mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.3.0
Branches Tags
mirrors:master mirrors:dependabot/npm_and_yarn/web-app/tar-fs-2.1.3 mirrors:test-bump-web-app mirrors:2c4a2386-e5af-4a47-9d94-c860af7235ad mirrors:bucket_name_rules mirrors:doc-links-updates mirrors:master-120621 mirrors:dvaldivia-patch-1 mirrors:tenant-wizard-password mirrors:v0.3.26v2 mirrors:upgrade-operator
mirrors:v2.0.1 mirrors:v2.0.0 mirrors:v1.7.6 mirrors:v1.7.5 mirrors:v1.7.4 mirrors:v1.7.3 mirrors:v1.7.2 mirrors:v1.7.1 mirrors:v1.7.0 mirrors:v1.6.3 mirrors:v1.6.2 mirrors:v1.6.1 mirrors:v1.6.0 mirrors:v1.5.0 mirrors:v1.4.1 mirrors:v1.4.0 mirrors:v1.3.0 mirrors:v1.2.0 mirrors:v1.1.1 mirrors:v1.1.0 mirrors:v1.0.0 mirrors:v0.46.0 mirrors:v0.45.0 mirrors:v0.44.0 mirrors:v0.43.1 mirrors:v0.43.0 mirrors:v0.42.1 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.1 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.4 mirrors:v0.26.3 mirrors:v0.26.2 mirrors:v0.26.1 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.1 mirrors:v0.23.0 mirrors:v0.22.5 mirrors:v0.22.4 mirrors:v0.22.3 mirrors:v0.22.2 mirrors:v0.22.1 mirrors:v0.22.0 mirrors:v0.21.3 mirrors:v0.21.2 mirrors:v0.21.1 mirrors:v0.21.0 mirrors:v0.20.5 mirrors:v0.20.4 mirrors:v0.20.3 mirrors:v0.20.2 mirrors:v0.20.1 mirrors:v0.20.0 mirrors:v0.19.5 mirrors:v0.19.4 mirrors:v0.19.3 mirrors:v0.19.2 mirrors:v0.19.1 mirrors:v0.19.0 mirrors:v0.18.1 mirrors:v0.18.0 mirrors:v0.17.3 mirrors:v0.17.2 mirrors:v0.17.1 mirrors:v0.17.0 mirrors:v0.16.3 mirrors:v0.16.2 mirrors:v0.16.1 mirrors:v0.16.0 mirrors:v0.15.14 mirrors:v0.15.13 mirrors:v0.15.11 mirrors:v0.15.10 mirrors:v0.15.9 mirrors:v0.15.8 mirrors:v0.15.7 mirrors:v0.15.6 mirrors:v0.15.5 mirrors:v0.15.4 mirrors:v0.15.3 mirrors:v0.15.2 mirrors:v0.15.1 mirrors:v0.15.0 mirrors:v0.14.8 mirrors:v0.14.7 mirrors:v0.14.6 mirrors:v0.14.5 mirrors:v0.14.4 mirrors:v0.14.3 mirrors:v0.14.2 mirrors:v0.14.1 mirrors:v0.14.0 mirrors:v0.13.3 mirrors:v0.13.2 mirrors:v0.13.1 mirrors:v0.13.0 mirrors:v0.12.9 mirrors:v0.12.8 mirrors:v0.12.7 mirrors:v0.12.6 mirrors:v0.12.5 mirrors:v0.12.4 mirrors:v0.12.3 mirrors:v0.12.2 mirrors:v0.12.1 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.8 mirrors:v0.6.7 mirrors:v0.6.6 mirrors:v0.6.5 mirrors:v0.6.4 mirrors:v0.6.3 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.6 mirrors:v0.4.5 mirrors:v0.4.4 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.26 mirrors:v0.3.25 mirrors:v0.3.24 mirrors:v0.3.23 mirrors:v0.3.22 mirrors:v0.3.21 mirrors:v0.3.20 mirrors:v0.3.19 mirrors:v0.3.18 mirrors:v0.3.17 mirrors:v0.3.16 mirrors:v0.3.15 mirrors:v0.3.14 mirrors:v0.3.13 mirrors:v0.3.12 mirrors:v0.3.11 mirrors:v0.3.10 mirrors:v0.3.9 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3 mirrors:v0.0.2 mirrors:v0.0.1 mirrors:OFFICIAL.2016-02-08T00-12-28Z mirrors:release-1434511043
..
compare: mirrors:v0.3.9
Branches Tags
mirrors:dependabot/npm_and_yarn/web-app/tar-fs-2.1.3 mirrors:master mirrors:test-bump-web-app mirrors:2c4a2386-e5af-4a47-9d94-c860af7235ad mirrors:bucket_name_rules mirrors:doc-links-updates mirrors:master-120621 mirrors:dvaldivia-patch-1 mirrors:tenant-wizard-password mirrors:v0.3.26v2 mirrors:upgrade-operator
mirrors:v2.0.1 mirrors:v2.0.0 mirrors:v1.7.6 mirrors:v1.7.5 mirrors:v1.7.4 mirrors:v1.7.3 mirrors:v1.7.2 mirrors:v1.7.1 mirrors:v1.7.0 mirrors:v1.6.3 mirrors:v1.6.2 mirrors:v1.6.1 mirrors:v1.6.0 mirrors:v1.5.0 mirrors:v1.4.1 mirrors:v1.4.0 mirrors:v1.3.0 mirrors:v1.2.0 mirrors:v1.1.1 mirrors:v1.1.0 mirrors:v1.0.0 mirrors:v0.46.0 mirrors:v0.45.0 mirrors:v0.44.0 mirrors:v0.43.1 mirrors:v0.43.0 mirrors:v0.42.1 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.1 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.4 mirrors:v0.26.3 mirrors:v0.26.2 mirrors:v0.26.1 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.1 mirrors:v0.23.0 mirrors:v0.22.5 mirrors:v0.22.4 mirrors:v0.22.3 mirrors:v0.22.2 mirrors:v0.22.1 mirrors:v0.22.0 mirrors:v0.21.3 mirrors:v0.21.2 mirrors:v0.21.1 mirrors:v0.21.0 mirrors:v0.20.5 mirrors:v0.20.4 mirrors:v0.20.3 mirrors:v0.20.2 mirrors:v0.20.1 mirrors:v0.20.0 mirrors:v0.19.5 mirrors:v0.19.4 mirrors:v0.19.3 mirrors:v0.19.2 mirrors:v0.19.1 mirrors:v0.19.0 mirrors:v0.18.1 mirrors:v0.18.0 mirrors:v0.17.3 mirrors:v0.17.2 mirrors:v0.17.1 mirrors:v0.17.0 mirrors:v0.16.3 mirrors:v0.16.2 mirrors:v0.16.1 mirrors:v0.16.0 mirrors:v0.15.14 mirrors:v0.15.13 mirrors:v0.15.11 mirrors:v0.15.10 mirrors:v0.15.9 mirrors:v0.15.8 mirrors:v0.15.7 mirrors:v0.15.6 mirrors:v0.15.5 mirrors:v0.15.4 mirrors:v0.15.3 mirrors:v0.15.2 mirrors:v0.15.1 mirrors:v0.15.0 mirrors:v0.14.8 mirrors:v0.14.7 mirrors:v0.14.6 mirrors:v0.14.5 mirrors:v0.14.4 mirrors:v0.14.3 mirrors:v0.14.2 mirrors:v0.14.1 mirrors:v0.14.0 mirrors:v0.13.3 mirrors:v0.13.2 mirrors:v0.13.1 mirrors:v0.13.0 mirrors:v0.12.9 mirrors:v0.12.8 mirrors:v0.12.7 mirrors:v0.12.6 mirrors:v0.12.5 mirrors:v0.12.4 mirrors:v0.12.3 mirrors:v0.12.2 mirrors:v0.12.1 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.8 mirrors:v0.6.7 mirrors:v0.6.6 mirrors:v0.6.5 mirrors:v0.6.4 mirrors:v0.6.3 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.6 mirrors:v0.4.5 mirrors:v0.4.4 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.26 mirrors:v0.3.25 mirrors:v0.3.24 mirrors:v0.3.23 mirrors:v0.3.22 mirrors:v0.3.21 mirrors:v0.3.20 mirrors:v0.3.19 mirrors:v0.3.18 mirrors:v0.3.17 mirrors:v0.3.16 mirrors:v0.3.15 mirrors:v0.3.14 mirrors:v0.3.13 mirrors:v0.3.12 mirrors:v0.3.11 mirrors:v0.3.10 mirrors:v0.3.9 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3 mirrors:v0.0.2 mirrors:v0.0.1 mirrors:OFFICIAL.2016-02-08T00-12-28Z mirrors:release-1434511043

34 Commits
v0.3.0 ... v0.3.9

Author SHA1 Message Date
Minio Trusted
953574f7a3 update version to v0.3.9 2020-08-07 20:29:26 -07:00
Lenin Alevski
8ec6d695de APIs to define mTLS configuration for KES (#235) 
Adding support for user to define KES mTLS configuration for Vault and
Gemalto
 2020-08-07 20:23:03 -07:00
Cesar N
47274817fa Allow tolerationSeconds to be empty on Zone tolerations Requests (#238) 
Since toleration seconds can be empty, we were forcing it to be an integer defaulting to 0 which
was creating a toleration with value 0 when value should have been nil.
 2020-08-07 20:00:16 -07:00
Daniel Valdivia
3b123c6182 Fix EC bug (#237) 2020-08-07 12:28:46 -07:00
Lenin Alevski
d7f72e0c41 update kes dependency to v0.11.0 (#236) 2020-08-06 12:43:04 -07:00
Minio Trusted
c0bf9c5da8 update version to v0.3.8 2020-08-05 12:38:13 -07:00
Daniel Valdivia
16a6524b11 Pass Annotations to PVC (#233) 2020-08-05 12:35:41 -07:00
Minio Trusted
c1963c6122 update to v0.3.7 2020-08-05 11:06:25 -07:00
Cesar N
73154e8dd7 Add missing field on Tenant Creation (#232) 2020-08-05 01:21:35 -07:00
Daniel Valdivia
e2e8cbe46c Erasure Coding Parity (#231) 2020-08-04 22:32:41 -07:00
Cesar N
b9b776c278 Add ImageRegistry field to Tenant Create and Tenant Update (#230) 2020-08-04 20:54:59 -07:00
Cesar N
7710df62ee Add imagePullSecretsName field on Add Tenant request (#227) 2020-08-04 16:04:04 -07:00
Minio Trusted
63e1c554b7 update to v0.3.6 2020-08-03 12:14:15 -07:00
Daniel Valdivia
a9d8f3fc41 Return Disk Usage (#226) 
* Return Disk Usage

* Address comments
 2020-08-03 12:11:48 -07:00
Minio Trusted
59bf546b4a upgrade to v0.3.5 2020-08-03 09:24:57 -07:00
Lenin Alevski
c3e34dc220 Support for deploying minio/console with IDP integration (#221) 2020-08-02 23:45:54 -07:00
Daniel Valdivia
cd547e9425 Limit Console RAM to 64Mi. Increase Logging for Tenant APIs. (#225) 2020-08-02 23:04:51 -07:00
Harshavardhana
d98b70f0ca update CREDITS with new deps (#222) 
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
 2020-08-02 12:29:58 -07:00
Daniel Valdivia
7ff009ec43 Add Insecure parameter to NewAdminClient function (#224) 
When using the madmin client, for some operations such as health checks against a MinIO instnace with TLS we need a client with insecure turned on.
 2020-08-02 12:21:21 -07:00
dependabot[bot]
3760c783d0 Bump elliptic from 6.5.2 to 6.5.3 in /portal-ui (#223) 
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2020-08-02 09:36:01 -07:00
Daniel Valdivia
a8be3c72aa Release v0.3.4 (#220) 2020-07-30 21:06:58 -07:00
Lenin Alevski
ee8242d72a TLS with user provided certificates and KES support for MinIO (#213) 
This PR adds the following features:

- Allow user to provide its own keypair certificates for enable TLS in
  MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
  encrypted session tokens

Enable TLS between client and MinIO with user provided certificates

Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`

Enable encryption at rest configuring KES

User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.

eg of body request for create-tenant

```
{
    "name": "honeywell",
    "access_key": "minio",
    "secret_key": "minio123",
    "enable_mcs": false,
    "enable_ssl": false,
    "service_name": "honeywell",
    "zones": [
        {
            "name": "honeywell-zone-1",
            "servers": 1,
            "volumes_per_server": 4,
            "volume_configuration": {
                "size": 256000000,
                "storage_class": "vsan-default-storage-policy"
            }
        }
    ],
    "namespace": "default",
    "tls": {
      "tls.crt": "",
      "tls.key": ""
    },
    "encryption": {
        "server": {
          "tls.crt": "",
          "tls.key": ""
        },
        "client": {
          "tls.crt": "",
          "tls.key": ""
        },
      "vault": {
        "endpoint": "http://vault:8200",
        "prefix": "",
        "approle": {
          "id": "",
          "secret": ""
        }
      }
    }
}
```
 2020-07-30 17:49:56 -07:00
Daniel Valdivia
88b697f072 Bumps the version of Console when using Operator APIs (#219) 2020-07-30 15:41:20 -07:00
Cesar N
1dabfb4ead Update to minio-operator 3.0.5 (#218) 2020-07-30 15:21:45 -07:00
Daniel Valdivia
410920823a Return Generated Console Credentials (#217) 
Whe Console is configured, we auto generate credentials for Console and store them in a secret but we need to return them to the user so he knows what credentials he/she can use to log in to console.
 2020-07-30 13:55:11 -07:00
Daniel Valdivia
3ffaeceaf4 Fix NPE on Resource Parsing (#216) 2020-07-29 12:11:48 -07:00
Cesar N
add9023b74 Add Attributes to models.Zone and add functions to parse (#215) 
from/to operator.Zone to/from models.Zone

Tenant Add, GetTenantInfo and AddZone now can parse
operator.Zone extra attributes
 2020-07-29 01:01:17 -07:00
Harshavardhana
af8eb9a147 fix: rename mcS3Client to mcClient (#214) 
Co-authored-by: Minio Trusted <trusted@minio.io>
 2020-07-28 13:11:03 -07:00
Daniel Valdivia
1201dcf546 List Tenant Total Size (#211) 2020-07-27 20:03:47 -05:00
Daniel Valdivia
7bf25c897c Update Dockerfile entrypoint (#210) 2020-07-27 17:18:46 -07:00
Daniel Valdivia
27a57b1e51 Add Tenant Usage API (#208) 2020-07-27 14:19:40 -07:00
Daniel Valdivia
c03642fdb1 Validate Add Zone Paramters (#207) 2020-07-27 14:06:12 -07:00
Cesar N
d5b689e254 Upgrade operator version to 3.0.2 (#209) 2020-07-27 13:33:54 -07:00
Minio Trusted
ac6e2f29e4 fix the repo name 2020-07-26 00:40:01 -07:00
71 changed files with 16462 additions and 3049 deletions
Expand all files Collapse all files

2
.golangci.yml
View File

@@ -21,7 +21,7 @@ linters:
- structcheck
service:
golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
run:
skip-dirs:

34
.goreleaser.yml
View File

@@ -2,10 +2,17 @@
# Make sure to check the documentation at http://goreleaser.com
project_name: console
release:
name_template: "Version {{.Version}}"
github:
owner: minio
name: console
before:
hooks:
# you may remove this if you don't use vgo
- go mod tidy
builds:
-
goos:
@@ -16,6 +23,33 @@ builds:
goarch:
- amd64
- arm64
ignore:
- goos: darwin
goarch: arm64
- goos: darwin
goarch: arm
- goos: darwin
goarch: ppc64le
- goos: darwin
goarch: s390x
- goos: windows
goarch: arm64
- goos: windows
goarch: arm
- goos: windows
goarch: ppc64le
- goos: windows
goarch: s390x
- goos: freebsd
goarch: arm
- goos: freebsd
goarch: arm64
- goos: freebsd
goarch: ppc64le
- goos: freebsd
goarch: s390x
env:
- CGO_ENABLED=0
main: ./cmd/console/

6507
CREDITS
View File

File diff suppressed because it is too large Load Diff

2
Dockerfile
View File

@@ -23,4 +23,4 @@ EXPOSE 9090
COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=0 /go/src/github.com/minio/console/console .
CMD ["/console"]
ENTRYPOINT ["/console"]

6
Dockerfile.release
View File

@@ -1,6 +1,12 @@
FROM ubuntu:18.04 as certs
RUN apt-get update -y && apt-get install -y ca-certificates
FROM scratch
MAINTAINER MinIO Development "dev@min.io"
EXPOSE 9090
COPY console /console
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
ENTRYPOINT ["/console"]

4
Makefile
View File

@@ -25,8 +25,10 @@ verifiers: getdeps fmt lint
fmt:
@echo "Running $@ check"
@GO111MODULE=on gofmt -d cmd/
@GO111MODULE=on gofmt -d restapi/
@GO111MODULE=on gofmt -d pkg/
@GO111MODULE=on gofmt -d cmd/
@GO111MODULE=on gofmt -d cluster/
lint:
@echo "Running $@ check"

2
cluster/config.go
View File

@@ -98,7 +98,7 @@ func getLatestMinIOImage(client HTTPClientI) (*string, error) {
var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
&HTTPClient{
Client: &http.Client{
Timeout: 4 * time.Second,
Timeout: 15 * time.Second,
},
})

15
go.mod
View File

@@ -4,7 +4,6 @@ go 1.13
require (
github.com/coreos/go-oidc v2.2.1+incompatible
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/elazarl/go-bindata-assetfs v1.0.0
github.com/go-openapi/errors v0.19.6
github.com/go-openapi/loads v0.19.5
@@ -15,20 +14,20 @@ require (
github.com/go-openapi/validate v0.19.10
github.com/gorilla/websocket v1.4.2
github.com/jessevdk/go-flags v1.4.0
github.com/json-iterator/go v1.1.10
github.com/minio/cli v1.22.0
github.com/minio/kes v0.11.0
github.com/minio/mc v0.0.0-20200725183142-90d22b271f60
github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31
github.com/minio/minio-go/v7 v7.0.2
github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
github.com/satori/go.uuid v1.2.0
github.com/stretchr/testify v1.6.1
github.com/unrolled/secure v1.0.7
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
golang.org/x/net v0.0.0-20200707034311-ab3426394381
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
k8s.io/api v0.18.0
k8s.io/apimachinery v0.18.0
k8s.io/client-go v0.18.0
gopkg.in/yaml.v2 v2.3.0
k8s.io/api v0.18.6
k8s.io/apimachinery v0.18.6
k8s.io/client-go v0.18.6
)

49
go.sum
View File

@@ -55,6 +55,7 @@ github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:o
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY=
github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
github.com/aws/aws-sdk-go v1.20.21/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/aws/aws-sdk-go v1.26.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
github.com/bcicen/jstream v0.0.0-20190220045926-16c1f8af81c2 h1:M+TYzBcNIRyzPRg66ndEqUMd7oWDmhvdQmaPC6EZNwM=
github.com/bcicen/jstream v0.0.0-20190220045926-16c1f8af81c2/go.mod h1:RDu/qcrnpEdJC/p8tx34+YBFqqX71lB7dOX9QE+ZC4M=
github.com/beevik/ntp v0.2.0 h1:sGsd+kAXzT0bfVfzJfce04g+dSRfrs+tbQW8lweuYgw=
@@ -134,6 +135,7 @@ github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q=
@@ -143,6 +145,8 @@ github.com/go-ldap/ldap v3.0.2+incompatible h1:kD5HQcAzlQ7yrhfn+h+MSABeAy/jAJhvI
github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
@@ -266,6 +270,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -280,6 +286,8 @@ github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.4.1 h1:/exdXoGamhu5ONeUJH0deniYLWYvQwW66yvlfiiKTu0=
github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -344,6 +352,8 @@ github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hashicorp/raft v1.1.2 h1:oxEL5DDeurYxLd3UbcY/hccgSPhLLpiBZ1YxtWEq59c=
@@ -359,6 +369,8 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf h1:WfD7VjIE6z8dIvMsI4/s+1qr5EL+zoIGev1BQj1eoJ8=
github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -451,6 +463,8 @@ github.com/minio/cli v1.22.0 h1:VTQm7lmXm3quxO917X3p+el1l0Ca5X3S4PM2ruUYO68=
github.com/minio/cli v1.22.0/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY=
github.com/minio/highwayhash v1.0.0 h1:iMSDhgUILCr0TNm8LWlSjF8N0ZIj2qbO8WHp6Q/J2BA=
github.com/minio/highwayhash v1.0.0/go.mod h1:xQboMTeM9nY9v/LlAOxFctujiv5+Aq2hR5dxBpaMbdc=
github.com/minio/kes v0.11.0 h1:8ma6OCVSxKT50b1uYXLJro3m7PmZtCLxBaTddQexI5k=
github.com/minio/kes v0.11.0/go.mod h1:mTF1Bv8YVEtQqF/B7Felp4tLee44Pp+dgI0rhCvgNg8=
github.com/minio/mc v0.0.0-20200725183142-90d22b271f60 h1:LevaZ33nx+rUzRsuU7rVvqXUP7VCu2BQanhITw4Z9rA=
github.com/minio/mc v0.0.0-20200725183142-90d22b271f60/go.mod h1:Hvnyrb/NMM+pJ53JO/J3jxGtwPDYJh7K6c1D+RR2h2g=
github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4=
@@ -463,10 +477,10 @@ github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8/go.mod h1:NBWtYp4t5pt3
github.com/minio/minio-go/v7 v7.0.1/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252 h1:V2JkMDoSmEIhRcMJwX3qeJVOzy1B5bHpHbZaQu77vbs=
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31 h1:FzB4mwu62LnVgOFhB7fLu15fAgIh6+1PHJoytkQPEsY=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31 h1:FzB4mwu62LnVgOFhB7fLu15fAgIh6+1PHJoytkQPEsY=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
github.com/minio/minio-go/v7 v7.0.2 h1:P/7wFd4KrRBHVo7AKdcqO+9ReoS+XpMjfRFoE5quH0E=
github.com/minio/minio-go/v7 v7.0.2/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1 h1:ijXSIPjn/GZx1+RW1HQpScoifLNr8lVw5LNVKxysMWg=
github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1/go.mod h1:V8RL9xPw3C9rC7DuEy7JHeSiOlTWvQhZvh2+YySBFbk=
github.com/minio/selfupdate v0.3.0 h1:1qfaZscU3hWwX1cF5m5Dov8Z5aZNvPHk9LROzIkas1k=
github.com/minio/selfupdate v0.3.0/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU=
@@ -588,12 +602,14 @@ github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/secure-io/sio-go v0.3.0 h1:QKGb6rGJeiExac9wSWxnWPYo8O8OFN7lxXQvHshX6vo=
github.com/secure-io/sio-go v0.3.0/go.mod h1:D3KmXgKETffyYxBdFRN+Hpd2WzhzqS0EQwT3XWsAcBU=
github.com/secure-io/sio-go v0.3.1 h1:dNvY9awjabXTYGsTF1PiCySl9Ltofk9GA3VdWlo7rRc=
github.com/secure-io/sio-go v0.3.1/go.mod h1:+xbkjDzPjwh4Axd07pRKSNriS9SCiYksWnZqdnfpQxs=
github.com/shirou/gopsutil v2.20.3-0.20200314133625-53cec6b37e6a+incompatible h1:YiKUe2ZOmfpDBH4OSyxwkx/mjNqHHnNhOtZ2mPyRme8=
github.com/shirou/gopsutil v2.20.3-0.20200314133625-53cec6b37e6a+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
github.com/shirou/gopsutil v2.20.6+incompatible h1:P37G9YH8M4vqkKcwBosp+URN5O8Tay67D2MbR361ioY=
github.com/shirou/gopsutil v2.20.6+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -695,8 +711,10 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
@@ -776,6 +794,7 @@ golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo=
@@ -848,6 +867,8 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
google.golang.org/protobuf v1.22.0 h1:cJv5/xdbk1NnMPR1VP9+HU6gupuG9MLBoH1r6RHZ2MY=
google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
@@ -906,19 +927,19 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
k8s.io/api v0.18.0 h1:lwYk8Vt7rsVTwjRU6pzEsa9YNhThbmbocQlKvNBB4EQ=
k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8=
k8s.io/apimachinery v0.18.0 h1:fuPfYpk3cs1Okp/515pAf0dNhL66+8zk8RLbSX+EgAE=
k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA=
k8s.io/client-go v0.18.0 h1:yqKw4cTUQraZK3fcVCMeSa+lqKwcjZ5wtcOIPnxQno4=
k8s.io/client-go v0.18.0/go.mod h1:uQSYDYs4WhVZ9i6AIoEZuwUggLVEF64HOD37boKAtF8=
k8s.io/api v0.18.6 h1:osqrAXbOQjkKIWDTjrqxWQ3w0GkKb1KA1XkUGHHYpeE=
k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI=
k8s.io/apimachinery v0.18.6 h1:RtFHnfGNfd1N0LeSrKCUznz5xtUP1elRGvHJbL3Ntag=
k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
k8s.io/client-go v0.18.6 h1:I+oWqJbibLSGsZj8Xs8F0aWVXJVIoUHWaaJV3kUN/Zw=
k8s.io/client-go v0.18.6/go.mod h1:/fwtGLjYMS1MaM5oi+eXhKwG+1UHidUEXRh6cNsdO0Q=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM=
k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco=
k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=

3
k8s/console/base/console-deployment.yaml
View File

@@ -15,10 +15,9 @@ spec:
serviceAccountName: console-sa
containers:
- name: console
image: minio/console:latest
image: minio/console:v0.3.9
imagePullPolicy: "IfNotPresent"
args:
- /console
- server
ports:
- containerPort: 9090

1886
k8s/console/base/minio-operator.yaml
View File

File diff suppressed because it is too large Load Diff

3
k8s/getoperator.sh
View File

@@ -1,3 +0,0 @@
#!/bin/bash
# Get's the latest deployment file from MinIO Operator
curl https://raw.githubusercontent.com/minio/operator/master/minio-operator.yaml > operator-console/base/minio-operator.yaml

12
k8s/operator-console/base/console-cluster-role.yaml
View File

@@ -6,8 +6,18 @@ rules:
- apiGroups:
- ""
resources:
- namespaces
- secrets
verbs:
- get
- watch
- create
- list
- patch
- update
- apiGroups:
- ""
resources:
- namespaces
- pods
- services
- events

3
k8s/operator-console/base/console-deployment.yaml
View File

@@ -15,13 +15,12 @@ spec:
serviceAccountName: console-sa
containers:
- name: console
image: minio/console:latest
image: minio/console:v0.3.9
imagePullPolicy: "IfNotPresent"
env:
- name: CONSOLE_OPERATOR_MODE
value: "on"
args:
- /console
- server
ports:
- containerPort: 9090

1886
k8s/operator-console/base/minio-operator.yaml
View File

File diff suppressed because it is too large Load Diff

258
models/aws_configuration.go Normal file
View File

@@ -0,0 +1,258 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// AwsConfiguration aws configuration
//
// swagger:model awsConfiguration
type AwsConfiguration struct {
// secretsmanager
// Required: true
Secretsmanager *AwsConfigurationSecretsmanager `json:"secretsmanager"`
}
// Validate validates this aws configuration
func (m *AwsConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateSecretsmanager(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *AwsConfiguration) validateSecretsmanager(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager", "body", m.Secretsmanager); err != nil {
return err
}
if m.Secretsmanager != nil {
if err := m.Secretsmanager.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("secretsmanager")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *AwsConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *AwsConfiguration) UnmarshalBinary(b []byte) error {
var res AwsConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// AwsConfigurationSecretsmanager aws configuration secretsmanager
//
// swagger:model AwsConfigurationSecretsmanager
type AwsConfigurationSecretsmanager struct {
// credentials
// Required: true
Credentials *AwsConfigurationSecretsmanagerCredentials `json:"credentials"`
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// kmskey
Kmskey string `json:"kmskey,omitempty"`
// region
// Required: true
Region *string `json:"region"`
}
// Validate validates this aws configuration secretsmanager
func (m *AwsConfigurationSecretsmanager) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCredentials(formats); err != nil {
res = append(res, err)
}
if err := m.validateEndpoint(formats); err != nil {
res = append(res, err)
}
if err := m.validateRegion(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *AwsConfigurationSecretsmanager) validateCredentials(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager"+"."+"credentials", "body", m.Credentials); err != nil {
return err
}
if m.Credentials != nil {
if err := m.Credentials.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("secretsmanager" + "." + "credentials")
}
return err
}
}
return nil
}
func (m *AwsConfigurationSecretsmanager) validateEndpoint(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager"+"."+"endpoint", "body", m.Endpoint); err != nil {
return err
}
return nil
}
func (m *AwsConfigurationSecretsmanager) validateRegion(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager"+"."+"region", "body", m.Region); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *AwsConfigurationSecretsmanager) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *AwsConfigurationSecretsmanager) UnmarshalBinary(b []byte) error {
var res AwsConfigurationSecretsmanager
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// AwsConfigurationSecretsmanagerCredentials aws configuration secretsmanager credentials
//
// swagger:model AwsConfigurationSecretsmanagerCredentials
type AwsConfigurationSecretsmanagerCredentials struct {
// accesskey
// Required: true
Accesskey *string `json:"accesskey"`
// secretkey
// Required: true
Secretkey *string `json:"secretkey"`
// token
Token string `json:"token,omitempty"`
}
// Validate validates this aws configuration secretsmanager credentials
func (m *AwsConfigurationSecretsmanagerCredentials) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateAccesskey(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecretkey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *AwsConfigurationSecretsmanagerCredentials) validateAccesskey(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"accesskey", "body", m.Accesskey); err != nil {
return err
}
return nil
}
func (m *AwsConfigurationSecretsmanagerCredentials) validateSecretkey(formats strfmt.Registry) error {
if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"secretkey", "body", m.Secretkey); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *AwsConfigurationSecretsmanagerCredentials) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *AwsConfigurationSecretsmanagerCredentials) UnmarshalBinary(b []byte) error {
var res AwsConfigurationSecretsmanagerCredentials
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

103
models/create_tenant_request.go
View File

@@ -48,9 +48,21 @@ type CreateTenantRequest struct {
// enable ssl
EnableSsl *bool `json:"enable_ssl,omitempty"`
// encryption
Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
// erasure coding parity
ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
// idp
Idp *IdpConfiguration `json:"idp,omitempty"`
// image
Image string `json:"image,omitempty"`
// image registry
ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
// mounth path
MounthPath string `json:"mounth_path,omitempty"`
@@ -69,6 +81,9 @@ type CreateTenantRequest struct {
// service name
ServiceName string `json:"service_name,omitempty"`
// tls
TLS *TLSConfiguration `json:"tls,omitempty"`
// zones
// Required: true
Zones []*Zone `json:"zones"`
@@ -78,6 +93,18 @@ type CreateTenantRequest struct {
func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateEncryption(formats); err != nil {
res = append(res, err)
}
if err := m.validateIdp(formats); err != nil {
res = append(res, err)
}
if err := m.validateImageRegistry(formats); err != nil {
res = append(res, err)
}
if err := m.validateName(formats); err != nil {
res = append(res, err)
}
@@ -86,6 +113,10 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if err := m.validateZones(formats); err != nil {
res = append(res, err)
}
@@ -96,6 +127,60 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
return nil
}
func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
if swag.IsZero(m.Encryption) { // not required
return nil
}
if m.Encryption != nil {
if err := m.Encryption.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("encryption")
}
return err
}
}
return nil
}
func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
if swag.IsZero(m.Idp) { // not required
return nil
}
if m.Idp != nil {
if err := m.Idp.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("idp")
}
return err
}
}
return nil
}
func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
if swag.IsZero(m.ImageRegistry) { // not required
return nil
}
if m.ImageRegistry != nil {
if err := m.ImageRegistry.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("image_registry")
}
return err
}
}
return nil
}
func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
if err := validate.Required("name", "body", m.Name); err != nil {
@@ -118,6 +203,24 @@ func (m *CreateTenantRequest) validateNamespace(formats strfmt.Registry) error {
return nil
}
func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
}
return err
}
}
return nil
}
func (m *CreateTenantRequest) validateZones(formats strfmt.Registry) error {
if err := validate.Required("zones", "body", m.Zones); err != nil {

66
models/create_tenant_response.go
View File

@@ -23,6 +23,7 @@ package models
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
@@ -35,12 +36,42 @@ type CreateTenantResponse struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// console
Console *CreateTenantResponseConsole `json:"console,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response
func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateConsole(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
if swag.IsZero(m.Console) { // not required
return nil
}
if m.Console != nil {
if err := m.Console.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("console")
}
return err
}
}
return nil
}
@@ -61,3 +92,38 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// CreateTenantResponseConsole create tenant response console
//
// swagger:model CreateTenantResponseConsole
type CreateTenantResponseConsole struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response console
func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
var res CreateTenantResponseConsole
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

328
models/encryption_configuration.go Normal file
View File

@@ -0,0 +1,328 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// EncryptionConfiguration encryption configuration
//
// swagger:model encryptionConfiguration
type EncryptionConfiguration struct {
// aws
Aws *AwsConfiguration `json:"aws,omitempty"`
// client
Client *EncryptionConfigurationClient `json:"client,omitempty"`
// gemalto
Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
// image
Image string `json:"image,omitempty"`
// server
Server *EncryptionConfigurationServer `json:"server,omitempty"`
// vault
Vault *VaultConfiguration `json:"vault,omitempty"`
}
// Validate validates this encryption configuration
func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateAws(formats); err != nil {
res = append(res, err)
}
if err := m.validateClient(formats); err != nil {
res = append(res, err)
}
if err := m.validateGemalto(formats); err != nil {
res = append(res, err)
}
if err := m.validateServer(formats); err != nil {
res = append(res, err)
}
if err := m.validateVault(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfiguration) validateAws(formats strfmt.Registry) error {
if swag.IsZero(m.Aws) { // not required
return nil
}
if m.Aws != nil {
if err := m.Aws.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("aws")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {
if swag.IsZero(m.Client) { // not required
return nil
}
if m.Client != nil {
if err := m.Client.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("client")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error {
if swag.IsZero(m.Gemalto) { // not required
return nil
}
if m.Gemalto != nil {
if err := m.Gemalto.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("gemalto")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {
if swag.IsZero(m.Server) { // not required
return nil
}
if m.Server != nil {
if err := m.Server.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("server")
}
return err
}
}
return nil
}
func (m *EncryptionConfiguration) validateVault(formats strfmt.Registry) error {
if swag.IsZero(m.Vault) { // not required
return nil
}
if m.Vault != nil {
if err := m.Vault.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("vault")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
var res EncryptionConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// EncryptionConfigurationClient encryption configuration client
//
// swagger:model EncryptionConfigurationClient
type EncryptionConfigurationClient struct {
// crt
// Required: true
Crt *string `json:"crt"`
// key
// Required: true
Key *string `json:"key"`
}
// Validate validates this encryption configuration client
func (m *EncryptionConfigurationClient) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationClient) validateCrt(formats strfmt.Registry) error {
if err := validate.Required("client"+"."+"crt", "body", m.Crt); err != nil {
return err
}
return nil
}
func (m *EncryptionConfigurationClient) validateKey(formats strfmt.Registry) error {
if err := validate.Required("client"+"."+"key", "body", m.Key); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfigurationClient) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfigurationClient) UnmarshalBinary(b []byte) error {
var res EncryptionConfigurationClient
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// EncryptionConfigurationServer encryption configuration server
//
// swagger:model EncryptionConfigurationServer
type EncryptionConfigurationServer struct {
// crt
// Required: true
Crt *string `json:"crt"`
// key
// Required: true
Key *string `json:"key"`
}
// Validate validates this encryption configuration server
func (m *EncryptionConfigurationServer) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *EncryptionConfigurationServer) validateCrt(formats strfmt.Registry) error {
if err := validate.Required("server"+"."+"crt", "body", m.Crt); err != nil {
return err
}
return nil
}
func (m *EncryptionConfigurationServer) validateKey(formats strfmt.Registry) error {
if err := validate.Required("server"+"."+"key", "body", m.Key); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *EncryptionConfigurationServer) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *EncryptionConfigurationServer) UnmarshalBinary(b []byte) error {
var res EncryptionConfigurationServer
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

314
models/gemalto_configuration.go Normal file
View File

@@ -0,0 +1,314 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// GemaltoConfiguration gemalto configuration
//
// swagger:model gemaltoConfiguration
type GemaltoConfiguration struct {
// keysecure
// Required: true
Keysecure *GemaltoConfigurationKeysecure `json:"keysecure"`
}
// Validate validates this gemalto configuration
func (m *GemaltoConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKeysecure(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfiguration) validateKeysecure(formats strfmt.Registry) error {
if err := validate.Required("keysecure", "body", m.Keysecure); err != nil {
return err
}
if m.Keysecure != nil {
if err := m.Keysecure.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfiguration) UnmarshalBinary(b []byte) error {
var res GemaltoConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationKeysecure gemalto configuration keysecure
//
// swagger:model GemaltoConfigurationKeysecure
type GemaltoConfigurationKeysecure struct {
// credentials
// Required: true
Credentials *GemaltoConfigurationKeysecureCredentials `json:"credentials"`
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// tls
TLS *GemaltoConfigurationKeysecureTLS `json:"tls,omitempty"`
}
// Validate validates this gemalto configuration keysecure
func (m *GemaltoConfigurationKeysecure) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCredentials(formats); err != nil {
res = append(res, err)
}
if err := m.validateEndpoint(formats); err != nil {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationKeysecure) validateCredentials(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials", "body", m.Credentials); err != nil {
return err
}
if m.Credentials != nil {
if err := m.Credentials.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "credentials")
}
return err
}
}
return nil
}
func (m *GemaltoConfigurationKeysecure) validateEndpoint(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"endpoint", "body", m.Endpoint); err != nil {
return err
}
return nil
}
func (m *GemaltoConfigurationKeysecure) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("keysecure" + "." + "tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecure) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecure) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationKeysecure
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationKeysecureCredentials gemalto configuration keysecure credentials
//
// swagger:model GemaltoConfigurationKeysecureCredentials
type GemaltoConfigurationKeysecureCredentials struct {
// domain
// Required: true
Domain *string `json:"domain"`
// retry
Retry int64 `json:"retry,omitempty"`
// token
// Required: true
Token *string `json:"token"`
}
// Validate validates this gemalto configuration keysecure credentials
func (m *GemaltoConfigurationKeysecureCredentials) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateDomain(formats); err != nil {
res = append(res, err)
}
if err := m.validateToken(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationKeysecureCredentials) validateDomain(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials"+"."+"domain", "body", m.Domain); err != nil {
return err
}
return nil
}
func (m *GemaltoConfigurationKeysecureCredentials) validateToken(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"credentials"+"."+"token", "body", m.Token); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureCredentials) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureCredentials) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationKeysecureCredentials
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// GemaltoConfigurationKeysecureTLS gemalto configuration keysecure TLS
//
// swagger:model GemaltoConfigurationKeysecureTLS
type GemaltoConfigurationKeysecureTLS struct {
// ca
// Required: true
Ca *string `json:"ca"`
}
// Validate validates this gemalto configuration keysecure TLS
func (m *GemaltoConfigurationKeysecureTLS) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCa(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *GemaltoConfigurationKeysecureTLS) validateCa(formats strfmt.Registry) error {
if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *GemaltoConfigurationKeysecureTLS) UnmarshalBinary(b []byte) error {
var res GemaltoConfigurationKeysecureTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

299
models/idp_configuration.go Normal file
View File

@@ -0,0 +1,299 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// IdpConfiguration idp configuration
//
// swagger:model idpConfiguration
type IdpConfiguration struct {
// active directory
ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
// oidc
Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
}
// Validate validates this idp configuration
func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateActiveDirectory(formats); err != nil {
res = append(res, err)
}
if err := m.validateOidc(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) error {
if swag.IsZero(m.ActiveDirectory) { // not required
return nil
}
if m.ActiveDirectory != nil {
if err := m.ActiveDirectory.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("active_directory")
}
return err
}
}
return nil
}
func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
if swag.IsZero(m.Oidc) { // not required
return nil
}
if m.Oidc != nil {
if err := m.Oidc.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("oidc")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *IdpConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
var res IdpConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// IdpConfigurationActiveDirectory idp configuration active directory
//
// swagger:model IdpConfigurationActiveDirectory
type IdpConfigurationActiveDirectory struct {
// group name attribute
GroupNameAttribute string `json:"group_name_attribute,omitempty"`
// group search base dn
GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
// group search filter
GroupSearchFilter string `json:"group_search_filter,omitempty"`
// server insecure
ServerInsecure bool `json:"server_insecure,omitempty"`
// skip ssl verification
SkipSslVerification bool `json:"skip_ssl_verification,omitempty"`
// url
// Required: true
URL *string `json:"url"`
// user search filter
// Required: true
UserSearchFilter *string `json:"user_search_filter"`
// username format
// Required: true
UsernameFormat *string `json:"username_format"`
}
// Validate validates this idp configuration active directory
func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateURL(formats); err != nil {
res = append(res, err)
}
if err := m.validateUserSearchFilter(formats); err != nil {
res = append(res, err)
}
if err := m.validateUsernameFormat(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
return err
}
return nil
}
func (m *IdpConfigurationActiveDirectory) validateUserSearchFilter(formats strfmt.Registry) error {
if err := validate.Required("active_directory"+"."+"user_search_filter", "body", m.UserSearchFilter); err != nil {
return err
}
return nil
}
func (m *IdpConfigurationActiveDirectory) validateUsernameFormat(formats strfmt.Registry) error {
if err := validate.Required("active_directory"+"."+"username_format", "body", m.UsernameFormat); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *IdpConfigurationActiveDirectory) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
var res IdpConfigurationActiveDirectory
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// IdpConfigurationOidc idp configuration oidc
//
// swagger:model IdpConfigurationOidc
type IdpConfigurationOidc struct {
// client id
// Required: true
ClientID *string `json:"client_id"`
// secret id
// Required: true
SecretID *string `json:"secret_id"`
// url
// Required: true
URL *string `json:"url"`
}
// Validate validates this idp configuration oidc
func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateClientID(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecretID(formats); err != nil {
res = append(res, err)
}
if err := m.validateURL(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *IdpConfigurationOidc) validateClientID(formats strfmt.Registry) error {
if err := validate.Required("oidc"+"."+"client_id", "body", m.ClientID); err != nil {
return err
}
return nil
}
func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
if err := validate.Required("oidc"+"."+"secret_id", "body", m.SecretID); err != nil {
return err
}
return nil
}
func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *IdpConfigurationOidc) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *IdpConfigurationOidc) UnmarshalBinary(b []byte) error {
var res IdpConfigurationOidc
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

115
models/image_registry.go Normal file
View File

@@ -0,0 +1,115 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// ImageRegistry image registry
//
// swagger:model imageRegistry
type ImageRegistry struct {
// password
// Required: true
Password *string `json:"password"`
// registry
// Required: true
Registry *string `json:"registry"`
// username
// Required: true
Username *string `json:"username"`
}
// Validate validates this image registry
func (m *ImageRegistry) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePassword(formats); err != nil {
res = append(res, err)
}
if err := m.validateRegistry(formats); err != nil {
res = append(res, err)
}
if err := m.validateUsername(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ImageRegistry) validatePassword(formats strfmt.Registry) error {
if err := validate.Required("password", "body", m.Password); err != nil {
return err
}
return nil
}
func (m *ImageRegistry) validateRegistry(formats strfmt.Registry) error {
if err := validate.Required("registry", "body", m.Registry); err != nil {
return err
}
return nil
}
func (m *ImageRegistry) validateUsername(formats strfmt.Registry) error {
if err := validate.Required("username", "body", m.Username); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ImageRegistry) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ImageRegistry) UnmarshalBinary(b []byte) error {
var res ImageRegistry
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

272
models/node_selector_term.go Normal file
View File

@@ -0,0 +1,272 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NodeSelectorTerm A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
//
// swagger:model nodeSelectorTerm
type NodeSelectorTerm struct {
// A list of node selector requirements by node's labels.
MatchExpressions []*NodeSelectorTermMatchExpressionsItems0 `json:"matchExpressions"`
// A list of node selector requirements by node's fields.
MatchFields []*NodeSelectorTermMatchFieldsItems0 `json:"matchFields"`
}
// Validate validates this node selector term
func (m *NodeSelectorTerm) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateMatchExpressions(formats); err != nil {
res = append(res, err)
}
if err := m.validateMatchFields(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTerm) validateMatchExpressions(formats strfmt.Registry) error {
if swag.IsZero(m.MatchExpressions) { // not required
return nil
}
for i := 0; i < len(m.MatchExpressions); i++ {
if swag.IsZero(m.MatchExpressions[i]) { // not required
continue
}
if m.MatchExpressions[i] != nil {
if err := m.MatchExpressions[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("matchExpressions" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *NodeSelectorTerm) validateMatchFields(formats strfmt.Registry) error {
if swag.IsZero(m.MatchFields) { // not required
return nil
}
for i := 0; i < len(m.MatchFields); i++ {
if swag.IsZero(m.MatchFields[i]) { // not required
continue
}
if m.MatchFields[i] != nil {
if err := m.MatchFields[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("matchFields" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTerm) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTerm) UnmarshalBinary(b []byte) error {
var res NodeSelectorTerm
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// NodeSelectorTermMatchExpressionsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model NodeSelectorTermMatchExpressionsItems0
type NodeSelectorTermMatchExpressionsItems0 struct {
// The label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
// Required: true
Operator *string `json:"operator"`
// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this node selector term match expressions items0
func (m *NodeSelectorTermMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTermMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *NodeSelectorTermMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTermMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTermMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
var res NodeSelectorTermMatchExpressionsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// NodeSelectorTermMatchFieldsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model NodeSelectorTermMatchFieldsItems0
type NodeSelectorTermMatchFieldsItems0 struct {
// The label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
// Required: true
Operator *string `json:"operator"`
// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this node selector term match fields items0
func (m *NodeSelectorTermMatchFieldsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTermMatchFieldsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *NodeSelectorTermMatchFieldsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTermMatchFieldsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTermMatchFieldsItems0) UnmarshalBinary(b []byte) error {
var res NodeSelectorTermMatchFieldsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

251
models/pod_affinity_term.go Normal file
View File

@@ -0,0 +1,251 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// PodAffinityTerm Required. A pod affinity term, associated with the corresponding weight.
//
// swagger:model podAffinityTerm
type PodAffinityTerm struct {
// label selector
LabelSelector *PodAffinityTermLabelSelector `json:"labelSelector,omitempty"`
// namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace"
Namespaces []string `json:"namespaces"`
// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
// Required: true
TopologyKey *string `json:"topologyKey"`
}
// Validate validates this pod affinity term
func (m *PodAffinityTerm) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateLabelSelector(formats); err != nil {
res = append(res, err)
}
if err := m.validateTopologyKey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTerm) validateLabelSelector(formats strfmt.Registry) error {
if swag.IsZero(m.LabelSelector) { // not required
return nil
}
if m.LabelSelector != nil {
if err := m.LabelSelector.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("labelSelector")
}
return err
}
}
return nil
}
func (m *PodAffinityTerm) validateTopologyKey(formats strfmt.Registry) error {
if err := validate.Required("topologyKey", "body", m.TopologyKey); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTerm) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTerm) UnmarshalBinary(b []byte) error {
var res PodAffinityTerm
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// PodAffinityTermLabelSelector A label query over a set of resources, in this case pods.
//
// swagger:model PodAffinityTermLabelSelector
type PodAffinityTermLabelSelector struct {
// matchExpressions is a list of label selector requirements. The requirements are ANDed.
MatchExpressions []*PodAffinityTermLabelSelectorMatchExpressionsItems0 `json:"matchExpressions"`
// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
MatchLabels map[string]string `json:"matchLabels,omitempty"`
}
// Validate validates this pod affinity term label selector
func (m *PodAffinityTermLabelSelector) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateMatchExpressions(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTermLabelSelector) validateMatchExpressions(formats strfmt.Registry) error {
if swag.IsZero(m.MatchExpressions) { // not required
return nil
}
for i := 0; i < len(m.MatchExpressions); i++ {
if swag.IsZero(m.MatchExpressions[i]) { // not required
continue
}
if m.MatchExpressions[i] != nil {
if err := m.MatchExpressions[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("labelSelector" + "." + "matchExpressions" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTermLabelSelector) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTermLabelSelector) UnmarshalBinary(b []byte) error {
var res PodAffinityTermLabelSelector
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// PodAffinityTermLabelSelectorMatchExpressionsItems0 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model PodAffinityTermLabelSelectorMatchExpressionsItems0
type PodAffinityTermLabelSelectorMatchExpressionsItems0 struct {
// key is the label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
// Required: true
Operator *string `json:"operator"`
// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this pod affinity term label selector match expressions items0
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
var res PodAffinityTermLabelSelectorMatchExpressionsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

3
models/tenant.go
View File

@@ -53,9 +53,6 @@ type Tenant struct {
// total size
TotalSize int64 `json:"total_size,omitempty"`
// used size
UsedSize int64 `json:"used_size,omitempty"`
// zones
Zones []*Zone `json:"zones"`
}

6
models/tenant_list.go
View File

@@ -47,12 +47,12 @@ type TenantList struct {
// namespace
Namespace string `json:"namespace,omitempty"`
// total size
TotalSize int64 `json:"total_size,omitempty"`
// volume count
VolumeCount int64 `json:"volume_count,omitempty"`
// volume size
VolumeSize int64 `json:"volume_size,omitempty"`
// zone count
ZoneCount int64 `json:"zone_count,omitempty"`
}

63
models/tenant_usage.go Normal file
View File

@@ -0,0 +1,63 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// TenantUsage tenant usage
//
// swagger:model tenantUsage
type TenantUsage struct {
// disk used
DiskUsed int64 `json:"disk_used,omitempty"`
// used
Used int64 `json:"used,omitempty"`
}
// Validate validates this tenant usage
func (m *TenantUsage) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *TenantUsage) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *TenantUsage) UnmarshalBinary(b []byte) error {
var res TenantUsage
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

98
models/tls_configuration.go Normal file
View File

@@ -0,0 +1,98 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// TLSConfiguration tls configuration
//
// swagger:model tlsConfiguration
type TLSConfiguration struct {
// crt
// Required: true
Crt *string `json:"crt"`
// key
// Required: true
Key *string `json:"key"`
}
// Validate validates this tls configuration
func (m *TLSConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateCrt(formats); err != nil {
res = append(res, err)
}
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *TLSConfiguration) validateCrt(formats strfmt.Registry) error {
if err := validate.Required("crt", "body", m.Crt); err != nil {
return err
}
return nil
}
func (m *TLSConfiguration) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *TLSConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *TLSConfiguration) UnmarshalBinary(b []byte) error {
var res TLSConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

25
models/update_tenant_request.go
View File

@@ -37,6 +37,9 @@ type UpdateTenantRequest struct {
// image
// Pattern: ^((.*?)/(.*?):(.+))$
Image string `json:"image,omitempty"`
// image registry
ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
}
// Validate validates this update tenant request
@@ -47,6 +50,10 @@ func (m *UpdateTenantRequest) Validate(formats strfmt.Registry) error {
res = append(res, err)
}
if err := m.validateImageRegistry(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
@@ -66,6 +73,24 @@ func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
return nil
}
func (m *UpdateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
if swag.IsZero(m.ImageRegistry) { // not required
return nil
}
if m.ImageRegistry != nil {
if err := m.ImageRegistry.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("image_registry")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *UpdateTenantRequest) MarshalBinary() ([]byte, error) {
if m == nil {

310
models/vault_configuration.go Normal file
View File

@@ -0,0 +1,310 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// VaultConfiguration vault configuration
//
// swagger:model vaultConfiguration
type VaultConfiguration struct {
// approle
// Required: true
Approle *VaultConfigurationApprole `json:"approle"`
// endpoint
// Required: true
Endpoint *string `json:"endpoint"`
// engine
Engine string `json:"engine,omitempty"`
// namespace
Namespace string `json:"namespace,omitempty"`
// prefix
Prefix string `json:"prefix,omitempty"`
// status
Status *VaultConfigurationStatus `json:"status,omitempty"`
// tls
TLS *VaultConfigurationTLS `json:"tls,omitempty"`
}
// Validate validates this vault configuration
func (m *VaultConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateApprole(formats); err != nil {
res = append(res, err)
}
if err := m.validateEndpoint(formats); err != nil {
res = append(res, err)
}
if err := m.validateStatus(formats); err != nil {
res = append(res, err)
}
if err := m.validateTLS(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfiguration) validateApprole(formats strfmt.Registry) error {
if err := validate.Required("approle", "body", m.Approle); err != nil {
return err
}
if m.Approle != nil {
if err := m.Approle.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("approle")
}
return err
}
}
return nil
}
func (m *VaultConfiguration) validateEndpoint(formats strfmt.Registry) error {
if err := validate.Required("endpoint", "body", m.Endpoint); err != nil {
return err
}
return nil
}
func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error {
if swag.IsZero(m.Status) { // not required
return nil
}
if m.Status != nil {
if err := m.Status.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("status")
}
return err
}
}
return nil
}
func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error {
if swag.IsZero(m.TLS) { // not required
return nil
}
if m.TLS != nil {
if err := m.TLS.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tls")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfiguration) UnmarshalBinary(b []byte) error {
var res VaultConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationApprole vault configuration approle
//
// swagger:model VaultConfigurationApprole
type VaultConfigurationApprole struct {
// engine
Engine string `json:"engine,omitempty"`
// id
// Required: true
ID *string `json:"id"`
// retry
Retry int64 `json:"retry,omitempty"`
// secret
// Required: true
Secret *string `json:"secret"`
}
// Validate validates this vault configuration approle
func (m *VaultConfigurationApprole) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateID(formats); err != nil {
res = append(res, err)
}
if err := m.validateSecret(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *VaultConfigurationApprole) validateID(formats strfmt.Registry) error {
if err := validate.Required("approle"+"."+"id", "body", m.ID); err != nil {
return err
}
return nil
}
func (m *VaultConfigurationApprole) validateSecret(formats strfmt.Registry) error {
if err := validate.Required("approle"+"."+"secret", "body", m.Secret); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationApprole) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationApprole) UnmarshalBinary(b []byte) error {
var res VaultConfigurationApprole
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationStatus vault configuration status
//
// swagger:model VaultConfigurationStatus
type VaultConfigurationStatus struct {
// ping
Ping int64 `json:"ping,omitempty"`
}
// Validate validates this vault configuration status
func (m *VaultConfigurationStatus) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationStatus) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error {
var res VaultConfigurationStatus
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// VaultConfigurationTLS vault configuration TLS
//
// swagger:model VaultConfigurationTLS
type VaultConfigurationTLS struct {
// ca
Ca string `json:"ca,omitempty"`
// crt
Crt string `json:"crt,omitempty"`
// key
Key string `json:"key,omitempty"`
}
// Validate validates this vault configuration TLS
func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error {
var res VaultConfigurationTLS
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

76
models/zone.go
View File

@@ -34,13 +34,25 @@ import (
// swagger:model zone
type Zone struct {
// affinity
Affinity *ZoneAffinity `json:"affinity,omitempty"`
// name
Name string `json:"name,omitempty"`
// NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
NodeSelector map[string]string `json:"node_selector,omitempty"`
// resources
Resources *ZoneResources `json:"resources,omitempty"`
// servers
// Required: true
Servers *int64 `json:"servers"`
// tolerations
Tolerations ZoneTolerations `json:"tolerations,omitempty"`
// volume configuration
// Required: true
VolumeConfiguration *ZoneVolumeConfiguration `json:"volume_configuration"`
@@ -54,10 +66,22 @@ type Zone struct {
func (m *Zone) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validateResources(formats); err != nil {
res = append(res, err)
}
if err := m.validateServers(formats); err != nil {
res = append(res, err)
}
if err := m.validateTolerations(formats); err != nil {
res = append(res, err)
}
if err := m.validateVolumeConfiguration(formats); err != nil {
res = append(res, err)
}
@@ -72,6 +96,42 @@ func (m *Zone) Validate(formats strfmt.Registry) error {
return nil
}
func (m *Zone) validateAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.Affinity) { // not required
return nil
}
if m.Affinity != nil {
if err := m.Affinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("affinity")
}
return err
}
}
return nil
}
func (m *Zone) validateResources(formats strfmt.Registry) error {
if swag.IsZero(m.Resources) { // not required
return nil
}
if m.Resources != nil {
if err := m.Resources.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("resources")
}
return err
}
}
return nil
}
func (m *Zone) validateServers(formats strfmt.Registry) error {
if err := validate.Required("servers", "body", m.Servers); err != nil {
@@ -81,6 +141,22 @@ func (m *Zone) validateServers(formats strfmt.Registry) error {
return nil
}
func (m *Zone) validateTolerations(formats strfmt.Registry) error {
if swag.IsZero(m.Tolerations) { // not required
return nil
}
if err := m.Tolerations.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tolerations")
}
return err
}
return nil
}
func (m *Zone) validateVolumeConfiguration(formats strfmt.Registry) error {
if err := validate.Required("volume_configuration", "body", m.VolumeConfiguration); err != nil {

726
models/zone_affinity.go Normal file
View File

@@ -0,0 +1,726 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// ZoneAffinity If specified, affinity will define the pod's scheduling constraints
//
// swagger:model zoneAffinity
type ZoneAffinity struct {
// node affinity
NodeAffinity *ZoneAffinityNodeAffinity `json:"nodeAffinity,omitempty"`
// pod affinity
PodAffinity *ZoneAffinityPodAffinity `json:"podAffinity,omitempty"`
// pod anti affinity
PodAntiAffinity *ZoneAffinityPodAntiAffinity `json:"podAntiAffinity,omitempty"`
}
// Validate validates this zone affinity
func (m *ZoneAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateNodeAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validatePodAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validatePodAntiAffinity(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinity) validateNodeAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.NodeAffinity) { // not required
return nil
}
if m.NodeAffinity != nil {
if err := m.NodeAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity")
}
return err
}
}
return nil
}
func (m *ZoneAffinity) validatePodAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.PodAffinity) { // not required
return nil
}
if m.PodAffinity != nil {
if err := m.PodAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity")
}
return err
}
}
return nil
}
func (m *ZoneAffinity) validatePodAntiAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.PodAntiAffinity) { // not required
return nil
}
if m.PodAntiAffinity != nil {
if err := m.PodAntiAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinity Describes node affinity scheduling rules for the pod.
//
// swagger:model ZoneAffinityNodeAffinity
type ZoneAffinityNodeAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// required during scheduling ignored during execution
RequiredDuringSchedulingIgnoredDuringExecution *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution `json:"requiredDuringSchedulingIgnoredDuringExecution,omitempty"`
}
// Validate validates this zone affinity node affinity
func (m *ZoneAffinityNodeAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityNodeAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
if m.RequiredDuringSchedulingIgnoredDuringExecution != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
//
// swagger:model ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// A node selector term, associated with the corresponding weight.
// Required: true
Preference *NodeSelectorTerm `json:"preference"`
// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity node affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreference(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePreference(formats strfmt.Registry) error {
if err := validate.Required("preference", "body", m.Preference); err != nil {
return err
}
if m.Preference != nil {
if err := m.Preference.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("preference")
}
return err
}
}
return nil
}
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
//
// swagger:model ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
type ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution struct {
// Required. A list of node selector terms. The terms are ORed.
// Required: true
NodeSelectorTerms []*NodeSelectorTerm `json:"nodeSelectorTerms"`
}
// Validate validates this zone affinity node affinity required during scheduling ignored during execution
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateNodeSelectorTerms(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) validateNodeSelectorTerms(formats strfmt.Registry) error {
if err := validate.Required("nodeAffinity"+"."+"requiredDuringSchedulingIgnoredDuringExecution"+"."+"nodeSelectorTerms", "body", m.NodeSelectorTerms); err != nil {
return err
}
for i := 0; i < len(m.NodeSelectorTerms); i++ {
if swag.IsZero(m.NodeSelectorTerms[i]) { // not required
continue
}
if m.NodeSelectorTerms[i] != nil {
if err := m.NodeSelectorTerms[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + "nodeSelectorTerms" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAffinity Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
//
// swagger:model ZoneAffinityPodAffinity
type ZoneAffinityPodAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
}
// Validate validates this zone affinity pod affinity
func (m *ZoneAffinityPodAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityPodAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
//
// swagger:model ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// pod affinity term
// Required: true
PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity pod affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePodAffinityTerm(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
return err
}
if m.PodAffinityTerm != nil {
if err := m.PodAffinityTerm.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinityTerm")
}
return err
}
}
return nil
}
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAntiAffinity Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
//
// swagger:model ZoneAffinityPodAntiAffinity
type ZoneAffinityPodAntiAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
}
// Validate validates this zone affinity pod anti affinity
func (m *ZoneAffinityPodAntiAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAntiAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityPodAntiAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAntiAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
//
// swagger:model ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// pod affinity term
// Required: true
PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity pod anti affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePodAffinityTerm(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
return err
}
if m.PodAffinityTerm != nil {
if err := m.PodAffinityTerm.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinityTerm")
}
return err
}
}
return nil
}
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

63
models/zone_resources.go Normal file
View File

@@ -0,0 +1,63 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ZoneResources If provided, use these requests and limit for cpu/memory resource allocation
//
// swagger:model zoneResources
type ZoneResources struct {
// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Limits map[string]int64 `json:"limits,omitempty"`
// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Requests map[string]int64 `json:"requests,omitempty"`
}
// Validate validates this zone resources
func (m *ZoneResources) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *ZoneResources) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneResources) UnmarshalBinary(b []byte) error {
var res ZoneResources
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

81
models/zone_toleration_seconds.go Normal file
View File

@@ -0,0 +1,81 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// ZoneTolerationSeconds TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
//
// swagger:model zoneTolerationSeconds
type ZoneTolerationSeconds struct {
// seconds
// Required: true
Seconds *int64 `json:"seconds"`
}
// Validate validates this zone toleration seconds
func (m *ZoneTolerationSeconds) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateSeconds(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneTolerationSeconds) validateSeconds(formats strfmt.Registry) error {
if err := validate.Required("seconds", "body", m.Seconds); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneTolerationSeconds) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneTolerationSeconds) UnmarshalBinary(b []byte) error {
var res ZoneTolerationSeconds
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

133
models/zone_tolerations.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ZoneTolerations Tolerations allows users to set entries like effect, key, operator, value.
//
// swagger:model zoneTolerations
type ZoneTolerations []*ZoneTolerationsItems0
// Validate validates this zone tolerations
func (m ZoneTolerations) Validate(formats strfmt.Registry) error {
var res []error
for i := 0; i < len(m); i++ {
if swag.IsZero(m[i]) { // not required
continue
}
if m[i] != nil {
if err := m[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName(strconv.Itoa(i))
}
return err
}
}
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// ZoneTolerationsItems0 The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
//
// swagger:model ZoneTolerationsItems0
type ZoneTolerationsItems0 struct {
// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Effect string `json:"effect,omitempty"`
// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Key string `json:"key,omitempty"`
// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
Operator string `json:"operator,omitempty"`
// toleration seconds
TolerationSeconds *ZoneTolerationSeconds `json:"tolerationSeconds,omitempty"`
// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Value string `json:"value,omitempty"`
}
// Validate validates this zone tolerations items0
func (m *ZoneTolerationsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateTolerationSeconds(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneTolerationsItems0) validateTolerationSeconds(formats strfmt.Registry) error {
if swag.IsZero(m.TolerationSeconds) { // not required
return nil
}
if m.TolerationSeconds != nil {
if err := m.TolerationSeconds.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tolerationSeconds")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneTolerationsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneTolerationsItems0) UnmarshalBinary(b []byte) error {
var res ZoneTolerationsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

281
pkg/auth/jwt/parser.go
View File

@@ -1,281 +0,0 @@
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package jwt
// This file is a re-implementation of the original code here with some
// additional allocation tweaks reproduced using GODEBUG=allocfreetrace=1
// original file https://github.com/dgrijalva/jwt-go/blob/master/parser.go
// borrowed under MIT License https://github.com/dgrijalva/jwt-go/blob/master/LICENSE
import (
"crypto"
"crypto/hmac"
"encoding/base64"
"encoding/json"
"fmt"
"strings"
"sync"
"time"
jwtgo "github.com/dgrijalva/jwt-go"
jsoniter "github.com/json-iterator/go"
)
const (
claimData = "data"
claimSub = "sub"
)
// SigningMethodHMAC - Implements the HMAC-SHA family of signing methods signing methods
// Expects key type of []byte for both signing and validation
type SigningMethodHMAC struct {
Name string
Hash crypto.Hash
}
// Specific instances for HS256, HS384, HS512
var (
SigningMethodHS256 *SigningMethodHMAC
SigningMethodHS384 *SigningMethodHMAC
SigningMethodHS512 *SigningMethodHMAC
)
var (
base64BufPool sync.Pool
hmacSigners []*SigningMethodHMAC
)
func init() {
base64BufPool = sync.Pool{
New: func() interface{} {
buf := make([]byte, 8192)
return &buf
},
}
hmacSigners = []*SigningMethodHMAC{
{"HS256", crypto.SHA256},
{"HS384", crypto.SHA384},
{"HS512", crypto.SHA512},
}
}
// StandardClaims are basically standard claims with "Data"
type StandardClaims struct {
Data string `json:"data,omitempty"`
jwtgo.StandardClaims
}
// MapClaims - implements custom unmarshaller
type MapClaims struct {
Data string `json:"data,omitempty"`
Subject string `json:"sub,omitempty"`
jwtgo.MapClaims
}
// NewStandardClaims - initializes standard claims
func NewStandardClaims() *StandardClaims {
return &StandardClaims{}
}
// SetIssuer sets issuer for these claims
func (c *StandardClaims) SetIssuer(issuer string) {
c.Issuer = issuer
}
// SetAudience sets audience for these claims
func (c *StandardClaims) SetAudience(aud string) {
c.Audience = aud
}
// SetExpiry sets expiry in unix epoch secs
func (c *StandardClaims) SetExpiry(t time.Time) {
c.ExpiresAt = t.Unix()
}
// SetSubject sets unique identifier for the jwt
func (c *StandardClaims) SetSubject(subject string) {
c.Subject = subject
}
// SetData sets the "Data" custom field.
func (c *StandardClaims) SetData(data string) {
c.Data = data
}
// Valid - implements https://godoc.org/github.com/dgrijalva/jwt-go#Claims compatible
// claims interface, additionally validates "Data" field.
func (c *StandardClaims) Valid() error {
if err := c.StandardClaims.Valid(); err != nil {
return err
}
if c.Data == "" || c.Subject == "" {
return jwtgo.NewValidationError("data/sub",
jwtgo.ValidationErrorClaimsInvalid)
}
return nil
}
// NewMapClaims - Initializes a new map claims
func NewMapClaims() *MapClaims {
return &MapClaims{MapClaims: jwtgo.MapClaims{}}
}
// Lookup returns the value and if the key is found.
func (c *MapClaims) Lookup(key string) (value string, ok bool) {
var vinterface interface{}
vinterface, ok = c.MapClaims[key]
if ok {
value, ok = vinterface.(string)
}
return
}
// SetExpiry sets expiry in unix epoch secs
func (c *MapClaims) SetExpiry(t time.Time) {
c.MapClaims["exp"] = t.Unix()
}
// SetData sets the "Data" custom field.
func (c *MapClaims) SetData(data string) {
c.MapClaims[claimData] = data
}
// Valid - implements https://godoc.org/github.com/dgrijalva/jwt-go#Claims compatible
// claims interface, additionally validates "Data" field.
func (c *MapClaims) Valid() error {
if err := c.MapClaims.Valid(); err != nil {
return err
}
if c.Data == "" || c.Subject == "" {
return jwtgo.NewValidationError("data/subject",
jwtgo.ValidationErrorClaimsInvalid)
}
return nil
}
// Map returns underlying low-level map claims.
func (c *MapClaims) Map() map[string]interface{} {
return c.MapClaims
}
// MarshalJSON marshals the MapClaims struct
func (c *MapClaims) MarshalJSON() ([]byte, error) {
return json.Marshal(c.MapClaims)
}
// https://tools.ietf.org/html/rfc7519#page-11
type jwtHeader struct {
Algorithm string `json:"alg"`
Type string `json:"typ"`
}
// ParseWithClaims - parse the token string, valid methods.
func ParseWithClaims(tokenStr string, claims *MapClaims) error {
bufp := base64BufPool.Get().(*[]byte)
defer base64BufPool.Put(bufp)
signer, err := parseUnverifiedMapClaims(tokenStr, claims, *bufp)
if err != nil {
return err
}
i := strings.LastIndex(tokenStr, ".")
if i < 0 {
return jwtgo.ErrSignatureInvalid
}
n, err := base64Decode(tokenStr[i+1:], *bufp)
if err != nil {
return err
}
var ok bool
claims.Data, ok = claims.Lookup(claimData)
if !ok {
return jwtgo.NewValidationError("data missing",
jwtgo.ValidationErrorClaimsInvalid)
}
claims.Subject, ok = claims.Lookup(claimSub)
if !ok {
return jwtgo.NewValidationError("sub missing",
jwtgo.ValidationErrorClaimsInvalid)
}
hasher := hmac.New(signer.Hash.New, []byte(GetHmacJWTSecret()))
hasher.Write([]byte(tokenStr[:i]))
if !hmac.Equal((*bufp)[:n], hasher.Sum(nil)) {
return jwtgo.ErrSignatureInvalid
}
// Signature is valid, lets validate the claims for
// other fields such as expiry etc.
return claims.Valid()
}
// base64Decode returns the bytes represented by the base64 string s.
func base64Decode(s string, buf []byte) (int, error) {
return base64.RawURLEncoding.Decode(buf, []byte(s))
}
// ParseUnverifiedMapClaims - WARNING: Don't use this method unless you know what you're doing
//
// This method parses the token but doesn't validate the signature. It's only
// ever useful in cases where you know the signature is valid (because it has
// been checked previously in the stack) and you want to extract values from
// it.
func parseUnverifiedMapClaims(tokenString string, claims *MapClaims, buf []byte) (*SigningMethodHMAC, error) {
if strings.Count(tokenString, ".") != 2 {
return nil, jwtgo.ErrSignatureInvalid
}
i := strings.Index(tokenString, ".")
j := strings.LastIndex(tokenString, ".")
n, err := base64Decode(tokenString[:i], buf)
if err != nil {
return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
}
var header = jwtHeader{}
var json = jsoniter.ConfigCompatibleWithStandardLibrary
if err = json.Unmarshal(buf[:n], &header); err != nil {
return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
}
n, err = base64Decode(tokenString[i+1:j], buf)
if err != nil {
return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
}
if err = json.Unmarshal(buf[:n], &claims.MapClaims); err != nil {
return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
}
for _, signer := range hmacSigners {
if header.Algorithm == signer.Name {
return signer, nil
}
}
return nil, jwtgo.NewValidationError(fmt.Sprintf("signing method (%s) is unavailable.", header.Algorithm),
jwtgo.ValidationErrorUnverifiable)
}

4
pkg/auth/ldap.go
View File

@@ -24,11 +24,11 @@ import (
)
var (
errInvalidCredentials = errors.New("invalid Credentials")
errInvalidCredentials = errors.New("invalid Login")
)
// GetConsoleCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled
// if the authentication succeed *credentials.Credentials object is returned and we continue with the normal STSAssumeRole flow
// if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow
func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error) {
creds, err := credentials.NewLDAPIdentity(endpoint, ldapUser, ldapPassword)
if err != nil {

2
pkg/auth/operator.go
View File

@@ -76,7 +76,7 @@ func isServiceAccountTokenValid(ctx context.Context, operatorClient OperatorClie
return true
}
// GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Credentials
// GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login
func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
ctx := context.Background()
opClientClientSet, err := cluster.OperatorClient(jwt)

60
pkg/auth/jwt.go → pkg/auth/token.go
View File

@@ -28,30 +28,26 @@ import (
"log"
"net/http"
"strings"
"time"
jwtgo "github.com/dgrijalva/jwt-go"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
xjwt "github.com/minio/console/pkg/auth/jwt"
"github.com/minio/console/pkg/auth/token"
"github.com/minio/minio-go/v7/pkg/credentials"
uuid "github.com/satori/go.uuid"
"golang.org/x/crypto/pbkdf2"
)
var (
errAuthentication = errors.New("authentication failed, check your access credentials")
errNoAuthToken = errors.New("JWT token missing")
errReadingToken = errors.New("JWT internal data is malformed")
errClaimsFormat = errors.New("encrypted jwt claims not in the right format")
errNoAuthToken = errors.New("session token missing")
errReadingToken = errors.New("session token internal data is malformed")
errClaimsFormat = errors.New("encrypted session token claims not in the right format")
)
// derivedKey is the key used to encrypt the JWT claims, its derived using pbkdf on CONSOLE_PBKDF_PASSPHRASE with CONSOLE_PBKDF_SALT
var derivedKey = pbkdf2.Key([]byte(xjwt.GetPBKDFPassphrase()), []byte(xjwt.GetPBKDFSalt()), 4096, 32, sha1.New)
// derivedKey is the key used to encrypt the session token claims, its derived using pbkdf on CONSOLE_PBKDF_PASSPHRASE with CONSOLE_PBKDF_SALT
var derivedKey = pbkdf2.Key([]byte(token.GetPBKDFPassphrase()), []byte(token.GetPBKDFSalt()), 4096, 32, sha1.New)
// IsJWTValid returns true or false depending if the provided jwt is valid or not
func IsJWTValid(token string) bool {
_, err := JWTAuthenticate(token)
// IsSessionTokenValid returns true or false depending if the provided session token is valid or not
func IsSessionTokenValid(token string) bool {
_, err := SessionTokenAuthenticate(token)
return err == nil
}
@@ -63,8 +59,8 @@ type DecryptedClaims struct {
Actions []string
}
// JWTAuthenticate takes a jwt, decode it, extract claims and validate the signature
// if the jwt claims.Data is valid we proceed to decrypt the information inside
// SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature
// if the session token claims are valid we proceed to decrypt the information inside
//
// returns claims after validation in the following format:
//
@@ -73,48 +69,36 @@ type DecryptedClaims struct {
// SecretAccessKey
// SessionToken
// }
func JWTAuthenticate(token string) (*DecryptedClaims, error) {
func SessionTokenAuthenticate(token string) (*DecryptedClaims, error) {
if token == "" {
return nil, errNoAuthToken
}
// initialize claims object
claims := xjwt.NewMapClaims()
// populate the claims object
if err := xjwt.ParseWithClaims(token, claims); err != nil {
return nil, errAuthentication
}
// decrypt the claims.Data field
claimTokens, err := decryptClaims(claims.Data)
// decrypt encrypted token
claimTokens, err := decryptClaims(token)
if err != nil {
// we print decryption token error information for debugging purposes
log.Println(err)
// we return a generic error that doesn't give any information to attackers
return nil, errReadingToken
}
// claimsTokens contains the decrypted STS claims
// claimsTokens contains the decrypted JWT for Console
return claimTokens, nil
}
// NewJWTWithClaimsForClient generates a new jwt with claims based on the provided STS credentials, first
// NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first
// encrypts the claims and the sign them
func NewJWTWithClaimsForClient(credentials *credentials.Value, actions []string, audience string) (string, error) {
func NewEncryptedTokenForClient(credentials *credentials.Value, actions []string) (string, error) {
if credentials != nil {
encryptedClaims, err := encryptClaims(credentials.AccessKeyID, credentials.SecretAccessKey, credentials.SessionToken, actions)
if err != nil {
return "", err
}
claims := xjwt.NewStandardClaims()
claims.SetExpiry(time.Now().UTC().Add(xjwt.GetConsoleSTSAndJWTDurationTime()))
claims.SetSubject(uuid.NewV4().String())
claims.SetData(encryptedClaims)
claims.SetAudience(audience)
jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, claims)
return jwt.SignedString([]byte(xjwt.GetHmacJWTSecret()))
return encryptedClaims, nil
}
return "", errors.New("provided credentials are empty")
}
// encryptClaims() receives the 3 STS claims, concatenate them and encrypt them using AES-GCM
// encryptClaims() receives the STS claims, concatenate them and encrypt them using AES-GCM
// returns a base64 encoded ciphertext
func encryptClaims(accessKeyID, secretAccessKey, sessionToken string, actions []string) (string, error) {
payload := []byte(fmt.Sprintf("%s#%s#%s#%s", accessKeyID, secretAccessKey, sessionToken, strings.Join(actions, ",")))
@@ -189,7 +173,7 @@ func decrypt(data []byte) ([]byte, error) {
// GetTokenFromRequest returns a token from a http Request
// either defined on a cookie `token` or on Authorization header.
//
// Authorization Header needs to be like "Authorization Bearer <jwt_token>"
// Authorization Header needs to be like "Authorization Bearer <token>"
func GetTokenFromRequest(r *http.Request) (*string, error) {
// Get Auth token
var reqToken string
@@ -216,9 +200,9 @@ func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
if err != nil {
return nil, err
}
// Perform decryption of the JWT, if Console is able to decrypt the JWT that means a valid session
// Perform decryption of the session token, if Console is able to decrypt the session token that means a valid session
// was used in the first place to get it
claims, err := JWTAuthenticate(*sessionID)
claims, err := SessionTokenAuthenticate(*sessionID)
if err != nil {
return nil, err
}

17
pkg/auth/jwt/config.go → pkg/auth/token/config.go
View File

@@ -14,24 +14,15 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package jwt
package token
import (
"strconv"
"time"
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/minio/pkg/env"
)
// defaultHmacJWTPassphrase will be used by default if application is not configured with a custom CONSOLE_HMAC_JWT_SECRET secret
var defaultHmacJWTPassphrase = utils.RandomCharString(64)
// GetHmacJWTSecret returns the 64 bytes secret used for signing the generated JWT for the application
func GetHmacJWTSecret() string {
return env.Get(ConsoleHmacJWTSecret, defaultHmacJWTPassphrase)
}
// ConsoleSTSAndJWTDurationSeconds returns the default session duration for the STS requested tokens and the generated JWTs.
// Ideally both values should match so jwt and Minio sts sessions expires at the same time.
func GetConsoleSTSAndJWTDurationInSeconds() int {
@@ -42,12 +33,6 @@ func GetConsoleSTSAndJWTDurationInSeconds() int {
return duration
}
// GetConsoleSTSAndJWTDurationTime returns GetConsoleSTSAndJWTDurationInSeconds in duration format
func GetConsoleSTSAndJWTDurationTime() time.Duration {
duration := GetConsoleSTSAndJWTDurationInSeconds()
return time.Duration(duration) * time.Second
}
var defaultPBKDFPassphrase = utils.RandomCharString(64)
// GetPBKDFPassphrase returns passphrase for the pbkdf2 function used to encrypt JWT payload

3
pkg/auth/jwt/const.go → pkg/auth/token/const.go
View File

@@ -14,10 +14,9 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package jwt
package token
const (
ConsoleHmacJWTSecret = "CONSOLE_HMAC_JWT_SECRET"
ConsoleSTSAndJWTDurationSeconds = "CONSOLE_STS_AND_JWT_DURATION_SECONDS"
ConsolePBKDFPassphrase = "CONSOLE_PBKDF_PASSPHRASE"
ConsolePBKDFSalt = "CONSOLE_PBKDF_SALT"

37
pkg/auth/jwt_test.go → pkg/auth/token_test.go
View File

@@ -23,7 +23,6 @@ import (
"github.com/stretchr/testify/assert"
)
var audience = ""
var creds = &credentials.Value{
AccessKeyID: "fakeAccessKeyID",
SecretAccessKey: "fakeSecretAccessKey",
@@ -35,25 +34,25 @@ var badToken = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoiRDMwYWE0ekQ1bWt
func TestNewJWTWithClaimsForClient(t *testing.T) {
funcAssert := assert.New(t)
// Test-1 : NewJWTWithClaimsForClient() is generated correctly without errors
function := "NewJWTWithClaimsForClient()"
jwt, err := NewJWTWithClaimsForClient(creds, []string{""}, audience)
// Test-1 : NewEncryptedTokenForClient() is generated correctly without errors
function := "NewEncryptedTokenForClient()"
jwt, err := NewEncryptedTokenForClient(creds, []string{""})
if err != nil || jwt == "" {
t.Errorf("Failed on %s:, error occurred: %s", function, err)
}
// saving jwt for future tests
goodToken = jwt
// Test-2 : NewJWTWithClaimsForClient() throws error because of empty credentials
if _, err = NewJWTWithClaimsForClient(nil, []string{""}, audience); err != nil {
// Test-2 : NewEncryptedTokenForClient() throws error because of empty credentials
if _, err = NewEncryptedTokenForClient(nil, []string{""}); err != nil {
funcAssert.Equal("provided credentials are empty", err.Error())
}
}
func TestJWTAuthenticate(t *testing.T) {
funcAssert := assert.New(t)
// Test-1 : JWTAuthenticate() should correctly return the claims
function := "JWTAuthenticate()"
claims, err := JWTAuthenticate(goodToken)
// Test-1 : SessionTokenAuthenticate() should correctly return the claims
function := "SessionTokenAuthenticate()"
claims, err := SessionTokenAuthenticate(goodToken)
if err != nil || claims == nil {
t.Errorf("Failed on %s:, error occurred: %s", function, err)
} else {
@@ -61,20 +60,20 @@ func TestJWTAuthenticate(t *testing.T) {
funcAssert.Equal(claims.SecretAccessKey, creds.SecretAccessKey)
funcAssert.Equal(claims.SessionToken, creds.SessionToken)
}
// Test-2 : JWTAuthenticate() return an error because of a tampered jwt
if _, err := JWTAuthenticate(badToken); err != nil {
funcAssert.Equal("authentication failed, check your access credentials", err.Error())
// Test-2 : SessionTokenAuthenticate() return an error because of a tampered jwt
if _, err := SessionTokenAuthenticate(badToken); err != nil {
funcAssert.Equal("session token internal data is malformed", err.Error())
}
// Test-3 : JWTAuthenticate() return an error because of an empty jwt
if _, err := JWTAuthenticate(""); err != nil {
funcAssert.Equal("JWT token missing", err.Error())
// Test-3 : SessionTokenAuthenticate() return an error because of an empty jwt
if _, err := SessionTokenAuthenticate(""); err != nil {
funcAssert.Equal("session token missing", err.Error())
}
}
func TestIsJWTValid(t *testing.T) {
funcAssert := assert.New(t)
// Test-1 : JWTAuthenticate() provided token is valid
funcAssert.Equal(true, IsJWTValid(goodToken))
// Test-2 : JWTAuthenticate() provided token is invalid
funcAssert.Equal(false, IsJWTValid(badToken))
// Test-1 : SessionTokenAuthenticate() provided token is valid
funcAssert.Equal(true, IsSessionTokenValid(goodToken))
// Test-2 : SessionTokenAuthenticate() provided token is invalid
funcAssert.Equal(false, IsSessionTokenValid(badToken))
}

146
pkg/kes/kes.go Normal file
View File

@@ -0,0 +1,146 @@
package kes
import (
"crypto/x509"
"encoding/pem"
"errors"
"time"
"github.com/minio/kes"
)
type Identity = kes.Identity
type TLSProxyHeader struct {
ClientCert string `yaml:"cert,omitempty"`
}
type TLSProxy struct {
Identities *[]Identity `yaml:"identities,omitempty"`
Header *TLSProxyHeader `yaml:"header,omitempty"`
}
type TLS struct {
KeyPath string `yaml:"key,omitempty"`
CertPath string `yaml:"cert,omitempty"`
Proxy *TLSProxy `yaml:"proxy,omitempty"`
}
type Policy struct {
Paths []string `yaml:"paths,omitempty"`
Identities []Identity `yaml:"identities,omitempty"`
}
type Expiry struct {
Any time.Duration `yaml:"any,omitempty"`
Unused time.Duration `yaml:"unused,omitempty"`
}
type Cache struct {
Expiry *Expiry `yaml:"expiry,omitempty"`
}
type Log struct {
Error string `yaml:"error,omitempty"`
Audit string `yaml:"audit,omitempty"`
}
type Fs struct {
Path string `yaml:"path,omitempty"`
}
type AppRole struct {
EnginePath string `yaml:"engine,omitempty"`
ID string `yaml:"id,omitempty"`
Secret string `yaml:"secret,omitempty"`
Retry time.Duration `yaml:"retry,omitempty"`
}
type VaultTLS struct {
KeyPath string `yaml:"key,omitempty"`
CertPath string `yaml:"cert,omitempty"`
CAPath string `yaml:"ca,omitempty"`
}
type VaultStatus struct {
Ping time.Duration `yaml:"ping,omitempty"`
}
type Vault struct {
Endpoint string `yaml:"endpoint,omitempty"`
EnginePath string `yaml:"engine,omitempty"`
Namespace string `yaml:"namespace,omitempty"`
Prefix string `yaml:"prefix,omitempty"`
AppRole *AppRole `yaml:"approle,omitempty"`
TLS *VaultTLS `yaml:"tls,omitempty"`
Status *VaultStatus `yaml:"status,omitempty"`
}
type AwsSecretManagerLogin struct {
AccessKey string `yaml:"accesskey"`
SecretKey string `yaml:"secretkey"`
SessionToken string `yaml:"token"`
}
type AwsSecretManager struct {
Endpoint string `yaml:"endpoint,omitempty"`
Region string `yaml:"region,omitempty"`
KmsKey string ` yaml:"kmskey,omitempty"`
Login *AwsSecretManagerLogin `yaml:"credentials,omitempty"`
}
type Aws struct {
SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty"`
}
type GemaltoCredentials struct {
Token string `yaml:"token,omitempty"`
Domain string `yaml:"domain,omitempty"`
Retry time.Duration `yaml:"retry,omitempty"`
}
type GemaltoTLS struct {
CAPath string `yaml:"ca,omitempty"`
}
type GemaltoKeySecure struct {
Endpoint string `yaml:"endpoint,omitempty"`
Credentials *GemaltoCredentials `yaml:"credentials,omitempty"`
TLS *GemaltoTLS `yaml:"tls,omitempty"`
}
type Gemalto struct {
KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty"`
}
type Keys struct {
Fs *Fs `yaml:"fs,omitempty"`
Vault *Vault `yaml:"vault,omitempty"`
Aws *Aws `yaml:"aws,omitempty"`
Gemalto *Gemalto `yaml:"gemalto,omitempty"`
}
type ServerConfig struct {
Addr string `yaml:"address,omitempty"`
Root Identity `yaml:"root,omitempty"`
TLS TLS `yaml:"tls,omitempty"`
Policies map[string]Policy `yaml:"policy,omitempty"`
Cache Cache `yaml:"cache,omitempty"`
Log Log `yaml:"log,omitempty"`
Keys Keys `yaml:"keys,omitempty"`
}
func ParseCertificate(cert []byte) (*x509.Certificate, error) {
for {
var certDERBlock *pem.Block
certDERBlock, cert = pem.Decode(cert)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
return x509.ParseCertificate(certDERBlock.Bytes)
}
}
return nil, errors.New("found no (non-CA) certificate in any PEM block")
}

32
portal-ui/bindata_assetfs.go
View File

@@ -314,7 +314,7 @@ func buildAssetManifestJson() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/asset-manifest.json", size: 1324, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/asset-manifest.json", size: 1324, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -454,7 +454,7 @@ func buildIndexHtml() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/index.html", size: 2653, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/index.html", size: 2653, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -634,7 +634,7 @@ func buildPrecacheManifest431582dfb340f36f9878214baec8dc4dJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/precache-manifest.431582dfb340f36f9878214baec8dc4d.js", size: 872, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/precache-manifest.431582dfb340f36f9878214baec8dc4d.js", size: 872, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -714,7 +714,7 @@ func buildServiceWorkerJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/service-worker.js", size: 1183, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/service-worker.js", size: 1183, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -734,7 +734,7 @@ func buildStaticCss2C54eff9aChunkCss() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/css/2.c54eff9a.chunk.css", size: 7679, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/css/2.c54eff9a.chunk.css", size: 7679, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -754,7 +754,7 @@ func buildStaticCss2C54eff9aChunkCssMap() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/css/2.c54eff9a.chunk.css.map", size: 14852, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/css/2.c54eff9a.chunk.css.map", size: 14852, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -774,7 +774,7 @@ func buildStaticCssMainDc35c5d0ChunkCss() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/css/main.dc35c5d0.chunk.css", size: 244, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/css/main.dc35c5d0.chunk.css", size: 244, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -794,7 +794,7 @@ func buildStaticCssMainDc35c5d0ChunkCssMap() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/css/main.dc35c5d0.chunk.css.map", size: 426, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/css/main.dc35c5d0.chunk.css.map", size: 426, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -814,7 +814,7 @@ func buildStaticJs256e77eefChunkJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js", size: 1004066, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js", size: 1004066, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -834,7 +834,7 @@ func buildStaticJs256e77eefChunkJsLicenseTxt() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js.LICENSE.txt", size: 3031, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js.LICENSE.txt", size: 3031, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -854,7 +854,7 @@ func buildStaticJs256e77eefChunkJsMap() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js.map", size: 4194792, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/2.56e77eef.chunk.js.map", size: 4194792, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -874,7 +874,7 @@ func buildStaticJsMain8d549452ChunkJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/main.8d549452.chunk.js", size: 224981, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/main.8d549452.chunk.js", size: 224981, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -894,7 +894,7 @@ func buildStaticJsMain8d549452ChunkJsMap() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/main.8d549452.chunk.js.map", size: 768292, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/main.8d549452.chunk.js.map", size: 768292, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -914,7 +914,7 @@ func buildStaticJsRuntimeMainBa4e227dJs() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/runtime-main.ba4e227d.js", size: 1565, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/runtime-main.ba4e227d.js", size: 1565, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -934,7 +934,7 @@ func buildStaticJsRuntimeMainBa4e227dJsMap() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/js/runtime-main.ba4e227d.js.map", size: 8278, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/js/runtime-main.ba4e227d.js.map", size: 8278, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}
@@ -954,7 +954,7 @@ func buildStaticMediaMinio_console_logo0851e1d0Svg() (*asset, error) {
return nil, err
}
info := bindataFileInfo{name: "build/static/media/minio_console_logo.0851e1d0.svg", size: 2785, mode: os.FileMode(420), modTime: time.Unix(1595632751, 0)}
info := bindataFileInfo{name: "build/static/media/minio_console_logo.0851e1d0.svg", size: 2785, mode: os.FileMode(420), modTime: time.Unix(1595877009, 0)}
a := &asset{bytes: bytes, info: info}
return a, nil
}

6
portal-ui/package-lock.json generated
View File

@@ -4877,9 +4877,9 @@
"integrity": "sha512-WOr3SrZ55lUFYugA6sUu3H3ZoxVIH5o3zTSqYS+2DOJJP4hnHmBiD1w432a2YFW/H2G5FIxE6DB06rv+9dUL5g=="
},
"elliptic": {
"version": "6.5.2",
"resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz",
"integrity": "sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==",
"version": "6.5.3",
"resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
"integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
"requires": {
"bn.js": "^4.4.0",
"brorand": "^1.0.1",

5
portal-ui/src/screens/LoginPage/LoginPage.tsx
View File

@@ -250,7 +250,10 @@ const Login = ({ classes, userLoggedIn }: ILoginProps) => {
</Typography>
<Button
component={"a"}
href={loginStrategy.redirect}
href={loginStrategy.redirect.replace(
"%5BHOSTNAME%5D",
window.location.hostname
)}
type="submit"
fullWidth
variant="contained"

12
portal-ui/yarn.lock
View File

@@ -2588,9 +2588,9 @@ bluebird@^3.5.1, bluebird@^3.5.3, bluebird@^3.5.5:
integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0:
version "4.11.8"
resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f"
integrity sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==
version "4.11.9"
resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
body-parser@1.19.0:
version "1.19.0"
@@ -4374,9 +4374,9 @@ electron-to-chromium@^1.3.378, electron-to-chromium@^1.3.413:
integrity sha512-JTEOWiqCY4snuKuQAaFy0z6LK2Gdb8Lojkd/csQwpNHgMUF8I6QRjGVKk44IH46dHQhUFKzr4o6zxZrtDBjc2Q==
elliptic@^6.0.0:
version "6.5.2"
resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.2.tgz#05c5678d7173c049d8ca433552224a495d0e3762"
integrity sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==
version "6.5.3"
resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
dependencies:
bn.js "^4.4.0"
brorand "^1.0.1"

4
restapi/admin_config_test.go
View File

@@ -60,11 +60,11 @@ func TestListConfig(t *testing.T) {
function := "listConfig()"
// Test-1 : listConfig() get list of two configurations and ensure is output correctly
configListMock := []madmin.HelpKV{
madmin.HelpKV{
{
Key: "region",
Description: "label the location of the server",
},
madmin.HelpKV{
{
Key: "notify_nsq",
Description: "publish bucket notifications to NSQ endpoints",
},

1677
restapi/admin_tenants.go
View File

File diff suppressed because it is too large Load Diff

91
restapi/admin_tenants_test.go
View File

@@ -35,7 +35,9 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
types "k8s.io/apimachinery/pkg/types"
"k8s.io/client-go/kubernetes/fake"
)
var opClientTenantDeleteMock func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error
@@ -315,13 +317,12 @@ func Test_TenantInfo(t *testing.T) {
},
Namespace: "minio-ns",
Image: "minio/minio:RELEASE.2020-06-14T18-32-17Z",
UsedSize: int64(1024),
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := getTenantInfo(tt.args.minioTenant, tt.args.tenantInfo)
got := getTenantInfo(tt.args.minioTenant)
if !reflect.DeepEqual(got, tt.want) {
ji, _ := json.Marshal(got)
vi, _ := json.Marshal(tt.want)
@@ -415,10 +416,92 @@ func Test_TenantAddZone(t *testing.T) {
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: false,
}, {
name: "Add zone, error size",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(0),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: true,
},
{
name: "Add zone, error servers negative",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(-1)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: true,
},
{
name: "Add zone, error volumes per server negative",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(-1),
},
},
},
wantErr: true,
},
{
name: "Error on patch, handle error",
@@ -492,6 +575,7 @@ func Test_UpdateTenantAction(t *testing.T) {
tests := []struct {
name string
args args
objs []runtime.Object
wantErr bool
}{
{
@@ -627,8 +711,9 @@ func Test_UpdateTenantAction(t *testing.T) {
opClientTenantGetMock = tt.args.mockTenantGet
opClientTenantPatchMock = tt.args.mockTenantPatch
httpClientGetMock = tt.args.mockHTTPClientGet
cnsClient := fake.NewSimpleClientset(tt.objs...)
t.Run(tt.name, func(t *testing.T) {
if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, cnsClient.CoreV1(), tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
t.Errorf("deleteTenantAction() error = %v, wantErr %v", err, tt.wantErr)
}
})

4
restapi/admin_users_test.go
View File

@@ -67,13 +67,13 @@ func TestListUsers(t *testing.T) {
// Test-1 : listUsers() Get response from minio client with two users and return the same number on listUsers()
// mock minIO client
mockUserMap := map[string]madmin.UserInfo{
"ABCDEFGHI": madmin.UserInfo{
"ABCDEFGHI": {
SecretKey: "",
PolicyName: "ABCDEFGHI-policy",
Status: "enabled",
MemberOf: []string{"group1", "group2"},
},
"ZBCDEFGHI": madmin.UserInfo{
"ZBCDEFGHI": {
SecretKey: "",
PolicyName: "ZBCDEFGHI-policy",
Status: "enabled",

9
restapi/client-admin.go
View File

@@ -33,8 +33,13 @@ import (
const globalAppName = "console"
// NewAdminClient gives a new client interface
// NewAdminClient gives a new madmin client interface
func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *probe.Error) {
return NewAdminClientWithInsecure(url, accessKey, secretKey, false)
}
// NewAdminClientWithInsecure gives a new madmin client interface either secure or insecure based on parameter
func NewAdminClientWithInsecure(url, accessKey, secretKey string, insecure bool) (*madmin.AdminClient, *probe.Error) {
appName := filepath.Base(globalAppName)
s3Client, err := s3AdminNew(&mcCmd.Config{
@@ -44,7 +49,7 @@ func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *pro
AppName: appName,
AppVersion: ConsoleVersion,
AppComments: []string{appName, runtime.GOOS, runtime.GOARCH},
Insecure: false,
Insecure: insecure,
})
if err != nil {
return nil, err.Trace(url)

24
restapi/client.go
View File

@@ -26,8 +26,8 @@ import (
"github.com/minio/console/models"
"github.com/minio/console/pkg/acl"
"github.com/minio/console/pkg/auth"
xjwt "github.com/minio/console/pkg/auth/jwt"
"github.com/minio/console/pkg/auth/ldap"
xjwt "github.com/minio/console/pkg/auth/token"
mc "github.com/minio/mc/cmd"
"github.com/minio/mc/pkg/probe"
"github.com/minio/minio-go/v7"
@@ -93,10 +93,10 @@ func (c minioClient) getBucketPolicy(ctx context.Context, bucketName string) (st
return c.client.GetBucketPolicy(ctx, bucketName)
}
// MCS3Client interface with all functions to be implemented
// MCClient interface with all functions to be implemented
// by mock when testing, it should include all mc/S3Client respective api calls
// that are used within this project.
type MCS3Client interface {
type MCClient interface {
addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error
removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error
watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error)
@@ -106,26 +106,26 @@ type MCS3Client interface {
//
// Define the structure of a mc S3Client and define the functions that are actually used
// from mcS3client api.
type mcS3Client struct {
type mcClient struct {
client *mc.S3Client
}
// implements S3Client.AddNotificationConfig()
func (c mcS3Client) addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error {
func (c mcClient) addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error {
return c.client.AddNotificationConfig(ctx, arn, events, prefix, suffix, ignoreExisting)
}
// implements S3Client.RemoveNotificationConfig()
func (c mcS3Client) removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error {
func (c mcClient) removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error {
return c.client.RemoveNotificationConfig(ctx, arn, event, prefix, suffix)
}
func (c mcS3Client) watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error) {
func (c mcClient) watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error) {
return c.client.Watch(ctx, options)
}
// ConsoleCredentials interface with all functions to be implemented
// by mock when testing, it should include all needed consoleCredentials.Credentials api calls
// by mock when testing, it should include all needed consoleCredentials.Login api calls
// that are used within this project.
type ConsoleCredentials interface {
Get() (credentials.Value, error)
@@ -137,12 +137,12 @@ type consoleCredentials struct {
consoleCredentials *credentials.Credentials
}
// implements *Credentials.Get()
// implements *Login.Get()
func (c consoleCredentials) Get() (credentials.Value, error) {
return c.consoleCredentials.Get()
}
// implements *Credentials.Expire()
// implements *Login.Expire()
func (c consoleCredentials) Expire() {
c.consoleCredentials.Expire()
}
@@ -217,14 +217,14 @@ func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.
// GetClaimsFromJWT decrypt and returns the claims associated to a provided jwt
func GetClaimsFromJWT(jwt string) (*auth.DecryptedClaims, error) {
claims, err := auth.JWTAuthenticate(jwt)
claims, err := auth.SessionTokenAuthenticate(jwt)
if err != nil {
return nil, err
}
return claims, nil
}
// getConsoleCredentialsFromSession returns the *consoleCredentials.Credentials associated to the
// getConsoleCredentialsFromSession returns the *consoleCredentials.Login associated to the
// provided jwt, this is useful for running the Expire() or IsExpired() operations
func getConsoleCredentialsFromSession(claims *models.Principal) *credentials.Credentials {
return credentials.NewStaticV4(claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken)

10
restapi/config.go
View File

@@ -39,10 +39,6 @@ var TLSPort = "9443"
// TLSRedirect console tls redirect rule
var TLSRedirect = "off"
// defaultTenantMemorySize default value used
// when generating minioTenant request
var defaultTenantMemorySize = "16Gi"
func getAccessKey() string {
return env.Get(ConsoleAccessKey, "minioadmin")
}
@@ -232,9 +228,3 @@ func getSecureFeaturePolicy() string {
func getSecureExpectCTHeader() string {
return env.Get(ConsoleSecureExpectCTHeader, "")
}
// getTenantMemorySize Memory size value to be used when generating the
// Tenant request
func getTenantMemorySize() string {
return env.Get(ConsoleTenantMemorySize, defaultTenantMemorySize)
}

2
restapi/configure_console.go
View File

@@ -63,7 +63,7 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
api.KeyAuth = func(token string, scopes []string) (*models.Principal, error) {
// we are validating the jwt by decrypting the claims inside, if the operation succed that means the jwt
// was generated and signed by us in the first place
claims, err := auth.JWTAuthenticate(token)
claims, err := auth.SessionTokenAuthenticate(token)
if err != nil {
log.Println(err)
return nil, errors.New(401, "incorrect api key auth")

22
restapi/constants.go
View File

@@ -1,22 +0,0 @@
// This file is part of MinIO Kubernetes Cloud
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package restapi
const (
// ConsoleTenantMemorySize Memory size to be used when creating Tenant request
ConsoleTenantMemorySize = "CONSOLE_TENANT_MEMORY_SIZE"
)

1834
restapi/embedded_spec.go
View File

File diff suppressed because it is too large Load Diff

90
restapi/operations/admin_api/get_tenant_usage.go Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// GetTenantUsageHandlerFunc turns a function with the right signature into a get tenant usage handler
type GetTenantUsageHandlerFunc func(GetTenantUsageParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn GetTenantUsageHandlerFunc) Handle(params GetTenantUsageParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// GetTenantUsageHandler interface for that can handle valid get tenant usage params
type GetTenantUsageHandler interface {
Handle(GetTenantUsageParams, *models.Principal) middleware.Responder
}
// NewGetTenantUsage creates a new http.Handler for the get tenant usage operation
func NewGetTenantUsage(ctx *middleware.Context, handler GetTenantUsageHandler) *GetTenantUsage {
return &GetTenantUsage{Context: ctx, Handler: handler}
}
/*GetTenantUsage swagger:route GET /namespaces/{namespace}/tenants/{tenant}/usage AdminAPI getTenantUsage
Get Usage For The Tenant
*/
type GetTenantUsage struct {
Context *middleware.Context
Handler GetTenantUsageHandler
}
func (o *GetTenantUsage) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
r = rCtx
}
var Params = NewGetTenantUsageParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
r = aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

114
restapi/operations/admin_api/get_tenant_usage_parameters.go Normal file
View File

@@ -0,0 +1,114 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewGetTenantUsageParams creates a new GetTenantUsageParams object
// no default values defined in spec.
func NewGetTenantUsageParams() GetTenantUsageParams {
return GetTenantUsageParams{}
}
// GetTenantUsageParams contains all the bound params for the get tenant usage operation
// typically these are obtained from a http.Request
//
// swagger:parameters GetTenantUsage
type GetTenantUsageParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Namespace string
/*
Required: true
In: path
*/
Tenant string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewGetTenantUsageParams() beforehand.
func (o *GetTenantUsageParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
res = append(res, err)
}
rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindNamespace binds and validates parameter Namespace from path.
func (o *GetTenantUsageParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Namespace = raw
return nil
}
// bindTenant binds and validates parameter Tenant from path.
func (o *GetTenantUsageParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Tenant = raw
return nil
}

133
restapi/operations/admin_api/get_tenant_usage_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// GetTenantUsageOKCode is the HTTP code returned for type GetTenantUsageOK
const GetTenantUsageOKCode int = 200
/*GetTenantUsageOK A successful response.
swagger:response getTenantUsageOK
*/
type GetTenantUsageOK struct {
/*
In: Body
*/
Payload *models.TenantUsage `json:"body,omitempty"`
}
// NewGetTenantUsageOK creates GetTenantUsageOK with default headers values
func NewGetTenantUsageOK() *GetTenantUsageOK {
return &GetTenantUsageOK{}
}
// WithPayload adds the payload to the get tenant usage o k response
func (o *GetTenantUsageOK) WithPayload(payload *models.TenantUsage) *GetTenantUsageOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get tenant usage o k response
func (o *GetTenantUsageOK) SetPayload(payload *models.TenantUsage) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetTenantUsageOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*GetTenantUsageDefault Generic error response.
swagger:response getTenantUsageDefault
*/
type GetTenantUsageDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewGetTenantUsageDefault creates GetTenantUsageDefault with default headers values
func NewGetTenantUsageDefault(code int) *GetTenantUsageDefault {
if code <= 0 {
code = 500
}
return &GetTenantUsageDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the get tenant usage default response
func (o *GetTenantUsageDefault) WithStatusCode(code int) *GetTenantUsageDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the get tenant usage default response
func (o *GetTenantUsageDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the get tenant usage default response
func (o *GetTenantUsageDefault) WithPayload(payload *models.Error) *GetTenantUsageDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get tenant usage default response
func (o *GetTenantUsageDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetTenantUsageDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

124
restapi/operations/admin_api/get_tenant_usage_urlbuilder.go Normal file
View File

@@ -0,0 +1,124 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// GetTenantUsageURL generates an URL for the get tenant usage operation
type GetTenantUsageURL struct {
Namespace string
Tenant string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetTenantUsageURL) WithBasePath(bp string) *GetTenantUsageURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetTenantUsageURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *GetTenantUsageURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/namespaces/{namespace}/tenants/{tenant}/usage"
namespace := o.Namespace
if namespace != "" {
_path = strings.Replace(_path, "{namespace}", namespace, -1)
} else {
return nil, errors.New("namespace is required on GetTenantUsageURL")
}
tenant := o.Tenant
if tenant != "" {
_path = strings.Replace(_path, "{tenant}", tenant, -1)
} else {
return nil, errors.New("tenant is required on GetTenantUsageURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *GetTenantUsageURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *GetTenantUsageURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *GetTenantUsageURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on GetTenantUsageURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on GetTenantUsageURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *GetTenantUsageURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

12
restapi/operations/console_api.go
View File

@@ -117,6 +117,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
AdminAPIGetResourceQuotaHandler: admin_api.GetResourceQuotaHandlerFunc(func(params admin_api.GetResourceQuotaParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.GetResourceQuota has not yet been implemented")
}),
AdminAPIGetTenantUsageHandler: admin_api.GetTenantUsageHandlerFunc(func(params admin_api.GetTenantUsageParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.GetTenantUsage has not yet been implemented")
}),
AdminAPIGetUserInfoHandler: admin_api.GetUserInfoHandlerFunc(func(params admin_api.GetUserInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.GetUserInfo has not yet been implemented")
}),
@@ -304,6 +307,8 @@ type ConsoleAPI struct {
AdminAPIDeleteTenantHandler admin_api.DeleteTenantHandler
// AdminAPIGetResourceQuotaHandler sets the operation handler for the get resource quota operation
AdminAPIGetResourceQuotaHandler admin_api.GetResourceQuotaHandler
// AdminAPIGetTenantUsageHandler sets the operation handler for the get tenant usage operation
AdminAPIGetTenantUsageHandler admin_api.GetTenantUsageHandler
// AdminAPIGetUserInfoHandler sets the operation handler for the get user info operation
AdminAPIGetUserInfoHandler admin_api.GetUserInfoHandler
// AdminAPIGroupInfoHandler sets the operation handler for the group info operation
@@ -499,6 +504,9 @@ func (o *ConsoleAPI) Validate() error {
if o.AdminAPIGetResourceQuotaHandler == nil {
unregistered = append(unregistered, "admin_api.GetResourceQuotaHandler")
}
if o.AdminAPIGetTenantUsageHandler == nil {
unregistered = append(unregistered, "admin_api.GetTenantUsageHandler")
}
if o.AdminAPIGetUserInfoHandler == nil {
unregistered = append(unregistered, "admin_api.GetUserInfoHandler")
}
@@ -776,6 +784,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/usage"] = admin_api.NewGetTenantUsage(o.context, o.AdminAPIGetTenantUsageHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/users/{name}"] = admin_api.NewGetUserInfo(o.context, o.AdminAPIGetUserInfoHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)

4
restapi/resource_quota_test.go
View File

@@ -66,12 +66,12 @@ func Test_ResourceQuota(t *testing.T) {
want: models.ResourceQuota{
Name: mockRQResponse.Name,
Elements: []*models.ResourceQuotaElement{
&models.ResourceQuotaElement{
{
Name: "storage",
Hard: int64(1000),
Used: int64(500),
},
&models.ResourceQuotaElement{
{
Name: "cpu",
Hard: int64(2048),
Used: int64(1024),

12
restapi/user_buckets_events.go
View File

@@ -153,7 +153,7 @@ func getListBucketEventsResponse(session *models.Principal, params user_api.List
// If notificationEvents is empty, by default will set [get, put, delete], else the provided
// ones will be set.
// this function follows same behavior as minio/mc for adding a bucket event
func createBucketEvent(ctx context.Context, client MCS3Client, arn string, notificationEvents []models.NotificationEventType, prefix, suffix string, ignoreExisting bool) error {
func createBucketEvent(ctx context.Context, client MCClient, arn string, notificationEvents []models.NotificationEventType, prefix, suffix string, ignoreExisting bool) error {
var events []string
if len(notificationEvents) == 0 {
// default event values are [get, put, delete]
@@ -187,8 +187,8 @@ func getCreateBucketEventsResponse(session *models.Principal, bucketName string,
}
// create a mc S3Client interface implementation
// defining the client to be used
mcS3Client := mcS3Client{client: s3Client}
err = createBucketEvent(ctx, mcS3Client, *eventReq.Configuration.Arn, eventReq.Configuration.Events, eventReq.Configuration.Prefix, eventReq.Configuration.Suffix, eventReq.IgnoreExisting)
mcClient := mcClient{client: s3Client}
err = createBucketEvent(ctx, mcClient, *eventReq.Configuration.Arn, eventReq.Configuration.Events, eventReq.Configuration.Prefix, eventReq.Configuration.Suffix, eventReq.IgnoreExisting)
if err != nil {
log.Println("error creating bucket event:", err)
return err
@@ -197,7 +197,7 @@ func getCreateBucketEventsResponse(session *models.Principal, bucketName string,
}
// deleteBucketEventNotification calls S3Client.RemoveNotificationConfig to remove a bucket event notification
func deleteBucketEventNotification(ctx context.Context, client MCS3Client, arn string, events []models.NotificationEventType, prefix, suffix *string) error {
func deleteBucketEventNotification(ctx context.Context, client MCClient, arn string, events []models.NotificationEventType, prefix, suffix *string) error {
eventSingleString := joinNotificationEvents(events)
perr := client.removeNotificationConfig(ctx, arn, eventSingleString, *prefix, *suffix)
if perr != nil {
@@ -224,8 +224,8 @@ func getDeleteBucketEventsResponse(session *models.Principal, bucketName string,
}
// create a mc S3Client interface implementation
// defining the client to be used
mcS3Client := mcS3Client{client: s3Client}
err = deleteBucketEventNotification(ctx, mcS3Client, arn, events, prefix, suffix)
mcClient := mcClient{client: s3Client}
err = deleteBucketEventNotification(ctx, mcClient, arn, events, prefix, suffix)
if err != nil {
log.Println("error deleting bucket event:", err)
return err

32
restapi/user_buckets_events_test.go
View File

@@ -148,7 +148,7 @@ func TestListBucketEvents(t *testing.T) {
LambdaConfigs: []notification.LambdaConfig{},
TopicConfigs: []notification.TopicConfig{},
QueueConfigs: []notification.QueueConfig{
notification.QueueConfig{
{
Queue: "arn:minio:sqs::test:postgresql",
Config: notification.Config{
ID: "",
@@ -160,11 +160,11 @@ func TestListBucketEvents(t *testing.T) {
Filter: &notification.Filter{
S3Key: notification.S3Key{
FilterRules: []notification.FilterRule{
notification.FilterRule{
{
Name: "suffix",
Value: ".jpg",
},
notification.FilterRule{
{
Name: "prefix",
Value: "file/",
},
@@ -176,7 +176,7 @@ func TestListBucketEvents(t *testing.T) {
},
}
expectedOutput := []*models.NotificationConfig{
&models.NotificationConfig{
{
Arn: swag.String("arn:minio:sqs::test:postgresql"),
ID: "",
Prefix: "file/",
@@ -213,7 +213,7 @@ func TestListBucketEvents(t *testing.T) {
LambdaConfigs: []notification.LambdaConfig{},
TopicConfigs: []notification.TopicConfig{},
QueueConfigs: []notification.QueueConfig{
notification.QueueConfig{
{
Queue: "arn:minio:sqs::test:postgresql",
Config: notification.Config{
ID: "",
@@ -225,7 +225,7 @@ func TestListBucketEvents(t *testing.T) {
},
}
expectedOutput = []*models.NotificationConfig{
&models.NotificationConfig{
{
Arn: swag.String("arn:minio:sqs::test:postgresql"),
ID: "",
Prefix: "",
@@ -258,7 +258,7 @@ func TestListBucketEvents(t *testing.T) {
////// Test-3 : listBucketEvents() get list of events
mockBucketN = notification.Configuration{
LambdaConfigs: []notification.LambdaConfig{
notification.LambdaConfig{
{
Lambda: "lambda",
Config: notification.Config{
ID: "",
@@ -268,11 +268,11 @@ func TestListBucketEvents(t *testing.T) {
Filter: &notification.Filter{
S3Key: notification.S3Key{
FilterRules: []notification.FilterRule{
notification.FilterRule{
{
Name: "suffix",
Value: ".png",
},
notification.FilterRule{
{
Name: "prefix",
Value: "lambda/",
},
@@ -283,7 +283,7 @@ func TestListBucketEvents(t *testing.T) {
},
},
TopicConfigs: []notification.TopicConfig{
notification.TopicConfig{
{
Topic: "topic",
Config: notification.Config{
ID: "",
@@ -293,11 +293,11 @@ func TestListBucketEvents(t *testing.T) {
Filter: &notification.Filter{
S3Key: notification.S3Key{
FilterRules: []notification.FilterRule{
notification.FilterRule{
{
Name: "suffix",
Value: ".gif",
},
notification.FilterRule{
{
Name: "prefix",
Value: "topic/",
},
@@ -308,7 +308,7 @@ func TestListBucketEvents(t *testing.T) {
},
},
QueueConfigs: []notification.QueueConfig{
notification.QueueConfig{
{
Queue: "arn:minio:sqs::test:postgresql",
Config: notification.Config{
ID: "",
@@ -326,7 +326,7 @@ func TestListBucketEvents(t *testing.T) {
}
// order matters in output: topic,queue then lambda are given respectively
expectedOutput = []*models.NotificationConfig{
&models.NotificationConfig{
{
Arn: swag.String("topic"),
ID: "",
Prefix: "topic/",
@@ -335,7 +335,7 @@ func TestListBucketEvents(t *testing.T) {
models.NotificationEventTypeDelete,
},
},
&models.NotificationConfig{
{
Arn: swag.String("arn:minio:sqs::test:postgresql"),
ID: "",
Prefix: "",
@@ -344,7 +344,7 @@ func TestListBucketEvents(t *testing.T) {
models.NotificationEventTypeDelete,
},
},
&models.NotificationConfig{
{
Arn: swag.String("lambda"),
ID: "",
Prefix: "lambda/",

4
restapi/user_buckets_test.go
View File

@@ -82,8 +82,8 @@ func TestListBucket(t *testing.T) {
mockBucketList := madmin.AccountUsageInfo{
AccountName: "test",
Buckets: []madmin.BucketUsageInfo{
madmin.BucketUsageInfo{Name: "bucket-1", Created: time.Now(), Size: 1024},
madmin.BucketUsageInfo{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
{Name: "bucket-1", Created: time.Now(), Size: 1024},
{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
},
}
// mock function response from listBucketsWithContext(ctx)

4
restapi/user_login.go
View File

@@ -34,7 +34,7 @@ import (
var (
errorGeneric = errors.New("an error occurred, please try again")
errInvalidCredentials = errors.New("invalid Credentials")
errInvalidCredentials = errors.New("invalid Login")
)
func registerLoginHandlers(api *operations.ConsoleAPI) {
@@ -80,7 +80,7 @@ func login(credentials ConsoleCredentials, actions []string) (*string, error) {
return nil, errInvalidCredentials
}
// if we made it here, the consoleCredentials work, generate a jwt with claims
jwt, err := auth.NewJWTWithClaimsForClient(&tokens, actions, getMinIOServer())
jwt, err := auth.NewEncryptedTokenForClient(&tokens, actions)
if err != nil {
log.Println("error authenticating user", err)
return nil, errInvalidCredentials

2
restapi/user_watch.go
View File

@@ -34,7 +34,7 @@ type watchOptions struct {
mc.WatchOptions
}
func startWatch(ctx context.Context, conn WSConn, wsc MCS3Client, options watchOptions) error {
func startWatch(ctx context.Context, conn WSConn, wsc MCClient, options watchOptions) error {
wo, pErr := wsc.watch(ctx, options.WatchOptions)
if pErr != nil {
fmt.Println("error initializing watch:", pErr.Cause)

6
restapi/user_watch_test.go
View File

@@ -71,7 +71,7 @@ func TestWatch(t *testing.T) {
// mocking sending 5 lines of info
for range lines {
info := []mc.EventInfo{
mc.EventInfo{
{
UserAgent: textToReceive,
},
}
@@ -134,7 +134,7 @@ func TestWatch(t *testing.T) {
// mocking sending 5 lines of info
for range lines {
info := []mc.EventInfo{
mc.EventInfo{
{
UserAgent: textToReceive,
},
}
@@ -177,7 +177,7 @@ func TestWatch(t *testing.T) {
// mocking sending 5 lines of info
for range lines {
info := []mc.EventInfo{
mc.EventInfo{
{
UserAgent: textToReceive,
},
}

6
restapi/ws_handle.go
View File

@@ -61,8 +61,8 @@ type ConsoleWebsocket interface {
type wsS3Client struct {
// websocket connection.
conn wsConn
// mcS3Client
client MCS3Client
// mcClient
client MCClient
}
// WSConn interface with all functions to be implemented
@@ -197,7 +197,7 @@ func newWebSocketS3Client(conn *websocket.Conn, claims *models.Principal, bucket
wsConnection := wsConn{conn: conn}
// create a s3Client interface implementation
// defining the client to be used
mcS3C := mcS3Client{client: s3Client}
mcS3C := mcClient{client: s3Client}
// create websocket client and handle request
wsS3Client := &wsS3Client{conn: wsConnection, client: mcS3C}
return wsS3Client, nil

682
swagger.yml
View File

@@ -1144,6 +1144,31 @@ paths:
tags:
- AdminAPI
/namespaces/{namespace}/tenants/{tenant}/usage:
get:
summary: Get Usage For The Tenant
operationId: GetTenantUsage
parameters:
- name: namespace
in: path
required: true
type: string
- name: tenant
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/tenantUsage"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/namespaces/{namespace}/resourcequotas/{resource-quota-name}:
get:
summary: Get Resource Quota
@@ -1704,7 +1729,14 @@ definitions:
total_size:
type: integer
format: int64
used_size:
tenantUsage:
type: object
properties:
used:
type: integer
format: int64
disk_used:
type: integer
format: int64
@@ -1717,7 +1749,7 @@ definitions:
type: integer
instance_count:
type: integer
volume_size:
total_size:
type: integer
volume_count:
type: integer
@@ -1739,12 +1771,30 @@ definitions:
type: integer
format: int64
title: number of tenants accessible to tenant user
updateTenantRequest:
type: object
properties:
image:
type: string
pattern: "^((.*?)/(.*?):(.+))$"
image_registry:
$ref: "#/definitions/imageRegistry"
imageRegistry:
type: object
required:
- registry
- username
- password
properties:
registry:
type: string
username:
type: string
password:
type: string
createTenantRequest:
type: object
required:
@@ -1777,10 +1827,220 @@ definitions:
default: true
namespace:
type: string
erasureCodingParity:
type: integer
annotations:
type: object
additionalProperties:
type: string
image_registry:
$ref: "#/definitions/imageRegistry"
idp:
type: object
$ref: "#/definitions/idpConfiguration"
tls:
type: object
$ref: "#/definitions/tlsConfiguration"
encryption:
type: object
$ref: "#/definitions/encryptionConfiguration"
tlsConfiguration:
type: object
required:
- crt
- key
properties:
crt:
type: string
key:
type: string
idpConfiguration:
type: object
properties:
oidc:
type: object
required:
- url
- client_id
- secret_id
properties:
url:
type: string
client_id:
type: string
secret_id:
type: string
active_directory:
type: object
required:
- url
- username_format
- user_search_filter
properties:
url:
type: string
username_format:
type: string
user_search_filter:
type: string
group_search_base_dn:
type: string
group_search_filter:
type: string
group_name_attribute:
type: string
skip_ssl_verification:
type: boolean
server_insecure:
type: boolean
encryptionConfiguration:
type: object
properties:
image:
type: string
server:
type: object
required:
- crt
- key
properties:
crt:
type: string
key:
type: string
client:
type: object
required:
- crt
- key
properties:
crt:
type: string
key:
type: string
gemalto:
type: object
$ref: "#/definitions/gemaltoConfiguration"
aws:
type: object
$ref: "#/definitions/awsConfiguration"
vault:
type: object
$ref: "#/definitions/vaultConfiguration"
vaultConfiguration:
type: object
required:
- endpoint
- approle
properties:
endpoint:
type: string
engine:
type: string
namespace:
type: string
prefix:
type: string
approle:
type: object
required:
- id
- secret
properties:
engine:
type: string
id:
type: string
secret:
type: string
retry:
type: integer
format: int64
status:
type: object
properties:
ping:
type: integer
format: int64
tls:
type: object
properties:
key:
type: string
crt:
type: string
ca:
type: string
awsConfiguration:
type: object
required:
- secretsmanager
properties:
secretsmanager:
type: object
required:
- endpoint
- region
- credentials
properties:
endpoint:
type: string
region:
type: string
kmskey:
type: string
credentials:
type: object
required:
- accesskey
- secretkey
properties:
accesskey:
type: string
secretkey:
type: string
token:
type: string
gemaltoConfiguration:
type: object
required:
- keysecure
properties:
keysecure:
type: object
required:
- endpoint
- credentials
properties:
endpoint:
type: string
credentials:
type: object
required:
- token
- domain
properties:
token:
type: string
domain:
type: string
retry:
type: integer
format: int64
tls:
type: object
required:
- ca
properties:
ca:
type: string
createTenantResponse:
type: object
properties:
@@ -1788,6 +2048,13 @@ definitions:
type: string
secret_key:
type: string
console:
type: object
properties:
access_key:
type: string
secret_key:
type: string
zone:
type: object
required:
@@ -1811,6 +2078,417 @@ definitions:
type: integer
storage_class_name:
type: string
resources:
$ref: "#/definitions/zoneResources"
node_selector:
type: object
additionalProperties:
type: string
description: "NodeSelector is a selector which must be true for
the pod to fit on a node. Selector which must match a node's
labels for the pod to be scheduled on that node. More info:
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
affinity:
$ref: "#/definitions/zoneAffinity"
tolerations:
$ref: "#/definitions/zoneTolerations"
zoneTolerations:
description: Tolerations allows users to set entries like effect,
key, operator, value.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
$ref: "#/definitions/zoneTolerationSeconds"
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
zoneTolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
type: object
required:
- seconds
properties:
seconds:
type: integer
format: int64
zoneResources:
description: If provided, use these requests and limit for cpu/memory
resource allocation
properties:
limits:
additionalProperties:
type: integer
format: int64
description: "Limits describes the maximum amount of compute
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
type: object
requests:
additionalProperties:
additionalProperties:
type: integer
format: int64
description: "Requests describes the minimum amount of compute
resources required. If Requests is omitted for a container,
it defaults to Limits if that is explicitly specified, otherwise
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
type: object
type: object
zoneAffinity:
description: If specified, affinity will define the pod's scheduling
constraints
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for
the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the affinity expressions specified
by this field, but it may choose a node that violates
one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights,
i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node matches the corresponding matchExpressions;
the node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches
all objects with implicit weight 0 (i.e. it's a no-op).
A null preferred scheduling term matches no objects
(i.e. is also a no-op).
properties:
preference:
description: A node selector term, associated with
the corresponding weight.
$ref: "#/definitions/nodeSelectorTerm"
type: object
weight:
description: Weight associated with matching the
corresponding nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the affinity requirements
specified by this field cease to be met at some point
during pod execution (e.g. due to an update), the system
may or may not try to eventually evict the pod from
its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms.
The terms are ORed.
items:
$ref: "#/definitions/nodeSelectorTerm"
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g.
co-locate this pod in the same node, zone, etc. as some
other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the affinity expressions specified
by this field, but it may choose a node that violates
one or more of the expressions. The node that is most
preferred is the one with the greatest sum of weights,
i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum are
the most preferred.
items:
description:
The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
$ref: "#/definitions/podAffinityTerm"
weight:
description: weight associated with matching the
corresponding podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by
this field are not met at scheduling time, the pod will
not be scheduled onto the node. If the affinity requirements
specified by this field cease to be met at some point
during pod execution (e.g. due to a pod label update),
the system may or may not try to eventually evict the
pod from its node. When there are multiple elements,
the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
$ref: "#/definitions/podAffinityTerm"
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules
(e.g. avoid putting this pod in the same node, zone, etc.
as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods
to nodes that satisfy the anti-affinity expressions
specified by this field, but it may choose a node that
violates one or more of the expressions. The node that
is most preferred is the one with the greatest sum of
weights, i.e. for each node that meets all of the scheduling
requirements (resource request, requiredDuringScheduling
anti-affinity expressions, etc.), compute a sum by iterating
through the elements of this field and adding "weight"
to the sum if the node has pods which matches the corresponding
podAffinityTerm; the node(s) with the highest sum are
the most preferred.
items:
description:
The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred
node(s)
properties:
podAffinityTerm:
$ref: "#/definitions/podAffinityTerm"
weight:
description: weight associated with matching the
corresponding podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified
by this field are not met at scheduling time, the pod
will not be scheduled onto the node. If the anti-affinity
requirements specified by this field cease to be met
at some point during pod execution (e.g. due to a pod
label update), the system may or may not try to eventually
evict the pod from its node. When there are multiple
elements, the lists of nodes corresponding to each podAffinityTerm
are intersected, i.e. all terms must be satisfied.
items:
$ref: "#/definitions/podAffinityTerm"
type: array
type: object
type: object
nodeSelectorTerm:
type: object
description: A null or empty node selector term
matches no objects. The requirements of them are
ANDed. The TopologySelectorTerm type implements
a subset of the NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is
a selector that contains values, a key,
and an operator that relates the key and
values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators
are In, NotIn, Exists, DoesNotExist.
Gt, and Lt.
type: string
values:
description: An array of string values.
If the operator is In or NotIn, the
values array must be non-empty. If the
operator is Exists or DoesNotExist,
the values array must be empty. If the
operator is Gt or Lt, the values array
must have a single element, which will
be interpreted as an integer. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list
of label selector requirements. The requirements
are ANDed.
items:
description: A label selector requirement
is a selector that contains values,
a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key
that the selector applies to.
type: string
operator:
description: operator represents a
key's relationship to a set of values.
Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of
string values. If the operator is
In or NotIn, the values array must
be non-empty. If the operator is
Exists or DoesNotExist, the values
array must be empty. This array
is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator
is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the
pods matching the labelSelector in the specified
namespaces, where co-located is defined as
running on a node whose value of the label
with key topologyKey matches that of any node
on which any of the selected pods is running.
Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
resourceQuota:
type: object