update to v0.4.4

Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>

.github/workflows/go.yml

@@ -3,10 +3,10 @@ name: Go
 on:
   pull_request:
     branches:
-    - master
+      - master
   push:
     branches:
-    - master
+      - master
 
 jobs:
   build:
@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.13.x, 1.14.x]
+        go-version: [1.15.x]
         os: [ubuntu-latest]
     steps:
       - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}

.golangci.yml

@@ -21,7 +21,7 @@ linters:
     - structcheck
 
 service:
-  golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
 
 run:
   skip-dirs:

.goreleaser.yml

@@ -12,6 +12,10 @@ before:
   hooks:
     # you may remove this if you don't use vgo
     - go mod tidy
+    - docker build -f Dockerfile.assets -t consoleassets .
+    - docker create --name extract consoleassets
+    - docker cp extract:/app/bindata_assetfs.go ./portal-ui/
+    - docker rm extract
 
 builds:
   -
@@ -23,6 +27,33 @@ builds:
     goarch:
       - amd64
       - arm64
+
+    ignore:
+      - goos: darwin
+        goarch: arm64
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+
     env:
       - CGO_ENABLED=0
     main: ./cmd/console/

Dockerfile

@@ -1,4 +1,25 @@
-FROM golang:1.13
+FROM golang:1.15 as binlayer
+
+RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
+
+FROM node:10 as uilayer
+
+WORKDIR /app
+
+COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
+COPY --from=binlayer /go/bin/go-bindata /bin/
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node
+
+FROM golang:1.15 as golayer
 
 RUN apt-get update -y && apt-get install -y ca-certificates
 
@@ -12,6 +33,8 @@ RUN go mod download
 ADD . /go/src/github.com/minio/console/
 WORKDIR /go/src/github.com/minio/console/
 
+COPY --from=uilayer /app/bindata_assetfs.go /go/src/github.com/minio/console/portal-ui/
+
 ENV CGO_ENABLED=0
 
 RUN go build -ldflags "-w -s" -a -o console ./cmd/console
@@ -20,7 +43,7 @@ FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
 
-COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=0 /go/src/github.com/minio/console/console .
+COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=golayer /go/src/github.com/minio/console/console .
 
 ENTRYPOINT ["/console"]

Dockerfile.assets

@@ -0,0 +1,20 @@
+FROM golang:1.15 as binlayer
+
+RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
+
+FROM node:10 as uilayer
+
+WORKDIR /app
+
+COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
+COPY --from=binlayer /go/bin/go-bindata /bin/
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node

Dockerfile.release

@@ -1,6 +1,12 @@
+FROM ubuntu:18.04 as certs
+
+RUN apt-get update -y && apt-get install -y ca-certificates
+
 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
 COPY console /console
 
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
 ENTRYPOINT ["/console"]

Makefile

@@ -25,8 +25,10 @@ verifiers: getdeps fmt lint
 
 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d restapi/
 	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/
 
 lint:
 	@echo "Running $@ check"

README.md

@@ -101,8 +101,6 @@ Additionally, you can create policies to limit the privileges for `console` user
 To run the server:
 
 ```
-export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
-
 #required to encrypt jwet payload
 export CONSOLE_PBKDF_PASSPHRASE=SECRET
 
@@ -115,11 +113,41 @@ export CONSOLE_MINIO_SERVER=http://localhost:9000
 ./console server
 ```
 
-## Connect Console to a Minio using TLS and a self-signed certificate
+## Run Console with TLS enable
+
+Copy your `public.crt` and `private.key` to `~/.console/certs`, then:
+
+```bash
+./console server
+```
+
+Additionally, `Console` has support for multiple certificates, clients can request them using `SNI`. It expects the following structure:
+
+```bash
+ certs/
+  │
+  ├─ public.crt
+  ├─ private.key
+  │
+  ├─ example.com/
+  │   │
+  │   ├─ public.crt
+  │   └─ private.key
+  └─ foobar.org/
+     │
+     ├─ public.crt
+     └─ private.key
+  ...
 
 ```
-...
-export CONSOLE_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
+
+Therefore, we read all filenames in the cert directory and check
+for each directory whether it contains a public.crt and private.key.
+
+## Connect Console to a Minio using TLS and a self-signed certificate
+
+Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then:
+```
 export CONSOLE_MINIO_SERVER=https://localhost:9000
 ./console server
 ```

cluster/config.go

@@ -98,7 +98,7 @@ func getLatestMinIOImage(client HTTPClientI) (*string, error) {
 var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
 	&HTTPClient{
 		Client: &http.Client{
-			Timeout: 4 * time.Second,
+			Timeout: 15 * time.Second,
 		},
 	})
 

cmd/console/main.go

@@ -76,21 +76,19 @@ func newApp(name string) *cli.App {
 
 	findClosestCommands := func(command string) []string {
 		var closestCommands []string
-		for _, value := range commandsTree.PrefixMatch(command) {
-			closestCommands = append(closestCommands, value.(string))
-		}
+		closestCommands = append(closestCommands, commandsTree.PrefixMatch(command)...)
 
 		sort.Strings(closestCommands)
 		// Suggest other close commands - allow missed, wrongly added and
 		// even transposed characters
 		for _, value := range commandsTree.Walk(commandsTree.Root()) {
-			if sort.SearchStrings(closestCommands, value.(string)) < len(closestCommands) {
+			if sort.SearchStrings(closestCommands, value) < len(closestCommands) {
 				continue
 			}
 			// 2 is arbitrary and represents the max
 			// allowed number of typed errors
-			if words.DamerauLevenshteinDistance(command, value.(string)) < 2 {
-				closestCommands = append(closestCommands, value.(string))
+			if words.DamerauLevenshteinDistance(command, value) < 2 {
+				closestCommands = append(closestCommands, value)
 			}
 		}
 

cmd/console/server.go

@@ -20,12 +20,16 @@ import (
 	"fmt"
 	"log"
 	"os"
+	"path/filepath"
 
 	"github.com/go-openapi/loads"
 	"github.com/jessevdk/go-flags"
 	"github.com/minio/cli"
+	"github.com/minio/console/pkg/certs"
 	"github.com/minio/console/restapi"
 	"github.com/minio/console/restapi/operations"
+	"github.com/minio/minio/cmd/logger"
+	certsx "github.com/minio/minio/pkg/certs"
 )
 
 // starts the server
@@ -47,23 +51,18 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
+			Value: restapi.GetTLSHostname(),
 			Usage: "HTTPS server hostname",
 		},
 		cli.IntFlag{
 			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
+			Value: restapi.GetTLSPort(),
 			Usage: "HTTPS server port",
 		},
 		cli.StringFlag{
-			Name:  "tls-certificate",
-			Value: "",
-			Usage: "filename of public cert",
-		},
-		cli.StringFlag{
-			Name:  "tls-key",
-			Value: "",
-			Usage: "filename of private key",
+			Name:  "certs-dir",
+			Value: certs.GlobalCertsCADir.Get(),
+			Usage: "path to certs directory",
 		},
 	},
 }
@@ -82,7 +81,9 @@ func startServer(ctx *cli.Context) error {
 	parser := flags.NewParser(server, flags.Default)
 	parser.ShortDescription = "MinIO Console Server"
 	parser.LongDescription = swaggerSpec.Spec().Info.Description
+
 	server.ConfigureFlags()
+
 	for _, optsGroup := range api.CommandLineOptionsGroups {
 		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
 		if err != nil {
@@ -106,12 +107,19 @@ func startServer(ctx *cli.Context) error {
 	restapi.Hostname = ctx.String("host")
 	restapi.Port = fmt.Sprintf("%v", ctx.Int("port"))
 
-	tlsCertificatePath := ctx.String("tls-certificate")
-	tlsCertificateKeyPath := ctx.String("tls-key")
+	// Set all certs and CAs directories.
+	certs.GlobalCertsDir, _ = certs.NewConfigDirFromCtx(ctx, "certs-dir", certs.DefaultCertsDir.Get)
+	certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)}
+	logger.FatalIf(certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()), "Unable to create certs CA directory at %s", certs.GlobalCertsCADir.Get())
 
-	if tlsCertificatePath != "" && tlsCertificateKeyPath != "" {
-		server.TLSCertificate = flags.Filename(tlsCertificatePath)
-		server.TLSCertificateKey = flags.Filename(tlsCertificateKeyPath)
+	// load all CAs from ~/.console/certs/CAs
+	restapi.GlobalRootCAs, err = certsx.GetRootCAs(certs.GlobalCertsCADir.Get())
+	logger.FatalIf(err, "Failed to read root CAs (%v)", err)
+	// load all certs from ~/.console/certs
+	restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager, err = certs.GetTLSConfig()
+	logger.FatalIf(err, "Unable to load the TLS configuration")
+
+	if len(restapi.GlobalPublicCerts) > 0 && restapi.GlobalRootCAs != nil {
 		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
 		server.EnabledListeners = []string{"http", "https"}

docs/console_operator_mode.md

@@ -2,7 +2,7 @@
 
 `Console` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
 in the login form, Console will validate it against Kubernetes (list apis) and if valid will generate and return a new Console sessions 
-with encrypted claims (the user Service account token will be inside the JWT in the data field)
+with encrypted claims (the user Service account token will be inside the session encrypted token
 
 # Kubernetes
 

go.mod

@@ -1,10 +1,9 @@
 module github.com/minio/console
 
-go 1.13
+go 1.15
 
 require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/elazarl/go-bindata-assetfs v1.0.0
 	github.com/go-openapi/errors v0.19.6
 	github.com/go-openapi/loads v0.19.5
@@ -15,20 +14,22 @@ require (
 	github.com/go-openapi/validate v0.19.10
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
-	github.com/json-iterator/go v1.1.10
 	github.com/minio/cli v1.22.0
-	github.com/minio/mc v0.0.0-20200725183142-90d22b271f60
-	github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8
-	github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252
-	github.com/minio/operator v0.0.0-20200726122325-9efe901afebb
+	github.com/minio/kes v0.11.0
+	github.com/minio/mc v0.0.0-20201001165056-7f2df96e4821
+	github.com/minio/minio v0.0.0-20200927172404-27d9bd04e544
+	github.com/minio/minio-go/v7 v7.0.6-0.20200923173112-bc846cb9b089
+	github.com/minio/operator v0.0.0-20201022162018-527e5c32132b
+	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/satori/go.uuid v1.2.0
+	github.com/secure-io/sio-go v0.3.1
 	github.com/stretchr/testify v1.6.1
 	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
-	golang.org/x/net v0.0.0-20200707034311-ab3426394381
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
-	k8s.io/api v0.18.0
-	k8s.io/apimachinery v0.18.0
-	k8s.io/client-go v0.18.0
+	golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
+	golang.org/x/net v0.0.0-20200904194848-62affa334b73
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	gopkg.in/yaml.v2 v2.3.0
+	k8s.io/api v0.18.6
+	k8s.io/apimachinery v0.18.6
+	k8s.io/client-go v0.18.6
 )

k8s/console/base/console-cluster-role.yaml

@@ -7,7 +7,6 @@ rules:
       - ""
     resources:
       - namespaces
-      - secrets
       - pods
       - services
       - events
@@ -18,6 +17,18 @@ rules:
       - create
       - list
       - patch
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - deletecollection
+      - delete
   - apiGroups:
       - "storage.k8s.io"
     resources:

k8s/console/base/console-deployment.yaml

@@ -15,10 +15,9 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:latest
+          image: minio/console:v0.4.4
           imagePullPolicy: "IfNotPresent"
           args:
-            - /console
             - server
           ports:
             - containerPort: 9090

k8s/console/base/kustomization.yaml

@@ -8,4 +8,4 @@ resources:
   - console-configmap.yaml
   - console-service.yaml
   - console-deployment.yaml
-  - minio-operator.yaml
+  - https://github.com/minio/operator/?ref=v3.0.10

k8s/console/base/minio-operator.yaml

@@ -1,282 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: minio-operator
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tenants.minio.min.io
-spec:
-  group: minio.min.io
-  scope: Namespaced
-  names:
-    kind: Tenant
-    singular: tenant
-    plural: tenants
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        # openAPIV3Schema is the schema for validating custom objects.
-        # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
-        # for more details
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-              properties:
-                metadata:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                image:
-                  type: string
-                serviceName:
-                  type: string
-                serviceAccountName:
-                  type: string
-                zones:
-                  type: array
-                  items:
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                    properties:
-                      name:
-                        type: string
-                      servers:
-                        type: integer
-                      volumesPerServer:
-                        type: integer
-                      volumeClaimTemplate:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      resources:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      nodeSelector:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      affinity:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      tolerations:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                mountPath:
-                  type: string
-                podManagementPolicy:
-                  type: string
-                  enum: [Parallel,OrderedReady]
-                  default: Parallel
-                requestAutoCert:
-                  type: boolean
-                  default: false
-                certConfig:
-                  type: object
-                  properties:
-                    commonName:
-                      type: string
-                    organizationName:
-                      type: array
-                      items:
-                        type: string
-                    dnsNames:
-                      type: array
-                      items:
-                        type: string
-                version:
-                  type: string
-                mountpath:
-                  type: string
-                subpath:
-                  type: string
-                nodeSelector:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                credsSecret:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                env:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                console:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    consoleSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                    resources:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    env:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                kes:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    kesSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                liveness:
-                  type: object
-                  properties:
-                    initialDelaySeconds:
-                      type: integer
-                    periodSeconds:
-                      type: integer
-                    timeoutSeconds:
-                      type: integer
-            status:
-              type: object
-              properties:
-                currentState:
-                  type: string
-      subresources:
-        # status enables the status subresource.
-        status: {}
-      additionalPrinterColumns:
-        - name: Current State
-          type: string
-          jsonPath: ".status.currentState"
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: minio-operator
-  namespace: default
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: minio-operator-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - delete
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests
-      - certificatesigningrequests/approval
-      - certificatesigningrequests/status
-    verbs:
-      - update
-      - create
-      - get
-      - delete
-  - apiGroups:
-      - certificates.k8s.io
-    resourceNames:
-      - kubernetes.io/legacy-unknown
-    resources:
-      - signers
-    verbs:
-      - approve
-      - sign
-  - apiGroups:
-      - minio.min.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
-  - apiGroups:
-      - min.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: minio-operator-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: minio-operator-role
-subjects:
-  - kind: ServiceAccount
-    name: minio-operator
-    namespace: default
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: minio-operator
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: minio-operator
-  template:
-    metadata:
-      labels:
-        name: minio-operator
-    spec:
-      containers:
-        - image: minio/k8s-operator:v3.0.2
-          imagePullPolicy: IfNotPresent
-          name: minio-operator
-      serviceAccountName: minio-operator

k8s/getoperator.sh

@@ -1,3 +0,0 @@
-#!/bin/bash
-# Get's the latest deployment file from MinIO Operator
-curl https://raw.githubusercontent.com/minio/operator/master/minio-operator.yaml > operator-console/base/minio-operator.yaml

k8s/operator-console/base/console-cluster-role.yaml

@@ -6,18 +6,38 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - namespaces
       - secrets
-      - pods
-      - services
-      - events
-      - resourcequotas
     verbs:
       - get
       - watch
       - create
       - list
       - patch
+      - update
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
   - apiGroups:
       - "storage.k8s.io"
     resources:

k8s/operator-console/base/console-deployment.yaml

@@ -15,13 +15,12 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:latest
+          image: minio/console:v0.4.4
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_OPERATOR_MODE
               value: "on"
           args:
-            - /console
             - server
           ports:
             - containerPort: 9090

k8s/operator-console/base/kustomization.yaml

@@ -8,4 +8,4 @@ resources:
   - console-configmap.yaml
   - console-service.yaml
   - console-deployment.yaml
-  - minio-operator.yaml
+  - https://github.com/minio/operator/?ref=v3.0.19

k8s/operator-console/base/minio-operator.yaml

@@ -1,282 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: minio-operator
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: tenants.minio.min.io
-spec:
-  group: minio.min.io
-  scope: Namespaced
-  names:
-    kind: Tenant
-    singular: tenant
-    plural: tenants
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        # openAPIV3Schema is the schema for validating custom objects.
-        # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
-        # for more details
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              x-kubernetes-preserve-unknown-fields: true
-              properties:
-                metadata:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                image:
-                  type: string
-                serviceName:
-                  type: string
-                serviceAccountName:
-                  type: string
-                zones:
-                  type: array
-                  items:
-                    type: object
-                    x-kubernetes-preserve-unknown-fields: true
-                    properties:
-                      name:
-                        type: string
-                      servers:
-                        type: integer
-                      volumesPerServer:
-                        type: integer
-                      volumeClaimTemplate:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      resources:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      nodeSelector:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      affinity:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                      tolerations:
-                        type: object
-                        x-kubernetes-preserve-unknown-fields: true
-                mountPath:
-                  type: string
-                podManagementPolicy:
-                  type: string
-                  enum: [Parallel,OrderedReady]
-                  default: Parallel
-                requestAutoCert:
-                  type: boolean
-                  default: false
-                certConfig:
-                  type: object
-                  properties:
-                    commonName:
-                      type: string
-                    organizationName:
-                      type: array
-                      items:
-                        type: string
-                    dnsNames:
-                      type: array
-                      items:
-                        type: string
-                version:
-                  type: string
-                mountpath:
-                  type: string
-                subpath:
-                  type: string
-                nodeSelector:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                credsSecret:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                env:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                console:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    consoleSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                    resources:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    env:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                kes:
-                  type: object
-                  x-kubernetes-preserve-unknown-fields: true
-                  properties:
-                    metadata:
-                      type: object
-                      x-kubernetes-preserve-unknown-fields: true
-                    image:
-                      type: string
-                    replicas:
-                      type: integer
-                      default: 2
-                    kesSecret:
-                      type: object
-                      properties:
-                        name:
-                          type: string
-                liveness:
-                  type: object
-                  properties:
-                    initialDelaySeconds:
-                      type: integer
-                    periodSeconds:
-                      type: integer
-                    timeoutSeconds:
-                      type: integer
-            status:
-              type: object
-              properties:
-                currentState:
-                  type: string
-      subresources:
-        # status enables the status subresource.
-        status: {}
-      additionalPrinterColumns:
-        - name: Current State
-          type: string
-          jsonPath: ".status.currentState"
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: minio-operator
-  namespace: default
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: minio-operator-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - secrets
-      - pods
-      - services
-      - events
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - delete
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - certificates.k8s.io
-    resources:
-      - certificatesigningrequests
-      - certificatesigningrequests/approval
-      - certificatesigningrequests/status
-    verbs:
-      - update
-      - create
-      - get
-      - delete
-  - apiGroups:
-      - certificates.k8s.io
-    resourceNames:
-      - kubernetes.io/legacy-unknown
-    resources:
-      - signers
-    verbs:
-      - approve
-      - sign
-  - apiGroups:
-      - minio.min.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
-  - apiGroups:
-      - min.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: minio-operator-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: minio-operator-role
-subjects:
-  - kind: ServiceAccount
-    name: minio-operator
-    namespace: default
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: minio-operator
-  namespace: default
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: minio-operator
-  template:
-    metadata:
-      labels:
-        name: minio-operator
-    spec:
-      containers:
-        - image: minio/k8s-operator:v3.0.2
-          imagePullPolicy: IfNotPresent
-          name: minio-operator
-      serviceAccountName: minio-operator

models/add_bucket_replication.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketReplication add bucket replication
+//
+// swagger:model addBucketReplication
+type AddBucketReplication struct {
+
+	// arn
+	Arn string `json:"arn,omitempty"`
+
+	// destination bucket
+	DestinationBucket string `json:"destination_bucket,omitempty"`
+}
+
+// Validate validates this add bucket replication
+func (m *AddBucketReplication) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketReplication) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketReplication) UnmarshalBinary(b []byte) error {
+	var res AddBucketReplication
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/aws_configuration.go

@@ -0,0 +1,258 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AwsConfiguration aws configuration
+//
+// swagger:model awsConfiguration
+type AwsConfiguration struct {
+
+	// secretsmanager
+	// Required: true
+	Secretsmanager *AwsConfigurationSecretsmanager `json:"secretsmanager"`
+}
+
+// Validate validates this aws configuration
+func (m *AwsConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSecretsmanager(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfiguration) validateSecretsmanager(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager", "body", m.Secretsmanager); err != nil {
+		return err
+	}
+
+	if m.Secretsmanager != nil {
+		if err := m.Secretsmanager.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfiguration) UnmarshalBinary(b []byte) error {
+	var res AwsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanager aws configuration secretsmanager
+//
+// swagger:model AwsConfigurationSecretsmanager
+type AwsConfigurationSecretsmanager struct {
+
+	// credentials
+	// Required: true
+	Credentials *AwsConfigurationSecretsmanagerCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// kmskey
+	Kmskey string `json:"kmskey,omitempty"`
+
+	// region
+	// Required: true
+	Region *string `json:"region"`
+}
+
+// Validate validates this aws configuration secretsmanager
+func (m *AwsConfigurationSecretsmanager) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegion(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateRegion(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"region", "body", m.Region); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanager
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanagerCredentials aws configuration secretsmanager credentials
+//
+// swagger:model AwsConfigurationSecretsmanagerCredentials
+type AwsConfigurationSecretsmanagerCredentials struct {
+
+	// accesskey
+	// Required: true
+	Accesskey *string `json:"accesskey"`
+
+	// secretkey
+	// Required: true
+	Secretkey *string `json:"secretkey"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this aws configuration secretsmanager credentials
+func (m *AwsConfigurationSecretsmanagerCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccesskey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretkey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateAccesskey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"accesskey", "body", m.Accesskey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateSecretkey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"secretkey", "body", m.Secretkey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanagerCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_encryption_info.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionInfo bucket encryption info
+//
+// swagger:model bucketEncryptionInfo
+type BucketEncryptionInfo struct {
+
+	// algorithm
+	Algorithm string `json:"algorithm,omitempty"`
+
+	// kms master key ID
+	KmsMasterKeyID string `json:"kmsMasterKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption info
+func (m *BucketEncryptionInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionInfo) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_encryption_request.go

@@ -0,0 +1,89 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionRequest bucket encryption request
+//
+// swagger:model bucketEncryptionRequest
+type BucketEncryptionRequest struct {
+
+	// enc type
+	EncType BucketEncryptionType `json:"encType,omitempty"`
+
+	// kms key ID
+	KmsKeyID string `json:"kmsKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption request
+func (m *BucketEncryptionRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEncType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketEncryptionRequest) validateEncType(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.EncType) { // not required
+		return nil
+	}
+
+	if err := m.EncType.Validate(formats); err != nil {
+		if ve, ok := err.(*errors.Validation); ok {
+			return ve.ValidateName("encType")
+		}
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionRequest) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_encryption_type.go

@@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// BucketEncryptionType bucket encryption type
+//
+// swagger:model bucketEncryptionType
+type BucketEncryptionType string
+
+const (
+
+	// BucketEncryptionTypeSseS3 captures enum value "sse-s3"
+	BucketEncryptionTypeSseS3 BucketEncryptionType = "sse-s3"
+
+	// BucketEncryptionTypeSseKms captures enum value "sse-kms"
+	BucketEncryptionTypeSseKms BucketEncryptionType = "sse-kms"
+)
+
+// for schema
+var bucketEncryptionTypeEnum []interface{}
+
+func init() {
+	var res []BucketEncryptionType
+	if err := json.Unmarshal([]byte(`["sse-s3","sse-kms"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketEncryptionTypeEnum = append(bucketEncryptionTypeEnum, v)
+	}
+}
+
+func (m BucketEncryptionType) validateBucketEncryptionTypeEnum(path, location string, value BucketEncryptionType) error {
+	if err := validate.EnumCase(path, location, value, bucketEncryptionTypeEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this bucket encryption type
+func (m BucketEncryptionType) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateBucketEncryptionTypeEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

models/bucket_object.go

@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObject bucket object
+//
+// swagger:model bucketObject
+type BucketObject struct {
+
+	// content type
+	ContentType string `json:"content_type,omitempty"`
+
+	// expiration
+	Expiration string `json:"expiration,omitempty"`
+
+	// expiration rule id
+	ExpirationRuleID string `json:"expiration_rule_id,omitempty"`
+
+	// is delete marker
+	IsDeleteMarker bool `json:"is_delete_marker,omitempty"`
+
+	// is latest
+	IsLatest bool `json:"is_latest,omitempty"`
+
+	// last modified
+	LastModified string `json:"last_modified,omitempty"`
+
+	// legal hold status
+	LegalHoldStatus string `json:"legal_hold_status,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// retention mode
+	RetentionMode string `json:"retention_mode,omitempty"`
+
+	// retention until date
+	RetentionUntilDate string `json:"retention_until_date,omitempty"`
+
+	// size
+	Size int64 `json:"size,omitempty"`
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+
+	// user tags
+	UserTags map[string]string `json:"user_tags,omitempty"`
+
+	// version id
+	VersionID string `json:"version_id,omitempty"`
+}
+
+// Validate validates this bucket object
+func (m *BucketObject) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObject) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObject) UnmarshalBinary(b []byte) error {
+	var res BucketObject
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_replication_destination.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationDestination bucket replication destination
+//
+// swagger:model bucketReplicationDestination
+type BucketReplicationDestination struct {
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+}
+
+// Validate validates this bucket replication destination
+func (m *BucketReplicationDestination) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationDestination) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationDestination) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationDestination
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_replication_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationResponse bucket replication response
+//
+// swagger:model bucketReplicationResponse
+type BucketReplicationResponse struct {
+
+	// rules
+	Rules []*BucketReplicationRule `json:"rules"`
+}
+
+// Validate validates this bucket replication response
+func (m *BucketReplicationResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateRules(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationResponse) validateRules(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Rules) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Rules); i++ {
+		if swag.IsZero(m.Rules[i]) { // not required
+			continue
+		}
+
+		if m.Rules[i] != nil {
+			if err := m.Rules[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("rules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationResponse) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_replication_rule.go

@@ -0,0 +1,173 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// BucketReplicationRule bucket replication rule
+//
+// swagger:model bucketReplicationRule
+type BucketReplicationRule struct {
+
+	// delete marker replication
+	DeleteMarkerReplication *BucketReplicationRuleMarker `json:"delete_marker_replication,omitempty"`
+
+	// destination
+	Destination *BucketReplicationDestination `json:"destination,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+
+	// priority
+	Priority int32 `json:"priority,omitempty"`
+
+	// status
+	// Enum: [Enabled Disabled]
+	Status string `json:"status,omitempty"`
+}
+
+// Validate validates this bucket replication rule
+func (m *BucketReplicationRule) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDeleteMarkerReplication(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateDestination(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateDeleteMarkerReplication(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.DeleteMarkerReplication) { // not required
+		return nil
+	}
+
+	if m.DeleteMarkerReplication != nil {
+		if err := m.DeleteMarkerReplication.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("delete_marker_replication")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *BucketReplicationRule) validateDestination(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Destination) { // not required
+		return nil
+	}
+
+	if m.Destination != nil {
+		if err := m.Destination.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("destination")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+var bucketReplicationRuleTypeStatusPropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["Enabled","Disabled"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleTypeStatusPropEnum = append(bucketReplicationRuleTypeStatusPropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleStatusEnabled captures enum value "Enabled"
+	BucketReplicationRuleStatusEnabled string = "Enabled"
+
+	// BucketReplicationRuleStatusDisabled captures enum value "Disabled"
+	BucketReplicationRuleStatusDisabled string = "Disabled"
+)
+
+// prop value enum
+func (m *BucketReplicationRule) validateStatusEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleTypeStatusPropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateStatus(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateStatusEnum("status", "body", m.Status); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationRule) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationRule) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationRule
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_replication_rule_marker.go

@@ -0,0 +1,117 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// BucketReplicationRuleMarker bucket replication rule marker
+//
+// swagger:model bucketReplicationRuleMarker
+type BucketReplicationRuleMarker struct {
+
+	// status
+	// Enum: [Enabled Disabled]
+	Status string `json:"status,omitempty"`
+}
+
+// Validate validates this bucket replication rule marker
+func (m *BucketReplicationRuleMarker) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var bucketReplicationRuleMarkerTypeStatusPropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["Enabled","Disabled"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleMarkerTypeStatusPropEnum = append(bucketReplicationRuleMarkerTypeStatusPropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleMarkerStatusEnabled captures enum value "Enabled"
+	BucketReplicationRuleMarkerStatusEnabled string = "Enabled"
+
+	// BucketReplicationRuleMarkerStatusDisabled captures enum value "Disabled"
+	BucketReplicationRuleMarkerStatusDisabled string = "Disabled"
+)
+
+// prop value enum
+func (m *BucketReplicationRuleMarker) validateStatusEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleMarkerTypeStatusPropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRuleMarker) validateStatus(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateStatusEnum("status", "body", m.Status); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationRuleMarker) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationRuleMarker) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationRuleMarker
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_versioning_response.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketVersioningResponse bucket versioning response
+//
+// swagger:model bucketVersioningResponse
+type BucketVersioningResponse struct {
+
+	// is versioned
+	IsVersioned bool `json:"is_versioned,omitempty"`
+}
+
+// Validate validates this bucket versioning response
+func (m *BucketVersioningResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketVersioningResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketVersioningResponse) UnmarshalBinary(b []byte) error {
+	var res BucketVersioningResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/console_configuration.go

@@ -0,0 +1,117 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ConsoleConfiguration console configuration
+//
+// swagger:model consoleConfiguration
+type ConsoleConfiguration struct {
+	MetadataFields
+
+	// image
+	Image string `json:"image,omitempty"`
+}
+
+// UnmarshalJSON unmarshals this object from a JSON structure
+func (m *ConsoleConfiguration) UnmarshalJSON(raw []byte) error {
+	// AO0
+	var aO0 MetadataFields
+	if err := swag.ReadJSON(raw, &aO0); err != nil {
+		return err
+	}
+	m.MetadataFields = aO0
+
+	// AO1
+	var dataAO1 struct {
+		Image string `json:"image,omitempty"`
+	}
+	if err := swag.ReadJSON(raw, &dataAO1); err != nil {
+		return err
+	}
+
+	m.Image = dataAO1.Image
+
+	return nil
+}
+
+// MarshalJSON marshals this object to a JSON structure
+func (m ConsoleConfiguration) MarshalJSON() ([]byte, error) {
+	_parts := make([][]byte, 0, 2)
+
+	aO0, err := swag.WriteJSON(m.MetadataFields)
+	if err != nil {
+		return nil, err
+	}
+	_parts = append(_parts, aO0)
+	var dataAO1 struct {
+		Image string `json:"image,omitempty"`
+	}
+
+	dataAO1.Image = m.Image
+
+	jsonDataAO1, errAO1 := swag.WriteJSON(dataAO1)
+	if errAO1 != nil {
+		return nil, errAO1
+	}
+	_parts = append(_parts, jsonDataAO1)
+	return swag.ConcatJSON(_parts...), nil
+}
+
+// Validate validates this console configuration
+func (m *ConsoleConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// validation for a type composition with MetadataFields
+	if err := m.MetadataFields.Validate(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ConsoleConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ConsoleConfiguration) UnmarshalBinary(b []byte) error {
+	var res ConsoleConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/create_remote_bucket.go

@@ -0,0 +1,162 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// CreateRemoteBucket create remote bucket
+//
+// swagger:model createRemoteBucket
+type CreateRemoteBucket struct {
+
+	// access key
+	// Required: true
+	// Min Length: 3
+	AccessKey *string `json:"accessKey"`
+
+	// region
+	Region string `json:"region,omitempty"`
+
+	// secret key
+	// Required: true
+	// Min Length: 8
+	SecretKey *string `json:"secretKey"`
+
+	// source bucket
+	// Required: true
+	SourceBucket *string `json:"sourceBucket"`
+
+	// target bucket
+	// Required: true
+	TargetBucket *string `json:"targetBucket"`
+
+	// target URL
+	// Required: true
+	TargetURL *string `json:"targetURL"`
+}
+
+// Validate validates this create remote bucket
+func (m *CreateRemoteBucket) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSourceBucket(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetBucket(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("accessKey", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("accessKey", "body", string(*m.AccessKey), 3); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretKey", "body", m.SecretKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("secretKey", "body", string(*m.SecretKey), 8); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateSourceBucket(formats strfmt.Registry) error {
+
+	if err := validate.Required("sourceBucket", "body", m.SourceBucket); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateTargetBucket(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetBucket", "body", m.TargetBucket); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateTargetURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetURL", "body", m.TargetURL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateRemoteBucket) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateRemoteBucket) UnmarshalBinary(b []byte) error {
+	var res CreateRemoteBucket
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/create_tenant_request.go

@@ -42,15 +42,42 @@ type CreateTenantRequest struct {
 	// annotations
 	Annotations map[string]string `json:"annotations,omitempty"`
 
+	// console
+	Console *ConsoleConfiguration `json:"console,omitempty"`
+
+	// console image
+	ConsoleImage string `json:"console_image,omitempty"`
+
 	// enable console
 	EnableConsole *bool `json:"enable_console,omitempty"`
 
-	// enable ssl
-	EnableSsl *bool `json:"enable_ssl,omitempty"`
+	// enable prometheus
+	EnablePrometheus *bool `json:"enable_prometheus,omitempty"`
+
+	// enable tls
+	EnableTLS *bool `json:"enable_tls,omitempty"`
+
+	// encryption
+	Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
+
+	// erasure coding parity
+	ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
+
+	// idp
+	Idp *IdpConfiguration `json:"idp,omitempty"`
 
 	// image
 	Image string `json:"image,omitempty"`
 
+	// image pull secret
+	ImagePullSecret string `json:"image_pull_secret,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+
+	// labels
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// mounth path
 	MounthPath string `json:"mounth_path,omitempty"`
 
@@ -66,8 +93,8 @@ type CreateTenantRequest struct {
 	// secret key
 	SecretKey string `json:"secret_key,omitempty"`
 
-	// service name
-	ServiceName string `json:"service_name,omitempty"`
+	// tls
+	TLS *TLSConfiguration `json:"tls,omitempty"`
 
 	// zones
 	// Required: true
@@ -78,6 +105,22 @@ type CreateTenantRequest struct {
 func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEncryption(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateIdp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}
@@ -86,6 +129,10 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateZones(formats); err != nil {
 		res = append(res, err)
 	}
@@ -96,6 +143,78 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *CreateTenantRequest) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Encryption) { // not required
+		return nil
+	}
+
+	if m.Encryption != nil {
+		if err := m.Encryption.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("encryption")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Idp) { // not required
+		return nil
+	}
+
+	if m.Idp != nil {
+		if err := m.Idp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("idp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
 
 	if err := validate.Required("name", "body", m.Name); err != nil {
@@ -118,6 +237,24 @@ func (m *CreateTenantRequest) validateNamespace(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateZones(formats strfmt.Registry) error {
 
 	if err := validate.Required("zones", "body", m.Zones); err != nil {

models/create_tenant_response.go

@@ -23,6 +23,7 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -35,12 +36,42 @@ type CreateTenantResponse struct {
 	// access key
 	AccessKey string `json:"access_key,omitempty"`
 
+	// console
+	Console *CreateTenantResponseConsole `json:"console,omitempty"`
+
 	// secret key
 	SecretKey string `json:"secret_key,omitempty"`
 }
 
 // Validate validates this create tenant response
 func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -61,3 +92,38 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// CreateTenantResponseConsole create tenant response console
+//
+// swagger:model CreateTenantResponseConsole
+type CreateTenantResponseConsole struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this create tenant response console
+func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
+	var res CreateTenantResponseConsole
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/delete_tenant_request.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DeleteTenantRequest delete tenant request
+//
+// swagger:model deleteTenantRequest
+type DeleteTenantRequest struct {
+
+	// delete pvcs
+	DeletePvcs bool `json:"delete_pvcs,omitempty"`
+}
+
+// Validate validates this delete tenant request
+func (m *DeleteTenantRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DeleteTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DeleteTenantRequest) UnmarshalBinary(b []byte) error {
+	var res DeleteTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/encryption_configuration.go

@@ -0,0 +1,282 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EncryptionConfiguration encryption configuration
+//
+// swagger:model encryptionConfiguration
+type EncryptionConfiguration struct {
+	MetadataFields
+
+	// aws
+	Aws *AwsConfiguration `json:"aws,omitempty"`
+
+	// client
+	Client *KeyPairConfiguration `json:"client,omitempty"`
+
+	// gemalto
+	Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// server
+	Server *KeyPairConfiguration `json:"server,omitempty"`
+
+	// vault
+	Vault *VaultConfiguration `json:"vault,omitempty"`
+}
+
+// UnmarshalJSON unmarshals this object from a JSON structure
+func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
+	// AO0
+	var aO0 MetadataFields
+	if err := swag.ReadJSON(raw, &aO0); err != nil {
+		return err
+	}
+	m.MetadataFields = aO0
+
+	// AO1
+	var dataAO1 struct {
+		Aws *AwsConfiguration `json:"aws,omitempty"`
+
+		Client *KeyPairConfiguration `json:"client,omitempty"`
+
+		Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+		Image string `json:"image,omitempty"`
+
+		Server *KeyPairConfiguration `json:"server,omitempty"`
+
+		Vault *VaultConfiguration `json:"vault,omitempty"`
+	}
+	if err := swag.ReadJSON(raw, &dataAO1); err != nil {
+		return err
+	}
+
+	m.Aws = dataAO1.Aws
+
+	m.Client = dataAO1.Client
+
+	m.Gemalto = dataAO1.Gemalto
+
+	m.Image = dataAO1.Image
+
+	m.Server = dataAO1.Server
+
+	m.Vault = dataAO1.Vault
+
+	return nil
+}
+
+// MarshalJSON marshals this object to a JSON structure
+func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
+	_parts := make([][]byte, 0, 2)
+
+	aO0, err := swag.WriteJSON(m.MetadataFields)
+	if err != nil {
+		return nil, err
+	}
+	_parts = append(_parts, aO0)
+	var dataAO1 struct {
+		Aws *AwsConfiguration `json:"aws,omitempty"`
+
+		Client *KeyPairConfiguration `json:"client,omitempty"`
+
+		Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+		Image string `json:"image,omitempty"`
+
+		Server *KeyPairConfiguration `json:"server,omitempty"`
+
+		Vault *VaultConfiguration `json:"vault,omitempty"`
+	}
+
+	dataAO1.Aws = m.Aws
+
+	dataAO1.Client = m.Client
+
+	dataAO1.Gemalto = m.Gemalto
+
+	dataAO1.Image = m.Image
+
+	dataAO1.Server = m.Server
+
+	dataAO1.Vault = m.Vault
+
+	jsonDataAO1, errAO1 := swag.WriteJSON(dataAO1)
+	if errAO1 != nil {
+		return nil, errAO1
+	}
+	_parts = append(_parts, jsonDataAO1)
+	return swag.ConcatJSON(_parts...), nil
+}
+
+// Validate validates this encryption configuration
+func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// validation for a type composition with MetadataFields
+	if err := m.MetadataFields.Validate(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateAws(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateClient(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateGemalto(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServer(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVault(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateAws(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Aws) { // not required
+		return nil
+	}
+
+	if m.Aws != nil {
+		if err := m.Aws.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("aws")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Client) { // not required
+		return nil
+	}
+
+	if m.Client != nil {
+		if err := m.Client.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("client")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Gemalto) { // not required
+		return nil
+	}
+
+	if m.Gemalto != nil {
+		if err := m.Gemalto.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("gemalto")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Server) { // not required
+		return nil
+	}
+
+	if m.Server != nil {
+		if err := m.Server.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("server")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateVault(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Vault) { // not required
+		return nil
+	}
+
+	if m.Vault != nil {
+		if err := m.Vault.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("vault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *EncryptionConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
+	var res EncryptionConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/error.go

@@ -35,7 +35,7 @@ import (
 type Error struct {
 
 	// code
-	Code int64 `json:"code,omitempty"`
+	Code int32 `json:"code,omitempty"`
 
 	// message
 	// Required: true

models/gemalto_configuration.go

@@ -0,0 +1,314 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// GemaltoConfiguration gemalto configuration
+//
+// swagger:model gemaltoConfiguration
+type GemaltoConfiguration struct {
+
+	// keysecure
+	// Required: true
+	Keysecure *GemaltoConfigurationKeysecure `json:"keysecure"`
+}
+
+// Validate validates this gemalto configuration
+func (m *GemaltoConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKeysecure(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfiguration) validateKeysecure(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure", "body", m.Keysecure); err != nil {
+		return err
+	}
+
+	if m.Keysecure != nil {
+		if err := m.Keysecure.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfiguration) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecure gemalto configuration keysecure
+//
+// swagger:model GemaltoConfigurationKeysecure
+type GemaltoConfigurationKeysecure struct {
+
+	// credentials
+	// Required: true
+	Credentials *GemaltoConfigurationKeysecureCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// tls
+	TLS *GemaltoConfigurationKeysecureTLS `json:"tls,omitempty"`
+}
+
+// Validate validates this gemalto configuration keysecure
+func (m *GemaltoConfigurationKeysecure) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecure) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keysecure" + "." + "tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecure) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecure) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecure
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecureCredentials gemalto configuration keysecure credentials
+//
+// swagger:model GemaltoConfigurationKeysecureCredentials
+type GemaltoConfigurationKeysecureCredentials struct {
+
+	// domain
+	// Required: true
+	Domain *string `json:"domain"`
+
+	// retry
+	Retry int64 `json:"retry,omitempty"`
+
+	// token
+	// Required: true
+	Token *string `json:"token"`
+}
+
+// Validate validates this gemalto configuration keysecure credentials
+func (m *GemaltoConfigurationKeysecureCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDomain(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateToken(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureCredentials) validateDomain(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials"+"."+"domain", "body", m.Domain); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureCredentials) validateToken(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"credentials"+"."+"token", "body", m.Token); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureCredentials) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecureCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// GemaltoConfigurationKeysecureTLS gemalto configuration keysecure TLS
+//
+// swagger:model GemaltoConfigurationKeysecureTLS
+type GemaltoConfigurationKeysecureTLS struct {
+
+	// ca
+	// Required: true
+	Ca *string `json:"ca"`
+}
+
+// Validate validates this gemalto configuration keysecure TLS
+func (m *GemaltoConfigurationKeysecureTLS) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCa(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GemaltoConfigurationKeysecureTLS) validateCa(formats strfmt.Registry) error {
+
+	if err := validate.Required("keysecure"+"."+"tls"+"."+"ca", "body", m.Ca); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureTLS) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GemaltoConfigurationKeysecureTLS) UnmarshalBinary(b []byte) error {
+	var res GemaltoConfigurationKeysecureTLS
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/idp_configuration.go

@@ -0,0 +1,299 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// IdpConfiguration idp configuration
+//
+// swagger:model idpConfiguration
+type IdpConfiguration struct {
+
+	// active directory
+	ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
+
+	// oidc
+	Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
+}
+
+// Validate validates this idp configuration
+func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateActiveDirectory(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOidc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ActiveDirectory) { // not required
+		return nil
+	}
+
+	if m.ActiveDirectory != nil {
+		if err := m.ActiveDirectory.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("active_directory")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Oidc) { // not required
+		return nil
+	}
+
+	if m.Oidc != nil {
+		if err := m.Oidc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("oidc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
+	var res IdpConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationActiveDirectory idp configuration active directory
+//
+// swagger:model IdpConfigurationActiveDirectory
+type IdpConfigurationActiveDirectory struct {
+
+	// group name attribute
+	GroupNameAttribute string `json:"group_name_attribute,omitempty"`
+
+	// group search base dn
+	GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
+
+	// group search filter
+	GroupSearchFilter string `json:"group_search_filter,omitempty"`
+
+	// server insecure
+	ServerInsecure bool `json:"server_insecure,omitempty"`
+
+	// skip tls verification
+	SkipTLSVerification bool `json:"skip_tls_verification,omitempty"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+
+	// user search filter
+	// Required: true
+	UserSearchFilter *string `json:"user_search_filter"`
+
+	// username format
+	// Required: true
+	UsernameFormat *string `json:"username_format"`
+}
+
+// Validate validates this idp configuration active directory
+func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUserSearchFilter(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsernameFormat(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUserSearchFilter(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"user_search_filter", "body", m.UserSearchFilter); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUsernameFormat(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"username_format", "body", m.UsernameFormat); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationActiveDirectory
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationOidc idp configuration oidc
+//
+// swagger:model IdpConfigurationOidc
+type IdpConfigurationOidc struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// secret id
+	// Required: true
+	SecretID *string `json:"secret_id"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+}
+
+// Validate validates this idp configuration oidc
+func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"secret_id", "body", m.SecretID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationOidc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationOidc) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationOidc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/image_registry.go

@@ -0,0 +1,115 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ImageRegistry image registry
+//
+// swagger:model imageRegistry
+type ImageRegistry struct {
+
+	// password
+	// Required: true
+	Password *string `json:"password"`
+
+	// registry
+	// Required: true
+	Registry *string `json:"registry"`
+
+	// username
+	// Required: true
+	Username *string `json:"username"`
+}
+
+// Validate validates this image registry
+func (m *ImageRegistry) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePassword(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsername(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ImageRegistry) validatePassword(formats strfmt.Registry) error {
+
+	if err := validate.Required("password", "body", m.Password); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ImageRegistry) validateRegistry(formats strfmt.Registry) error {
+
+	if err := validate.Required("registry", "body", m.Registry); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ImageRegistry) validateUsername(formats strfmt.Registry) error {
+
+	if err := validate.Required("username", "body", m.Username); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ImageRegistry) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ImageRegistry) UnmarshalBinary(b []byte) error {
+	var res ImageRegistry
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/key_pair_configuration.go

@@ -0,0 +1,98 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// KeyPairConfiguration key pair configuration
+//
+// swagger:model keyPairConfiguration
+type KeyPairConfiguration struct {
+
+	// crt
+	// Required: true
+	Crt *string `json:"crt"`
+
+	// key
+	// Required: true
+	Key *string `json:"key"`
+}
+
+// Validate validates this key pair configuration
+func (m *KeyPairConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCrt(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateCrt(formats strfmt.Registry) error {
+
+	if err := validate.Required("crt", "body", m.Crt); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *KeyPairConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *KeyPairConfiguration) UnmarshalBinary(b []byte) error {
+	var res KeyPairConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/list_objects_response.go

@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ListObjectsResponse list objects response
+//
+// swagger:model listObjectsResponse
+type ListObjectsResponse struct {
+
+	// list of resulting objects
+	Objects []*BucketObject `json:"objects"`
+
+	// number of objects
+	Total int64 `json:"total,omitempty"`
+}
+
+// Validate validates this list objects response
+func (m *ListObjectsResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateObjects(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListObjectsResponse) validateObjects(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Objects) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Objects); i++ {
+		if swag.IsZero(m.Objects[i]) { // not required
+			continue
+		}
+
+		if m.Objects[i] != nil {
+			if err := m.Objects[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("objects" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListObjectsResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListObjectsResponse) UnmarshalBinary(b []byte) error {
+	var res ListObjectsResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/list_remote_buckets_response.go

@@ -0,0 +1,100 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ListRemoteBucketsResponse list remote buckets response
+//
+// swagger:model listRemoteBucketsResponse
+type ListRemoteBucketsResponse struct {
+
+	// list of remote buckets
+	Buckets []*RemoteBucket `json:"buckets"`
+
+	// number of remote buckets accessible to user
+	Total int64 `json:"total,omitempty"`
+}
+
+// Validate validates this list remote buckets response
+func (m *ListRemoteBucketsResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateBuckets(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListRemoteBucketsResponse) validateBuckets(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Buckets) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Buckets); i++ {
+		if swag.IsZero(m.Buckets[i]) { // not required
+			continue
+		}
+
+		if m.Buckets[i] != nil {
+			if err := m.Buckets[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("buckets" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListRemoteBucketsResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListRemoteBucketsResponse) UnmarshalBinary(b []byte) error {
+	var res ListRemoteBucketsResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/make_bucket_request.go

@@ -37,6 +37,12 @@ type MakeBucketRequest struct {
 	// name
 	// Required: true
 	Name *string `json:"name"`
+
+	// quota
+	Quota *SetBucketQuota `json:"quota,omitempty"`
+
+	// versioning
+	Versioning bool `json:"versioning,omitempty"`
 }
 
 // Validate validates this make bucket request
@@ -47,6 +53,10 @@ func (m *MakeBucketRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateQuota(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -62,6 +72,24 @@ func (m *MakeBucketRequest) validateName(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *MakeBucketRequest) validateQuota(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Quota) { // not required
+		return nil
+	}
+
+	if m.Quota != nil {
+		if err := m.Quota.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("quota")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *MakeBucketRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {

models/max_allocatable_mem_response.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MaxAllocatableMemResponse max allocatable mem response
+//
+// swagger:model maxAllocatableMemResponse
+type MaxAllocatableMemResponse struct {
+
+	// max memory
+	MaxMemory int64 `json:"max_memory,omitempty"`
+}
+
+// Validate validates this max allocatable mem response
+func (m *MaxAllocatableMemResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MaxAllocatableMemResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MaxAllocatableMemResponse) UnmarshalBinary(b []byte) error {
+	var res MaxAllocatableMemResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/metadata_fields.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MetadataFields metadata fields
+//
+// swagger:model metadataFields
+type MetadataFields struct {
+
+	// annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// labels
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// node selector
+	NodeSelector map[string]string `json:"node_selector,omitempty"`
+}
+
+// Validate validates this metadata fields
+func (m *MetadataFields) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MetadataFields) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MetadataFields) UnmarshalBinary(b []byte) error {
+	var res MetadataFields
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/object_legal_hold_status.go

@@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// ObjectLegalHoldStatus object legal hold status
+//
+// swagger:model objectLegalHoldStatus
+type ObjectLegalHoldStatus string
+
+const (
+
+	// ObjectLegalHoldStatusEnabled captures enum value "enabled"
+	ObjectLegalHoldStatusEnabled ObjectLegalHoldStatus = "enabled"
+
+	// ObjectLegalHoldStatusDisabled captures enum value "disabled"
+	ObjectLegalHoldStatusDisabled ObjectLegalHoldStatus = "disabled"
+)
+
+// for schema
+var objectLegalHoldStatusEnum []interface{}
+
+func init() {
+	var res []ObjectLegalHoldStatus
+	if err := json.Unmarshal([]byte(`["enabled","disabled"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		objectLegalHoldStatusEnum = append(objectLegalHoldStatusEnum, v)
+	}
+}
+
+func (m ObjectLegalHoldStatus) validateObjectLegalHoldStatusEnum(path, location string, value ObjectLegalHoldStatus) error {
+	if err := validate.EnumCase(path, location, value, objectLegalHoldStatusEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this object legal hold status
+func (m ObjectLegalHoldStatus) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateObjectLegalHoldStatusEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

models/object_retention_mode.go

@@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// ObjectRetentionMode object retention mode
+//
+// swagger:model objectRetentionMode
+type ObjectRetentionMode string
+
+const (
+
+	// ObjectRetentionModeGovernance captures enum value "governance"
+	ObjectRetentionModeGovernance ObjectRetentionMode = "governance"
+
+	// ObjectRetentionModeCompliance captures enum value "compliance"
+	ObjectRetentionModeCompliance ObjectRetentionMode = "compliance"
+)
+
+// for schema
+var objectRetentionModeEnum []interface{}
+
+func init() {
+	var res []ObjectRetentionMode
+	if err := json.Unmarshal([]byte(`["governance","compliance"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		objectRetentionModeEnum = append(objectRetentionModeEnum, v)
+	}
+}
+
+func (m ObjectRetentionMode) validateObjectRetentionModeEnum(path, location string, value ObjectRetentionMode) error {
+	if err := validate.EnumCase(path, location, value, objectRetentionModeEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this object retention mode
+func (m ObjectRetentionMode) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateObjectRetentionModeEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

models/parity_response.go

@@ -0,0 +1,37 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+)
+
+// ParityResponse parity response
+//
+// swagger:model parityResponse
+type ParityResponse []string
+
+// Validate validates this parity response
+func (m ParityResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}

models/put_object_legal_hold_request.go

@@ -0,0 +1,83 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PutObjectLegalHoldRequest put object legal hold request
+//
+// swagger:model putObjectLegalHoldRequest
+type PutObjectLegalHoldRequest struct {
+
+	// status
+	// Required: true
+	Status ObjectLegalHoldStatus `json:"status"`
+}
+
+// Validate validates this put object legal hold request
+func (m *PutObjectLegalHoldRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PutObjectLegalHoldRequest) validateStatus(formats strfmt.Registry) error {
+
+	if err := m.Status.Validate(formats); err != nil {
+		if ve, ok := err.(*errors.Validation); ok {
+			return ve.ValidateName("status")
+		}
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PutObjectLegalHoldRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PutObjectLegalHoldRequest) UnmarshalBinary(b []byte) error {
+	var res PutObjectLegalHoldRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/put_object_retention_request.go

@@ -0,0 +1,104 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// PutObjectRetentionRequest put object retention request
+//
+// swagger:model putObjectRetentionRequest
+type PutObjectRetentionRequest struct {
+
+	// expires
+	// Required: true
+	Expires *string `json:"expires"`
+
+	// governance bypass
+	GovernanceBypass bool `json:"governance_bypass,omitempty"`
+
+	// mode
+	// Required: true
+	Mode ObjectRetentionMode `json:"mode"`
+}
+
+// Validate validates this put object retention request
+func (m *PutObjectRetentionRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateExpires(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PutObjectRetentionRequest) validateExpires(formats strfmt.Registry) error {
+
+	if err := validate.Required("expires", "body", m.Expires); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *PutObjectRetentionRequest) validateMode(formats strfmt.Registry) error {
+
+	if err := m.Mode.Validate(formats); err != nil {
+		if ve, ok := err.(*errors.Validation); ok {
+			return ve.ValidateName("mode")
+		}
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PutObjectRetentionRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PutObjectRetentionRequest) UnmarshalBinary(b []byte) error {
+	var res PutObjectRetentionRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/put_object_tags_request.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PutObjectTagsRequest put object tags request
+//
+// swagger:model putObjectTagsRequest
+type PutObjectTagsRequest struct {
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+}
+
+// Validate validates this put object tags request
+func (m *PutObjectTagsRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PutObjectTagsRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PutObjectTagsRequest) UnmarshalBinary(b []byte) error {
+	var res PutObjectTagsRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/remote_bucket.go

@@ -0,0 +1,200 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// RemoteBucket remote bucket
+//
+// swagger:model remoteBucket
+type RemoteBucket struct {
+
+	// access key
+	// Required: true
+	// Min Length: 3
+	AccessKey *string `json:"accessKey"`
+
+	// remote a r n
+	// Required: true
+	RemoteARN *string `json:"remoteARN"`
+
+	// secret key
+	// Min Length: 8
+	SecretKey string `json:"secretKey,omitempty"`
+
+	// service
+	// Enum: [replication]
+	Service string `json:"service,omitempty"`
+
+	// source bucket
+	// Required: true
+	SourceBucket *string `json:"sourceBucket"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// target bucket
+	TargetBucket string `json:"targetBucket,omitempty"`
+
+	// target URL
+	TargetURL string `json:"targetURL,omitempty"`
+}
+
+// Validate validates this remote bucket
+func (m *RemoteBucket) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRemoteARN(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateService(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSourceBucket(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *RemoteBucket) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("accessKey", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("accessKey", "body", string(*m.AccessKey), 3); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *RemoteBucket) validateRemoteARN(formats strfmt.Registry) error {
+
+	if err := validate.Required("remoteARN", "body", m.RemoteARN); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *RemoteBucket) validateSecretKey(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.SecretKey) { // not required
+		return nil
+	}
+
+	if err := validate.MinLength("secretKey", "body", string(m.SecretKey), 8); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var remoteBucketTypeServicePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["replication"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		remoteBucketTypeServicePropEnum = append(remoteBucketTypeServicePropEnum, v)
+	}
+}
+
+const (
+
+	// RemoteBucketServiceReplication captures enum value "replication"
+	RemoteBucketServiceReplication string = "replication"
+)
+
+// prop value enum
+func (m *RemoteBucket) validateServiceEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, remoteBucketTypeServicePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *RemoteBucket) validateService(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Service) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateServiceEnum("service", "body", m.Service); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *RemoteBucket) validateSourceBucket(formats strfmt.Registry) error {
+
+	if err := validate.Required("sourceBucket", "body", m.SourceBucket); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *RemoteBucket) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *RemoteBucket) UnmarshalBinary(b []byte) error {
+	var res RemoteBucket
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/set_bucket_quota.go

@@ -0,0 +1,137 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// SetBucketQuota set bucket quota
+//
+// swagger:model setBucketQuota
+type SetBucketQuota struct {
+
+	// amount
+	Amount int64 `json:"amount,omitempty"`
+
+	// enabled
+	// Required: true
+	Enabled *bool `json:"enabled"`
+
+	// quota type
+	// Enum: [fifo hard]
+	QuotaType string `json:"quota_type,omitempty"`
+}
+
+// Validate validates this set bucket quota
+func (m *SetBucketQuota) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEnabled(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateQuotaType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SetBucketQuota) validateEnabled(formats strfmt.Registry) error {
+
+	if err := validate.Required("enabled", "body", m.Enabled); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var setBucketQuotaTypeQuotaTypePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["fifo","hard"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		setBucketQuotaTypeQuotaTypePropEnum = append(setBucketQuotaTypeQuotaTypePropEnum, v)
+	}
+}
+
+const (
+
+	// SetBucketQuotaQuotaTypeFifo captures enum value "fifo"
+	SetBucketQuotaQuotaTypeFifo string = "fifo"
+
+	// SetBucketQuotaQuotaTypeHard captures enum value "hard"
+	SetBucketQuotaQuotaTypeHard string = "hard"
+)
+
+// prop value enum
+func (m *SetBucketQuota) validateQuotaTypeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, setBucketQuotaTypeQuotaTypePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *SetBucketQuota) validateQuotaType(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.QuotaType) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateQuotaTypeEnum("quota_type", "body", m.QuotaType); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SetBucketQuota) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SetBucketQuota) UnmarshalBinary(b []byte) error {
+	var res SetBucketQuota
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/set_bucket_versioning.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// SetBucketVersioning set bucket versioning
+//
+// swagger:model setBucketVersioning
+type SetBucketVersioning struct {
+
+	// versioning
+	Versioning bool `json:"versioning,omitempty"`
+}
+
+// Validate validates this set bucket versioning
+func (m *SetBucketVersioning) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SetBucketVersioning) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SetBucketVersioning) UnmarshalBinary(b []byte) error {
+	var res SetBucketVersioning
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant.go

@@ -35,12 +35,21 @@ import (
 // swagger:model tenant
 type Tenant struct {
 
+	// console image
+	ConsoleImage string `json:"console_image,omitempty"`
+
 	// creation date
 	CreationDate string `json:"creation_date,omitempty"`
 
 	// current state
 	CurrentState string `json:"currentState,omitempty"`
 
+	// deletion date
+	DeletionDate string `json:"deletion_date,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
+
 	// image
 	Image string `json:"image,omitempty"`
 

models/tenant_list.go

@@ -38,6 +38,9 @@ type TenantList struct {
 	// current state
 	CurrentState string `json:"currentState,omitempty"`
 
+	// deletion date
+	DeletionDate string `json:"deletion_date,omitempty"`
+
 	// instance count
 	InstanceCount int64 `json:"instance_count,omitempty"`
 

models/tenant_usage.go

@@ -32,8 +32,11 @@ import (
 // swagger:model tenantUsage
 type TenantUsage struct {
 
-	// used size
-	UsedSize int64 `json:"used_size,omitempty"`
+	// disk used
+	DiskUsed int64 `json:"disk_used,omitempty"`
+
+	// used
+	Used int64 `json:"used,omitempty"`
 }
 
 // Validate validates this tenant usage

models/tls_configuration.go

@@ -0,0 +1,122 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TLSConfiguration tls configuration
+//
+// swagger:model tlsConfiguration
+type TLSConfiguration struct {
+
+	// console
+	Console *KeyPairConfiguration `json:"console,omitempty"`
+
+	// minio
+	Minio []*KeyPairConfiguration `json:"minio"`
+}
+
+// Validate validates this tls configuration
+func (m *TLSConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMinio(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TLSConfiguration) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *TLSConfiguration) validateMinio(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Minio) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Minio); i++ {
+		if swag.IsZero(m.Minio[i]) { // not required
+			continue
+		}
+
+		if m.Minio[i] != nil {
+			if err := m.Minio[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("minio" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TLSConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TLSConfiguration) UnmarshalBinary(b []byte) error {
+	var res TLSConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/update_tenant_request.go

@@ -34,25 +34,59 @@ import (
 // swagger:model updateTenantRequest
 type UpdateTenantRequest struct {
 
+	// console image
+	// Pattern: ^((.*?)/(.*?):(.+))$
+	ConsoleImage string `json:"console_image,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
+
 	// image
 	// Pattern: ^((.*?)/(.*?):(.+))$
 	Image string `json:"image,omitempty"`
+
+	// image pull secret
+	ImagePullSecret string `json:"image_pull_secret,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
 }
 
 // Validate validates this update tenant request
 func (m *UpdateTenantRequest) Validate(formats strfmt.Registry) error {
 	var res []error
 
+	if err := m.validateConsoleImage(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateImage(formats); err != nil {
 		res = append(res, err)
 	}
 
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
 	return nil
 }
 
+func (m *UpdateTenantRequest) validateConsoleImage(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ConsoleImage) { // not required
+		return nil
+	}
+
+	if err := validate.Pattern("console_image", "body", string(m.ConsoleImage), `^((.*?)/(.*?):(.+))$`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
 
 	if swag.IsZero(m.Image) { // not required
@@ -66,6 +100,24 @@ func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *UpdateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *UpdateTenantRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {

models/vault_configuration.go

@@ -0,0 +1,310 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// VaultConfiguration vault configuration
+//
+// swagger:model vaultConfiguration
+type VaultConfiguration struct {
+
+	// approle
+	// Required: true
+	Approle *VaultConfigurationApprole `json:"approle"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// engine
+	Engine string `json:"engine,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// status
+	Status *VaultConfigurationStatus `json:"status,omitempty"`
+
+	// tls
+	TLS *VaultConfigurationTLS `json:"tls,omitempty"`
+}
+
+// Validate validates this vault configuration
+func (m *VaultConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateApprole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *VaultConfiguration) validateApprole(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle", "body", m.Approle); err != nil {
+		return err
+	}
+
+	if m.Approle != nil {
+		if err := m.Approle.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("approle")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	if m.Status != nil {
+		if err := m.Status.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("status")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfiguration) UnmarshalBinary(b []byte) error {
+	var res VaultConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationApprole vault configuration approle
+//
+// swagger:model VaultConfigurationApprole
+type VaultConfigurationApprole struct {
+
+	// engine
+	Engine string `json:"engine,omitempty"`
+
+	// id
+	// Required: true
+	ID *string `json:"id"`
+
+	// retry
+	Retry int64 `json:"retry,omitempty"`
+
+	// secret
+	// Required: true
+	Secret *string `json:"secret"`
+}
+
+// Validate validates this vault configuration approle
+func (m *VaultConfigurationApprole) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *VaultConfigurationApprole) validateID(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle"+"."+"id", "body", m.ID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *VaultConfigurationApprole) validateSecret(formats strfmt.Registry) error {
+
+	if err := validate.Required("approle"+"."+"secret", "body", m.Secret); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationApprole) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationApprole) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationApprole
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationStatus vault configuration status
+//
+// swagger:model VaultConfigurationStatus
+type VaultConfigurationStatus struct {
+
+	// ping
+	Ping int64 `json:"ping,omitempty"`
+}
+
+// Validate validates this vault configuration status
+func (m *VaultConfigurationStatus) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationStatus) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationStatus
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// VaultConfigurationTLS vault configuration TLS
+//
+// swagger:model VaultConfigurationTLS
+type VaultConfigurationTLS struct {
+
+	// ca
+	Ca string `json:"ca,omitempty"`
+
+	// crt
+	Crt string `json:"crt,omitempty"`
+
+	// key
+	Key string `json:"key,omitempty"`
+}
+
+// Validate validates this vault configuration TLS
+func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationTLS
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone.go

@@ -207,6 +207,12 @@ func (m *Zone) UnmarshalBinary(b []byte) error {
 // swagger:model ZoneVolumeConfiguration
 type ZoneVolumeConfiguration struct {
 
+	// annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// labels
+	Labels map[string]string `json:"labels,omitempty"`
+
 	// size
 	// Required: true
 	Size *int64 `json:"size"`

models/zone_toleration_seconds.go

@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneTolerationSeconds TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+//
+// swagger:model zoneTolerationSeconds
+type ZoneTolerationSeconds struct {
+
+	// seconds
+	// Required: true
+	Seconds *int64 `json:"seconds"`
+}
+
+// Validate validates this zone toleration seconds
+func (m *ZoneTolerationSeconds) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationSeconds) validateSeconds(formats strfmt.Registry) error {
+
+	if err := validate.Required("seconds", "body", m.Seconds); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) UnmarshalBinary(b []byte) error {
+	var res ZoneTolerationSeconds
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/zone_tolerations.go

@@ -75,8 +75,8 @@ type ZoneTolerationsItems0 struct {
 	// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 	Operator string `json:"operator,omitempty"`
 
-	// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-	TolerationSeconds int64 `json:"tolerationSeconds,omitempty"`
+	// toleration seconds
+	TolerationSeconds *ZoneTolerationSeconds `json:"tolerationSeconds,omitempty"`
 
 	// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 	Value string `json:"value,omitempty"`
@@ -84,6 +84,33 @@ type ZoneTolerationsItems0 struct {
 
 // Validate validates this zone tolerations items0
 func (m *ZoneTolerationsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateTolerationSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationsItems0) validateTolerationSeconds(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TolerationSeconds) { // not required
+		return nil
+	}
+
+	if m.TolerationSeconds != nil {
+		if err := m.TolerationSeconds.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tolerationSeconds")
+			}
+			return err
+		}
+	}
+
 	return nil
 }
 

models/zone_update_request.go

@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneUpdateRequest zone update request
+//
+// swagger:model zoneUpdateRequest
+type ZoneUpdateRequest struct {
+
+	// zones
+	// Required: true
+	Zones []*Zone `json:"zones"`
+}
+
+// Validate validates this zone update request
+func (m *ZoneUpdateRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateZones(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneUpdateRequest) validateZones(formats strfmt.Registry) error {
+
+	if err := validate.Required("zones", "body", m.Zones); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.Zones); i++ {
+		if swag.IsZero(m.Zones[i]) { // not required
+			continue
+		}
+
+		if m.Zones[i] != nil {
+			if err := m.Zones[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("zones" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneUpdateRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneUpdateRequest) UnmarshalBinary(b []byte) error {
+	var res ZoneUpdateRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

package-lock.json

@@ -1,3 +0,0 @@
-{
-  "lockfileVersion": 1
-}

pkg/acl/endpoints.go

@@ -22,22 +22,26 @@ import (
 
 // endpoints definition
 var (
-	configuration   = "/configurations-list"
-	users           = "/users"
-	groups          = "/groups"
-	iamPolicies     = "/policies"
-	dashboard       = "/dashboard"
-	profiling       = "/profiling"
-	trace           = "/trace"
-	logs            = "/logs"
-	watch           = "/watch"
-	notifications   = "/notification-endpoints"
-	buckets         = "/buckets"
-	bucketsDetail   = "/buckets/:bucketName"
-	serviceAccounts = "/service-accounts"
-	tenants         = "/tenants"
-	tenantsDetail   = "/tenants/:tenantName"
-	heal            = "/heal"
+	configuration       = "/configurations-list"
+	users               = "/users"
+	groups              = "/groups"
+	iamPolicies         = "/policies"
+	dashboard           = "/dashboard"
+	profiling           = "/profiling"
+	watch               = "/watch"
+	notifications       = "/notification-endpoints"
+	buckets             = "/buckets"
+	bucketsDetail       = "/buckets/:bucketName"
+	serviceAccounts     = "/service-accounts"
+	tenants             = "/tenants"
+	tenantsDetail       = "/namespaces/:tenantNamespace/tenants/:tenantName"
+	heal                = "/heal"
+	remoteBuckets       = "/remote-buckets"
+	replication         = "/replication"
+	objectBrowser       = "/object-browser/:bucket/*"
+	objectBrowserBucket = "/object-browser/:bucket"
+	mainObjectBrowser   = "/object-browser"
+	license             = "/license"
 )
 
 type ConfigurationActionSet struct {
@@ -55,16 +59,6 @@ var configurationActionSet = ConfigurationActionSet{
 	),
 }
 
-// logsActionSet contains the list of admin actions required for this endpoint to work
-var logsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ConsoleLogAdminAction,
-	),
-}
-
 // dashboardActionSet contains the list of admin actions required for this endpoint to work
 var dashboardActionSet = ConfigurationActionSet{
 	actionTypes: iampolicy.NewActionSet(
@@ -113,16 +107,6 @@ var profilingActionSet = ConfigurationActionSet{
 	),
 }
 
-// traceActionSet contains the list of admin actions required for this endpoint to work
-var traceActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.TraceAdminAction,
-	),
-}
-
 // usersActionSet contains the list of admin actions required for this endpoint to work
 var usersActionSet = ConfigurationActionSet{
 	actionTypes: iampolicy.NewActionSet(
@@ -208,22 +192,56 @@ var healActionSet = ConfigurationActionSet{
 	),
 }
 
+var remoteBucketsActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ConfigUpdateAdminAction,
+	),
+}
+
+var replicationActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.ConfigUpdateAdminAction,
+	),
+}
+
+// objectBrowserActionSet no actions needed for this module to work
+var objectBrowserActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
+}
+
+// licenseActionSet no actions needed for this module to work
+var licenseActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
+}
+
 // endpointRules contains the mapping between endpoints and ActionSets, additional rules can be added here
 var endpointRules = map[string]ConfigurationActionSet{
-	configuration:   configurationActionSet,
-	users:           usersActionSet,
-	groups:          groupsActionSet,
-	iamPolicies:     iamPoliciesActionSet,
-	dashboard:       dashboardActionSet,
-	profiling:       profilingActionSet,
-	trace:           traceActionSet,
-	logs:            logsActionSet,
-	watch:           watchActionSet,
-	notifications:   notificationsActionSet,
-	buckets:         bucketsActionSet,
-	bucketsDetail:   bucketsActionSet,
-	serviceAccounts: serviceAccountsActionSet,
-	heal:            healActionSet,
+	configuration:       configurationActionSet,
+	users:               usersActionSet,
+	groups:              groupsActionSet,
+	iamPolicies:         iamPoliciesActionSet,
+	dashboard:           dashboardActionSet,
+	profiling:           profilingActionSet,
+	watch:               watchActionSet,
+	notifications:       notificationsActionSet,
+	buckets:             bucketsActionSet,
+	bucketsDetail:       bucketsActionSet,
+	serviceAccounts:     serviceAccountsActionSet,
+	heal:                healActionSet,
+	remoteBuckets:       remoteBucketsActionSet,
+	replication:         replicationActionSet,
+	objectBrowser:       objectBrowserActionSet,
+	mainObjectBrowser:   objectBrowserActionSet,
+	objectBrowserBucket: objectBrowserActionSet,
+	license:             licenseActionSet,
 }
 
 // operatorRules contains the mapping between endpoints and ActionSets for operator only mode

pkg/acl/endpoints_test.go

@@ -50,7 +50,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 			args: args{
 				[]string{"admin:ServerInfo"},
 			},
-			want: 2,
+			want: 6,
 		},
 		{
 			name: "policies endpoint",
@@ -63,7 +63,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:ListUserPolicies",
 				},
 			},
-			want: 2,
+			want: 6,
 		},
 		{
 			name: "all admin endpoints",
@@ -72,7 +72,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:*",
 				},
 			},
-			want: 11,
+			want: 15,
 		},
 		{
 			name: "all s3 endpoints",
@@ -81,7 +81,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 4,
+			want: 8,
 		},
 		{
 			name: "all admin and s3 endpoints",
@@ -91,7 +91,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 14,
+			want: 18,
 		},
 		{
 			name: "no endpoints",

pkg/auth/jwt.go

@@ -1,231 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package auth
-
-import (
-	"crypto/aes"
-	"crypto/cipher"
-	"crypto/rand"
-	"crypto/sha1"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"strings"
-	"time"
-
-	jwtgo "github.com/dgrijalva/jwt-go"
-	"github.com/go-openapi/swag"
-	"github.com/minio/console/models"
-	xjwt "github.com/minio/console/pkg/auth/jwt"
-	"github.com/minio/minio-go/v7/pkg/credentials"
-	uuid "github.com/satori/go.uuid"
-	"golang.org/x/crypto/pbkdf2"
-)
-
-var (
-	errAuthentication = errors.New("authentication failed, check your access credentials")
-	errNoAuthToken    = errors.New("JWT token missing")
-	errReadingToken   = errors.New("JWT internal data is malformed")
-	errClaimsFormat   = errors.New("encrypted jwt claims not in the right format")
-)
-
-// derivedKey is the key used to encrypt the JWT claims, its derived using pbkdf on CONSOLE_PBKDF_PASSPHRASE with CONSOLE_PBKDF_SALT
-var derivedKey = pbkdf2.Key([]byte(xjwt.GetPBKDFPassphrase()), []byte(xjwt.GetPBKDFSalt()), 4096, 32, sha1.New)
-
-// IsJWTValid returns true or false depending if the provided jwt is valid or not
-func IsJWTValid(token string) bool {
-	_, err := JWTAuthenticate(token)
-	return err == nil
-}
-
-// DecryptedClaims claims struct for decrypted credentials
-type DecryptedClaims struct {
-	AccessKeyID     string
-	SecretAccessKey string
-	SessionToken    string
-	Actions         []string
-}
-
-// JWTAuthenticate takes a jwt, decode it, extract claims and validate the signature
-// if the jwt claims.Data is valid we proceed to decrypt the information inside
-//
-// returns claims after validation in the following format:
-//
-//	type DecryptedClaims struct {
-//		AccessKeyID
-//		SecretAccessKey
-//		SessionToken
-//	}
-func JWTAuthenticate(token string) (*DecryptedClaims, error) {
-	if token == "" {
-		return nil, errNoAuthToken
-	}
-	// initialize claims object
-	claims := xjwt.NewMapClaims()
-	// populate the claims object
-	if err := xjwt.ParseWithClaims(token, claims); err != nil {
-		return nil, errAuthentication
-	}
-	// decrypt the claims.Data field
-	claimTokens, err := decryptClaims(claims.Data)
-	if err != nil {
-		// we print decryption token error information for debugging purposes
-		log.Println(err)
-		// we return a generic error that doesn't give any information to attackers
-		return nil, errReadingToken
-	}
-	// claimsTokens contains the decrypted STS claims
-	return claimTokens, nil
-}
-
-// NewJWTWithClaimsForClient generates a new jwt with claims based on the provided STS credentials, first
-// encrypts the claims and the sign them
-func NewJWTWithClaimsForClient(credentials *credentials.Value, actions []string, audience string) (string, error) {
-	if credentials != nil {
-		encryptedClaims, err := encryptClaims(credentials.AccessKeyID, credentials.SecretAccessKey, credentials.SessionToken, actions)
-		if err != nil {
-			return "", err
-		}
-		claims := xjwt.NewStandardClaims()
-		claims.SetExpiry(time.Now().UTC().Add(xjwt.GetConsoleSTSAndJWTDurationTime()))
-		claims.SetSubject(uuid.NewV4().String())
-		claims.SetData(encryptedClaims)
-		claims.SetAudience(audience)
-		jwt := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, claims)
-		return jwt.SignedString([]byte(xjwt.GetHmacJWTSecret()))
-	}
-	return "", errors.New("provided credentials are empty")
-}
-
-// encryptClaims() receives the 3 STS claims, concatenate them and encrypt them using AES-GCM
-// returns a base64 encoded ciphertext
-func encryptClaims(accessKeyID, secretAccessKey, sessionToken string, actions []string) (string, error) {
-	payload := []byte(fmt.Sprintf("%s#%s#%s#%s", accessKeyID, secretAccessKey, sessionToken, strings.Join(actions, ",")))
-	ciphertext, err := encrypt(payload)
-	if err != nil {
-		return "", err
-	}
-	return base64.StdEncoding.EncodeToString(ciphertext), nil
-}
-
-// decryptClaims() receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces a *DecryptedClaims object
-func decryptClaims(ciphertext string) (*DecryptedClaims, error) {
-	decoded, err := base64.StdEncoding.DecodeString(ciphertext)
-	if err != nil {
-		log.Println(err)
-		return nil, errClaimsFormat
-	}
-	plaintext, err := decrypt(decoded)
-	if err != nil {
-		log.Println(err)
-		return nil, errClaimsFormat
-	}
-	s := strings.Split(string(plaintext), "#")
-	// Validate that the decrypted string has the right format "accessKeyID:secretAccessKey:sessionToken"
-	if len(s) != 4 {
-		return nil, errClaimsFormat
-	}
-	accessKeyID, secretAccessKey, sessionToken, actions := s[0], s[1], s[2], s[3]
-	actionsList := strings.Split(actions, ",")
-	return &DecryptedClaims{
-		AccessKeyID:     accessKeyID,
-		SecretAccessKey: secretAccessKey,
-		SessionToken:    sessionToken,
-		Actions:         actionsList,
-	}, nil
-}
-
-// Encrypt a blob of data using AEAD (AES-GCM) with a pbkdf2 derived key
-func encrypt(plaintext []byte) ([]byte, error) {
-	block, _ := aes.NewCipher(derivedKey)
-	gcm, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-	nonce := make([]byte, gcm.NonceSize())
-	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
-		return nil, err
-	}
-	cipherText := gcm.Seal(nonce, nonce, plaintext, nil)
-	return cipherText, nil
-}
-
-// Decrypts a blob of data using AEAD (AES-GCM) with a pbkdf2 derived key
-func decrypt(data []byte) ([]byte, error) {
-	block, err := aes.NewCipher(derivedKey)
-	if err != nil {
-		return nil, err
-	}
-	gcm, err := cipher.NewGCM(block)
-	if err != nil {
-		return nil, err
-	}
-	nonceSize := gcm.NonceSize()
-	nonce, cipherText := data[:nonceSize], data[nonceSize:]
-	plaintext, err := gcm.Open(nil, nonce, cipherText, nil)
-	if err != nil {
-		return nil, err
-	}
-	return plaintext, nil
-}
-
-// GetTokenFromRequest returns a token from a http Request
-// either defined on a cookie `token` or on Authorization header.
-//
-// Authorization Header needs to be like "Authorization Bearer <jwt_token>"
-func GetTokenFromRequest(r *http.Request) (*string, error) {
-	// Get Auth token
-	var reqToken string
-
-	// Token might come either as a Cookie or as a Header
-	// if not set in cookie, check if it is set on Header.
-	tokenCookie, err := r.Cookie("token")
-	if err != nil {
-		headerToken := r.Header.Get("Authorization")
-		// reqToken should come as "Bearer <token>"
-		splitHeaderToken := strings.Split(headerToken, "Bearer")
-		if len(splitHeaderToken) <= 1 {
-			return nil, errNoAuthToken
-		}
-		reqToken = strings.TrimSpace(splitHeaderToken[1])
-	} else {
-		reqToken = strings.TrimSpace(tokenCookie.Value)
-	}
-	return swag.String(reqToken), nil
-}
-
-func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
-	sessionID, err := GetTokenFromRequest(req)
-	if err != nil {
-		return nil, err
-	}
-	// Perform decryption of the JWT, if Console is able to decrypt the JWT that means a valid session
-	// was used in the first place to get it
-	claims, err := JWTAuthenticate(*sessionID)
-	if err != nil {
-		return nil, err
-	}
-	return &models.Principal{
-		AccessKeyID:     claims.AccessKeyID,
-		Actions:         claims.Actions,
-		SecretAccessKey: claims.SecretAccessKey,
-		SessionToken:    claims.SessionToken,
-	}, nil
-}

pkg/auth/jwt/parser.go

@@ -1,281 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package jwt
-
-// This file is a re-implementation of the original code here with some
-// additional allocation tweaks reproduced using GODEBUG=allocfreetrace=1
-// original file https://github.com/dgrijalva/jwt-go/blob/master/parser.go
-// borrowed under MIT License https://github.com/dgrijalva/jwt-go/blob/master/LICENSE
-
-import (
-	"crypto"
-	"crypto/hmac"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"strings"
-	"sync"
-	"time"
-
-	jwtgo "github.com/dgrijalva/jwt-go"
-	jsoniter "github.com/json-iterator/go"
-)
-
-const (
-	claimData = "data"
-	claimSub  = "sub"
-)
-
-// SigningMethodHMAC - Implements the HMAC-SHA family of signing methods signing methods
-// Expects key type of []byte for both signing and validation
-type SigningMethodHMAC struct {
-	Name string
-	Hash crypto.Hash
-}
-
-// Specific instances for HS256, HS384, HS512
-var (
-	SigningMethodHS256 *SigningMethodHMAC
-	SigningMethodHS384 *SigningMethodHMAC
-	SigningMethodHS512 *SigningMethodHMAC
-)
-
-var (
-	base64BufPool sync.Pool
-	hmacSigners   []*SigningMethodHMAC
-)
-
-func init() {
-	base64BufPool = sync.Pool{
-		New: func() interface{} {
-			buf := make([]byte, 8192)
-			return &buf
-		},
-	}
-
-	hmacSigners = []*SigningMethodHMAC{
-		{"HS256", crypto.SHA256},
-		{"HS384", crypto.SHA384},
-		{"HS512", crypto.SHA512},
-	}
-}
-
-// StandardClaims are basically standard claims with "Data"
-type StandardClaims struct {
-	Data string `json:"data,omitempty"`
-	jwtgo.StandardClaims
-}
-
-// MapClaims - implements custom unmarshaller
-type MapClaims struct {
-	Data    string `json:"data,omitempty"`
-	Subject string `json:"sub,omitempty"`
-	jwtgo.MapClaims
-}
-
-// NewStandardClaims - initializes standard claims
-func NewStandardClaims() *StandardClaims {
-	return &StandardClaims{}
-}
-
-// SetIssuer sets issuer for these claims
-func (c *StandardClaims) SetIssuer(issuer string) {
-	c.Issuer = issuer
-}
-
-// SetAudience sets audience for these claims
-func (c *StandardClaims) SetAudience(aud string) {
-	c.Audience = aud
-}
-
-// SetExpiry sets expiry in unix epoch secs
-func (c *StandardClaims) SetExpiry(t time.Time) {
-	c.ExpiresAt = t.Unix()
-}
-
-// SetSubject sets unique identifier for the jwt
-func (c *StandardClaims) SetSubject(subject string) {
-	c.Subject = subject
-}
-
-// SetData sets the "Data" custom field.
-func (c *StandardClaims) SetData(data string) {
-	c.Data = data
-}
-
-// Valid - implements https://godoc.org/github.com/dgrijalva/jwt-go#Claims compatible
-// claims interface, additionally validates "Data" field.
-func (c *StandardClaims) Valid() error {
-	if err := c.StandardClaims.Valid(); err != nil {
-		return err
-	}
-
-	if c.Data == "" || c.Subject == "" {
-		return jwtgo.NewValidationError("data/sub",
-			jwtgo.ValidationErrorClaimsInvalid)
-	}
-	return nil
-}
-
-// NewMapClaims - Initializes a new map claims
-func NewMapClaims() *MapClaims {
-	return &MapClaims{MapClaims: jwtgo.MapClaims{}}
-}
-
-// Lookup returns the value and if the key is found.
-func (c *MapClaims) Lookup(key string) (value string, ok bool) {
-	var vinterface interface{}
-	vinterface, ok = c.MapClaims[key]
-	if ok {
-		value, ok = vinterface.(string)
-	}
-	return
-}
-
-// SetExpiry sets expiry in unix epoch secs
-func (c *MapClaims) SetExpiry(t time.Time) {
-	c.MapClaims["exp"] = t.Unix()
-}
-
-// SetData sets the "Data" custom field.
-func (c *MapClaims) SetData(data string) {
-	c.MapClaims[claimData] = data
-}
-
-// Valid - implements https://godoc.org/github.com/dgrijalva/jwt-go#Claims compatible
-// claims interface, additionally validates "Data" field.
-func (c *MapClaims) Valid() error {
-	if err := c.MapClaims.Valid(); err != nil {
-		return err
-	}
-
-	if c.Data == "" || c.Subject == "" {
-		return jwtgo.NewValidationError("data/subject",
-			jwtgo.ValidationErrorClaimsInvalid)
-	}
-	return nil
-}
-
-// Map returns underlying low-level map claims.
-func (c *MapClaims) Map() map[string]interface{} {
-	return c.MapClaims
-}
-
-// MarshalJSON marshals the MapClaims struct
-func (c *MapClaims) MarshalJSON() ([]byte, error) {
-	return json.Marshal(c.MapClaims)
-}
-
-// https://tools.ietf.org/html/rfc7519#page-11
-type jwtHeader struct {
-	Algorithm string `json:"alg"`
-	Type      string `json:"typ"`
-}
-
-// ParseWithClaims - parse the token string, valid methods.
-func ParseWithClaims(tokenStr string, claims *MapClaims) error {
-	bufp := base64BufPool.Get().(*[]byte)
-	defer base64BufPool.Put(bufp)
-
-	signer, err := parseUnverifiedMapClaims(tokenStr, claims, *bufp)
-	if err != nil {
-		return err
-	}
-
-	i := strings.LastIndex(tokenStr, ".")
-	if i < 0 {
-		return jwtgo.ErrSignatureInvalid
-	}
-
-	n, err := base64Decode(tokenStr[i+1:], *bufp)
-	if err != nil {
-		return err
-	}
-
-	var ok bool
-
-	claims.Data, ok = claims.Lookup(claimData)
-	if !ok {
-		return jwtgo.NewValidationError("data missing",
-			jwtgo.ValidationErrorClaimsInvalid)
-	}
-
-	claims.Subject, ok = claims.Lookup(claimSub)
-	if !ok {
-		return jwtgo.NewValidationError("sub missing",
-			jwtgo.ValidationErrorClaimsInvalid)
-	}
-
-	hasher := hmac.New(signer.Hash.New, []byte(GetHmacJWTSecret()))
-	hasher.Write([]byte(tokenStr[:i]))
-	if !hmac.Equal((*bufp)[:n], hasher.Sum(nil)) {
-		return jwtgo.ErrSignatureInvalid
-	}
-
-	// Signature is valid, lets validate the claims for
-	// other fields such as expiry etc.
-	return claims.Valid()
-}
-
-// base64Decode returns the bytes represented by the base64 string s.
-func base64Decode(s string, buf []byte) (int, error) {
-	return base64.RawURLEncoding.Decode(buf, []byte(s))
-}
-
-// ParseUnverifiedMapClaims - WARNING: Don't use this method unless you know what you're doing
-//
-// This method parses the token but doesn't validate the signature. It's only
-// ever useful in cases where you know the signature is valid (because it has
-// been checked previously in the stack) and you want to extract values from
-// it.
-func parseUnverifiedMapClaims(tokenString string, claims *MapClaims, buf []byte) (*SigningMethodHMAC, error) {
-	if strings.Count(tokenString, ".") != 2 {
-		return nil, jwtgo.ErrSignatureInvalid
-	}
-
-	i := strings.Index(tokenString, ".")
-	j := strings.LastIndex(tokenString, ".")
-
-	n, err := base64Decode(tokenString[:i], buf)
-	if err != nil {
-		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
-	}
-
-	var header = jwtHeader{}
-	var json = jsoniter.ConfigCompatibleWithStandardLibrary
-	if err = json.Unmarshal(buf[:n], &header); err != nil {
-		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
-	}
-
-	n, err = base64Decode(tokenString[i+1:j], buf)
-	if err != nil {
-		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
-	}
-
-	if err = json.Unmarshal(buf[:n], &claims.MapClaims); err != nil {
-		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
-	}
-
-	for _, signer := range hmacSigners {
-		if header.Algorithm == signer.Name {
-			return signer, nil
-		}
-	}
-
-	return nil, jwtgo.NewValidationError(fmt.Sprintf("signing method (%s) is unavailable.", header.Algorithm),
-		jwtgo.ValidationErrorUnverifiable)
-}

pkg/auth/ldap.go

@@ -24,11 +24,11 @@ import (
 )
 
 var (
-	errInvalidCredentials = errors.New("invalid Credentials")
+	errInvalidCredentials = errors.New("invalid Login")
 )
 
 // GetConsoleCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled
-// if the authentication succeed *credentials.Credentials object is returned and we continue with the normal STSAssumeRole flow
+// if the authentication succeed *credentials.Login object is returned and we continue with the normal STSAssumeRole flow
 func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error) {
 	creds, err := credentials.NewLDAPIdentity(endpoint, ldapUser, ldapPassword)
 	if err != nil {

pkg/auth/operator.go

@@ -76,7 +76,7 @@ func isServiceAccountTokenValid(ctx context.Context, operatorClient OperatorClie
 	return true
 }
 
-// GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Credentials
+// GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Login
 func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
 	ctx := context.Background()
 	opClientClientSet, err := cluster.OperatorClient(jwt)

pkg/auth/token.go

@@ -0,0 +1,323 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package auth
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+
+	"github.com/go-openapi/swag"
+	"github.com/minio/console/models"
+	"github.com/minio/console/pkg/auth/token"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	"github.com/secure-io/sio-go/sioutil"
+	"golang.org/x/crypto/chacha20"
+	"golang.org/x/crypto/chacha20poly1305"
+	"golang.org/x/crypto/pbkdf2"
+)
+
+var (
+	errNoAuthToken  = errors.New("session token missing")
+	errReadingToken = errors.New("session token internal data is malformed")
+	errClaimsFormat = errors.New("encrypted session token claims not in the right format")
+	errorGeneric    = errors.New("an error has occurred")
+)
+
+// derivedKey is the key used to encrypt the session token claims, its derived using pbkdf on CONSOLE_PBKDF_PASSPHRASE with CONSOLE_PBKDF_SALT
+var derivedKey = pbkdf2.Key([]byte(token.GetPBKDFPassphrase()), []byte(token.GetPBKDFSalt()), 4096, 32, sha1.New)
+
+// IsSessionTokenValid returns true or false depending if the provided session token is valid or not
+func IsSessionTokenValid(token string) bool {
+	_, err := SessionTokenAuthenticate(token)
+	return err == nil
+}
+
+// DecryptedClaims claims struct for decrypted credentials
+type DecryptedClaims struct {
+	AccessKeyID     string
+	SecretAccessKey string
+	SessionToken    string
+	Actions         []string
+}
+
+// SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature
+// if the session token claims are valid we proceed to decrypt the information inside
+//
+// returns claims after validation in the following format:
+//
+//	type DecryptedClaims struct {
+//		AccessKeyID
+//		SecretAccessKey
+//		SessionToken
+//	}
+func SessionTokenAuthenticate(token string) (*DecryptedClaims, error) {
+	if token == "" {
+		return nil, errNoAuthToken
+	}
+	// decrypt encrypted token
+	claimTokens, err := decryptClaims(token)
+	if err != nil {
+		// we print decryption token error information for debugging purposes
+		log.Println(err)
+		// we return a generic error that doesn't give any information to attackers
+		return nil, errReadingToken
+	}
+	// claimsTokens contains the decrypted JWT for Console
+	return claimTokens, nil
+}
+
+// NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first
+// encrypts the claims and the sign them
+func NewEncryptedTokenForClient(credentials *credentials.Value, actions []string) (string, error) {
+	if credentials != nil {
+		encryptedClaims, err := encryptClaims(credentials.AccessKeyID, credentials.SecretAccessKey, credentials.SessionToken, actions)
+		if err != nil {
+			return "", err
+		}
+		return encryptedClaims, nil
+	}
+	return "", errors.New("provided credentials are empty")
+}
+
+// encryptClaims() receives the STS claims, concatenate them and encrypt them using AES-GCM
+// returns a base64 encoded ciphertext
+func encryptClaims(accessKeyID, secretAccessKey, sessionToken string, actions []string) (string, error) {
+	payload := []byte(fmt.Sprintf("%s#%s#%s#%s", accessKeyID, secretAccessKey, sessionToken, strings.Join(actions, ",")))
+	ciphertext, err := encrypt(payload, []byte{})
+	if err != nil {
+		log.Println(err)
+		return "", errorGeneric
+	}
+	return base64.StdEncoding.EncodeToString(ciphertext), nil
+}
+
+// decryptClaims() receives base64 encoded ciphertext, decode it, decrypt it (AES-GCM) and produces a *DecryptedClaims object
+func decryptClaims(ciphertext string) (*DecryptedClaims, error) {
+	decoded, err := base64.StdEncoding.DecodeString(ciphertext)
+	if err != nil {
+		log.Println(err)
+		return nil, errClaimsFormat
+	}
+	plaintext, err := decrypt(decoded, []byte{})
+	if err != nil {
+		log.Println(err)
+		return nil, errClaimsFormat
+	}
+	s := strings.Split(string(plaintext), "#")
+	// Validate that the decrypted string has the right format "accessKeyID:secretAccessKey:sessionToken"
+	if len(s) != 4 {
+		return nil, errClaimsFormat
+	}
+	accessKeyID, secretAccessKey, sessionToken, actions := s[0], s[1], s[2], s[3]
+	actionsList := strings.Split(actions, ",")
+	return &DecryptedClaims{
+		AccessKeyID:     accessKeyID,
+		SecretAccessKey: secretAccessKey,
+		SessionToken:    sessionToken,
+		Actions:         actionsList,
+	}, nil
+}
+
+const (
+	aesGcm   = 0x00
+	c20p1305 = 0x01
+)
+
+// Encrypt a blob of data using AEAD scheme, AES-GCM if the executing CPU
+// provides AES hardware support, otherwise will use ChaCha20-Poly1305
+// with a pbkdf2 derived key, this function should be used to encrypt a session
+// or data key provided as plaintext.
+//
+// The returned ciphertext data consists of:
+//    AEAD ID | iv | nonce | encrypted data
+//       1      16		 12     ~ len(data)
+func encrypt(plaintext, associatedData []byte) ([]byte, error) {
+	iv, err := sioutil.Random(16) // 16 bytes IV
+	if err != nil {
+		return nil, err
+	}
+	var algorithm byte
+	if sioutil.NativeAES() {
+		algorithm = aesGcm
+	} else {
+		algorithm = c20p1305
+	}
+	var aead cipher.AEAD
+	switch algorithm {
+	case aesGcm:
+		mac := hmac.New(sha256.New, derivedKey)
+		mac.Write(iv)
+		sealingKey := mac.Sum(nil)
+
+		var block cipher.Block
+		block, err = aes.NewCipher(sealingKey)
+		if err != nil {
+			return nil, err
+		}
+		aead, err = cipher.NewGCM(block)
+		if err != nil {
+			return nil, err
+		}
+	case c20p1305:
+		var sealingKey []byte
+		sealingKey, err = chacha20.HChaCha20(derivedKey, iv) // HChaCha20 expects nonce of 16 bytes
+		if err != nil {
+			return nil, err
+		}
+		aead, err = chacha20poly1305.New(sealingKey)
+		if err != nil {
+			return nil, err
+		}
+	}
+	nonce, err := sioutil.Random(aead.NonceSize())
+	if err != nil {
+		return nil, err
+	}
+
+	sealedBytes := aead.Seal(nil, nonce, plaintext, associatedData)
+
+	// ciphertext = AEAD ID | iv | nonce | sealed bytes
+
+	var buf bytes.Buffer
+	buf.WriteByte(algorithm)
+	buf.Write(iv)
+	buf.Write(nonce)
+	buf.Write(sealedBytes)
+
+	return buf.Bytes(), nil
+}
+
+// Decrypts a blob of data using AEAD scheme AES-GCM if the executing CPU
+// provides AES hardware support, otherwise will use ChaCha20-Poly1305with
+// and a pbkdf2 derived key
+func decrypt(ciphertext []byte, associatedData []byte) ([]byte, error) {
+	var (
+		algorithm [1]byte
+		iv        [16]byte
+		nonce     [12]byte // This depends on the AEAD but both used ciphers have the same nonce length.
+	)
+
+	r := bytes.NewReader(ciphertext)
+	if _, err := io.ReadFull(r, algorithm[:]); err != nil {
+		return nil, err
+	}
+	if _, err := io.ReadFull(r, iv[:]); err != nil {
+		return nil, err
+	}
+	if _, err := io.ReadFull(r, nonce[:]); err != nil {
+		return nil, err
+	}
+
+	var aead cipher.AEAD
+	switch algorithm[0] {
+	case aesGcm:
+		mac := hmac.New(sha256.New, derivedKey)
+		mac.Write(iv[:])
+		sealingKey := mac.Sum(nil)
+		block, err := aes.NewCipher(sealingKey[:])
+		if err != nil {
+			return nil, err
+		}
+		aead, err = cipher.NewGCM(block)
+		if err != nil {
+			return nil, err
+		}
+	case c20p1305:
+		sealingKey, err := chacha20.HChaCha20(derivedKey, iv[:]) // HChaCha20 expects nonce of 16 bytes
+		if err != nil {
+			return nil, err
+		}
+		aead, err = chacha20poly1305.New(sealingKey)
+		if err != nil {
+			return nil, err
+		}
+	default:
+		return nil, fmt.Errorf("invalid algorithm: %v", algorithm)
+	}
+
+	if len(nonce) != aead.NonceSize() {
+		return nil, fmt.Errorf("invalid nonce size %d, expected %d", len(nonce), aead.NonceSize())
+	}
+
+	sealedBytes, err := ioutil.ReadAll(r)
+	if err != nil {
+		return nil, err
+	}
+
+	plaintext, err := aead.Open(nil, nonce[:], sealedBytes, associatedData)
+	if err != nil {
+		return nil, err
+	}
+
+	return plaintext, nil
+}
+
+// GetTokenFromRequest returns a token from a http Request
+// either defined on a cookie `token` or on Authorization header.
+//
+// Authorization Header needs to be like "Authorization Bearer <token>"
+func GetTokenFromRequest(r *http.Request) (*string, error) {
+	// Get Auth token
+	var reqToken string
+
+	// Token might come either as a Cookie or as a Header
+	// if not set in cookie, check if it is set on Header.
+	tokenCookie, err := r.Cookie("token")
+	if err != nil {
+		headerToken := r.Header.Get("Authorization")
+		// reqToken should come as "Bearer <token>"
+		splitHeaderToken := strings.Split(headerToken, "Bearer")
+		if len(splitHeaderToken) <= 1 {
+			return nil, errNoAuthToken
+		}
+		reqToken = strings.TrimSpace(splitHeaderToken[1])
+	} else {
+		reqToken = strings.TrimSpace(tokenCookie.Value)
+	}
+	return swag.String(reqToken), nil
+}
+
+func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
+	sessionID, err := GetTokenFromRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	// Perform decryption of the session token, if Console is able to decrypt the session token that means a valid session
+	// was used in the first place to get it
+	claims, err := SessionTokenAuthenticate(*sessionID)
+	if err != nil {
+		return nil, err
+	}
+	return &models.Principal{
+		AccessKeyID:     claims.AccessKeyID,
+		Actions:         claims.Actions,
+		SecretAccessKey: claims.SecretAccessKey,
+		SessionToken:    claims.SessionToken,
+	}, nil
+}

pkg/auth/token/config.go

@@ -14,40 +14,24 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package jwt
+package token
 
 import (
 	"strconv"
-	"time"
 
 	"github.com/minio/console/pkg/auth/utils"
 	"github.com/minio/minio/pkg/env"
 )
 
-// defaultHmacJWTPassphrase will be used by default if application is not configured with a custom CONSOLE_HMAC_JWT_SECRET secret
-var defaultHmacJWTPassphrase = utils.RandomCharString(64)
-
-// GetHmacJWTSecret returns the 64 bytes secret used for signing the generated JWT for the application
-func GetHmacJWTSecret() string {
-	return env.Get(ConsoleHmacJWTSecret, defaultHmacJWTPassphrase)
-}
-
-// ConsoleSTSAndJWTDurationSeconds returns the default session duration for the STS requested tokens and the generated JWTs.
-// Ideally both values should match so jwt and Minio sts sessions expires at the same time.
-func GetConsoleSTSAndJWTDurationInSeconds() int {
-	duration, err := strconv.Atoi(env.Get(ConsoleSTSAndJWTDurationSeconds, "3600"))
+// ConsoleSTSDurationSeconds returns the default session duration for the STS requested tokens.
+func GetConsoleSTSDurationInSeconds() int {
+	duration, err := strconv.Atoi(env.Get(ConsoleSTSDurationSeconds, "3600"))
 	if err != nil {
 		duration = 3600
 	}
 	return duration
 }
 
-// GetConsoleSTSAndJWTDurationTime returns GetConsoleSTSAndJWTDurationInSeconds in duration format
-func GetConsoleSTSAndJWTDurationTime() time.Duration {
-	duration := GetConsoleSTSAndJWTDurationInSeconds()
-	return time.Duration(duration) * time.Second
-}
-
 var defaultPBKDFPassphrase = utils.RandomCharString(64)
 
 // GetPBKDFPassphrase returns passphrase for the pbkdf2 function used to encrypt JWT payload

pkg/auth/token/const.go

@@ -14,11 +14,10 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package jwt
+package token
 
 const (
-	ConsoleHmacJWTSecret            = "CONSOLE_HMAC_JWT_SECRET"
-	ConsoleSTSAndJWTDurationSeconds = "CONSOLE_STS_AND_JWT_DURATION_SECONDS"
-	ConsolePBKDFPassphrase          = "CONSOLE_PBKDF_PASSPHRASE"
-	ConsolePBKDFSalt                = "CONSOLE_PBKDF_SALT"
+	ConsoleSTSDurationSeconds = "CONSOLE_STS_DURATION_SECONDS"
+	ConsolePBKDFPassphrase    = "CONSOLE_PBKDF_PASSPHRASE"
+	ConsolePBKDFSalt          = "CONSOLE_PBKDF_SALT"
 )

pkg/auth/token_test.go

@@ -23,7 +23,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-var audience = ""
 var creds = &credentials.Value{
 	AccessKeyID:     "fakeAccessKeyID",
 	SecretAccessKey: "fakeSecretAccessKey",
@@ -35,25 +34,25 @@ var badToken = "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjoiRDMwYWE0ekQ1bWt
 
 func TestNewJWTWithClaimsForClient(t *testing.T) {
 	funcAssert := assert.New(t)
-	// Test-1 : NewJWTWithClaimsForClient() is generated correctly without errors
-	function := "NewJWTWithClaimsForClient()"
-	jwt, err := NewJWTWithClaimsForClient(creds, []string{""}, audience)
-	if err != nil || jwt == "" {
+	// Test-1 : NewEncryptedTokenForClient() is generated correctly without errors
+	function := "NewEncryptedTokenForClient()"
+	token, err := NewEncryptedTokenForClient(creds, []string{""})
+	if err != nil || token == "" {
 		t.Errorf("Failed on %s:, error occurred: %s", function, err)
 	}
-	// saving jwt for future tests
-	goodToken = jwt
-	// Test-2 : NewJWTWithClaimsForClient() throws error because of empty credentials
-	if _, err = NewJWTWithClaimsForClient(nil, []string{""}, audience); err != nil {
+	// saving token for future tests
+	goodToken = token
+	// Test-2 : NewEncryptedTokenForClient() throws error because of empty credentials
+	if _, err = NewEncryptedTokenForClient(nil, []string{""}); err != nil {
 		funcAssert.Equal("provided credentials are empty", err.Error())
 	}
 }
 
 func TestJWTAuthenticate(t *testing.T) {
 	funcAssert := assert.New(t)
-	// Test-1 : JWTAuthenticate() should correctly return the claims
-	function := "JWTAuthenticate()"
-	claims, err := JWTAuthenticate(goodToken)
+	// Test-1 : SessionTokenAuthenticate() should correctly return the claims
+	function := "SessionTokenAuthenticate()"
+	claims, err := SessionTokenAuthenticate(goodToken)
 	if err != nil || claims == nil {
 		t.Errorf("Failed on %s:, error occurred: %s", function, err)
 	} else {
@@ -61,20 +60,20 @@ func TestJWTAuthenticate(t *testing.T) {
 		funcAssert.Equal(claims.SecretAccessKey, creds.SecretAccessKey)
 		funcAssert.Equal(claims.SessionToken, creds.SessionToken)
 	}
-	// Test-2 : JWTAuthenticate() return an error because of a tampered jwt
-	if _, err := JWTAuthenticate(badToken); err != nil {
-		funcAssert.Equal("authentication failed, check your access credentials", err.Error())
+	// Test-2 : SessionTokenAuthenticate() return an error because of a tampered token
+	if _, err := SessionTokenAuthenticate(badToken); err != nil {
+		funcAssert.Equal("session token internal data is malformed", err.Error())
 	}
-	// Test-3 : JWTAuthenticate() return an error because of an empty jwt
-	if _, err := JWTAuthenticate(""); err != nil {
-		funcAssert.Equal("JWT token missing", err.Error())
+	// Test-3 : SessionTokenAuthenticate() return an error because of an empty token
+	if _, err := SessionTokenAuthenticate(""); err != nil {
+		funcAssert.Equal("session token missing", err.Error())
 	}
 }
 
-func TestIsJWTValid(t *testing.T) {
+func TestSessionTokenValid(t *testing.T) {
 	funcAssert := assert.New(t)
-	// Test-1 : JWTAuthenticate() provided token is valid
-	funcAssert.Equal(true, IsJWTValid(goodToken))
-	// Test-2 : JWTAuthenticate() provided token is invalid
-	funcAssert.Equal(false, IsJWTValid(badToken))
+	// Test-1 : SessionTokenAuthenticate() provided token is valid
+	funcAssert.Equal(true, IsSessionTokenValid(goodToken))
+	// Test-2 : SessionTokenAuthenticate() provided token is invalid
+	funcAssert.Equal(false, IsSessionTokenValid(badToken))
 }

pkg/certs/certs.go

@@ -0,0 +1,222 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package certs
+
+import (
+	"context"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/minio/cli"
+	"github.com/minio/minio/cmd/config"
+	"github.com/minio/minio/cmd/logger"
+	"github.com/minio/minio/pkg/certs"
+	"github.com/mitchellh/go-homedir"
+)
+
+type GetCertificateFunc = certs.GetCertificateFunc
+
+// ConfigDir - points to a user set directory.
+type ConfigDir struct {
+	Path string
+}
+
+// Get - returns current directory.
+func (dir *ConfigDir) Get() string {
+	return dir.Path
+}
+
+func getDefaultConfigDir() string {
+	homeDir, err := homedir.Dir()
+	if err != nil {
+		return ""
+	}
+	return filepath.Join(homeDir, DefaultConsoleConfigDir)
+}
+
+func getDefaultCertsDir() string {
+	return filepath.Join(getDefaultConfigDir(), CertsDir)
+}
+
+func getDefaultCertsCADir() string {
+	return filepath.Join(getDefaultCertsDir(), CertsCADir)
+}
+
+// isFile - returns whether given Path is a file or not.
+func isFile(path string) bool {
+	if fi, err := os.Stat(path); err == nil {
+		return fi.Mode().IsRegular()
+	}
+
+	return false
+}
+
+var (
+	// DefaultCertsDir certs directory.
+	DefaultCertsDir = &ConfigDir{Path: getDefaultCertsDir()}
+	// DefaultCertsCADir CA directory.
+	DefaultCertsCADir = &ConfigDir{Path: getDefaultCertsCADir()}
+	// GlobalCertsDir points to current certs directory set by user with --certs-dir
+	GlobalCertsDir = DefaultCertsDir
+	// GlobalCertsCADir points to relative Path to certs directory and is <value-of-certs-dir>/CAs
+	GlobalCertsCADir = DefaultCertsCADir
+)
+
+// MkdirAllIgnorePerm attempts to create all directories, ignores any permission denied errors.
+func MkdirAllIgnorePerm(path string) error {
+	err := os.MkdirAll(path, 0700)
+	if err != nil {
+		// It is possible in kubernetes like deployments this directory
+		// is already mounted and is not writable, ignore any write errors.
+		if os.IsPermission(err) {
+			err = nil
+		}
+	}
+	return err
+}
+
+func NewConfigDirFromCtx(ctx *cli.Context, option string, getDefaultDir func() string) (*ConfigDir, bool) {
+	var dir string
+	var dirSet bool
+
+	switch {
+	case ctx.IsSet(option):
+		dir = ctx.String(option)
+		dirSet = true
+	case ctx.GlobalIsSet(option):
+		dir = ctx.GlobalString(option)
+		dirSet = true
+		// cli package does not expose parent's option option.  Below code is workaround.
+		if dir == "" || dir == getDefaultDir() {
+			dirSet = false // Unset to false since GlobalIsSet() true is a false positive.
+			if ctx.Parent().GlobalIsSet(option) {
+				dir = ctx.Parent().GlobalString(option)
+				dirSet = true
+			}
+		}
+	default:
+		// Neither local nor global option is provided.  In this case, try to use
+		// default directory.
+		dir = getDefaultDir()
+		if dir == "" {
+			logger.FatalIf(errors.New("invalid arguments specified"), "%s option must be provided", option)
+		}
+	}
+
+	if dir == "" {
+		logger.FatalIf(errors.New("empty directory"), "%s directory cannot be empty", option)
+	}
+
+	// Disallow relative paths, figure out absolute paths.
+	dirAbs, err := filepath.Abs(dir)
+	logger.FatalIf(err, "Unable to fetch absolute path for %s=%s", option, dir)
+	logger.FatalIf(MkdirAllIgnorePerm(dirAbs), "Unable to create directory specified %s=%s", option, dir)
+
+	return &ConfigDir{Path: dirAbs}, dirSet
+}
+
+func getPublicCertFile() string {
+	return filepath.Join(GlobalCertsDir.Get(), PublicCertFile)
+}
+
+func getPrivateKeyFile() string {
+	return filepath.Join(GlobalCertsDir.Get(), PrivateKeyFile)
+}
+
+func GetTLSConfig() (x509Certs []*x509.Certificate, manager *certs.Manager, err error) {
+
+	ctx := context.Background()
+
+	if !(isFile(getPublicCertFile()) && isFile(getPrivateKeyFile())) {
+		return nil, nil, nil
+	}
+
+	if x509Certs, err = config.ParsePublicCertFile(getPublicCertFile()); err != nil {
+		return nil, nil, err
+	}
+
+	manager, err = certs.NewManager(ctx, getPublicCertFile(), getPrivateKeyFile(), config.LoadX509KeyPair)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	//Console has support for multiple certificates. It expects the following structure:
+	// certs/
+	//  │
+	//  ├─ public.crt
+	//  ├─ private.key
+	//  │
+	//  ├─ example.com/
+	//  │   │
+	//  │   ├─ public.crt
+	//  │   └─ private.key
+	//  └─ foobar.org/
+	//     │
+	//     ├─ public.crt
+	//     └─ private.key
+	//  ...
+	//
+	//Therefore, we read all filenames in the cert directory and check
+	//for each directory whether it contains a public.crt and private.key.
+	// If so, we try to add it to certificate manager.
+	root, err := os.Open(GlobalCertsDir.Get())
+	if err != nil {
+		return nil, nil, err
+	}
+	defer root.Close()
+
+	files, err := root.Readdir(-1)
+	if err != nil {
+		return nil, nil, err
+	}
+	for _, file := range files {
+		// Ignore all
+		// - regular files
+		// - "CAs" directory
+		// - any directory which starts with ".."
+		if file.Mode().IsRegular() || file.Name() == "CAs" || strings.HasPrefix(file.Name(), "..") {
+			continue
+		}
+		if file.Mode()&os.ModeSymlink == os.ModeSymlink {
+			file, err = os.Stat(filepath.Join(root.Name(), file.Name()))
+			if err != nil {
+				// not accessible ignore
+				continue
+			}
+			if !file.IsDir() {
+				continue
+			}
+		}
+
+		var (
+			certFile = filepath.Join(root.Name(), file.Name(), PublicCertFile)
+			keyFile  = filepath.Join(root.Name(), file.Name(), PrivateKeyFile)
+		)
+		if !isFile(certFile) || !isFile(keyFile) {
+			continue
+		}
+		if err = manager.AddCertificate(certFile, keyFile); err != nil {
+			err = fmt.Errorf("unable to load TLS certificate '%s,%s': %w", certFile, keyFile, err)
+			logger.LogIf(ctx, err, logger.Application)
+		}
+	}
+	return x509Certs, manager, nil
+}

pkg/certs/const.go

@@ -0,0 +1,34 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package certs
+
+const (
+	// Default minio configuration directory where below configuration files/directories are stored.
+	DefaultConsoleConfigDir = ".console"
+
+	// Directory contains below files/directories for HTTPS configuration.
+	CertsDir = "certs"
+
+	// Directory contains all CA certificates other than system defaults for HTTPS.
+	CertsCADir = "CAs"
+
+	// Public certificate file for HTTPS.
+	PublicCertFile = "public.crt"
+
+	// Private key file for HTTPS.
+	PrivateKeyFile = "private.key"
+)

pkg/kes/kes.go

@@ -0,0 +1,146 @@
+package kes
+
+import (
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"time"
+
+	"github.com/minio/kes"
+)
+
+type Identity = kes.Identity
+
+type TLSProxyHeader struct {
+	ClientCert string `yaml:"cert,omitempty"`
+}
+
+type TLSProxy struct {
+	Identities *[]Identity     `yaml:"identities,omitempty"`
+	Header     *TLSProxyHeader `yaml:"header,omitempty"`
+}
+
+type TLS struct {
+	KeyPath  string    `yaml:"key,omitempty"`
+	CertPath string    `yaml:"cert,omitempty"`
+	Proxy    *TLSProxy `yaml:"proxy,omitempty"`
+}
+
+type Policy struct {
+	Paths      []string   `yaml:"paths,omitempty"`
+	Identities []Identity `yaml:"identities,omitempty"`
+}
+
+type Expiry struct {
+	Any    time.Duration `yaml:"any,omitempty"`
+	Unused time.Duration `yaml:"unused,omitempty"`
+}
+
+type Cache struct {
+	Expiry *Expiry `yaml:"expiry,omitempty"`
+}
+
+type Log struct {
+	Error string `yaml:"error,omitempty"`
+	Audit string `yaml:"audit,omitempty"`
+}
+
+type Fs struct {
+	Path string `yaml:"path,omitempty"`
+}
+
+type AppRole struct {
+	EnginePath string        `yaml:"engine,omitempty"`
+	ID         string        `yaml:"id,omitempty"`
+	Secret     string        `yaml:"secret,omitempty"`
+	Retry      time.Duration `yaml:"retry,omitempty"`
+}
+
+type VaultTLS struct {
+	KeyPath  string `yaml:"key,omitempty"`
+	CertPath string `yaml:"cert,omitempty"`
+	CAPath   string `yaml:"ca,omitempty"`
+}
+
+type VaultStatus struct {
+	Ping time.Duration `yaml:"ping,omitempty"`
+}
+
+type Vault struct {
+	Endpoint   string       `yaml:"endpoint,omitempty"`
+	EnginePath string       `yaml:"engine,omitempty"`
+	Namespace  string       `yaml:"namespace,omitempty"`
+	Prefix     string       `yaml:"prefix,omitempty"`
+	AppRole    *AppRole     `yaml:"approle,omitempty"`
+	TLS        *VaultTLS    `yaml:"tls,omitempty"`
+	Status     *VaultStatus `yaml:"status,omitempty"`
+}
+
+type AwsSecretManagerLogin struct {
+	AccessKey    string `yaml:"accesskey"`
+	SecretKey    string `yaml:"secretkey"`
+	SessionToken string `yaml:"token"`
+}
+
+type AwsSecretManager struct {
+	Endpoint string                 `yaml:"endpoint,omitempty"`
+	Region   string                 `yaml:"region,omitempty"`
+	KmsKey   string                 ` yaml:"kmskey,omitempty"`
+	Login    *AwsSecretManagerLogin `yaml:"credentials,omitempty"`
+}
+
+type Aws struct {
+	SecretsManager *AwsSecretManager `yaml:"secretsmanager,omitempty"`
+}
+
+type GemaltoCredentials struct {
+	Token  string        `yaml:"token,omitempty"`
+	Domain string        `yaml:"domain,omitempty"`
+	Retry  time.Duration `yaml:"retry,omitempty"`
+}
+
+type GemaltoTLS struct {
+	CAPath string `yaml:"ca,omitempty"`
+}
+
+type GemaltoKeySecure struct {
+	Endpoint    string              `yaml:"endpoint,omitempty"`
+	Credentials *GemaltoCredentials `yaml:"credentials,omitempty"`
+	TLS         *GemaltoTLS         `yaml:"tls,omitempty"`
+}
+
+type Gemalto struct {
+	KeySecure *GemaltoKeySecure `yaml:"keysecure,omitempty"`
+}
+
+type Keys struct {
+	Fs      *Fs      `yaml:"fs,omitempty"`
+	Vault   *Vault   `yaml:"vault,omitempty"`
+	Aws     *Aws     `yaml:"aws,omitempty"`
+	Gemalto *Gemalto `yaml:"gemalto,omitempty"`
+}
+
+type ServerConfig struct {
+	Addr     string            `yaml:"address,omitempty"`
+	Root     Identity          `yaml:"root,omitempty"`
+	TLS      TLS               `yaml:"tls,omitempty"`
+	Policies map[string]Policy `yaml:"policy,omitempty"`
+	Cache    Cache             `yaml:"cache,omitempty"`
+	Log      Log               `yaml:"log,omitempty"`
+	Keys     Keys              `yaml:"keys,omitempty"`
+}
+
+func ParseCertificate(cert []byte) (*x509.Certificate, error) {
+	for {
+		var certDERBlock *pem.Block
+		certDERBlock, cert = pem.Decode(cert)
+		if certDERBlock == nil {
+			break
+		}
+
+		if certDERBlock.Type == "CERTIFICATE" {
+			return x509.ParseCertificate(certDERBlock.Bytes)
+		}
+	}
+	return nil, errors.New("found no (non-CA) certificate in any PEM block")
+}

pkg/utils/parity.go

@@ -0,0 +1,219 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+	"errors"
+	"fmt"
+	"sort"
+
+	"github.com/minio/minio/pkg/ellipses"
+)
+
+// This file implements and supports ellipses pattern for
+// `minio server` command line arguments.
+
+// Supported set sizes this is used to find the optimal
+// single set size.
+var setSizes = []uint64{4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
+
+// getDivisibleSize - returns a greatest common divisor of
+// all the ellipses sizes.
+func getDivisibleSize(totalSizes []uint64) (result uint64) {
+	gcd := func(x, y uint64) uint64 {
+		for y != 0 {
+			x, y = y, x%y
+		}
+		return x
+	}
+	result = totalSizes[0]
+	for i := 1; i < len(totalSizes); i++ {
+		result = gcd(result, totalSizes[i])
+	}
+	return result
+}
+
+// isValidSetSize - checks whether given count is a valid set size for erasure coding.
+var isValidSetSize = func(count uint64) bool {
+	return (count >= setSizes[0] && count <= setSizes[len(setSizes)-1])
+}
+
+// possibleSetCountsWithSymmetry returns symmetrical setCounts based on the
+// input argument patterns, the symmetry calculation is to ensure that
+// we also use uniform number of drives common across all ellipses patterns.
+func possibleSetCountsWithSymmetry(setCounts []uint64, argPatterns []ellipses.ArgPattern) []uint64 {
+	var newSetCounts = make(map[uint64]struct{})
+	for _, ss := range setCounts {
+		var symmetry bool
+		for _, argPattern := range argPatterns {
+			for _, p := range argPattern {
+				if uint64(len(p.Seq)) > ss {
+					symmetry = uint64(len(p.Seq))%ss == 0
+				} else {
+					symmetry = ss%uint64(len(p.Seq)) == 0
+				}
+			}
+		}
+		// With no arg patterns, it is expected that user knows
+		// the right symmetry, so either ellipses patterns are
+		// provided (recommended) or no ellipses patterns.
+		if _, ok := newSetCounts[ss]; !ok && (symmetry || argPatterns == nil) {
+			newSetCounts[ss] = struct{}{}
+		}
+	}
+
+	setCounts = []uint64{}
+	for setCount := range newSetCounts {
+		setCounts = append(setCounts, setCount)
+	}
+
+	// Not necessarily needed but it ensures to the readers
+	// eyes that we prefer a sorted setCount slice for the
+	// subsequent function to figure out the right common
+	// divisor, it avoids loops.
+	sort.Slice(setCounts, func(i, j int) bool {
+		return setCounts[i] < setCounts[j]
+	})
+
+	return setCounts
+}
+
+func commonSetDriveCount(divisibleSize uint64, setCounts []uint64) (setSize uint64) {
+	// prefers setCounts to be sorted for optimal behavior.
+	if divisibleSize < setCounts[len(setCounts)-1] {
+		return divisibleSize
+	}
+
+	// Figure out largest value of total_drives_in_erasure_set which results
+	// in least number of total_drives/total_drives_erasure_set ratio.
+	prevD := divisibleSize / setCounts[0]
+	for _, cnt := range setCounts {
+		if divisibleSize%cnt == 0 {
+			d := divisibleSize / cnt
+			if d <= prevD {
+				prevD = d
+				setSize = cnt
+			}
+		}
+	}
+	return setSize
+}
+
+// getSetIndexes returns list of indexes which provides the set size
+// on each index, this function also determines the final set size
+// The final set size has the affinity towards choosing smaller
+// indexes (total sets)
+func getSetIndexes(args []string, totalSizes []uint64, argPatterns []ellipses.ArgPattern) (setIndexes [][]uint64, err error) {
+	if len(totalSizes) == 0 || len(args) == 0 {
+		return nil, errors.New("invalid argument")
+	}
+
+	setIndexes = make([][]uint64, len(totalSizes))
+	for _, totalSize := range totalSizes {
+		// Check if totalSize has minimum range upto setSize
+		if totalSize < setSizes[0] {
+			return nil, fmt.Errorf("incorrect number of endpoints provided %s", args)
+		}
+	}
+
+	commonSize := getDivisibleSize(totalSizes)
+	possibleSetCounts := func(setSize uint64) (ss []uint64) {
+		for _, s := range setSizes {
+			if setSize%s == 0 {
+				ss = append(ss, s)
+			}
+		}
+		return ss
+	}
+
+	setCounts := possibleSetCounts(commonSize)
+	if len(setCounts) == 0 {
+		err = fmt.Errorf("incorrect number of endpoints provided %s, number of disks %d is not divisible by any supported erasure set sizes %d", args, commonSize, setSizes)
+		return nil, err
+	}
+
+	// Returns possible set counts with symmetry.
+	setCounts = possibleSetCountsWithSymmetry(setCounts, argPatterns)
+	if len(setCounts) == 0 {
+		err = fmt.Errorf("no symmetric distribution detected with input endpoints provided %s, disks %d cannot be spread symmetrically by any supported erasure set sizes %d", args, commonSize, setSizes)
+		return nil, err
+	}
+
+	// Final set size with all the symmetry accounted for.
+	setSize := commonSetDriveCount(commonSize, setCounts)
+
+	// Check whether setSize is with the supported range.
+	if !isValidSetSize(setSize) {
+		err = fmt.Errorf("incorrect number of endpoints provided %s, number of disks %d is not divisible by any supported erasure set sizes %d", args, commonSize, setSizes)
+		return nil, err
+	}
+
+	for i := range totalSizes {
+		for j := uint64(0); j < totalSizes[i]/setSize; j++ {
+			setIndexes[i] = append(setIndexes[i], setSize)
+		}
+	}
+
+	return setIndexes, nil
+}
+
+// Return the total size for each argument patterns.
+func getTotalSizes(argPatterns []ellipses.ArgPattern) []uint64 {
+	var totalSizes []uint64
+	for _, argPattern := range argPatterns {
+		var totalSize uint64 = 1
+		for _, p := range argPattern {
+			totalSize = totalSize * uint64(len(p.Seq))
+		}
+		totalSizes = append(totalSizes, totalSize)
+	}
+	return totalSizes
+}
+
+// PossibleParityValues returns possible parities for input args,
+// parties are calculated in uniform manner for one zone or
+// multiple zones, ensuring that parities returned are common
+// and applicable across all zones.
+func PossibleParityValues(args ...string) ([]string, error) {
+	setIndexes, err := parseEndpointSet(args...)
+	if err != nil {
+		return nil, err
+	}
+	maximumParity := setIndexes[0][0] / 2
+	var parities []string
+	for maximumParity >= 2 {
+		parities = append(parities, fmt.Sprintf("EC:%d", maximumParity))
+		maximumParity--
+	}
+	return parities, nil
+}
+
+// Parses all arguments and returns an endpointSet which is a collection
+// of endpoints following the ellipses pattern, this is what is used
+// by the object layer for initializing itself.
+func parseEndpointSet(args ...string) (setIndexes [][]uint64, err error) {
+	var argPatterns = make([]ellipses.ArgPattern, len(args))
+	for i, arg := range args {
+		patterns, err := ellipses.FindEllipsesPatterns(arg)
+		if err != nil {
+			return nil, err
+		}
+		argPatterns[i] = patterns
+	}
+
+	return getSetIndexes(args, getTotalSizes(argPatterns), argPatterns)
+}

pkg/utils/parity_test.go

@@ -0,0 +1,281 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// All rights reserved
+
+package utils
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/minio/minio/pkg/ellipses"
+)
+
+func TestGetDivisibleSize(t *testing.T) {
+	testCases := []struct {
+		totalSizes []uint64
+		result     uint64
+	}{{[]uint64{24, 32, 16}, 8},
+		{[]uint64{32, 8, 4}, 4},
+		{[]uint64{8, 8, 8}, 8},
+		{[]uint64{24}, 24},
+	}
+
+	for _, testCase := range testCases {
+		testCase := testCase
+		t.Run("", func(t *testing.T) {
+			gotGCD := getDivisibleSize(testCase.totalSizes)
+			if testCase.result != gotGCD {
+				t.Errorf("Expected %v, got %v", testCase.result, gotGCD)
+			}
+		})
+	}
+}
+
+// Test tests calculating set indexes.
+func TestGetSetIndexes(t *testing.T) {
+	testCases := []struct {
+		args       []string
+		totalSizes []uint64
+		indexes    [][]uint64
+		success    bool
+	}{
+		// Invalid inputs.
+		{
+			[]string{"data{1...3}"},
+			[]uint64{3},
+			nil,
+			false,
+		},
+		{
+			[]string{"data/controller1/export{1...2}, data/controller2/export{1...4}, data/controller3/export{1...8}"},
+			[]uint64{2, 4, 8},
+			nil,
+			false,
+		},
+		{
+			[]string{"data{1...17}/export{1...52}"},
+			[]uint64{14144},
+			nil,
+			false,
+		},
+		// Valid inputs.
+		{
+			[]string{"data{1...27}"},
+			[]uint64{27},
+			[][]uint64{{9, 9, 9}},
+			true,
+		},
+		{
+			[]string{"http://host{1...3}/data{1...180}"},
+			[]uint64{540},
+			[][]uint64{{15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15}},
+			true,
+		},
+		{
+			[]string{"http://host{1...2}.rack{1...4}/data{1...180}"},
+			[]uint64{1440},
+			[][]uint64{{16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16}},
+			true,
+		},
+		{
+			[]string{"http://host{1...2}/data{1...180}"},
+			[]uint64{360},
+			[][]uint64{{12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12}},
+			true,
+		},
+		{
+			[]string{"data/controller1/export{1...4}, data/controller2/export{1...8}, data/controller3/export{1...12}"},
+			[]uint64{4, 8, 12},
+			[][]uint64{{4}, {4, 4}, {4, 4, 4}},
+			true,
+		},
+		{
+			[]string{"data{1...64}"},
+			[]uint64{64},
+			[][]uint64{{16, 16, 16, 16}},
+			true,
+		},
+		{
+			[]string{"data{1...24}"},
+			[]uint64{24},
+			[][]uint64{{12, 12}},
+			true,
+		},
+		{
+			[]string{"data/controller{1...11}/export{1...8}"},
+			[]uint64{88},
+			[][]uint64{{11, 11, 11, 11, 11, 11, 11, 11}},
+			true,
+		},
+		{
+			[]string{"data{1...4}"},
+			[]uint64{4},
+			[][]uint64{{4}},
+			true,
+		},
+		{
+			[]string{"data/controller1/export{1...10}, data/controller2/export{1...10}, data/controller3/export{1...10}"},
+			[]uint64{10, 10, 10},
+			[][]uint64{{10}, {10}, {10}},
+			true,
+		},
+		{
+			[]string{"data{1...16}/export{1...52}"},
+			[]uint64{832},
+			[][]uint64{{16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16}},
+			true,
+		},
+	}
+
+	for _, testCase := range testCases {
+		testCase := testCase
+		t.Run("", func(t *testing.T) {
+			var argPatterns = make([]ellipses.ArgPattern, len(testCase.args))
+			for i, arg := range testCase.args {
+				patterns, err := ellipses.FindEllipsesPatterns(arg)
+				if err != nil {
+					t.Fatalf("Unexpected failure %s", err)
+				}
+				argPatterns[i] = patterns
+			}
+			gotIndexes, err := getSetIndexes(testCase.args, testCase.totalSizes, argPatterns)
+			if err != nil && testCase.success {
+				t.Errorf("Expected success but failed instead %s", err)
+			}
+			if err == nil && !testCase.success {
+				t.Errorf("Expected failure but passed instead")
+			}
+			if !reflect.DeepEqual(testCase.indexes, gotIndexes) {
+				t.Errorf("Expected %v, got %v", testCase.indexes, gotIndexes)
+			}
+		})
+	}
+}
+
+// Test tests possible parities returned for any input args
+func TestPossibleParities(t *testing.T) {
+	testCases := []struct {
+		arg      string
+		parities []string
+		success  bool
+	}{
+		// Tests invalid inputs.
+		{
+			"...",
+			nil,
+			false,
+		},
+		// No range specified.
+		{
+			"{...}",
+			nil,
+			false,
+		},
+		// Invalid range.
+		{
+			"http://minio{2...3}/export/set{1...0}",
+			nil,
+			false,
+		},
+		// Range cannot be smaller than 4 minimum.
+		{
+			"/export{1..2}",
+			nil,
+			false,
+		},
+		// Unsupported characters.
+		{
+			"/export/test{1...2O}",
+			nil,
+			false,
+		},
+		// Tests valid inputs.
+		{
+			"{1...27}",
+			[]string{"EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		{
+			"/export/set{1...64}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// Valid input for distributed setup.
+		{
+			"http://minio{2...3}/export/set{1...64}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// Supporting some advanced cases.
+		{
+			"http://minio{1...64}.mydomain.net/data",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		{
+			"http://rack{1...4}.mydomain.minio{1...16}/data",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// Supporting kubernetes cases.
+		{
+			"http://minio{0...15}.mydomain.net/data{0...1}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// No host regex, just disks.
+		{
+			"http://server1/data{1...32}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// No host regex, just disks with two position numerics.
+		{
+			"http://server1/data{01...32}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// More than 2 ellipses are supported as well.
+		{
+			"http://minio{2...3}/export/set{1...64}/test{1...2}",
+			[]string{"EC:8", "EC:7", "EC:6", "EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// More than 1 ellipses per argument for standalone setup.
+		{
+			"/export{1...10}/disk{1...10}",
+			[]string{"EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// IPv6 ellipses with hexadecimal expansion
+		{
+			"http://[2001:3984:3989::{1...a}]/disk{1...10}",
+			[]string{"EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+		// IPv6 ellipses with hexadecimal expansion with 3 position numerics.
+		{
+			"http://[2001:3984:3989::{001...00a}]/disk{1...10}",
+			[]string{"EC:5", "EC:4", "EC:3", "EC:2"},
+			true,
+		},
+	}
+
+	for _, testCase := range testCases {
+		testCase := testCase
+		t.Run("", func(t *testing.T) {
+			gotPs, err := PossibleParityValues(testCase.arg)
+			if err != nil && testCase.success {
+				t.Errorf("Expected success but failed instead %s", err)
+			}
+			if err == nil && !testCase.success {
+				t.Errorf("Expected failure but passed instead")
+			}
+			if !reflect.DeepEqual(testCase.parities, gotPs) {
+				t.Errorf("Expected %v, got %v", testCase.parities, gotPs)
+			}
+		})
+	}
+}

policies/mcsTestUserAddOnly.json

@@ -0,0 +1,15 @@
+{
+    "name": "consoleTestUserAddOnly",
+    "Statement": [
+        {
+            "Action": [
+                "admin:CreateUser"
+            ],
+            "Effect": "Allow",
+            "Resource": [
+                "arn:aws:s3:::*"
+            ]
+        }
+    ],
+    "version": "2012-10-17"
+}

portal-ui/config-overrides.js

@@ -0,0 +1,10 @@
+const rewireReactHotLoader = require('react-app-rewire-hot-loader');
+
+/* config-overrides.js */
+module.exports = function override(config, env) {
+    if (env === 'development') {
+        config.resolve.alias['react-dom'] = '@hot-loader/react-dom';
+    }
+    config = rewireReactHotLoader(config, env);
+    return config;
+};

portal-ui/package-lock.json

@@ -4877,9 +4877,9 @@
       "integrity": "sha512-WOr3SrZ55lUFYugA6sUu3H3ZoxVIH5o3zTSqYS+2DOJJP4hnHmBiD1w432a2YFW/H2G5FIxE6DB06rv+9dUL5g=="
     },
     "elliptic": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz",
-      "integrity": "sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
       "requires": {
         "bn.js": "^4.4.0",
         "brorand": "^1.0.1",

portal-ui/package.json

@@ -5,6 +5,7 @@
   "dependencies": {
     "@babel/helper-create-regexp-features-plugin": "^7.7.4",
     "@babel/plugin-transform-react-jsx-development": "^7.9.0",
+    "@hot-loader/react-dom": "^16.9.0",
     "@material-ui/core": "^4.9.12",
     "@material-ui/icons": "^4.9.1",
     "@types/history": "^4.7.3",
@@ -27,25 +28,29 @@
     "local-storage-fallback": "^4.1.1",
     "lodash": "^4.17.19",
     "moment": "^2.24.0",
-    "npm": "^6.14.4",
     "react": "^16.13.1",
+    "react-app-rewire-hot-loader": "^2.0.1",
+    "react-app-rewired": "^2.1.6",
+    "react-async-hook": "^3.6.1",
     "react-chartjs-2": "^2.9.0",
     "react-codemirror2": "^7.1.0",
     "react-dom": "^16.12.0",
+    "react-hot-loader": "^4.13.0",
     "react-moment": "^0.9.7",
     "react-redux": "^7.1.3",
     "react-router-dom": "^5.1.2",
-    "react-scripts": "3.4.1",
+    "react-scripts": "3.4.4",
     "recharts": "^1.8.5",
     "redux": "^4.0.4",
     "redux-thunk": "^2.3.0",
     "superagent": "^5.1.0",
     "typeface-roboto": "^0.0.75",
     "typescript": "3.6.4",
+    "use-debounce": "^5.0.1",
     "websocket": "^1.0.31"
   },
   "scripts": {
-    "start": "PORT=5000 react-scripts start",
+    "start": "PORT=5000 react-app-rewired start",
     "build": "react-scripts build",
     "test": "react-scripts test",
     "eject": "react-scripts eject"

portal-ui/public/images/BG_IllustrationDarker.svg

@@ -0,0 +1,67 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 368.999 192.934">
+    <defs>
+        <style>
+            .cls-1{opacity:0.35;}.cls-12,.cls-15,.cls-16,.cls-17,.cls-2,.cls-5,.cls-6,.cls-7,.cls-8{opacity:0.5;}.cls-10,.cls-11,.cls-12,.cls-13,.cls-14,.cls-15,.cls-16,.cls-17,.cls-3,.cls-4,.cls-5,.cls-6,.cls-7,.cls-9{fill:none;stroke:#707070;stroke-miterlimit:10;}.cls-4{stroke-width:1px;}.cls-10,.cls-11,.cls-5,.cls-9{stroke-width:1.2px;}.cls-5{stroke-dasharray:2.619
+            2.182;}.cls-12,.cls-15,.cls-16,.cls-17,.cls-5,.cls-6,.cls-7,.cls-8{isolation:isolate;}.cls-6{stroke-width:1.6px;stroke-dasharray:2.144
+            1.786;}.cls-7{stroke-width:1.6px;stroke-dasharray:2.23 1.858;}.cls-10{stroke-dasharray:2.646
+            2.204;}.cls-11{stroke-dasharray:2.585 2.154;}.cls-12{stroke-width:1.8px;stroke-dasharray:2.484
+            2.07;}.cls-13{stroke-dasharray:2.984 2.487;}.cls-14{stroke-dasharray:2.773
+            2.311;}.cls-16{stroke-width:1.8px;}.cls-17{stroke-width:1.8px;}
+        </style>
+    </defs>
+    <title>BG_Illustration</title>
+    <g id="Layer_2" data-name="Layer 2">
+        <g id="Layer_1-2" data-name="Layer 1">
+            <g id="BG_Illustration" data-name="BG Illustration" class="cls-1">
+                <g id="Group_118" data-name="Group 118" class="cls-2">
+                    <path id="Path_56" data-name="Path 56" class="cls-3"
+                          d="M211.5,140.678l-52.726,29.078L79.687,126.139V29.652L132.411.571,211.5,44.188Z"/>
+                    <path id="Path_58" data-name="Path 58" class="cls-3"
+                          d="M158.776,169.756V73.271L211.5,44.193,158.776,73.271,79.688,29.654"/>
+                    <path id="Path_59" data-name="Path 59" class="cls-4" d="M84.681,41l69.1,38.11v79.3l-69.1-38.11Z"/>
+                    <line id="Line_37" data-name="Line 37" class="cls-4" x1="106.25" y1="52.782" x2="106.25"
+                          y2="132.086"/>
+                    <line id="Line_38" data-name="Line 38" class="cls-4" x1="153.783" y1="92.327" x2="106.25"
+                          y2="65.999"/>
+                    <line id="Line_39" data-name="Line 39" class="cls-4" x1="153.783" y1="105.545" x2="106.25"
+                          y2="79.217"/>
+                    <line id="Line_40" data-name="Line 40" class="cls-4" x1="153.783" y1="118.762" x2="106.25"
+                          y2="92.434"/>
+                    <line id="Line_41" data-name="Line 41" class="cls-4" x1="153.783" y1="131.979" x2="106.25"
+                          y2="105.651"/>
+                    <line id="Line_42" data-name="Line 42" class="cls-4" x1="153.783" y1="145.197" x2="106.25"
+                          y2="118.869"/>
+                    <path id="Path_60" data-name="Path 60" class="cls-4"
+                          d="M166.723,151.031l38.8-22.487V62.916L166.723,85.4Z"/>
+                </g>
+                <path id="Path_62" data-name="Path 62" class="cls-5" d="M117.106,148.062l-76.18,43.33"/>
+                <path id="Path_63" data-name="Path 63" class="cls-6" d="M271.394,167.271l-44.483,25.3"/>
+                <path id="Path_64" data-name="Path 64" class="cls-7" d="M190.722,155.708l61.951,36.031"/>
+                <path id="Path_65" data-name="Path 65" class="cls-5" d="M237.7,36.385l28.182,17.229"/>
+                <g id="Path_66" data-name="Path 66" class="cls-8">
+                    <line class="cls-9" x1="362.563" y1="69.327" x2="361.42" y2="68.688"/>
+                    <line class="cls-10" x1="359.496" y1="67.613" x2="305.418" y2="37.39"/>
+                    <polyline class="cls-9" points="304.456 36.852 303.313 36.213 302.158 36.83"/>
+                    <line class="cls-11" x1="300.258" y1="37.844" x2="213.418" y2="84.213"/>
+                    <line class="cls-9" x1="212.468" y1="84.72" x2="211.313" y2="85.337"/>
+                </g>
+                <path id="Path_67" data-name="Path 67" class="cls-12"
+                      d="M79.648,192.571,31.786,166.344h-.868l-23.579,14.2"/>
+                <g id="Path_68" data-name="Path 68" class="cls-8">
+                    <line class="cls-3" x1="22.871" y1="84.641" x2="24.156" y2="83.867"/>
+                    <line class="cls-13" x1="26.286" y1="82.584" x2="48.654" y2="69.113"/>
+                    <polyline class="cls-3" points="49.719 68.471 51.004 67.698 52.307 68.441"/>
+                    <line class="cls-14" x1="54.315" y1="69.585" x2="75.395" y2="81.606"/>
+                    <line class="cls-3" x1="76.399" y1="82.178" x2="77.702" y2="82.921"/>
+                </g>
+                <circle id="Ellipse_11" data-name="Ellipse 11" class="cls-15" cx="4.092" cy="183.59" r="3.592"/>
+                <circle id="Ellipse_12" data-name="Ellipse 12" class="cls-15" cx="274.986" cy="165.477" r="3.592"/>
+                <ellipse id="Ellipse_13" data-name="Ellipse 13" class="cls-16" cx="364.957" cy="71.922" rx="3.592"
+                         ry="2.904"/>
+                <circle id="Ellipse_14" data-name="Ellipse 14" class="cls-15" cx="19.279" cy="87.681" r="3.592"/>
+                <ellipse id="Ellipse_15" data-name="Ellipse 15" class="cls-17" cx="234.106" cy="32.58" rx="3.592"
+                         ry="2.649"/>
+            </g>
+        </g>
+    </g>
+</svg>

portal-ui/public/images/ob_bucket_clear.svg

@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="11.174" height="11" viewBox="0 0 11.174 11">
+    <defs>
+        <style>.a{fill:none;stroke:#081c42;stroke-linecap:round;}</style>
+    </defs>
+    <path class="a" d="M8.392,10H1.608L0,0H10Z" transform="translate(0.587 0.5)"/>
+</svg>

portal-ui/public/images/ob_bucket_filled.svg

@@ -0,0 +1,6 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="11.174" height="11" viewBox="0 0 11.174 11">
+    <defs>
+        <style>.a{fill:#081c42;stroke:#081c42;stroke-linecap:round;}</style>
+    </defs>
+    <path class="a" d="M8.392,10H1.608L0,0H10Z" transform="translate(0.587 0.5)"/>
+</svg>

portal-ui/public/images/ob_file_clear.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="11.442" height="15.302" viewBox="0 0 11.442 15.302">
+    <defs>
+        <style>.a,.b{fill:none;stroke:#081c42;}.b{stroke-linejoin:round;}</style>
+    </defs>
+    <g transform="translate(0.5 0.5)">
+        <path class="a" d="M-12060-11667.842v14.261h10.442v-10.591l-3.671-3.67Z"
+              transform="translate(12059.999 11667.883)"/>
+        <path class="b" d="M-12051.353-11664.255v-3.639l3.528,3.639Z" transform="translate(12058.188 11667.894)"/>
+    </g>
+</svg>

portal-ui/public/images/ob_file_filled.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="11.442" height="15.302" viewBox="0 0 11.442 15.302">
+    <defs>
+        <style>.a,.b{fill:#081c42;stroke:#081c42;}.b{stroke-linejoin:round;fill:#fff}</style>
+    </defs>
+    <g transform="translate(0.5 0.5)">
+        <path class="a" d="M-12060-11667.842v14.261h10.442v-10.591l-3.671-3.67Z"
+              transform="translate(12059.999 11667.883)"/>
+        <path class="b" d="M-12051.353-11664.255v-3.639l3.528,3.639Z" transform="translate(12058.188 11667.894)"/>
+    </g>
+</svg>

portal-ui/public/images/ob_folder_clear.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="15.999" height="13.999" viewBox="0 0 15.999 13.999">
+    <defs>
+        <style>.a{fill:none;stroke-linecap:square;}.b,.c{stroke:none;}.c{fill:#081c42;}</style>
+    </defs>
+    <g class="a" transform="translate(-0.001 0.001)">
+        <path class="b" d="M0,14V0H8.572V2.411H16V14Z"/>
+        <path class="c"
+              d="M 15.00020027160645 12.99860000610352 L 15.00020027160645 3.411099910736084 L 8.571599960327148 3.411099910736084 L 7.571600437164307 3.411099910736084 L 7.571600437164307 2.411099910736084 L 7.571600437164307 0.9990998506546021 L 1.000900268554688 0.9990998506546021 L 1.000900268554688 2.411099910736084 L 1.000900268554688 12.99860000610352 L 15.00020027160645 12.99860000610352 M 16.00020027160645 13.99860000610352 L 0.0009002700680866838 13.99860000610352 L 0.0009002700680866838 2.411099910736084 L 0.0009002700680866838 -0.0009001312428154051 L 8.571599960327148 -0.0009001312428154051 L 8.571599960327148 2.411099910736084 L 16.00020027160645 2.411099910736084 L 16.00020027160645 13.99860000610352 Z"/>
+    </g>
+</svg>