(b), "status not valid"))
-
 }

 func TestRemoveUserSuccessfulResponse(t *testing.T) {
@@ -601,8 +605,8 @@ func TestRemoveUserSuccessfulResponse(t *testing.T) {
 	assert := assert.New(t)

 	// 1. Create an active user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	addUserResponse, addUserError := AddUser(
 		"testremoveuser1", "secretKey", groups, policies)
 	if addUserError != nil {
@@ -644,7 +648,6 @@ func TestRemoveUserSuccessfulResponse(t *testing.T) {
 	fmt.Println(finalResponse)
 	assert.True(strings.Contains(
 		finalResponse, "The specified user does not exist"), finalResponse)
-
 }

 func TestUpdateGroupsForAUser(t *testing.T) {
@@ -657,8 +660,8 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 	groupName := "updategroupforausergroup"
 	userName := "updategroupsforauser1"
 	assert := assert.New(t)
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -670,7 +673,7 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 	}

 	// 2. Update the groups of the created user with newGroups
-	var newGroups = make([]string, 3)
+	newGroups := make([]string, 3)
 	for i := 0; i < numberOfGroups; i++ {
 		newGroups[i] = groupName + strconv.Itoa(i)
 	}
@@ -701,7 +704,6 @@ func TestUpdateGroupsForAUser(t *testing.T) {
 		assert.True(strings.Contains(
 			finalResponse, groupName+strconv.Itoa(i)), finalResponse)
 	}
-
 }

 func TestCreateServiceAccountForUser(t *testing.T) {
@@ -716,8 +718,8 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 	serviceAccountLengthInBytes := 40 // As observed, update as needed

 	// 1. Create the user
-	var groups = []string{}
-	var policies = []string{}
+	groups := []string{}
+	policies := []string{}
 	response, err := AddUser(userName, "secretKey", groups, policies)
 	if err != nil {
 		log.Println(err)
@@ -747,8 +749,10 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 	}

 	// 3. Verify the service account for the user
-	listOfAccountsResponse,
-		listOfAccountsError := ReturnsAListOfServiceAccountsForAUser(userName)
+	listOfAccountsResponse, listOfAccountsError := ReturnsAListOfServiceAccountsForAUser(userName)
+
+	fmt.Println(listOfAccountsResponse, listOfAccountsError)
+
 	if listOfAccountsError != nil {
 		log.Println(listOfAccountsError)
 		assert.Fail("Error in listOfAccountsError")
@@ -761,8 +765,8 @@ func TestCreateServiceAccountForUser(t *testing.T) {
 			finalResponse,
 		)
 	}
-	assert.Equal(len(finalResponse), serviceAccountLengthInBytes, finalResponse)

+	assert.Equal(len(finalResponse), serviceAccountLengthInBytes, finalResponse)
 }

 func TestUsersGroupsBulk(t *testing.T) {
@@ -774,11 +778,11 @@ func TestUsersGroupsBulk(t *testing.T) {
 	assert := assert.New(t)
 	numberOfUsers := 5
 	numberOfGroups := 1
-	//var groups = []string{}
-	var policies = []string{}
+	// var groups = []string{}
+	policies := []string{}
 	username := "testusersgroupbulk"
 	groupName := "testusersgroupsbulkgroupone"
-	var members = []string{}
+	members := []string{}
 	users := make([]string, numberOfUsers)
 	groups := make([]string, numberOfGroups)

@@ -850,7 +854,69 @@ func TestUsersGroupsBulk(t *testing.T) {
 			assert.Equal(200, responseGetUserInfo.StatusCode, finalResponse)
 		}
 		// Make sure the user belongs to the created group
-		assert.True(strings.Contains(string(finalResponse), groupName))
+		assert.True(strings.Contains(finalResponse, groupName))
+	}
+}
+
+func Test_GetUserPolicyAPI(t *testing.T) {
+	assert := assert.New(t)
+
+	// 1. Create an active user with valid policy
+	groups := []string{}
+	policies := []string{"readwrite"}
+	addUserResponse, addUserError := AddUser(
+		"getpolicyuser", "secretKey", groups, policies)
+	if addUserError != nil {
+		log.Println(addUserError)
+		return
+	}
+	if addUserResponse != nil {
+		fmt.Println("StatusCode:", addUserResponse.StatusCode)
+		assert.Equal(
+			201, addUserResponse.StatusCode, "Status Code is incorrect")
 	}

+	type args struct {
+		api string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		expectedStatus int
+		expectedError  error
+	}{
+		{
+			name: "Get User Policies",
+			args: args{
+				api: "/user/policy",
+			},
+			expectedStatus: 200,
+			expectedError:  nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			client := &http.Client{
+				Timeout: 3 * time.Second,
+			}
+
+			request, err := http.NewRequest(
+				"GET", fmt.Sprintf("http://localhost:9090/api/v1%s", tt.args.api), nil)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+			request.Header.Add("Content-Type", "application/json")
+			response, err := client.Do(request)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if response != nil {
+				assert.Equal(tt.expectedStatus, response.StatusCode, tt.name+" Failed")
+			}
+		})
+	}
 }
--- a/integration/version_test.go
+++ b/integration/version_test.go
@@ -68,8 +68,6 @@ func Test_VersionAPI(t *testing.T) {
 			if response != nil {
 				assert.Equal(tt.expectedStatus, response.StatusCode, "Status Code is incorrect")
 			}
-
 		})
 	}
-
 }
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: 'minio/console:v0.16.0'
+          image: 'minio/console:v0.18.1'
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_OPERATOR_MODE
--- a/k8s/operator-console/standalone/console-deployment.yaml
+++ b/k8s/operator-console/standalone/console-deployment.yaml
@@ -32,7 +32,7 @@ spec:
    spec:
      containers:
        - name: console
-          image: 'minio/console:v0.16.0'
+          image: 'minio/console:v0.18.1'
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_MINIO_SERVER
--- a/models/a_user_policy_response.go
+++ b/models/a_user_policy_response.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AUserPolicyResponse a user policy response
+//
+// swagger:model aUserPolicyResponse
+type AUserPolicyResponse struct {
+
+	// policy
+	Policy string `json:"policy,omitempty"`
+}
+
+// Validate validates this a user policy response
+func (m *AUserPolicyResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this a user policy response based on context it is used
+func (m *AUserPolicyResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AUserPolicyResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AUserPolicyResponse) UnmarshalBinary(b []byte) error {
+	var res AUserPolicyResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/condition.go
+++ b/models/condition.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Condition condition
+//
+// swagger:model condition
+type Condition struct {
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// type
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this condition
+func (m *Condition) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this condition based on context it is used
+func (m *Condition) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Condition) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Condition) UnmarshalBinary(b []byte) error {
+	var res Condition
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/config_map.go
+++ b/models/config_map.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ConfigMap config map
+//
+// swagger:model configMap
+type ConfigMap struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// optional
+	Optional bool `json:"optional,omitempty"`
+}
+
+// Validate validates this config map
+func (m *ConfigMap) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this config map based on context it is used
+func (m *ConfigMap) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ConfigMap) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ConfigMap) UnmarshalBinary(b []byte) error {
+	var res ConfigMap
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/container.go
+++ b/models/container.go
@@ -0,0 +1,309 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Container container
+//
+// swagger:model container
+type Container struct {
+
+	// args
+	Args []string `json:"args"`
+
+	// container ID
+	ContainerID string `json:"containerID,omitempty"`
+
+	// environment variables
+	EnvironmentVariables []*EnvironmentVariable `json:"environmentVariables"`
+
+	// host ports
+	HostPorts []string `json:"hostPorts"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// image ID
+	ImageID string `json:"imageID,omitempty"`
+
+	// last state
+	LastState *State `json:"lastState,omitempty"`
+
+	// mounts
+	Mounts []*Mount `json:"mounts"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// ports
+	Ports []string `json:"ports"`
+
+	// ready
+	Ready bool `json:"ready,omitempty"`
+
+	// restart count
+	RestartCount int64 `json:"restartCount,omitempty"`
+
+	// state
+	State *State `json:"state,omitempty"`
+}
+
+// Validate validates this container
+func (m *Container) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEnvironmentVariables(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLastState(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMounts(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateState(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Container) validateEnvironmentVariables(formats strfmt.Registry) error {
+	if swag.IsZero(m.EnvironmentVariables) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.EnvironmentVariables); i++ {
+		if swag.IsZero(m.EnvironmentVariables[i]) { // not required
+			continue
+		}
+
+		if m.EnvironmentVariables[i] != nil {
+			if err := m.EnvironmentVariables[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) validateLastState(formats strfmt.Registry) error {
+	if swag.IsZero(m.LastState) { // not required
+		return nil
+	}
+
+	if m.LastState != nil {
+		if err := m.LastState.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("lastState")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("lastState")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Container) validateMounts(formats strfmt.Registry) error {
+	if swag.IsZero(m.Mounts) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Mounts); i++ {
+		if swag.IsZero(m.Mounts[i]) { // not required
+			continue
+		}
+
+		if m.Mounts[i] != nil {
+			if err := m.Mounts[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("mounts" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("mounts" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) validateState(formats strfmt.Registry) error {
+	if swag.IsZero(m.State) { // not required
+		return nil
+	}
+
+	if m.State != nil {
+		if err := m.State.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("state")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("state")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this container based on the context it is used
+func (m *Container) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateEnvironmentVariables(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLastState(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateMounts(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateState(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Container) contextValidateEnvironmentVariables(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.EnvironmentVariables); i++ {
+
+		if m.EnvironmentVariables[i] != nil {
+			if err := m.EnvironmentVariables[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("environmentVariables" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateLastState(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.LastState != nil {
+		if err := m.LastState.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("lastState")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("lastState")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateMounts(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Mounts); i++ {
+
+		if m.Mounts[i] != nil {
+			if err := m.Mounts[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("mounts" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("mounts" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *Container) contextValidateState(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.State != nil {
+		if err := m.State.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("state")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("state")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Container) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Container) UnmarshalBinary(b []byte) error {
+	var res Container
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/csr_element.go
+++ b/models/csr_element.go
@@ -0,0 +1,154 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CsrElement csr element
+//
+// swagger:model csrElement
+type CsrElement struct {
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// deletion grace period seconds
+	DeletionGracePeriodSeconds int64 `json:"deletion_grace_period_seconds,omitempty"`
+
+	// generate name
+	GenerateName string `json:"generate_name,omitempty"`
+
+	// generation
+	Generation int64 `json:"generation,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// resource version
+	ResourceVersion string `json:"resource_version,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+}
+
+// Validate validates this csr element
+func (m *CsrElement) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElement) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this csr element based on the context it is used
+func (m *CsrElement) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElement) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsrElement) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsrElement) UnmarshalBinary(b []byte) error {
+	var res CsrElement
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/csr_elements.go
+++ b/models/csr_elements.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CsrElements csr elements
+//
+// swagger:model csrElements
+type CsrElements struct {
+
+	// csr element
+	CsrElement []*CsrElement `json:"csrElement"`
+}
+
+// Validate validates this csr elements
+func (m *CsrElements) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCsrElement(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElements) validateCsrElement(formats strfmt.Registry) error {
+	if swag.IsZero(m.CsrElement) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.CsrElement); i++ {
+		if swag.IsZero(m.CsrElement[i]) { // not required
+			continue
+		}
+
+		if m.CsrElement[i] != nil {
+			if err := m.CsrElement[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("csrElement" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("csrElement" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this csr elements based on the context it is used
+func (m *CsrElements) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateCsrElement(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CsrElements) contextValidateCsrElement(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.CsrElement); i++ {
+
+		if m.CsrElement[i] != nil {
+			if err := m.CsrElement[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("csrElement" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("csrElement" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsrElements) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsrElements) UnmarshalBinary(b []byte) error {
+	var res CsrElements
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/describe_p_v_c_wrapper.go
+++ b/models/describe_p_v_c_wrapper.go
@@ -0,0 +1,217 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DescribePVCWrapper describe p v c wrapper
+//
+// swagger:model describePVCWrapper
+type DescribePVCWrapper struct {
+
+	// access modes
+	AccessModes []string `json:"accessModes"`
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// capacity
+	Capacity string `json:"capacity,omitempty"`
+
+	// finalizers
+	Finalizers []string `json:"finalizers"`
+
+	// labels
+	Labels []*Label `json:"labels"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// volume
+	Volume string `json:"volume,omitempty"`
+
+	// volume mode
+	VolumeMode string `json:"volumeMode,omitempty"`
+}
+
+// Validate validates this describe p v c wrapper
+func (m *DescribePVCWrapper) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLabels(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePVCWrapper) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePVCWrapper) validateLabels(formats strfmt.Registry) error {
+	if swag.IsZero(m.Labels) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Labels); i++ {
+		if swag.IsZero(m.Labels[i]) { // not required
+			continue
+		}
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this describe p v c wrapper based on the context it is used
+func (m *DescribePVCWrapper) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLabels(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePVCWrapper) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePVCWrapper) contextValidateLabels(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Labels); i++ {
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DescribePVCWrapper) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DescribePVCWrapper) UnmarshalBinary(b []byte) error {
+	var res DescribePVCWrapper
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/describe_pod_wrapper.go
+++ b/models/describe_pod_wrapper.go
@@ -0,0 +1,517 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DescribePodWrapper describe pod wrapper
+//
+// swagger:model describePodWrapper
+type DescribePodWrapper struct {
+
+	// annotations
+	Annotations []*Annotation `json:"annotations"`
+
+	// conditions
+	Conditions []*Condition `json:"conditions"`
+
+	// containers
+	Containers []*Container `json:"containers"`
+
+	// controller ref
+	ControllerRef string `json:"controllerRef,omitempty"`
+
+	// deletion grace period seconds
+	DeletionGracePeriodSeconds int64 `json:"deletionGracePeriodSeconds,omitempty"`
+
+	// deletion timestamp
+	DeletionTimestamp string `json:"deletionTimestamp,omitempty"`
+
+	// labels
+	Labels []*Label `json:"labels"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// node name
+	NodeName string `json:"nodeName,omitempty"`
+
+	// node selector
+	NodeSelector []*NodeSelector `json:"nodeSelector"`
+
+	// phase
+	Phase string `json:"phase,omitempty"`
+
+	// pod IP
+	PodIP string `json:"podIP,omitempty"`
+
+	// priority
+	Priority int64 `json:"priority,omitempty"`
+
+	// priority class name
+	PriorityClassName string `json:"priorityClassName,omitempty"`
+
+	// qos class
+	QosClass string `json:"qosClass,omitempty"`
+
+	// reason
+	Reason string `json:"reason,omitempty"`
+
+	// start time
+	StartTime string `json:"startTime,omitempty"`
+
+	// tolerations
+	Tolerations []*Toleration `json:"tolerations"`
+
+	// volumes
+	Volumes []*Volume `json:"volumes"`
+}
+
+// Validate validates this describe pod wrapper
+func (m *DescribePodWrapper) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAnnotations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateConditions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateContainers(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLabels(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNodeSelector(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTolerations(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVolumes(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePodWrapper) validateAnnotations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Annotations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Annotations); i++ {
+		if swag.IsZero(m.Annotations[i]) { // not required
+			continue
+		}
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateConditions(formats strfmt.Registry) error {
+	if swag.IsZero(m.Conditions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Conditions); i++ {
+		if swag.IsZero(m.Conditions[i]) { // not required
+			continue
+		}
+
+		if m.Conditions[i] != nil {
+			if err := m.Conditions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("conditions" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("conditions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateContainers(formats strfmt.Registry) error {
+	if swag.IsZero(m.Containers) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Containers); i++ {
+		if swag.IsZero(m.Containers[i]) { // not required
+			continue
+		}
+
+		if m.Containers[i] != nil {
+			if err := m.Containers[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("containers" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("containers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateLabels(formats strfmt.Registry) error {
+	if swag.IsZero(m.Labels) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Labels); i++ {
+		if swag.IsZero(m.Labels[i]) { // not required
+			continue
+		}
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateNodeSelector(formats strfmt.Registry) error {
+	if swag.IsZero(m.NodeSelector) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.NodeSelector); i++ {
+		if swag.IsZero(m.NodeSelector[i]) { // not required
+			continue
+		}
+
+		if m.NodeSelector[i] != nil {
+			if err := m.NodeSelector[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateTolerations(formats strfmt.Registry) error {
+	if swag.IsZero(m.Tolerations) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Tolerations); i++ {
+		if swag.IsZero(m.Tolerations[i]) { // not required
+			continue
+		}
+
+		if m.Tolerations[i] != nil {
+			if err := m.Tolerations[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) validateVolumes(formats strfmt.Registry) error {
+	if swag.IsZero(m.Volumes) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Volumes); i++ {
+		if swag.IsZero(m.Volumes[i]) { // not required
+			continue
+		}
+
+		if m.Volumes[i] != nil {
+			if err := m.Volumes[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("volumes" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("volumes" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this describe pod wrapper based on the context it is used
+func (m *DescribePodWrapper) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAnnotations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateConditions(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateContainers(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateLabels(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateNodeSelector(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateTolerations(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateVolumes(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateAnnotations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Annotations); i++ {
+
+		if m.Annotations[i] != nil {
+			if err := m.Annotations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("annotations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("annotations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateConditions(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Conditions); i++ {
+
+		if m.Conditions[i] != nil {
+			if err := m.Conditions[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("conditions" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("conditions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateContainers(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Containers); i++ {
+
+		if m.Containers[i] != nil {
+			if err := m.Containers[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("containers" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("containers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateLabels(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Labels); i++ {
+
+		if m.Labels[i] != nil {
+			if err := m.Labels[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("labels" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("labels" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateNodeSelector(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.NodeSelector); i++ {
+
+		if m.NodeSelector[i] != nil {
+			if err := m.NodeSelector[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("nodeSelector" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateTolerations(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Tolerations); i++ {
+
+		if m.Tolerations[i] != nil {
+			if err := m.Tolerations[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("tolerations" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *DescribePodWrapper) contextValidateVolumes(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Volumes); i++ {
+
+		if m.Volumes[i] != nil {
+			if err := m.Volumes[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("volumes" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("volumes" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DescribePodWrapper) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DescribePodWrapper) UnmarshalBinary(b []byte) error {
+	var res DescribePodWrapper
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/environment_variable.go
+++ b/models/environment_variable.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EnvironmentVariable environment variable
+//
+// swagger:model environmentVariable
+type EnvironmentVariable struct {
+
+	// key
+	Key string `json:"key,omitempty"`
+
+	// value
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this environment variable
+func (m *EnvironmentVariable) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this environment variable based on context it is used
+func (m *EnvironmentVariable) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *EnvironmentVariable) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *EnvironmentVariable) UnmarshalBinary(b []byte) error {
+	var res EnvironmentVariable
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/mount.go
+++ b/models/mount.go
@@ -0,0 +1,76 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Mount mount
+//
+// swagger:model mount
+type Mount struct {
+
+	// mount path
+	MountPath string `json:"mountPath,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// read only
+	ReadOnly bool `json:"readOnly,omitempty"`
+
+	// sub path
+	SubPath string `json:"subPath,omitempty"`
+}
+
+// Validate validates this mount
+func (m *Mount) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this mount based on context it is used
+func (m *Mount) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Mount) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Mount) UnmarshalBinary(b []byte) error {
+	var res Mount
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/permission_resource.go
+++ b/models/permission_resource.go
@@ -0,0 +1,73 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PermissionResource permission resource
+//
+// swagger:model permissionResource
+type PermissionResource struct {
+
+	// condition operator
+	ConditionOperator string `json:"conditionOperator,omitempty"`
+
+	// prefixes
+	Prefixes []string `json:"prefixes"`
+
+	// resource
+	Resource string `json:"resource,omitempty"`
+}
+
+// Validate validates this permission resource
+func (m *PermissionResource) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this permission resource based on context it is used
+func (m *PermissionResource) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PermissionResource) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PermissionResource) UnmarshalBinary(b []byte) error {
+	var res PermissionResource
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/projected_volume.go
+++ b/models/projected_volume.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ProjectedVolume projected volume
+//
+// swagger:model projectedVolume
+type ProjectedVolume struct {
+
+	// sources
+	Sources []*ProjectedVolumeSource `json:"sources"`
+}
+
+// Validate validates this projected volume
+func (m *ProjectedVolume) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSources(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolume) validateSources(formats strfmt.Registry) error {
+	if swag.IsZero(m.Sources) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Sources); i++ {
+		if swag.IsZero(m.Sources[i]) { // not required
+			continue
+		}
+
+		if m.Sources[i] != nil {
+			if err := m.Sources[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("sources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("sources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this projected volume based on the context it is used
+func (m *ProjectedVolume) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateSources(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolume) contextValidateSources(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Sources); i++ {
+
+		if m.Sources[i] != nil {
+			if err := m.Sources[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("sources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("sources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ProjectedVolume) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ProjectedVolume) UnmarshalBinary(b []byte) error {
+	var res ProjectedVolume
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/projected_volume_source.go
+++ b/models/projected_volume_source.go
@@ -0,0 +1,216 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ProjectedVolumeSource projected volume source
+//
+// swagger:model projectedVolumeSource
+type ProjectedVolumeSource struct {
+
+	// config map
+	ConfigMap *ConfigMap `json:"configMap,omitempty"`
+
+	// downward Api
+	DownwardAPI bool `json:"downwardApi,omitempty"`
+
+	// secret
+	Secret *Secret `json:"secret,omitempty"`
+
+	// service account token
+	ServiceAccountToken *ServiceAccountToken `json:"serviceAccountToken,omitempty"`
+}
+
+// Validate validates this projected volume source
+func (m *ProjectedVolumeSource) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConfigMap(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServiceAccountToken(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateConfigMap(formats strfmt.Registry) error {
+	if swag.IsZero(m.ConfigMap) { // not required
+		return nil
+	}
+
+	if m.ConfigMap != nil {
+		if err := m.ConfigMap.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configMap")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configMap")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateSecret(formats strfmt.Registry) error {
+	if swag.IsZero(m.Secret) { // not required
+		return nil
+	}
+
+	if m.Secret != nil {
+		if err := m.Secret.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secret")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("secret")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) validateServiceAccountToken(formats strfmt.Registry) error {
+	if swag.IsZero(m.ServiceAccountToken) { // not required
+		return nil
+	}
+
+	if m.ServiceAccountToken != nil {
+		if err := m.ServiceAccountToken.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("serviceAccountToken")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("serviceAccountToken")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this projected volume source based on the context it is used
+func (m *ProjectedVolumeSource) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateConfigMap(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateSecret(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateServiceAccountToken(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateConfigMap(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ConfigMap != nil {
+		if err := m.ConfigMap.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("configMap")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("configMap")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateSecret(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Secret != nil {
+		if err := m.Secret.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secret")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("secret")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ProjectedVolumeSource) contextValidateServiceAccountToken(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.ServiceAccountToken != nil {
+		if err := m.ServiceAccountToken.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("serviceAccountToken")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("serviceAccountToken")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ProjectedVolumeSource) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ProjectedVolumeSource) UnmarshalBinary(b []byte) error {
+	var res ProjectedVolumeSource
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/pvc.go
+++ b/models/pvc.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Pvc pvc
+//
+// swagger:model pvc
+type Pvc struct {
+
+	// claim name
+	ClaimName string `json:"claimName,omitempty"`
+
+	// read only
+	ReadOnly bool `json:"readOnly,omitempty"`
+}
+
+// Validate validates this pvc
+func (m *Pvc) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this pvc based on context it is used
+func (m *Pvc) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Pvc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Pvc) UnmarshalBinary(b []byte) error {
+	var res Pvc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/secret.go
+++ b/models/secret.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Secret secret
+//
+// swagger:model secret
+type Secret struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// optional
+	Optional bool `json:"optional,omitempty"`
+}
+
+// Validate validates this secret
+func (m *Secret) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this secret based on context it is used
+func (m *Secret) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Secret) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Secret) UnmarshalBinary(b []byte) error {
+	var res Secret
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/service_account_token.go
+++ b/models/service_account_token.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ServiceAccountToken service account token
+//
+// swagger:model serviceAccountToken
+type ServiceAccountToken struct {
+
+	// expiration seconds
+	ExpirationSeconds int64 `json:"expirationSeconds,omitempty"`
+}
+
+// Validate validates this service account token
+func (m *ServiceAccountToken) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this service account token based on context it is used
+func (m *ServiceAccountToken) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ServiceAccountToken) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ServiceAccountToken) UnmarshalBinary(b []byte) error {
+	var res ServiceAccountToken
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/session_response.go
+++ b/models/session_response.go
@@ -25,6 +25,7 @@ package models
 import (
 	"context"
 	"encoding/json"
+	"strconv"

 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
@@ -37,6 +38,9 @@ import (
 // swagger:model sessionResponse
 type SessionResponse struct {

+	// allow resources
+	AllowResources []*PermissionResource `json:"allowResources"`
+
 	// distributed mode
 	DistributedMode bool `json:"distributedMode,omitempty"`

@@ -58,6 +62,10 @@ type SessionResponse struct {
 func (m *SessionResponse) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateAllowResources(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateStatus(formats); err != nil {
 		res = append(res, err)
 	}
@@ -68,6 +76,32 @@ func (m *SessionResponse) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *SessionResponse) validateAllowResources(formats strfmt.Registry) error {
+	if swag.IsZero(m.AllowResources) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.AllowResources); i++ {
+		if swag.IsZero(m.AllowResources[i]) { // not required
+			continue
+		}
+
+		if m.AllowResources[i] != nil {
+			if err := m.AllowResources[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
 var sessionResponseTypeStatusPropEnum []interface{}

 func init() {
@@ -107,8 +141,37 @@ func (m *SessionResponse) validateStatus(formats strfmt.Registry) error {
 	return nil
 }

-// ContextValidate validates this session response based on context it is used
+// ContextValidate validate this session response based on the context it is used
 func (m *SessionResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateAllowResources(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SessionResponse) contextValidateAllowResources(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.AllowResources); i++ {
+
+		if m.AllowResources[i] != nil {
+			if err := m.AllowResources[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("allowResources" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
 	return nil
 }

--- a/models/state.go
+++ b/models/state.go
@@ -0,0 +1,85 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// State state
+//
+// swagger:model state
+type State struct {
+
+	// exit code
+	ExitCode int64 `json:"exitCode,omitempty"`
+
+	// finished
+	Finished string `json:"finished,omitempty"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// reason
+	Reason string `json:"reason,omitempty"`
+
+	// signal
+	Signal int64 `json:"signal,omitempty"`
+
+	// started
+	Started string `json:"started,omitempty"`
+
+	// state
+	State string `json:"state,omitempty"`
+}
+
+// Validate validates this state
+func (m *State) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this state based on context it is used
+func (m *State) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *State) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *State) UnmarshalBinary(b []byte) error {
+	var res State
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/toleration.go
+++ b/models/toleration.go
@@ -0,0 +1,79 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Toleration toleration
+//
+// swagger:model toleration
+type Toleration struct {
+
+	// effect
+	Effect string `json:"effect,omitempty"`
+
+	// key
+	Key string `json:"key,omitempty"`
+
+	// operator
+	Operator string `json:"operator,omitempty"`
+
+	// toleration seconds
+	TolerationSeconds int64 `json:"tolerationSeconds,omitempty"`
+
+	// value
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this toleration
+func (m *Toleration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this toleration based on context it is used
+func (m *Toleration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Toleration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Toleration) UnmarshalBinary(b []byte) error {
+	var res Toleration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/user_service_account_item.go
+++ b/models/user_service_account_item.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UserServiceAccountItem user service account item
+//
+// swagger:model userServiceAccountItem
+type UserServiceAccountItem struct {
+
+	// num s as
+	NumSAs int64 `json:"numSAs,omitempty"`
+
+	// user name
+	UserName string `json:"userName,omitempty"`
+}
+
+// Validate validates this user service account item
+func (m *UserServiceAccountItem) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this user service account item based on context it is used
+func (m *UserServiceAccountItem) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UserServiceAccountItem) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UserServiceAccountItem) UnmarshalBinary(b []byte) error {
+	var res UserServiceAccountItem
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/user_service_account_summary.go
+++ b/models/user_service_account_summary.go
@@ -0,0 +1,136 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UserServiceAccountSummary user service account summary
+//
+// swagger:model userServiceAccountSummary
+type UserServiceAccountSummary struct {
+
+	// has s a
+	HasSA bool `json:"hasSA,omitempty"`
+
+	// list of users with number of service accounts
+	UserServiceAccountList []*UserServiceAccountItem `json:"userServiceAccountList"`
+}
+
+// Validate validates this user service account summary
+func (m *UserServiceAccountSummary) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateUserServiceAccountList(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UserServiceAccountSummary) validateUserServiceAccountList(formats strfmt.Registry) error {
+	if swag.IsZero(m.UserServiceAccountList) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.UserServiceAccountList); i++ {
+		if swag.IsZero(m.UserServiceAccountList[i]) { // not required
+			continue
+		}
+
+		if m.UserServiceAccountList[i] != nil {
+			if err := m.UserServiceAccountList[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this user service account summary based on the context it is used
+func (m *UserServiceAccountSummary) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateUserServiceAccountList(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *UserServiceAccountSummary) contextValidateUserServiceAccountList(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.UserServiceAccountList); i++ {
+
+		if m.UserServiceAccountList[i] != nil {
+			if err := m.UserServiceAccountList[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				} else if ce, ok := err.(*errors.CompositeError); ok {
+					return ce.ValidateName("userServiceAccountList" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UserServiceAccountSummary) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UserServiceAccountSummary) UnmarshalBinary(b []byte) error {
+	var res UserServiceAccountSummary
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/volume.go
+++ b/models/volume.go
@@ -0,0 +1,170 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Volume volume
+//
+// swagger:model volume
+type Volume struct {
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// projected
+	Projected *ProjectedVolume `json:"projected,omitempty"`
+
+	// pvc
+	Pvc *Pvc `json:"pvc,omitempty"`
+}
+
+// Validate validates this volume
+func (m *Volume) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateProjected(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePvc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Volume) validateProjected(formats strfmt.Registry) error {
+	if swag.IsZero(m.Projected) { // not required
+		return nil
+	}
+
+	if m.Projected != nil {
+		if err := m.Projected.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("projected")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("projected")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Volume) validatePvc(formats strfmt.Registry) error {
+	if swag.IsZero(m.Pvc) { // not required
+		return nil
+	}
+
+	if m.Pvc != nil {
+		if err := m.Pvc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("pvc")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("pvc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this volume based on the context it is used
+func (m *Volume) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateProjected(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidatePvc(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Volume) contextValidateProjected(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Projected != nil {
+		if err := m.Projected.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("projected")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("projected")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Volume) contextValidatePvc(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Pvc != nil {
+		if err := m.Pvc.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("pvc")
+			} else if ce, ok := err.(*errors.CompositeError); ok {
+				return ce.ValidateName("pvc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Volume) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Volume) UnmarshalBinary(b []byte) error {
+	var res Volume
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/operator-integration/tenant_test.go
+++ b/operator-integration/tenant_test.go
@@ -39,7 +39,10 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-var token string
+var (
+	token string
+	jwt   string
+)

 func inspectHTTPResponse(httpResponse *http.Response) string {
 	/*
@@ -88,8 +91,7 @@ func printEndFunc(functionName string) {
 }

 func initConsoleServer() (*operatorapi.Server, error) {
-
-	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
+	// os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")

 	swaggerSpec, err := loads.Embedded(operatorapi.SwaggerJSON, operatorapi.FlatSwaggerJSON)
 	if err != nil {
@@ -127,51 +129,37 @@ func TestMain(m *testing.M) {
 	go func() {
 		fmt.Println("start server")
 		srv, err := initConsoleServer()
+		fmt.Println("Server has been started at this point")
 		if err != nil {
+			fmt.Println("There is an error in console server: ", err)
 			log.Println(err)
 			log.Println("init fail")
 			return
 		}
+		fmt.Println("Start serving with Serve() function")
 		srv.Serve()
-
+		fmt.Println("After Serve() function")
 	}()

 	fmt.Println("sleeping")
 	time.Sleep(2 * time.Second)
+	fmt.Println("after 2 seconds sleep")

-	client := &http.Client{
-		Timeout: 2 * time.Second,
-	}
+	fmt.Println("creating the client")

-	// kubectl to get token
-	app := "kubectl"
-	arg0 := "get"
-	arg1 := "serviceaccount"
-	arg2 := "console-sa"
-	arg3 := "--namespace"
-	arg4 := "minio-operator"
-	arg5 := "-o"
-	arg6 := "jsonpath=\"{.secrets[0].name}\""
-	cmd := exec.Command(app, arg0, arg1, arg2, arg3, arg4, arg5, arg6)
-	var out bytes.Buffer
-	var stderr bytes.Buffer
-	cmd.Stdout = &out
-	cmd.Stderr = &stderr
-	err := cmd.Run()
-	if err != nil {
-		fmt.Println(fmt.Sprint(err) + ": " + stderr.String())
-		return
-	}
-	secret := out.String() // "console-sa-token-kxdw2" <-- secret
+	// SA_TOKEN=$(kubectl -n minio-operator  get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
+	fmt.Println("Where we have the secret already: ")
 	app2 := "kubectl"
 	argu0 := "--namespace"
 	argu1 := "minio-operator"
 	argu2 := "get"
 	argu3 := "secret"
-	argu4 := secret[1 : len(secret)-1]
+	argu4 := "console-sa-secret"
 	argu5 := "-o"
 	argu6 := "jsonpath=\"{.data.token}\""
+	fmt.Println("Prior executing second command to get the token")
 	cmd2 := exec.Command(app2, argu0, argu1, argu2, argu3, argu4, argu5, argu6)
+	fmt.Println("after executing second command to get the token")
 	var out2 bytes.Buffer
 	var stderr2 bytes.Buffer
 	cmd2.Stdout = &out2
@@ -182,25 +170,12 @@ func TestMain(m *testing.M) {
 		return
 	}
 	secret2 := out2.String()
-	secret3 := decodeBase64(secret2[1 : len(secret2)-1])
-	requestData := map[string]string{
-		"jwt": secret3,
+	jwt := decodeBase64(secret2[1 : len(secret2)-1])
+	if jwt == "" {
+		fmt.Println("jwt cannot be empty string")
+		os.Exit(-1)
 	}
-
-	requestDataJSON, _ := json.Marshal(requestData)
-
-	requestDataBody := bytes.NewReader(requestDataJSON)
-
-	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login/operator", requestDataBody)
-	if err != nil {
-		log.Println(err)
-		return
-	}
-
-	request.Header.Add("Content-Type", "application/json")
-
-	response, err := client.Do(request)
-
+	response, err := LoginOperator()
 	if err != nil {
 		log.Println(err)
 		return
@@ -268,7 +243,7 @@ func TestListTenants(t *testing.T) {
 	}
 	TenantName := &result.Tenants[0].Name // The array has to be empty, no index accessible
 	fmt.Println(*TenantName)
-	assert.Equal("storage-lite", *TenantName, *TenantName)
+	assert.Equal("storage-kms-encrypted", *TenantName, *TenantName)
 	printEndFunc("TestListTenants")
 }

@@ -564,3 +539,332 @@ func TestGetPodEvents(t *testing.T) {
 			200, resp.StatusCode, "Status Code is incorrect")
 	}
 }
+
+func GetPodDescribe(nameSpace string, tenant string, podName string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/events
+		HTTP Verb: GET
+	*/
+	fmt.Println(nameSpace)
+	fmt.Println(tenant)
+	fmt.Println(podName)
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/pods/"+podName+"/describe", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetPodDescribe(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	podName := "storage-lite-pool-0-0"
+	resp, err := GetPodDescribe(namespace, tenant, podName)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	finalResponse := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, finalResponse)
+	}
+	/*if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, "Status Code is incorrect")
+	}*/
+}
+
+func GetCSR(nameSpace string, tenant string) (*http.Response, error) {
+	/*
+		Helper function to get events for pod
+		URL: /namespaces/{namespace}/tenants/{tenant}/csr
+		HTTP Verb: GET
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/csr/", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestGetCSR(t *testing.T) {
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	resp, err := GetCSR(namespace, tenant)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	finalResponse := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, finalResponse)
+	}
+	assert.Equal(strings.Contains(finalResponse, "Automatically approved by MinIO Operator"), true, finalResponse)
+}
+
+func TestGetMultipleCSRs(t *testing.T) {
+	/*
+		We can have multiple CSRs per tenant, the idea is to support them in our API and test them here, making sure we
+		can retrieve them all, as an example I found this tenant:
+		storage-kms-encrypted  -client  -tenant-kms-encrypted-csr
+		storage-kms-encrypted  -kes     -tenant-kms-encrypted-csr
+		storage-kms-encrypted           -tenant-kms-encrypted-csr
+		Notice the nomenclature of it:
+		<tenant-name>-<*>-<namespace>-csr
+		where * is anything either nothing or something, anything.
+	*/
+	assert := assert.New(t)
+	namespace := "tenant-kms-encrypted"
+	tenant := "storage-kms-encrypted"
+	resp, err := GetCSR(namespace, tenant)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	finalResponse := inspectHTTPResponse(resp)
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, finalResponse)
+	}
+	var expectedMessages [3]string
+	expectedMessages[0] = "storage-kms-encrypted-tenant-kms-encrypted-csr"
+	expectedMessages[1] = "storage-kms-encrypted-kes-tenant-kms-encrypted-csr"
+	expectedMessages[2] = "Automatically approved by MinIO Operator"
+	for _, element := range expectedMessages {
+		assert.Equal(strings.Contains(finalResponse, element), true)
+	}
+}
+
+func ListPVCsForTenant(nameSpace string, tenant string) (*http.Response, error) {
+	/*
+		URL: /namespaces/{namespace}/tenants/{tenant}/pvcs
+		HTTP Verb: GET
+	*/
+	request, err := http.NewRequest(
+		"GET", "http://localhost:9090/api/v1/namespaces/"+nameSpace+"/tenants/"+tenant+"/pvcs/", nil)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestListPVCsForTenant(t *testing.T) {
+	/*
+		Function to list and verify the Tenant's Persistent Volume Claims
+	*/
+	assert := assert.New(t)
+	namespace := "tenant-lite"
+	tenant := "storage-lite"
+	resp, err := ListPVCsForTenant(namespace, tenant)
+	bodyResponse := resp.Body
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if resp != nil {
+		assert.Equal(
+			200, resp.StatusCode, "failed")
+	}
+	bodyBytes, _ := ioutil.ReadAll(bodyResponse)
+	listObjs := models.ListPVCsResponse{}
+	err = json.Unmarshal(bodyBytes, &listObjs)
+	if err != nil {
+		log.Println(err)
+		assert.Nil(err)
+	}
+	var pvcArray [4]string
+	pvcArray[0] = "data0-storage-lite-pool-0-0"
+	pvcArray[1] = "data0-storage-lite-pool-0-1"
+	pvcArray[2] = "data0-storage-lite-pool-0-2"
+	pvcArray[3] = "data0-storage-lite-pool-0-3"
+	for i := 0; i < len(pvcArray); i++ {
+		assert.Equal(strings.Contains(listObjs.Pvcs[i].Name, pvcArray[i]), true)
+	}
+}
+
+func CreateNamespace(nameSpace string) (*http.Response, error) {
+	/*
+		Description: Creates a new Namespace with given information
+		URL: /namespace
+		HTTP Verb: POST
+	*/
+	requestDataAdd := map[string]interface{}{
+		"name": nameSpace,
+	}
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+	requestDataBody := bytes.NewReader(requestDataJSON)
+	request, err := http.NewRequest(
+		"POST",
+		"http://localhost:9090/api/v1/namespace/",
+		requestDataBody,
+	)
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestCreateNamespace(t *testing.T) {
+	/*
+		Function to Create a Namespace only once.
+	*/
+	assert := assert.New(t)
+	namespace := "new-namespace-thujun2208pm"
+	tests := []struct {
+		name           string
+		nameSpace      string
+		expectedStatus int
+	}{
+		{
+			name:           "Create Namespace for the first time",
+			expectedStatus: 201,
+			nameSpace:      namespace,
+		},
+		{
+			name:           "Create repeated namespace for second time",
+			expectedStatus: 500,
+			nameSpace:      namespace,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			resp, err := CreateNamespace(tt.nameSpace)
+			assert.Nil(err)
+			if err != nil {
+				log.Println(err)
+				return
+			}
+			if resp != nil {
+				assert.Equal(
+					tt.expectedStatus, resp.StatusCode, "failed")
+			} else {
+				assert.Fail("resp cannot be nil")
+			}
+		})
+	}
+}
+
+func LoginOperator() (*http.Response, error) {
+	/*
+		Description: Login to Operator Console.
+		URL: /login/operator
+		Params in the Body: jwt
+	*/
+	requestData := map[string]string{
+		"jwt": jwt,
+	}
+	fmt.Println("requestData: ", requestData)
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login/operator", requestDataBody)
+	if err != nil {
+		log.Println(err)
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func LogoutOperator() (*http.Response, error) {
+	/*
+		Description: Logout from Operator.
+		URL: /logout
+	*/
+	request, err := http.NewRequest(
+		"POST",
+		"http://localhost:9090/api/v1/logout",
+		nil,
+	)
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+	if err != nil {
+		log.Println(err)
+	}
+	request.Header.Add("Content-Type", "application/json")
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	response, err := client.Do(request)
+	return response, err
+}
+
+func TestLogout(t *testing.T) {
+	// Vars
+	assert := assert.New(t)
+
+	// 1. Logout
+	response, err := LogoutOperator()
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if response != nil {
+		assert.Equal(
+			200,
+			response.StatusCode,
+			inspectHTTPResponse(response),
+		)
+	}
+
+	// 2. Login to recover token
+	response, err = LoginOperator()
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	if response != nil {
+		for _, cookie := range response.Cookies() {
+			if cookie.Name == "token" {
+				token = cookie.Value
+				break
+			}
+		}
+	}
+
+	// Verify token
+	if token == "" {
+		assert.Fail("authentication token not found in cookies response")
+	}
+}
--- a/operatorapi/auth/operator.go
+++ b/operatorapi/auth/operator.go
@@ -18,15 +18,14 @@ package auth

 import (
 	"context"
-	"errors"
+
+	errors "github.com/minio/console/restapi"

 	"github.com/minio/console/cluster"
 	"github.com/minio/minio-go/v7/pkg/credentials"
 	operatorClientset "github.com/minio/operator/pkg/client/clientset/versioned"
 )

-var errInvalidCredentials = errors.New("invalid Login")
-
 // operatorCredentialsProvider is an struct to hold the JWT (service account token)
 type operatorCredentialsProvider struct {
 	serviceAccountJWT string
@@ -86,7 +85,7 @@ func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, err
 		client: opClientClientSet,
 	}
 	if err = checkServiceAccountTokenValid(ctx, opClient); err != nil {
-		return nil, errInvalidCredentials
+		return nil, errors.ErrInvalidLogin
 	}
 	return credentials.New(operatorCredentialsProvider{serviceAccountJWT: jwt}), nil
 }
--- a/operatorapi/config_test.go
+++ b/operatorapi/config_test.go
@@ -0,0 +1,98 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package operatorapi
+
+import (
+	"os"
+	"testing"
+)
+
+func Test_getK8sSAToken(t *testing.T) {
+	tests := []struct {
+		name string
+		want string
+		envs map[string]string
+	}{
+		{
+			name: "Missing file, empty",
+			want: "",
+			envs: nil,
+		},
+		{
+			name: "Missing file, return env",
+			want: "x",
+			envs: map[string]string{
+				ConsoleOperatorSAToken: "x",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.envs != nil {
+				for k, v := range tt.envs {
+					os.Setenv(k, v)
+				}
+			}
+			if got := getK8sSAToken(); got != tt.want {
+				t.Errorf("getK8sSAToken() = %v, want %v", got, tt.want)
+			}
+			if tt.envs != nil {
+				for k := range tt.envs {
+					os.Unsetenv(k)
+				}
+			}
+		})
+	}
+}
+
+func Test_getMarketplace(t *testing.T) {
+	tests := []struct {
+		name string
+		want string
+		envs map[string]string
+	}{
+		{
+			name: "Nothing set",
+			want: "",
+			envs: nil,
+		},
+		{
+			name: "Value set",
+			want: "x",
+			envs: map[string]string{
+				ConsoleMarketplace: "x",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.envs != nil {
+				for k, v := range tt.envs {
+					os.Setenv(k, v)
+				}
+			}
+			if got := getMarketplace(); got != tt.want {
+				t.Errorf("getMarketplace() = %v, want %v", got, tt.want)
+			}
+			if tt.envs != nil {
+				for k := range tt.envs {
+					os.Unsetenv(k)
+				}
+			}
+		})
+	}
+}
--- a/operatorapi/configure_operator.go
+++ b/operatorapi/configure_operator.go
@@ -23,7 +23,6 @@ import (
 	"strings"

 	"github.com/klauspost/compress/gzhttp"
-
 	"github.com/minio/console/restapi"
 	"github.com/unrolled/secure"

@@ -53,12 +52,11 @@ func configureFlags(api *operations.OperatorAPI) {
 }

 func configureAPI(api *operations.OperatorAPI) http.Handler {
-
 	// Applies when the "x-token" header is set
 	api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
 		// we are validating the session token by decrypting the claims inside, if the operation succeed that means the jwt
 		// was generated and signed by us in the first place
-		claims, err := auth.SessionTokenAuthenticate(token)
+		claims, err := auth.ParseClaimsFromToken(token)
 		if err != nil {
 			api.Logger("Unable to validate the session token %s: %v", token, err)
 			return nil, errors.New(401, "incorrect api key auth")
@@ -101,8 +99,8 @@ func configureAPI(api *operations.OperatorAPI) http.Handler {

 // The TLS configuration before HTTPS server starts.
 func configureTLS(tlsConfig *tls.Config) {
-	tlsConfig.RootCAs = GlobalRootCAs
-	tlsConfig.GetCertificate = GlobalTLSCertsManager.GetCertificate
+	tlsConfig.RootCAs = restapi.GlobalRootCAs
+	tlsConfig.GetCertificate = restapi.GlobalTLSCertsManager.GetCertificate
 }

 // As soon as server is initialized but not run yet, this function will be called.
@@ -118,24 +116,6 @@ func setupMiddlewares(handler http.Handler) http.Handler {
 	return handler
 }

-func AuthenticationMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		token, err := auth.GetTokenFromRequest(r)
-		if err != nil && err != auth.ErrNoAuthToken {
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return
-		}
-		// All handlers handle appropriately to return errors
-		// based on their swagger rules, we do not need to
-		// additionally return error here, let the next ServeHTTPs
-		// handle it appropriately.
-		if token != "" {
-			r.Header.Add("Authorization", "Bearer "+token)
-		}
-		next.ServeHTTP(w, r)
-	})
-}
-
 // proxyMiddleware adds the proxy capability
 func proxyMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -150,19 +130,23 @@ func proxyMiddleware(next http.Handler) http.Handler {
 // The middleware configuration happens before anything, this middleware also applies to serving the swagger.json document.
 // So this is a good place to plug in a panic handling middleware, logging and metrics.
 func setupGlobalMiddleware(handler http.Handler) http.Handler {
-	// handle cookie or authorization header for session
-	next := AuthenticationMiddleware(handler)
 	// proxy requests
-	next = proxyMiddleware(next)
+	next := proxyMiddleware(handler)
+	// if audit-log is enabled console will log all incoming request
+	next = restapi.AuditLogMiddleware(next)
 	// serve static files
 	next = restapi.FileServerMiddleware(next)
+	// add information to request context
+	next = restapi.ContextMiddleware(next)
+	// handle cookie or authorization header for session
+	next = restapi.AuthenticationMiddleware(next)
 	// Secure middleware, this middleware wrap all the previous handlers and add
 	// HTTP security headers
 	secureOptions := secure.Options{
 		AllowedHosts:                    restapi.GetSecureAllowedHosts(),
 		AllowedHostsAreRegex:            restapi.GetSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               restapi.GetSecureHostsProxyHeaders(),
-		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(GlobalPublicCerts) > 0,
+		SSLRedirect:                     restapi.GetTLSRedirect() == "on" && len(restapi.GlobalPublicCerts) > 0,
 		SSLHost:                         restapi.GetSecureTLSHost(),
 		STSSeconds:                      restapi.GetSecureSTSSeconds(),
 		STSIncludeSubdomains:            restapi.GetSecureSTSIncludeSubdomains(),
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
--- a/operatorapi/error.go
+++ b/operatorapi/error.go
@@ -1,219 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package operatorapi
-
-import (
-	"errors"
-	"runtime"
-	"strings"
-
-	"github.com/go-openapi/swag"
-	"github.com/minio/console/models"
-	"github.com/minio/madmin-go"
-	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
-)
-
-var (
-	// Generic error messages
-	errorGeneric               = errors.New("an error occurred, please try again")
-	errInvalidCredentials      = errors.New("invalid Login")
-	errorGenericInvalidSession = errors.New("invalid session")
-	errorGenericUnauthorized   = errors.New("unauthorized")
-	errorGenericForbidden      = errors.New("forbidden")
-	// ErrorGenericNotFound Generic error for not found
-	ErrorGenericNotFound = errors.New("not found")
-	// Explicit error messages
-	errorInvalidErasureCodingValue        = errors.New("invalid Erasure Coding Value")
-	errorUnableToGetTenantUsage           = errors.New("unable to get tenant usage")
-	errorUnableToGetTenantLogs            = errors.New("unable to get tenant logs")
-	errorUnableToUpdateTenantCertificates = errors.New("unable to update tenant certificates")
-	errorUpdatingEncryptionConfig         = errors.New("unable to update encryption configuration")
-	errorDeletingEncryptionConfig         = errors.New("error disabling tenant encryption")
-	errorEncryptionConfigNotFound         = errors.New("encryption configuration not found")
-	errBucketBodyNotInRequest             = errors.New("error bucket body not in request")
-	errBucketNameNotInRequest             = errors.New("error bucket name not in request")
-	errGroupBodyNotInRequest              = errors.New("error group body not in request")
-	errGroupNameNotInRequest              = errors.New("error group name not in request")
-	errPolicyNameNotInRequest             = errors.New("error policy name not in request")
-	errPolicyBodyNotInRequest             = errors.New("error policy body not in request")
-	errSSENotConfigured                   = errors.New("error server side encryption configuration not found")
-	errBucketLifeCycleNotConfigured       = errors.New("error bucket life cycle configuration not found")
-	errChangePassword                     = errors.New("error please check your current password")
-	errInvalidLicense                     = errors.New("invalid license key")
-	errLicenseNotFound                    = errors.New("license not found")
-	errAvoidSelfAccountDelete             = errors.New("logged in user cannot be deleted by itself")
-	errAccessDenied                       = errors.New("access denied")
-	errTooManyNodes                       = errors.New("cannot request more nodes than what is available in the cluster")
-	errTooFewNodes                        = errors.New("there are not enough nodes in the cluster to support this tenant")
-	errTooFewSchedulableNodes             = errors.New("there is not enough schedulable nodes to satisfy this requirement")
-	errFewerThanFourNodes                 = errors.New("at least 4 nodes are required for a tenant")
-)
-
-// prepareError receives an error object and parse it against k8sErrors, returns the right error code paired with a generic error message
-func prepareError(err ...error) *models.Error {
-	errorCode := int32(500)
-	errorMessage := errorGeneric.Error()
-	if len(err) > 0 {
-		frame := getFrame(2)
-		fileParts := strings.Split(frame.File, "/")
-		LogError("original error -> (%s:%d: %v)", fileParts[len(fileParts)-1], frame.Line, err[0])
-		if k8sErrors.IsUnauthorized(err[0]) {
-			errorCode = 401
-			errorMessage = errorGenericUnauthorized.Error()
-		}
-		if k8sErrors.IsForbidden(err[0]) {
-			errorCode = 403
-			errorMessage = errorGenericForbidden.Error()
-		}
-		if k8sErrors.IsNotFound(err[0]) {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if err[0] == ErrorGenericNotFound {
-			errorCode = 404
-			errorMessage = ErrorGenericNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidCredentials) {
-			errorCode = 401
-			errorMessage = errInvalidCredentials.Error()
-		}
-		// console invalid erasure coding value
-		if errors.Is(err[0], errorInvalidErasureCodingValue) {
-			errorCode = 400
-			errorMessage = errorInvalidErasureCodingValue.Error()
-		}
-		if errors.Is(err[0], errBucketBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errBucketNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errBucketNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupBodyNotInRequest.Error()
-		}
-		if errors.Is(err[0], errGroupNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errGroupNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyNameNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyNameNotInRequest.Error()
-		}
-		if errors.Is(err[0], errPolicyBodyNotInRequest) {
-			errorCode = 400
-			errorMessage = errPolicyBodyNotInRequest.Error()
-		}
-		// console invalid session error
-		if errors.Is(err[0], errorGenericInvalidSession) {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// Bucket life cycle not configured
-		if errors.Is(err[0], errBucketLifeCycleNotConfigured) {
-			errorCode = 404
-			errorMessage = errBucketLifeCycleNotConfigured.Error()
-		}
-		// Encryption not configured
-		if errors.Is(err[0], errSSENotConfigured) {
-			errorCode = 404
-			errorMessage = errSSENotConfigured.Error()
-		}
-		// account change password
-		if madmin.ToErrorResponse(err[0]).Code == "SignatureDoesNotMatch" {
-			errorCode = 403
-			errorMessage = errChangePassword.Error()
-		}
-		if errors.Is(err[0], errLicenseNotFound) {
-			errorCode = 404
-			errorMessage = errLicenseNotFound.Error()
-		}
-		if errors.Is(err[0], errInvalidLicense) {
-			errorCode = 404
-			errorMessage = errInvalidLicense.Error()
-		}
-		if errors.Is(err[0], errAvoidSelfAccountDelete) {
-			errorCode = 403
-			errorMessage = errAvoidSelfAccountDelete.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "AccessDenied" {
-			errorCode = 403
-			errorMessage = errAccessDenied.Error()
-		}
-		if madmin.ToErrorResponse(err[0]).Code == "InvalidAccessKeyId" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// console invalid session error
-		if madmin.ToErrorResponse(err[0]).Code == "XMinioAdminNoSuchUser" {
-			errorCode = 401
-			errorMessage = errorGenericInvalidSession.Error()
-		}
-		// if we received a second error take that as friendly message but dont override the code
-		if len(err) > 1 && err[1] != nil {
-			LogError("friendly error: %v", err[1].Error())
-			errorMessage = err[1].Error()
-		}
-		// if we receive third error we just print that as debugging
-		if len(err) > 2 && err[2] != nil {
-			LogError("debugging error: %v", err[2].Error())
-		}
-
-		errRemoteTierExists := errors.New("Specified remote tier already exists") //nolint
-		if errors.Is(err[0], errRemoteTierExists) {
-			errorMessage = err[0].Error()
-		}
-		if errors.Is(err[0], errTooFewNodes) {
-			errorCode = 507
-			errorMessage = errTooFewNodes.Error()
-		}
-		if errors.Is(err[0], errTooFewSchedulableNodes) {
-			errorCode = 507
-			errorMessage = errTooFewSchedulableNodes.Error()
-		}
-		if errors.Is(err[0], errFewerThanFourNodes) {
-			errorCode = 507
-			errorMessage = errFewerThanFourNodes.Error()
-		}
-	}
-	return &models.Error{Code: errorCode, Message: swag.String(errorMessage), DetailedMessage: swag.String(err[0].Error())}
-}
-
-func getFrame(skipFrames int) runtime.Frame {
-	// We need the frame at index skipFrames+2, since we never want runtime.Callers and getFrame
-	targetFrameIndex := skipFrames + 2
-
-	// Set size to targetFrameIndex+2 to ensure we have room for one more caller than we need
-	programCounters := make([]uintptr, targetFrameIndex+2)
-	n := runtime.Callers(0, programCounters)
-
-	frame := runtime.Frame{Function: "unknown"}
-	if n > 0 {
-		frames := runtime.CallersFrames(programCounters[:n])
-		for more, frameIndex := true, 0; more && frameIndex <= targetFrameIndex; frameIndex++ {
-			var frameCandidate runtime.Frame
-			frameCandidate, more = frames.Next()
-			if frameIndex == targetFrameIndex {
-				frame = frameCandidate
-			}
-		}
-	}
-
-	return frame
-}
--- a/operatorapi/integrations.go
+++ b/operatorapi/integrations.go
@@ -112,7 +112,6 @@ func gkeIntegration(clientset *kubernetes.Clientset, tenantName string, namespac
 			Name: tenantNpSvc,
 		},
 		Spec: corev1.ServiceSpec{
-
 			Selector: map[string]string{
 				"v1.min.io/instance": tenantName,
 			},
@@ -132,7 +131,7 @@ func gkeIntegration(clientset *kubernetes.Clientset, tenantName string, namespac
 		return err
 	}

-	//NOW FOR Console
+	// NOW FOR Console
 	// create consoleManagedCertificate

 	// get a nodeport port for this tenant and create a nodeport for it
--- a/operatorapi/k8s_client.go
+++ b/operatorapi/k8s_client.go
@@ -38,6 +38,7 @@ type K8sClientI interface {
 	deleteSecret(ctx context.Context, namespace string, name string, opts metav1.DeleteOptions) error
 	createSecret(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.CreateOptions) (*v1.Secret, error)
 	updateSecret(ctx context.Context, namespace string, secret *v1.Secret, opts metav1.UpdateOptions) (*v1.Secret, error)
+	getPVC(ctx context.Context, namespace string, pvcName string, opts metav1.GetOptions) (*v1.PersistentVolumeClaim, error)
 }

 // Interface implementation
@@ -82,3 +83,7 @@ func (c *k8sClient) getNamespace(ctx context.Context, name string, opts metav1.G
 func (c *k8sClient) getStorageClasses(ctx context.Context, opts metav1.ListOptions) (*storagev1.StorageClassList, error) {
 	return c.client.StorageV1().StorageClasses().List(ctx, opts)
 }
+
+func (c *k8sClient) getPVC(ctx context.Context, namespace string, pvcName string, opts metav1.GetOptions) (*v1.PersistentVolumeClaim, error) {
+	return c.client.CoreV1().PersistentVolumeClaims(namespace).Get(ctx, pvcName, opts)
+}
--- a/operatorapi/login.go
+++ b/operatorapi/login.go
@@ -33,44 +33,45 @@ import (
 	"github.com/minio/console/models"
 	opauth "github.com/minio/console/operatorapi/auth"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
+
 	"github.com/minio/console/pkg/auth"
 	"github.com/minio/console/pkg/auth/idp/oauth2"
 )

 func registerLoginHandlers(api *operations.OperatorAPI) {
 	// GET login strategy
-	api.UserAPILoginDetailHandler = user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-		loginDetails, err := getLoginDetailsResponse(params.HTTPRequest)
+	api.AuthLoginDetailHandler = authApi.LoginDetailHandlerFunc(func(params authApi.LoginDetailParams) middleware.Responder {
+		loginDetails, err := getLoginDetailsResponse(params)
 		if err != nil {
-			return user_api.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
 		}
-		return user_api.NewLoginDetailOK().WithPayload(loginDetails)
+		return authApi.NewLoginDetailOK().WithPayload(loginDetails)
 	})
 	// POST login using k8s service account token
-	api.UserAPILoginOperatorHandler = user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-		loginResponse, err := getLoginOperatorResponse(params.Body)
+	api.AuthLoginOperatorHandler = authApi.LoginOperatorHandlerFunc(func(params authApi.LoginOperatorParams) middleware.Responder {
+		loginResponse, err := getLoginOperatorResponse(params)
 		if err != nil {
-			return user_api.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOperatorDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOperatorNoContent().WriteResponse(w, p)
+			authApi.NewLoginOperatorNoContent().WriteResponse(w, p)
 		})
 	})
 	// POST login using external IDP
-	api.UserAPILoginOauth2AuthHandler = user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-		loginResponse, err := getLoginOauth2AuthResponse(params.HTTPRequest, params.Body)
+	api.AuthLoginOauth2AuthHandler = authApi.LoginOauth2AuthHandlerFunc(func(params authApi.LoginOauth2AuthParams) middleware.Responder {
+		loginResponse, err := getLoginOauth2AuthResponse(params)
 		if err != nil {
-			return user_api.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
+			return authApi.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
 		}
 		// Custom response writer to set the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
+			authApi.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
 		})
 	})
 }
@@ -86,14 +87,19 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
 	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), nil)
 	if err != nil {
-		LogError("error authenticating user: %v", err)
-		return nil, errInvalidCredentials
+		restapi.LogError("error authenticating user: %v", err)
+		return nil, restapi.ErrInvalidLogin
 	}
 	return &token, nil
 }

 // getLoginDetailsResponse returns information regarding the Console authentication mechanism.
-func getLoginDetailsResponse(r *http.Request) (*models.LoginDetails, *models.Error) {
+func getLoginDetailsResponse(params authApi.LoginDetailParams) (*models.LoginDetails, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	r := params.HTTPRequest
+
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""

@@ -102,7 +108,7 @@ func getLoginDetailsResponse(r *http.Request) (*models.LoginDetails, *models.Err
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// Validate user against IDP
 		identityProvider := &auth.IdentityProvider{Client: oauth2Client}
@@ -125,31 +131,35 @@ func verifyUserAgainstIDP(ctx context.Context, provider auth.IdentityProviderI,
 	return oauth2Token, nil
 }

-func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthRequest) (*models.LoginResponse, *models.Error) {
-	ctx, cancel := context.WithCancel(context.Background())
+func getLoginOauth2AuthResponse(params authApi.LoginOauth2AuthParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
+
+	r := params.HTTPRequest
+	lr := params.Body
+
 	if oauth2.IsIDPEnabled() {
 		// initialize new oauth2 client
 		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// initialize new identity provider
 		identityProvider := auth.IdentityProvider{Client: oauth2Client}
 		// Validate user against IDP
 		_, err = verifyUserAgainstIDP(ctx, identityProvider, *lr.Code, *lr.State)
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		// If we pass here that means the IDP correctly authenticate the user with the operator resource
 		// we proceed to use the service account token configured in the operator-console pod
 		creds, err := newConsoleCredentials(getK8sSAToken())
 		if err != nil {
-			return nil, prepareError(err)
+			return nil, restapi.ErrorWithContext(ctx, err)
 		}
 		token, err := login(restapi.ConsoleCredentials{ConsoleCredentials: creds})
 		if err != nil {
-			return nil, prepareError(errInvalidCredentials, nil, err)
+			return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 		}
 		// serialize output
 		loginResponse := &models.LoginResponse{
@@ -157,7 +167,7 @@ func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthReque
 		}
 		return loginResponse, nil
 	}
-	return nil, prepareError(errorGeneric)
+	return nil, restapi.ErrorWithContext(ctx, restapi.ErrDefault)
 }

 func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
@@ -169,17 +179,22 @@ func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
 }

 // getLoginOperatorResponse validate the provided service account token against k8s api
-func getLoginOperatorResponse(lmr *models.LoginOperatorRequest) (*models.LoginResponse, *models.Error) {
+func getLoginOperatorResponse(params authApi.LoginOperatorParams) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
+	defer cancel()
+
+	lmr := params.Body
+
 	creds, err := newConsoleCredentials(*lmr.Jwt)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, restapi.ErrorWithContext(ctx, err)
 	}
 	consoleCreds := restapi.ConsoleCredentials{ConsoleCredentials: creds}
 	// Set a random as access key as session identifier
 	consoleCreds.AccountAccessKey = fmt.Sprintf("%d", rand.Intn(100000-10000)+10000)
 	token, err := login(consoleCreds)
 	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
+		return nil, restapi.ErrorWithContext(ctx, restapi.ErrInvalidLogin, nil, err)
 	}
 	// serialize output
 	loginResponse := &models.LoginResponse{
--- a/operatorapi/logout.go
+++ b/operatorapi/logout.go
@@ -23,20 +23,20 @@ import (
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
-	"github.com/minio/console/operatorapi/operations/user_api"
+	authApi "github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/restapi"
 )

 func registerLogoutHandlers(api *operations.OperatorAPI) {
 	// logout from console
-	api.UserAPILogoutHandler = user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, session *models.Principal) middleware.Responder {
+	api.AuthLogoutHandler = authApi.LogoutHandlerFunc(func(params authApi.LogoutParams, session *models.Principal) middleware.Responder {
 		// Custom response writer to expire the session cookies
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			expiredCookie := restapi.ExpireSessionCookie()
 			// this will tell the browser to clear the cookie and invalidate user session
 			// additionally we are deleting the cookie from the client side
 			http.SetCookie(w, &expiredCookie)
-			user_api.NewLogoutOK().WriteResponse(w, p)
+			authApi.NewLogoutOK().WriteResponse(w, p)
 		})
 	})
 }
--- a/operatorapi/logs.go
+++ b/operatorapi/logs.go
@@ -25,8 +25,10 @@ import (
 	"github.com/minio/cli"
 )

-var infoLog = log.New(os.Stdout, "I: ", log.LstdFlags)
-var errorLog = log.New(os.Stdout, "E: ", log.LstdFlags)
+var (
+	infoLog  = log.New(os.Stdout, "I: ", log.LstdFlags)
+	errorLog = log.New(os.Stdout, "E: ", log.LstdFlags)
+)

 func logInfo(msg string, data ...interface{}) {
 	infoLog.Printf(msg+"\n", data...)
--- a/operatorapi/minio_operator_mock.go
+++ b/operatorapi/minio_operator_mock.go
@@ -16,5 +16,28 @@

 package operatorapi

-type opClientMock struct{}
-type httpClientMock struct{}
+import (
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type (
+	opClientMock   struct{}
+	httpClientMock struct{}
+)
+
+func createMockPVC(pvcMockName, pvcMockNamespace string) *v1.PersistentVolumeClaim {
+	var mockVolumeMode v1.PersistentVolumeMode = "mockVolumeMode"
+	mockStorage := "mockStorage"
+
+	return &v1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      pvcMockName,
+			Namespace: pvcMockNamespace,
+		},
+		Spec: v1.PersistentVolumeClaimSpec{
+			StorageClassName: &mockStorage,
+			VolumeMode:       &mockVolumeMode,
+		},
+	}
+}
--- a/operatorapi/namespaces.go
+++ b/operatorapi/namespaces.go
@@ -20,12 +20,13 @@ import (
 	"context"
 	"errors"

-	"github.com/minio/console/operatorapi/operations/operator_api"
+	xerrors "github.com/minio/console/restapi"

 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/cluster"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
+	"github.com/minio/console/operatorapi/operations/operator_api"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
@@ -33,7 +34,7 @@ import (

 func registerNamespaceHandlers(api *operations.OperatorAPI) {
 	// Add Namespace
-	//api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
+	// api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
 	api.OperatorAPICreateNamespaceHandler = operator_api.CreateNamespaceHandlerFunc(func(params operator_api.CreateNamespaceParams, session *models.Principal) middleware.Responder {
 		err := getNamespaceCreatedResponse(session, params)
 		if err != nil {
@@ -44,12 +45,11 @@ func registerNamespaceHandlers(api *operations.OperatorAPI) {
 }

 func getNamespaceCreatedResponse(session *models.Principal, params operator_api.CreateNamespaceParams) *models.Error {
-	ctx, cancel := context.WithCancel(context.Background())
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	clientset, err := cluster.K8sClient(session.STSSessionToken)
-
 	if err != nil {
-		return prepareError(err)
+		return xerrors.ErrorWithContext(ctx, err)
 	}

 	namespace := *params.Body.Name
@@ -57,7 +57,7 @@ func getNamespaceCreatedResponse(session *models.Principal, params operator_api.
 	errCreation := getNamespaceCreated(ctx, clientset.CoreV1(), namespace)

 	if errCreation != nil {
-		return prepareError(errCreation)
+		return xerrors.ErrorWithContext(ctx, errCreation)
 	}

 	return nil
--- a/operatorapi/nodes.go
+++ b/operatorapi/nodes.go
@@ -21,6 +21,8 @@ import (
 	"errors"
 	"sort"

+	xerrors "github.com/minio/console/restapi"
+
 	"github.com/minio/minio-go/v7/pkg/set"

 	"github.com/minio/console/operatorapi/operations/operator_api"
@@ -52,8 +54,8 @@ func registerNodesHandlers(api *operations.OperatorAPI) {
 		return operator_api.NewListNodeLabelsOK().WithPayload(*resp)
 	})

-	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
-		resp, err := getAllocatableResourcesResponse(params.NumNodes, principal)
+	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, session *models.Principal) middleware.Responder {
+		resp, err := getAllocatableResourcesResponse(session, params)
 		if err != nil {
 			return operator_api.NewGetAllocatableResourcesDefault(int(err.Code)).WithPayload(err)
 		}
@@ -71,7 +73,7 @@ type NodeResourceInfo struct {
 func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface, numNodes int32) (*models.MaxAllocatableMemResponse, error) {
 	// can't request less than 4 nodes
 	if numNodes < 4 {
-		return nil, errFewerThanFourNodes
+		return nil, xerrors.ErrFewerThanFourNodes
 	}

 	// get all nodes from cluster
@@ -97,15 +99,15 @@ func getMaxAllocatableMemory(ctx context.Context, clientset v1.CoreV1Interface,
 	}
 	// requesting more nodes than schedulable and less than total number of workers
 	if int(numNodes) > schedulableNodes && int(numNodes) < nonMasterNodes {
-		return nil, errTooManyNodes
+		return nil, xerrors.ErrTooManyNodes
 	}
 	if nonMasterNodes < int(numNodes) {
-		return nil, errTooFewNodes
+		return nil, xerrors.ErrTooFewNodes
 	}

 	// not enough schedulable nodes
 	if schedulableNodes < int(numNodes) {
-		return nil, errTooFewSchedulableNodes
+		return nil, xerrors.ErrTooFewAvailableNodes
 	}

 	availableMemSizes := []int64{}
@@ -177,12 +179,12 @@ func min(x, y int64) int64 {
 func getMaxAllocatableMemoryResponse(ctx context.Context, session *models.Principal, numNodes int32) (*models.MaxAllocatableMemResponse, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}

 	clusterResources, err := getMaxAllocatableMemory(ctx, client.CoreV1(), numNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
@@ -217,18 +219,17 @@ func getNodeLabels(ctx context.Context, clientset v1.CoreV1Interface) (*models.N
 func getNodeLabelsResponse(ctx context.Context, session *models.Principal) (*models.NodeLabels, *models.Error) {
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}

 	clusterResources, err := getNodeLabels(ctx, client.CoreV1())
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }

 func getClusterResourcesInfo(numNodes int32, inNodesResources []NodeResourceInfo) *models.AllocatableResourcesResponse {
-
 	// purge any nodes with 0 cpu
 	var nodesResources []NodeResourceInfo
 	for _, n := range inNodesResources {
@@ -357,17 +358,16 @@ OUTER:

 // Get allocatable resources response

-func getAllocatableResourcesResponse(numNodes int32, session *models.Principal) (*models.AllocatableResourcesResponse, *models.Error) {
-	ctx, cancel := context.WithCancel(context.Background())
+func getAllocatableResourcesResponse(session *models.Principal, params operator_api.GetAllocatableResourcesParams) (*models.AllocatableResourcesResponse, *models.Error) {
+	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	client, err := cluster.K8sClient(session.STSSessionToken)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
-
-	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), numNodes)
+	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), params.NumNodes)
 	if err != nil {
-		return nil, prepareError(err)
+		return nil, xerrors.ErrorWithContext(ctx, err)
 	}
 	return clusterResources, nil
 }
--- a/operatorapi/nodes_test.go
+++ b/operatorapi/nodes_test.go
@@ -30,7 +30,7 @@ import (
 	"k8s.io/client-go/kubernetes/fake"
 )

-func Test_MaxAllocatableMemory(t *testing.T) {
+func NoTestMaxAllocatableMemory(t *testing.T) {
 	type args struct {
 		ctx      context.Context
 		numNodes int32
--- a/operatorapi/operations/user_api/login_detail.go
+++ b/operatorapi/operations/user_api/login_detail.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginDetail(ctx *middleware.Context, handler LoginDetailHandler) *LoginD
 	return &LoginDetail{Context: ctx, Handler: handler}
 }

-/* LoginDetail swagger:route GET /login UserAPI loginDetail
+/* LoginDetail swagger:route GET /login Auth loginDetail

 Returns login strategy, form or sso.

--- a/operatorapi/operations/auth/login_detail_parameters.go
+++ b/operatorapi/operations/auth/login_detail_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/login_detail_responses.go
+++ b/operatorapi/operations/auth/login_detail_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_detail_urlbuilder.go
+++ b/operatorapi/operations/user_api/login_detail_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/auth/login_oauth2_auth.go
+++ b/operatorapi/operations/auth/login_oauth2_auth.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOauth2Auth(ctx *middleware.Context, handler LoginOauth2AuthHandler)
 	return &LoginOauth2Auth{Context: ctx, Handler: handler}
 }

-/* LoginOauth2Auth swagger:route POST /login/oauth2/auth UserAPI loginOauth2Auth
+/* LoginOauth2Auth swagger:route POST /login/oauth2/auth Auth loginOauth2Auth

 Identity Provider oauth2 callback endpoint.

--- a/operatorapi/operations/auth/login_oauth2_auth_parameters.go
+++ b/operatorapi/operations/auth/login_oauth2_auth_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_oauth2_auth_responses.go
+++ b/operatorapi/operations/user_api/login_oauth2_auth_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/login_oauth2_auth_urlbuilder.go
+++ b/operatorapi/operations/auth/login_oauth2_auth_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/login_operator.go
+++ b/operatorapi/operations/user_api/login_operator.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -46,7 +46,7 @@ func NewLoginOperator(ctx *middleware.Context, handler LoginOperatorHandler) *Lo
 	return &LoginOperator{Context: ctx, Handler: handler}
 }

-/* LoginOperator swagger:route POST /login/operator UserAPI loginOperator
+/* LoginOperator swagger:route POST /login/operator Auth loginOperator

 Login to Operator Console.

--- a/operatorapi/operations/user_api/login_operator_parameters.go
+++ b/operatorapi/operations/user_api/login_operator_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_operator_responses.go
+++ b/operatorapi/operations/user_api/login_operator_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/login_operator_urlbuilder.go
+++ b/operatorapi/operations/user_api/login_operator_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/logout.go
+++ b/operatorapi/operations/user_api/logout.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewLogout(ctx *middleware.Context, handler LogoutHandler) *Logout {
 	return &Logout{Context: ctx, Handler: handler}
 }

-/* Logout swagger:route POST /logout UserAPI logout
+/* Logout swagger:route POST /logout Auth logout

 Logout from Operator.

--- a/operatorapi/operations/auth/logout_parameters.go
+++ b/operatorapi/operations/auth/logout_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/logout_responses.go
+++ b/operatorapi/operations/user_api/logout_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/auth/logout_urlbuilder.go
+++ b/operatorapi/operations/auth/logout_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/user_api/session_check.go
+++ b/operatorapi/operations/user_api/session_check.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
@@ -48,7 +48,7 @@ func NewSessionCheck(ctx *middleware.Context, handler SessionCheckHandler) *Sess
 	return &SessionCheck{Context: ctx, Handler: handler}
 }

-/* SessionCheck swagger:route GET /session UserAPI sessionCheck
+/* SessionCheck swagger:route GET /session Auth sessionCheck

 Endpoint to check if your session is still valid

--- a/operatorapi/operations/auth/session_check_parameters.go
+++ b/operatorapi/operations/auth/session_check_parameters.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/session_check_responses.go
+++ b/operatorapi/operations/user_api/session_check_responses.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the swagger generate command
--- a/operatorapi/operations/user_api/session_check_urlbuilder.go
+++ b/operatorapi/operations/user_api/session_check_urlbuilder.go
@@ -17,7 +17,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //

-package user_api
+package auth

 // This file was generated by the swagger tool.
 // Editing this file might prove futile when you re-run the generate command
--- a/operatorapi/operations/operator_api.go
+++ b/operatorapi/operations/operator_api.go
@@ -37,6 +37,7 @@ import (
 	"github.com/go-openapi/swag"

 	"github.com/minio/console/models"
+	"github.com/minio/console/operatorapi/operations/auth"
 	"github.com/minio/console/operatorapi/operations/operator_api"
 	"github.com/minio/console/operatorapi/operations/user_api"
 )
@@ -81,6 +82,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIDeleteTenantHandler: operator_api.DeleteTenantHandlerFunc(func(params operator_api.DeleteTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.DeleteTenant has not yet been implemented")
 		}),
+		OperatorAPIDescribePodHandler: operator_api.DescribePodHandlerFunc(func(params operator_api.DescribePodParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.DescribePod has not yet been implemented")
+		}),
 		OperatorAPIDisableTenantLoggingHandler: operator_api.DisableTenantLoggingHandlerFunc(func(params operator_api.DisableTenantLoggingParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.DisableTenantLogging has not yet been implemented")
 		}),
@@ -93,6 +97,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIGetMaxAllocatableMemHandler: operator_api.GetMaxAllocatableMemHandlerFunc(func(params operator_api.GetMaxAllocatableMemParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.GetMaxAllocatableMem has not yet been implemented")
 		}),
+		OperatorAPIGetPVCDescribeHandler: operator_api.GetPVCDescribeHandlerFunc(func(params operator_api.GetPVCDescribeParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.GetPVCDescribe has not yet been implemented")
+		}),
 		OperatorAPIGetPVCEventsHandler: operator_api.GetPVCEventsHandlerFunc(func(params operator_api.GetPVCEventsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.GetPVCEvents has not yet been implemented")
 		}),
@@ -138,26 +145,29 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIListPVCsForTenantHandler: operator_api.ListPVCsForTenantHandlerFunc(func(params operator_api.ListPVCsForTenantParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListPVCsForTenant has not yet been implemented")
 		}),
+		OperatorAPIListTenantCertificateSigningRequestHandler: operator_api.ListTenantCertificateSigningRequestHandlerFunc(func(params operator_api.ListTenantCertificateSigningRequestParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.ListTenantCertificateSigningRequest has not yet been implemented")
+		}),
 		OperatorAPIListTenantsHandler: operator_api.ListTenantsHandlerFunc(func(params operator_api.ListTenantsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListTenants has not yet been implemented")
 		}),
-		UserAPILoginDetailHandler: user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginDetail has not yet been implemented")
+		AuthLoginDetailHandler: auth.LoginDetailHandlerFunc(func(params auth.LoginDetailParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginDetail has not yet been implemented")
 		}),
-		UserAPILoginOauth2AuthHandler: user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOauth2Auth has not yet been implemented")
+		AuthLoginOauth2AuthHandler: auth.LoginOauth2AuthHandlerFunc(func(params auth.LoginOauth2AuthParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOauth2Auth has not yet been implemented")
 		}),
-		UserAPILoginOperatorHandler: user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.LoginOperator has not yet been implemented")
+		AuthLoginOperatorHandler: auth.LoginOperatorHandlerFunc(func(params auth.LoginOperatorParams) middleware.Responder {
+			return middleware.NotImplemented("operation auth.LoginOperator has not yet been implemented")
 		}),
-		UserAPILogoutHandler: user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.Logout has not yet been implemented")
+		AuthLogoutHandler: auth.LogoutHandlerFunc(func(params auth.LogoutParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.Logout has not yet been implemented")
 		}),
 		OperatorAPIPutTenantYAMLHandler: operator_api.PutTenantYAMLHandlerFunc(func(params operator_api.PutTenantYAMLParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.PutTenantYAML has not yet been implemented")
 		}),
-		UserAPISessionCheckHandler: user_api.SessionCheckHandlerFunc(func(params user_api.SessionCheckParams, principal *models.Principal) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.SessionCheck has not yet been implemented")
+		AuthSessionCheckHandler: auth.SessionCheckHandlerFunc(func(params auth.SessionCheckParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation auth.SessionCheck has not yet been implemented")
 		}),
 		OperatorAPISetTenantLogsHandler: operator_api.SetTenantLogsHandlerFunc(func(params operator_api.SetTenantLogsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.SetTenantLogs has not yet been implemented")
@@ -277,6 +287,8 @@ type OperatorAPI struct {
 	OperatorAPIDeletePodHandler operator_api.DeletePodHandler
 	// OperatorAPIDeleteTenantHandler sets the operation handler for the delete tenant operation
 	OperatorAPIDeleteTenantHandler operator_api.DeleteTenantHandler
+	// OperatorAPIDescribePodHandler sets the operation handler for the describe pod operation
+	OperatorAPIDescribePodHandler operator_api.DescribePodHandler
 	// OperatorAPIDisableTenantLoggingHandler sets the operation handler for the disable tenant logging operation
 	OperatorAPIDisableTenantLoggingHandler operator_api.DisableTenantLoggingHandler
 	// OperatorAPIEnableTenantLoggingHandler sets the operation handler for the enable tenant logging operation
@@ -285,6 +297,8 @@ type OperatorAPI struct {
 	OperatorAPIGetAllocatableResourcesHandler operator_api.GetAllocatableResourcesHandler
 	// OperatorAPIGetMaxAllocatableMemHandler sets the operation handler for the get max allocatable mem operation
 	OperatorAPIGetMaxAllocatableMemHandler operator_api.GetMaxAllocatableMemHandler
+	// OperatorAPIGetPVCDescribeHandler sets the operation handler for the get p v c describe operation
+	OperatorAPIGetPVCDescribeHandler operator_api.GetPVCDescribeHandler
 	// OperatorAPIGetPVCEventsHandler sets the operation handler for the get p v c events operation
 	OperatorAPIGetPVCEventsHandler operator_api.GetPVCEventsHandler
 	// OperatorAPIGetParityHandler sets the operation handler for the get parity operation
@@ -315,20 +329,22 @@ type OperatorAPI struct {
 	OperatorAPIListPVCsHandler operator_api.ListPVCsHandler
 	// OperatorAPIListPVCsForTenantHandler sets the operation handler for the list p v cs for tenant operation
 	OperatorAPIListPVCsForTenantHandler operator_api.ListPVCsForTenantHandler
+	// OperatorAPIListTenantCertificateSigningRequestHandler sets the operation handler for the list tenant certificate signing request operation
+	OperatorAPIListTenantCertificateSigningRequestHandler operator_api.ListTenantCertificateSigningRequestHandler
 	// OperatorAPIListTenantsHandler sets the operation handler for the list tenants operation
 	OperatorAPIListTenantsHandler operator_api.ListTenantsHandler
-	// UserAPILoginDetailHandler sets the operation handler for the login detail operation
-	UserAPILoginDetailHandler user_api.LoginDetailHandler
-	// UserAPILoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
-	UserAPILoginOauth2AuthHandler user_api.LoginOauth2AuthHandler
-	// UserAPILoginOperatorHandler sets the operation handler for the login operator operation
-	UserAPILoginOperatorHandler user_api.LoginOperatorHandler
-	// UserAPILogoutHandler sets the operation handler for the logout operation
-	UserAPILogoutHandler user_api.LogoutHandler
+	// AuthLoginDetailHandler sets the operation handler for the login detail operation
+	AuthLoginDetailHandler auth.LoginDetailHandler
+	// AuthLoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
+	AuthLoginOauth2AuthHandler auth.LoginOauth2AuthHandler
+	// AuthLoginOperatorHandler sets the operation handler for the login operator operation
+	AuthLoginOperatorHandler auth.LoginOperatorHandler
+	// AuthLogoutHandler sets the operation handler for the logout operation
+	AuthLogoutHandler auth.LogoutHandler
 	// OperatorAPIPutTenantYAMLHandler sets the operation handler for the put tenant y a m l operation
 	OperatorAPIPutTenantYAMLHandler operator_api.PutTenantYAMLHandler
-	// UserAPISessionCheckHandler sets the operation handler for the session check operation
-	UserAPISessionCheckHandler user_api.SessionCheckHandler
+	// AuthSessionCheckHandler sets the operation handler for the session check operation
+	AuthSessionCheckHandler auth.SessionCheckHandler
 	// OperatorAPISetTenantLogsHandler sets the operation handler for the set tenant logs operation
 	OperatorAPISetTenantLogsHandler operator_api.SetTenantLogsHandler
 	// OperatorAPISetTenantMonitoringHandler sets the operation handler for the set tenant monitoring operation
@@ -466,6 +482,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIDeleteTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.DeleteTenantHandler")
 	}
+	if o.OperatorAPIDescribePodHandler == nil {
+		unregistered = append(unregistered, "operator_api.DescribePodHandler")
+	}
 	if o.OperatorAPIDisableTenantLoggingHandler == nil {
 		unregistered = append(unregistered, "operator_api.DisableTenantLoggingHandler")
 	}
@@ -478,6 +497,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIGetMaxAllocatableMemHandler == nil {
 		unregistered = append(unregistered, "operator_api.GetMaxAllocatableMemHandler")
 	}
+	if o.OperatorAPIGetPVCDescribeHandler == nil {
+		unregistered = append(unregistered, "operator_api.GetPVCDescribeHandler")
+	}
 	if o.OperatorAPIGetPVCEventsHandler == nil {
 		unregistered = append(unregistered, "operator_api.GetPVCEventsHandler")
 	}
@@ -523,26 +545,29 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIListPVCsForTenantHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListPVCsForTenantHandler")
 	}
+	if o.OperatorAPIListTenantCertificateSigningRequestHandler == nil {
+		unregistered = append(unregistered, "operator_api.ListTenantCertificateSigningRequestHandler")
+	}
 	if o.OperatorAPIListTenantsHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListTenantsHandler")
 	}
-	if o.UserAPILoginDetailHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginDetailHandler")
+	if o.AuthLoginDetailHandler == nil {
+		unregistered = append(unregistered, "auth.LoginDetailHandler")
 	}
-	if o.UserAPILoginOauth2AuthHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOauth2AuthHandler")
+	if o.AuthLoginOauth2AuthHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOauth2AuthHandler")
 	}
-	if o.UserAPILoginOperatorHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginOperatorHandler")
+	if o.AuthLoginOperatorHandler == nil {
+		unregistered = append(unregistered, "auth.LoginOperatorHandler")
 	}
-	if o.UserAPILogoutHandler == nil {
-		unregistered = append(unregistered, "user_api.LogoutHandler")
+	if o.AuthLogoutHandler == nil {
+		unregistered = append(unregistered, "auth.LogoutHandler")
 	}
 	if o.OperatorAPIPutTenantYAMLHandler == nil {
 		unregistered = append(unregistered, "operator_api.PutTenantYAMLHandler")
 	}
-	if o.UserAPISessionCheckHandler == nil {
-		unregistered = append(unregistered, "user_api.SessionCheckHandler")
+	if o.AuthSessionCheckHandler == nil {
+		unregistered = append(unregistered, "auth.SessionCheckHandler")
 	}
 	if o.OperatorAPISetTenantLogsHandler == nil {
 		unregistered = append(unregistered, "operator_api.SetTenantLogsHandler")
@@ -723,6 +748,10 @@ func (o *OperatorAPI) initHandlerCache() {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}
 	o.handlers["DELETE"]["/namespaces/{namespace}/tenants/{tenant}"] = operator_api.NewDeleteTenant(o.context, o.OperatorAPIDeleteTenantHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pods/{podName}/describe"] = operator_api.NewDescribePod(o.context, o.OperatorAPIDescribePodHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
@@ -742,6 +771,10 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/describe"] = operator_api.NewGetPVCDescribe(o.context, o.OperatorAPIGetPVCDescribeHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/events"] = operator_api.NewGetPVCEvents(o.context, o.OperatorAPIGetPVCEventsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
@@ -802,23 +835,27 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/csr"] = operator_api.NewListTenantCertificateSigningRequest(o.context, o.OperatorAPIListTenantCertificateSigningRequestHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/namespaces/{namespace}/tenants"] = operator_api.NewListTenants(o.context, o.OperatorAPIListTenantsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/login"] = user_api.NewLoginDetail(o.context, o.UserAPILoginDetailHandler)
+	o.handlers["GET"]["/login"] = auth.NewLoginDetail(o.context, o.AuthLoginDetailHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/oauth2/auth"] = user_api.NewLoginOauth2Auth(o.context, o.UserAPILoginOauth2AuthHandler)
+	o.handlers["POST"]["/login/oauth2/auth"] = auth.NewLoginOauth2Auth(o.context, o.AuthLoginOauth2AuthHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login/operator"] = user_api.NewLoginOperator(o.context, o.UserAPILoginOperatorHandler)
+	o.handlers["POST"]["/login/operator"] = auth.NewLoginOperator(o.context, o.AuthLoginOperatorHandler)
 	if o.handlers["POST"] == nil {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/logout"] = user_api.NewLogout(o.context, o.UserAPILogoutHandler)
+	o.handlers["POST"]["/logout"] = auth.NewLogout(o.context, o.AuthLogoutHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
@@ -826,7 +863,7 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/session"] = user_api.NewSessionCheck(o.context, o.UserAPISessionCheckHandler)
+	o.handlers["GET"]["/session"] = auth.NewSessionCheck(o.context, o.AuthSessionCheckHandler)
 	if o.handlers["PUT"] == nil {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
--- a/operatorapi/operations/operator_api/describe_pod.go
+++ b/operatorapi/operations/operator_api/describe_pod.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// DescribePodHandlerFunc turns a function with the right signature into a describe pod handler
+type DescribePodHandlerFunc func(DescribePodParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn DescribePodHandlerFunc) Handle(params DescribePodParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// DescribePodHandler interface for that can handle valid describe pod params
+type DescribePodHandler interface {
+	Handle(DescribePodParams, *models.Principal) middleware.Responder
+}
+
+// NewDescribePod creates a new http.Handler for the describe pod operation
+func NewDescribePod(ctx *middleware.Context, handler DescribePodHandler) *DescribePod {
+	return &DescribePod{Context: ctx, Handler: handler}
+}
+
+/* DescribePod swagger:route GET /namespaces/{namespace}/tenants/{tenant}/pods/{podName}/describe OperatorAPI describePod
+
+Describe Pod
+
+*/
+type DescribePod struct {
+	Context *middleware.Context
+	Handler DescribePodHandler
+}
+
+func (o *DescribePod) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewDescribePodParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/describe_pod_parameters.go
+++ b/operatorapi/operations/operator_api/describe_pod_parameters.go
@@ -0,0 +1,136 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewDescribePodParams creates a new DescribePodParams object
+//
+// There are no default values defined in the spec.
+func NewDescribePodParams() DescribePodParams {
+
+	return DescribePodParams{}
+}
+
+// DescribePodParams contains all the bound params for the describe pod operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters DescribePod
+type DescribePodParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	PodName string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewDescribePodParams() beforehand.
+func (o *DescribePodParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rPodName, rhkPodName, _ := route.Params.GetOK("podName")
+	if err := o.bindPodName(rPodName, rhkPodName, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *DescribePodParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindPodName binds and validates parameter PodName from path.
+func (o *DescribePodParams) bindPodName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.PodName = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *DescribePodParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}
--- a/operatorapi/operations/operator_api/describe_pod_responses.go
+++ b/operatorapi/operations/operator_api/describe_pod_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// DescribePodOKCode is the HTTP code returned for type DescribePodOK
+const DescribePodOKCode int = 200
+
+/*DescribePodOK A successful response.
+
+swagger:response describePodOK
+*/
+type DescribePodOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.DescribePodWrapper `json:"body,omitempty"`
+}
+
+// NewDescribePodOK creates DescribePodOK with default headers values
+func NewDescribePodOK() *DescribePodOK {
+
+	return &DescribePodOK{}
+}
+
+// WithPayload adds the payload to the describe pod o k response
+func (o *DescribePodOK) WithPayload(payload *models.DescribePodWrapper) *DescribePodOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the describe pod o k response
+func (o *DescribePodOK) SetPayload(payload *models.DescribePodWrapper) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DescribePodOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*DescribePodDefault Generic error response.
+
+swagger:response describePodDefault
+*/
+type DescribePodDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDescribePodDefault creates DescribePodDefault with default headers values
+func NewDescribePodDefault(code int) *DescribePodDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &DescribePodDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the describe pod default response
+func (o *DescribePodDefault) WithStatusCode(code int) *DescribePodDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the describe pod default response
+func (o *DescribePodDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the describe pod default response
+func (o *DescribePodDefault) WithPayload(payload *models.Error) *DescribePodDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the describe pod default response
+func (o *DescribePodDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DescribePodDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/operatorapi/operations/operator_api/describe_pod_urlbuilder.go
+++ b/operatorapi/operations/operator_api/describe_pod_urlbuilder.go
@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// DescribePodURL generates an URL for the describe pod operation
+type DescribePodURL struct {
+	Namespace string
+	PodName   string
+	Tenant    string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DescribePodURL) WithBasePath(bp string) *DescribePodURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DescribePodURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *DescribePodURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/namespaces/{namespace}/tenants/{tenant}/pods/{podName}/describe"
+
+	namespace := o.Namespace
+	if namespace != "" {
+		_path = strings.Replace(_path, "{namespace}", namespace, -1)
+	} else {
+		return nil, errors.New("namespace is required on DescribePodURL")
+	}
+
+	podName := o.PodName
+	if podName != "" {
+		_path = strings.Replace(_path, "{podName}", podName, -1)
+	} else {
+		return nil, errors.New("podName is required on DescribePodURL")
+	}
+
+	tenant := o.Tenant
+	if tenant != "" {
+		_path = strings.Replace(_path, "{tenant}", tenant, -1)
+	} else {
+		return nil, errors.New("tenant is required on DescribePodURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *DescribePodURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *DescribePodURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *DescribePodURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on DescribePodURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on DescribePodURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *DescribePodURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/operatorapi/operations/operator_api/get_p_v_c_describe.go
+++ b/operatorapi/operations/operator_api/get_p_v_c_describe.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// GetPVCDescribeHandlerFunc turns a function with the right signature into a get p v c describe handler
+type GetPVCDescribeHandlerFunc func(GetPVCDescribeParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn GetPVCDescribeHandlerFunc) Handle(params GetPVCDescribeParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// GetPVCDescribeHandler interface for that can handle valid get p v c describe params
+type GetPVCDescribeHandler interface {
+	Handle(GetPVCDescribeParams, *models.Principal) middleware.Responder
+}
+
+// NewGetPVCDescribe creates a new http.Handler for the get p v c describe operation
+func NewGetPVCDescribe(ctx *middleware.Context, handler GetPVCDescribeHandler) *GetPVCDescribe {
+	return &GetPVCDescribe{Context: ctx, Handler: handler}
+}
+
+/* GetPVCDescribe swagger:route GET /namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/describe OperatorAPI getPVCDescribe
+
+Get Describe output for PVC
+
+*/
+type GetPVCDescribe struct {
+	Context *middleware.Context
+	Handler GetPVCDescribeHandler
+}
+
+func (o *GetPVCDescribe) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewGetPVCDescribeParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/get_p_v_c_describe_parameters.go
+++ b/operatorapi/operations/operator_api/get_p_v_c_describe_parameters.go
@@ -0,0 +1,136 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewGetPVCDescribeParams creates a new GetPVCDescribeParams object
+//
+// There are no default values defined in the spec.
+func NewGetPVCDescribeParams() GetPVCDescribeParams {
+
+	return GetPVCDescribeParams{}
+}
+
+// GetPVCDescribeParams contains all the bound params for the get p v c describe operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters GetPVCDescribe
+type GetPVCDescribeParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	PVCName string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewGetPVCDescribeParams() beforehand.
+func (o *GetPVCDescribeParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rPVCName, rhkPVCName, _ := route.Params.GetOK("PVCName")
+	if err := o.bindPVCName(rPVCName, rhkPVCName, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindPVCName binds and validates parameter PVCName from path.
+func (o *GetPVCDescribeParams) bindPVCName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.PVCName = raw
+
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *GetPVCDescribeParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *GetPVCDescribeParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}
--- a/operatorapi/operations/operator_api/get_p_v_c_describe_responses.go
+++ b/operatorapi/operations/operator_api/get_p_v_c_describe_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// GetPVCDescribeOKCode is the HTTP code returned for type GetPVCDescribeOK
+const GetPVCDescribeOKCode int = 200
+
+/*GetPVCDescribeOK A successful response.
+
+swagger:response getPVCDescribeOK
+*/
+type GetPVCDescribeOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.DescribePVCWrapper `json:"body,omitempty"`
+}
+
+// NewGetPVCDescribeOK creates GetPVCDescribeOK with default headers values
+func NewGetPVCDescribeOK() *GetPVCDescribeOK {
+
+	return &GetPVCDescribeOK{}
+}
+
+// WithPayload adds the payload to the get p v c describe o k response
+func (o *GetPVCDescribeOK) WithPayload(payload *models.DescribePVCWrapper) *GetPVCDescribeOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get p v c describe o k response
+func (o *GetPVCDescribeOK) SetPayload(payload *models.DescribePVCWrapper) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetPVCDescribeOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*GetPVCDescribeDefault Generic error response.
+
+swagger:response getPVCDescribeDefault
+*/
+type GetPVCDescribeDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewGetPVCDescribeDefault creates GetPVCDescribeDefault with default headers values
+func NewGetPVCDescribeDefault(code int) *GetPVCDescribeDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &GetPVCDescribeDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the get p v c describe default response
+func (o *GetPVCDescribeDefault) WithStatusCode(code int) *GetPVCDescribeDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the get p v c describe default response
+func (o *GetPVCDescribeDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the get p v c describe default response
+func (o *GetPVCDescribeDefault) WithPayload(payload *models.Error) *GetPVCDescribeDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get p v c describe default response
+func (o *GetPVCDescribeDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetPVCDescribeDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/operatorapi/operations/operator_api/get_p_v_c_describe_urlbuilder.go
+++ b/operatorapi/operations/operator_api/get_p_v_c_describe_urlbuilder.go
@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// GetPVCDescribeURL generates an URL for the get p v c describe operation
+type GetPVCDescribeURL struct {
+	PVCName   string
+	Namespace string
+	Tenant    string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *GetPVCDescribeURL) WithBasePath(bp string) *GetPVCDescribeURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *GetPVCDescribeURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *GetPVCDescribeURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/namespaces/{namespace}/tenants/{tenant}/pvcs/{PVCName}/describe"
+
+	pVCName := o.PVCName
+	if pVCName != "" {
+		_path = strings.Replace(_path, "{PVCName}", pVCName, -1)
+	} else {
+		return nil, errors.New("pVCName is required on GetPVCDescribeURL")
+	}
+
+	namespace := o.Namespace
+	if namespace != "" {
+		_path = strings.Replace(_path, "{namespace}", namespace, -1)
+	} else {
+		return nil, errors.New("namespace is required on GetPVCDescribeURL")
+	}
+
+	tenant := o.Tenant
+	if tenant != "" {
+		_path = strings.Replace(_path, "{tenant}", tenant, -1)
+	} else {
+		return nil, errors.New("tenant is required on GetPVCDescribeURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *GetPVCDescribeURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *GetPVCDescribeURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *GetPVCDescribeURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on GetPVCDescribeURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on GetPVCDescribeURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *GetPVCDescribeURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request.go
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// ListTenantCertificateSigningRequestHandlerFunc turns a function with the right signature into a list tenant certificate signing request handler
+type ListTenantCertificateSigningRequestHandlerFunc func(ListTenantCertificateSigningRequestParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ListTenantCertificateSigningRequestHandlerFunc) Handle(params ListTenantCertificateSigningRequestParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// ListTenantCertificateSigningRequestHandler interface for that can handle valid list tenant certificate signing request params
+type ListTenantCertificateSigningRequestHandler interface {
+	Handle(ListTenantCertificateSigningRequestParams, *models.Principal) middleware.Responder
+}
+
+// NewListTenantCertificateSigningRequest creates a new http.Handler for the list tenant certificate signing request operation
+func NewListTenantCertificateSigningRequest(ctx *middleware.Context, handler ListTenantCertificateSigningRequestHandler) *ListTenantCertificateSigningRequest {
+	return &ListTenantCertificateSigningRequest{Context: ctx, Handler: handler}
+}
+
+/* ListTenantCertificateSigningRequest swagger:route GET /namespaces/{namespace}/tenants/{tenant}/csr OperatorAPI listTenantCertificateSigningRequest
+
+List Tenant Certificate Signing Request
+
+*/
+type ListTenantCertificateSigningRequest struct {
+	Context *middleware.Context
+	Handler ListTenantCertificateSigningRequestHandler
+}
+
+func (o *ListTenantCertificateSigningRequest) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewListTenantCertificateSigningRequestParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_parameters.go
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_parameters.go
@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewListTenantCertificateSigningRequestParams creates a new ListTenantCertificateSigningRequestParams object
+//
+// There are no default values defined in the spec.
+func NewListTenantCertificateSigningRequestParams() ListTenantCertificateSigningRequestParams {
+
+	return ListTenantCertificateSigningRequestParams{}
+}
+
+// ListTenantCertificateSigningRequestParams contains all the bound params for the list tenant certificate signing request operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters ListTenantCertificateSigningRequest
+type ListTenantCertificateSigningRequestParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewListTenantCertificateSigningRequestParams() beforehand.
+func (o *ListTenantCertificateSigningRequestParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *ListTenantCertificateSigningRequestParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *ListTenantCertificateSigningRequestParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}
--- a/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_responses.go
+++ b/operatorapi/operations/operator_api/list_tenant_certificate_signing_request_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// ListTenantCertificateSigningRequestOKCode is the HTTP code returned for type ListTenantCertificateSigningRequestOK
+const ListTenantCertificateSigningRequestOKCode int = 200
+
+/*ListTenantCertificateSigningRequestOK A successful response.
+
+swagger:response listTenantCertificateSigningRequestOK
+*/
+type ListTenantCertificateSigningRequestOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.CsrElements `json:"body,omitempty"`
+}
+
+// NewListTenantCertificateSigningRequestOK creates ListTenantCertificateSigningRequestOK with default headers values
+func NewListTenantCertificateSigningRequestOK() *ListTenantCertificateSigningRequestOK {
+
+	return &ListTenantCertificateSigningRequestOK{}
+}
+
+// WithPayload adds the payload to the list tenant certificate signing request o k response
+func (o *ListTenantCertificateSigningRequestOK) WithPayload(payload *models.CsrElements) *ListTenantCertificateSigningRequestOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list tenant certificate signing request o k response
+func (o *ListTenantCertificateSigningRequestOK) SetPayload(payload *models.CsrElements) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListTenantCertificateSigningRequestOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*ListTenantCertificateSigningRequestDefault Generic error response.
+
+swagger:response listTenantCertificateSigningRequestDefault
+*/
+type ListTenantCertificateSigningRequestDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewListTenantCertificateSigningRequestDefault creates ListTenantCertificateSigningRequestDefault with default headers values
+func NewListTenantCertificateSigningRequestDefault(code int) *ListTenantCertificateSigningRequestDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &ListTenantCertificateSigningRequestDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) WithStatusCode(code int) *ListTenantCertificateSigningRequestDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) WithPayload(payload *models.Error) *ListTenantCertificateSigningRequestDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list tenant certificate signing request default response
+func (o *ListTenantCertificateSigningRequestDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListTenantCertificateSigningRequestDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/Show More
+++ b/Show More