Bumps the version of Console when using Operator APIs (#219)

Whe Console is configured, we auto generate credentials for Console and store them in a secret but we need to return them to the user so he knows what credentials he/she can use to log in to console.

Dockerfile.release

@@ -1,6 +1,12 @@
+FROM ubuntu:18.04 as certs
+
+RUN apt-get update -y && apt-get install -y ca-certificates
+
 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
 COPY console /console
 
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
 ENTRYPOINT ["/console"]

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/minio/mc v0.0.0-20200725183142-90d22b271f60
 	github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8
 	github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252
-	github.com/minio/operator v0.0.0-20200726122325-9efe901afebb
+	github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
 	github.com/satori/go.uuid v1.2.0
 	github.com/stretchr/testify v1.6.1

go.sum

@@ -143,6 +143,8 @@ github.com/go-ldap/ldap v3.0.2+incompatible h1:kD5HQcAzlQ7yrhfn+h+MSABeAy/jAJhvI
 github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
+github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
+github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
 github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
 github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
@@ -463,8 +465,8 @@ github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8/go.mod h1:NBWtYp4t5pt3
 github.com/minio/minio-go/v7 v7.0.1/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
 github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252 h1:V2JkMDoSmEIhRcMJwX3qeJVOzy1B5bHpHbZaQu77vbs=
 github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
-github.com/minio/operator v0.0.0-20200726122325-9efe901afebb h1:xAfr+GIP+4c6fU+Ad8oWHVWKtbQ60Su3dfEv3nPPyWM=
-github.com/minio/operator v0.0.0-20200726122325-9efe901afebb/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
+github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1 h1:cTgvRgFBUVxbnxhQUioT2T7SH0M7AyvO7dDX32yKPGw=
+github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1/go.mod h1:RLhFkLcL65qmrgUQJHrRwb1Lb4yHgD/DfjNENY2WNXg=
 github.com/minio/selfupdate v0.3.0 h1:1qfaZscU3hWwX1cF5m5Dov8Z5aZNvPHk9LROzIkas1k=
 github.com/minio/selfupdate v0.3.0/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
 github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU=
@@ -915,6 +917,8 @@ k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUc
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
+k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco=
+k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM=
 k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=

k8s/console/base/console-deployment.yaml

@@ -18,7 +18,6 @@ spec:
           image: minio/console:latest
           imagePullPolicy: "IfNotPresent"
           args:
-            - /console
             - server
           ports:
             - containerPort: 9090

k8s/getoperator.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-# Get's the latest deployment file from MinIO Operator
-curl https://raw.githubusercontent.com/minio/operator/master/minio-operator.yaml > operator-console/base/minio-operator.yaml

k8s/operator-console/base/console-deployment.yaml

@@ -21,7 +21,6 @@ spec:
             - name: CONSOLE_OPERATOR_MODE
               value: "on"
           args:
-            - /console
             - server
           ports:
             - containerPort: 9090

models/create_tenant_response.go

@@ -23,6 +23,7 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -35,12 +36,42 @@ type CreateTenantResponse struct {
 	// access key
 	AccessKey string `json:"access_key,omitempty"`
 
+	// console
+	Console *CreateTenantResponseConsole `json:"console,omitempty"`
+
 	// secret key
 	SecretKey string `json:"secret_key,omitempty"`
 }
 
 // Validate validates this create tenant response
 func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -61,3 +92,38 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// CreateTenantResponseConsole create tenant response console
+//
+// swagger:model CreateTenantResponseConsole
+type CreateTenantResponseConsole struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this create tenant response console
+func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
+	var res CreateTenantResponseConsole
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

restapi/admin_tenants.go

@@ -254,12 +254,12 @@ func listTenants(ctx context.Context, operatorClient OperatorClient, namespace s
 	}
 
 	var tenants []*models.TenantList
-	var totalSize int64
 
-	for _, minInst := range minTenants.Items {
+	for _, tenant := range minTenants.Items {
+		var totalSize int64
 		var instanceCount int64
 		var volumeCount int64
-		for _, zone := range minInst.Spec.Zones {
+		for _, zone := range tenant.Spec.Zones {
 			instanceCount = instanceCount + int64(zone.Servers)
 			volumeCount = volumeCount + int64(zone.Servers*zone.VolumesPerServer)
 			if zone.VolumeClaimTemplate != nil {
@@ -269,20 +269,20 @@ func listTenants(ctx context.Context, operatorClient OperatorClient, namespace s
 		}
 
 		tenants = append(tenants, &models.TenantList{
-			CreationDate:  minInst.ObjectMeta.CreationTimestamp.String(),
-			Name:          minInst.ObjectMeta.Name,
-			ZoneCount:     int64(len(minInst.Spec.Zones)),
+			CreationDate:  tenant.ObjectMeta.CreationTimestamp.String(),
+			Name:          tenant.ObjectMeta.Name,
+			ZoneCount:     int64(len(tenant.Spec.Zones)),
 			InstanceCount: instanceCount,
 			VolumeCount:   volumeCount,
-			CurrentState:  minInst.Status.CurrentState,
-			Namespace:     minInst.ObjectMeta.Namespace,
+			CurrentState:  tenant.Status.CurrentState,
+			Namespace:     tenant.ObjectMeta.Namespace,
 			TotalSize:     totalSize,
 		})
 	}
 
 	return &models.ListTenantsResponse{
 		Tenants: tenants,
-		Total:   0,
+		Total:   int64(len(tenants)),
 	}, nil
 }
 
@@ -332,6 +332,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		}
 		minioImage = *minImg
 	}
+	// get Kubernetes Client
+	clientset, err := cluster.K8sClient(session.SessionToken)
+	if err != nil {
+		return nil, err
+	}
+
+	ns := *params.Body.Namespace
 
 	// if access/secret are provided, use them, else create a random pair
 	accessKey := RandomCharString(16)
@@ -355,11 +362,6 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		},
 	}
 
-	clientset, err := cluster.K8sClient(session.SessionToken)
-	if err != nil {
-		return nil, err
-	}
-	ns := *params.Body.Namespace
 	_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
 	if err != nil {
 		return nil, err
@@ -389,10 +391,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		},
 	}
 	// optionals are set below
-
+	var consoleAccess string
+	var consoleSecret string
 	if enableConsole {
 		consoleSelector := fmt.Sprintf("%s-console", *params.Body.Name)
 		consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
+		consoleAccess = RandomCharString(16)
+		consoleSecret = RandomCharString(32)
 		imm := true
 		instanceSecret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
@@ -403,8 +408,8 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 				"CONSOLE_HMAC_JWT_SECRET":  []byte(RandomCharString(16)),
 				"CONSOLE_PBKDF_PASSPHRASE": []byte(RandomCharString(16)),
 				"CONSOLE_PBKDF_SALT":       []byte(RandomCharString(8)),
-				"CONSOLE_ACCESS_KEY":       []byte(RandomCharString(16)),
-				"CONSOLE_SECRET_KEY":       []byte(RandomCharString(32)),
+				"CONSOLE_ACCESS_KEY":       []byte(consoleAccess),
+				"CONSOLE_SECRET_KEY":       []byte(consoleSecret),
 			},
 		}
 		_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
@@ -412,7 +417,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			return nil, err
 		}
 
-		const consoleVersion = "minio/console:v0.3.0"
+		const consoleVersion = "minio/console:v0.3.3"
 		minInst.Spec.Console = &operator.ConsoleConfiguration{
 			Replicas:      2,
 			Image:         consoleVersion,
@@ -462,11 +467,17 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			return nil, err
 		}
 	}
-
-	return &models.CreateTenantResponse{
+	response := &models.CreateTenantResponse{
 		AccessKey: accessKey,
 		SecretKey: secretKey,
-	}, nil
+	}
+	// Attach Console Credentials
+	if enableConsole {
+		response.Console = &models.CreateTenantResponseConsole{}
+		response.Console.AccessKey = consoleAccess
+		response.Console.SecretKey = consoleSecret
+	}
+	return response, nil
 }
 
 // updateTenantAction does an update on the minioTenant by patching the desired changes
@@ -846,8 +857,8 @@ func parseTenantZone(zone *operator.Zone) *models.Zone {
 
 	// parse resources' requests
 	var resources *models.ZoneResources
-	var resourcesRequests map[string]int64
-	var resourcesLimits map[string]int64
+	resourcesRequests := make(map[string]int64)
+	resourcesLimits := make(map[string]int64)
 	for key, val := range zone.Resources.Requests {
 		resourcesRequests[key.String()] = val.Value()
 	}

restapi/embedded_spec.go

@@ -2020,6 +2020,17 @@ func init() {
         "access_key": {
           "type": "string"
         },
+        "console": {
+          "type": "object",
+          "properties": {
+            "access_key": {
+              "type": "string"
+            },
+            "secret_key": {
+              "type": "string"
+            }
+          }
+        },
         "secret_key": {
           "type": "string"
         }
@@ -4842,6 +4853,17 @@ func init() {
     }
   },
   "definitions": {
+    "CreateTenantResponseConsole": {
+      "type": "object",
+      "properties": {
+        "access_key": {
+          "type": "string"
+        },
+        "secret_key": {
+          "type": "string"
+        }
+      }
+    },
     "NodeSelectorTermMatchExpressionsItems0": {
       "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
       "type": "object",
@@ -5359,6 +5381,17 @@ func init() {
         "access_key": {
           "type": "string"
         },
+        "console": {
+          "type": "object",
+          "properties": {
+            "access_key": {
+              "type": "string"
+            },
+            "secret_key": {
+              "type": "string"
+            }
+          }
+        },
         "secret_key": {
           "type": "string"
         }

swagger.yml

@@ -1817,6 +1817,13 @@ definitions:
         type: string
       secret_key:
         type: string
+      console:
+        type: object
+        properties:
+          access_key:
+            type: string
+          secret_key:
+            type: string
   zone:
     type: object
     required: