update to version v0.3.11

fix npe for tls console/minio (#243 )
rename SSL to TLS in labels, env variables and normal variables/constants (#242 )
2020-08-09 19:39:46 -07:00 · 2020-08-09 17:19:39 -07:00 · 2020-08-09 16:08:58 -07:00 · 2020-08-09 14:48:42 -07:00 · 2020-08-09 14:47:06 -07:00 · 2020-08-09 14:36:55 -07:00
44 changed files with 6690 additions and 2875 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -21,7 +21,7 @@ linters:
    - structcheck

 service:
-  golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly

 run:
  skip-dirs:
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -23,6 +23,33 @@ builds:
    goarch:
      - amd64
      - arm64
+
+    ignore:
+      - goos: darwin
+        goarch: arm64
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+
    env:
      - CGO_ENABLED=0
    main: ./cmd/console/
--- a/6507
+++ b/6507
--- a/4
+++ b/4
@@ -25,8 +25,10 @@ verifiers: getdeps fmt lint

 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d restapi/
 	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/

 lint:
 	@echo "Running $@ check"
--- a/cmd/console/server.go
+++ b/cmd/console/server.go
@@ -47,12 +47,12 @@ var serverCmd = cli.Command{
 		},
 		cli.StringFlag{
 			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
+			Value: restapi.GetTLSHostname(),
 			Usage: "HTTPS server hostname",
 		},
 		cli.IntFlag{
 			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
+			Value: restapi.GetTLSPort(),
 			Usage: "HTTPS server port",
 		},
 		cli.StringFlag{
--- a/go.mod
+++ b/go.mod
@@ -15,19 +15,19 @@ require (
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/minio/cli v1.22.0
-	github.com/minio/kes v0.10.1
-	github.com/minio/mc v0.0.0-20200725183142-90d22b271f60
-	github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8
-	github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252
-	github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1
+	github.com/minio/kes v0.11.0
+	github.com/minio/mc v0.0.0-20200808005614-7e52c104bee1
+	github.com/minio/minio v0.0.0-20200808024306-2a9819aff876
+	github.com/minio/minio-go/v7 v7.0.5-0.20200807085956-d7db33ea7618
+	github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
 	github.com/stretchr/testify v1.6.1
 	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
+	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
 	golang.org/x/net v0.0.0-20200707034311-ab3426394381
 	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
 	gopkg.in/yaml.v2 v2.3.0
-	k8s.io/api v0.18.0
-	k8s.io/apimachinery v0.18.0
-	k8s.io/client-go v0.18.0
+	k8s.io/api v0.18.6
+	k8s.io/apimachinery v0.18.6
+	k8s.io/client-go v0.18.6
 )
--- a/go.sum
+++ b/go.sum
@@ -270,6 +270,8 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
@@ -284,6 +286,8 @@ github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1 h1:/exdXoGamhu5ONeUJH0deniYLWYvQwW66yvlfiiKTu0=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -348,6 +352,8 @@ github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/raft v1.1.2 h1:oxEL5DDeurYxLd3UbcY/hccgSPhLLpiBZ1YxtWEq59c=
@@ -363,6 +369,8 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
 github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
+github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf h1:WfD7VjIE6z8dIvMsI4/s+1qr5EL+zoIGev1BQj1eoJ8=
 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
@@ -455,24 +463,28 @@ github.com/minio/cli v1.22.0 h1:VTQm7lmXm3quxO917X3p+el1l0Ca5X3S4PM2ruUYO68=
 github.com/minio/cli v1.22.0/go.mod h1:bYxnK0uS629N3Bq+AOZZ+6lwF77Sodk4+UL9vNuXhOY=
 github.com/minio/highwayhash v1.0.0 h1:iMSDhgUILCr0TNm8LWlSjF8N0ZIj2qbO8WHp6Q/J2BA=
 github.com/minio/highwayhash v1.0.0/go.mod h1:xQboMTeM9nY9v/LlAOxFctujiv5+Aq2hR5dxBpaMbdc=
-github.com/minio/kes v0.10.1 h1:f+WDJdNHNMf1xE6BbjtCLUyh671weSCQ30uynoCPl78=
-github.com/minio/kes v0.10.1/go.mod h1:mTF1Bv8YVEtQqF/B7Felp4tLee44Pp+dgI0rhCvgNg8=
-github.com/minio/mc v0.0.0-20200725183142-90d22b271f60 h1:LevaZ33nx+rUzRsuU7rVvqXUP7VCu2BQanhITw4Z9rA=
-github.com/minio/mc v0.0.0-20200725183142-90d22b271f60/go.mod h1:Hvnyrb/NMM+pJ53JO/J3jxGtwPDYJh7K6c1D+RR2h2g=
+github.com/minio/kes v0.11.0 h1:8ma6OCVSxKT50b1uYXLJro3m7PmZtCLxBaTddQexI5k=
+github.com/minio/kes v0.11.0/go.mod h1:mTF1Bv8YVEtQqF/B7Felp4tLee44Pp+dgI0rhCvgNg8=
+github.com/minio/mc v0.0.0-20200808005614-7e52c104bee1 h1:OrcFWsUIzKoXeIXVReZ7AryDtbPBLtkjDDOBnuU9RWY=
+github.com/minio/mc v0.0.0-20200808005614-7e52c104bee1/go.mod h1:OGP9+cwQ174WKwZTgJOIFstVv19CH0wdSDZSG6NyTuE=
 github.com/minio/md5-simd v1.1.0 h1:QPfiOqlZH+Cj9teu0t9b1nTBfPbyTl16Of5MeuShdK4=
 github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
-github.com/minio/minio v0.0.0-20200722004956-c43da3005ae8/go.mod h1:Eu2KC2p+vW03rnYY/6R/D+QduPB7/j4kBaVA/EDLjWM=
 github.com/minio/minio v0.0.0-20200723003940-b9be841fd222 h1:+XFGpEsqmA033nDX8LtjyPZy01Shivf6E2OL67WoGiE=
 github.com/minio/minio v0.0.0-20200723003940-b9be841fd222/go.mod h1:Eu2KC2p+vW03rnYY/6R/D+QduPB7/j4kBaVA/EDLjWM=
-github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8 h1:H0tUGnx1zkZCtqQp3LuV2GNjOasrJ9gmvlwOeDJDvzI=
-github.com/minio/minio v0.0.0-20200725154241-abbf6ce6ccf8/go.mod h1:NBWtYp4t5pt3TmbpW7FHChY6ZCs8n/gTRxZCF0mCcn8=
+github.com/minio/minio v0.0.0-20200807001021-adcaa6f9de88 h1:v2mCqNx6N02jcYHWjMPHdTN9+ogxEN9L+cCQJ+8j2AU=
+github.com/minio/minio v0.0.0-20200807001021-adcaa6f9de88/go.mod h1:r+PkhkMRxudvboO0Wa7F7nMiDfI8Rz1HZSza0uIhtMU=
+github.com/minio/minio v0.0.0-20200808024306-2a9819aff876 h1:e5114Mb8Evzt1QsA8b6PrXZ1KqBLts0CokpKeU1DV2U=
+github.com/minio/minio v0.0.0-20200808024306-2a9819aff876/go.mod h1:r+PkhkMRxudvboO0Wa7F7nMiDfI8Rz1HZSza0uIhtMU=
 github.com/minio/minio-go/v7 v7.0.1/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
-github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252 h1:V2JkMDoSmEIhRcMJwX3qeJVOzy1B5bHpHbZaQu77vbs=
-github.com/minio/minio-go/v7 v7.0.2-0.20200722162308-e0105ca08252/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
-github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1 h1:cTgvRgFBUVxbnxhQUioT2T7SH0M7AyvO7dDX32yKPGw=
-github.com/minio/operator v0.0.0-20200730044813-c2895a5065a1/go.mod h1:RLhFkLcL65qmrgUQJHrRwb1Lb4yHgD/DfjNENY2WNXg=
-github.com/minio/selfupdate v0.3.0 h1:1qfaZscU3hWwX1cF5m5Dov8Z5aZNvPHk9LROzIkas1k=
-github.com/minio/selfupdate v0.3.0/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
+github.com/minio/minio-go/v7 v7.0.2 h1:P/7wFd4KrRBHVo7AKdcqO+9ReoS+XpMjfRFoE5quH0E=
+github.com/minio/minio-go/v7 v7.0.2/go.mod h1:dJ80Mv2HeGkYLH1sqS/ksz07ON6csH3S6JUMSQ2zAns=
+github.com/minio/minio-go/v7 v7.0.3/go.mod h1:TA0CQCjJZHM5SJj9IjqR0NmpmQJ6bCbXifAJ3mUU6Hw=
+github.com/minio/minio-go/v7 v7.0.5-0.20200807085956-d7db33ea7618 h1:8iTb0TFs6kDGAUnhI/s2QCZOYcSTtYmY9dF+Cbc0WJo=
+github.com/minio/minio-go/v7 v7.0.5-0.20200807085956-d7db33ea7618/go.mod h1:CSt2ETZNs+bIIhWTse0mcZKZWMGrFU7Er7RR0TmkDYk=
+github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1 h1:ijXSIPjn/GZx1+RW1HQpScoifLNr8lVw5LNVKxysMWg=
+github.com/minio/operator v0.0.0-20200806194125-c2ff646f4af1/go.mod h1:V8RL9xPw3C9rC7DuEy7JHeSiOlTWvQhZvh2+YySBFbk=
+github.com/minio/selfupdate v0.3.1 h1:BWEFSNnrZVMUWXbXIgLDNDjbejkmpAmZvy/nCz1HlEs=
+github.com/minio/selfupdate v0.3.1/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
 github.com/minio/sha256-simd v0.1.1 h1:5QHSlgo3nt5yKOJrC7W8w7X+NFl8cMPZm96iu8kKUJU=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
 github.com/minio/simdjson-go v0.1.5-0.20200303142138-b17fe061ea37 h1:pDeao6M5AEd8hwTtGmE0pVKomlL56JFRa5SiXDZAuJE=
@@ -589,13 +601,19 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik=
 github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
+github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
+github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/secure-io/sio-go v0.3.0 h1:QKGb6rGJeiExac9wSWxnWPYo8O8OFN7lxXQvHshX6vo=
 github.com/secure-io/sio-go v0.3.0/go.mod h1:D3KmXgKETffyYxBdFRN+Hpd2WzhzqS0EQwT3XWsAcBU=
+github.com/secure-io/sio-go v0.3.1 h1:dNvY9awjabXTYGsTF1PiCySl9Ltofk9GA3VdWlo7rRc=
+github.com/secure-io/sio-go v0.3.1/go.mod h1:+xbkjDzPjwh4Axd07pRKSNriS9SCiYksWnZqdnfpQxs=
 github.com/shirou/gopsutil v2.20.3-0.20200314133625-53cec6b37e6a+incompatible h1:YiKUe2ZOmfpDBH4OSyxwkx/mjNqHHnNhOtZ2mPyRme8=
 github.com/shirou/gopsutil v2.20.3-0.20200314133625-53cec6b37e6a+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
+github.com/shirou/gopsutil v2.20.6+incompatible h1:P37G9YH8M4vqkKcwBosp+URN5O8Tay67D2MbR361ioY=
+github.com/shirou/gopsutil v2.20.6+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
@@ -660,6 +678,7 @@ github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0=
 go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd/v3 v3.3.0-rc.0.0.20200707003333-58bb8ae09f8e h1:HZQLoe71Q24wVyDrGBRcVuogx32U+cPlcm/WoSLUI6c=
@@ -700,10 +719,13 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo=
 golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt572qowuyMDMJLLm3Db3ig=
+golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -714,6 +736,8 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -737,6 +761,7 @@ golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200602114024-627f9648deb9 h1:pNX+40auqi2JqRfOP1akLGtYcn15TUbkhwuCO3foqqM=
 golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -752,6 +777,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEha
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -779,12 +805,13 @@ golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191112214154-59a1497f0cea/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666 h1:gVCS+QOncANNPlmlO1AhlU3oxs4V9z+gTtPwIk3p2N8=
-golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200806125547-5acd03effb82 h1:6cBnXxYO+CiRVrChvCosSv7magqTPbyAgz1M8iOv5wM=
+golang.org/x/sys v0.0.0-20200806125547-5acd03effb82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -819,6 +846,8 @@ golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200425043458-8463f397d07c h1:iHhCR0b26amDCiiO+kBguKZom9aMF+NrFxh9zeKR/XU=
 golang.org/x/tools v0.0.0-20200425043458-8463f397d07c/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200724172932-b5fc9d354d99 h1:OHn441rq5CeM5r1xJ0OmY7lfdTvnedi6k+vQiI7G9b8=
+golang.org/x/tools v0.0.0-20200724172932-b5fc9d354d99/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
@@ -851,6 +880,8 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0 h1:cJv5/xdbk1NnMPR1VP9+HU6gupuG9MLBoH1r6RHZ2MY=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0 h1:4MY060fB1DLGMB/7MBTLnwQUY6+F09GEiz6SsrNqyzM=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d h1:TxyelI5cVkbREznMhfzycHdkp5cLA7DpE+GKjSslYhM=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
@@ -909,12 +940,12 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-k8s.io/api v0.18.0 h1:lwYk8Vt7rsVTwjRU6pzEsa9YNhThbmbocQlKvNBB4EQ=
-k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8=
-k8s.io/apimachinery v0.18.0 h1:fuPfYpk3cs1Okp/515pAf0dNhL66+8zk8RLbSX+EgAE=
-k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA=
-k8s.io/client-go v0.18.0 h1:yqKw4cTUQraZK3fcVCMeSa+lqKwcjZ5wtcOIPnxQno4=
-k8s.io/client-go v0.18.0/go.mod h1:uQSYDYs4WhVZ9i6AIoEZuwUggLVEF64HOD37boKAtF8=
+k8s.io/api v0.18.6 h1:osqrAXbOQjkKIWDTjrqxWQ3w0GkKb1KA1XkUGHHYpeE=
+k8s.io/api v0.18.6/go.mod h1:eeyxr+cwCjMdLAmr2W3RyDI0VvTawSg/3RFFBEnmZGI=
+k8s.io/apimachinery v0.18.6 h1:RtFHnfGNfd1N0LeSrKCUznz5xtUP1elRGvHJbL3Ntag=
+k8s.io/apimachinery v0.18.6/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko=
+k8s.io/client-go v0.18.6 h1:I+oWqJbibLSGsZj8Xs8F0aWVXJVIoUHWaaJV3kUN/Zw=
+k8s.io/client-go v0.18.6/go.mod h1:/fwtGLjYMS1MaM5oi+eXhKwG+1UHidUEXRh6cNsdO0Q=
 k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
 k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
@@ -922,8 +953,6 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
 k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
 k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco=
 k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
-k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM=
-k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 h1:Oh3Mzx5pJ+yIumsAD0MOECPVeXsVot0UkiaCGVyfGQY=
 k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E=
 k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89 h1:d4vVOjXm687F1iLSP2q3lyPPuyvTUt3aVoBpi2DqRsU=
--- a/k8s/console/base/console-deployment.yaml
+++ b/k8s/console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: minio/console:v0.3.4
+          image: minio/console:v0.3.11
          imagePullPolicy: "IfNotPresent"
          args:
            - server
--- a/k8s/console/base/minio-operator.yaml
+++ b/k8s/console/base/minio-operator.yaml
@@ -426,7 +426,7 @@ spec:
                externalCertSecret:
                  description:
                    ExternalCertSecret allows a user to specify custom
-                    CA certificate, and private key for group replication SSL.
+                    CA certificate, and private key for group replication TLS.
                  properties:
                    name:
                      type: string
--- a/k8s/operator-console/base/console-cluster-role.yaml
+++ b/k8s/operator-console/base/console-cluster-role.yaml
@@ -6,8 +6,18 @@ rules:
  - apiGroups:
      - ""
    resources:
-      - namespaces
      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
      - pods
      - services
      - events
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: minio/console:v0.3.4
+          image: minio/console:v0.3.11
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_OPERATOR_MODE
--- a/models/create_tenant_request.go
+++ b/models/create_tenant_request.go
@@ -45,15 +45,24 @@ type CreateTenantRequest struct {
 	// enable console
 	EnableConsole *bool `json:"enable_console,omitempty"`

-	// enable ssl
-	EnableSsl *bool `json:"enable_ssl,omitempty"`
+	// enable tls
+	EnableTLS *bool `json:"enable_tls,omitempty"`

 	// encryption
 	Encryption *EncryptionConfiguration `json:"encryption,omitempty"`

+	// erasure coding parity
+	ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
+
+	// idp
+	Idp *IdpConfiguration `json:"idp,omitempty"`
+
 	// image
 	Image string `json:"image,omitempty"`

+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+
 	// mounth path
 	MounthPath string `json:"mounth_path,omitempty"`

@@ -88,6 +97,14 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateIdp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}
@@ -128,6 +145,42 @@ func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error
 	return nil
 }

+func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Idp) { // not required
+		return nil
+	}
+
+	if m.Idp != nil {
+		if err := m.Idp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("idp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {

 	if err := validate.Required("name", "body", m.Name); err != nil {
--- a/models/encryption_configuration.go
+++ b/models/encryption_configuration.go
@@ -26,7 +26,6 @@ import (
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
 )

 // EncryptionConfiguration encryption configuration
@@ -38,7 +37,7 @@ type EncryptionConfiguration struct {
 	Aws *AwsConfiguration `json:"aws,omitempty"`

 	// client
-	Client *EncryptionConfigurationClient `json:"client,omitempty"`
+	Client *KeyPairConfiguration `json:"client,omitempty"`

 	// gemalto
 	Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
@@ -46,11 +45,8 @@ type EncryptionConfiguration struct {
 	// image
 	Image string `json:"image,omitempty"`

-	// master key
-	MasterKey string `json:"master_key,omitempty"`
-
 	// server
-	Server *EncryptionConfigurationServer `json:"server,omitempty"`
+	Server *KeyPairConfiguration `json:"server,omitempty"`

 	// vault
 	Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -193,139 +189,3 @@ func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
-
-// EncryptionConfigurationClient encryption configuration client
-//
-// swagger:model EncryptionConfigurationClient
-type EncryptionConfigurationClient struct {
-
-	// crt
-	// Required: true
-	Crt *string `json:"crt"`
-
-	// key
-	// Required: true
-	Key *string `json:"key"`
-}
-
-// Validate validates this encryption configuration client
-func (m *EncryptionConfigurationClient) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *EncryptionConfigurationClient) validateCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"crt", "body", m.Crt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *EncryptionConfigurationClient) validateKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"key", "body", m.Key); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *EncryptionConfigurationClient) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *EncryptionConfigurationClient) UnmarshalBinary(b []byte) error {
-	var res EncryptionConfigurationClient
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
-
-// EncryptionConfigurationServer encryption configuration server
-//
-// swagger:model EncryptionConfigurationServer
-type EncryptionConfigurationServer struct {
-
-	// crt
-	// Required: true
-	Crt *string `json:"crt"`
-
-	// key
-	// Required: true
-	Key *string `json:"key"`
-}
-
-// Validate validates this encryption configuration server
-func (m *EncryptionConfigurationServer) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *EncryptionConfigurationServer) validateCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"crt", "body", m.Crt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *EncryptionConfigurationServer) validateKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"key", "body", m.Key); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *EncryptionConfigurationServer) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *EncryptionConfigurationServer) UnmarshalBinary(b []byte) error {
-	var res EncryptionConfigurationServer
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
--- a/models/idp_configuration.go
+++ b/models/idp_configuration.go
@@ -0,0 +1,299 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// IdpConfiguration idp configuration
+//
+// swagger:model idpConfiguration
+type IdpConfiguration struct {
+
+	// active directory
+	ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
+
+	// oidc
+	Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
+}
+
+// Validate validates this idp configuration
+func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateActiveDirectory(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOidc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ActiveDirectory) { // not required
+		return nil
+	}
+
+	if m.ActiveDirectory != nil {
+		if err := m.ActiveDirectory.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("active_directory")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Oidc) { // not required
+		return nil
+	}
+
+	if m.Oidc != nil {
+		if err := m.Oidc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("oidc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
+	var res IdpConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationActiveDirectory idp configuration active directory
+//
+// swagger:model IdpConfigurationActiveDirectory
+type IdpConfigurationActiveDirectory struct {
+
+	// group name attribute
+	GroupNameAttribute string `json:"group_name_attribute,omitempty"`
+
+	// group search base dn
+	GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
+
+	// group search filter
+	GroupSearchFilter string `json:"group_search_filter,omitempty"`
+
+	// server insecure
+	ServerInsecure bool `json:"server_insecure,omitempty"`
+
+	// skip tls verification
+	SkipTLSVerification bool `json:"skip_tls_verification,omitempty"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+
+	// user search filter
+	// Required: true
+	UserSearchFilter *string `json:"user_search_filter"`
+
+	// username format
+	// Required: true
+	UsernameFormat *string `json:"username_format"`
+}
+
+// Validate validates this idp configuration active directory
+func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUserSearchFilter(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsernameFormat(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUserSearchFilter(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"user_search_filter", "body", m.UserSearchFilter); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUsernameFormat(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"username_format", "body", m.UsernameFormat); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationActiveDirectory
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationOidc idp configuration oidc
+//
+// swagger:model IdpConfigurationOidc
+type IdpConfigurationOidc struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// secret id
+	// Required: true
+	SecretID *string `json:"secret_id"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+}
+
+// Validate validates this idp configuration oidc
+func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"secret_id", "body", m.SecretID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationOidc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationOidc) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationOidc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/encryption_kes_config.go
+++ b/models/encryption_kes_config.go
@@ -29,37 +29,37 @@ import (
 	"github.com/go-openapi/validate"
 )

-// EncryptionKesConfig encryption kes config
+// ImageRegistry image registry
 //
-// swagger:model encryptionKesConfig
-type EncryptionKesConfig struct {
+// swagger:model imageRegistry
+type ImageRegistry struct {

-	// server cert
+	// password
 	// Required: true
-	ServerCert *string `json:"server_cert"`
+	Password *string `json:"password"`

-	// server config
+	// registry
 	// Required: true
-	ServerConfig *string `json:"server_config"`
+	Registry *string `json:"registry"`

-	// server key
+	// username
 	// Required: true
-	ServerKey *string `json:"server_key"`
+	Username *string `json:"username"`
 }

-// Validate validates this encryption kes config
-func (m *EncryptionKesConfig) Validate(formats strfmt.Registry) error {
+// Validate validates this image registry
+func (m *ImageRegistry) Validate(formats strfmt.Registry) error {
 	var res []error

-	if err := m.validateServerCert(formats); err != nil {
+	if err := m.validatePassword(formats); err != nil {
 		res = append(res, err)
 	}

-	if err := m.validateServerConfig(formats); err != nil {
+	if err := m.validateRegistry(formats); err != nil {
 		res = append(res, err)
 	}

-	if err := m.validateServerKey(formats); err != nil {
+	if err := m.validateUsername(formats); err != nil {
 		res = append(res, err)
 	}

@@ -69,27 +69,27 @@ func (m *EncryptionKesConfig) Validate(formats strfmt.Registry) error {
 	return nil
 }

-func (m *EncryptionKesConfig) validateServerCert(formats strfmt.Registry) error {
+func (m *ImageRegistry) validatePassword(formats strfmt.Registry) error {

-	if err := validate.Required("server_cert", "body", m.ServerCert); err != nil {
+	if err := validate.Required("password", "body", m.Password); err != nil {
 		return err
 	}

 	return nil
 }

-func (m *EncryptionKesConfig) validateServerConfig(formats strfmt.Registry) error {
+func (m *ImageRegistry) validateRegistry(formats strfmt.Registry) error {

-	if err := validate.Required("server_config", "body", m.ServerConfig); err != nil {
+	if err := validate.Required("registry", "body", m.Registry); err != nil {
 		return err
 	}

 	return nil
 }

-func (m *EncryptionKesConfig) validateServerKey(formats strfmt.Registry) error {
+func (m *ImageRegistry) validateUsername(formats strfmt.Registry) error {

-	if err := validate.Required("server_key", "body", m.ServerKey); err != nil {
+	if err := validate.Required("username", "body", m.Username); err != nil {
 		return err
 	}

@@ -97,7 +97,7 @@ func (m *EncryptionKesConfig) validateServerKey(formats strfmt.Registry) error {
 }

 // MarshalBinary interface implementation
-func (m *EncryptionKesConfig) MarshalBinary() ([]byte, error) {
+func (m *ImageRegistry) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@@ -105,8 +105,8 @@ func (m *EncryptionKesConfig) MarshalBinary() ([]byte, error) {
 }

 // UnmarshalBinary interface implementation
-func (m *EncryptionKesConfig) UnmarshalBinary(b []byte) error {
-	var res EncryptionKesConfig
+func (m *ImageRegistry) UnmarshalBinary(b []byte) error {
+	var res ImageRegistry
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}
--- a/models/kes_configuration.go
+++ b/models/kes_configuration.go
@@ -1,269 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
-
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-import (
-	"github.com/go-openapi/errors"
-	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
-)
-
-// KesConfiguration kes configuration
-//
-// swagger:model kesConfiguration
-type KesConfiguration struct {
-
-	// client
-	// Required: true
-	Client *KesConfigurationClient `json:"client"`
-
-	// server
-	// Required: true
-	Server *KesConfigurationServer `json:"server"`
-
-	// server config yaml
-	// Required: true
-	ServerConfigYaml *string `json:"server-config.yaml"`
-}
-
-// Validate validates this kes configuration
-func (m *KesConfiguration) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateClient(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateServer(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateServerConfigYaml(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfiguration) validateClient(formats strfmt.Registry) error {
-
-	if err := validate.Required("client", "body", m.Client); err != nil {
-		return err
-	}
-
-	if m.Client != nil {
-		if err := m.Client.Validate(formats); err != nil {
-			if ve, ok := err.(*errors.Validation); ok {
-				return ve.ValidateName("client")
-			}
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *KesConfiguration) validateServer(formats strfmt.Registry) error {
-
-	if err := validate.Required("server", "body", m.Server); err != nil {
-		return err
-	}
-
-	if m.Server != nil {
-		if err := m.Server.Validate(formats); err != nil {
-			if ve, ok := err.(*errors.Validation); ok {
-				return ve.ValidateName("server")
-			}
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *KesConfiguration) validateServerConfigYaml(formats strfmt.Registry) error {
-
-	if err := validate.Required("server-config.yaml", "body", m.ServerConfigYaml); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfiguration) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfiguration) UnmarshalBinary(b []byte) error {
-	var res KesConfiguration
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
-
-// KesConfigurationClient kes configuration client
-//
-// swagger:model KesConfigurationClient
-type KesConfigurationClient struct {
-
-	// tls crt
-	// Required: true
-	TLSCrt *string `json:"tls.crt"`
-
-	// tls key
-	// Required: true
-	TLSKey *string `json:"tls.key"`
-}
-
-// Validate validates this kes configuration client
-func (m *KesConfigurationClient) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateTLSCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateTLSKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfigurationClient) validateTLSCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"tls.crt", "body", m.TLSCrt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *KesConfigurationClient) validateTLSKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"tls.key", "body", m.TLSKey); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfigurationClient) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfigurationClient) UnmarshalBinary(b []byte) error {
-	var res KesConfigurationClient
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
-
-// KesConfigurationServer kes configuration server
-//
-// swagger:model KesConfigurationServer
-type KesConfigurationServer struct {
-
-	// tls crt
-	// Required: true
-	TLSCrt *string `json:"tls.crt"`
-
-	// tls key
-	// Required: true
-	TLSKey *string `json:"tls.key"`
-}
-
-// Validate validates this kes configuration server
-func (m *KesConfigurationServer) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateTLSCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateTLSKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfigurationServer) validateTLSCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"tls.crt", "body", m.TLSCrt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *KesConfigurationServer) validateTLSKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"tls.key", "body", m.TLSKey); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfigurationServer) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfigurationServer) UnmarshalBinary(b []byte) error {
-	var res KesConfigurationServer
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
--- a/models/key_pair_configuration.go
+++ b/models/key_pair_configuration.go
@@ -0,0 +1,98 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// KeyPairConfiguration key pair configuration
+//
+// swagger:model keyPairConfiguration
+type KeyPairConfiguration struct {
+
+	// crt
+	// Required: true
+	Crt *string `json:"crt"`
+
+	// key
+	// Required: true
+	Key *string `json:"key"`
+}
+
+// Validate validates this key pair configuration
+func (m *KeyPairConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCrt(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateCrt(formats strfmt.Registry) error {
+
+	if err := validate.Required("crt", "body", m.Crt); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *KeyPairConfiguration) validateKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("key", "body", m.Key); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *KeyPairConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *KeyPairConfiguration) UnmarshalBinary(b []byte) error {
+	var res KeyPairConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/tenant_usage.go
+++ b/models/tenant_usage.go
@@ -32,8 +32,11 @@ import (
 // swagger:model tenantUsage
 type TenantUsage struct {

-	// used size
-	UsedSize int64 `json:"used_size,omitempty"`
+	// disk used
+	DiskUsed int64 `json:"disk_used,omitempty"`
+
+	// used
+	Used int64 `json:"used,omitempty"`
 }

 // Validate validates this tenant usage
--- a/models/tls_configuration.go
+++ b/models/tls_configuration.go
@@ -26,7 +26,6 @@ import (
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
 )

 // TLSConfiguration tls configuration
@@ -34,24 +33,22 @@ import (
 // swagger:model tlsConfiguration
 type TLSConfiguration struct {

-	// crt
-	// Required: true
-	Crt *string `json:"crt"`
+	// console
+	Console *KeyPairConfiguration `json:"console,omitempty"`

-	// key
-	// Required: true
-	Key *string `json:"key"`
+	// minio
+	Minio *KeyPairConfiguration `json:"minio,omitempty"`
 }

 // Validate validates this tls configuration
 func (m *TLSConfiguration) Validate(formats strfmt.Registry) error {
 	var res []error

-	if err := m.validateCrt(formats); err != nil {
+	if err := m.validateConsole(formats); err != nil {
 		res = append(res, err)
 	}

-	if err := m.validateKey(formats); err != nil {
+	if err := m.validateMinio(formats); err != nil {
 		res = append(res, err)
 	}

@@ -61,19 +58,37 @@ func (m *TLSConfiguration) Validate(formats strfmt.Registry) error {
 	return nil
 }

-func (m *TLSConfiguration) validateCrt(formats strfmt.Registry) error {
+func (m *TLSConfiguration) validateConsole(formats strfmt.Registry) error {

-	if err := validate.Required("crt", "body", m.Crt); err != nil {
-		return err
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
 	}

 	return nil
 }

-func (m *TLSConfiguration) validateKey(formats strfmt.Registry) error {
+func (m *TLSConfiguration) validateMinio(formats strfmt.Registry) error {

-	if err := validate.Required("key", "body", m.Key); err != nil {
-		return err
+	if swag.IsZero(m.Minio) { // not required
+		return nil
+	}
+
+	if m.Minio != nil {
+		if err := m.Minio.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("minio")
+			}
+			return err
+		}
 	}

 	return nil
--- a/models/update_tenant_request.go
+++ b/models/update_tenant_request.go
@@ -37,6 +37,9 @@ type UpdateTenantRequest struct {
 	// image
 	// Pattern: ^((.*?)/(.*?):(.+))$
 	Image string `json:"image,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
 }

 // Validate validates this update tenant request
@@ -47,6 +50,10 @@ func (m *UpdateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -66,6 +73,24 @@ func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
 	return nil
 }

+func (m *UpdateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *UpdateTenantRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
--- a/models/vault_configuration.go
+++ b/models/vault_configuration.go
@@ -53,6 +53,9 @@ type VaultConfiguration struct {

 	// status
 	Status *VaultConfigurationStatus `json:"status,omitempty"`
+
+	// tls
+	TLS *VaultConfigurationTLS `json:"tls,omitempty"`
 }

 // Validate validates this vault configuration
@@ -71,6 +74,10 @@ func (m *VaultConfiguration) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -122,6 +129,24 @@ func (m *VaultConfiguration) validateStatus(formats strfmt.Registry) error {
 	return nil
 }

+func (m *VaultConfiguration) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *VaultConfiguration) MarshalBinary() ([]byte, error) {
 	if m == nil {
@@ -245,3 +270,41 @@ func (m *VaultConfigurationStatus) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// VaultConfigurationTLS vault configuration TLS
+//
+// swagger:model VaultConfigurationTLS
+type VaultConfigurationTLS struct {
+
+	// ca
+	Ca string `json:"ca,omitempty"`
+
+	// crt
+	Crt string `json:"crt,omitempty"`
+
+	// key
+	Key string `json:"key,omitempty"`
+}
+
+// Validate validates this vault configuration TLS
+func (m *VaultConfigurationTLS) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *VaultConfigurationTLS) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *VaultConfigurationTLS) UnmarshalBinary(b []byte) error {
+	var res VaultConfigurationTLS
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/zone_toleration_seconds.go
+++ b/models/zone_toleration_seconds.go
@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ZoneTolerationSeconds TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
+//
+// swagger:model zoneTolerationSeconds
+type ZoneTolerationSeconds struct {
+
+	// seconds
+	// Required: true
+	Seconds *int64 `json:"seconds"`
+}
+
+// Validate validates this zone toleration seconds
+func (m *ZoneTolerationSeconds) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationSeconds) validateSeconds(formats strfmt.Registry) error {
+
+	if err := validate.Required("seconds", "body", m.Seconds); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ZoneTolerationSeconds) UnmarshalBinary(b []byte) error {
+	var res ZoneTolerationSeconds
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/zone_tolerations.go
+++ b/models/zone_tolerations.go
@@ -75,8 +75,8 @@ type ZoneTolerationsItems0 struct {
 	// Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
 	Operator string `json:"operator,omitempty"`

-	// TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
-	TolerationSeconds int64 `json:"tolerationSeconds,omitempty"`
+	// toleration seconds
+	TolerationSeconds *ZoneTolerationSeconds `json:"tolerationSeconds,omitempty"`

 	// Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
 	Value string `json:"value,omitempty"`
@@ -84,6 +84,33 @@ type ZoneTolerationsItems0 struct {

 // Validate validates this zone tolerations items0
 func (m *ZoneTolerationsItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateTolerationSeconds(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ZoneTolerationsItems0) validateTolerationSeconds(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TolerationSeconds) { // not required
+		return nil
+	}
+
+	if m.TolerationSeconds != nil {
+		if err := m.TolerationSeconds.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tolerationSeconds")
+			}
+			return err
+		}
+	}
+
 	return nil
 }

--- a/pkg/kes/kes.go
+++ b/pkg/kes/kes.go
@@ -9,12 +9,14 @@ import (
 	"github.com/minio/kes"
 )

+type Identity = kes.Identity
+
 type TLSProxyHeader struct {
 	ClientCert string `yaml:"cert,omitempty"`
 }

 type TLSProxy struct {
-	Identities *[]kes.Identity `yaml:"identities,omitempty"`
+	Identities *[]Identity     `yaml:"identities,omitempty"`
 	Header     *TLSProxyHeader `yaml:"header,omitempty"`
 }

@@ -25,8 +27,8 @@ type TLS struct {
 }

 type Policy struct {
-	Paths      []string       `yaml:"paths,omitempty"`
-	Identities []kes.Identity `yaml:"identities,omitempty"`
+	Paths      []string   `yaml:"paths,omitempty"`
+	Identities []Identity `yaml:"identities,omitempty"`
 }

 type Expiry struct {
@@ -120,7 +122,7 @@ type Keys struct {

 type ServerConfig struct {
 	Addr     string            `yaml:"address,omitempty"`
-	Root     kes.Identity      `yaml:"root,omitempty"`
+	Root     Identity          `yaml:"root,omitempty"`
 	TLS      TLS               `yaml:"tls,omitempty"`
 	Policies map[string]Policy `yaml:"policy,omitempty"`
 	Cache    Cache             `yaml:"cache,omitempty"`
--- a/portal-ui/package-lock.json
+++ b/portal-ui/package-lock.json
@@ -4877,9 +4877,9 @@
      "integrity": "sha512-WOr3SrZ55lUFYugA6sUu3H3ZoxVIH5o3zTSqYS+2DOJJP4hnHmBiD1w432a2YFW/H2G5FIxE6DB06rv+9dUL5g=="
    },
    "elliptic": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz",
-      "integrity": "sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
      "requires": {
        "bn.js": "^4.4.0",
        "brorand": "^1.0.1",
--- a/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx
+++ b/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx
@@ -111,7 +111,7 @@ const AddTenant = ({
  const [accessKey, setAccessKey] = useState<string>("");
  const [secretKey, setSecretKey] = useState<string>("");
  const [enableConsole, setEnableConsole] = useState<boolean>(true);
-  const [enableSSL, setEnableSSL] = useState<boolean>(false);
+  const [enableTLS, setEnableTLS] = useState<boolean>(false);
  const [sizeFactor, setSizeFactor] = useState<string>("Gi");
  const [storageClasses, setStorageClassesList] = useState<Opts[]>([]);
  const [validationErrors, setValidationErrors] = useState<any>({});
@@ -274,7 +274,7 @@ const AddTenant = ({
          name: tenantName,
          service_name: tenantName,
          image: imageName,
-          enable_ssl: enableSSL,
+          enable_tls: enableTLS,
          enable_console: enableConsole,
          access_key: accessKey,
          secret_key: secretKey,
@@ -750,17 +750,17 @@ const AddTenant = ({
          </Grid>
          <Grid item xs={12}>
            <CheckboxWrapper
-              value="enable_ssl"
-              id="enable_ssl"
-              name="enable_ssl"
-              checked={enableSSL}
+              value="enable_tls"
+              id="enable_tls"
+              name="enable_tls"
+              checked={enableTLS}
              onChange={(e) => {
                const targetD = e.target;
                const checked = targetD.checked;

-                setEnableSSL(checked);
+                setEnableTLS(checked);
              }}
-              label={"Enable SSL"}
+              label={"Enable TLS"}
            />
          </Grid>
        </React.Fragment>
@@ -882,9 +882,9 @@ const AddTenant = ({
                <React.Fragment>
                  <TableRow>
                    <TableCell align="right" className={classes.tableTitle}>
-                      Enable SSL
+                      Enable TLS
                    </TableCell>
-                    <TableCell>{enableSSL ? "Enabled" : "Disabled"}</TableCell>
+                    <TableCell>{enableTLS ? "Enabled" : "Disabled"}</TableCell>
                  </TableRow>
                  <TableRow>
                    <TableCell align="right" className={classes.tableTitle}>
--- a/portal-ui/src/screens/LoginPage/LoginPage.tsx
+++ b/portal-ui/src/screens/LoginPage/LoginPage.tsx
@@ -250,7 +250,10 @@ const Login = ({ classes, userLoggedIn }: ILoginProps) => {
          </Typography>
          <Button
            component={"a"}
-            href={loginStrategy.redirect}
+            href={loginStrategy.redirect.replace(
+              "%5BHOSTNAME%5D",
+              window.location.hostname
+            )}
            type="submit"
            fullWidth
            variant="contained"
--- a/portal-ui/yarn.lock
+++ b/portal-ui/yarn.lock
@@ -2588,9 +2588,9 @@ bluebird@^3.5.1, bluebird@^3.5.3, bluebird@^3.5.5:
  integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==

 bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0:
-  version "4.11.8"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f"
-  integrity sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==
+  version "4.11.9"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
+  integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==

 body-parser@1.19.0:
  version "1.19.0"
@@ -4374,9 +4374,9 @@ electron-to-chromium@^1.3.378, electron-to-chromium@^1.3.413:
  integrity sha512-JTEOWiqCY4snuKuQAaFy0z6LK2Gdb8Lojkd/csQwpNHgMUF8I6QRjGVKk44IH46dHQhUFKzr4o6zxZrtDBjc2Q==

 elliptic@^6.0.0:
-  version "6.5.2"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.2.tgz#05c5678d7173c049d8ca433552224a495d0e3762"
-  integrity sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==
+  version "6.5.3"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
+  integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
  dependencies:
    bn.js "^4.4.0"
    brorand "^1.0.1"
--- a/restapi/admin_config_test.go
+++ b/restapi/admin_config_test.go
@@ -60,11 +60,11 @@ func TestListConfig(t *testing.T) {
 	function := "listConfig()"
 	// Test-1 : listConfig() get list of two configurations and ensure is output correctly
 	configListMock := []madmin.HelpKV{
-		madmin.HelpKV{
+		{
 			Key:         "region",
 			Description: "label the location of the server",
 		},
-		madmin.HelpKV{
+		{
 			Key:         "notify_nsq",
 			Description: "publish bucket notifications to NSQ endpoints",
 		},
--- a/restapi/admin_tenants.go
+++ b/restapi/admin_tenants.go
--- a/restapi/admin_tenants_test.go
+++ b/restapi/admin_tenants_test.go
@@ -35,7 +35,9 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	types "k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes/fake"
 )

 var opClientTenantDeleteMock func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error
@@ -89,6 +91,7 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		tenantName  string
 		serviceName string
 		scheme      string
+		insecure    bool
 	}
 	tests := []struct {
 		name           string
@@ -234,7 +237,7 @@ func Test_TenantInfoTenantAdminClient(t *testing.T) {
 		k8sclientGetSecretMock = tt.mockGetSecret
 		k8sclientGetServiceMock = tt.mockGetService
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := getTenantAdminClient(tt.args.ctx, tt.args.client, tt.args.namespace, tt.args.tenantName, tt.args.serviceName, tt.args.scheme)
+			got, err := getTenantAdminClient(tt.args.ctx, tt.args.client, tt.args.namespace, tt.args.tenantName, tt.args.serviceName, tt.args.scheme, tt.args.insecure)
 			if err != nil {
 				if tt.wantErr {
 					return
@@ -573,6 +576,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
+		objs    []runtime.Object
 		wantErr bool
 	}{
 		{
@@ -708,8 +712,9 @@ func Test_UpdateTenantAction(t *testing.T) {
 		opClientTenantGetMock = tt.args.mockTenantGet
 		opClientTenantPatchMock = tt.args.mockTenantPatch
 		httpClientGetMock = tt.args.mockHTTPClientGet
+		cnsClient := fake.NewSimpleClientset(tt.objs...)
 		t.Run(tt.name, func(t *testing.T) {
-			if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
+			if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, cnsClient.CoreV1(), tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
 				t.Errorf("deleteTenantAction() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
--- a/restapi/admin_users_test.go
+++ b/restapi/admin_users_test.go
@@ -67,13 +67,13 @@ func TestListUsers(t *testing.T) {
 	// Test-1 : listUsers() Get response from minio client with two users and return the same number on listUsers()
 	// mock minIO client
 	mockUserMap := map[string]madmin.UserInfo{
-		"ABCDEFGHI": madmin.UserInfo{
+		"ABCDEFGHI": {
 			SecretKey:  "",
 			PolicyName: "ABCDEFGHI-policy",
 			Status:     "enabled",
 			MemberOf:   []string{"group1", "group2"},
 		},
-		"ZBCDEFGHI": madmin.UserInfo{
+		"ZBCDEFGHI": {
 			SecretKey:  "",
 			PolicyName: "ZBCDEFGHI-policy",
 			Status:     "enabled",
--- a/restapi/client-admin.go
+++ b/restapi/client-admin.go
@@ -33,8 +33,13 @@ import (

 const globalAppName = "console"

-// NewAdminClient gives a new client interface
+// NewAdminClient gives a new madmin client interface
 func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *probe.Error) {
+	return NewAdminClientWithInsecure(url, accessKey, secretKey, false)
+}
+
+// NewAdminClientWithInsecure gives a new madmin client interface either secure or insecure based on parameter
+func NewAdminClientWithInsecure(url, accessKey, secretKey string, insecure bool) (*madmin.AdminClient, *probe.Error) {
 	appName := filepath.Base(globalAppName)

 	s3Client, err := s3AdminNew(&mcCmd.Config{
@@ -44,12 +49,13 @@ func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *pro
 		AppName:     appName,
 		AppVersion:  ConsoleVersion,
 		AppComments: []string{appName, runtime.GOOS, runtime.GOARCH},
-		Insecure:    false,
+		Insecure:    insecure,
 	})
 	if err != nil {
 		return nil, err.Trace(url)
 	}
-	s3Client.SetCustomTransport(STSClient.Transport)
+	stsClient := PrepareSTSClient(insecure)
+	s3Client.SetCustomTransport(stsClient.Transport)
 	return s3Client, nil
 }

@@ -261,7 +267,8 @@ func newAdminFromClaims(claims *models.Principal) (*madmin.AdminClient, error) {
 	if err != nil {
 		return nil, err
 	}
-	adminClient.SetCustomTransport(STSClient.Transport)
+	stsClient := PrepareSTSClient(false)
+	adminClient.SetCustomTransport(stsClient.Transport)
 	return adminClient, nil
 }

--- a/restapi/client.go
+++ b/restapi/client.go
@@ -164,7 +164,6 @@ func (s consoleSTSAssumeRole) IsExpired() bool {

 // STSClient contains http.client configuration need it by STSAssumeRole
 var (
-	STSClient     = PrepareSTSClient()
 	MinioEndpoint = getMinIOServer()
 )

@@ -204,8 +203,9 @@ func newConsoleCredentials(accessKey, secretKey, location string) (*credentials.
 				Location:        location,
 				DurationSeconds: xjwt.GetConsoleSTSAndJWTDurationInSeconds(),
 			}
+			stsClient := PrepareSTSClient(false)
 			stsAssumeRole := &credentials.STSAssumeRole{
-				Client:      STSClient,
+				Client:      stsClient,
 				STSEndpoint: MinioEndpoint,
 				Options:     opts,
 			}
@@ -234,10 +234,11 @@ func getConsoleCredentialsFromSession(claims *models.Principal) *credentials.Cre
 // from the provided jwt
 func newMinioClient(claims *models.Principal) (*minio.Client, error) {
 	creds := getConsoleCredentialsFromSession(claims)
+	stsClient := PrepareSTSClient(false)
 	minioClient, err := minio.New(getMinIOEndpoint(), &minio.Options{
 		Creds:     creds,
 		Secure:    getMinIOEndpointIsSecure(),
-		Transport: STSClient.Transport,
+		Transport: stsClient.Transport,
 	})
 	if err != nil {
 		return nil, err
@@ -248,7 +249,7 @@ func newMinioClient(claims *models.Principal) (*minio.Client, error) {
 // newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket
 func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Client, error) {
 	endpoint := getMinIOServer()
-	useSSL := getMinIOEndpointIsSecure()
+	useTLS := getMinIOEndpointIsSecure()

 	if strings.TrimSpace(bucketName) != "" {
 		endpoint += fmt.Sprintf("/%s", bucketName)
@@ -258,7 +259,7 @@ func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Clien
 		return nil, fmt.Errorf("the provided credentials are invalid")
 	}

-	s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useSSL)
+	s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useTLS)
 	client, pErr := mc.S3New(s3Config)
 	if pErr != nil {
 		return nil, pErr.Cause
--- a/restapi/config.go
+++ b/restapi/config.go
@@ -105,15 +105,15 @@ func GetPort() int {
 	return port
 }

-// GetSSLHostname gets console ssl hostname set on env variable
+// GetTLSHostname gets console tls hostname set on env variable
 // or default one
-func GetSSLHostname() string {
+func GetTLSHostname() string {
 	return strings.ToLower(env.Get(ConsoleTLSHostname, TLSHostname))
 }

-// GetSSLPort gets console ssl port set on env variable
+// GetTLSPort gets console tls port set on env variable
 // or default one
-func GetSSLPort() int {
+func GetTLSPort() int {
 	port, err := strconv.Atoi(env.Get(ConsoleTLSPort, TLSPort))
 	if err != nil {
 		port = 9443
@@ -171,14 +171,14 @@ func getSecureHostsProxyHeaders() []string {
 	return []string{}
 }

-// If SSLRedirect is set to true, then only allow HTTPS requests. Default is true.
-func getSSLRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureSSLRedirect, TLSRedirect)) == "on"
+// If TLSRedirect is set to true, then only allow HTTPS requests. Default is true.
+func getTLSRedirect() bool {
+	return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) == "on"
 }

-// SSLHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
-func getSecureSSLHost() string {
-	return env.Get(ConsoleSecureSSLHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
+// TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
+func getSecureTLSHost() string {
+	return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort))
 }

 // STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
@@ -200,9 +200,9 @@ func getSecureSTSPreload() bool {
 	return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on"
 }

-// If SSLTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
-func getSecureSSLTemporaryRedirect() bool {
-	return strings.ToLower(env.Get(ConsoleSecureSSLTemporaryRedirect, "off")) == "on"
+// If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
+func getSecureTLSTemporaryRedirect() bool {
+	return strings.ToLower(env.Get(ConsoleSecureTLSTemporaryRedirect, "off")) == "on"
 }

 // STS header is only included when the connection is HTTPS.
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -149,12 +149,12 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		AllowedHosts:                    getSecureAllowedHosts(),
 		AllowedHostsAreRegex:            getSecureAllowedHostsAreRegex(),
 		HostsProxyHeaders:               getSecureHostsProxyHeaders(),
-		SSLRedirect:                     getSSLRedirect(),
-		SSLHost:                         getSecureSSLHost(),
+		SSLRedirect:                     getTLSRedirect(),
+		SSLHost:                         getSecureTLSHost(),
 		STSSeconds:                      getSecureSTSSeconds(),
 		STSIncludeSubdomains:            getSecureSTSIncludeSubdomains(),
 		STSPreload:                      getSecureSTSPreload(),
-		SSLTemporaryRedirect:            getSecureSSLTemporaryRedirect(),
+		SSLTemporaryRedirect:            getSecureTLSTemporaryRedirect(),
 		SSLHostFunc:                     nil,
 		ForceSTSHeader:                  getSecureForceSTSHeader(),
 		FrameDeny:                       getSecureFrameDeny(),
--- a/restapi/consts.go
+++ b/restapi/consts.go
@@ -41,9 +41,9 @@ const (
 	ConsoleSecureSTSSeconds                      = "CONSOLE_SECURE_STS_SECONDS"
 	ConsoleSecureSTSIncludeSubdomains            = "CONSOLE_SECURE_STS_INCLUDE_SUB_DOMAINS"
 	ConsoleSecureSTSPreload                      = "CONSOLE_SECURE_STS_PRELOAD"
-	ConsoleSecureSSLRedirect                     = "CONSOLE_SECURE_SSL_REDIRECT"
-	ConsoleSecureSSLHost                         = "CONSOLE_SECURE_SSL_HOST"
-	ConsoleSecureSSLTemporaryRedirect            = "CONSOLE_SECURE_SSL_TEMPORARY_REDIRECT"
+	ConsoleSecureTLSRedirect                     = "CONSOLE_SECURE_TLS_REDIRECT"
+	ConsoleSecureTLSHost                         = "CONSOLE_SECURE_TLS_HOST"
+	ConsoleSecureTLSTemporaryRedirect            = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT"
 	ConsoleSecureForceSTSHeader                  = "CONSOLE_SECURE_FORCE_STS_HEADER"
 	ConsoleSecurePublicKey                       = "CONSOLE_SECURE_PUBLIC_KEY"
 	ConsoleSecureReferrerPolicy                  = "CONSOLE_SECURE_REFERRER_POLICY"
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -2028,7 +2028,7 @@ func init() {
          "type": "boolean",
          "default": true
        },
-        "enable_ssl": {
+        "enable_tls": {
          "type": "boolean",
          "default": true
        },
@@ -2036,9 +2036,19 @@ func init() {
          "type": "object",
          "$ref": "#/definitions/encryptionConfiguration"
        },
+        "erasureCodingParity": {
+          "type": "integer"
+        },
+        "idp": {
+          "type": "object",
+          "$ref": "#/definitions/idpConfiguration"
+        },
        "image": {
          "type": "string"
        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
+        },
        "mounth_path": {
          "type": "string"
        },
@@ -2098,18 +2108,7 @@ func init() {
        },
        "client": {
          "type": "object",
-          "required": [
-            "crt",
-            "key"
-          ],
-          "properties": {
-            "crt": {
-              "type": "string"
-            },
-            "key": {
-              "type": "string"
-            }
-          }
+          "$ref": "#/definitions/keyPairConfiguration"
        },
        "gemalto": {
          "type": "object",
@@ -2118,23 +2117,9 @@ func init() {
        "image": {
          "type": "string"
        },
-        "master_key": {
-          "type": "string"
-        },
        "server": {
          "type": "object",
-          "required": [
-            "crt",
-            "key"
-          ],
-          "properties": {
-            "crt": {
-              "type": "string"
-            },
-            "key": {
-              "type": "string"
-            }
-          }
+          "$ref": "#/definitions/keyPairConfiguration"
        },
        "vault": {
          "type": "object",
@@ -2227,6 +2212,98 @@ func init() {
        }
      }
    },
+    "idpConfiguration": {
+      "type": "object",
+      "properties": {
+        "active_directory": {
+          "type": "object",
+          "required": [
+            "url",
+            "username_format",
+            "user_search_filter"
+          ],
+          "properties": {
+            "group_name_attribute": {
+              "type": "string"
+            },
+            "group_search_base_dn": {
+              "type": "string"
+            },
+            "group_search_filter": {
+              "type": "string"
+            },
+            "server_insecure": {
+              "type": "boolean"
+            },
+            "skip_tls_verification": {
+              "type": "boolean"
+            },
+            "url": {
+              "type": "string"
+            },
+            "user_search_filter": {
+              "type": "string"
+            },
+            "username_format": {
+              "type": "string"
+            }
+          }
+        },
+        "oidc": {
+          "type": "object",
+          "required": [
+            "url",
+            "client_id",
+            "secret_id"
+          ],
+          "properties": {
+            "client_id": {
+              "type": "string"
+            },
+            "secret_id": {
+              "type": "string"
+            },
+            "url": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
+    "imageRegistry": {
+      "type": "object",
+      "required": [
+        "registry",
+        "username",
+        "password"
+      ],
+      "properties": {
+        "password": {
+          "type": "string"
+        },
+        "registry": {
+          "type": "string"
+        },
+        "username": {
+          "type": "string"
+        }
+      }
+    },
+    "keyPairConfiguration": {
+      "type": "object",
+      "required": [
+        "crt",
+        "key"
+      ],
+      "properties": {
+        "crt": {
+          "type": "string"
+        },
+        "key": {
+          "type": "string"
+        }
+      }
+    },
    "listBucketEventsResponse": {
      "type": "object",
      "properties": {
@@ -2938,7 +3015,11 @@ func init() {
    "tenantUsage": {
      "type": "object",
      "properties": {
-        "used_size": {
+        "disk_used": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "used": {
          "type": "integer",
          "format": "int64"
        }
@@ -2946,16 +3027,14 @@ func init() {
    },
    "tlsConfiguration": {
      "type": "object",
-      "required": [
-        "crt",
-        "key"
-      ],
      "properties": {
-        "crt": {
-          "type": "string"
+        "console": {
+          "type": "object",
+          "$ref": "#/definitions/keyPairConfiguration"
        },
-        "key": {
-          "type": "string"
+        "minio": {
+          "type": "object",
+          "$ref": "#/definitions/keyPairConfiguration"
        }
      }
    },
@@ -2983,6 +3062,9 @@ func init() {
        "image": {
          "type": "string",
          "pattern": "^((.*?)/(.*?):(.+))$"
+        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
        }
      }
    },
@@ -3087,6 +3169,20 @@ func init() {
              "format": "int64"
            }
          }
+        },
+        "tls": {
+          "type": "object",
+          "properties": {
+            "ca": {
+              "type": "string"
+            },
+            "crt": {
+              "type": "string"
+            },
+            "key": {
+              "type": "string"
+            }
+          }
        }
      }
    },
@@ -3284,6 +3380,19 @@ func init() {
        }
      }
    },
+    "zoneTolerationSeconds": {
+      "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.",
+      "type": "object",
+      "required": [
+        "seconds"
+      ],
+      "properties": {
+        "seconds": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "zoneTolerations": {
      "description": "Tolerations allows users to set entries like effect, key, operator, value.",
      "type": "array",
@@ -3304,9 +3413,7 @@ func init() {
            "type": "string"
          },
          "tolerationSeconds": {
-            "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.",
-            "type": "integer",
-            "format": "int64"
+            "$ref": "#/definitions/zoneTolerationSeconds"
          },
          "value": {
            "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.",
@@ -5142,36 +5249,6 @@ func init() {
        }
      }
    },
-    "EncryptionConfigurationClient": {
-      "type": "object",
-      "required": [
-        "crt",
-        "key"
-      ],
-      "properties": {
-        "crt": {
-          "type": "string"
-        },
-        "key": {
-          "type": "string"
-        }
-      }
-    },
-    "EncryptionConfigurationServer": {
-      "type": "object",
-      "required": [
-        "crt",
-        "key"
-      ],
-      "properties": {
-        "crt": {
-          "type": "string"
-        },
-        "key": {
-          "type": "string"
-        }
-      }
-    },
    "GemaltoConfigurationKeysecure": {
      "type": "object",
      "required": [
@@ -5244,6 +5321,59 @@ func init() {
        }
      }
    },
+    "IdpConfigurationActiveDirectory": {
+      "type": "object",
+      "required": [
+        "url",
+        "username_format",
+        "user_search_filter"
+      ],
+      "properties": {
+        "group_name_attribute": {
+          "type": "string"
+        },
+        "group_search_base_dn": {
+          "type": "string"
+        },
+        "group_search_filter": {
+          "type": "string"
+        },
+        "server_insecure": {
+          "type": "boolean"
+        },
+        "skip_tls_verification": {
+          "type": "boolean"
+        },
+        "url": {
+          "type": "string"
+        },
+        "user_search_filter": {
+          "type": "string"
+        },
+        "username_format": {
+          "type": "string"
+        }
+      }
+    },
+    "IdpConfigurationOidc": {
+      "type": "object",
+      "required": [
+        "url",
+        "client_id",
+        "secret_id"
+      ],
+      "properties": {
+        "client_id": {
+          "type": "string"
+        },
+        "secret_id": {
+          "type": "string"
+        },
+        "url": {
+          "type": "string"
+        }
+      }
+    },
    "NodeSelectorTermMatchExpressionsItems0": {
      "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
      "type": "object",
@@ -5370,6 +5500,20 @@ func init() {
        }
      }
    },
+    "VaultConfigurationTLS": {
+      "type": "object",
+      "properties": {
+        "ca": {
+          "type": "string"
+        },
+        "crt": {
+          "type": "string"
+        },
+        "key": {
+          "type": "string"
+        }
+      }
+    },
    "ZoneAffinityNodeAffinity": {
      "description": "Describes node affinity scheduling rules for the pod.",
      "type": "object",
@@ -5528,9 +5672,7 @@ func init() {
          "type": "string"
        },
        "tolerationSeconds": {
-          "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.",
-          "type": "integer",
-          "format": "int64"
+          "$ref": "#/definitions/zoneTolerationSeconds"
        },
        "value": {
          "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.",
@@ -5800,7 +5942,7 @@ func init() {
          "type": "boolean",
          "default": true
        },
-        "enable_ssl": {
+        "enable_tls": {
          "type": "boolean",
          "default": true
        },
@@ -5808,9 +5950,19 @@ func init() {
          "type": "object",
          "$ref": "#/definitions/encryptionConfiguration"
        },
+        "erasureCodingParity": {
+          "type": "integer"
+        },
+        "idp": {
+          "type": "object",
+          "$ref": "#/definitions/idpConfiguration"
+        },
        "image": {
          "type": "string"
        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
+        },
        "mounth_path": {
          "type": "string"
        },
@@ -5870,18 +6022,7 @@ func init() {
        },
        "client": {
          "type": "object",
-          "required": [
-            "crt",
-            "key"
-          ],
-          "properties": {
-            "crt": {
-              "type": "string"
-            },
-            "key": {
-              "type": "string"
-            }
-          }
+          "$ref": "#/definitions/keyPairConfiguration"
        },
        "gemalto": {
          "type": "object",
@@ -5890,23 +6031,9 @@ func init() {
        "image": {
          "type": "string"
        },
-        "master_key": {
-          "type": "string"
-        },
        "server": {
          "type": "object",
-          "required": [
-            "crt",
-            "key"
-          ],
-          "properties": {
-            "crt": {
-              "type": "string"
-            },
-            "key": {
-              "type": "string"
-            }
-          }
+          "$ref": "#/definitions/keyPairConfiguration"
        },
        "vault": {
          "type": "object",
@@ -5999,6 +6126,98 @@ func init() {
        }
      }
    },
+    "idpConfiguration": {
+      "type": "object",
+      "properties": {
+        "active_directory": {
+          "type": "object",
+          "required": [
+            "url",
+            "username_format",
+            "user_search_filter"
+          ],
+          "properties": {
+            "group_name_attribute": {
+              "type": "string"
+            },
+            "group_search_base_dn": {
+              "type": "string"
+            },
+            "group_search_filter": {
+              "type": "string"
+            },
+            "server_insecure": {
+              "type": "boolean"
+            },
+            "skip_tls_verification": {
+              "type": "boolean"
+            },
+            "url": {
+              "type": "string"
+            },
+            "user_search_filter": {
+              "type": "string"
+            },
+            "username_format": {
+              "type": "string"
+            }
+          }
+        },
+        "oidc": {
+          "type": "object",
+          "required": [
+            "url",
+            "client_id",
+            "secret_id"
+          ],
+          "properties": {
+            "client_id": {
+              "type": "string"
+            },
+            "secret_id": {
+              "type": "string"
+            },
+            "url": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
+    "imageRegistry": {
+      "type": "object",
+      "required": [
+        "registry",
+        "username",
+        "password"
+      ],
+      "properties": {
+        "password": {
+          "type": "string"
+        },
+        "registry": {
+          "type": "string"
+        },
+        "username": {
+          "type": "string"
+        }
+      }
+    },
+    "keyPairConfiguration": {
+      "type": "object",
+      "required": [
+        "crt",
+        "key"
+      ],
+      "properties": {
+        "crt": {
+          "type": "string"
+        },
+        "key": {
+          "type": "string"
+        }
+      }
+    },
    "listBucketEventsResponse": {
      "type": "object",
      "properties": {
@@ -6644,7 +6863,11 @@ func init() {
    "tenantUsage": {
      "type": "object",
      "properties": {
-        "used_size": {
+        "disk_used": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "used": {
          "type": "integer",
          "format": "int64"
        }
@@ -6652,16 +6875,14 @@ func init() {
    },
    "tlsConfiguration": {
      "type": "object",
-      "required": [
-        "crt",
-        "key"
-      ],
      "properties": {
-        "crt": {
-          "type": "string"
+        "console": {
+          "type": "object",
+          "$ref": "#/definitions/keyPairConfiguration"
        },
-        "key": {
-          "type": "string"
+        "minio": {
+          "type": "object",
+          "$ref": "#/definitions/keyPairConfiguration"
        }
      }
    },
@@ -6689,6 +6910,9 @@ func init() {
        "image": {
          "type": "string",
          "pattern": "^((.*?)/(.*?):(.+))$"
+        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
        }
      }
    },
@@ -6793,6 +7017,20 @@ func init() {
              "format": "int64"
            }
          }
+        },
+        "tls": {
+          "type": "object",
+          "properties": {
+            "ca": {
+              "type": "string"
+            },
+            "crt": {
+              "type": "string"
+            },
+            "key": {
+              "type": "string"
+            }
+          }
        }
      }
    },
@@ -6943,6 +7181,19 @@ func init() {
        }
      }
    },
+    "zoneTolerationSeconds": {
+      "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.",
+      "type": "object",
+      "required": [
+        "seconds"
+      ],
+      "properties": {
+        "seconds": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "zoneTolerations": {
      "description": "Tolerations allows users to set entries like effect, key, operator, value.",
      "type": "array",
--- a/restapi/resource_quota_test.go
+++ b/restapi/resource_quota_test.go
@@ -66,12 +66,12 @@ func Test_ResourceQuota(t *testing.T) {
 			want: models.ResourceQuota{
 				Name: mockRQResponse.Name,
 				Elements: []*models.ResourceQuotaElement{
-					&models.ResourceQuotaElement{
+					{
 						Name: "storage",
 						Hard: int64(1000),
 						Used: int64(500),
 					},
-					&models.ResourceQuotaElement{
+					{
 						Name: "cpu",
 						Hard: int64(2048),
 						Used: int64(1024),
--- a/restapi/tls.go
+++ b/restapi/tls.go
@@ -30,12 +30,24 @@ var (
 	certDontExists = "File certificate doesn't exists: %s"
 )

-func prepareSTSClientTransport() *http.Transport {
+func prepareSTSClientTransport(insecure bool) *http.Transport {
 	// This takes github.com/minio/minio/pkg/madmin/transport.go as an example
 	//
 	// DefaultTransport - this default transport is similar to
 	// http.DefaultTransport but with additional param  DisableCompression
 	// is set to true to avoid decompressing content with 'gzip' encoding.
+
+	// Keep TLS config.
+	tlsConfig := &tls.Config{
+		// Can't use SSLv3 because of POODLE and BEAST
+		// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
+		// Can't use TLSv1.1 because of RC4 cipher usage
+		MinVersion: tls.VersionTLS12,
+	}
+	if insecure {
+		tlsConfig.InsecureSkipVerify = true
+	}
+
 	DefaultTransport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		DialContext: (&net.Dialer{
@@ -49,6 +61,7 @@ func prepareSTSClientTransport() *http.Transport {
 		TLSHandshakeTimeout:   10 * time.Second,
 		ExpectContinueTimeout: 1 * time.Second,
 		DisableCompression:    true,
+		TLSClientConfig:       tlsConfig,
 	}
 	// If Minio instance is running with TLS enabled and it's using a self-signed certificate
 	// or a certificate issued by a custom certificate authority we prepare a new custom *http.Transport
@@ -86,10 +99,11 @@ func prepareSTSClientTransport() *http.Transport {

 // PrepareSTSClient returns an http.Client with custom configurations need it by *credentials.STSAssumeRole
 // custom configurations include the use of CA certificates
-func PrepareSTSClient() *http.Client {
-	transport := prepareSTSClientTransport()
+func PrepareSTSClient(insecure bool) *http.Client {
+	transport := prepareSTSClientTransport(insecure)
 	// Return http client with default configuration
-	return &http.Client{
+	c := &http.Client{
 		Transport: transport,
 	}
+	return c
 }
--- a/restapi/user_buckets_events_test.go
+++ b/restapi/user_buckets_events_test.go
@@ -148,7 +148,7 @@ func TestListBucketEvents(t *testing.T) {
 		LambdaConfigs: []notification.LambdaConfig{},
 		TopicConfigs:  []notification.TopicConfig{},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -160,11 +160,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".jpg",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "file/",
 								},
@@ -176,7 +176,7 @@ func TestListBucketEvents(t *testing.T) {
 		},
 	}
 	expectedOutput := []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "file/",
@@ -213,7 +213,7 @@ func TestListBucketEvents(t *testing.T) {
 		LambdaConfigs: []notification.LambdaConfig{},
 		TopicConfigs:  []notification.TopicConfig{},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -225,7 +225,7 @@ func TestListBucketEvents(t *testing.T) {
 		},
 	}
 	expectedOutput = []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "",
@@ -258,7 +258,7 @@ func TestListBucketEvents(t *testing.T) {
 	////// Test-3 : listBucketEvents() get list of events
 	mockBucketN = notification.Configuration{
 		LambdaConfigs: []notification.LambdaConfig{
-			notification.LambdaConfig{
+			{
 				Lambda: "lambda",
 				Config: notification.Config{
 					ID: "",
@@ -268,11 +268,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".png",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "lambda/",
 								},
@@ -283,7 +283,7 @@ func TestListBucketEvents(t *testing.T) {
 			},
 		},
 		TopicConfigs: []notification.TopicConfig{
-			notification.TopicConfig{
+			{
 				Topic: "topic",
 				Config: notification.Config{
 					ID: "",
@@ -293,11 +293,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".gif",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "topic/",
 								},
@@ -308,7 +308,7 @@ func TestListBucketEvents(t *testing.T) {
 			},
 		},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -326,7 +326,7 @@ func TestListBucketEvents(t *testing.T) {
 	}
 	// order matters in output: topic,queue then lambda are given respectively
 	expectedOutput = []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("topic"),
 			ID:     "",
 			Prefix: "topic/",
@@ -335,7 +335,7 @@ func TestListBucketEvents(t *testing.T) {
 				models.NotificationEventTypeDelete,
 			},
 		},
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "",
@@ -344,7 +344,7 @@ func TestListBucketEvents(t *testing.T) {
 				models.NotificationEventTypeDelete,
 			},
 		},
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("lambda"),
 			ID:     "",
 			Prefix: "lambda/",
--- a/restapi/user_buckets_test.go
+++ b/restapi/user_buckets_test.go
@@ -82,8 +82,8 @@ func TestListBucket(t *testing.T) {
 	mockBucketList := madmin.AccountUsageInfo{
 		AccountName: "test",
 		Buckets: []madmin.BucketUsageInfo{
-			madmin.BucketUsageInfo{Name: "bucket-1", Created: time.Now(), Size: 1024},
-			madmin.BucketUsageInfo{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
+			{Name: "bucket-1", Created: time.Now(), Size: 1024},
+			{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
 		},
 	}
 	// mock function response from listBucketsWithContext(ctx)
--- a/restapi/user_watch_test.go
+++ b/restapi/user_watch_test.go
@@ -71,7 +71,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}
@@ -134,7 +134,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}
@@ -177,7 +177,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}
--- a/swagger.yml
+++ b/swagger.yml
@@ -1733,7 +1733,10 @@ definitions:
  tenantUsage:
    type: object
    properties:
-      used_size:
+      used:
+        type: integer
+        format: int64
+      disk_used:
        type: integer
        format: int64

@@ -1768,12 +1771,30 @@ definitions:
        type: integer
        format: int64
        title: number of tenants accessible to tenant user
+
  updateTenantRequest:
    type: object
    properties:
      image:
        type: string
        pattern: "^((.*?)/(.*?):(.+))$"
+      image_registry:
+        $ref: "#/definitions/imageRegistry"
+  
+  imageRegistry:
+    type: object
+    required:
+      - registry
+      - username
+      - password
+    properties:
+      registry:
+        type: string
+      username:
+        type: string
+      password:
+        type: string
+        
  createTenantRequest:
    type: object
    required:
@@ -1801,15 +1822,22 @@ definitions:
      enable_console:
        type: boolean
        default: true
-      enable_ssl:
+      enable_tls:
        type: boolean
        default: true
      namespace:
        type: string
+      erasureCodingParity:
+        type: integer
      annotations:
        type: object
        additionalProperties:
          type: string
+      image_registry:
+        $ref: "#/definitions/imageRegistry"
+      idp:
+        type: object
+        $ref: "#/definitions/idpConfiguration"
      tls:
        type: object
        $ref: "#/definitions/tlsConfiguration"
@@ -1817,7 +1845,7 @@ definitions:
        type: object
        $ref: "#/definitions/encryptionConfiguration"

-  tlsConfiguration:
+  keyPairConfiguration:
    type: object
    required:
      - crt
@@ -1828,6 +1856,56 @@ definitions:
      key:
        type: string

+  tlsConfiguration:
+    type: object
+    properties:
+      minio:
+        type: object
+        $ref: "#/definitions/keyPairConfiguration"
+      console:
+        type: object
+        $ref: "#/definitions/keyPairConfiguration"
+
+  idpConfiguration:
+    type: object
+    properties:
+      oidc:
+        type: object
+        required:
+          - url
+          - client_id
+          - secret_id
+        properties:
+          url:
+            type: string
+          client_id:
+            type: string
+          secret_id:
+            type: string
+      active_directory:
+        type: object
+        required:
+          - url
+          - username_format
+          - user_search_filter
+        properties:
+          url:
+            type: string
+          username_format:
+            type: string
+          user_search_filter:
+            type: string
+          group_search_base_dn:
+            type: string
+          group_search_filter:
+            type: string
+          group_name_attribute:
+            type: string
+          skip_tls_verification:
+            type: boolean
+          server_insecure:
+            type: boolean
+
  encryptionConfiguration:
    type: object
    properties:
@@ -1835,26 +1913,10 @@ definitions:
        type: string
      server:
        type: object
-        required:
-          - crt
-          - key
-        properties:
-          crt:
-            type: string
-          key:
-            type: string
+        $ref: "#/definitions/keyPairConfiguration"
      client:
        type: object
-        required:
-          - crt
-          - key
-        properties:
-          crt:
-            type: string
-          key:
-            type: string
-      master_key:
-        type: string
+        $ref: "#/definitions/keyPairConfiguration"
      gemalto:
        type: object
        $ref: "#/definitions/gemaltoConfiguration"
@@ -1900,6 +1962,15 @@ definitions:
          ping:
            type: integer
            format: int64
+      tls:
+        type: object
+        properties:
+          key:
+            type: string
+          crt:
+            type: string
+          ca:
+            type: string

  awsConfiguration:
    type: object
@@ -2045,14 +2116,7 @@ definitions:
            category.
          type: string
        tolerationSeconds:
-          description: TolerationSeconds represents the period of
-            time the toleration (which must be of effect NoExecute,
-            otherwise this field is ignored) tolerates the taint.
-            By default, it is not set, which means tolerate the taint
-            forever (do not evict). Zero and negative values will
-            be treated as 0 (evict immediately) by the system.
-          format: int64
-          type: integer
+          $ref: "#/definitions/zoneTolerationSeconds"
        value:
          description: Value is the taint value the toleration matches
            to. If the operator is Exists, the value should be empty,
@@ -2060,6 +2124,21 @@ definitions:
          type: string
      type: object
    type: array
+  
+  zoneTolerationSeconds:
+    description: TolerationSeconds represents the period of
+            time the toleration (which must be of effect NoExecute,
+            otherwise this field is ignored) tolerates the taint.
+            By default, it is not set, which means tolerate the taint
+            forever (do not evict). Zero and negative values will
+            be treated as 0 (evict immediately) by the system.
+    type: object
+    required:
+      - seconds
+    properties:
+      seconds:
+        type: integer
+        format: int64

  zoneResources:
    description: If provided, use these requests and limit for cpu/memory
Author	SHA1	Message	Date
Minio Trusted	e0ff6623bb	update to version v0.3.11	2020-08-09 19:39:46 -07:00
Lenin Alevski	3d59e9ac30	fix npe for tls console/minio (#243 )	2020-08-09 17:19:39 -07:00
Lenin Alevski	cff712f071	rename SSL to TLS in labels, env variables and normal variables/constants (#242 )	2020-08-09 16:08:58 -07:00
Minio Trusted	b8bca9d2fe	update version to v0.3.10	2020-08-09 14:48:42 -07:00
Lenin Alevski	a6ccae52d2	Enable user provided certificates for Console (#239 ) Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>	2020-08-09 14:47:06 -07:00
Daniel Valdivia	bdfa6dc9bf	Support Usage API talk to MinIO over TLS with Insecure (#241 ) * Support Usage API talk to MinIO over TLS with Insecure Right now if MinIO is running with TLS, and the certificate is not trusted by console, we fail usage requests. We need to leverage the support for insecure connections so we can read Health Checks and Usage information. * Remove unusd import	2020-08-09 14:36:55 -07:00
Lenin Alevski	6eb5731eb5	Upgrade Minio and MC versions (#240 ) - Minio: RELEASE.2020-08-08T04-50-06Z - Mc: RELEASE.2020-08-08T02-33-58Z	2020-08-08 16:32:30 -07:00
Minio Trusted	953574f7a3	update version to v0.3.9	2020-08-07 20:29:26 -07:00
Lenin Alevski	8ec6d695de	APIs to define mTLS configuration for KES (#235 ) Adding support for user to define KES mTLS configuration for Vault and Gemalto	2020-08-07 20:23:03 -07:00
Cesar N	47274817fa	Allow tolerationSeconds to be empty on Zone tolerations Requests (#238 ) Since toleration seconds can be empty, we were forcing it to be an integer defaulting to 0 which was creating a toleration with value 0 when value should have been nil.	2020-08-07 20:00:16 -07:00
Daniel Valdivia	3b123c6182	Fix EC bug (#237 )	2020-08-07 12:28:46 -07:00
Lenin Alevski	d7f72e0c41	update kes dependency to v0.11.0 (#236 )	2020-08-06 12:43:04 -07:00
Minio Trusted	c0bf9c5da8	update version to v0.3.8	2020-08-05 12:38:13 -07:00
Daniel Valdivia	16a6524b11	Pass Annotations to PVC (#233 )	2020-08-05 12:35:41 -07:00
Minio Trusted	c1963c6122	update to v0.3.7	2020-08-05 11:06:25 -07:00
Cesar N	73154e8dd7	Add missing field on Tenant Creation (#232 )	2020-08-05 01:21:35 -07:00
Daniel Valdivia	e2e8cbe46c	Erasure Coding Parity (#231 )	2020-08-04 22:32:41 -07:00
Cesar N	b9b776c278	Add ImageRegistry field to Tenant Create and Tenant Update (#230 )	2020-08-04 20:54:59 -07:00
Cesar N	7710df62ee	Add imagePullSecretsName field on Add Tenant request (#227 )	2020-08-04 16:04:04 -07:00
Minio Trusted	63e1c554b7	update to v0.3.6	2020-08-03 12:14:15 -07:00
Daniel Valdivia	a9d8f3fc41	Return Disk Usage (#226 ) * Return Disk Usage * Address comments	2020-08-03 12:11:48 -07:00
Minio Trusted	59bf546b4a	upgrade to v0.3.5	2020-08-03 09:24:57 -07:00
Lenin Alevski	c3e34dc220	Support for deploying minio/console with IDP integration (#221 )	2020-08-02 23:45:54 -07:00
Daniel Valdivia	cd547e9425	Limit Console RAM to 64Mi. Increase Logging for Tenant APIs. (#225 )	2020-08-02 23:04:51 -07:00
Harshavardhana	d98b70f0ca	update CREDITS with new deps (#222 ) Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>	2020-08-02 12:29:58 -07:00
Daniel Valdivia	7ff009ec43	Add Insecure parameter to NewAdminClient function (#224 ) When using the madmin client, for some operations such as health checks against a MinIO instnace with TLS we need a client with insecure turned on.	2020-08-02 12:21:21 -07:00
dependabot[bot]	3760c783d0	Bump elliptic from 6.5.2 to 6.5.3 in /portal-ui (#223 ) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2020-08-02 09:36:01 -07:00