update to version v0.3.11

fix npe for tls console/minio (#243 )
rename SSL to TLS in labels, env variables and normal variables/constants (#242 )
2020-08-09 19:39:46 -07:00 · 2020-08-09 17:19:39 -07:00 · 2020-08-09 16:08:58 -07:00
13 changed files with 50 additions and 48 deletions
--- a/cmd/console/server.go
+++ b/cmd/console/server.go
@@ -47,12 +47,12 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
+			Value: restapi.GetTLSHostname(),
 			Usage: "HTTPS server hostname",
 		},
 		cli.IntFlag{
 			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
+			Value: restapi.GetTLSPort(),
 			Usage: "HTTPS server port",
 		},
 		cli.StringFlag{
--- a/k8s/console/base/console-deployment.yaml
+++ b/k8s/console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: minio/console:v0.3.10
+          image: minio/console:v0.3.11
          imagePullPolicy: "IfNotPresent"
          args:
            - server
--- a/k8s/console/base/minio-operator.yaml
+++ b/k8s/console/base/minio-operator.yaml
@@ -426,7 +426,7 @@ spec:
                externalCertSecret:
                  description:
                    ExternalCertSecret allows a user to specify custom
-                    CA certificate, and private key for group replication SSL.
+                    CA certificate, and private key for group replication TLS.
                  properties:
                    name:
                      type: string
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: minio/console:v0.3.10
+          image: minio/console:v0.3.11
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_OPERATOR_MODE
--- a/models/idp_configuration.go
+++ b/models/idp_configuration.go
@@ -130,8 +130,8 @@ type IdpConfigurationActiveDirectory struct {
 	// server insecure
 	ServerInsecure bool `json:"server_insecure,omitempty"`

-	// skip ssl verification
-	SkipSslVerification bool `json:"skip_ssl_verification,omitempty"`
+	// skip tls verification
+	SkipTLSVerification bool `json:"skip_tls_verification,omitempty"`

 	// url
 	// Required: true
--- a/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx
+++ b/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx
@@ -111,7 +111,7 @@ const AddTenant = ({
  const [accessKey, setAccessKey] = useState<string>("");
  const [secretKey, setSecretKey] = useState<string>("");
  const [enableConsole, setEnableConsole] = useState<boolean>(true);
-  const [enableSSL, setEnableSSL] = useState<boolean>(false);
+  const [enableTLS, setEnableTLS] = useState<boolean>(false);
  const [sizeFactor, setSizeFactor] = useState<string>("Gi");
  const [storageClasses, setStorageClassesList] = useState<Opts[]>([]);
  const [validationErrors, setValidationErrors] = useState<any>({});
@@ -274,7 +274,7 @@ const AddTenant = ({
          name: tenantName,
          service_name: tenantName,
          image: imageName,
-          enable_ssl: enableSSL,
+          enable_tls: enableTLS,
          enable_console: enableConsole,
          access_key: accessKey,
          secret_key: secretKey,
@@ -750,17 +750,17 @@ const AddTenant = ({
          </Grid>
          <Grid item xs={12}>
            <CheckboxWrapper
-              value="enable_ssl"
-              id="enable_ssl"
-              name="enable_ssl"
-              checked={enableSSL}
+              value="enable_tls"
+              id="enable_tls"
+              name="enable_tls"
+              checked={enableTLS}
              onChange={(e) => {
                const targetD = e.target;
                const checked = targetD.checked;

-                setEnableSSL(checked);
+                setEnableTLS(checked);
              }}
-              label={"Enable SSL"}
+              label={"Enable TLS"}
            />
          </Grid>
        </React.Fragment>
@@ -882,9 +882,9 @@ const AddTenant = ({
                <React.Fragment>
                  <TableRow>
                    <TableCell align="right" className={classes.tableTitle}>
-                      Enable SSL
+                      Enable TLS
                    </TableCell>
-                    <TableCell>{enableSSL ? "Enabled" : "Disabled"}</TableCell>
+                    <TableCell>{enableTLS ? "Enabled" : "Disabled"}</TableCell>
                  </TableRow>
                  <TableRow>
                    <TableCell align="right" className={classes.tableTitle}>
--- a/restapi/admin_tenants.go
+++ b/restapi/admin_tenants.go
@@ -420,7 +420,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		url := *tenantReq.Idp.ActiveDirectory.URL
 		userNameFormat := *tenantReq.Idp.ActiveDirectory.UsernameFormat
 		userSearchFilter := *tenantReq.Idp.ActiveDirectory.UserSearchFilter
-		tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipSslVerification
+		tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification
 		serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
 		groupSearchDN := tenantReq.Idp.ActiveDirectory.GroupSearchBaseDn
 		groupSearchFilter := tenantReq.Idp.ActiveDirectory.GroupSearchFilter
@@ -467,7 +467,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	}

 	isEncryptionAvailable := false
-	if *tenantReq.EnableTLS {
+	if tenantReq.EnableTLS != nil && *tenantReq.EnableTLS {
 		// If user request autoCert, Operator will generate certificate keypair for MinIO (server), Console (server) and KES (server and app mTLS)
 		isEncryptionAvailable = true
 		minInst.Spec.RequestAutoCert = *tenantReq.EnableTLS
@@ -536,8 +536,10 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	var consoleAccess string
 	var consoleSecret string

-	//enableConsole := true
-	enableConsole := *tenantReq.EnableConsole
+	enableConsole := true
+	if tenantReq.EnableConsole != nil && *tenantReq.EnableConsole {
+		enableConsole = *tenantReq.EnableConsole
+	}

 	if enableConsole {
 		consoleSelector := fmt.Sprintf("%s-console", *tenantReq.Name)
@@ -585,7 +587,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			return nil, err
 		}

-		const consoleVersion = "minio/console:v0.3.10"
+		const consoleVersion = "minio/console:v0.3.11"
 		minInst.Spec.Console = &operator.ConsoleConfiguration{
 			Replicas:      2,
 			Image:         consoleVersion,
@@ -597,7 +599,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			},
 		}

-		if !minInst.Spec.RequestAutoCert && tenantReq.TLS.Console != nil {
+		if !minInst.Spec.RequestAutoCert && tenantReq.TLS != nil && tenantReq.TLS.Console != nil {
 			consoleExternalTLSCertificateSecretName := fmt.Sprintf("%s-console-external-certificates", secretName)
 			tlsCrt, err := base64.StdEncoding.DecodeString(*tenantReq.TLS.Console.Crt)
 			if err != nil {
--- a/restapi/client.go
+++ b/restapi/client.go
@@ -249,7 +249,7 @@ func newMinioClient(claims *models.Principal) (*minio.Client, error) {
 // newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
 func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Client, error) {
 	endpoint := getMinIOServer()
-	useSSL := getMinIOEndpointIsSecure()
+	useTLS := getMinIOEndpointIsSecure()

 	if strings.TrimSpace(bucketName) != "" {
 		endpoint += fmt.Sprintf("/%s", bucketName)
@@ -259,7 +259,7 @@ func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Clien
 		return nil, fmt.Errorf("the provided credentials are invalid")
 	}

-	s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useSSL)
+	s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useTLS)
 	client, pErr := mc.S3New(s3Config)
 	if pErr != nil {
 		return nil, pErr.Cause
--- a/restapi/config.go
+++ b/restapi/config.go
@@ -105,15 +105,15 @@ func GetPort() int {
 	return port
 }

-// GetSSLHostname gets console ssl hostname set on env variable
+// GetTLSHostname gets console tls hostname set on env variable
 // or default one
-func GetSSLHostname() string {
+func GetTLSHostname() string {
 	return strings.ToLower(env.Get(ConsoleTLSHostname, TLSHostname))
 }

-// GetSSLPort gets console ssl port set on env variable
+// GetTLSPort gets console tls port set on env variable
 // or default one
-func GetSSLPort() int {
+func GetTLSPort() int {
 	port, err := strconv.Atoi(env.Get(ConsoleTLSPort, TLSPort))
 	if err != nil {
 		port = 9443
@@ -171,14 +171,14 @@ func getSecureHostsProxyHeaders() []string {
 	return []string{}
 }

-// If SSLRedirect is set to true, then only allow HTTPS requests. Default is true.
-func getSSLRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureSSLRedirect, TLSRedirect)) == "on"
+// If TLSRedirect is set to true, then only allow HTTPS requests. Default is true.
+func getTLSRedirect() bool {
+	return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) == "on"
 }

-// SSLHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
-func getSecureSSLHost() string {
-	return env.Get(ConsoleSecureSSLHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
+// TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
+func getSecureTLSHost() string {
+	return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
 }

 // STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
@@ -200,9 +200,9 @@ func getSecureSTSPreload() bool {
 	return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on"
 }

-// If SSLTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
-func getSecureSSLTemporaryRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureSSLTemporaryRedirect, "off")) == "on"
+// If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
+func getSecureTLSTemporaryRedirect() bool {
+	return strings.ToLower(env.Get(ConsoleSecureTLSTemporaryRedirect, "off")) == "on"
 }

 // STS header is only included when the connection is HTTPS.
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -149,12 +149,12 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		AllowedHosts:                    getSecureAllowedHosts(),
 		AllowedHostsAreRegex:            getSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               getSecureHostsProxyHeaders(),
-		SSLRedirect:                     getSSLRedirect(),
-		SSLHost:                         getSecureSSLHost(),
+		SSLRedirect:                     getTLSRedirect(),
+		SSLHost:                         getSecureTLSHost(),
 		STSSeconds:                      getSecureSTSSeconds(),
 		STSIncludeSubdomains:            getSecureSTSIncludeSubdomains(),
 		STSPreload:                      getSecureSTSPreload(),
-		SSLTemporaryRedirect:            getSecureSSLTemporaryRedirect(),
+		SSLTemporaryRedirect:            getSecureTLSTemporaryRedirect(),
 		SSLHostFunc:                     nil,
 		ForceSTSHeader:                  getSecureForceSTSHeader(),
 		FrameDeny:                       getSecureFrameDeny(),
--- a/restapi/consts.go
+++ b/restapi/consts.go
@@ -41,9 +41,9 @@ const (
 	ConsoleSecureSTSSeconds                      = "CONSOLE_SECURE_STS_SECONDS"
 	ConsoleSecureSTSIncludeSubdomains            = "CONSOLE_SECURE_STS_INCLUDE_SUB_DOMAINS"
 	ConsoleSecureSTSPreload                      = "CONSOLE_SECURE_STS_PRELOAD"
-	ConsoleSecureSSLRedirect                     = "CONSOLE_SECURE_SSL_REDIRECT"
-	ConsoleSecureSSLHost                         = "CONSOLE_SECURE_SSL_HOST"
-	ConsoleSecureSSLTemporaryRedirect            = "CONSOLE_SECURE_SSL_TEMPORARY_REDIRECT"
+	ConsoleSecureTLSRedirect                     = "CONSOLE_SECURE_TLS_REDIRECT"
+	ConsoleSecureTLSHost                         = "CONSOLE_SECURE_TLS_HOST"
+	ConsoleSecureTLSTemporaryRedirect            = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT"
 	ConsoleSecureForceSTSHeader                  = "CONSOLE_SECURE_FORCE_STS_HEADER"
 	ConsoleSecurePublicKey                       = "CONSOLE_SECURE_PUBLIC_KEY"
 	ConsoleSecureReferrerPolicy                  = "CONSOLE_SECURE_REFERRER_POLICY"
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -2235,7 +2235,7 @@ func init() {
            "server_insecure": {
              "type": "boolean"
            },
-            "skip_ssl_verification": {
+            "skip_tls_verification": {
              "type": "boolean"
            },
            "url": {
@@ -5341,7 +5341,7 @@ func init() {
        "server_insecure": {
          "type": "boolean"
        },
-        "skip_ssl_verification": {
+        "skip_tls_verification": {
          "type": "boolean"
        },
        "url": {
@@ -6149,7 +6149,7 @@ func init() {
            "server_insecure": {
              "type": "boolean"
            },
-            "skip_ssl_verification": {
+            "skip_tls_verification": {
              "type": "boolean"
            },
            "url": {
--- a/swagger.yml
+++ b/swagger.yml
@@ -1901,7 +1901,7 @@ definitions:
            type: string
          group_name_attribute:
            type: string
-          skip_ssl_verification:
+          skip_tls_verification:
            type: boolean
          server_insecure:
            type: boolean
Author	SHA1	Message	Date
Minio Trusted	e0ff6623bb	update to version v0.3.11	2020-08-09 19:39:46 -07:00
Lenin Alevski	3d59e9ac30	fix npe for tls console/minio (#243 )	2020-08-09 17:19:39 -07:00
Lenin Alevski	cff712f071	rename SSL to TLS in labels, env variables and normal variables/constants (#242 )	2020-08-09 16:08:58 -07:00