update version to v0.3.8

* Return Disk Usage

* Address comments

.golangci.yml

@@ -21,7 +21,7 @@ linters:
     - structcheck
 
 service:
-  golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
 
 run:
   skip-dirs:

.goreleaser.yml

@@ -23,6 +23,33 @@ builds:
     goarch:
       - amd64
       - arm64
+
+    ignore:
+      - goos: darwin
+        goarch: arm64
+      - goos: darwin
+        goarch: arm
+      - goos: darwin
+        goarch: ppc64le
+      - goos: darwin
+        goarch: s390x
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+      - goos: windows
+        goarch: ppc64le
+      - goos: windows
+        goarch: s390x
+      - goos: freebsd
+        goarch: arm
+      - goos: freebsd
+        goarch: arm64
+      - goos: freebsd
+        goarch: ppc64le
+      - goos: freebsd
+        goarch: s390x
+
     env:
       - CGO_ENABLED=0
     main: ./cmd/console/

Makefile

@@ -25,8 +25,10 @@ verifiers: getdeps fmt lint
 
 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d restapi/
 	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/
 
 lint:
 	@echo "Running $@ check"

k8s/console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.3.4
+          image: minio/console:v0.3.8
           imagePullPolicy: "IfNotPresent"
           args:
             - server

k8s/operator-console/base/console-cluster-role.yaml

@@ -6,8 +6,18 @@ rules:
   - apiGroups:
       - ""
     resources:
-      - namespaces
       - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
       - pods
       - services
       - events

k8s/operator-console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.3.4
+          image: minio/console:v0.3.8
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_OPERATOR_MODE

models/create_tenant_request.go

@@ -51,9 +51,18 @@ type CreateTenantRequest struct {
 	// encryption
 	Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
 
+	// erasure coding parity
+	ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
+
+	// idp
+	Idp *IdpConfiguration `json:"idp,omitempty"`
+
 	// image
 	Image string `json:"image,omitempty"`
 
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+
 	// mounth path
 	MounthPath string `json:"mounth_path,omitempty"`
 
@@ -88,6 +97,14 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateIdp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}
@@ -128,6 +145,42 @@ func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error
 	return nil
 }
 
+func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Idp) { // not required
+		return nil
+	}
+
+	if m.Idp != nil {
+		if err := m.Idp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("idp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
 
 	if err := validate.Required("name", "body", m.Name); err != nil {

models/idp_configuration.go

@@ -0,0 +1,299 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// IdpConfiguration idp configuration
+//
+// swagger:model idpConfiguration
+type IdpConfiguration struct {
+
+	// active directory
+	ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
+
+	// oidc
+	Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
+}
+
+// Validate validates this idp configuration
+func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateActiveDirectory(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateOidc(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ActiveDirectory) { // not required
+		return nil
+	}
+
+	if m.ActiveDirectory != nil {
+		if err := m.ActiveDirectory.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("active_directory")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Oidc) { // not required
+		return nil
+	}
+
+	if m.Oidc != nil {
+		if err := m.Oidc.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("oidc")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfiguration) UnmarshalBinary(b []byte) error {
+	var res IdpConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationActiveDirectory idp configuration active directory
+//
+// swagger:model IdpConfigurationActiveDirectory
+type IdpConfigurationActiveDirectory struct {
+
+	// group name attribute
+	GroupNameAttribute string `json:"group_name_attribute,omitempty"`
+
+	// group search base dn
+	GroupSearchBaseDn string `json:"group_search_base_dn,omitempty"`
+
+	// group search filter
+	GroupSearchFilter string `json:"group_search_filter,omitempty"`
+
+	// server insecure
+	ServerInsecure bool `json:"server_insecure,omitempty"`
+
+	// skip ssl verification
+	SkipSslVerification bool `json:"skip_ssl_verification,omitempty"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+
+	// user search filter
+	// Required: true
+	UserSearchFilter *string `json:"user_search_filter"`
+
+	// username format
+	// Required: true
+	UsernameFormat *string `json:"username_format"`
+}
+
+// Validate validates this idp configuration active directory
+func (m *IdpConfigurationActiveDirectory) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUserSearchFilter(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsernameFormat(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUserSearchFilter(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"user_search_filter", "body", m.UserSearchFilter); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationActiveDirectory) validateUsernameFormat(formats strfmt.Registry) error {
+
+	if err := validate.Required("active_directory"+"."+"username_format", "body", m.UsernameFormat); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationActiveDirectory
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// IdpConfigurationOidc idp configuration oidc
+//
+// swagger:model IdpConfigurationOidc
+type IdpConfigurationOidc struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// secret id
+	// Required: true
+	SecretID *string `json:"secret_id"`
+
+	// url
+	// Required: true
+	URL *string `json:"url"`
+}
+
+// Validate validates this idp configuration oidc
+func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"secret_id", "body", m.SecretID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationOidc) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationOidc) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationOidc
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/image_registry.go

@@ -29,37 +29,37 @@ import (
 	"github.com/go-openapi/validate"
 )
 
-// EncryptionKesConfig encryption kes config
+// ImageRegistry image registry
 //
-// swagger:model encryptionKesConfig
-type EncryptionKesConfig struct {
+// swagger:model imageRegistry
+type ImageRegistry struct {
 
-	// server cert
+	// password
 	// Required: true
-	ServerCert *string `json:"server_cert"`
+	Password *string `json:"password"`
 
-	// server config
+	// registry
 	// Required: true
-	ServerConfig *string `json:"server_config"`
+	Registry *string `json:"registry"`
 
-	// server key
+	// username
 	// Required: true
-	ServerKey *string `json:"server_key"`
+	Username *string `json:"username"`
 }
 
-// Validate validates this encryption kes config
-func (m *EncryptionKesConfig) Validate(formats strfmt.Registry) error {
+// Validate validates this image registry
+func (m *ImageRegistry) Validate(formats strfmt.Registry) error {
 	var res []error
 
-	if err := m.validateServerCert(formats); err != nil {
+	if err := m.validatePassword(formats); err != nil {
 		res = append(res, err)
 	}
 
-	if err := m.validateServerConfig(formats); err != nil {
+	if err := m.validateRegistry(formats); err != nil {
 		res = append(res, err)
 	}
 
-	if err := m.validateServerKey(formats); err != nil {
+	if err := m.validateUsername(formats); err != nil {
 		res = append(res, err)
 	}
 
@@ -69,27 +69,27 @@ func (m *EncryptionKesConfig) Validate(formats strfmt.Registry) error {
 	return nil
 }
 
-func (m *EncryptionKesConfig) validateServerCert(formats strfmt.Registry) error {
+func (m *ImageRegistry) validatePassword(formats strfmt.Registry) error {
 
-	if err := validate.Required("server_cert", "body", m.ServerCert); err != nil {
+	if err := validate.Required("password", "body", m.Password); err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func (m *EncryptionKesConfig) validateServerConfig(formats strfmt.Registry) error {
+func (m *ImageRegistry) validateRegistry(formats strfmt.Registry) error {
 
-	if err := validate.Required("server_config", "body", m.ServerConfig); err != nil {
+	if err := validate.Required("registry", "body", m.Registry); err != nil {
 		return err
 	}
 
 	return nil
 }
 
-func (m *EncryptionKesConfig) validateServerKey(formats strfmt.Registry) error {
+func (m *ImageRegistry) validateUsername(formats strfmt.Registry) error {
 
-	if err := validate.Required("server_key", "body", m.ServerKey); err != nil {
+	if err := validate.Required("username", "body", m.Username); err != nil {
 		return err
 	}
 
@@ -97,7 +97,7 @@ func (m *EncryptionKesConfig) validateServerKey(formats strfmt.Registry) error {
 }
 
 // MarshalBinary interface implementation
-func (m *EncryptionKesConfig) MarshalBinary() ([]byte, error) {
+func (m *ImageRegistry) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@@ -105,8 +105,8 @@ func (m *EncryptionKesConfig) MarshalBinary() ([]byte, error) {
 }
 
 // UnmarshalBinary interface implementation
-func (m *EncryptionKesConfig) UnmarshalBinary(b []byte) error {
-	var res EncryptionKesConfig
+func (m *ImageRegistry) UnmarshalBinary(b []byte) error {
+	var res ImageRegistry
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}

models/kes_configuration.go

@@ -1,269 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
-
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-import (
-	"github.com/go-openapi/errors"
-	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
-)
-
-// KesConfiguration kes configuration
-//
-// swagger:model kesConfiguration
-type KesConfiguration struct {
-
-	// client
-	// Required: true
-	Client *KesConfigurationClient `json:"client"`
-
-	// server
-	// Required: true
-	Server *KesConfigurationServer `json:"server"`
-
-	// server config yaml
-	// Required: true
-	ServerConfigYaml *string `json:"server-config.yaml"`
-}
-
-// Validate validates this kes configuration
-func (m *KesConfiguration) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateClient(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateServer(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateServerConfigYaml(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfiguration) validateClient(formats strfmt.Registry) error {
-
-	if err := validate.Required("client", "body", m.Client); err != nil {
-		return err
-	}
-
-	if m.Client != nil {
-		if err := m.Client.Validate(formats); err != nil {
-			if ve, ok := err.(*errors.Validation); ok {
-				return ve.ValidateName("client")
-			}
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *KesConfiguration) validateServer(formats strfmt.Registry) error {
-
-	if err := validate.Required("server", "body", m.Server); err != nil {
-		return err
-	}
-
-	if m.Server != nil {
-		if err := m.Server.Validate(formats); err != nil {
-			if ve, ok := err.(*errors.Validation); ok {
-				return ve.ValidateName("server")
-			}
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (m *KesConfiguration) validateServerConfigYaml(formats strfmt.Registry) error {
-
-	if err := validate.Required("server-config.yaml", "body", m.ServerConfigYaml); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfiguration) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfiguration) UnmarshalBinary(b []byte) error {
-	var res KesConfiguration
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
-
-// KesConfigurationClient kes configuration client
-//
-// swagger:model KesConfigurationClient
-type KesConfigurationClient struct {
-
-	// tls crt
-	// Required: true
-	TLSCrt *string `json:"tls.crt"`
-
-	// tls key
-	// Required: true
-	TLSKey *string `json:"tls.key"`
-}
-
-// Validate validates this kes configuration client
-func (m *KesConfigurationClient) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateTLSCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateTLSKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfigurationClient) validateTLSCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"tls.crt", "body", m.TLSCrt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *KesConfigurationClient) validateTLSKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("client"+"."+"tls.key", "body", m.TLSKey); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfigurationClient) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfigurationClient) UnmarshalBinary(b []byte) error {
-	var res KesConfigurationClient
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
-
-// KesConfigurationServer kes configuration server
-//
-// swagger:model KesConfigurationServer
-type KesConfigurationServer struct {
-
-	// tls crt
-	// Required: true
-	TLSCrt *string `json:"tls.crt"`
-
-	// tls key
-	// Required: true
-	TLSKey *string `json:"tls.key"`
-}
-
-// Validate validates this kes configuration server
-func (m *KesConfigurationServer) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateTLSCrt(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if err := m.validateTLSKey(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-func (m *KesConfigurationServer) validateTLSCrt(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"tls.crt", "body", m.TLSCrt); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (m *KesConfigurationServer) validateTLSKey(formats strfmt.Registry) error {
-
-	if err := validate.Required("server"+"."+"tls.key", "body", m.TLSKey); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *KesConfigurationServer) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *KesConfigurationServer) UnmarshalBinary(b []byte) error {
-	var res KesConfigurationServer
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}

models/tenant_usage.go

@@ -32,8 +32,11 @@ import (
 // swagger:model tenantUsage
 type TenantUsage struct {
 
-	// used size
-	UsedSize int64 `json:"used_size,omitempty"`
+	// disk used
+	DiskUsed int64 `json:"disk_used,omitempty"`
+
+	// used
+	Used int64 `json:"used,omitempty"`
 }
 
 // Validate validates this tenant usage

models/update_tenant_request.go

@@ -37,6 +37,9 @@ type UpdateTenantRequest struct {
 	// image
 	// Pattern: ^((.*?)/(.*?):(.+))$
 	Image string `json:"image,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
 }
 
 // Validate validates this update tenant request
@@ -47,6 +50,10 @@ func (m *UpdateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -66,6 +73,24 @@ func (m *UpdateTenantRequest) validateImage(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *UpdateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *UpdateTenantRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {

portal-ui/package-lock.json

@@ -4877,9 +4877,9 @@
       "integrity": "sha512-WOr3SrZ55lUFYugA6sUu3H3ZoxVIH5o3zTSqYS+2DOJJP4hnHmBiD1w432a2YFW/H2G5FIxE6DB06rv+9dUL5g=="
     },
     "elliptic": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz",
-      "integrity": "sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
       "requires": {
         "bn.js": "^4.4.0",
         "brorand": "^1.0.1",

portal-ui/src/screens/LoginPage/LoginPage.tsx

@@ -250,7 +250,10 @@ const Login = ({ classes, userLoggedIn }: ILoginProps) => {
           </Typography>
           <Button
             component={"a"}
-            href={loginStrategy.redirect}
+            href={loginStrategy.redirect.replace(
+              "%5BHOSTNAME%5D",
+              window.location.hostname
+            )}
             type="submit"
             fullWidth
             variant="contained"

portal-ui/yarn.lock

@@ -2588,9 +2588,9 @@ bluebird@^3.5.1, bluebird@^3.5.3, bluebird@^3.5.5:
   integrity sha512-XpNj6GDQzdfW+r2Wnn7xiSAd7TM3jzkxGXBGTtWKuSXv1xUV+azxAm8jdWZN06QTQk+2N2XB9jRDkvbmQmcRtg==
 
 bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.1.1, bn.js@^4.4.0:
-  version "4.11.8"
-  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.8.tgz#2cde09eb5ee341f484746bb0309b3253b1b1442f"
-  integrity sha512-ItfYfPLkWHUjckQCk8xC+LwxgK8NYcXywGigJgSwOP8Y2iyWT4f2vsZnoOXTTbo+o5yXmIUJ4gn5538SO5S3gA==
+  version "4.11.9"
+  resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
+  integrity sha512-E6QoYqCKZfgatHTdHzs1RRKP7ip4vvm+EyRUeE2RF0NblwVvb0p6jSVeNTOFxPn26QXN2o6SMfNxKp6kU8zQaw==
 
 body-parser@1.19.0:
   version "1.19.0"
@@ -4374,9 +4374,9 @@ electron-to-chromium@^1.3.378, electron-to-chromium@^1.3.413:
   integrity sha512-JTEOWiqCY4snuKuQAaFy0z6LK2Gdb8Lojkd/csQwpNHgMUF8I6QRjGVKk44IH46dHQhUFKzr4o6zxZrtDBjc2Q==
 
 elliptic@^6.0.0:
-  version "6.5.2"
-  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.2.tgz#05c5678d7173c049d8ca433552224a495d0e3762"
-  integrity sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==
+  version "6.5.3"
+  resolved "https://registry.yarnpkg.com/elliptic/-/elliptic-6.5.3.tgz#cb59eb2efdaf73a0bd78ccd7015a62ad6e0f93d6"
+  integrity sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==
   dependencies:
     bn.js "^4.4.0"
     brorand "^1.0.1"

restapi/admin_config_test.go

@@ -60,11 +60,11 @@ func TestListConfig(t *testing.T) {
 	function := "listConfig()"
 	// Test-1 : listConfig() get list of two configurations and ensure is output correctly
 	configListMock := []madmin.HelpKV{
-		madmin.HelpKV{
+		{
 			Key:         "region",
 			Description: "label the location of the server",
 		},
-		madmin.HelpKV{
+		{
 			Key:         "notify_nsq",
 			Description: "publish bucket notifications to NSQ endpoints",
 		},

restapi/admin_tenants.go

@@ -49,14 +49,31 @@ import (
 	"github.com/minio/console/restapi/operations"
 	"github.com/minio/console/restapi/operations/admin_api"
 	operator "github.com/minio/operator/pkg/apis/minio.min.io/v1"
+	k8sErrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	v1 "k8s.io/client-go/kubernetes/typed/core/v1"
 )
 
+const (
+	minioRegCred = "minio-regcred-secret"
+)
+
+type imageRegistry struct {
+	Auths map[string]imageRegistryCredentials `json:"auths"`
+}
+
+type imageRegistryCredentials struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+	Auth     string `json:"auth"`
+}
+
 func registerTenantHandlers(api *operations.ConsoleAPI) {
 	// Add Tenant
 	api.AdminAPICreateTenantHandler = admin_api.CreateTenantHandlerFunc(func(params admin_api.CreateTenantParams, session *models.Principal) middleware.Responder {
 		resp, err := getTenantCreatedResponse(session, params)
 		if err != nil {
+			log.Println(err)
 			return admin_api.NewCreateTenantDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String(err.Error())})
 		}
 		return admin_api.NewCreateTenantOK().WithPayload(resp)
@@ -65,6 +82,7 @@ func registerTenantHandlers(api *operations.ConsoleAPI) {
 	api.AdminAPIListAllTenantsHandler = admin_api.ListAllTenantsHandlerFunc(func(params admin_api.ListAllTenantsParams, session *models.Principal) middleware.Responder {
 		resp, err := getListAllTenantsResponse(session, params)
 		if err != nil {
+			log.Println(err)
 			return admin_api.NewListTenantsDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String(err.Error())})
 		}
 		return admin_api.NewListTenantsOK().WithPayload(resp)
@@ -74,6 +92,7 @@ func registerTenantHandlers(api *operations.ConsoleAPI) {
 	api.AdminAPIListTenantsHandler = admin_api.ListTenantsHandlerFunc(func(params admin_api.ListTenantsParams, session *models.Principal) middleware.Responder {
 		resp, err := getListTenantsResponse(session, params)
 		if err != nil {
+			log.Println(err)
 			return admin_api.NewListTenantsDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String(err.Error())})
 		}
 		return admin_api.NewListTenantsOK().WithPayload(resp)
@@ -83,6 +102,7 @@ func registerTenantHandlers(api *operations.ConsoleAPI) {
 	api.AdminAPITenantInfoHandler = admin_api.TenantInfoHandlerFunc(func(params admin_api.TenantInfoParams, session *models.Principal) middleware.Responder {
 		resp, err := getTenantInfoResponse(session, params)
 		if err != nil {
+			log.Println(err)
 			return admin_api.NewTenantInfoDefault(500).WithPayload(&models.Error{Code: 500, Message: swag.String(err.Error())})
 		}
 		return admin_api.NewTenantInfoOK().WithPayload(resp)
@@ -330,7 +350,9 @@ func getListTenantsResponse(session *models.Principal, params admin_api.ListTena
 }
 
 func getTenantCreatedResponse(session *models.Principal, params admin_api.CreateTenantParams) (*models.CreateTenantResponse, error) {
-	minioImage := params.Body.Image
+	tenantReq := params.Body
+	minioImage := tenantReq.Image
+	ctx := context.Background()
 
 	if minioImage == "" {
 		minImg, err := cluster.GetMinioImage()
@@ -345,20 +367,20 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		return nil, err
 	}
 
-	ns := *params.Body.Namespace
+	ns := *tenantReq.Namespace
 
 	// if access/secret are provided, use them, else create a random pair
 	accessKey := RandomCharString(16)
 	secretKey := RandomCharString(32)
 
-	if params.Body.AccessKey != "" {
-		accessKey = params.Body.AccessKey
+	if tenantReq.AccessKey != "" {
+		accessKey = tenantReq.AccessKey
 	}
-	if params.Body.SecretKey != "" {
-		secretKey = params.Body.SecretKey
+	if tenantReq.SecretKey != "" {
+		secretKey = tenantReq.SecretKey
 	}
 
-	secretName := fmt.Sprintf("%s-secret", *params.Body.Name)
+	secretName := fmt.Sprintf("%s-secret", *tenantReq.Name)
 	imm := true
 
 	instanceSecret := corev1.Secret{
@@ -372,15 +394,27 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		},
 	}
 
-	_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
+	_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &instanceSecret, metav1.CreateOptions{})
 	if err != nil {
 		return nil, err
 	}
 
+	var envrionmentVariables []corev1.EnvVar
+	// Check the Erasure Coding Parity for validity and pass it to Tenant
+	if tenantReq.ErasureCodingParity > 0 {
+		if tenantReq.ErasureCodingParity < 2 && tenantReq.ErasureCodingParity > 8 {
+			return nil, errors.New("invalid Erasure Coding Value")
+		}
+		envrionmentVariables = append(envrionmentVariables, corev1.EnvVar{
+			Name:  "MINIO_STORAGE_CLASS_STANDARD",
+			Value: fmt.Sprintf("%d", tenantReq.ErasureCodingParity),
+		})
+	}
+
 	//Construct a MinIO Instance with everything we are getting from parameters
 	minInst := operator.Tenant{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: *params.Body.Name,
+			Name: *tenantReq.Name,
 		},
 		Spec: operator.TenantSpec{
 			Image:     minioImage,
@@ -388,30 +422,81 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			CredsSecret: &corev1.LocalObjectReference{
 				Name: secretName,
 			},
-			Env: []corev1.EnvVar{},
+			Env: envrionmentVariables,
 		},
 	}
+	idpEnabled := false
+	// Enable IDP (Active Directory) for MinIO
+	if tenantReq.Idp != nil && tenantReq.Idp.ActiveDirectory != nil {
+		url := *tenantReq.Idp.ActiveDirectory.URL
+		userNameFormat := *tenantReq.Idp.ActiveDirectory.UsernameFormat
+		userSearchFilter := *tenantReq.Idp.ActiveDirectory.UserSearchFilter
+		tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipSslVerification
+		serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure
+		groupSearchDN := tenantReq.Idp.ActiveDirectory.GroupSearchBaseDn
+		groupSearchFilter := tenantReq.Idp.ActiveDirectory.GroupSearchFilter
+		groupNameAttribute := tenantReq.Idp.ActiveDirectory.GroupNameAttribute
+		if url != "" && userNameFormat != "" && userSearchFilter != "" {
+			// CONSOLE_LDAP_ENABLED
+			idpEnabled = true
+			minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_SERVER_ADDR",
+				Value: userNameFormat,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_USERNAME_FORMAT",
+				Value: userNameFormat,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER",
+				Value: userSearchFilter,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER",
+				Value: userSearchFilter,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN",
+				Value: groupSearchDN,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER",
+				Value: groupSearchFilter,
+			}, corev1.EnvVar{
+				Name:  "MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE",
+				Value: groupNameAttribute,
+			})
+
+			if tlsSkipVerify {
+				minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
+					Name:  "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY",
+					Value: "on",
+				})
+			}
+			if serverInsecure {
+				minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
+					Name:  "MINIO_IDENTITY_LDAP_SERVER_INSECURE",
+					Value: "on",
+				})
+			}
+		}
+	}
 
 	// operator request AutoCert feature
 	encryption := false
-	if params.Body.EnableSsl != nil {
+	if tenantReq.EnableSsl != nil {
 		encryption = true
-		minInst.Spec.RequestAutoCert = *params.Body.EnableSsl
+		minInst.Spec.RequestAutoCert = *tenantReq.EnableSsl
 	}
 
 	// User provided TLS certificates (this will take priority over autoCert)
-	if params.Body.TLS != nil && params.Body.TLS.Crt != nil && params.Body.TLS.Key != nil {
+	if tenantReq.TLS != nil && tenantReq.TLS.Crt != nil && tenantReq.TLS.Key != nil {
 		encryption = true
 		externalTLSCertificateSecretName := fmt.Sprintf("%s-instance-external-certificates", secretName)
 		// disable autoCert
 		minInst.Spec.RequestAutoCert = false
 
-		tlsCrt, err := base64.StdEncoding.DecodeString(*params.Body.TLS.Crt)
+		tlsCrt, err := base64.StdEncoding.DecodeString(*tenantReq.TLS.Crt)
 		if err != nil {
 			return nil, err
 		}
 
-		tlsKey, err := base64.StdEncoding.DecodeString(*params.Body.TLS.Key)
+		tlsKey, err := base64.StdEncoding.DecodeString(*tenantReq.TLS.Key)
 		if err != nil {
 			return nil, err
 		}
@@ -427,7 +512,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 				"tls.key": tlsKey,
 			},
 		}
-		_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &externalTLSCertificateSecret, metav1.CreateOptions{})
+		_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &externalTLSCertificateSecret, metav1.CreateOptions{})
 		if err != nil {
 			return nil, err
 		}
@@ -438,19 +523,19 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		}
 	}
 
-	if params.Body.Encryption != nil && encryption {
+	if tenantReq.Encryption != nil && encryption {
 		// Enable auto encryption
 		minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
 			Name:  "MINIO_KMS_AUTO_ENCRYPTION",
 			Value: "on",
 		})
 
-		if params.Body.Encryption.MasterKey != "" {
+		if tenantReq.Encryption.MasterKey != "" {
 			// Configure MinIO to use MINIO_KMS_MASTER_KEY legacy key
 			// https://docs.min.io/docs/minio-vault-legacy.html
 			minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
 				Name:  "MINIO_KMS_MASTER_KEY",
-				Value: params.Body.Encryption.MasterKey,
+				Value: tenantReq.Encryption.MasterKey,
 			})
 		} else {
 			// KES configuration for Tenant instance
@@ -460,15 +545,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 				Metadata: nil,
 			}
 			// Using custom image for KES
-			if params.Body.Encryption.Image != "" {
-				minInst.Spec.KES.Image = params.Body.Encryption.Image
+			if tenantReq.Encryption.Image != "" {
+				minInst.Spec.KES.Image = tenantReq.Encryption.Image
 			}
 			// Secret to store KES server TLS certificates
-			serverTLSCrt, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Server.Crt)
+			// TODO check if AutoCert it's already configured
+			serverTLSCrt, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Server.Crt)
 			if err != nil {
 				return nil, err
 			}
-			serverTLSKey, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Server.Key)
+			serverTLSKey, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Server.Key)
 			if err != nil {
 				return nil, err
 			}
@@ -484,7 +570,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 					"tls.key": serverTLSKey,
 				},
 			}
-			_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &kesExternalCertificateSecret, metav1.CreateOptions{})
+			_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &kesExternalCertificateSecret, metav1.CreateOptions{})
 			if err != nil {
 				return nil, err
 			}
@@ -495,11 +581,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			}
 
 			// Secret to store KES clients TLS certificates (mTLS authentication)
-			clientTLSCrt, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Client.Crt)
+			clientTLSCrt, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Client.Crt)
 			if err != nil {
 				return nil, err
 			}
-			clientTLSKey, err := base64.StdEncoding.DecodeString(*params.Body.Encryption.Client.Key)
+			clientTLSKey, err := base64.StdEncoding.DecodeString(*tenantReq.Encryption.Client.Key)
 			if err != nil {
 				return nil, err
 			}
@@ -515,7 +601,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 					"tls.key": clientTLSKey,
 				},
 			}
-			_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceExternalClientCertificateSecret, metav1.CreateOptions{})
+			_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &instanceExternalClientCertificateSecret, metav1.CreateOptions{})
 			if err != nil {
 				return nil, err
 			}
@@ -565,66 +651,66 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 				Keys: kes.Keys{},
 			}
 			// if encryption is enabled and encryption is configured to use Vault
-			if params.Body.Encryption.Vault != nil {
+			if tenantReq.Encryption.Vault != nil {
 				// Initialize Vault Config
 				kesConfig.Keys.Vault = &kes.Vault{
-					Endpoint:   *params.Body.Encryption.Vault.Endpoint,
-					EnginePath: params.Body.Encryption.Vault.Engine,
-					Namespace:  params.Body.Encryption.Vault.Namespace,
-					Prefix:     params.Body.Encryption.Vault.Prefix,
+					Endpoint:   *tenantReq.Encryption.Vault.Endpoint,
+					EnginePath: tenantReq.Encryption.Vault.Engine,
+					Namespace:  tenantReq.Encryption.Vault.Namespace,
+					Prefix:     tenantReq.Encryption.Vault.Prefix,
 					Status: &kes.VaultStatus{
 						Ping: 10 * time.Second,
 					},
 				}
 				// Vault AppRole credentials
-				if params.Body.Encryption.Vault.Approle != nil {
+				if tenantReq.Encryption.Vault.Approle != nil {
 					kesConfig.Keys.Vault.AppRole = &kes.AppRole{
-						EnginePath: params.Body.Encryption.Vault.Approle.Engine,
-						ID:         *params.Body.Encryption.Vault.Approle.ID,
-						Secret:     *params.Body.Encryption.Vault.Approle.Secret,
+						EnginePath: tenantReq.Encryption.Vault.Approle.Engine,
+						ID:         *tenantReq.Encryption.Vault.Approle.ID,
+						Secret:     *tenantReq.Encryption.Vault.Approle.Secret,
 						Retry:      15 * time.Second,
 					}
 				} else {
 					return nil, errors.New("approle credentials missing for kes")
 				}
-			} else if params.Body.Encryption.Aws != nil {
+			} else if tenantReq.Encryption.Aws != nil {
 				// Initialize AWS
 				kesConfig.Keys.Aws = &kes.Aws{
 					SecretsManager: &kes.AwsSecretManager{},
 				}
 				// AWS basic configuration
-				if params.Body.Encryption.Aws.Secretsmanager != nil {
-					kesConfig.Keys.Aws.SecretsManager.Endpoint = *params.Body.Encryption.Aws.Secretsmanager.Endpoint
-					kesConfig.Keys.Aws.SecretsManager.Region = *params.Body.Encryption.Aws.Secretsmanager.Region
-					kesConfig.Keys.Aws.SecretsManager.KmsKey = params.Body.Encryption.Aws.Secretsmanager.Kmskey
+				if tenantReq.Encryption.Aws.Secretsmanager != nil {
+					kesConfig.Keys.Aws.SecretsManager.Endpoint = *tenantReq.Encryption.Aws.Secretsmanager.Endpoint
+					kesConfig.Keys.Aws.SecretsManager.Region = *tenantReq.Encryption.Aws.Secretsmanager.Region
+					kesConfig.Keys.Aws.SecretsManager.KmsKey = tenantReq.Encryption.Aws.Secretsmanager.Kmskey
 					// AWS credentials
-					if params.Body.Encryption.Aws.Secretsmanager.Credentials != nil {
+					if tenantReq.Encryption.Aws.Secretsmanager.Credentials != nil {
 						kesConfig.Keys.Aws.SecretsManager.Login = &kes.AwsSecretManagerLogin{
-							AccessKey:    *params.Body.Encryption.Aws.Secretsmanager.Credentials.Accesskey,
-							SecretKey:    *params.Body.Encryption.Aws.Secretsmanager.Credentials.Secretkey,
-							SessionToken: params.Body.Encryption.Aws.Secretsmanager.Credentials.Token,
+							AccessKey:    *tenantReq.Encryption.Aws.Secretsmanager.Credentials.Accesskey,
+							SecretKey:    *tenantReq.Encryption.Aws.Secretsmanager.Credentials.Secretkey,
+							SessionToken: tenantReq.Encryption.Aws.Secretsmanager.Credentials.Token,
 						}
 					}
 				}
-			} else if params.Body.Encryption.Gemalto != nil {
+			} else if tenantReq.Encryption.Gemalto != nil {
 				// Initialize Gemalto
 				kesConfig.Keys.Gemalto = &kes.Gemalto{
 					KeySecure: &kes.GemaltoKeySecure{},
 				}
 				// Gemalto Configuration
-				if params.Body.Encryption.Gemalto.Keysecure != nil {
-					kesConfig.Keys.Gemalto.KeySecure.Endpoint = *params.Body.Encryption.Gemalto.Keysecure.Endpoint
+				if tenantReq.Encryption.Gemalto.Keysecure != nil {
+					kesConfig.Keys.Gemalto.KeySecure.Endpoint = *tenantReq.Encryption.Gemalto.Keysecure.Endpoint
 					// Gemalto TLS configuration
-					if params.Body.Encryption.Gemalto.Keysecure.TLS != nil {
+					if tenantReq.Encryption.Gemalto.Keysecure.TLS != nil {
 						kesConfig.Keys.Gemalto.KeySecure.TLS = &kes.GemaltoTLS{
-							CAPath: *params.Body.Encryption.Gemalto.Keysecure.TLS.Ca,
+							CAPath: *tenantReq.Encryption.Gemalto.Keysecure.TLS.Ca,
 						}
 					}
 					// Gemalto Login
-					if params.Body.Encryption.Gemalto.Keysecure.Credentials != nil {
+					if tenantReq.Encryption.Gemalto.Keysecure.Credentials != nil {
 						kesConfig.Keys.Gemalto.KeySecure.Credentials = &kes.GemaltoCredentials{
-							Token:  *params.Body.Encryption.Gemalto.Keysecure.Credentials.Token,
-							Domain: *params.Body.Encryption.Gemalto.Keysecure.Credentials.Domain,
+							Token:  *tenantReq.Encryption.Gemalto.Keysecure.Credentials.Token,
+							Domain: *tenantReq.Encryption.Gemalto.Keysecure.Credentials.Domain,
 							Retry:  15 * time.Second,
 						}
 					}
@@ -646,7 +732,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 					"server-config.yaml": serverConfigYaml,
 				},
 			}
-			_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &kesConfigurationSecret, metav1.CreateOptions{})
+			_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &kesConfigurationSecret, metav1.CreateOptions{})
 			if err != nil {
 				return nil, err
 			}
@@ -662,12 +748,12 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	var consoleSecret string
 
 	enableConsole := true
-	if params.Body.EnableConsole != nil {
-		enableConsole = *params.Body.EnableConsole
+	if tenantReq.EnableConsole != nil {
+		enableConsole = *tenantReq.EnableConsole
 	}
 
 	if enableConsole {
-		consoleSelector := fmt.Sprintf("%s-console", *params.Body.Name)
+		consoleSelector := fmt.Sprintf("%s-console", *tenantReq.Name)
 		consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
 		consoleAccess = RandomCharString(16)
 		consoleSecret = RandomCharString(32)
@@ -685,26 +771,62 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 				"CONSOLE_SECRET_KEY":       []byte(consoleSecret),
 			},
 		}
-		_, err = clientset.CoreV1().Secrets(ns).Create(context.Background(), &instanceSecret, metav1.CreateOptions{})
+
+		// Enable IDP (Open ID Connect) for console
+		if !idpEnabled && tenantReq.Idp != nil && tenantReq.Idp.Oidc != nil {
+			url := *tenantReq.Idp.Oidc.URL
+			clientID := *tenantReq.Idp.Oidc.ClientID
+			secretID := *tenantReq.Idp.Oidc.SecretID
+			if url != "" && clientID != "" && secretID != "" {
+				instanceSecret.Data["CONSOLE_IDP_URL"] = []byte(url)
+				instanceSecret.Data["CONSOLE_IDP_CLIENT_ID"] = []byte(clientID)
+				instanceSecret.Data["CONSOLE_IDP_SECRET"] = []byte(secretID)
+				consoleScheme := "http"
+				consolePort := 9090
+				if minInst.Spec.RequestAutoCert {
+					consoleScheme = "https"
+					consolePort = 9443
+				}
+				// https://[HOSTNAME]:9443 will be replaced by javascript in the browser to use the actual hostname
+				// assigned to Console, eg: https://localhost:9443
+				instanceSecret.Data["CONSOLE_IDP_CALLBACK"] = []byte(fmt.Sprintf("%s://[HOSTNAME]:%d/oauth_callback", consoleScheme, consolePort))
+			}
+		}
+
+		_, err = clientset.CoreV1().Secrets(ns).Create(ctx, &instanceSecret, metav1.CreateOptions{})
 		if err != nil {
 			return nil, err
 		}
 
-		const consoleVersion = "minio/console:v0.3.4"
+		const consoleVersion = "minio/console:v0.3.8"
 		minInst.Spec.Console = &operator.ConsoleConfiguration{
 			Replicas:      2,
 			Image:         consoleVersion,
 			ConsoleSecret: &corev1.LocalObjectReference{Name: consoleSecretName},
+			Resources: corev1.ResourceRequirements{
+				Requests: map[corev1.ResourceName]resource.Quantity{
+					"memory": resource.MustParse("64Mi"),
+				},
+			},
 		}
 	}
 
 	// set the service name if provided
-	if params.Body.ServiceName != "" {
-		minInst.Spec.ServiceName = params.Body.ServiceName
+	if tenantReq.ServiceName != "" {
+		minInst.Spec.ServiceName = tenantReq.ServiceName
+	}
+	// add annotations
+	var annotations map[string]string
+	if len(tenantReq.Annotations) > 0 {
+		if minInst.Spec.Metadata == nil {
+			minInst.Spec.Metadata = &metav1.ObjectMeta{}
+		}
+		annotations = tenantReq.Annotations
+		minInst.Spec.Metadata.Annotations = annotations
 	}
 	// set the zones if they are provided
-	for _, zone := range params.Body.Zones {
-		zone, err := parseTenantZoneRequest(zone)
+	for _, zone := range tenantReq.Zones {
+		zone, err := parseTenantZoneRequest(zone, annotations)
 		if err != nil {
 			return nil, err
 		}
@@ -712,15 +834,17 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	}
 
 	// Set Mount Path if provided
-	if params.Body.MounthPath != "" {
-		minInst.Spec.Mountpath = params.Body.MounthPath
+	if tenantReq.MounthPath != "" {
+		minInst.Spec.Mountpath = tenantReq.MounthPath
 	}
-	// add annotations
-	if len(params.Body.Annotations) > 0 {
-		if minInst.Spec.Metadata == nil {
-			minInst.Spec.Metadata = &metav1.ObjectMeta{}
-		}
-		minInst.Spec.Metadata.Annotations = params.Body.Annotations
+
+	if err := setImageRegistry(ctx, tenantReq.ImageRegistry, clientset.CoreV1(), ns); err != nil {
+		log.Println("error setting image registry secret:", err)
+		return nil, err
+	}
+
+	minInst.Spec.ImagePullSecret = corev1.LocalObjectReference{
+		Name: minioRegCred,
 	}
 
 	opClient, err := cluster.OperatorClient(session.SessionToken)
@@ -735,7 +859,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 
 	// Integratrions
 	if os.Getenv("GKE_INTEGRATION") != "" {
-		err := gkeIntegration(clientset, *params.Body.Name, ns, session.SessionToken)
+		err := gkeIntegration(clientset, *tenantReq.Name, ns, session.SessionToken)
 		if err != nil {
 			return nil, err
 		}
@@ -746,24 +870,84 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	}
 	// Attach Console Credentials
 	if enableConsole {
-		response.Console = &models.CreateTenantResponseConsole{}
-		response.Console.AccessKey = consoleAccess
-		response.Console.SecretKey = consoleSecret
+		response.Console = &models.CreateTenantResponseConsole{
+			AccessKey: consoleAccess,
+			SecretKey: consoleSecret,
+		}
 	}
 	return response, nil
 }
 
+func setImageRegistry(ctx context.Context, req *models.ImageRegistry, clientset v1.CoreV1Interface, namespace string) error {
+	if req == nil || req.Registry == nil || req.Username == nil || req.Password == nil {
+		return nil
+	}
+
+	credentials := make(map[string]imageRegistryCredentials)
+	// username:password encoded
+	authData := []byte(fmt.Sprintf("%s:%s", *req.Username, *req.Password))
+	authStr := base64.StdEncoding.EncodeToString(authData)
+
+	credentials[*req.Registry] = imageRegistryCredentials{
+		Username: *req.Username,
+		Password: *req.Password,
+		Auth:     authStr,
+	}
+	imRegistry := imageRegistry{
+		Auths: credentials,
+	}
+	imRegistryJSON, err := json.Marshal(imRegistry)
+	if err != nil {
+		return err
+	}
+
+	instanceSecret := corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: minioRegCred,
+		},
+		Data: map[string][]byte{
+			corev1.DockerConfigJsonKey: []byte(string(imRegistryJSON)),
+		},
+		Type: corev1.SecretTypeDockerConfigJson,
+	}
+
+	// Get or Create secret if it doesn't exist
+	_, err = clientset.Secrets(namespace).Get(ctx, minioRegCred, metav1.GetOptions{})
+	if err != nil {
+		if k8sErrors.IsNotFound(err) {
+			_, err = clientset.Secrets(namespace).Create(ctx, &instanceSecret, metav1.CreateOptions{})
+			if err != nil {
+				return err
+			}
+			return nil
+		}
+		return err
+	}
+	_, err = clientset.Secrets(namespace).Update(ctx, &instanceSecret, metav1.UpdateOptions{})
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 // updateTenantAction does an update on the minioTenant by patching the desired changes
-func updateTenantAction(ctx context.Context, operatorClient OperatorClient, httpCl cluster.HTTPClientI, nameSpace string, params admin_api.UpdateTenantParams) error {
+func updateTenantAction(ctx context.Context, operatorClient OperatorClient, clientset v1.CoreV1Interface, httpCl cluster.HTTPClientI, namespace string, params admin_api.UpdateTenantParams) error {
 	imageToUpdate := params.Body.Image
-	minInst, err := operatorClient.TenantGet(ctx, nameSpace, params.Tenant, metav1.GetOptions{})
+	imageRegistryReq := params.Body.ImageRegistry
+
+	if err := setImageRegistry(ctx, imageRegistryReq, clientset, namespace); err != nil {
+		log.Println("error setting image registry secret:", err)
+		return err
+	}
+
+	minInst, err := operatorClient.TenantGet(ctx, namespace, params.Tenant, metav1.GetOptions{})
 	if err != nil {
 		return err
 	}
 
 	// if image to update is empty we'll use the latest image by default
 	if strings.TrimSpace(imageToUpdate) != "" {
-		minInst.Spec.Image = params.Body.Image
+		minInst.Spec.Image = imageToUpdate
 	} else {
 		im, err := cluster.GetLatestMinioImage(httpCl)
 		if err != nil {
@@ -776,7 +960,7 @@ func updateTenantAction(ctx context.Context, operatorClient OperatorClient, http
 	if err != nil {
 		return err
 	}
-	_, err = operatorClient.TenantPatch(ctx, nameSpace, minInst.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{})
+	_, err = operatorClient.TenantPatch(ctx, namespace, minInst.Name, types.MergePatchType, payloadBytes, metav1.PatchOptions{})
 	if err != nil {
 		return err
 	}
@@ -790,6 +974,11 @@ func getUpdateTenantResponse(session *models.Principal, params admin_api.UpdateT
 		log.Println("error getting operator client:", err)
 		return err
 	}
+	// get Kubernetes Client
+	clientset, err := cluster.K8sClient(session.SessionToken)
+	if err != nil {
+		return err
+	}
 
 	opClient := &operatorClient{
 		client: opClientClientSet,
@@ -799,7 +988,8 @@ func getUpdateTenantResponse(session *models.Principal, params admin_api.UpdateT
 			Timeout: 4 * time.Second,
 		},
 	}
-	if err := updateTenantAction(ctx, opClient, httpC, params.Namespace, params); err != nil {
+
+	if err := updateTenantAction(ctx, opClient, clientset.CoreV1(), httpC, params.Namespace, params); err != nil {
 		log.Println("error patching Tenant:", err)
 		return err
 	}
@@ -814,7 +1004,7 @@ func addTenantZone(ctx context.Context, operatorClient OperatorClient, params ad
 	}
 
 	zoneParams := params.Body
-	zone, err := parseTenantZoneRequest(zoneParams)
+	zone, err := parseTenantZoneRequest(zoneParams, tenant.ObjectMeta.Annotations)
 	if err != nil {
 		return err
 	}
@@ -856,6 +1046,7 @@ func getTenantUsageResponse(session *models.Principal, params admin_api.GetTenan
 
 	opClientClientSet, err := cluster.OperatorClient(session.SessionToken)
 	if err != nil {
+		log.Println("error operator client", err)
 		return nil, err
 	}
 	clientset, err := cluster.K8sClient(session.SessionToken)
@@ -906,13 +1097,13 @@ func getTenantUsageResponse(session *models.Principal, params admin_api.GetTenan
 		log.Println("error getting admin info:", err)
 		return nil, err
 	}
-	info := &models.TenantUsage{UsedSize: adminInfo.Usage}
+	info := &models.TenantUsage{Used: adminInfo.Usage, DiskUsed: adminInfo.DisksUsage}
 	return info, nil
 }
 
 // parseTenantZoneRequest parse zone request and returns the equivalent
 // operator.Zone object
-func parseTenantZoneRequest(zoneParams *models.Zone) (*operator.Zone, error) {
+func parseTenantZoneRequest(zoneParams *models.Zone, annotations map[string]string) (*operator.Zone, error) {
 	if zoneParams.VolumeConfiguration == nil {
 		return nil, errors.New("a volume configuration must be specified")
 	}
@@ -1052,16 +1243,22 @@ func parseTenantZoneRequest(zoneParams *models.Zone) (*operator.Zone, error) {
 		tolerations = append(tolerations, toleration)
 	}
 
-	zone := &operator.Zone{
-		Name:             zoneParams.Name,
-		Servers:          int32(*zoneParams.Servers),
-		VolumesPerServer: *zoneParams.VolumesPerServer,
-		VolumeClaimTemplate: &corev1.PersistentVolumeClaim{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: "data",
-			},
-			Spec: volTemp,
+	// Pass annotations to the volume
+	vct := &corev1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "data",
 		},
+		Spec: volTemp,
+	}
+	if len(annotations) > 0 {
+		vct.ObjectMeta.Annotations = annotations
+	}
+
+	zone := &operator.Zone{
+		Name:                zoneParams.Name,
+		Servers:             int32(*zoneParams.Servers),
+		VolumesPerServer:    *zoneParams.VolumesPerServer,
+		VolumeClaimTemplate: vct,
 		Resources: corev1.ResourceRequirements{
 			Requests: resourcesRequests,
 			Limits:   resourcesLimits,

restapi/admin_tenants_test.go

@@ -35,7 +35,9 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 	types "k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes/fake"
 )
 
 var opClientTenantDeleteMock func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error
@@ -573,6 +575,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 	tests := []struct {
 		name    string
 		args    args
+		objs    []runtime.Object
 		wantErr bool
 	}{
 		{
@@ -708,8 +711,9 @@ func Test_UpdateTenantAction(t *testing.T) {
 		opClientTenantGetMock = tt.args.mockTenantGet
 		opClientTenantPatchMock = tt.args.mockTenantPatch
 		httpClientGetMock = tt.args.mockHTTPClientGet
+		cnsClient := fake.NewSimpleClientset(tt.objs...)
 		t.Run(tt.name, func(t *testing.T) {
-			if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
+			if err := updateTenantAction(tt.args.ctx, tt.args.operatorClient, cnsClient.CoreV1(), tt.args.httpCl, tt.args.nameSpace, tt.args.params); (err != nil) != tt.wantErr {
 				t.Errorf("deleteTenantAction() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})

restapi/admin_users_test.go

@@ -67,13 +67,13 @@ func TestListUsers(t *testing.T) {
 	// Test-1 : listUsers() Get response from minio client with two users and return the same number on listUsers()
 	// mock minIO client
 	mockUserMap := map[string]madmin.UserInfo{
-		"ABCDEFGHI": madmin.UserInfo{
+		"ABCDEFGHI": {
 			SecretKey:  "",
 			PolicyName: "ABCDEFGHI-policy",
 			Status:     "enabled",
 			MemberOf:   []string{"group1", "group2"},
 		},
-		"ZBCDEFGHI": madmin.UserInfo{
+		"ZBCDEFGHI": {
 			SecretKey:  "",
 			PolicyName: "ZBCDEFGHI-policy",
 			Status:     "enabled",

restapi/client-admin.go

@@ -33,8 +33,13 @@ import (
 
 const globalAppName = "console"
 
-// NewAdminClient gives a new client interface
+// NewAdminClient gives a new madmin client interface
 func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *probe.Error) {
+	return NewAdminClientWithInsecure(url, accessKey, secretKey, false)
+}
+
+// NewAdminClientWithInsecure gives a new madmin client interface either secure or insecure based on parameter
+func NewAdminClientWithInsecure(url, accessKey, secretKey string, insecure bool) (*madmin.AdminClient, *probe.Error) {
 	appName := filepath.Base(globalAppName)
 
 	s3Client, err := s3AdminNew(&mcCmd.Config{
@@ -44,7 +49,7 @@ func NewAdminClient(url, accessKey, secretKey string) (*madmin.AdminClient, *pro
 		AppName:     appName,
 		AppVersion:  ConsoleVersion,
 		AppComments: []string{appName, runtime.GOOS, runtime.GOARCH},
-		Insecure:    false,
+		Insecure:    insecure,
 	})
 	if err != nil {
 		return nil, err.Trace(url)

restapi/embedded_spec.go

@@ -2036,9 +2036,19 @@ func init() {
           "type": "object",
           "$ref": "#/definitions/encryptionConfiguration"
         },
+        "erasureCodingParity": {
+          "type": "integer"
+        },
+        "idp": {
+          "type": "object",
+          "$ref": "#/definitions/idpConfiguration"
+        },
         "image": {
           "type": "string"
         },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
+        },
         "mounth_path": {
           "type": "string"
         },
@@ -2227,6 +2237,83 @@ func init() {
         }
       }
     },
+    "idpConfiguration": {
+      "type": "object",
+      "properties": {
+        "active_directory": {
+          "type": "object",
+          "required": [
+            "url",
+            "username_format",
+            "user_search_filter"
+          ],
+          "properties": {
+            "group_name_attribute": {
+              "type": "string"
+            },
+            "group_search_base_dn": {
+              "type": "string"
+            },
+            "group_search_filter": {
+              "type": "string"
+            },
+            "server_insecure": {
+              "type": "boolean"
+            },
+            "skip_ssl_verification": {
+              "type": "boolean"
+            },
+            "url": {
+              "type": "string"
+            },
+            "user_search_filter": {
+              "type": "string"
+            },
+            "username_format": {
+              "type": "string"
+            }
+          }
+        },
+        "oidc": {
+          "type": "object",
+          "required": [
+            "url",
+            "client_id",
+            "secret_id"
+          ],
+          "properties": {
+            "client_id": {
+              "type": "string"
+            },
+            "secret_id": {
+              "type": "string"
+            },
+            "url": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
+    "imageRegistry": {
+      "type": "object",
+      "required": [
+        "registry",
+        "username",
+        "password"
+      ],
+      "properties": {
+        "password": {
+          "type": "string"
+        },
+        "registry": {
+          "type": "string"
+        },
+        "username": {
+          "type": "string"
+        }
+      }
+    },
     "listBucketEventsResponse": {
       "type": "object",
       "properties": {
@@ -2938,7 +3025,11 @@ func init() {
     "tenantUsage": {
       "type": "object",
       "properties": {
-        "used_size": {
+        "disk_used": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "used": {
           "type": "integer",
           "format": "int64"
         }
@@ -2983,6 +3074,9 @@ func init() {
         "image": {
           "type": "string",
           "pattern": "^((.*?)/(.*?):(.+))$"
+        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
         }
       }
     },
@@ -5244,6 +5338,59 @@ func init() {
         }
       }
     },
+    "IdpConfigurationActiveDirectory": {
+      "type": "object",
+      "required": [
+        "url",
+        "username_format",
+        "user_search_filter"
+      ],
+      "properties": {
+        "group_name_attribute": {
+          "type": "string"
+        },
+        "group_search_base_dn": {
+          "type": "string"
+        },
+        "group_search_filter": {
+          "type": "string"
+        },
+        "server_insecure": {
+          "type": "boolean"
+        },
+        "skip_ssl_verification": {
+          "type": "boolean"
+        },
+        "url": {
+          "type": "string"
+        },
+        "user_search_filter": {
+          "type": "string"
+        },
+        "username_format": {
+          "type": "string"
+        }
+      }
+    },
+    "IdpConfigurationOidc": {
+      "type": "object",
+      "required": [
+        "url",
+        "client_id",
+        "secret_id"
+      ],
+      "properties": {
+        "client_id": {
+          "type": "string"
+        },
+        "secret_id": {
+          "type": "string"
+        },
+        "url": {
+          "type": "string"
+        }
+      }
+    },
     "NodeSelectorTermMatchExpressionsItems0": {
       "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.",
       "type": "object",
@@ -5808,9 +5955,19 @@ func init() {
           "type": "object",
           "$ref": "#/definitions/encryptionConfiguration"
         },
+        "erasureCodingParity": {
+          "type": "integer"
+        },
+        "idp": {
+          "type": "object",
+          "$ref": "#/definitions/idpConfiguration"
+        },
         "image": {
           "type": "string"
         },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
+        },
         "mounth_path": {
           "type": "string"
         },
@@ -5999,6 +6156,83 @@ func init() {
         }
       }
     },
+    "idpConfiguration": {
+      "type": "object",
+      "properties": {
+        "active_directory": {
+          "type": "object",
+          "required": [
+            "url",
+            "username_format",
+            "user_search_filter"
+          ],
+          "properties": {
+            "group_name_attribute": {
+              "type": "string"
+            },
+            "group_search_base_dn": {
+              "type": "string"
+            },
+            "group_search_filter": {
+              "type": "string"
+            },
+            "server_insecure": {
+              "type": "boolean"
+            },
+            "skip_ssl_verification": {
+              "type": "boolean"
+            },
+            "url": {
+              "type": "string"
+            },
+            "user_search_filter": {
+              "type": "string"
+            },
+            "username_format": {
+              "type": "string"
+            }
+          }
+        },
+        "oidc": {
+          "type": "object",
+          "required": [
+            "url",
+            "client_id",
+            "secret_id"
+          ],
+          "properties": {
+            "client_id": {
+              "type": "string"
+            },
+            "secret_id": {
+              "type": "string"
+            },
+            "url": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
+    "imageRegistry": {
+      "type": "object",
+      "required": [
+        "registry",
+        "username",
+        "password"
+      ],
+      "properties": {
+        "password": {
+          "type": "string"
+        },
+        "registry": {
+          "type": "string"
+        },
+        "username": {
+          "type": "string"
+        }
+      }
+    },
     "listBucketEventsResponse": {
       "type": "object",
       "properties": {
@@ -6644,7 +6878,11 @@ func init() {
     "tenantUsage": {
       "type": "object",
       "properties": {
-        "used_size": {
+        "disk_used": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "used": {
           "type": "integer",
           "format": "int64"
         }
@@ -6689,6 +6927,9 @@ func init() {
         "image": {
           "type": "string",
           "pattern": "^((.*?)/(.*?):(.+))$"
+        },
+        "image_registry": {
+          "$ref": "#/definitions/imageRegistry"
         }
       }
     },

restapi/resource_quota_test.go

@@ -66,12 +66,12 @@ func Test_ResourceQuota(t *testing.T) {
 			want: models.ResourceQuota{
 				Name: mockRQResponse.Name,
 				Elements: []*models.ResourceQuotaElement{
-					&models.ResourceQuotaElement{
+					{
 						Name: "storage",
 						Hard: int64(1000),
 						Used: int64(500),
 					},
-					&models.ResourceQuotaElement{
+					{
 						Name: "cpu",
 						Hard: int64(2048),
 						Used: int64(1024),

restapi/user_buckets_events_test.go

@@ -148,7 +148,7 @@ func TestListBucketEvents(t *testing.T) {
 		LambdaConfigs: []notification.LambdaConfig{},
 		TopicConfigs:  []notification.TopicConfig{},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -160,11 +160,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".jpg",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "file/",
 								},
@@ -176,7 +176,7 @@ func TestListBucketEvents(t *testing.T) {
 		},
 	}
 	expectedOutput := []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "file/",
@@ -213,7 +213,7 @@ func TestListBucketEvents(t *testing.T) {
 		LambdaConfigs: []notification.LambdaConfig{},
 		TopicConfigs:  []notification.TopicConfig{},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -225,7 +225,7 @@ func TestListBucketEvents(t *testing.T) {
 		},
 	}
 	expectedOutput = []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "",
@@ -258,7 +258,7 @@ func TestListBucketEvents(t *testing.T) {
 	////// Test-3 : listBucketEvents() get list of events
 	mockBucketN = notification.Configuration{
 		LambdaConfigs: []notification.LambdaConfig{
-			notification.LambdaConfig{
+			{
 				Lambda: "lambda",
 				Config: notification.Config{
 					ID: "",
@@ -268,11 +268,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".png",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "lambda/",
 								},
@@ -283,7 +283,7 @@ func TestListBucketEvents(t *testing.T) {
 			},
 		},
 		TopicConfigs: []notification.TopicConfig{
-			notification.TopicConfig{
+			{
 				Topic: "topic",
 				Config: notification.Config{
 					ID: "",
@@ -293,11 +293,11 @@ func TestListBucketEvents(t *testing.T) {
 					Filter: &notification.Filter{
 						S3Key: notification.S3Key{
 							FilterRules: []notification.FilterRule{
-								notification.FilterRule{
+								{
 									Name:  "suffix",
 									Value: ".gif",
 								},
-								notification.FilterRule{
+								{
 									Name:  "prefix",
 									Value: "topic/",
 								},
@@ -308,7 +308,7 @@ func TestListBucketEvents(t *testing.T) {
 			},
 		},
 		QueueConfigs: []notification.QueueConfig{
-			notification.QueueConfig{
+			{
 				Queue: "arn:minio:sqs::test:postgresql",
 				Config: notification.Config{
 					ID: "",
@@ -326,7 +326,7 @@ func TestListBucketEvents(t *testing.T) {
 	}
 	// order matters in output: topic,queue then lambda are given respectively
 	expectedOutput = []*models.NotificationConfig{
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("topic"),
 			ID:     "",
 			Prefix: "topic/",
@@ -335,7 +335,7 @@ func TestListBucketEvents(t *testing.T) {
 				models.NotificationEventTypeDelete,
 			},
 		},
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("arn:minio:sqs::test:postgresql"),
 			ID:     "",
 			Prefix: "",
@@ -344,7 +344,7 @@ func TestListBucketEvents(t *testing.T) {
 				models.NotificationEventTypeDelete,
 			},
 		},
-		&models.NotificationConfig{
+		{
 			Arn:    swag.String("lambda"),
 			ID:     "",
 			Prefix: "lambda/",

restapi/user_buckets_test.go

@@ -82,8 +82,8 @@ func TestListBucket(t *testing.T) {
 	mockBucketList := madmin.AccountUsageInfo{
 		AccountName: "test",
 		Buckets: []madmin.BucketUsageInfo{
-			madmin.BucketUsageInfo{Name: "bucket-1", Created: time.Now(), Size: 1024},
-			madmin.BucketUsageInfo{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
+			{Name: "bucket-1", Created: time.Now(), Size: 1024},
+			{Name: "bucket-2", Created: time.Now().Add(time.Hour * 1), Size: 0},
 		},
 	}
 	// mock function response from listBucketsWithContext(ctx)

restapi/user_watch_test.go

@@ -71,7 +71,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}
@@ -134,7 +134,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}
@@ -177,7 +177,7 @@ func TestWatch(t *testing.T) {
 			// mocking sending 5 lines of info
 			for range lines {
 				info := []mc.EventInfo{
-					mc.EventInfo{
+					{
 						UserAgent: textToReceive,
 					},
 				}

swagger.yml

@@ -1733,7 +1733,10 @@ definitions:
   tenantUsage:
     type: object
     properties:
-      used_size:
+      used:
+        type: integer
+        format: int64
+      disk_used:
         type: integer
         format: int64
 
@@ -1768,12 +1771,30 @@ definitions:
         type: integer
         format: int64
         title: number of tenants accessible to tenant user
+
   updateTenantRequest:
     type: object
     properties:
       image:
         type: string
         pattern: "^((.*?)/(.*?):(.+))$"
+      image_registry:
+        $ref: "#/definitions/imageRegistry"
+  
+  imageRegistry:
+    type: object
+    required:
+      - registry
+      - username
+      - password
+    properties:
+      registry:
+        type: string
+      username:
+        type: string
+      password:
+        type: string
+        
   createTenantRequest:
     type: object
     required:
@@ -1806,10 +1827,17 @@ definitions:
         default: true
       namespace:
         type: string
+      erasureCodingParity:
+        type: integer
       annotations:
         type: object
         additionalProperties:
           type: string
+      image_registry:
+        $ref: "#/definitions/imageRegistry"
+      idp:
+        type: object
+        $ref: "#/definitions/idpConfiguration"
       tls:
         type: object
         $ref: "#/definitions/tlsConfiguration"
@@ -1828,6 +1856,46 @@ definitions:
       key:
         type: string
 
+  idpConfiguration:
+    type: object
+    properties:
+      oidc:
+        type: object
+        required:
+          - url
+          - client_id
+          - secret_id
+        properties:
+          url:
+            type: string
+          client_id:
+            type: string
+          secret_id:
+            type: string
+      active_directory:
+        type: object
+        required:
+          - url
+          - username_format
+          - user_search_filter
+        properties:
+          url:
+            type: string
+          username_format:
+            type: string
+          user_search_filter:
+            type: string
+          group_search_base_dn:
+            type: string
+          group_search_filter:
+            type: string
+          group_name_attribute:
+            type: string
+          skip_ssl_verification:
+            type: boolean
+          server_insecure:
+            type: boolean
+
   encryptionConfiguration:
     type: object
     properties: