mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.3.2
Branches Tags
mirrors:master mirrors:dependabot/npm_and_yarn/web-app/tar-fs-2.1.3 mirrors:test-bump-web-app mirrors:2c4a2386-e5af-4a47-9d94-c860af7235ad mirrors:bucket_name_rules mirrors:doc-links-updates mirrors:master-120621 mirrors:dvaldivia-patch-1 mirrors:tenant-wizard-password mirrors:v0.3.26v2 mirrors:upgrade-operator
mirrors:v2.0.1 mirrors:v2.0.0 mirrors:v1.7.6 mirrors:v1.7.5 mirrors:v1.7.4 mirrors:v1.7.3 mirrors:v1.7.2 mirrors:v1.7.1 mirrors:v1.7.0 mirrors:v1.6.3 mirrors:v1.6.2 mirrors:v1.6.1 mirrors:v1.6.0 mirrors:v1.5.0 mirrors:v1.4.1 mirrors:v1.4.0 mirrors:v1.3.0 mirrors:v1.2.0 mirrors:v1.1.1 mirrors:v1.1.0 mirrors:v1.0.0 mirrors:v0.46.0 mirrors:v0.45.0 mirrors:v0.44.0 mirrors:v0.43.1 mirrors:v0.43.0 mirrors:v0.42.1 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.1 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.4 mirrors:v0.26.3 mirrors:v0.26.2 mirrors:v0.26.1 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.1 mirrors:v0.23.0 mirrors:v0.22.5 mirrors:v0.22.4 mirrors:v0.22.3 mirrors:v0.22.2 mirrors:v0.22.1 mirrors:v0.22.0 mirrors:v0.21.3 mirrors:v0.21.2 mirrors:v0.21.1 mirrors:v0.21.0 mirrors:v0.20.5 mirrors:v0.20.4 mirrors:v0.20.3 mirrors:v0.20.2 mirrors:v0.20.1 mirrors:v0.20.0 mirrors:v0.19.5 mirrors:v0.19.4 mirrors:v0.19.3 mirrors:v0.19.2 mirrors:v0.19.1 mirrors:v0.19.0 mirrors:v0.18.1 mirrors:v0.18.0 mirrors:v0.17.3 mirrors:v0.17.2 mirrors:v0.17.1 mirrors:v0.17.0 mirrors:v0.16.3 mirrors:v0.16.2 mirrors:v0.16.1 mirrors:v0.16.0 mirrors:v0.15.14 mirrors:v0.15.13 mirrors:v0.15.11 mirrors:v0.15.10 mirrors:v0.15.9 mirrors:v0.15.8 mirrors:v0.15.7 mirrors:v0.15.6 mirrors:v0.15.5 mirrors:v0.15.4 mirrors:v0.15.3 mirrors:v0.15.2 mirrors:v0.15.1 mirrors:v0.15.0 mirrors:v0.14.8 mirrors:v0.14.7 mirrors:v0.14.6 mirrors:v0.14.5 mirrors:v0.14.4 mirrors:v0.14.3 mirrors:v0.14.2 mirrors:v0.14.1 mirrors:v0.14.0 mirrors:v0.13.3 mirrors:v0.13.2 mirrors:v0.13.1 mirrors:v0.13.0 mirrors:v0.12.9 mirrors:v0.12.8 mirrors:v0.12.7 mirrors:v0.12.6 mirrors:v0.12.5 mirrors:v0.12.4 mirrors:v0.12.3 mirrors:v0.12.2 mirrors:v0.12.1 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.8 mirrors:v0.6.7 mirrors:v0.6.6 mirrors:v0.6.5 mirrors:v0.6.4 mirrors:v0.6.3 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.6 mirrors:v0.4.5 mirrors:v0.4.4 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.26 mirrors:v0.3.25 mirrors:v0.3.24 mirrors:v0.3.23 mirrors:v0.3.22 mirrors:v0.3.21 mirrors:v0.3.20 mirrors:v0.3.19 mirrors:v0.3.18 mirrors:v0.3.17 mirrors:v0.3.16 mirrors:v0.3.15 mirrors:v0.3.14 mirrors:v0.3.13 mirrors:v0.3.12 mirrors:v0.3.11 mirrors:v0.3.10 mirrors:v0.3.9 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3 mirrors:v0.0.2 mirrors:v0.0.1 mirrors:OFFICIAL.2016-02-08T00-12-28Z mirrors:release-1434511043
..
compare: mirrors:upgrade-operator
Branches Tags
mirrors:dependabot/npm_and_yarn/web-app/tar-fs-2.1.3 mirrors:master mirrors:test-bump-web-app mirrors:2c4a2386-e5af-4a47-9d94-c860af7235ad mirrors:bucket_name_rules mirrors:doc-links-updates mirrors:master-120621 mirrors:dvaldivia-patch-1 mirrors:tenant-wizard-password mirrors:v0.3.26v2 mirrors:upgrade-operator
mirrors:v2.0.1 mirrors:v2.0.0 mirrors:v1.7.6 mirrors:v1.7.5 mirrors:v1.7.4 mirrors:v1.7.3 mirrors:v1.7.2 mirrors:v1.7.1 mirrors:v1.7.0 mirrors:v1.6.3 mirrors:v1.6.2 mirrors:v1.6.1 mirrors:v1.6.0 mirrors:v1.5.0 mirrors:v1.4.1 mirrors:v1.4.0 mirrors:v1.3.0 mirrors:v1.2.0 mirrors:v1.1.1 mirrors:v1.1.0 mirrors:v1.0.0 mirrors:v0.46.0 mirrors:v0.45.0 mirrors:v0.44.0 mirrors:v0.43.1 mirrors:v0.43.0 mirrors:v0.42.1 mirrors:v0.42.0 mirrors:v0.41.0 mirrors:v0.40.0 mirrors:v0.39.0 mirrors:v0.38.0 mirrors:v0.37.0 mirrors:v0.36.0 mirrors:v0.35.1 mirrors:v0.35.0 mirrors:v0.34.0 mirrors:v0.33.0 mirrors:v0.32.0 mirrors:v0.31.0 mirrors:v0.30.0 mirrors:v0.29.0 mirrors:v0.28.0 mirrors:v0.27.0 mirrors:v0.26.4 mirrors:v0.26.3 mirrors:v0.26.2 mirrors:v0.26.1 mirrors:v0.26.0 mirrors:v0.25.0 mirrors:v0.24.0 mirrors:v0.23.1 mirrors:v0.23.0 mirrors:v0.22.5 mirrors:v0.22.4 mirrors:v0.22.3 mirrors:v0.22.2 mirrors:v0.22.1 mirrors:v0.22.0 mirrors:v0.21.3 mirrors:v0.21.2 mirrors:v0.21.1 mirrors:v0.21.0 mirrors:v0.20.5 mirrors:v0.20.4 mirrors:v0.20.3 mirrors:v0.20.2 mirrors:v0.20.1 mirrors:v0.20.0 mirrors:v0.19.5 mirrors:v0.19.4 mirrors:v0.19.3 mirrors:v0.19.2 mirrors:v0.19.1 mirrors:v0.19.0 mirrors:v0.18.1 mirrors:v0.18.0 mirrors:v0.17.3 mirrors:v0.17.2 mirrors:v0.17.1 mirrors:v0.17.0 mirrors:v0.16.3 mirrors:v0.16.2 mirrors:v0.16.1 mirrors:v0.16.0 mirrors:v0.15.14 mirrors:v0.15.13 mirrors:v0.15.11 mirrors:v0.15.10 mirrors:v0.15.9 mirrors:v0.15.8 mirrors:v0.15.7 mirrors:v0.15.6 mirrors:v0.15.5 mirrors:v0.15.4 mirrors:v0.15.3 mirrors:v0.15.2 mirrors:v0.15.1 mirrors:v0.15.0 mirrors:v0.14.8 mirrors:v0.14.7 mirrors:v0.14.6 mirrors:v0.14.5 mirrors:v0.14.4 mirrors:v0.14.3 mirrors:v0.14.2 mirrors:v0.14.1 mirrors:v0.14.0 mirrors:v0.13.3 mirrors:v0.13.2 mirrors:v0.13.1 mirrors:v0.13.0 mirrors:v0.12.9 mirrors:v0.12.8 mirrors:v0.12.7 mirrors:v0.12.6 mirrors:v0.12.5 mirrors:v0.12.4 mirrors:v0.12.3 mirrors:v0.12.2 mirrors:v0.12.1 mirrors:v0.12.0 mirrors:v0.11.0 mirrors:v0.10.4 mirrors:v0.10.3 mirrors:v0.10.2 mirrors:v0.10.1 mirrors:v0.10.0 mirrors:v0.9.8 mirrors:v0.9.7 mirrors:v0.9.6 mirrors:v0.9.5 mirrors:v0.9.4 mirrors:v0.9.3 mirrors:v0.9.2 mirrors:v0.9.1 mirrors:v0.9.0 mirrors:v0.8.3 mirrors:v0.8.2 mirrors:v0.8.1 mirrors:v0.8.0 mirrors:v0.7.5 mirrors:v0.7.4 mirrors:v0.7.3 mirrors:v0.7.2 mirrors:v0.7.1 mirrors:v0.7.0 mirrors:v0.6.8 mirrors:v0.6.7 mirrors:v0.6.6 mirrors:v0.6.5 mirrors:v0.6.4 mirrors:v0.6.3 mirrors:v0.6.2 mirrors:v0.6.1 mirrors:v0.6.0 mirrors:v0.5.2 mirrors:v0.5.1 mirrors:v0.5.0 mirrors:v0.4.6 mirrors:v0.4.5 mirrors:v0.4.4 mirrors:v0.4.3 mirrors:v0.4.2 mirrors:v0.4.1 mirrors:v0.4.0 mirrors:v0.3.26 mirrors:v0.3.25 mirrors:v0.3.24 mirrors:v0.3.23 mirrors:v0.3.22 mirrors:v0.3.21 mirrors:v0.3.20 mirrors:v0.3.19 mirrors:v0.3.18 mirrors:v0.3.17 mirrors:v0.3.16 mirrors:v0.3.15 mirrors:v0.3.14 mirrors:v0.3.13 mirrors:v0.3.12 mirrors:v0.3.11 mirrors:v0.3.10 mirrors:v0.3.9 mirrors:v0.3.8 mirrors:v0.3.7 mirrors:v0.3.6 mirrors:v0.3.5 mirrors:v0.3.4 mirrors:v0.3.3 mirrors:v0.3.2 mirrors:v0.3.1 mirrors:v0.3.0 mirrors:v0.2.1 mirrors:v0.2.0 mirrors:v0.1.1 mirrors:v0.1.0 mirrors:v0.0.6 mirrors:v0.0.5 mirrors:v0.0.4 mirrors:v0.0.3 mirrors:v0.0.2 mirrors:v0.0.1 mirrors:OFFICIAL.2016-02-08T00-12-28Z mirrors:release-1434511043

7 Commits
v0.3.2 ... upgrade-op

Author SHA1 Message Date
Harshavardhana
7fa3279a93 update all other dependent packages 2020-07-25 12:34:00 -07:00
Daniel Valdivia
b631ab38d0 Operator docker iamge 2020-07-25 12:07:22 -07:00
Daniel Valdivia
16c25c0880 Go mod with v3 tag for operator 2020-07-25 12:03:16 -07:00
Daniel Valdivia
5dbdf35295 Changes to operator v3 2020-07-25 12:01:24 -07:00
Daniel Valdivia
5ecb311f79 Update Operator References 2020-07-25 11:51:29 -07:00
Daniel Valdivia
e432183bd6 Update Service Account 2020-07-25 11:19:58 -07:00
Daniel Valdivia
008075133a Upgrade Operator to 3.0.0 2020-07-24 18:34:21 -07:00
249 changed files with 1123 additions and 5006 deletions
Expand all files Collapse all files

4
.dockerignore
View File

@@ -1,6 +1,6 @@
node_modules/
dist/
target/
console
!console/
mcs
!mcs/
portal-ui/node_modules/

2
.github/workflows/go.yml vendored
View File

@@ -33,4 +33,4 @@ jobs:
run: |
make verifiers
make test
make console
make mcs

6
.gitignore vendored
View File

@@ -19,8 +19,8 @@ vendor/
# Ignore executables
target/
console
!console/
mcs
!mcs/
dist/
@@ -31,4 +31,4 @@ public.crt
# Ignore VsCode files
.vscode/
*.code-workspace
*~
*~

19
.goreleaser.yml
View File

@@ -1,18 +1,11 @@
# This is an example goreleaser.yaml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
project_name: console
release:
name_template: "Version {{.Version}}"
github:
owner: minio
name: console
project_name: mcs
before:
hooks:
# you may remove this if you don't use vgo
- go mod tidy
builds:
-
goos:
@@ -25,12 +18,12 @@ builds:
- arm64
env:
- CGO_ENABLED=0
main: ./cmd/console/
main: ./cmd/mcs/
flags:
- -trimpath
- --tags=kqueue
ldflags:
- -s -w -X github.com/minio/console/pkg.ReleaseTag={{.Tag}} -X github.com/minio/console/pkg.CommitID={{.FullCommit}} -X github.com/minio/console/pkg.Version={{.Version}} -X github.com/minio/console/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/console/pkg.ReleaseTime={{.Date}}
- -s -w -X github.com/minio/mcs/pkg.ReleaseTag={{.Tag}} -X github.com/minio/mcs/pkg.CommitID={{.FullCommit}} -X github.com/minio/mcs/pkg.Version={{.Version}} -X github.com/minio/mcs/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/mcs/pkg.ReleaseTime={{.Date}}
archives:
-
replacements:
@@ -58,7 +51,7 @@ changelog:
nfpms:
-
vendor: MinIO Inc.
homepage: https://github.com/minio/console
homepage: https://github.com/minio/mcs
maintainer: MinIO <minio@minio.io>
description: MinIO Console Server
license: GNU Affero General Public License v3.0
@@ -78,5 +71,5 @@ dockers:
goarch: amd64
dockerfile: Dockerfile.release
image_templates:
- "minio/console:{{ .Tag }}"
- "minio/console:latest"
- "minio/mcs:{{ .Tag }}"
- "minio/mcs:latest"

8
CONTRIBUTING.md
View File

@@ -20,7 +20,7 @@ make swagger-gen
This will update all the necessary code.
`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
`./restapi/configure_mcs.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
## Unit Tests
`./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
@@ -47,7 +47,7 @@ $ git push origin my-new-feature
Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
## FAQs
### How does ``console`` manages dependencies?
### How does ``mcs`` manages dependencies?
``MinIO`` uses `go mod` to manage its dependencies.
- Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
@@ -55,5 +55,5 @@ To remove a dependency
- Edit your code and remove the import reference.
- Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
### What are the coding guidelines for console?
``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
### What are the coding guidelines for mcs?
``mcs`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).

28
DEVELOPMENT.md
View File

@@ -1,4 +1,4 @@
# LDAP authentication with Console
# LDAP authentication with MCS
## Setup
@@ -32,13 +32,13 @@ dn: ou=groups,dc=example,dc=org
objectclass:organizationalunit
ou: groups
description: generic groups branch
# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
# create mcsAdmin group (this already exists on minio and have a policy of s3::*)
dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
objectClass: top
objectClass: posixGroup
gidNumber: 678
# Assing group to new user
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
changetype: modify
add: memberuid
memberuid: billy
@@ -48,7 +48,7 @@ $ docker cp billy.ldif my-openldap-container:/container/service/slapd/assets/tes
$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ
```
Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list
Query the ldap server to check the user billy was created correctly and got assigned to the mcsAdmin group, you should get a list
containing ldap users and groups.
```
@@ -73,9 +73,9 @@ Re-enter new password:
Enter LDAP Password:
```
### Add the consoleAdmin policy to user billy on MinIO
### Add the mcsAdmin policy to user billy on MinIO
```
$ cat > consoleAdmin.json << EOF
$ cat > mcsAdmin.json << EOF
{
"Version": "2012-10-17",
"Statement": [
@@ -99,8 +99,8 @@ $ cat > consoleAdmin.json << EOF
]
}
EOF
$ mc admin policy add myminio consoleAdmin consoleAdmin.json
$ mc admin policy set myminio consoleAdmin user=billy
$ mc admin policy add myminio mcsAdmin mcsAdmin.json
$ mc admin policy set myminio mcsAdmin user=billy
```
## Run MinIO
@@ -116,12 +116,12 @@ export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on
./minio server ~/Data
```
## Run Console
## Run MCS
```
export CONSOLE_ACCESS_KEY=minio
export CONSOLE_SECRET_KEY=minio123
export MCS_ACCESS_KEY=minio
export MCS_SECRET_KEY=minio123
...
export CONSOLE_LDAP_ENABLED=on
./console server
export MCS_LDAP_ENABLED=on
./mcs server
```

16
Dockerfile
View File

@@ -2,25 +2,25 @@ FROM golang:1.13
RUN apt-get update -y && apt-get install -y ca-certificates
ADD go.mod /go/src/github.com/minio/console/go.mod
ADD go.sum /go/src/github.com/minio/console/go.sum
WORKDIR /go/src/github.com/minio/console/
ADD go.mod /go/src/github.com/minio/mcs/go.mod
ADD go.sum /go/src/github.com/minio/mcs/go.sum
WORKDIR /go/src/github.com/minio/mcs/
# Get dependencies - will also be cached if we won't change mod/sum
RUN go mod download
ADD . /go/src/github.com/minio/console/
WORKDIR /go/src/github.com/minio/console/
ADD . /go/src/github.com/minio/mcs/
WORKDIR /go/src/github.com/minio/mcs/
ENV CGO_ENABLED=0
RUN go build -ldflags "-w -s" -a -o console ./cmd/console
RUN go build -ldflags "-w -s" -a -o mcs ./cmd/mcs
FROM scratch
MAINTAINER MinIO Development "dev@min.io"
EXPOSE 9090
COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=0 /go/src/github.com/minio/console/console .
COPY --from=0 /go/src/github.com/minio/mcs/mcs .
ENTRYPOINT ["/console"]
CMD ["/mcs"]

4
Dockerfile.release
View File

@@ -1,6 +1,6 @@
FROM scratch
MAINTAINER MinIO Development "dev@min.io"
EXPOSE 9090
COPY console /console
COPY mcs /mcs
ENTRYPOINT ["/console"]
ENTRYPOINT ["/mcs"]

32
Makefile
View File

@@ -3,19 +3,19 @@ GOPATH := $(shell go env GOPATH)
# Sets the build version based on the output of the following command, if we are building for a tag, that's the build else it uses the current git branch as the build
BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
BUILD_TIME:=$(shell date 2>/dev/null)
TAG ?= "minio/console:$(VERSION)-dev"
TAG ?= "minio/m3:$(VERSION)-dev"
default: console
default: mcs
.PHONY: console
console:
@echo "Building Console binary to './console'"
@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o console ./cmd/console)
.PHONY: mcs
mcs:
@echo "Building mcs binary to './mcs'"
@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o mcs ./cmd/mcs)
k8sdev:
@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
@kind load docker-image $(TAG)
@echo "Done, now restart your console deployment"
@echo "Done, now restart your mcs deployment"
getdeps:
@mkdir -p ${GOPATH}/bin
@@ -33,32 +33,32 @@ lint:
@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml
install: console
@echo "Installing console binary to '$(GOPATH)/bin/console'"
@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
@echo "Installation successful. To learn more, try \"console --help\"."
install: mcs
@echo "Installing mcs binary to '$(GOPATH)/bin/mcs'"
@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/mcs $(GOPATH)/bin/mcs
@echo "Installation successful. To learn more, try \"mcs --help\"."
swagger-gen:
@echo "Generating swagger server code from yaml"
@rm -rf models
@rm -rf restapi/operations
@swagger generate server -A console --main-package=console --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
@swagger generate server -A mcs --main-package=mcs --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
assets:
@(cd portal-ui; yarn install; make build-static; cd ..)
test:
@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
@(GO111MODULE=on go test -race -v github.com/minio/console/pkg/...)
@(GO111MODULE=on go test -race -v github.com/minio/mcs/restapi/...)
@(GO111MODULE=on go test -race -v github.com/minio/mcs/pkg/...)
coverage:
@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)
@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/mcs/restapi/... && go tool cover -html=coverage.out && open coverage.html)
clean:
@echo "Cleaning up all the generated files"
@find . -name '*.test' | xargs rm -fv
@find . -name '*~' | xargs rm -fv
@rm -vf console
@rm -vf mcs
docker:
@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .

46
README.md
View File

@@ -9,20 +9,20 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)
## Setup
All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
All `mcs` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
> Note: We don't recommend using MinIO's Operator Credentials
1. Create a user for `console` using `mc`.
1. Create a user for `mcs` using `mc`.
```
$ set +o history
$ mc admin user add myminio console YOURCONSOLESECRET
$ mc admin user add myminio mcs YOURMCSSECRET
$ set -o history
```
2. Create a policy for `console` with access to everything (for testing and debugging)
2. Create a policy for `mcs` with access to everything (for testing and debugging)
```
$ cat > consoleAdmin.json << EOF
$ cat > mcsAdmin.json << EOF
{
"Version": "2012-10-17",
"Statement": [{
@@ -45,18 +45,18 @@ $ cat > consoleAdmin.json << EOF
]
}
EOF
$ mc admin policy add myminio consoleAdmin consoleAdmin.json
$ mc admin policy add myminio mcsAdmin mcsAdmin.json
```
3. Set the policy for the new `console` user
3. Set the policy for the new `mcs` user
```
$ mc admin policy set myminio consoleAdmin user=console
$ mc admin policy set myminio mcsAdmin user=mcs
```
### Note
Additionally, you can create policies to limit the privileges for `console` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
Additionally, you can create policies to limit the privileges for `mcs` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
```
{
"Version": "2012-10-17",
@@ -97,34 +97,34 @@ Additionally, you can create policies to limit the privileges for `console` user
}
```
## Run Console server
## Run MCS server
To run the server:
```
export CONSOLE_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
export MCS_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
#required to encrypt jwet payload
export CONSOLE_PBKDF_PASSPHRASE=SECRET
export MCS_PBKDF_PASSPHRASE=SECRET
#required to encrypt jwet payload
export CONSOLE_PBKDF_SALT=SECRET
export MCS_PBKDF_SALT=SECRET
export CONSOLE_ACCESS_KEY=console
export CONSOLE_SECRET_KEY=YOURCONSOLESECRET
export CONSOLE_MINIO_SERVER=http://localhost:9000
./console server
export MCS_ACCESS_KEY=mcs
export MCS_SECRET_KEY=YOURMCSSECRET
export MCS_MINIO_SERVER=http://localhost:9000
./mcs server
```
## Connect Console to a Minio using TLS and a self-signed certificate
## Connect MCS to a Minio using TLS and a self-signed certificate
```
...
export CONSOLE_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
export CONSOLE_MINIO_SERVER=https://localhost:9000
./console server
export MCS_MINIO_SERVER_TLS_ROOT_CAS=<certificate_file_name>
export MCS_MINIO_SERVER=https://localhost:9000
./mcs server
```
You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`
# Contribute to console Project
Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)
# Contribute to mcs Project
Please follow mcs [Contributor's Guide](https://github.com/minio/mcs/blob/master/CONTRIBUTING.md)

4
SECURITY.md
View File

@@ -2,12 +2,12 @@
## Supported Versions
We always provide security updates for the [latest release](https://github.com/minio/console/releases/latest).
We always provide security updates for the [latest release](https://github.com/minio/mcs/releases/latest).
Whenever there is a security update you just need to upgrade to the latest version.
## Reporting a Vulnerability
All security bugs in [minio/console](https://github,com/minio/console) (or other minio/* repositories)
All security bugs in [minio/mcs](https://github,com/minio/mcs) (or other minio/* repositories)
should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
and you'll receive a more detailed response to your email within 72 hours indicating the next steps
in handling your report.

14
cluster/config.go
View File

@@ -39,19 +39,19 @@ func GetK8sAPIServer() string {
// if console is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
// NOTE: using kubectl proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
// more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
// you can override this using CONSOLE_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
// you can override this using MCS_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
host, port := env.Get("KUBERNETES_SERVICE_HOST", ""), env.Get("KUBERNETES_SERVICE_PORT", "")
apiServerAddress := "http://localhost:8001"
if host != "" && port != "" {
apiServerAddress = "https://" + net.JoinHostPort(host, port)
}
return env.Get(ConsoleK8sAPIServer, apiServerAddress)
return env.Get(McsK8sAPIServer, apiServerAddress)
}
// If CONSOLE_K8S_API_SERVER_TLS_ROOT_CA is true console will load the certificate into the
// If MCS_K8S_API_SERVER_TLS_ROOT_CA is true mcs will load the certificate into the
// http.client rootCAs pool, this is useful for testing an k8s ApiServer or when working with self-signed certificates
func getK8sAPIServerTLSRootCA() string {
return strings.TrimSpace(env.Get(ConsoleK8SAPIServerTLSRootCA, ""))
return strings.TrimSpace(env.Get(McsK8SAPIServerTLSRootCA, ""))
}
// GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
@@ -69,7 +69,7 @@ var namespace = GetNsFromFile()
// Returns the namespace in which the controller is installed
func GetNs() string {
return env.Get(ConsoleNamespace, namespace)
return env.Get(McsNamespace, namespace)
}
// getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
@@ -106,7 +106,7 @@ var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
// a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
// if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
func GetMinioImage() (*string, error) {
image := strings.TrimSpace(env.Get(ConsoleMinioImage, ""))
image := strings.TrimSpace(env.Get(McsMinioImage, ""))
// if there is a preferred image configured by the user we'll always return that
if image != "" {
return &image, nil
@@ -156,7 +156,7 @@ func getLatestMCImage() (*string, error) {
var latestMCImage, errLatestMCImage = getLatestMCImage()
func GetMCImage() (*string, error) {
image := strings.TrimSpace(env.Get(ConsoleMCImage, ""))
image := strings.TrimSpace(env.Get(McsMCImage, ""))
// if there is a preferred image configured by the user we'll always return that
if image != "" {
return &image, nil

10
cluster/const.go
View File

@@ -17,9 +17,9 @@
package cluster
const (
ConsoleK8sAPIServer = "CONSOLE_K8S_API_SERVER"
ConsoleK8SAPIServerTLSRootCA = "CONSOLE_K8S_API_SERVER_TLS_ROOT_CA"
ConsoleMinioImage = "CONSOLE_MINIO_IMAGE"
ConsoleMCImage = "CONSOLE_MC_IMAGE"
ConsoleNamespace = "CONSOLE_NAMESPACE"
McsK8sAPIServer = "MCS_K8S_API_SERVER"
McsK8SAPIServerTLSRootCA = "MCS_K8S_API_SERVER_TLS_ROOT_CA"
McsMinioImage = "MCS_MINIO_IMAGE"
McsMCImage = "MCS_MC_IMAGE"
McsNamespace = "MCS_NAMESPACE"
)

14
cmd/console/main.go → cmd/mcs/main.go
View File

@@ -23,7 +23,7 @@ import (
"sort"
"time"
"github.com/minio/console/pkg"
"github.com/minio/mcs/pkg"
"github.com/minio/minio/pkg/console"
"github.com/minio/minio/pkg/trie"
@@ -32,8 +32,8 @@ import (
"github.com/minio/cli"
)
// Help template for Console.
var consoleHelpTemplate = `NAME:
// Help template for mcs.
var mcsHelpTemplate = `NAME:
{{.Name}} - {{.Usage}}
DESCRIPTION:
@@ -57,10 +57,10 @@ var appCmds = []cli.Command{
}
func newApp(name string) *cli.App {
// Collection of console commands currently supported are.
// Collection of mcs commands currently supported are.
var commands []cli.Command
// Collection of console commands currently supported in a trie tree.
// Collection of mcs commands currently supported in a trie tree.
commandsTree := trie.NewTrie()
// registerCommand registers a cli command.
@@ -112,9 +112,9 @@ func newApp(name string) *cli.App {
app.Compiled, _ = time.Parse(time.RFC3339, pkg.ReleaseTime)
app.Commands = commands
app.HideHelpCommand = true // Hide `help, h` command, we already have `minio --help`.
app.CustomAppHelpTemplate = consoleHelpTemplate
app.CustomAppHelpTemplate = mcsHelpTemplate
app.CommandNotFound = func(ctx *cli.Context, command string) {
console.Printf("%s is not a console sub-command. See console --help.\n", command)
console.Printf("%s is not a mcs sub-command. See mcs --help.\n", command)
closestCommands := findClosestCommands(command)
if len(closestCommands) > 0 {
console.Println()

10
cmd/console/server.go → cmd/mcs/server.go
View File

@@ -24,15 +24,15 @@ import (
"github.com/go-openapi/loads"
"github.com/jessevdk/go-flags"
"github.com/minio/cli"
"github.com/minio/console/restapi"
"github.com/minio/console/restapi/operations"
"github.com/minio/mcs/restapi"
"github.com/minio/mcs/restapi/operations"
)
// starts the server
var serverCmd = cli.Command{
Name: "server",
Aliases: []string{"srv"},
Usage: "starts Console server",
Usage: "starts mcs server",
Action: startServer,
Flags: []cli.Flag{
cli.StringFlag{
@@ -75,7 +75,7 @@ func startServer(ctx *cli.Context) error {
log.Fatalln(err)
}
api := operations.NewConsoleAPI(swaggerSpec)
api := operations.NewMcsAPI(swaggerSpec)
server := restapi.NewServer(api)
defer server.Shutdown()
@@ -112,7 +112,7 @@ func startServer(ctx *cli.Context) error {
if tlsCertificatePath != "" && tlsCertificateKeyPath != "" {
server.TLSCertificate = flags.Filename(tlsCertificatePath)
server.TLSCertificateKey = flags.Filename(tlsCertificateKeyPath)
// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
// If TLS certificates are provided enforce the HTTPS schema, meaning mcs will redirect
// plain HTTP connections to HTTPS server
server.EnabledListeners = []string{"http", "https"}
server.TLSPort = ctx.Int("tls-port")

39
docs/console_operator_mode.md
View File

@@ -1,39 +0,0 @@
# Running Console in Operator mode
`Console` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
in the login form, Console will validate it against Kubernetes (list apis) and if valid will generate and return a new Console sessions
with encrypted claims (the user Service account token will be inside the JWT in the data field)
# Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account` that `Console` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
# Development
If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
If you are running console in your local environment and wish to make request to `Kubernetes` you can set `CONSOLE_K8S_API_SERVER`, if
the environment variable is not present by default `Console` will use `"http://localhost:8001"`, additionally you will need to set the
`CONSOLE_OPERATOR_MODE=on` variable to make Console display the Operator UI.
NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
you can override this using `CONSOLE_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
## Extract the Service account token and use it with Console
For local development you can use the jwt associated to the `console-sa` service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
```
Then run the Console server
```
CONSOLE_OPERATOR_MODE=on ./console server
```

39
docs/mcs_operator_mode.md Normal file
View File

@@ -0,0 +1,39 @@
# Running MCS in Operator mode
`MCS` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Kubernetes (list apis) and if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the JWT in the data field)
# Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account` that `MCS` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
# Development
If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
If you are running mcs in your local environment and wish to make request to `Kubernetes` you can set `MCS_K8S_API_SERVER`, if
the environment variable is not present by default `MCS` will use `"http://localhost:8001"`, additionally you will need to set the
`MCS_OPERATOR_MODE=on` variable to make MCS display the Operator UI.
NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
you can override this using `MCS_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
## Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `mcs-sa` service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount mcs-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
```
Then run the mcs server
```
MCS_OPERATOR_MODE=on ./mcs server
```

4
go.mod
View File

@@ -1,4 +1,4 @@
module github.com/minio/console
module github.com/minio/mcs
go 1.13
@@ -20,7 +20,7 @@ require (
github.com/minio/mc v0.0.0-20200725183142-90d22b271f60
github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252
github.com/minio/operator v0.0.0-20200726122325-9efe901afebb
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31
github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
github.com/satori/go.uuid v1.2.0
github.com/stretchr/testify v1.6.1

6
go.sum
View File

@@ -463,8 +463,10 @@ github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8/go.mod h1:NBWtYp4t5pt3
github.com/minio/minio-go/v7 v7.0.1/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252 h1:V2JkMDoSmEIhRcMJwX3qeJVOzy1B5bHpHbZaQu77vbs=
github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
github.com/minio/operator v0.0.0-20200726122325-9efe901afebb h1:xAfr+GIP+4c6fU+Ad8oWHVWKtbQ60Su3dfEv3nPPyWM=
github.com/minio/operator v0.0.0-20200726122325-9efe901afebb/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31 h1:FzB4mwu62LnVgOFhB7fLu15fAgIh6+1PHJoytkQPEsY=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31 h1:FzB4mwu62LnVgOFhB7fLu15fAgIh6+1PHJoytkQPEsY=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
github.com/minio/operator v0.0.0-20200725185636-4a625e4fbb31/go.mod h1:G0pMmQFV5b5OrH7/OmVKtPoHzj3SmHNgqDlTew1NM/Y=
github.com/minio/selfupdate v0.3.0 h1:1qfaZscU3hWwX1cF5m5Dov8Z5aZNvPHk9LROzIkas1k=
github.com/minio/selfupdate v0.3.0/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU=

2
hack/update-codegen.sh
View File

@@ -25,7 +25,7 @@ go get -d k8s.io/code-generator/...
# Checkout code-generator to compatible version
#(cd $GOPATH/src/k8s.io/code-generator && git checkout origin/release-1.14 -B release-1.14)
REPOSITORY=github.com/minio/console
REPOSITORY=github.com/minio/mcs
$GOPATH/src/k8s.io/code-generator/generate-groups.sh all \
$REPOSITORY/pkg/clientgen $REPOSITORY/pkg/apis networking.gke.io:v1beta2 \
--go-header-file $SCRIPT_ROOT/hack/header.go.txt

7
k8s/console/base/console-configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: console-env
data:
CONSOLE_PORT: "9090"
CONSOLE_TLS_PORT: "9443"

12
k8s/console/base/kustomization.yaml
View File

@@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# beginning of customizations
resources:
- console-service-account.yaml
- console-cluster-role.yaml
- console-cluster-role-binding.yaml
- console-configmap.yaml
- console-service.yaml
- console-deployment.yaml
- mcs-service-account.yaml
- mcs-cluster-role.yaml
- mcs-cluster-role-binding.yaml
- mcs-configmap.yaml
- mcs-service.yaml
- mcs-deployment.yaml
- minio-operator.yaml

6
k8s/console/base/console-cluster-role-binding.yaml → k8s/console/base/mcs-cluster-role-binding.yaml
View File

@@ -1,12 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: console-sa-binding
name: mcs-sa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: console-sa-role
name: mcs-sa-role
subjects:
- kind: ServiceAccount
name: console-sa
name: mcs-sa
namespace: default

2
k8s/operator-console/base/console-cluster-role.yaml → k8s/console/base/mcs-cluster-role.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: console-sa-role
name: mcs-sa-role
rules:
- apiGroups:
- ""

7
k8s/console/base/mcs-configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mcs-env
data:
MCS_PORT: "9090"
MCS_TLS_PORT: "9443"

14
k8s/console/base/console-deployment.yaml → k8s/console/base/mcs-deployment.yaml
View File

@@ -1,24 +1,24 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: console
name: mcs
spec:
replicas: 1
selector:
matchLabels:
app: console
app: mcs
template:
metadata:
labels:
app: console
app: mcs
spec:
serviceAccountName: console-sa
serviceAccountName: mcs-sa
containers:
- name: console
image: minio/console:latest
- name: mcs
image: minio/mcs:latest
imagePullPolicy: "IfNotPresent"
args:
- /console
- /mcs
- server
ports:
- containerPort: 9090

2
k8s/console/base/console-service-account.yaml → k8s/console/base/mcs-service-account.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: console-sa
name: mcs-sa
namespace: default

6
k8s/console/base/console-service.yaml → k8s/console/base/mcs-service.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: console
name: mcs
labels:
name: console
name: mcs
spec:
ports:
- port: 9090
@@ -11,4 +11,4 @@ spec:
- port: 9443
name: https
selector:
app: console
app: mcs

2
k8s/console/base/minio-operator.yaml
View File

@@ -276,7 +276,7 @@ spec:
name: minio-operator
spec:
containers:
- image: minio/k8s-operator:v3.0.2
- image: minio/k8s-operator:v3.0.1
imagePullPolicy: IfNotPresent
name: minio-operator
serviceAccountName: minio-operator

12
k8s/create-kind.sh
View File

@@ -1,16 +1,16 @@
#!/bin/bash
# setup environment variables based on flags to see if we should build the docker containers again
CONSOLE_DOCKER="true"
MCS_DOCKER="true"
# evaluate flags
# `-m` for console
# `-m` for mcs
while getopts ":m:" opt; do
case $opt in
m)
CONSOLE_DOCKER="$OPTARG"
MCS_DOCKER="$OPTARG"
;;
\?)
echo "Invalid option: -$OPTARG" >&2
@@ -34,11 +34,11 @@ echo "install metrics server"
kubectl apply -f metrics-dev.yaml
# Whether or not to build the m3 container and load it to kind or just load it
if [[ $CONSOLE_DOCKER == "true" ]]; then
if [[ $MCS_DOCKER == "true" ]]; then
# Build mkube
make --directory=".." k8sdev TAG=minio/console:latest
make --directory=".." k8sdev TAG=minio/mcs:latest
else
kind load docker-image minio/console:latest
kind load docker-image minio/mcs:latest
fi
echo "done"

7
k8s/operator-console/base/console-configmap.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: console-env
data:
CONSOLE_PORT: "9090"
CONSOLE_TLS_PORT: "9443"

12
k8s/operator-console/base/kustomization.yaml
View File

@@ -2,10 +2,10 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# beginning of customizations
resources:
- console-service-account.yaml
- console-cluster-role.yaml
- console-cluster-role-binding.yaml
- console-configmap.yaml
- console-service.yaml
- console-deployment.yaml
- mcs-service-account.yaml
- mcs-cluster-role.yaml
- mcs-cluster-role-binding.yaml
- mcs-configmap.yaml
- mcs-service.yaml
- mcs-deployment.yaml
- minio-operator.yaml

6
k8s/operator-console/base/console-cluster-role-binding.yaml → k8s/operator-console/base/mcs-cluster-role-binding.yaml
View File

@@ -1,12 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: console-sa-binding
name: mcs-sa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: console-sa-role
name: mcs-sa-role
subjects:
- kind: ServiceAccount
name: console-sa
name: mcs-sa
namespace: default

2
k8s/console/base/console-cluster-role.yaml → k8s/operator-console/base/mcs-cluster-role.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: console-sa-role
name: mcs-sa-role
rules:
- apiGroups:
- ""

7
k8s/operator-console/base/mcs-configmap.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mcs-env
data:
MCS_PORT: "9090"
MCS_TLS_PORT: "9443"

16
k8s/operator-console/base/console-deployment.yaml → k8s/operator-console/base/mcs-deployment.yaml
View File

@@ -1,27 +1,27 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: console
name: mcs
spec:
replicas: 1
selector:
matchLabels:
app: console
app: mcs
template:
metadata:
labels:
app: console
app: mcs
spec:
serviceAccountName: console-sa
serviceAccountName: mcs-sa
containers:
- name: console
image: minio/console:latest
- name: mcs
image: minio/mcs:latest
imagePullPolicy: "IfNotPresent"
env:
- name: CONSOLE_OPERATOR_MODE
- name: MCS_OPERATOR_MODE
value: "on"
args:
- /console
- /mcs
- server
ports:
- containerPort: 9090

2
k8s/operator-console/base/console-service-account.yaml → k8s/operator-console/base/mcs-service-account.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: console-sa
name: mcs-sa
namespace: default

6
k8s/operator-console/base/console-service.yaml → k8s/operator-console/base/mcs-service.yaml
View File

@@ -1,9 +1,9 @@
apiVersion: v1
kind: Service
metadata:
name: console
name: mcs
labels:
name: console
name: mcs
spec:
ports:
- port: 9090
@@ -11,4 +11,4 @@ spec:
- port: 9443
name: https
selector:
app: console
app: mcs

2
k8s/operator-console/base/minio-operator.yaml
View File

@@ -276,7 +276,7 @@ spec:
name: minio-operator
spec:
containers:
- image: minio/k8s-operator:v3.0.2
- image: minio/k8s-operator:v3.0.1
imagePullPolicy: IfNotPresent
name: minio-operator
serviceAccountName: minio-operator

4
k8s/update-codegen.sh
View File

@@ -26,8 +26,8 @@ CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-
# k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
# instead of the $GOPATH directly. For normal projects this can be dropped.
bash "${CODEGEN_PKG}"/generate-groups.sh "all" \
github.com/minio/console/pkg/generated \
github.com/minio/console/pkg/apis \
github.com/minio/mcs/pkg/generated \
github.com/minio/mcs/pkg/apis \
mkube:v1 \
--go-header-file "${SCRIPT_ROOT}"/k8s/boilerplate.go.txt

66
models/create_tenant_response.go
View File

@@ -23,7 +23,6 @@ package models
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
@@ -36,42 +35,12 @@ type CreateTenantResponse struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// console
Console *CreateTenantResponseConsole `json:"console,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response
func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateConsole(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
if swag.IsZero(m.Console) { // not required
return nil
}
if m.Console != nil {
if err := m.Console.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("console")
}
return err
}
}
return nil
}
@@ -92,38 +61,3 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
*m = res
return nil
}
// CreateTenantResponseConsole create tenant response console
//
// swagger:model CreateTenantResponseConsole
type CreateTenantResponseConsole struct {
// access key
AccessKey string `json:"access_key,omitempty"`
// secret key
SecretKey string `json:"secret_key,omitempty"`
}
// Validate validates this create tenant response console
func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
var res CreateTenantResponseConsole
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

272
models/node_selector_term.go
View File

@@ -1,272 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NodeSelectorTerm A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
//
// swagger:model nodeSelectorTerm
type NodeSelectorTerm struct {
// A list of node selector requirements by node's labels.
MatchExpressions []*NodeSelectorTermMatchExpressionsItems0 `json:"matchExpressions"`
// A list of node selector requirements by node's fields.
MatchFields []*NodeSelectorTermMatchFieldsItems0 `json:"matchFields"`
}
// Validate validates this node selector term
func (m *NodeSelectorTerm) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateMatchExpressions(formats); err != nil {
res = append(res, err)
}
if err := m.validateMatchFields(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTerm) validateMatchExpressions(formats strfmt.Registry) error {
if swag.IsZero(m.MatchExpressions) { // not required
return nil
}
for i := 0; i < len(m.MatchExpressions); i++ {
if swag.IsZero(m.MatchExpressions[i]) { // not required
continue
}
if m.MatchExpressions[i] != nil {
if err := m.MatchExpressions[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("matchExpressions" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *NodeSelectorTerm) validateMatchFields(formats strfmt.Registry) error {
if swag.IsZero(m.MatchFields) { // not required
return nil
}
for i := 0; i < len(m.MatchFields); i++ {
if swag.IsZero(m.MatchFields[i]) { // not required
continue
}
if m.MatchFields[i] != nil {
if err := m.MatchFields[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("matchFields" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTerm) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTerm) UnmarshalBinary(b []byte) error {
var res NodeSelectorTerm
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// NodeSelectorTermMatchExpressionsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model NodeSelectorTermMatchExpressionsItems0
type NodeSelectorTermMatchExpressionsItems0 struct {
// The label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
// Required: true
Operator *string `json:"operator"`
// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this node selector term match expressions items0
func (m *NodeSelectorTermMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTermMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *NodeSelectorTermMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTermMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTermMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
var res NodeSelectorTermMatchExpressionsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// NodeSelectorTermMatchFieldsItems0 A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model NodeSelectorTermMatchFieldsItems0
type NodeSelectorTermMatchFieldsItems0 struct {
// The label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
// Required: true
Operator *string `json:"operator"`
// An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this node selector term match fields items0
func (m *NodeSelectorTermMatchFieldsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *NodeSelectorTermMatchFieldsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *NodeSelectorTermMatchFieldsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *NodeSelectorTermMatchFieldsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *NodeSelectorTermMatchFieldsItems0) UnmarshalBinary(b []byte) error {
var res NodeSelectorTermMatchFieldsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

251
models/pod_affinity_term.go
View File

@@ -1,251 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// PodAffinityTerm Required. A pod affinity term, associated with the corresponding weight.
//
// swagger:model podAffinityTerm
type PodAffinityTerm struct {
// label selector
LabelSelector *PodAffinityTermLabelSelector `json:"labelSelector,omitempty"`
// namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace"
Namespaces []string `json:"namespaces"`
// This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.
// Required: true
TopologyKey *string `json:"topologyKey"`
}
// Validate validates this pod affinity term
func (m *PodAffinityTerm) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateLabelSelector(formats); err != nil {
res = append(res, err)
}
if err := m.validateTopologyKey(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTerm) validateLabelSelector(formats strfmt.Registry) error {
if swag.IsZero(m.LabelSelector) { // not required
return nil
}
if m.LabelSelector != nil {
if err := m.LabelSelector.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("labelSelector")
}
return err
}
}
return nil
}
func (m *PodAffinityTerm) validateTopologyKey(formats strfmt.Registry) error {
if err := validate.Required("topologyKey", "body", m.TopologyKey); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTerm) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTerm) UnmarshalBinary(b []byte) error {
var res PodAffinityTerm
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// PodAffinityTermLabelSelector A label query over a set of resources, in this case pods.
//
// swagger:model PodAffinityTermLabelSelector
type PodAffinityTermLabelSelector struct {
// matchExpressions is a list of label selector requirements. The requirements are ANDed.
MatchExpressions []*PodAffinityTermLabelSelectorMatchExpressionsItems0 `json:"matchExpressions"`
// matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
MatchLabels map[string]string `json:"matchLabels,omitempty"`
}
// Validate validates this pod affinity term label selector
func (m *PodAffinityTermLabelSelector) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateMatchExpressions(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTermLabelSelector) validateMatchExpressions(formats strfmt.Registry) error {
if swag.IsZero(m.MatchExpressions) { // not required
return nil
}
for i := 0; i < len(m.MatchExpressions); i++ {
if swag.IsZero(m.MatchExpressions[i]) { // not required
continue
}
if m.MatchExpressions[i] != nil {
if err := m.MatchExpressions[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("labelSelector" + "." + "matchExpressions" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTermLabelSelector) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTermLabelSelector) UnmarshalBinary(b []byte) error {
var res PodAffinityTermLabelSelector
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// PodAffinityTermLabelSelectorMatchExpressionsItems0 A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
//
// swagger:model PodAffinityTermLabelSelectorMatchExpressionsItems0
type PodAffinityTermLabelSelectorMatchExpressionsItems0 struct {
// key is the label key that the selector applies to.
// Required: true
Key *string `json:"key"`
// operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
// Required: true
Operator *string `json:"operator"`
// values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
Values []string `json:"values"`
}
// Validate validates this pod affinity term label selector match expressions items0
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateKey(formats); err != nil {
res = append(res, err)
}
if err := m.validateOperator(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateKey(formats strfmt.Registry) error {
if err := validate.Required("key", "body", m.Key); err != nil {
return err
}
return nil
}
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) validateOperator(formats strfmt.Registry) error {
if err := validate.Required("operator", "body", m.Operator); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *PodAffinityTermLabelSelectorMatchExpressionsItems0) UnmarshalBinary(b []byte) error {
var res PodAffinityTermLabelSelectorMatchExpressionsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

3
models/tenant.go
View File

@@ -53,6 +53,9 @@ type Tenant struct {
// total size
TotalSize int64 `json:"total_size,omitempty"`
// used size
UsedSize int64 `json:"used_size,omitempty"`
// zones
Zones []*Zone `json:"zones"`
}

6
models/tenant_list.go
View File

@@ -47,12 +47,12 @@ type TenantList struct {
// namespace
Namespace string `json:"namespace,omitempty"`
// total size
TotalSize int64 `json:"total_size,omitempty"`
// volume count
VolumeCount int64 `json:"volume_count,omitempty"`
// volume size
VolumeSize int64 `json:"volume_size,omitempty"`
// zone count
ZoneCount int64 `json:"zone_count,omitempty"`
}

60
models/tenant_usage.go
View File

@@ -1,60 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// TenantUsage tenant usage
//
// swagger:model tenantUsage
type TenantUsage struct {
// used size
UsedSize int64 `json:"used_size,omitempty"`
}
// Validate validates this tenant usage
func (m *TenantUsage) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *TenantUsage) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *TenantUsage) UnmarshalBinary(b []byte) error {
var res TenantUsage
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

76
models/zone.go
View File

@@ -34,25 +34,13 @@ import (
// swagger:model zone
type Zone struct {
// affinity
Affinity *ZoneAffinity `json:"affinity,omitempty"`
// name
Name string `json:"name,omitempty"`
// NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
NodeSelector map[string]string `json:"node_selector,omitempty"`
// resources
Resources *ZoneResources `json:"resources,omitempty"`
// servers
// Required: true
Servers *int64 `json:"servers"`
// tolerations
Tolerations ZoneTolerations `json:"tolerations,omitempty"`
// volume configuration
// Required: true
VolumeConfiguration *ZoneVolumeConfiguration `json:"volume_configuration"`
@@ -66,22 +54,10 @@ type Zone struct {
func (m *Zone) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validateResources(formats); err != nil {
res = append(res, err)
}
if err := m.validateServers(formats); err != nil {
res = append(res, err)
}
if err := m.validateTolerations(formats); err != nil {
res = append(res, err)
}
if err := m.validateVolumeConfiguration(formats); err != nil {
res = append(res, err)
}
@@ -96,42 +72,6 @@ func (m *Zone) Validate(formats strfmt.Registry) error {
return nil
}
func (m *Zone) validateAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.Affinity) { // not required
return nil
}
if m.Affinity != nil {
if err := m.Affinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("affinity")
}
return err
}
}
return nil
}
func (m *Zone) validateResources(formats strfmt.Registry) error {
if swag.IsZero(m.Resources) { // not required
return nil
}
if m.Resources != nil {
if err := m.Resources.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("resources")
}
return err
}
}
return nil
}
func (m *Zone) validateServers(formats strfmt.Registry) error {
if err := validate.Required("servers", "body", m.Servers); err != nil {
@@ -141,22 +81,6 @@ func (m *Zone) validateServers(formats strfmt.Registry) error {
return nil
}
func (m *Zone) validateTolerations(formats strfmt.Registry) error {
if swag.IsZero(m.Tolerations) { // not required
return nil
}
if err := m.Tolerations.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("tolerations")
}
return err
}
return nil
}
func (m *Zone) validateVolumeConfiguration(formats strfmt.Registry) error {
if err := validate.Required("volume_configuration", "body", m.VolumeConfiguration); err != nil {

726
models/zone_affinity.go
View File

@@ -1,726 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// ZoneAffinity If specified, affinity will define the pod's scheduling constraints
//
// swagger:model zoneAffinity
type ZoneAffinity struct {
// node affinity
NodeAffinity *ZoneAffinityNodeAffinity `json:"nodeAffinity,omitempty"`
// pod affinity
PodAffinity *ZoneAffinityPodAffinity `json:"podAffinity,omitempty"`
// pod anti affinity
PodAntiAffinity *ZoneAffinityPodAntiAffinity `json:"podAntiAffinity,omitempty"`
}
// Validate validates this zone affinity
func (m *ZoneAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateNodeAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validatePodAffinity(formats); err != nil {
res = append(res, err)
}
if err := m.validatePodAntiAffinity(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinity) validateNodeAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.NodeAffinity) { // not required
return nil
}
if m.NodeAffinity != nil {
if err := m.NodeAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity")
}
return err
}
}
return nil
}
func (m *ZoneAffinity) validatePodAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.PodAffinity) { // not required
return nil
}
if m.PodAffinity != nil {
if err := m.PodAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity")
}
return err
}
}
return nil
}
func (m *ZoneAffinity) validatePodAntiAffinity(formats strfmt.Registry) error {
if swag.IsZero(m.PodAntiAffinity) { // not required
return nil
}
if m.PodAntiAffinity != nil {
if err := m.PodAntiAffinity.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinity Describes node affinity scheduling rules for the pod.
//
// swagger:model ZoneAffinityNodeAffinity
type ZoneAffinityNodeAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// required during scheduling ignored during execution
RequiredDuringSchedulingIgnoredDuringExecution *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution `json:"requiredDuringSchedulingIgnoredDuringExecution,omitempty"`
}
// Validate validates this zone affinity node affinity
func (m *ZoneAffinityNodeAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityNodeAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
if m.RequiredDuringSchedulingIgnoredDuringExecution != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution")
}
return err
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
//
// swagger:model ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// A node selector term, associated with the corresponding weight.
// Required: true
Preference *NodeSelectorTerm `json:"preference"`
// Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity node affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreference(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePreference(formats strfmt.Registry) error {
if err := validate.Required("preference", "body", m.Preference); err != nil {
return err
}
if m.Preference != nil {
if err := m.Preference.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("preference")
}
return err
}
}
return nil
}
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.
//
// swagger:model ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
type ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution struct {
// Required. A list of node selector terms. The terms are ORed.
// Required: true
NodeSelectorTerms []*NodeSelectorTerm `json:"nodeSelectorTerms"`
}
// Validate validates this zone affinity node affinity required during scheduling ignored during execution
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateNodeSelectorTerms(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) validateNodeSelectorTerms(formats strfmt.Registry) error {
if err := validate.Required("nodeAffinity"+"."+"requiredDuringSchedulingIgnoredDuringExecution"+"."+"nodeSelectorTerms", "body", m.NodeSelectorTerms); err != nil {
return err
}
for i := 0; i < len(m.NodeSelectorTerms); i++ {
if swag.IsZero(m.NodeSelectorTerms[i]) { // not required
continue
}
if m.NodeSelectorTerms[i] != nil {
if err := m.NodeSelectorTerms[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("nodeAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + "nodeSelectorTerms" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution) UnmarshalBinary(b []byte) error {
var res ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAffinity Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
//
// swagger:model ZoneAffinityPodAffinity
type ZoneAffinityPodAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
}
// Validate validates this zone affinity pod affinity
func (m *ZoneAffinityPodAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityPodAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
//
// swagger:model ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// pod affinity term
// Required: true
PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity pod affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePodAffinityTerm(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
return err
}
if m.PodAffinityTerm != nil {
if err := m.PodAffinityTerm.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinityTerm")
}
return err
}
}
return nil
}
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAntiAffinity Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
//
// swagger:model ZoneAffinityPodAntiAffinity
type ZoneAffinityPodAntiAffinity struct {
// The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.
PreferredDuringSchedulingIgnoredDuringExecution []*ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 `json:"preferredDuringSchedulingIgnoredDuringExecution"`
// If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.
RequiredDuringSchedulingIgnoredDuringExecution []*PodAffinityTerm `json:"requiredDuringSchedulingIgnoredDuringExecution"`
}
// Validate validates this zone affinity pod anti affinity
func (m *ZoneAffinityPodAntiAffinity) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePreferredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if err := m.validateRequiredDuringSchedulingIgnoredDuringExecution(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAntiAffinity) validatePreferredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.PreferredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.PreferredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.PreferredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.PreferredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity" + "." + "preferredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
func (m *ZoneAffinityPodAntiAffinity) validateRequiredDuringSchedulingIgnoredDuringExecution(formats strfmt.Registry) error {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution) { // not required
return nil
}
for i := 0; i < len(m.RequiredDuringSchedulingIgnoredDuringExecution); i++ {
if swag.IsZero(m.RequiredDuringSchedulingIgnoredDuringExecution[i]) { // not required
continue
}
if m.RequiredDuringSchedulingIgnoredDuringExecution[i] != nil {
if err := m.RequiredDuringSchedulingIgnoredDuringExecution[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAntiAffinity" + "." + "requiredDuringSchedulingIgnoredDuringExecution" + "." + strconv.Itoa(i))
}
return err
}
}
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinity) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinity) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAntiAffinity
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}
// ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
//
// swagger:model ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
type ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0 struct {
// pod affinity term
// Required: true
PodAffinityTerm *PodAffinityTerm `json:"podAffinityTerm"`
// weight associated with matching the corresponding podAffinityTerm, in the range 1-100.
// Required: true
Weight *int32 `json:"weight"`
}
// Validate validates this zone affinity pod anti affinity preferred during scheduling ignored during execution items0
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePodAffinityTerm(formats); err != nil {
res = append(res, err)
}
if err := m.validateWeight(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validatePodAffinityTerm(formats strfmt.Registry) error {
if err := validate.Required("podAffinityTerm", "body", m.PodAffinityTerm); err != nil {
return err
}
if m.PodAffinityTerm != nil {
if err := m.PodAffinityTerm.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("podAffinityTerm")
}
return err
}
}
return nil
}
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) validateWeight(formats strfmt.Registry) error {
if err := validate.Required("weight", "body", m.Weight); err != nil {
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0) UnmarshalBinary(b []byte) error {
var res ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

63
models/zone_resources.go
View File

@@ -1,63 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ZoneResources If provided, use these requests and limit for cpu/memory resource allocation
//
// swagger:model zoneResources
type ZoneResources struct {
// Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Limits map[string]int64 `json:"limits,omitempty"`
// Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
Requests map[string]int64 `json:"requests,omitempty"`
}
// Validate validates this zone resources
func (m *ZoneResources) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *ZoneResources) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneResources) UnmarshalBinary(b []byte) error {
var res ZoneResources
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

106
models/zone_tolerations.go
View File

@@ -1,106 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2020 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"strconv"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ZoneTolerations Tolerations allows users to set entries like effect, key, operator, value.
//
// swagger:model zoneTolerations
type ZoneTolerations []*ZoneTolerationsItems0
// Validate validates this zone tolerations
func (m ZoneTolerations) Validate(formats strfmt.Registry) error {
var res []error
for i := 0; i < len(m); i++ {
if swag.IsZero(m[i]) { // not required
continue
}
if m[i] != nil {
if err := m[i].Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName(strconv.Itoa(i))
}
return err
}
}
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// ZoneTolerationsItems0 The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
//
// swagger:model ZoneTolerationsItems0
type ZoneTolerationsItems0 struct {
// Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
Effect string `json:"effect,omitempty"`
// Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
Key string `json:"key,omitempty"`
// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
Operator string `json:"operator,omitempty"`
// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
TolerationSeconds int64 `json:"tolerationSeconds,omitempty"`
// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
Value string `json:"value,omitempty"`
}
// Validate validates this zone tolerations items0
func (m *ZoneTolerationsItems0) Validate(formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *ZoneTolerationsItems0) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ZoneTolerationsItems0) UnmarshalBinary(b []byte) error {
var res ZoneTolerationsItems0
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

4
pkg/acl/config.go
View File

@@ -22,7 +22,7 @@ import (
"github.com/minio/minio/pkg/env"
)
// GetOperatorMode gets Console Operator mode status set on env variable or default one
// GetOperatorMode gets MCS Operator mode status set on env variable or default one
func GetOperatorMode() bool {
return strings.ToLower(env.Get(consoleOperatorMode, "off")) == "on"
return strings.ToLower(env.Get(mcsOperatorMode, "off")) == "on"
}

2
pkg/acl/const.go
View File

@@ -17,5 +17,5 @@
package acl
const (
consoleOperatorMode = "CONSOLE_OPERATOR_MODE"
mcsOperatorMode = "MCS_OPERATOR_MODE"
)

2
pkg/auth/idp.go
View File

@@ -19,7 +19,7 @@ package auth
import (
"context"
"github.com/minio/console/pkg/auth/idp/oauth2"
"github.com/minio/mcs/pkg/auth/idp/oauth2"
)
// IdentityProviderClient interface with all functions to be implemented

18
pkg/auth/idp/oauth2/config.go
View File

@@ -19,29 +19,29 @@
package oauth2
import (
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/mcs/pkg/auth/utils"
"github.com/minio/minio/pkg/env"
)
func GetIdpURL() string {
return env.Get(ConsoleIdpURL, "")
return env.Get(McsIdpURL, "")
}
func GetIdpClientID() string {
return env.Get(ConsoleIdpClientID, "")
return env.Get(McsIdpClientID, "")
}
func GetIdpSecret() string {
return env.Get(ConsoleIdpSecret, "")
return env.Get(McsIdpSecret, "")
}
// Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
func GetIdpCallbackURL() string {
return env.Get(ConsoleIdpCallbackURL, "")
return env.Get(McsIdpCallbackURL, "")
}
func GetIdpAdminRoles() string {
return env.Get(ConsoleIdpAdminRoles, "")
return env.Get(McsIdpAdminRoles, "")
}
func IsIdpEnabled() bool {
@@ -55,17 +55,17 @@ var defaultPassphraseForIdpHmac = utils.RandomCharString(64)
// GetPassphraseForIdpHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
func getPassphraseForIdpHmac() string {
return env.Get(ConsoleIdpHmacPassphrase, defaultPassphraseForIdpHmac)
return env.Get(McsIdpHmacPassphrase, defaultPassphraseForIdpHmac)
}
var defaultSaltForIdpHmac = utils.RandomCharString(64)
// GetSaltForIdpHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
func getSaltForIdpHmac() string {
return env.Get(ConsoleIdpHmacSalt, defaultSaltForIdpHmac)
return env.Get(McsIdpHmacSalt, defaultSaltForIdpHmac)
}
// GetSaltForIdpHmac returns the policy to be assigned to the users authenticating via an IDP
func GetIDPPolicyForUser() string {
return env.Get(ConsoleIdpPolicyUser, "consoleAdmin")
return env.Get(McsIdpPolicyUser, "mcsAdmin")
}

16
pkg/auth/idp/oauth2/const.go
View File

@@ -18,12 +18,12 @@ package oauth2
const (
// const for idp configuration
ConsoleIdpURL = "CONSOLE_IDP_URL"
ConsoleIdpClientID = "CONSOLE_IDP_CLIENT_ID"
ConsoleIdpSecret = "CONSOLE_IDP_SECRET"
ConsoleIdpCallbackURL = "CONSOLE_IDP_CALLBACK"
ConsoleIdpAdminRoles = "CONSOLE_IDP_ADMIN_ROLES"
ConsoleIdpHmacPassphrase = "CONSOLE_IDP_HMAC_PASSPHRASE"
ConsoleIdpHmacSalt = "CONSOLE_IDP_HMAC_SALT"
ConsoleIdpPolicyUser = "CONSOLE_IDP_POLICY_USER"
McsIdpURL = "MCS_IDP_URL"
McsIdpClientID = "MCS_IDP_CLIENT_ID"
McsIdpSecret = "MCS_IDP_SECRET"
McsIdpCallbackURL = "MCS_IDP_CALLBACK"
McsIdpAdminRoles = "MCS_IDP_ADMIN_ROLES"
McsIdpHmacPassphrase = "MCS_IDP_HMAC_PASSPHRASE"
McsIdpHmacSalt = "MCS_IDP_HMAC_SALT"
McsIdpPolicyUser = "MCS_IDP_POLICY_USER"
)

6
pkg/auth/idp/oauth2/provider.go
View File

@@ -28,7 +28,7 @@ import (
"strings"
"github.com/coreos/go-oidc"
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/mcs/pkg/auth/utils"
"golang.org/x/crypto/pbkdf2"
xoauth2 "golang.org/x/oauth2"
)
@@ -94,7 +94,7 @@ type Provider struct {
}
// derivedKey is the key used to compute the HMAC for signing the oauth state parameter
// its derived using pbkdf on CONSOLE_IDP_HMAC_PASSPHRASE with CONSOLE_IDP_HMAC_SALT
// its derived using pbkdf on MCS_IDP_HMAC_PASSPHRASE with MCS_IDP_HMAC_SALT
var derivedKey = pbkdf2.Key([]byte(getPassphraseForIdpHmac()), []byte(getSaltForIdpHmac()), 4096, 32, sha1.New)
// NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials
@@ -186,7 +186,7 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state string)
}
// validateOauth2State validates the provided state was originated using the same
// instance (or one configured using the same secrets) of Console, this is basically used to prevent CSRF attacks
// instance (or one configured using the same secrets) of MCS, this is basically used to prevent CSRF attacks
// https://security.stackexchange.com/questions/20187/oauth2-cross-site-request-forgery-and-state-parameter
func validateOauth2State(state string) bool {
// state contains a base64 encoded string that may ends with "==", the browser encodes that to "%3D%3D"

10
pkg/auth/jwt.go
View File

@@ -32,8 +32,8 @@ import (
jwtgo "github.com/dgrijalva/jwt-go"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
xjwt "github.com/minio/console/pkg/auth/jwt"
"github.com/minio/mcs/models"
xjwt "github.com/minio/mcs/pkg/auth/jwt"
"github.com/minio/minio-go/v7/pkg/credentials"
uuid "github.com/satori/go.uuid"
"golang.org/x/crypto/pbkdf2"
@@ -46,7 +46,7 @@ var (
errClaimsFormat = errors.New("encrypted jwt claims not in the right format")
)
// derivedKey is the key used to encrypt the JWT claims, its derived using pbkdf on CONSOLE_PBKDF_PASSPHRASE with CONSOLE_PBKDF_SALT
// derivedKey is the key used to encrypt the JWT claims, its derived using pbkdf on MCS_PBKDF_PASSPHRASE with MCS_PBKDF_SALT
var derivedKey = pbkdf2.Key([]byte(xjwt.GetPBKDFPassphrase()), []byte(xjwt.GetPBKDFSalt()), 4096, 32, sha1.New)
// IsJWTValid returns true or false depending if the provided jwt is valid or not
@@ -104,7 +104,7 @@ func NewJWTWithClaimsForClient(credentials *credentials.Value, actions []string,
return "", err
}
claims := xjwt.NewStandardClaims()
claims.SetExpiry(time.Now().UTC().Add(xjwt.GetConsoleSTSAndJWTDurationTime()))
claims.SetExpiry(time.Now().UTC().Add(xjwt.GetMcsSTSAndJWTDurationTime()))
claims.SetSubject(uuid.NewV4().String())
claims.SetData(encryptedClaims)
claims.SetAudience(audience)
@@ -216,7 +216,7 @@ func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
if err != nil {
return nil, err
}
// Perform decryption of the JWT, if Console is able to decrypt the JWT that means a valid session
// Perform decryption of the JWT, if MCS is able to decrypt the JWT that means a valid session
// was used in the first place to get it
claims, err := JWTAuthenticate(*sessionID)
if err != nil {

22
pkg/auth/jwt/config.go
View File

@@ -20,31 +20,31 @@ import (
"strconv"
"time"
"github.com/minio/console/pkg/auth/utils"
"github.com/minio/mcs/pkg/auth/utils"
"github.com/minio/minio/pkg/env"
)
// defaultHmacJWTPassphrase will be used by default if application is not configured with a custom CONSOLE_HMAC_JWT_SECRET secret
// defaultHmacJWTPassphrase will be used by default if application is not configured with a custom MCS_HMAC_JWT_SECRET secret
var defaultHmacJWTPassphrase = utils.RandomCharString(64)
// GetHmacJWTSecret returns the 64 bytes secret used for signing the generated JWT for the application
func GetHmacJWTSecret() string {
return env.Get(ConsoleHmacJWTSecret, defaultHmacJWTPassphrase)
return env.Get(McsHmacJWTSecret, defaultHmacJWTPassphrase)
}
// ConsoleSTSAndJWTDurationSeconds returns the default session duration for the STS requested tokens and the generated JWTs.
// McsSTSAndJWTDurationSeconds returns the default session duration for the STS requested tokens and the generated JWTs.
// Ideally both values should match so jwt and Minio sts sessions expires at the same time.
func GetConsoleSTSAndJWTDurationInSeconds() int {
duration, err := strconv.Atoi(env.Get(ConsoleSTSAndJWTDurationSeconds, "3600"))
func GetMcsSTSAndJWTDurationInSeconds() int {
duration, err := strconv.Atoi(env.Get(McsSTSAndJWTDurationSeconds, "3600"))
if err != nil {
duration = 3600
}
return duration
}
// GetConsoleSTSAndJWTDurationTime returns GetConsoleSTSAndJWTDurationInSeconds in duration format
func GetConsoleSTSAndJWTDurationTime() time.Duration {
duration := GetConsoleSTSAndJWTDurationInSeconds()
// GetMcsSTSAndJWTDurationTime returns GetMcsSTSAndJWTDurationInSeconds in duration format
func GetMcsSTSAndJWTDurationTime() time.Duration {
duration := GetMcsSTSAndJWTDurationInSeconds()
return time.Duration(duration) * time.Second
}
@@ -52,12 +52,12 @@ var defaultPBKDFPassphrase = utils.RandomCharString(64)
// GetPBKDFPassphrase returns passphrase for the pbkdf2 function used to encrypt JWT payload
func GetPBKDFPassphrase() string {
return env.Get(ConsolePBKDFPassphrase, defaultPBKDFPassphrase)
return env.Get(McsPBKDFPassphrase, defaultPBKDFPassphrase)
}
var defaultPBKDFSalt = utils.RandomCharString(64)
// GetPBKDFSalt returns salt for the pbkdf2 function used to encrypt JWT payload
func GetPBKDFSalt() string {
return env.Get(ConsolePBKDFSalt, defaultPBKDFSalt)
return env.Get(McsPBKDFSalt, defaultPBKDFSalt)
}

8
pkg/auth/jwt/const.go
View File

@@ -17,8 +17,8 @@
package jwt
const (
ConsoleHmacJWTSecret = "CONSOLE_HMAC_JWT_SECRET"
ConsoleSTSAndJWTDurationSeconds = "CONSOLE_STS_AND_JWT_DURATION_SECONDS"
ConsolePBKDFPassphrase = "CONSOLE_PBKDF_PASSPHRASE"
ConsolePBKDFSalt = "CONSOLE_PBKDF_SALT"
McsHmacJWTSecret = "MCS_HMAC_JWT_SECRET"
McsSTSAndJWTDurationSeconds = "MCS_STS_AND_JWT_DURATION_SECONDS"
McsPBKDFPassphrase = "MCS_PBKDF_PASSPHRASE"
McsPBKDFSalt = "MCS_PBKDF_SALT"
)

4
pkg/auth/ldap.go
View File

@@ -27,9 +27,9 @@ var (
errInvalidCredentials = errors.New("invalid Credentials")
)
// GetConsoleCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled
// GetMcsCredentialsFromLDAP authenticates the user against MinIO when the LDAP integration is enabled
// if the authentication succeed *credentials.Credentials object is returned and we continue with the normal STSAssumeRole flow
func GetConsoleCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error) {
func GetMcsCredentialsFromLDAP(endpoint, ldapUser, ldapPassword string) (*credentials.Credentials, error) {
creds, err := credentials.NewLDAPIdentity(endpoint, ldapUser, ldapPassword)
if err != nil {
log.Println("LDAP authentication error: ", err)

2
pkg/auth/ldap/config.go
View File

@@ -23,5 +23,5 @@ import (
)
func GetLDAPEnabled() bool {
return strings.ToLower(env.Get(ConsoleLDAPEnabled, "off")) == "on"
return strings.ToLower(env.Get(MCSLDAPEnabled, "off")) == "on"
}

2
pkg/auth/ldap/const.go
View File

@@ -18,5 +18,5 @@ package ldap
const (
// const for ldap configuration
ConsoleLDAPEnabled = "CONSOLE_LDAP_ENABLED"
MCSLDAPEnabled = "MCS_LDAP_ENABLED"
)

10
pkg/auth/operator.go
View File

@@ -20,7 +20,7 @@ import (
"context"
"log"
"github.com/minio/console/cluster"
"github.com/minio/mcs/cluster"
"github.com/minio/minio-go/v7/pkg/credentials"
operatorClientset "github.com/minio/operator/pkg/client/clientset/versioned"
)
@@ -30,7 +30,7 @@ type operatorCredentialsProvider struct {
serviceAccountJWT string
}
// Implementing the interfaces of the minio Provider, we use this to leverage on the existing console Authentication flow
// Implementing the interfaces of the minio Provider, we use this to leverage on the existing mcs Authentication flow
func (s operatorCredentialsProvider) Retrieve() (credentials.Value, error) {
return credentials.Value{
AccessKeyID: "",
@@ -65,7 +65,7 @@ func (c *operatorClient) Authenticate(ctx context.Context) ([]byte, error) {
}
// isServiceAccountTokenValid will make an authenticated request against kubernetes api, if the
// request success means the provided jwt its a valid service account token and the console user can use it for future
// request success means the provided jwt its a valid service account token and the MCS user can use it for future
// requests until it expires
func isServiceAccountTokenValid(ctx context.Context, operatorClient OperatorClient) bool {
_, err := operatorClient.Authenticate(ctx)
@@ -76,8 +76,8 @@ func isServiceAccountTokenValid(ctx context.Context, operatorClient OperatorClie
return true
}
// GetConsoleCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Credentials
func GetConsoleCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
// GetMcsCredentialsForOperator will validate the provided JWT (service account token) and return it in the form of credentials.Credentials
func GetMcsCredentialsForOperator(jwt string) (*credentials.Credentials, error) {
ctx := context.Background()
opClientClientSet, err := cluster.OperatorClient(jwt)
if err != nil {

2
pkg/auth/operator_test.go
View File

@@ -5,7 +5,7 @@ import (
"errors"
"testing"
"github.com/minio/console/cluster"
"github.com/minio/mcs/cluster"
operatorClientset "github.com/minio/operator/pkg/client/clientset/versioned"
)

2
pkg/clientgen/clientset/versioned/clientset.go
View File

@@ -21,7 +21,7 @@ package versioned
import (
"fmt"
networkingv1beta2 "github.com/minio/console/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
networkingv1beta2 "github.com/minio/mcs/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
discovery "k8s.io/client-go/discovery"
rest "k8s.io/client-go/rest"
flowcontrol "k8s.io/client-go/util/flowcontrol"

6
pkg/clientgen/clientset/versioned/fake/clientset_generated.go
View File

@@ -19,9 +19,9 @@ limitations under the License.
package fake
import (
clientset "github.com/minio/console/pkg/clientgen/clientset/versioned"
networkingv1beta2 "github.com/minio/console/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
fakenetworkingv1beta2 "github.com/minio/console/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake"
clientset "github.com/minio/mcs/pkg/clientgen/clientset/versioned"
networkingv1beta2 "github.com/minio/mcs/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
fakenetworkingv1beta2 "github.com/minio/mcs/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
"k8s.io/client-go/discovery"

2
pkg/clientgen/clientset/versioned/fake/register.go
View File

@@ -19,7 +19,7 @@ limitations under the License.
package fake
import (
networkingv1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
networkingv1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"

2
pkg/clientgen/clientset/versioned/scheme/register.go
View File

@@ -19,7 +19,7 @@ limitations under the License.
package scheme
import (
networkingv1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
networkingv1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"

2
pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake/fake_managedcertificate.go
View File

@@ -21,7 +21,7 @@ package fake
import (
"context"
v1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
v1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
labels "k8s.io/apimachinery/pkg/labels"
schema "k8s.io/apimachinery/pkg/runtime/schema"

2
pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/fake/fake_networking.gke.io_client.go
View File

@@ -19,7 +19,7 @@ limitations under the License.
package fake
import (
v1beta2 "github.com/minio/console/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
v1beta2 "github.com/minio/mcs/pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2"
rest "k8s.io/client-go/rest"
testing "k8s.io/client-go/testing"
)

4
pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/managedcertificate.go
View File

@@ -22,8 +22,8 @@ import (
"context"
"time"
v1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
scheme "github.com/minio/console/pkg/clientgen/clientset/versioned/scheme"
v1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
scheme "github.com/minio/mcs/pkg/clientgen/clientset/versioned/scheme"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
types "k8s.io/apimachinery/pkg/types"
watch "k8s.io/apimachinery/pkg/watch"

4
pkg/clientgen/clientset/versioned/typed/networking.gke.io/v1beta2/networking.gke.io_client.go
View File

@@ -19,8 +19,8 @@ limitations under the License.
package v1beta2
import (
v1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
"github.com/minio/console/pkg/clientgen/clientset/versioned/scheme"
v1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
"github.com/minio/mcs/pkg/clientgen/clientset/versioned/scheme"
rest "k8s.io/client-go/rest"
)

6
pkg/clientgen/informers/externalversions/factory.go
View File

@@ -23,9 +23,9 @@ import (
sync "sync"
time "time"
versioned "github.com/minio/console/pkg/clientgen/clientset/versioned"
internalinterfaces "github.com/minio/console/pkg/clientgen/informers/externalversions/internalinterfaces"
networkinggkeio "github.com/minio/console/pkg/clientgen/informers/externalversions/networking.gke.io"
versioned "github.com/minio/mcs/pkg/clientgen/clientset/versioned"
internalinterfaces "github.com/minio/mcs/pkg/clientgen/informers/externalversions/internalinterfaces"
networkinggkeio "github.com/minio/mcs/pkg/clientgen/informers/externalversions/networking.gke.io"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
schema "k8s.io/apimachinery/pkg/runtime/schema"

2
pkg/clientgen/informers/externalversions/generic.go
View File

@@ -21,7 +21,7 @@ package externalversions
import (
"fmt"
v1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
v1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
schema "k8s.io/apimachinery/pkg/runtime/schema"
cache "k8s.io/client-go/tools/cache"
)

2
pkg/clientgen/informers/externalversions/internalinterfaces/factory_interfaces.go
View File

@@ -21,7 +21,7 @@ package internalinterfaces
import (
time "time"
versioned "github.com/minio/console/pkg/clientgen/clientset/versioned"
versioned "github.com/minio/mcs/pkg/clientgen/clientset/versioned"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
cache "k8s.io/client-go/tools/cache"

4
pkg/clientgen/informers/externalversions/networking.gke.io/interface.go
View File

@@ -19,8 +19,8 @@ limitations under the License.
package networking
import (
internalinterfaces "github.com/minio/console/pkg/clientgen/informers/externalversions/internalinterfaces"
v1beta2 "github.com/minio/console/pkg/clientgen/informers/externalversions/networking.gke.io/v1beta2"
internalinterfaces "github.com/minio/mcs/pkg/clientgen/informers/externalversions/internalinterfaces"
v1beta2 "github.com/minio/mcs/pkg/clientgen/informers/externalversions/networking.gke.io/v1beta2"
)
// Interface provides access to each of this group's versions.

2
pkg/clientgen/informers/externalversions/networking.gke.io/v1beta2/interface.go
View File

@@ -19,7 +19,7 @@ limitations under the License.
package v1beta2
import (
internalinterfaces "github.com/minio/console/pkg/clientgen/informers/externalversions/internalinterfaces"
internalinterfaces "github.com/minio/mcs/pkg/clientgen/informers/externalversions/internalinterfaces"
)
// Interface provides access to all the informers in this group version.

8
pkg/clientgen/informers/externalversions/networking.gke.io/v1beta2/managedcertificate.go
View File

@@ -22,10 +22,10 @@ import (
"context"
time "time"
networkinggkeiov1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
versioned "github.com/minio/console/pkg/clientgen/clientset/versioned"
internalinterfaces "github.com/minio/console/pkg/clientgen/informers/externalversions/internalinterfaces"
v1beta2 "github.com/minio/console/pkg/clientgen/listers/networking.gke.io/v1beta2"
networkinggkeiov1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
versioned "github.com/minio/mcs/pkg/clientgen/clientset/versioned"
internalinterfaces "github.com/minio/mcs/pkg/clientgen/informers/externalversions/internalinterfaces"
v1beta2 "github.com/minio/mcs/pkg/clientgen/listers/networking.gke.io/v1beta2"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
runtime "k8s.io/apimachinery/pkg/runtime"
watch "k8s.io/apimachinery/pkg/watch"

2
pkg/clientgen/listers/networking.gke.io/v1beta2/managedcertificate.go
View File

@@ -19,7 +19,7 @@ limitations under the License.
package v1beta2
import (
v1beta2 "github.com/minio/console/pkg/apis/networking.gke.io/v1beta2"
v1beta2 "github.com/minio/mcs/pkg/apis/networking.gke.io/v1beta2"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/client-go/tools/cache"

255
portal-ui/bindata_assetfs.go
View File

File diff suppressed because one or more lines are too long

20
portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx
View File

@@ -110,7 +110,7 @@ const AddTenant = ({
const [mountPath, setMountPath] = useState<string>("");
const [accessKey, setAccessKey] = useState<string>("");
const [secretKey, setSecretKey] = useState<string>("");
const [enableConsole, setEnableConsole] = useState<boolean>(true);
const [enableMCS, setEnableMCS] = useState<boolean>(true);
const [enableSSL, setEnableSSL] = useState<boolean>(false);
const [sizeFactor, setSizeFactor] = useState<string>("Gi");
const [storageClasses, setStorageClassesList] = useState<Opts[]>([]);
@@ -275,7 +275,7 @@ const AddTenant = ({
service_name: tenantName,
image: imageName,
enable_ssl: enableSSL,
enable_console: enableConsole,
enable_mcs: enableMCS,
access_key: accessKey,
secret_key: secretKey,
volumes_per_server: volumesPerServer,
@@ -735,15 +735,15 @@ const AddTenant = ({
</div>
<Grid item xs={12}>
<CheckboxWrapper
value="enabled_console"
id="enabled_console"
name="enabled_console"
checked={enableConsole}
value="enabled_mcs"
id="enabled_mcs"
name="enabled_mcs"
checked={enableMCS}
onChange={(e) => {
const targetD = e.target;
const checked = targetD.checked;
setEnableConsole(checked);
setEnableMCS(checked);
}}
label={"Enable Console"}
/>
@@ -888,11 +888,9 @@ const AddTenant = ({
</TableRow>
<TableRow>
<TableCell align="right" className={classes.tableTitle}>
Enable Console
</TableCell>
<TableCell>
{enableConsole ? "Enabled" : "Disabled"}
Enable MCS
</TableCell>
<TableCell>{enableMCS ? "Enabled" : "Disabled"}</TableCell>
</TableRow>
</React.Fragment>
)}

8
restapi/admin_arns.go
View File

@@ -23,12 +23,12 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func registerAdminArnsHandlers(api *operations.ConsoleAPI) {
func registerAdminArnsHandlers(api *operations.McsAPI) {
// return a list of arns
api.AdminAPIArnListHandler = admin_api.ArnListHandlerFunc(func(params admin_api.ArnListParams, session *models.Principal) middleware.Responder {
arnsResp, err := getArnsResponse(session)

8
restapi/admin_config.go
View File

@@ -24,14 +24,14 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
madmin "github.com/minio/minio/pkg/madmin"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func registerConfigHandlers(api *operations.ConsoleAPI) {
func registerConfigHandlers(api *operations.McsAPI) {
// List Configurations
api.AdminAPIListConfigHandler = admin_api.ListConfigHandlerFunc(func(params admin_api.ListConfigParams, session *models.Principal) middleware.Responder {
configListResp, err := getListConfigResponse(session)

2
restapi/admin_config_test.go
View File

@@ -28,7 +28,7 @@ import (
"github.com/go-openapi/swag"
"github.com/stretchr/testify/assert"
"github.com/minio/console/models"
"github.com/minio/mcs/models"
"github.com/minio/minio/cmd/config"
"github.com/minio/minio/pkg/event/target"
"github.com/minio/minio/pkg/madmin"

8
restapi/admin_groups.go
View File

@@ -23,15 +23,15 @@ import (
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/restapi/operations"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/minio/pkg/madmin"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/restapi/operations/admin_api"
"github.com/minio/console/models"
"github.com/minio/mcs/models"
)
func registerGroupsHandlers(api *operations.ConsoleAPI) {
func registerGroupsHandlers(api *operations.McsAPI) {
// List Groups
api.AdminAPIListGroupsHandler = admin_api.ListGroupsHandlerFunc(func(params admin_api.ListGroupsParams, session *models.Principal) middleware.Responder {
listGroupsResponse, err := getListGroupsResponse(session)

2
restapi/admin_groups_test.go
View File

@@ -22,7 +22,7 @@ import (
"testing"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/mcs/models"
"github.com/minio/minio/pkg/madmin"
"github.com/stretchr/testify/assert"

8
restapi/admin_info.go
View File

@@ -23,12 +23,12 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func registerAdminInfoHandlers(api *operations.ConsoleAPI) {
func registerAdminInfoHandlers(api *operations.McsAPI) {
// return usage stats
api.AdminAPIAdminInfoHandler = admin_api.AdminInfoHandlerFunc(func(params admin_api.AdminInfoParams, session *models.Principal) middleware.Responder {
infoResp, err := getAdminInfoResponse(session)

8
restapi/admin_notification_endpoints.go
View File

@@ -24,12 +24,12 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func registerAdminNotificationEndpointsHandlers(api *operations.ConsoleAPI) {
func registerAdminNotificationEndpointsHandlers(api *operations.McsAPI) {
// return a list of notification endpoints
api.AdminAPINotificationEndpointListHandler = admin_api.NotificationEndpointListHandlerFunc(func(params admin_api.NotificationEndpointListParams, session *models.Principal) middleware.Responder {
notifEndpoints, err := getNotificationEndpointsResponse(session)

4
restapi/admin_notification_endpoints_test.go
View File

@@ -24,8 +24,8 @@ import (
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func Test_addNotificationEndpoint(t *testing.T) {

8
restapi/admin_policies.go
View File

@@ -26,13 +26,13 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
iampolicy "github.com/minio/minio/pkg/iam/policy"
)
func registersPoliciesHandler(api *operations.ConsoleAPI) {
func registersPoliciesHandler(api *operations.McsAPI) {
// List Policies
api.AdminAPIListPoliciesHandler = admin_api.ListPoliciesHandlerFunc(func(params admin_api.ListPoliciesParams, session *models.Principal) middleware.Responder {
listPoliciesResponse, err := getListPoliciesResponse(session)

4
restapi/admin_policies_test.go
View File

@@ -25,7 +25,7 @@ import (
"errors"
"github.com/minio/console/models"
"github.com/minio/mcs/models"
iampolicy "github.com/minio/minio/pkg/iam/policy"
"github.com/stretchr/testify/assert"
)
@@ -97,7 +97,7 @@ func TestRemovePolicy(t *testing.T) {
funcAssert := assert.New(t)
adminClient := adminClientMock{}
// Test-1 : removePolicy() remove an existing policy
policyToRemove := "console-policy"
policyToRemove := "mcs-policy"
minioRemovePolicyMock = func(name string) error {
return nil
}

8
restapi/admin_profiling.go
View File

@@ -26,13 +26,13 @@ import (
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
"github.com/minio/minio/pkg/madmin"
)
func registerProfilingHandler(api *operations.ConsoleAPI) {
func registerProfilingHandler(api *operations.McsAPI) {
// Start Profiling
api.AdminAPIProfilingStartHandler = admin_api.ProfilingStartHandlerFunc(func(params admin_api.ProfilingStartParams, session *models.Principal) middleware.Responder {
profilingStartResponse, err := getProfilingStartResponse(session, params.Body)

2
restapi/admin_profiling_test.go
View File

@@ -24,7 +24,7 @@ import (
"errors"
"github.com/minio/console/models"
"github.com/minio/mcs/models"
"github.com/minio/minio/pkg/madmin"
"github.com/stretchr/testify/assert"
)

8
restapi/admin_service.go
View File

@@ -23,13 +23,13 @@ import (
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/restapi/operations/admin_api"
)
func registerServiceHandlers(api *operations.ConsoleAPI) {
func registerServiceHandlers(api *operations.McsAPI) {
// Restart Service
api.AdminAPIRestartServiceHandler = admin_api.RestartServiceHandlerFunc(func(params admin_api.RestartServiceParams, session *models.Principal) middleware.Responder {
if err := getRestartServiceResponse(session); err != nil {

676
restapi/admin_tenants.go
View File

@@ -19,7 +19,6 @@ package restapi
import (
"context"
"encoding/json"
"errors"
"fmt"
"log"
"net"
@@ -34,19 +33,19 @@ import (
corev1 "k8s.io/api/core/v1"
"github.com/minio/console/cluster"
"github.com/minio/mcs/cluster"
madmin "github.com/minio/minio/pkg/madmin"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
operator "github.com/minio/operator/pkg/apis/minio.min.io/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func registerTenantHandlers(api *operations.ConsoleAPI) {
func registerTenantHandlers(api *operations.McsAPI) {
// Add Tenant
api.AdminAPICreateTenantHandler = admin_api.CreateTenantHandlerFunc(func(params admin_api.CreateTenantParams, session *models.Principal) middleware.Responder {
resp, err := getTenantCreatedResponse(session, params)
@@ -108,19 +107,10 @@ func registerTenantHandlers(api *operations.ConsoleAPI) {
err := getTenantAddZoneResponse(session, params)
if err != nil {
log.Println(err)
return admin_api.NewTenantAddZoneDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String("Unable to add zone")})
return admin_api.NewTenantAddZoneDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String("Unable to update tenant")})
}
return admin_api.NewTenantAddZoneCreated()
})
api.AdminAPIGetTenantUsageHandler = admin_api.GetTenantUsageHandlerFunc(func(params admin_api.GetTenantUsageParams, session *models.Principal) middleware.Responder {
payload, err := getTenantUsageResponse(session, params)
if err != nil {
log.Println(err)
return admin_api.NewGetTenantUsageDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String("Unable to get tenant usage")})
}
return admin_api.NewGetTenantUsageOK().WithPayload(payload)
})
}
// deleteTenantAction performs the actions of deleting a tenant
@@ -187,7 +177,7 @@ func getTenant(ctx context.Context, operatorClient OperatorClient, namespace, te
return minInst, nil
}
func getTenantInfo(tenant *operator.Tenant) *models.Tenant {
func getTenantInfo(tenant *operator.Tenant, tenantInfo *usageInfo) *models.Tenant {
var instanceCount int64
var volumeCount int64
for _, zone := range tenant.Spec.Zones {
@@ -199,7 +189,21 @@ func getTenantInfo(tenant *operator.Tenant) *models.Tenant {
var totalSize int64
for _, z := range tenant.Spec.Zones {
zones = append(zones, parseTenantZone(&z))
zoneModel := &models.Zone{
Name: z.Name,
Servers: swag.Int64(int64(z.Servers)),
VolumesPerServer: &z.VolumesPerServer,
VolumeConfiguration: &models.ZoneVolumeConfiguration{},
}
if z.VolumeClaimTemplate != nil {
zoneModel.VolumeConfiguration.Size = swag.Int64(z.VolumeClaimTemplate.Spec.Resources.Requests.Storage().Value())
if z.VolumeClaimTemplate.Spec.StorageClassName != nil {
zoneModel.VolumeConfiguration.StorageClassName = *z.VolumeClaimTemplate.Spec.StorageClassName
}
}
zones = append(zones, zoneModel)
zoneSize := int64(z.Servers) * int64(z.VolumesPerServer) * z.VolumeClaimTemplate.Spec.Resources.Requests.Storage().Value()
totalSize = totalSize + zoneSize
}
@@ -212,6 +216,7 @@ func getTenantInfo(tenant *operator.Tenant) *models.Tenant {
Zones: zones,
Namespace: tenant.ObjectMeta.Namespace,
Image: tenant.Spec.Image,
UsedSize: tenantInfo.DisksUsage,
}
}
@@ -224,18 +229,55 @@ func getTenantInfoResponse(session *models.Principal, params admin_api.TenantInf
if err != nil {
return nil, err
}
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
log.Println("error getting k8sClient:", err)
return nil, err
}
opClient := &operatorClient{
client: opClientClientSet,
}
k8sClient := &k8sClient{
client: clientset,
}
minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
if err != nil {
log.Println("error getting minioTenant:", err)
return nil, err
}
tenantScheme := getTenantScheme(minTenant)
info := getTenantInfo(minTenant)
svcName := minTenant.Spec.ServiceName
if svcName == "" {
svcName = minTenant.Name
// TODO:
// 1 get tenant services
// 2 filter out cluster ip svc
}
mAdmin, err := getTenantAdminClient(
ctx,
k8sClient,
params.Namespace,
params.Tenant,
svcName,
tenantScheme)
if err != nil {
log.Println("error getting tenant's admin client:", err)
return nil, err
}
// create a minioClient interface implementation
// defining the client to be used
adminClient := adminClient{client: mAdmin}
// serialize output
adminInfo, err := getAdminInfo(ctx, adminClient)
if err != nil {
log.Println("error getting admin info:", err)
return nil, err
}
info := getTenantInfo(minTenant, adminInfo)
return info, nil
}
@@ -255,34 +297,29 @@ func listTenants(ctx context.Context, operatorClient OperatorClient, namespace s
var tenants []*models.TenantList
for _, tenant := range minTenants.Items {
var totalSize int64
for _, minInst := range minTenants.Items {
var instanceCount int64
var volumeCount int64
for _, zone := range tenant.Spec.Zones {
for _, zone := range minInst.Spec.Zones {
instanceCount = instanceCount + int64(zone.Servers)
volumeCount = volumeCount + int64(zone.Servers*zone.VolumesPerServer)
if zone.VolumeClaimTemplate != nil {
zoneSize := int64(zone.VolumesPerServer) * int64(zone.Servers) * zone.VolumeClaimTemplate.Spec.Resources.Requests.Storage().Value()
totalSize = totalSize + zoneSize
}
}
tenants = append(tenants, &models.TenantList{
CreationDate: tenant.ObjectMeta.CreationTimestamp.String(),
Name: tenant.ObjectMeta.Name,
ZoneCount: int64(len(tenant.Spec.Zones)),
CreationDate: minInst.ObjectMeta.CreationTimestamp.String(),
Name: minInst.ObjectMeta.Name,
ZoneCount: int64(len(minInst.Spec.Zones)),
InstanceCount: instanceCount,
VolumeCount: volumeCount,
CurrentState: tenant.Status.CurrentState,
Namespace: tenant.ObjectMeta.Namespace,
TotalSize: totalSize,
CurrentState: minInst.Status.CurrentState,
Namespace: minInst.ObjectMeta.Namespace,
})
}
return &models.ListTenantsResponse{
Tenants: tenants,
Total: int64(len(tenants)),
Total: 0,
}, nil
}
@@ -332,13 +369,6 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
minioImage = *minImg
}
// get Kubernetes Client
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
return nil, err
}
ns := *params.Body.Namespace
// if access/secret are provided, use them, else create a random pair
accessKey := RandomCharString(16)
@@ -362,6 +392,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
},
}
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
return nil, err
}
ns := *params.Body.Namespace
_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
if err != nil {
return nil, err
@@ -371,9 +406,15 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
if params.Body.EnableSsl != nil {
enableSSL = *params.Body.EnableSsl
}
enableConsole := true
enableMCS := true
if params.Body.EnableConsole != nil {
enableConsole = *params.Body.EnableConsole
enableMCS = *params.Body.EnableConsole
}
// TODO: Calculate this ourselves?
memorySize, err := resource.ParseQuantity(getTenantMemorySize())
if err != nil {
return nil, err
}
//Construct a MinIO Instance with everything we are getting from parameters
@@ -391,25 +432,23 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
},
}
// optionals are set below
var consoleAccess string
var consoleSecret string
if enableConsole {
consoleSelector := fmt.Sprintf("%s-console", *params.Body.Name)
consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
consoleAccess = RandomCharString(16)
consoleSecret = RandomCharString(32)
if enableMCS {
mcsSelector := fmt.Sprintf("%s-mcs", *params.Body.Name)
mcsSecretName := fmt.Sprintf("%s-secret", mcsSelector)
imm := true
instanceSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: consoleSecretName,
Name: mcsSecretName,
},
Immutable: &imm,
Data: map[string][]byte{
"CONSOLE_HMAC_JWT_SECRET": []byte(RandomCharString(16)),
"CONSOLE_PBKDF_PASSPHRASE": []byte(RandomCharString(16)),
"CONSOLE_PBKDF_SALT": []byte(RandomCharString(8)),
"CONSOLE_ACCESS_KEY": []byte(consoleAccess),
"CONSOLE_SECRET_KEY": []byte(consoleSecret),
"MCS_HMAC_JWT_SECRET": []byte(RandomCharString(16)),
"MCS_PBKDF_PASSPHRASE": []byte(RandomCharString(16)),
"MCS_PBKDF_SALT": []byte(RandomCharString(8)),
"MCS_ACCESS_KEY": []byte(RandomCharString(16)),
"MCS_SECRET_KEY": []byte(RandomCharString(32)),
},
}
_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
@@ -417,11 +456,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
return nil, err
}
const consoleVersion = "minio/console:v0.3.0"
const consoleVersion = "minio/mcs:v0.2.1"
minInst.Spec.Console = &operator.ConsoleConfiguration{
Replicas: 2,
Image: consoleVersion,
ConsoleSecret: &corev1.LocalObjectReference{Name: consoleSecretName},
ConsoleSecret: &corev1.LocalObjectReference{Name: mcsSecretName},
}
}
@@ -430,12 +469,39 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
minInst.Spec.ServiceName = params.Body.ServiceName
}
// set the zones if they are provided
for _, zone := range params.Body.Zones {
zone, err := parseTenantZoneRequest(zone)
if err != nil {
return nil, err
if len(params.Body.Zones) > 0 {
for _, zone := range params.Body.Zones {
volumeSize := resource.NewQuantity(*zone.VolumeConfiguration.Size, resource.DecimalExponent)
volTemp := corev1.PersistentVolumeClaimSpec{
AccessModes: []corev1.PersistentVolumeAccessMode{
corev1.ReadWriteOnce,
},
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceStorage: *volumeSize,
},
},
}
if zone.VolumeConfiguration.StorageClassName != "" {
volTemp.StorageClassName = &zone.VolumeConfiguration.StorageClassName
}
minInst.Spec.Zones = append(minInst.Spec.Zones, operator.Zone{
Name: zone.Name,
Servers: int32(*zone.Servers),
VolumesPerServer: *zone.VolumesPerServer,
VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
ObjectMeta: metav1.ObjectMeta{
Name: "data",
},
Spec: volTemp,
},
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceMemory: memorySize,
},
},
})
}
minInst.Spec.Zones = append(minInst.Spec.Zones, *zone)
}
// Set Mount Path if provided
@@ -467,16 +533,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
return nil, err
}
}
response := &models.CreateTenantResponse{
return &models.CreateTenantResponse{
AccessKey: accessKey,
SecretKey: secretKey,
}
// Attach Console Credentials
if enableConsole {
response.Console.AccessKey = consoleAccess
response.Console.SecretKey = consoleSecret
}
return response, nil
}, nil
}
// updateTenantAction does an update on the minioTenant by patching the desired changes
@@ -534,23 +595,22 @@ func getUpdateTenantResponse(session *models.Principal, params admin_api.UpdateT
// addTenantZone creates a zone to a defined tenant
func addTenantZone(ctx context.Context, operatorClient OperatorClient, params admin_api.TenantAddZoneParams) error {
tenant, err := operatorClient.TenantGet(ctx, params.Namespace, params.Tenant, metav1.GetOptions{})
minInst, err := operatorClient.TenantGet(ctx, params.Namespace, params.Tenant, metav1.GetOptions{})
if err != nil {
return err
}
zoneParams := params.Body
zone, err := parseTenantZoneRequest(zoneParams)
if err != nil {
return err
}
tenant.Spec.Zones = append(tenant.Spec.Zones, *zone)
payloadBytes, err := json.Marshal(tenant)
minInst.Spec.Zones = append(minInst.Spec.Zones, operator.Zone{
Name: params.Body.Name,
Servers: int32(*params.Body.Servers),
})
payloadBytes, err := json.Marshal(minInst)
if err != nil {
return err
}
_, err = operatorClient.TenantPatch(ctx, params.Namespace, tenant.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{})
_, err = operatorClient.TenantPatch(ctx, params.Namespace, minInst.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{})
if err != nil {
return err
}
@@ -573,461 +633,3 @@ func getTenantAddZoneResponse(session *models.Principal, params admin_api.Tenant
}
return nil
}
// getTenantUsageResponse returns the usage of a tenant
func getTenantUsageResponse(session *models.Principal, params admin_api.GetTenantUsageParams) (*models.TenantUsage, error) {
// 5 seconds timeout
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
opClientClientSet, err := cluster.OperatorClient(session.SessionToken)
if err != nil {
return nil, err
}
clientset, err := cluster.K8sClient(session.SessionToken)
if err != nil {
log.Println("error getting k8sClient:", err)
return nil, err
}
opClient := &operatorClient{
client: opClientClientSet,
}
k8sClient := &k8sClient{
client: clientset,
}
minTenant, err := getTenant(ctx, opClient, params.Namespace, params.Tenant)
if err != nil {
log.Println("error getting minioTenant:", err)
return nil, err
}
tenantScheme := getTenantScheme(minTenant)
svcName := minTenant.Spec.ServiceName
if svcName == "" {
svcName = minTenant.Name
// TODO:
// 1 get tenant services
// 2 filter out cluster ip svc
}
mAdmin, err := getTenantAdminClient(
ctx,
k8sClient,
params.Namespace,
params.Tenant,
svcName,
tenantScheme)
if err != nil {
log.Println("error getting tenant's admin client:", err)
return nil, err
}
// create a minioClient interface implementation
// defining the client to be used
adminClient := adminClient{client: mAdmin}
// serialize output
adminInfo, err := getAdminInfo(ctx, adminClient)
if err != nil {
log.Println("error getting admin info:", err)
return nil, err
}
info := &models.TenantUsage{UsedSize: adminInfo.Usage}
return info, nil
}
// parseTenantZoneRequest parse zone request and returns the equivalent
// operator.Zone object
func parseTenantZoneRequest(zoneParams *models.Zone) (*operator.Zone, error) {
if zoneParams.VolumeConfiguration == nil {
return nil, errors.New("a volume configuration must be specified")
}
if zoneParams.VolumeConfiguration.Size == nil || *zoneParams.VolumeConfiguration.Size <= int64(0) {
return nil, errors.New("volume size must be greater than 0")
}
if zoneParams.Servers == nil || *zoneParams.Servers <= 0 {
return nil, errors.New("number of servers must be greater than 0")
}
if zoneParams.VolumesPerServer == nil || *zoneParams.VolumesPerServer <= 0 {
return nil, errors.New("number of volumes per server must be greater than 0")
}
volumeSize := resource.NewQuantity(*zoneParams.VolumeConfiguration.Size, resource.DecimalExponent)
volTemp := corev1.PersistentVolumeClaimSpec{
AccessModes: []corev1.PersistentVolumeAccessMode{
corev1.ReadWriteOnce,
},
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceStorage: *volumeSize,
},
},
}
if zoneParams.VolumeConfiguration.StorageClassName != "" {
volTemp.StorageClassName = &zoneParams.VolumeConfiguration.StorageClassName
}
// parse resources' requests
var resourcesRequests corev1.ResourceList
var resourcesLimits corev1.ResourceList
if zoneParams.Resources != nil {
for key, val := range zoneParams.Resources.Requests {
resourcesRequests[corev1.ResourceName(key)] = *resource.NewQuantity(val, resource.BinarySI)
}
for key, val := range zoneParams.Resources.Limits {
resourcesLimits[corev1.ResourceName(key)] = *resource.NewQuantity(val, resource.BinarySI)
}
}
// parse Node Affinity
nodeSelectorTerms := []corev1.NodeSelectorTerm{}
preferredSchedulingTerm := []corev1.PreferredSchedulingTerm{}
if zoneParams.Affinity != nil && zoneParams.Affinity.NodeAffinity != nil {
if zoneParams.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil {
for _, elem := range zoneParams.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms {
term := parseModelsNodeSelectorTerm(elem)
nodeSelectorTerms = append(nodeSelectorTerms, term)
}
}
for _, elem := range zoneParams.Affinity.NodeAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
pst := corev1.PreferredSchedulingTerm{
Weight: *elem.Weight,
Preference: parseModelsNodeSelectorTerm(elem.Preference),
}
preferredSchedulingTerm = append(preferredSchedulingTerm, pst)
}
}
var nodeAffinity *corev1.NodeAffinity
if len(nodeSelectorTerms) > 0 || len(preferredSchedulingTerm) > 0 {
nodeAffinity = &corev1.NodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &corev1.NodeSelector{
NodeSelectorTerms: nodeSelectorTerms,
},
PreferredDuringSchedulingIgnoredDuringExecution: preferredSchedulingTerm,
}
}
// parse Pod Affinity
podAffinityTerms := []corev1.PodAffinityTerm{}
weightedPodAffinityTerms := []corev1.WeightedPodAffinityTerm{}
if zoneParams.Affinity != nil && zoneParams.Affinity.PodAffinity != nil {
for _, elem := range zoneParams.Affinity.PodAffinity.RequiredDuringSchedulingIgnoredDuringExecution {
podAffinityTerms = append(podAffinityTerms, parseModelPodAffinityTerm(elem))
}
for _, elem := range zoneParams.Affinity.PodAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
wAffinityTerm := corev1.WeightedPodAffinityTerm{
Weight: *elem.Weight,
PodAffinityTerm: parseModelPodAffinityTerm(elem.PodAffinityTerm),
}
weightedPodAffinityTerms = append(weightedPodAffinityTerms, wAffinityTerm)
}
}
var podAffinity *corev1.PodAffinity
if len(podAffinityTerms) > 0 || len(weightedPodAffinityTerms) > 0 {
podAffinity = &corev1.PodAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: podAffinityTerms,
PreferredDuringSchedulingIgnoredDuringExecution: weightedPodAffinityTerms,
}
}
// parse Pod Anti Affinity
podAntiAffinityTerms := []corev1.PodAffinityTerm{}
weightedPodAntiAffinityTerms := []corev1.WeightedPodAffinityTerm{}
if zoneParams.Affinity != nil && zoneParams.Affinity.PodAntiAffinity != nil {
for _, elem := range zoneParams.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution {
podAntiAffinityTerms = append(podAntiAffinityTerms, parseModelPodAffinityTerm(elem))
}
for _, elem := range zoneParams.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
wAffinityTerm := corev1.WeightedPodAffinityTerm{
Weight: *elem.Weight,
PodAffinityTerm: parseModelPodAffinityTerm(elem.PodAffinityTerm),
}
weightedPodAntiAffinityTerms = append(weightedPodAntiAffinityTerms, wAffinityTerm)
}
}
var podAntiAffinity *corev1.PodAntiAffinity
if len(podAntiAffinityTerms) > 0 || len(weightedPodAntiAffinityTerms) > 0 {
podAntiAffinity = &corev1.PodAntiAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: podAntiAffinityTerms,
PreferredDuringSchedulingIgnoredDuringExecution: weightedPodAntiAffinityTerms,
}
}
var affinity *corev1.Affinity
if nodeAffinity != nil || podAffinity != nil || podAntiAffinity != nil {
affinity = &corev1.Affinity{
NodeAffinity: nodeAffinity,
PodAffinity: podAffinity,
PodAntiAffinity: podAntiAffinity,
}
}
// parse tolerations
tolerations := []corev1.Toleration{}
for _, elem := range zoneParams.Tolerations {
toleration := corev1.Toleration{
Key: elem.Key,
Operator: corev1.TolerationOperator(elem.Operator),
Value: elem.Value,
Effect: corev1.TaintEffect(elem.Effect),
TolerationSeconds: &elem.TolerationSeconds,
}
tolerations = append(tolerations, toleration)
}
zone := &operator.Zone{
Name: zoneParams.Name,
Servers: int32(*zoneParams.Servers),
VolumesPerServer: *zoneParams.VolumesPerServer,
VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
ObjectMeta: metav1.ObjectMeta{
Name: "data",
},
Spec: volTemp,
},
Resources: corev1.ResourceRequirements{
Requests: resourcesRequests,
Limits: resourcesLimits,
},
NodeSelector: zoneParams.NodeSelector,
Affinity: affinity,
Tolerations: tolerations,
}
return zone, nil
}
func parseModelPodAffinityTerm(term *models.PodAffinityTerm) corev1.PodAffinityTerm {
labelMatchExpressions := []metav1.LabelSelectorRequirement{}
for _, exp := range term.LabelSelector.MatchExpressions {
labelSelectorReq := metav1.LabelSelectorRequirement{
Key: *exp.Key,
Operator: metav1.LabelSelectorOperator(*exp.Operator),
Values: exp.Values,
}
labelMatchExpressions = append(labelMatchExpressions, labelSelectorReq)
}
podAffinityTerm := corev1.PodAffinityTerm{
LabelSelector: &metav1.LabelSelector{
MatchExpressions: labelMatchExpressions,
MatchLabels: term.LabelSelector.MatchLabels,
},
Namespaces: term.Namespaces,
TopologyKey: *term.TopologyKey,
}
return podAffinityTerm
}
func parseModelsNodeSelectorTerm(elem *models.NodeSelectorTerm) corev1.NodeSelectorTerm {
var term corev1.NodeSelectorTerm
for _, matchExpression := range elem.MatchExpressions {
matchExp := corev1.NodeSelectorRequirement{
Key: *matchExpression.Key,
Operator: corev1.NodeSelectorOperator(*matchExpression.Operator),
Values: matchExpression.Values,
}
term.MatchExpressions = append(term.MatchExpressions, matchExp)
}
for _, matchField := range elem.MatchFields {
matchF := corev1.NodeSelectorRequirement{
Key: *matchField.Key,
Operator: corev1.NodeSelectorOperator(*matchField.Operator),
Values: matchField.Values,
}
term.MatchFields = append(term.MatchFields, matchF)
}
return term
}
// parseTenantZone operator Zone object and returns the equivalent
// models.Zone object
func parseTenantZone(zone *operator.Zone) *models.Zone {
var size *int64
var storageClassName string
if zone.VolumeClaimTemplate != nil {
size = swag.Int64(zone.VolumeClaimTemplate.Spec.Resources.Requests.Storage().Value())
if zone.VolumeClaimTemplate.Spec.StorageClassName != nil {
storageClassName = *zone.VolumeClaimTemplate.Spec.StorageClassName
}
}
// parse resources' requests
var resources *models.ZoneResources
resourcesRequests := make(map[string]int64)
resourcesLimits := make(map[string]int64)
for key, val := range zone.Resources.Requests {
resourcesRequests[key.String()] = val.Value()
}
for key, val := range zone.Resources.Limits {
resourcesLimits[key.String()] = val.Value()
}
if len(resourcesRequests) > 0 || len(resourcesLimits) > 0 {
resources = &models.ZoneResources{
Limits: resourcesLimits,
Requests: resourcesRequests,
}
}
// parse Node Affinity
nodeSelectorTerms := []*models.NodeSelectorTerm{}
preferredSchedulingTerm := []*models.ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{}
if zone.Affinity != nil && zone.Affinity.NodeAffinity != nil {
if zone.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil {
for _, elem := range zone.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms {
term := parseNodeSelectorTerm(&elem)
nodeSelectorTerms = append(nodeSelectorTerms, term)
}
}
for _, elem := range zone.Affinity.NodeAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
pst := &models.ZoneAffinityNodeAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{
Weight: swag.Int32(elem.Weight),
Preference: parseNodeSelectorTerm(&elem.Preference),
}
preferredSchedulingTerm = append(preferredSchedulingTerm, pst)
}
}
var nodeAffinity *models.ZoneAffinityNodeAffinity
if len(nodeSelectorTerms) > 0 || len(preferredSchedulingTerm) > 0 {
nodeAffinity = &models.ZoneAffinityNodeAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: &models.ZoneAffinityNodeAffinityRequiredDuringSchedulingIgnoredDuringExecution{
NodeSelectorTerms: nodeSelectorTerms,
},
PreferredDuringSchedulingIgnoredDuringExecution: preferredSchedulingTerm,
}
}
// parse Pod Affinity
podAffinityTerms := []*models.PodAffinityTerm{}
weightedPodAffinityTerms := []*models.ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{}
if zone.Affinity != nil && zone.Affinity.PodAffinity != nil {
for _, elem := range zone.Affinity.PodAffinity.RequiredDuringSchedulingIgnoredDuringExecution {
podAffinityTerms = append(podAffinityTerms, parsePodAffinityTerm(&elem))
}
for _, elem := range zone.Affinity.PodAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
wAffinityTerm := &models.ZoneAffinityPodAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{
Weight: swag.Int32(elem.Weight),
PodAffinityTerm: parsePodAffinityTerm(&elem.PodAffinityTerm),
}
weightedPodAffinityTerms = append(weightedPodAffinityTerms, wAffinityTerm)
}
}
var podAffinity *models.ZoneAffinityPodAffinity
if len(podAffinityTerms) > 0 || len(weightedPodAffinityTerms) > 0 {
podAffinity = &models.ZoneAffinityPodAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: podAffinityTerms,
PreferredDuringSchedulingIgnoredDuringExecution: weightedPodAffinityTerms,
}
}
// parse Pod Anti Affinity
podAntiAffinityTerms := []*models.PodAffinityTerm{}
weightedPodAntiAffinityTerms := []*models.ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{}
if zone.Affinity != nil && zone.Affinity.PodAntiAffinity != nil {
for _, elem := range zone.Affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution {
podAntiAffinityTerms = append(podAntiAffinityTerms, parsePodAffinityTerm(&elem))
}
for _, elem := range zone.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution {
wAffinityTerm := &models.ZoneAffinityPodAntiAffinityPreferredDuringSchedulingIgnoredDuringExecutionItems0{
Weight: swag.Int32(elem.Weight),
PodAffinityTerm: parsePodAffinityTerm(&elem.PodAffinityTerm),
}
weightedPodAntiAffinityTerms = append(weightedPodAntiAffinityTerms, wAffinityTerm)
}
}
var podAntiAffinity *models.ZoneAffinityPodAntiAffinity
if len(podAntiAffinityTerms) > 0 || len(weightedPodAntiAffinityTerms) > 0 {
podAntiAffinity = &models.ZoneAffinityPodAntiAffinity{
RequiredDuringSchedulingIgnoredDuringExecution: podAntiAffinityTerms,
PreferredDuringSchedulingIgnoredDuringExecution: weightedPodAntiAffinityTerms,
}
}
// build affinity object
var affinity *models.ZoneAffinity
if nodeAffinity != nil || podAffinity != nil || podAntiAffinity != nil {
affinity = &models.ZoneAffinity{
NodeAffinity: nodeAffinity,
PodAffinity: podAffinity,
PodAntiAffinity: podAntiAffinity,
}
}
// parse tolerations
var tolerations models.ZoneTolerations
for _, elem := range zone.Tolerations {
toleration := &models.ZoneTolerationsItems0{
Key: elem.Key,
Operator: string(elem.Operator),
Value: elem.Value,
Effect: string(elem.Effect),
TolerationSeconds: *elem.TolerationSeconds,
}
tolerations = append(tolerations, toleration)
}
zoneModel := &models.Zone{
Name: zone.Name,
Servers: swag.Int64(int64(zone.Servers)),
VolumesPerServer: swag.Int32(zone.VolumesPerServer),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: size,
StorageClassName: storageClassName,
},
NodeSelector: zone.NodeSelector,
Resources: resources,
Affinity: affinity,
Tolerations: tolerations,
}
return zoneModel
}
func parsePodAffinityTerm(term *corev1.PodAffinityTerm) *models.PodAffinityTerm {
labelMatchExpressions := []*models.PodAffinityTermLabelSelectorMatchExpressionsItems0{}
for _, exp := range term.LabelSelector.MatchExpressions {
labelSelectorReq := &models.PodAffinityTermLabelSelectorMatchExpressionsItems0{
Key: swag.String(exp.Key),
Operator: swag.String(string(exp.Operator)),
Values: exp.Values,
}
labelMatchExpressions = append(labelMatchExpressions, labelSelectorReq)
}
podAffinityTerm := &models.PodAffinityTerm{
LabelSelector: &models.PodAffinityTermLabelSelector{
MatchExpressions: labelMatchExpressions,
MatchLabels: term.LabelSelector.MatchLabels,
},
Namespaces: term.Namespaces,
TopologyKey: swag.String(term.TopologyKey),
}
return podAffinityTerm
}
func parseNodeSelectorTerm(term *corev1.NodeSelectorTerm) *models.NodeSelectorTerm {
var t models.NodeSelectorTerm
for _, matchExpression := range term.MatchExpressions {
matchExp := &models.NodeSelectorTermMatchExpressionsItems0{
Key: swag.String(matchExpression.Key),
Operator: swag.String(string(matchExpression.Operator)),
Values: matchExpression.Values,
}
t.MatchExpressions = append(t.MatchExpressions, matchExp)
}
for _, matchField := range term.MatchFields {
matchF := &models.NodeSelectorTermMatchFieldsItems0{
Key: swag.String(matchField.Key),
Operator: swag.String(string(matchField.Operator)),
Values: matchField.Values,
}
t.MatchFields = append(t.MatchFields, matchF)
}
return &t
}

91
restapi/admin_tenants_test.go
View File

@@ -27,9 +27,9 @@ import (
"testing"
"github.com/go-openapi/swag"
"github.com/minio/console/cluster"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/cluster"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations/admin_api"
operator "github.com/minio/operator/pkg/apis/minio.min.io/v1"
v1 "github.com/minio/operator/pkg/apis/minio.min.io/v1"
corev1 "k8s.io/api/core/v1"
@@ -315,12 +315,13 @@ func Test_TenantInfo(t *testing.T) {
},
Namespace: "minio-ns",
Image: "minio/minio:RELEASE.2020-06-14T18-32-17Z",
UsedSize: int64(1024),
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := getTenantInfo(tt.args.minioTenant)
got := getTenantInfo(tt.args.minioTenant, tt.args.tenantInfo)
if !reflect.DeepEqual(got, tt.want) {
ji, _ := json.Marshal(got)
vi, _ := json.Marshal(tt.want)
@@ -414,92 +415,10 @@ func Test_TenantAddZone(t *testing.T) {
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: false,
}, {
name: "Add zone, error size",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(0),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: true,
},
{
name: "Add zone, error servers negative",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(-1)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(4),
},
},
},
wantErr: true,
},
{
name: "Add zone, error volumes per server negative",
args: args{
ctx: context.Background(),
operatorClient: opClient,
nameSpace: "default",
mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
mockTenantGet: func(ctx context.Context, namespace string, tenantName string, options metav1.GetOptions) (*v1.Tenant, error) {
return &v1.Tenant{}, nil
},
params: admin_api.TenantAddZoneParams{
Body: &models.Zone{
Name: "zone-1",
Servers: swag.Int64(int64(4)),
VolumeConfiguration: &models.ZoneVolumeConfiguration{
Size: swag.Int64(2147483648),
StorageClassName: "standard",
},
VolumesPerServer: swag.Int32(-1),
},
},
},
wantErr: true,
},
{
name: "Error on patch, handle error",

8
restapi/admin_users.go
View File

@@ -20,9 +20,9 @@ import (
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/swag"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/mcs/models"
"github.com/minio/mcs/restapi/operations"
"github.com/minio/mcs/restapi/operations/admin_api"
"github.com/minio/minio/pkg/madmin"
"context"
@@ -31,7 +31,7 @@ import (
"strings"
)
func registerUsersHandlers(api *operations.ConsoleAPI) {
func registerUsersHandlers(api *operations.McsAPI) {
// List Users
api.AdminAPIListUsersHandler = admin_api.ListUsersHandlerFunc(func(params admin_api.ListUsersParams, session *models.Principal) middleware.Responder {
listUsersResponse, err := getListUsersResponse(session)

6
restapi/client-admin.go
View File

@@ -22,16 +22,16 @@ import (
"path/filepath"
"runtime"
"github.com/minio/console/models"
mcCmd "github.com/minio/mc/cmd"
"github.com/minio/mc/pkg/probe"
"github.com/minio/mcs/models"
"github.com/minio/minio-go/v7/pkg/credentials"
mauth "github.com/minio/minio/pkg/auth"
iampolicy "github.com/minio/minio/pkg/iam/policy"
"github.com/minio/minio/pkg/madmin"
)
const globalAppName = "console"
const globalAppName = "mcs"
// NewAdminClient gives a new client interface
func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *probe.Error) {
@@ -42,7 +42,7 @@ func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *pro
AccessKey: accessKey,
SecretKey: secretKey,
AppName: appName,
AppVersion: ConsoleVersion,
AppVersion: McsVersion,
AppComments: []string{appName, runtime.GOOS, runtime.GOARCH},
Insecure: false,
})

78
restapi/client.go
View File

@@ -23,13 +23,13 @@ import (
"errors"
"github.com/minio/console/models"
"github.com/minio/console/pkg/acl"
"github.com/minio/console/pkg/auth"
xjwt "github.com/minio/console/pkg/auth/jwt"
"github.com/minio/console/pkg/auth/ldap"
mc "github.com/minio/mc/cmd"
"github.com/minio/mc/pkg/probe"
"github.com/minio/mcs/models"
"github.com/minio/mcs/pkg/acl"
"github.com/minio/mcs/pkg/auth"
xjwt "github.com/minio/mcs/pkg/auth/jwt"
"github.com/minio/mcs/pkg/auth/ldap"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/minio/minio-go/v7/pkg/notification"
@@ -93,10 +93,10 @@ func (c minioClient) getBucketPolicy(ctx context.Context, bucketName string) (st
return c.client.GetBucketPolicy(ctx, bucketName)
}
// MCClient interface with all functions to be implemented
// MCS3Client interface with all functions to be implemented
// by mock when testing, it should include all mc/S3Client respective api calls
// that are used within this project.
type MCClient interface {
type MCS3Client interface {
addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error
removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error
watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error)
@@ -106,59 +106,59 @@ type MCClient interface {
//
// Define the structure of a mc S3Client and define the functions that are actually used
// from mcS3client api.
type mcClient struct {
type mcS3Client struct {
client *mc.S3Client
}
// implements S3Client.AddNotificationConfig()
func (c mcClient) addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error {
func (c mcS3Client) addNotificationConfig(ctx context.Context, arn string, events []string, prefix, suffix string, ignoreExisting bool) *probe.Error {
return c.client.AddNotificationConfig(ctx, arn, events, prefix, suffix, ignoreExisting)
}
// implements S3Client.RemoveNotificationConfig()
func (c mcClient) removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error {
func (c mcS3Client) removeNotificationConfig(ctx context.Context, arn string, event string, prefix string, suffix string) *probe.Error {
return c.client.RemoveNotificationConfig(ctx, arn, event, prefix, suffix)
}
func (c mcClient) watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error) {
func (c mcS3Client) watch(ctx context.Context, options mc.WatchOptions) (*mc.WatchObject, *probe.Error) {
return c.client.Watch(ctx, options)
}
// ConsoleCredentials interface with all functions to be implemented
// by mock when testing, it should include all needed consoleCredentials.Credentials api calls
// MCSCredentials interface with all functions to be implemented
// by mock when testing, it should include all needed mcsCredentials.Credentials api calls
// that are used within this project.
type ConsoleCredentials interface {
type MCSCredentials interface {
Get() (credentials.Value, error)
Expire()
}
// Interface implementation
type consoleCredentials struct {
consoleCredentials *credentials.Credentials
type mcsCredentials struct {
mcsCredentials *credentials.Credentials
}
// implements *Credentials.Get()
func (c consoleCredentials) Get() (credentials.Value, error) {
return c.consoleCredentials.Get()
func (c mcsCredentials) Get() (credentials.Value, error) {
return c.mcsCredentials.Get()
}
// implements *Credentials.Expire()
func (c consoleCredentials) Expire() {
c.consoleCredentials.Expire()
func (c mcsCredentials) Expire() {
c.mcsCredentials.Expire()
}
// consoleSTSAssumeRole it's a STSAssumeRole wrapper, in general
// mcsSTSAssumeRole it's a STSAssumeRole wrapper, in general
// there's no need to use this struct anywhere else in the project, it's only required
// for passing a custom *http.Client to *credentials.STSAssumeRole
type consoleSTSAssumeRole struct {
type mcsSTSAssumeRole struct {
stsAssumeRole *credentials.STSAssumeRole
}
func (s consoleSTSAssumeRole) Retrieve() (credentials.Value, error) {
func (s mcsSTSAssumeRole) Retrieve() (credentials.Value, error) {
return s.stsAssumeRole.Retrieve()
}
func (s consoleSTSAssumeRole) IsExpired() bool {
func (s mcsSTSAssumeRole) IsExpired() bool {
return s.stsAssumeRole.IsExpired()
}
@@ -168,31 +168,31 @@ var (
MinioEndpoint = getMinIOServer()
)
func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error) {
func newMcsCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error) {
// Future authentication methods can be added under this switch statement
switch {
// authentication for Operator Console
case acl.GetOperatorMode():
{
creds, err := auth.GetConsoleCredentialsForOperator(secretKey)
creds, err := auth.GetMcsCredentialsForOperator(secretKey)
if err != nil {
return nil, err
}
return creds, nil
}
// LDAP authentication for Console
// LDAP authentication for MCS
case ldap.GetLDAPEnabled():
{
if MinioEndpoint == "" {
return nil, errors.New("endpoint cannot be empty for AssumeRoleSTS")
}
creds, err := auth.GetConsoleCredentialsFromLDAP(MinioEndpoint, accessKey, secretKey)
creds, err := auth.GetMcsCredentialsFromLDAP(MinioEndpoint, accessKey, secretKey)
if err != nil {
return nil, err
}
return creds, nil
}
// default authentication for Console is via STS (Security Token Service) against MinIO
// default authentication for MCS is via STS (Security Token Service) against MinIO
default:
{
if MinioEndpoint == "" || accessKey == "" || secretKey == "" {
@@ -202,15 +202,15 @@ func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.
AccessKey: accessKey,
SecretKey: secretKey,
Location: location,
DurationSeconds: xjwt.GetConsoleSTSAndJWTDurationInSeconds(),
DurationSeconds: xjwt.GetMcsSTSAndJWTDurationInSeconds(),
}
stsAssumeRole := &credentials.STSAssumeRole{
Client: STSClient,
STSEndpoint: MinioEndpoint,
Options: opts,
}
consoleSTSWrapper := consoleSTSAssumeRole{stsAssumeRole: stsAssumeRole}
return credentials.New(consoleSTSWrapper), nil
mcsSTSWrapper := mcsSTSAssumeRole{stsAssumeRole: stsAssumeRole}
return credentials.New(mcsSTSWrapper), nil
}
}
}
@@ -224,16 +224,16 @@ func GetClaimsFromJWT(jwt string) (*auth.DecryptedClaims, error) {
return claims, nil
}
// getConsoleCredentialsFromSession returns the *consoleCredentials.Credentials associated to the
// getMcsCredentialsFromSession returns the *mcsCredentials.Credentials associated to the
// provided jwt, this is useful for running the Expire() or IsExpired() operations
func getConsoleCredentialsFromSession(claims *models.Principal) *credentials.Credentials {
func getMcsCredentialsFromSession(claims *models.Principal) *credentials.Credentials {
return credentials.NewStaticV4(claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken)
}
// newMinioClient creates a new MinIO client based on the consoleCredentials extracted
// newMinioClient creates a new MinIO client based on the mcsCredentials extracted
// from the provided jwt
func newMinioClient(claims *models.Principal) (*minio.Client, error) {
creds := getConsoleCredentialsFromSession(claims)
creds := getMcsCredentialsFromSession(claims)
minioClient, err := minio.New(getMinIOEndpoint(), &minio.Options{
Creds: creds,
Secure: getMinIOEndpointIsSecure(),
@@ -275,11 +275,11 @@ func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Clien
// parameters.
func newS3Config(endpoint, accessKey, secretKey, sessionToken string, isSecure bool) *mc.Config {
// We have a valid alias and hostConfig. We populate the
// consoleCredentials from the match found in the config file.
// mcsCredentials from the match found in the config file.
s3Config := new(mc.Config)
s3Config.AppName = "console" // TODO: make this a constant
s3Config.AppVersion = "" // TODO: get this from constant or build
s3Config.AppName = "mcs" // TODO: make this a constant
s3Config.AppVersion = "" // TODO: get this from constant or build
s3Config.AppComments = []string{}
s3Config.Debug = false
s3Config.Insecure = isSecure

86
restapi/config.go
View File

@@ -24,37 +24,41 @@ import (
"github.com/minio/minio/pkg/env"
)
// Port console default port
// Port mcs default port
var Port = "9090"
// Hostname console hostname
// Hostname mcs hostname
var Hostname = "0.0.0.0"
// TLSHostname console tls hostname
// TLSHostname mcs tls hostname
var TLSHostname = "0.0.0.0"
// TLSPort console tls port
// TLSPort mcs tls port
var TLSPort = "9443"
// TLSRedirect console tls redirect rule
// TLSRedirect mcs tls redirect rule
var TLSRedirect = "off"
// defaultTenantMemorySize default value used
// when generating minioTenant request
var defaultTenantMemorySize = "16Gi"
func getAccessKey() string {
return env.Get(ConsoleAccessKey, "minioadmin")
return env.Get(McsAccessKey, "minioadmin")
}
func getSecretKey() string {
return env.Get(ConsoleSecretKey, "minioadmin")
return env.Get(McsSecretKey, "minioadmin")
}
func getMinIOServer() string {
return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
return strings.TrimSpace(env.Get(McsMinIOServer, "http://localhost:9000"))
}
// If CONSOLE_MINIO_SERVER_TLS_ROOT_CAS is true console will load a list of certificates into the
// If MCS_MINIO_SERVER_TLS_ROOT_CAS is true mcs will load a list of certificates into the
// http.client rootCAs store, this is useful for testing or when working with self-signed certificates
func getMinioServerTLSRootCAs() []string {
caCertFileNames := strings.TrimSpace(env.Get(ConsoleMinIOServerTLSRootCAs, ""))
caCertFileNames := strings.TrimSpace(env.Get(McsMinIOServerTLSRootCAs, ""))
if caCertFileNames == "" {
return []string{}
}
@@ -86,35 +90,35 @@ func getMinIOEndpointIsSecure() bool {
}
func getProductionMode() bool {
return strings.ToLower(env.Get(ConsoleProductionMode, "on")) == "on"
return strings.ToLower(env.Get(McsProductionMode, "on")) == "on"
}
// GetHostname gets console hostname set on env variable,
// GetHostname gets mcs hostname set on env variable,
// default one or defined on run command
func GetHostname() string {
return strings.ToLower(env.Get(ConsoleHostname, Hostname))
return strings.ToLower(env.Get(McsHostname, Hostname))
}
// GetPort gets console por set on env variable
// GetPort gets mcs por set on env variable
// or default one
func GetPort() int {
port, err := strconv.Atoi(env.Get(ConsolePort, Port))
port, err := strconv.Atoi(env.Get(McsPort, Port))
if err != nil {
port = 9090
}
return port
}
// GetSSLHostname gets console ssl hostname set on env variable
// GetSSLHostname gets mcs ssl hostname set on env variable
// or default one
func GetSSLHostname() string {
return strings.ToLower(env.Get(ConsoleTLSHostname, TLSHostname))
return strings.ToLower(env.Get(McsTLSHostname, TLSHostname))
}
// GetSSLPort gets console ssl port set on env variable
// GetSSLPort gets mcs ssl port set on env variable
// or default one
func GetSSLPort() int {
port, err := strconv.Atoi(env.Get(ConsoleTLSPort, TLSPort))
port, err := strconv.Atoi(env.Get(McsTLSPort, TLSPort))
if err != nil {
port = 9443
}
@@ -123,7 +127,7 @@ func GetSSLPort() int {
// Get secure middleware env variable configurations
func getSecureAllowedHosts() []string {
allowedHosts := env.Get(ConsoleSecureAllowedHosts, "")
allowedHosts := env.Get(McsSecureAllowedHosts, "")
if allowedHosts != "" {
return strings.Split(allowedHosts, ",")
}
@@ -132,39 +136,39 @@ func getSecureAllowedHosts() []string {
// AllowedHostsAreRegex determines, if the provided AllowedHosts slice contains valid regular expressions. Default is false.
func getSecureAllowedHostsAreRegex() bool {
return strings.ToLower(env.Get(ConsoleSecureAllowedHostsAreRegex, "off")) == "on"
return strings.ToLower(env.Get(McsSecureAllowedHostsAreRegex, "off")) == "on"
}
// If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is true.
func getSecureFrameDeny() bool {
return strings.ToLower(env.Get(ConsoleSecureFrameDeny, "on")) == "on"
return strings.ToLower(env.Get(McsSecureFrameDeny, "on")) == "on"
}
// If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is true.
func getSecureContentTypeNonSniff() bool {
return strings.ToLower(env.Get(ConsoleSecureContentTypeNoSniff, "on")) == "on"
return strings.ToLower(env.Get(McsSecureContentTypeNoSniff, "on")) == "on"
}
// If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is true.
func getSecureBrowserXSSFilter() bool {
return strings.ToLower(env.Get(ConsoleSecureBrowserXSSFilter, "on")) == "on"
return strings.ToLower(env.Get(McsSecureBrowserXSSFilter, "on")) == "on"
}
// ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "".
// Passing a template string will replace `$NONCE` with a dynamic nonce value of 16 bytes for each request which can be
// later retrieved using the Nonce function.
func getSecureContentSecurityPolicy() string {
return env.Get(ConsoleSecureContentSecurityPolicy, "")
return env.Get(McsSecureContentSecurityPolicy, "")
}
// ContentSecurityPolicyReportOnly allows the Content-Security-Policy-Report-Only header value to be set with a custom value. Default is "".
func getSecureContentSecurityPolicyReportOnly() string {
return env.Get(ConsoleSecureContentSecurityPolicyReportOnly, "")
return env.Get(McsSecureContentSecurityPolicyReportOnly, "")
}
// HostsProxyHeaders is a set of header keys that may hold a proxied hostname value for the request.
func getSecureHostsProxyHeaders() []string {
allowedHosts := env.Get(ConsoleSecureHostsProxyHeaders, "")
allowedHosts := env.Get(McsSecureHostsProxyHeaders, "")
if allowedHosts != "" {
return strings.Split(allowedHosts, ",")
}
@@ -173,17 +177,17 @@ func getSecureHostsProxyHeaders() []string {
// If SSLRedirect is set to true, then only allow HTTPS requests. Default is true.
func getSSLRedirect() bool {
return strings.ToLower(env.Get(ConsoleSecureSSLRedirect, TLSRedirect)) == "on"
return strings.ToLower(env.Get(McsSecureSSLRedirect, TLSRedirect)) == "on"
}
// SSLHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
func getSecureSSLHost() string {
return env.Get(ConsoleSecureSSLHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
return env.Get(McsSecureSSLHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
}
// STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
func getSecureSTSSeconds() int64 {
seconds, err := strconv.Atoi(env.Get(ConsoleSecureSTSSeconds, "0"))
seconds, err := strconv.Atoi(env.Get(McsSecureSTSSeconds, "0"))
if err != nil {
seconds = 0
}
@@ -192,39 +196,45 @@ func getSecureSTSSeconds() int64 {
// If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false.
func getSecureSTSIncludeSubdomains() bool {
return strings.ToLower(env.Get(ConsoleSecureSTSIncludeSubdomains, "off")) == "on"
return strings.ToLower(env.Get(McsSecureSTSIncludeSubdomains, "off")) == "on"
}
// If STSPreload is set to true, the `preload` flag will be appended to the Strict-Transport-Security header. Default is false.
func getSecureSTSPreload() bool {
return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on"
return strings.ToLower(env.Get(McsSecureSTSPreload, "off")) == "on"
}
// If SSLTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
func getSecureSSLTemporaryRedirect() bool {
return strings.ToLower(env.Get(ConsoleSecureSSLTemporaryRedirect, "off")) == "on"
return strings.ToLower(env.Get(McsSecureSSLTemporaryRedirect, "off")) == "on"
}
// STS header is only included when the connection is HTTPS.
func getSecureForceSTSHeader() bool {
return strings.ToLower(env.Get(ConsoleSecureForceSTSHeader, "off")) == "on"
return strings.ToLower(env.Get(McsSecureForceSTSHeader, "off")) == "on"
}
// PublicKey implements HPKP to prevent MITM attacks with forged certificates. Default is "".
func getSecurePublicKey() string {
return env.Get(ConsoleSecurePublicKey, "")
return env.Get(McsSecurePublicKey, "")
}
// ReferrerPolicy allows the Referrer-Policy header with the value to be set with a custom value. Default is "".
func getSecureReferrerPolicy() string {
return env.Get(ConsoleSecureReferrerPolicy, "")
return env.Get(McsSecureReferrerPolicy, "")
}
// FeaturePolicy allows the Feature-Policy header with the value to be set with a custom value. Default is "".
func getSecureFeaturePolicy() string {
return env.Get(ConsoleSecureFeaturePolicy, "")
return env.Get(McsSecureFeaturePolicy, "")
}
func getSecureExpectCTHeader() string {
return env.Get(ConsoleSecureExpectCTHeader, "")
return env.Get(McsSecureExpectCTHeader, "")
}
// getTenantMemorySize Memory size value to be used when generating the
// Tenant request
func getTenantMemorySize() string {
return env.Get(McsTenantMemorySize, defaultTenantMemorySize)
}

Some files were not shown because too many files have changed in this diff Show More