Release v0.44.0 (#3177)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>

.github/workflows/jobs.yaml

@@ -19,11 +19,11 @@ concurrency:
 jobs:
   lint-job:
     name: Checking Lint
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        os: [ubuntu-latest]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out source code
         uses: actions/checkout@v3
@@ -65,8 +65,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -110,8 +110,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -130,10 +130,10 @@ jobs:
 
   latest-minio:
     name: Build latest MinIO
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
+        go-version: [ 1.21.x ]
     steps:
       # To build minio image, we need to clone the repository first
       - name: Clone github.com/minio/minio
@@ -168,8 +168,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -200,16 +200,65 @@ jobs:
         run: |
           make console
 
+  test-nginx-subpath:
+    name: Test Subpath with Nginx
+    needs:
+      - compile-binary
+    runs-on: [ ubuntu-latest ]
+    timeout-minutes: 10
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NVMRC }}
+      - name: Install MinIO JS
+        working-directory: ./
+        continue-on-error: false
+        run: |
+          yarn add minio
+
+      - uses: actions/cache@v3
+        name: Console Binary Cache
+        with:
+          path: |
+            ./console
+          key: ${{ runner.os }}-binary-${{ github.run_id }}
+
+      - name: clean-previous-containers-if-any
+        run: |
+          docker stop minio || true;
+          docker container prune -f || true;
+
+      - name: Start Console, MinIO and Nginx
+        run: |
+          (CONSOLE_SUBPATH=/console/subpath ./console server ) & (make test-initialize-minio-nginx)
+
+      - name: Install TestCafe
+        run: npm install testcafe@3.0.0
+
+      - name: Run TestCafe Tests
+        run: npx testcafe "chrome:headless" portal-ui/tests/subpath-nginx/ -q --skip-js-errors -c 3
+
+      - name: Clean up docker
+        if: always()
+        run: |
+          make cleanup-minio-nginx
+
   all-permissions-1:
     name: Permissions Tests Part 1
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -252,12 +301,12 @@ jobs:
     name: Permissions Tests Part 2
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -299,12 +348,12 @@ jobs:
     name: Permissions Tests Part 3
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -346,12 +395,12 @@ jobs:
     name: Permissions Tests Part 4
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     timeout-minutes: 15
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -390,11 +439,11 @@ jobs:
     name: Permissions Tests Part 5
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -433,11 +482,11 @@ jobs:
     name: Permissions Tests Part 6
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -476,11 +525,11 @@ jobs:
     name: Permissions Tests Part 7
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -518,11 +567,11 @@ jobs:
     name: Permissions Tests Part 8
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -561,11 +610,11 @@ jobs:
     name: Permissions Tests Part 9
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -607,11 +656,11 @@ jobs:
     name: Permissions Tests Part A
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -653,11 +702,11 @@ jobs:
     name: Permissions Tests Part B
     needs:
       - compile-binary
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -705,8 +754,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -732,8 +781,8 @@ jobs:
           path: |
             ./pkg/coverage/
           key: ${{ runner.os }}-coverage-pkg-2-${{ github.run_id }}
-  test-restapi-on-go:
-    name: Test Restapi on Go ${{ matrix.go-version }} and ${{ matrix.os }}
+  test-api-on-go:
+    name: Test API on Go ${{ matrix.go-version }} and ${{ matrix.os }}
     needs:
       - lint-job
       - ui-assets
@@ -742,8 +791,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -763,12 +812,12 @@ jobs:
           make test
 
       - uses: actions/cache@v3
-        id: coverage-cache-restapi
-        name: Coverage Cache RestAPI
+        id: coverage-cache-api
+        name: Coverage Cache API
         with:
           path: |
-            ./restapi/coverage/
-          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}
+            ./api/coverage/
+          key: ${{ runner.os }}-coverage-api-2-${{ github.run_id }}
   b-integration-tests:
     name: Integration Tests with Latest Distributed MinIO
     needs:
@@ -781,7 +830,7 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [1.21.x]
+        go-version: [ 1.21.x ]
 
     steps:
       - name: Check out code
@@ -866,11 +915,11 @@ jobs:
       - reuse-golang-dependencies
       - semgrep-static-code-analysis
       - latest-minio
-    runs-on: [ubuntu-latest]
+    runs-on: [ ubuntu-latest ]
 
     strategy:
       matrix:
-        go-version: [1.21.x]
+        go-version: [ 1.21.x ]
 
     steps:
       - name: Check out code
@@ -945,7 +994,7 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [1.21.x]
+        go-version: [ 1.21.x ]
 
     steps:
       - name: Check out code
@@ -1009,15 +1058,15 @@ jobs:
     name: "Coverage Limit Check"
     needs:
       - b-integration-tests
-      - test-restapi-on-go
+      - test-api-on-go
       - test-pkg-on-go
       - sso-integration
       - replication
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -1058,12 +1107,12 @@ jobs:
           key: ${{ runner.os }}-replication-coverage-2-${{ github.run_id }}
 
       - uses: actions/cache@v3
-        id: coverage-cache-restapi
-        name: Coverage Cache RestAPI
+        id: coverage-cache-api
+        name: Coverage Cache API
         with:
           path: |
-            ./restapi/coverage/
-          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}
+            ./api/coverage/
+          key: ${{ runner.os }}-coverage-api-2-${{ github.run_id }}
 
       - uses: actions/cache@v3
         id: coverage-cache-pkg
@@ -1090,7 +1139,7 @@ jobs:
           echo "go build gocoverage.go"
           go build gocovmerge.go
           echo "put together the outs for final coverage resolution"
-          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out > all.out
+          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../api/coverage/coverage.out ../pkg/coverage/coverage-pkg.out > all.out
           echo "Download mc for Ubuntu"
           wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
           echo "Change the permissions to execute mc command"
@@ -1113,6 +1162,33 @@ jobs:
             go tool cover -html=all.out -o coverage.html
             ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
             ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            # save all other coverage
+            go tool cover -html=../integration/coverage/system.out -o system.html
+            ./mc cp system.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp system.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc cp ../integration/coverage/system.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp ../integration/coverage/system.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            go tool cover -html=../replication/coverage/replication.out -o replication.html
+            ./mc cp replication.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp replication.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc cp ../replication/coverage/replication.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp ../replication/coverage/replication.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            go tool cover -html=../sso-integration/coverage/sso-system.out -o sso-system.html
+            ./mc cp sso-system.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp sso-system.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc cp ../sso-integration/coverage/sso-system.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp ../sso-integration/coverage/sso-system.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            go tool cover -html=../api/coverage/coverage.out -o coverage.html
+            ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp coverage.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc cp ../api/coverage/coverage.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp ../api/coverage/coverage.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            go tool cover -html=../pkg/coverage/coverage-pkg.out -o coverage-pkg.html
+            ./mc cp coverage-pkg.html play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp coverage-pkg.html play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc cp ../pkg/coverage/coverage-pkg.out play/builds/${{ github.repository }}/${{ github.event.number }}/${{ github.run_id }}/ || true
+            ./mc cp ../pkg/coverage/coverage-pkg.out play/builds/${{ github.repository }}/${{ github.event.number }}/latest/ || true
+            ./mc anonymous set public play/builds
           else
             echo "Play is down, please report it on hack channel, no coverage is going to be uploaded!!!"
           fi
@@ -1120,7 +1196,7 @@ jobs:
           go tool cover -func=all.out | grep total > tmp2
           result=`cat tmp2 | awk 'END {print $3}'`
           result=${result%\%}
-          threshold=71.4
+          threshold=65.0
           echo "Result:"
           echo "$result%"
           if (( $(echo "$result >= $threshold" |bc -l) )); then
@@ -1135,8 +1211,8 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -1176,8 +1252,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.21.x]
-        os: [ubuntu-latest]
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
     steps:
       - name: Check out code
         uses: actions/checkout@v3
@@ -1217,7 +1293,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
 
       - name: Install dependencies
         run: |

.github/workflows/vulncheck.yaml

@@ -1,3 +1,5 @@
+# @format
+
 name: Vulnerability Check
 on:
   pull_request:
@@ -20,7 +22,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.21.0
+          go-version: 1.21.5
           check-latest: true
       - name: Get official govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
@@ -34,7 +36,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [ 1.21.0 ]
+        go-version: [ 1.21.5 ]
         os: [ ubuntu-latest ]
     steps:
       - name: Check out code
@@ -48,4 +50,4 @@ jobs:
         working-directory: ./portal-ui
         continue-on-error: false
         run: |
-          yarn audit --groups dependencies
+          yarn audit --groups dependencies

.golangci.yml

@@ -46,4 +46,4 @@ run:
   skip-dirs:
     - pkg/clientgen
     - pkg/apis/networking.gke.io
-    - restapi/operations
+    - api/operations

CHANGELOG.md

@@ -2,6 +2,101 @@
 
 # Changelog
 
+## Release v0.43.1
+
+Bug Fix:
+
+- Update Share Object UI to reflect maximum expiration time in UI
+
+## Release v0.43.0
+
+Features:
+
+- Updated PDF preview method
+
+Bug Fix:
+
+- Fixed vulnerabilities
+- Prevented non-necessary metadata calls in object browser
+
+## Release v0.42.2
+
+Bug Fix:
+
+- Hidden Prometheus metrics if URL is empty
+
+## Release v0.42.1
+
+Bug Fix:
+
+- Reset go version to 1.19
+
+## Release v0.42.0
+
+Features:
+
+- Introducing Dark Mode
+
+Bug Fix:
+
+- Fixed vulnerabilities
+- Changes on Upload and Delete object urls
+- Fixed blocking subpath creation if not enough permissions
+- Removed share object option at prefix level
+- Updated allowed actions for a deleted object
+
+## Release v0.41.0
+
+Features:
+
+- Updated pages to use mds components
+- support for resolving IPv4/IPv6
+
+Bug Fix:
+
+- Remove cache for ClientIP
+- Fixed override environment variables display in settings page
+- Fixed daylight savings time support in share modal
+
+## Release v0.40.0
+
+Features:
+
+- Updated OpenID page
+- Added New bucket event types support
+
+Bug Fix:
+
+- Fixed crash in access keys page
+- Fixed AuditLog filters issue
+- Fixed multiple issues with Object Browser
+
+## Release v0.39.0
+
+Features:
+
+- Migrated metrics page to mds
+- Migrated Register page to mds
+
+Bug Fix:
+
+- Fixed LDAP configuration page issues
+- Load available certificates in logout
+- Updated dependencies & go version
+- Fixed delete objects functionality
+
+## Release v0.38.0
+
+Features:
+
+- Added extra information to Service Accounts page
+- Updated Tiers, Site Replication, Speedtest, Heal & Watch pages components
+
+Bug Fix:
+
+- Fixed IDP expiry time errors
+- Updated project Dependencies
+
 ## Release v0.37.0
 
 Features:

CONTRIBUTING.md

@@ -4,56 +4,80 @@ This is a REST portal server created using [go-swagger](https://github.com/go-sw
 
 The API handlers are created using a YAML definition located in `swagger.YAML`.
 
-To add new api, the YAML file needs to be updated with all the desired apis using the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths, parameters, definitions, tags, etc.
+To add new api, the YAML file needs to be updated with all the desired apis using
+the [Swagger Basic Structure](https://swagger.io/docs/specification/2-0/basic-structure/), this includes paths,
+parameters, definitions, tags, etc.
 
 ## Generate server from YAML
+
 Once the YAML file is ready we can autogenerate the code needed for the new api by just running:
 
 Validate it:
+
 ```
 swagger validate ./swagger.yml
 ```
+
 Update server code:
+
 ```
 make swagger-gen
 ```
 
 This will update all the necessary code.
 
-`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./api/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place
+where we need to update our code to support the new apis. This file is not affected when running the swagger generator
+and it is safe to edit.
 
 ## Unit Tests
-`./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
+
+`./api/handlers_test.go` needs to be updated with the proper tests for the new api.
 
 To run tests:
+
 ```
-go test ./restapi
+go test ./api
 ```
 
 ## Commit changes
-After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to write useful commit messages
+
+After verification, commit your changes. This is a [great post](https://chris.beams.io/posts/git-commit/) on how to
+write useful commit messages
 
 ```
 $ git commit -am 'Add some feature'
 ```
 
 ### Push to the branch
+
 Push your locally committed changes to the remote origin (your fork)
+
 ```
 $ git push origin my-new-feature
 ```
 
 ### Create a Pull Request
-Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.
+
+Pull requests can be created via GitHub. Refer
+to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull
+request. After a Pull Request gets peer reviewed and approved, it will be merged.
 
 ## FAQs
+
 ### How does ``console`` manages dependencies?
+
 ``MinIO`` uses `go mod` to manage its dependencies.
+
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.
 
 To remove a dependency
+
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.
 
 ### What are the coding guidelines for console?
-``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+
+``console`` is fully conformant with Golang style.
+Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe
+offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).

Dockerfile.release

@@ -1,17 +1,10 @@
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi8/ubi-minimal:8.7 as build
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
 
 RUN microdnf update --nodocs && microdnf install ca-certificates --nodocs
-RUN  curl -s -q https://raw.githubusercontent.com/minio/kes/master/LICENSE -o LICENSE
-RUN  curl -s -q https://raw.githubusercontent.com/minio/kes/master/CREDITS -o CREDITS
 
-FROM registry.access.redhat.com/ubi8/ubi-micro:8.7
+FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
 
-# On RHEL the certificate bundle is located at:
-# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6)
-# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7)
-COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/
-COPY --from=build LICENSE /LICENSE
-COPY --from=build CREDITS /CREDITS
+ARG TAG
 
 LABEL name="MinIO" \
       vendor="MinIO Inc <dev@min.io>" \
@@ -21,7 +14,14 @@ LABEL name="MinIO" \
       summary="A graphical user interface for MinIO" \
       description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
 
-EXPOSE 9090
+# On RHEL the certificate bundle is located at:
+# - /etc/pki/tls/certs/ca-bundle.crt (RHEL 6)
+# - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem (RHEL 7)
+COPY --from=build /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/
+COPY LICENSE /LICENSE
+COPY CREDITS /CREDITS
 COPY console /console
 
+EXPOSE 9090
+
 ENTRYPOINT ["/console"]

Makefile

@@ -48,13 +48,14 @@ apply-gofmt:
 clean-swagger:
 	@echo "cleaning"
 	@rm -rf models
-	@rm -rf restapi/operations
+	@rm -rf api/operations
 
 swagger-console:
 	@echo "Generating swagger server code from yaml"
-	@swagger generate server -A console --main-package=management --server-package=restapi --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@swagger generate server -A console --main-package=management --server-package=api --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
 	@echo "Generating typescript api"
 	@npx swagger-typescript-api -p ./swagger.yml -o ./portal-ui/src/api -n consoleApi.ts
+	@git restore api/server.go
 
 
 assets:
@@ -77,7 +78,7 @@ test-integration:
 	@echo "Postgres"
 	@(docker run --net=mynet123 --ip=173.18.0.4 --name pgsqlcontainer --rm -p 5432:5432 -e POSTGRES_PASSWORD=password -d postgres && sleep 5)
 	@echo "execute test and get coverage for test-integration:"
-	@(cd integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage &&  ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
+	@(cd integration && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage &&  ./integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/system.out)
 	@(docker stop pgsqlcontainer)
 	@(docker stop minio)
 	@(docker stop minio2)
@@ -125,7 +126,7 @@ test-replication:
 	  $(MINIO_VERSION) server /data{1...4} \
 	  --address :9002 \
 	  --console-address :6002)
-	@(cd replication && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./replication.test -test.v -test.run "^Test*" -test.coverprofile=coverage/replication.out)
+	@(cd replication && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage && ./replication.test -test.v -test.run "^Test*" -test.coverprofile=coverage/replication.out)
 	@(docker stop minio || true)
 	@(docker stop minio1 || true)
 	@(docker stop minio2 || true)
@@ -179,7 +180,7 @@ test-sso-integration:
 	@echo "add python module"
 	@(pip3 install bs4)
 	@echo "Executing the test:"
-	@(cd sso-integration && go test -coverpkg=../restapi -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)
+	@(cd sso-integration && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage && ./sso-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/sso-system.out)
 
 test-permissions-1:
 	@(docker run -v /data1 -v /data2 -v /data3 -v /data4 -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4})
@@ -229,17 +230,47 @@ cleanup-permissions:
 	@(env bash $(PWD)/portal-ui/tests/scripts/cleanup-env.sh)
 	@(docker stop minio)
 
+initialize-docker-network:
+	@(docker network create test-network)
+
+test-start-docker-minio-w-redirect-url: initialize-docker-network
+	@(docker run \
+    -e MINIO_BROWSER_REDIRECT_URL='http://localhost:8000/console/subpath/' \
+    -e MINIO_SERVER_URL='http://localhost:9000' \
+    -v /data1 -v /data2 -v /data3 -v /data4 \
+    -d --network host --name minio --rm\
+    quay.io/minio/minio:latest server /data{1...4}) 
+
+test-start-docker-nginx-w-subpath:
+	@(docker run \
+	--network host \
+	-d --rm \
+	--add-host=host.docker.internal:host-gateway \
+	-v ./portal-ui/tests/subpath-nginx/nginx.conf:/etc/nginx/nginx.conf \
+	--name test-nginx nginx)
+
+test-initialize-minio-nginx: test-start-docker-minio-w-redirect-url test-start-docker-nginx-w-subpath
+
+cleanup-minio-nginx:
+	@(docker stop minio test-nginx & docker network rm test-network)
+
+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is needed because tests can be in the folder or sub-folder(s), let's include them all please!.
 test:
 	@echo "execute test and get coverage"
-	@(cd restapi && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage.out)
+	@(cd api && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage.out)
 
 
+# https://stackoverflow.com/questions/19200235/golang-tests-in-sub-directory
+# Note: go test ./... will run tests on the current folder and all subfolders.
+# This is since tests in pkg folder are in subfolders and were not executed.
 test-pkg:
 	@echo "execute test and get coverage"
-	@(cd pkg && mkdir coverage && GO111MODULE=on go test -test.v -coverprofile=coverage/coverage-pkg.out)
+	@(cd pkg && mkdir -p coverage && GO111MODULE=on go test ./... -test.v -coverprofile=coverage/coverage-pkg.out)
 
 coverage:
-	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/api/... && go tool cover -html=coverage.out && open coverage.html)
 
 clean:
 	@echo "Cleaning up all the generated files"

README.md

@@ -12,48 +12,25 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)
 **Table of Contents**
 
 - [MinIO Console](#minio-console)
-    - [Install](#install)
-        - [Binary Releases](#binary-releases)
-        - [Docker](#docker)
-        - [Build from source](#build-from-source)
-    - [Setup](#setup)
-        - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
-        - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
-        - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
-    - [Start Console service:](#start-console-service)
-    - [Start Console service with TLS:](#start-console-service-with-tls)
-    - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
+  - [Install](#install)
+    - [Build from source](#build-from-source)
+  - [Setup](#setup)
+    - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
+    - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
+    - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
+  - [Start Console service:](#start-console-service)
+  - [Start Console service with TLS:](#start-console-service-with-tls)
+  - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
 - [Contribute to console Project](#contribute-to-console-project)
 
 <!-- markdown-toc end -->
 
 ## Install
 
-### Binary Releases
+MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
+The standalone binary installation path has been removed.
 
-|   OS    |  ARCH   |                                                Binary                                                |
-|:-------:|:-------:|:----------------------------------------------------------------------------------------------------:|
-|  Linux  |  amd64  |     [linux-amd64](https://github.com/minio/console/releases/latest/download/console-linux-amd64)     |
-|  Linux  |  arm64  |     [linux-arm64](https://github.com/minio/console/releases/latest/download/console-linux-arm64)     |
-|  Linux  | ppc64le |   [linux-ppc64le](https://github.com/minio/console/releases/latest/download/console-linux-ppc64le)   |
-|  Linux  |  s390x  |     [linux-s390x](https://github.com/minio/console/releases/latest/download/console-linux-s390x)     |
-|  Apple  |  amd64  |    [darwin-amd64](https://github.com/minio/console/releases/latest/download/console-darwin-amd64)    |
-| Windows |  amd64  | [windows-amd64](https://github.com/minio/console/releases/latest/download/console-windows-amd64.exe) |
-
-You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the
-corresponding [`.minisig`](https://github.com/minio/console/releases/latest) signature file. Then run:
-
-```
-minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
-```
-
-### Docker
-
-Pull the latest release via:
-
-```
-docker pull minio/console
-```
+In case a Console standalone binary is needed, it can be generated by building this package from source as follows:
 
 ### Build from source
 

api/admin_arns.go

@@ -14,16 +14,16 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 
-	systemApi "github.com/minio/console/restapi/operations/system"
+	systemApi "github.com/minio/console/api/operations/system"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
 )
 
 func registerAdminArnsHandlers(api *operations.ConsoleAPI) {

api/admin_arns_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -25,11 +25,11 @@ import (
 	"testing"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations/system"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations/system"
 
 	"github.com/go-openapi/loads"
-	"github.com/minio/console/restapi/operations"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/madmin-go/v3"
 
 	asrt "github.com/stretchr/testify/assert"

api/admin_client_mock.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -80,7 +80,7 @@ var (
 	minioSetUserStatusMock func(accessKey string, status madmin.AccountStatus) error
 
 	minioAccountInfoMock           func(ctx context.Context) (madmin.AccountInfo, error)
-	minioAddServiceAccountMock     func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
+	minioAddServiceAccountMock     func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, description string, name string, expiry *time.Time, status string) (madmin.Credentials, error)
 	minioListServiceAccountsMock   func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
 	minioDeleteServiceAccountMock  func(ctx context.Context, serviceAccount string) error
 	minioInfoServiceAccountMock    func(ctx context.Context, serviceAccount string) (madmin.InfoServiceAccountResp, error)
@@ -377,8 +377,8 @@ func (ac AdminClientMock) AccountInfo(ctx context.Context) (madmin.AccountInfo,
 	return minioAccountInfoMock(ctx)
 }
 
-func (ac AdminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
-	return minioAddServiceAccountMock(ctx, policy, user, accessKey, secretKey)
+func (ac AdminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, description string, name string, expiry *time.Time, status string) (madmin.Credentials, error) {
+	return minioAddServiceAccountMock(ctx, policy, user, accessKey, secretKey, description, name, expiry, status)
 }
 
 func (ac AdminClientMock) listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {

api/admin_config.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -24,11 +24,11 @@ import (
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
 	madmin "github.com/minio/madmin-go/v3"
 
-	cfgApi "github.com/minio/console/restapi/operations/configuration"
+	cfgApi "github.com/minio/console/api/operations/configuration"
 )
 
 func registerConfigHandlers(api *operations.ConsoleAPI) {

api/admin_config_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_console.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_console_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_groups.go

@@ -14,18 +14,18 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/pkg/utils"
-	"github.com/minio/console/restapi/operations"
 	"github.com/minio/madmin-go/v3"
 
-	groupApi "github.com/minio/console/restapi/operations/group"
+	groupApi "github.com/minio/console/api/operations/group"
 
 	"github.com/minio/console/models"
 )

api/admin_groups_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_heal.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_heal_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_health_info.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"

api/admin_health_info_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_idp.go

@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package restapi
+package api
 
 import (
 	"context"
@@ -23,9 +23,9 @@ import (
 	"time"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	"github.com/minio/console/api/operations/idp"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	"github.com/minio/console/restapi/operations/idp"
 	"github.com/minio/madmin-go/v3"
 )
 
@@ -198,6 +198,7 @@ func getIDPConfiguration(ctx context.Context, idpType, name string, client Minio
 	if err != nil {
 		return nil, err
 	}
+
 	return &models.IdpServerConfiguration{
 		Name: config.Name,
 		Type: config.Type,

api/admin_idp_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -27,9 +27,9 @@ import (
 
 	"github.com/minio/madmin-go/v3"
 
+	"github.com/minio/console/api/operations"
+	"github.com/minio/console/api/operations/idp"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	"github.com/minio/console/restapi/operations/idp"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )

api/admin_info.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -31,9 +31,9 @@ import (
 	"github.com/minio/console/pkg/utils"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	systemApi "github.com/minio/console/api/operations/system"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	systemApi "github.com/minio/console/restapi/operations/system"
 )
 
 func registerAdminInfoHandlers(api *operations.ConsoleAPI) {
@@ -881,7 +881,10 @@ func getAdminInfoResponse(session *models.Principal, params systemApi.AdminInfoP
 	prometheusURL := ""
 
 	if !*params.DefaultOnly {
-		prometheusURL = getPrometheusURL()
+		promURL := getPrometheusURL()
+		if promURL != "" {
+			prometheusURL = promURL
+		}
 	}
 
 	mAdmin, err := NewMinioAdminClient(params.HTTPRequest.Context(), session)
@@ -963,6 +966,12 @@ func unmarshalPrometheus(ctx context.Context, httpClnt *http.Client, endpoint st
 		return true
 	}
 
+	prometheusBearer := getPrometheusAuthToken()
+
+	if prometheusBearer != "" {
+		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", prometheusBearer))
+	}
+
 	resp, err := httpClnt.Do(req)
 	if err != nil {
 		ErrorWithContext(ctx, fmt.Errorf("Unable to fetch labels from prometheus: %w", err))
@@ -992,6 +1001,13 @@ func testPrometheusURL(ctx context.Context, url string) bool {
 		ErrorWithContext(ctx, fmt.Errorf("error Building Request: (%v)", err))
 		return false
 	}
+
+	prometheusBearer := getPrometheusAuthToken()
+
+	if prometheusBearer != "" {
+		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", prometheusBearer))
+	}
+
 	response, err := httpClnt.Do(req)
 	if err != nil {
 		ErrorWithContext(ctx, fmt.Errorf("default Prometheus URL not reachable, trying root testing: (%v)", err))

api/admin_info_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -25,9 +25,9 @@ import (
 
 	"github.com/minio/console/pkg/utils"
 
+	"github.com/minio/console/api/operations"
+	systemApi "github.com/minio/console/api/operations/system"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	systemApi "github.com/minio/console/restapi/operations/system"
 	"github.com/minio/madmin-go/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"

api/admin_inspect.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"encoding/base64"
@@ -26,9 +26,9 @@ import (
 
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	inspectApi "github.com/minio/console/api/operations/inspect"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	inspectApi "github.com/minio/console/restapi/operations/inspect"
 	"github.com/minio/madmin-go/v3"
 	"github.com/secure-io/sio-go"
 )

api/admin_kms.go

@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package restapi
+package api
 
 import (
 	"context"
@@ -23,9 +23,9 @@ import (
 	"sort"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	kmsAPI "github.com/minio/console/api/operations/k_m_s"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	kmsAPI "github.com/minio/console/restapi/operations/k_m_s"
 	"github.com/minio/madmin-go/v3"
 )
 

api/admin_kms_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -23,9 +23,9 @@ import (
 	"os"
 	"testing"
 
+	"github.com/minio/console/api/operations"
+	kmsAPI "github.com/minio/console/api/operations/k_m_s"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	kmsAPI "github.com/minio/console/restapi/operations/k_m_s"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )

api/admin_nodes.go

@@ -14,15 +14,15 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	systemApi "github.com/minio/console/api/operations/system"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	systemApi "github.com/minio/console/restapi/operations/system"
 )
 
 func registerNodesHandler(api *operations.ConsoleAPI) {

api/admin_notification_endpoints.go

@@ -14,16 +14,16 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 	"errors"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	configurationApi "github.com/minio/console/api/operations/configuration"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	configurationApi "github.com/minio/console/restapi/operations/configuration"
 )
 
 func registerAdminNotificationEndpointsHandlers(api *operations.ConsoleAPI) {

api/admin_notification_endpoints_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -24,8 +24,8 @@ import (
 
 	"github.com/go-openapi/swag"
 
+	cfgApi "github.com/minio/console/api/operations/configuration"
 	"github.com/minio/console/models"
-	cfgApi "github.com/minio/console/restapi/operations/configuration"
 )
 
 func Test_addNotificationEndpoint(t *testing.T) {

api/admin_objects.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -41,7 +41,7 @@ type ObjectsRequest struct {
 
 type WSResponse struct {
 	RequestID  int64            `json:"request_id,omitempty"`
-	Error      string           `json:"error,omitempty"`
+	Error      *CodedAPIError   `json:"error,omitempty"`
 	RequestEnd bool             `json:"request_end,omitempty"`
 	Prefix     string           `json:"prefix,omitempty"`
 	BucketName string           `json:"bucketName,omitempty"`

api/admin_objects_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_policies.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"
@@ -24,17 +24,17 @@ import (
 	"sort"
 	"strings"
 
+	bucketApi "github.com/minio/console/api/operations/bucket"
+	policyApi "github.com/minio/console/api/operations/policy"
 	"github.com/minio/console/pkg/utils"
-	bucketApi "github.com/minio/console/restapi/operations/bucket"
-	policyApi "github.com/minio/console/restapi/operations/policy"
 	s3 "github.com/minio/minio-go/v7"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
 	iampolicy "github.com/minio/pkg/v2/policy"
 
-	policies "github.com/minio/console/restapi/policy"
+	policies "github.com/minio/console/api/policy"
 )
 
 func registersPoliciesHandler(api *operations.ConsoleAPI) {

api/admin_policies_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"

api/admin_profiling.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_profiling_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"

api/admin_releases.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -27,9 +27,9 @@ import (
 	"github.com/minio/console/pkg/utils"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	release "github.com/minio/console/api/operations/release"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	release "github.com/minio/console/restapi/operations/release"
 	"github.com/minio/pkg/v2/env"
 )
 

api/admin_releases_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"encoding/json"
@@ -24,9 +24,9 @@ import (
 	"os"
 	"testing"
 
+	"github.com/minio/console/api/operations"
+	release "github.com/minio/console/api/operations/release"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	release "github.com/minio/console/restapi/operations/release"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 )

api/admin_remote_buckets.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -30,9 +30,9 @@ import (
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
+	bucketApi "github.com/minio/console/api/operations/bucket"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	bucketApi "github.com/minio/console/restapi/operations/bucket"
 	"github.com/minio/minio-go/v7/pkg/replication"
 )
 

api/admin_remote_buckets_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -27,9 +27,9 @@ import (
 	"github.com/minio/console/pkg/utils"
 
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
+	bucketApi "github.com/minio/console/api/operations/bucket"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	bucketApi "github.com/minio/console/restapi/operations/bucket"
 	"github.com/minio/madmin-go/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"

api/admin_replication_status.go

@@ -14,15 +14,15 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	siteRepApi "github.com/minio/console/api/operations/site_replication"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	siteRepApi "github.com/minio/console/restapi/operations/site_replication"
 	"github.com/minio/madmin-go/v3"
 )
 

api/admin_service.go

@@ -14,17 +14,17 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 	"time"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
 
-	svcApi "github.com/minio/console/restapi/operations/service"
+	svcApi "github.com/minio/console/api/operations/service"
 )
 
 func registerServiceHandlers(api *operations.ConsoleAPI) {

api/admin_service_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_site_replication.go

@@ -14,15 +14,15 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	siteRepApi "github.com/minio/console/api/operations/site_replication"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	siteRepApi "github.com/minio/console/restapi/operations/site_replication"
 	"github.com/minio/madmin-go/v3"
 )
 

api/admin_site_replication_test.go

@@ -16,7 +16,7 @@
 
 // These tests are for AdminAPI Tag based on swagger-console.yml
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_speedtest.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_subnet.go

@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package restapi
+package api
 
 import (
 	"context"
@@ -30,10 +30,10 @@ import (
 	xhttp "github.com/minio/console/pkg/http"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	subnetApi "github.com/minio/console/api/operations/subnet"
 	"github.com/minio/console/models"
 	"github.com/minio/console/pkg/subnet"
-	"github.com/minio/console/restapi/operations"
-	subnetApi "github.com/minio/console/restapi/operations/subnet"
 	"github.com/minio/madmin-go/v3"
 )
 

api/admin_subnet_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -24,9 +24,9 @@ import (
 	"os"
 	"testing"
 
+	"github.com/minio/console/api/operations"
+	subnetApi "github.com/minio/console/api/operations/subnet"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	subnetApi "github.com/minio/console/restapi/operations/subnet"
 	"github.com/minio/madmin-go/v3"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"

api/admin_tiers.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -23,9 +23,9 @@ import (
 
 	"github.com/dustin/go-humanize"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	tieringApi "github.com/minio/console/api/operations/tiering"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	tieringApi "github.com/minio/console/restapi/operations/tiering"
 	"github.com/minio/madmin-go/v3"
 )
 

api/admin_tiers_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -22,8 +22,8 @@ import (
 	"fmt"
 	"testing"
 
+	tieringApi "github.com/minio/console/api/operations/tiering"
 	"github.com/minio/console/models"
-	tieringApi "github.com/minio/console/restapi/operations/tiering"
 	"github.com/minio/madmin-go/v3"
 	"github.com/stretchr/testify/assert"
 )

api/admin_trace.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_trace_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/admin_users.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -26,11 +26,11 @@ import (
 
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/api/operations"
+	accountApi "github.com/minio/console/api/operations/account"
+	bucketApi "github.com/minio/console/api/operations/bucket"
+	userApi "github.com/minio/console/api/operations/user"
 	"github.com/minio/console/models"
-	"github.com/minio/console/restapi/operations"
-	accountApi "github.com/minio/console/restapi/operations/account"
-	bucketApi "github.com/minio/console/restapi/operations/bucket"
-	userApi "github.com/minio/console/restapi/operations/user"
 	"github.com/minio/madmin-go/v3"
 	iampolicy "github.com/minio/pkg/v2/policy"
 )

api/admin_users_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"

api/client-admin.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"bytes"
@@ -25,7 +25,6 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
-	"sync"
 	"time"
 
 	"github.com/minio/console/pkg/utils"
@@ -71,7 +70,7 @@ type MinioAdmin interface {
 	heal(ctx context.Context, bucket, prefix string, healOpts madmin.HealOpts, clientToken string,
 		forceStart, forceStop bool) (healStart madmin.HealStartSuccess, healTaskStatus madmin.HealTaskStatus, err error)
 	// Service Accounts
-	addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
+	addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error)
 	listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
 	deleteServiceAccount(ctx context.Context, serviceAccount string) error
 	infoServiceAccount(ctx context.Context, serviceAccount string) (madmin.InfoServiceAccountResp, error)
@@ -306,16 +305,20 @@ func (ac AdminClient) getLogs(ctx context.Context, node string, lineCnt int, log
 }
 
 // implements madmin.AddServiceAccount()
-func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
+func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error) {
 	buf, err := json.Marshal(policy)
 	if err != nil {
 		return madmin.Credentials{}, err
 	}
 	return ac.Client.AddServiceAccount(ctx, madmin.AddServiceAccountReq{
-		Policy:     buf,
-		TargetUser: user,
-		AccessKey:  accessKey,
-		SecretKey:  secretKey,
+		Policy:      buf,
+		TargetUser:  user,
+		AccessKey:   accessKey,
+		SecretKey:   secretKey,
+		Name:        name,
+		Description: description,
+		Expiration:  expiry,
+		Comment:     comment,
 	})
 }
 
@@ -392,7 +395,7 @@ func (ac AdminClient) serverHealthInfo(ctx context.Context, healthDataTypes []ma
 	var version string
 	var tryCount int
 	for info.Version == "" && tryCount < 10 {
-		resp, version, err := ac.Client.ServerHealthInfo(ctx, healthDataTypes, deadline)
+		resp, version, err := ac.Client.ServerHealthInfo(ctx, healthDataTypes, deadline, "")
 		if err != nil {
 			return nil, version, err
 		}
@@ -482,15 +485,6 @@ func newAdminFromCreds(accessKey, secretKey, endpoint string, tlsEnabled bool) (
 	return minioClient, nil
 }
 
-// httpClient is a custom http client, this client should not be called directly and instead be
-// called using GetConsoleHTTPClient() to ensure is initialized and the certificates are loaded correctly
-var httpClients = struct {
-	sync.Mutex
-	m map[string]*http.Client
-}{
-	m: make(map[string]*http.Client),
-}
-
 // isLocalAddress returns true if the url contains an IPv4/IPv6 hostname
 // that points to the local machine - FQDN are not supported
 func isLocalIPEndpoint(addr string) bool {
@@ -520,17 +514,8 @@ func GetConsoleHTTPClient(address string, clientIP string) *http.Client {
 		address = u.Hostname()
 	}
 
-	httpClients.Lock()
-	client, ok := httpClients.m[address]
-	httpClients.Unlock()
-	if ok {
-		return client
-	}
+	client := PrepareConsoleHTTPClient(isLocalIPAddress(address), clientIP)
 
-	client = PrepareConsoleHTTPClient(isLocalIPAddress(address), clientIP)
-	httpClients.Lock()
-	httpClients.m[address] = client
-	httpClients.Unlock()
 	return client
 }
 
@@ -581,7 +566,7 @@ func (ac AdminClient) getSiteReplicationInfo(ctx context.Context) (*madmin.SiteR
 }
 
 func (ac AdminClient) addSiteReplicationInfo(ctx context.Context, sites []madmin.PeerSite) (*madmin.ReplicateAddStatus, error) {
-	res, err := ac.Client.SiteReplicationAdd(ctx, sites)
+	res, err := ac.Client.SiteReplicationAdd(ctx, sites, madmin.SRAddOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -595,7 +580,7 @@ func (ac AdminClient) addSiteReplicationInfo(ctx context.Context, sites []madmin
 }
 
 func (ac AdminClient) editSiteReplicationInfo(ctx context.Context, site madmin.PeerInfo) (*madmin.ReplicateEditStatus, error) {
-	res, err := ac.Client.SiteReplicationEdit(ctx, site)
+	res, err := ac.Client.SiteReplicationEdit(ctx, site, madmin.SREditOptions{})
 	if err != nil {
 		return nil, err
 	}

api/client.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"

api/client_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import "testing"
 

api/config.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"crypto/x509"
@@ -247,6 +247,10 @@ func getPrometheusURL() string {
 	return env.Get(PrometheusURL, "")
 }
 
+func getPrometheusAuthToken() string {
+	return env.Get(PrometheusAuthToken, "")
+}
+
 func getPrometheusJobID() string {
 	return env.Get(PrometheusJobID, "minio-job")
 }

api/config_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"os"

api/configure_console.go

@@ -16,7 +16,7 @@
 
 // This file is safe to edit. Once it exists it will not be overwritten
 
-package restapi
+package api
 
 import (
 	"bytes"
@@ -35,6 +35,8 @@ import (
 	"sync"
 	"time"
 
+	"github.com/google/uuid"
+
 	"github.com/minio/console/pkg/logger"
 	"github.com/minio/console/pkg/utils"
 	"github.com/minio/minio-go/v7/pkg/credentials"
@@ -48,9 +50,9 @@ import (
 
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/swag"
+	"github.com/minio/console/api/operations"
 	"github.com/minio/console/models"
 	"github.com/minio/console/pkg/auth"
-	"github.com/minio/console/restapi/operations"
 	"github.com/unrolled/secure"
 )
 
@@ -127,8 +129,6 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
 	registerServiceHandlers(api)
 	// Register session handlers
 	registerSessionHandlers(api)
-	// Register version handlers
-	registerVersionHandlers(api)
 	// Register admin info handlers
 	registerAdminInfoHandlers(api)
 	// Register admin arns handlers
@@ -194,11 +194,7 @@ func setupMiddlewares(handler http.Handler) http.Handler {
 
 func ContextMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		requestID, err := utils.NewUUID()
-		if err != nil && err != auth.ErrNoAuthToken {
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
+		requestID := uuid.NewString()
 		ctx := context.WithValue(r.Context(), utils.ContextRequestID, requestID)
 		ctx = context.WithValue(ctx, utils.ContextRequestUserAgent, r.UserAgent())
 		ctx = context.WithValue(ctx, utils.ContextRequestHost, r.Host)

api/configure_console_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"os"

api/consts.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 // list of all console environment constants
 const (
@@ -47,6 +47,7 @@ const (
 	ConsoleSecureFeaturePolicy                   = "CONSOLE_SECURE_FEATURE_POLICY"
 	ConsoleSecureExpectCTHeader                  = "CONSOLE_SECURE_EXPECT_CT_HEADER"
 	PrometheusURL                                = "CONSOLE_PROMETHEUS_URL"
+	PrometheusAuthToken                          = "CONSOLE_PROMETHEUS_AUTH_TOKEN"
 	PrometheusJobID                              = "CONSOLE_PROMETHEUS_JOB_ID"
 	PrometheusExtraLabels                        = "CONSOLE_PROMETHEUS_EXTRA_LABELS"
 	ConsoleLogQueryURL                           = "CONSOLE_LOG_QUERY_URL"

api/custom-server.go

@@ -0,0 +1,556 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package api
+
+import (
+	"context"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+	"os/signal"
+	"strconv"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	"github.com/go-openapi/runtime/flagext"
+	"github.com/go-openapi/swag"
+	flags "github.com/jessevdk/go-flags"
+	"golang.org/x/net/netutil"
+
+	"github.com/minio/console/api/operations"
+)
+
+const (
+	schemeHTTP  = "http"
+	schemeHTTPS = "https"
+	schemeUnix  = "unix"
+)
+
+var defaultSchemes []string
+
+func init() {
+	defaultSchemes = []string{
+		schemeHTTP,
+	}
+}
+
+// NewServer creates a new api console server but does not configure it
+func NewServer(api *operations.ConsoleAPI) *Server {
+	s := new(Server)
+
+	s.shutdown = make(chan struct{})
+	s.api = api
+	s.interrupt = make(chan os.Signal, 1)
+	return s
+}
+
+// ConfigureAPI configures the API and handlers.
+func (s *Server) ConfigureAPI() {
+	if s.api != nil {
+		s.handler = configureAPI(s.api)
+	}
+}
+
+// ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse
+func (s *Server) ConfigureFlags() {
+	if s.api != nil {
+		configureFlags(s.api)
+	}
+}
+
+// Server for the console API
+type Server struct {
+	EnabledListeners []string         `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"`
+	CleanupTimeout   time.Duration    `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"`
+	GracefulTimeout  time.Duration    `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"`
+	MaxHeaderSize    flagext.ByteSize `long:"max-header-size" description:"controls the maximum number of bytes the server will read parsing the request header's keys and values, including the request line. It does not limit the size of the request body." default:"1MiB"`
+
+	SocketPath    flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/console.sock"`
+	domainSocketL net.Listener
+
+	Host         string        `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"`
+	Port         int           `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"`
+	ListenLimit  int           `long:"listen-limit" description:"limit the number of outstanding requests"`
+	KeepAlive    time.Duration `long:"keep-alive" description:"sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)" default:"3m"`
+	ReadTimeout  time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"`
+	WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"`
+	httpServerL  []net.Listener
+
+	TLSHost           string         `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
+	TLSPort           int            `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"`
+	TLSCertificate    flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"`
+	TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"`
+	TLSCACertificate  flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"`
+	TLSListenLimit    int            `long:"tls-listen-limit" description:"limit the number of outstanding requests"`
+	TLSKeepAlive      time.Duration  `long:"tls-keep-alive" description:"sets the TCP keep-alive timeouts on accepted connections. It prunes dead TCP connections ( e.g. closing laptop mid-download)"`
+	TLSReadTimeout    time.Duration  `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"`
+	TLSWriteTimeout   time.Duration  `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"`
+	httpsServerL      []net.Listener
+
+	api          *operations.ConsoleAPI
+	handler      http.Handler
+	hasListeners bool
+	shutdown     chan struct{}
+	shuttingDown int32
+	interrupted  bool
+	interrupt    chan os.Signal
+}
+
+// Logf logs message either via defined user logger or via system one if no user logger is defined.
+func (s *Server) Logf(f string, args ...interface{}) {
+	if s.api != nil && s.api.Logger != nil {
+		s.api.Logger(f, args...)
+	} else {
+		log.Printf(f, args...)
+	}
+}
+
+// Fatalf logs message either via defined user logger or via system one if no user logger is defined.
+// Exits with non-zero status after printing
+func (s *Server) Fatalf(f string, args ...interface{}) {
+	if s.api != nil && s.api.Logger != nil {
+		s.api.Logger(f, args...)
+		os.Exit(1)
+	}
+	log.Fatalf(f, args...)
+}
+
+// SetAPI configures the server with the specified API. Needs to be called before Serve
+func (s *Server) SetAPI(api *operations.ConsoleAPI) {
+	if api == nil {
+		s.api = nil
+		s.handler = nil
+		return
+	}
+
+	s.api = api
+	s.handler = configureAPI(api)
+}
+
+func (s *Server) hasScheme(scheme string) bool {
+	schemes := s.EnabledListeners
+	if len(schemes) == 0 {
+		schemes = defaultSchemes
+	}
+
+	for _, v := range schemes {
+		if v == scheme {
+			return true
+		}
+	}
+	return false
+}
+
+// Serve the api
+func (s *Server) Serve() (err error) {
+	if !s.hasListeners {
+		if err = s.Listen(); err != nil {
+			return err
+		}
+	}
+
+	// set default handler, if none is set
+	if s.handler == nil {
+		if s.api == nil {
+			return errors.New("can't create the default handler, as no api is set")
+		}
+
+		s.SetHandler(s.api.Serve(nil))
+	}
+
+	wg := new(sync.WaitGroup)
+	once := new(sync.Once)
+	signalNotify(s.interrupt)
+	go handleInterrupt(once, s)
+
+	servers := []*http.Server{}
+
+	if s.hasScheme(schemeUnix) {
+		domainSocket := new(http.Server)
+		domainSocket.MaxHeaderBytes = int(s.MaxHeaderSize)
+		domainSocket.Handler = s.handler
+		if int64(s.CleanupTimeout) > 0 {
+			domainSocket.IdleTimeout = s.CleanupTimeout
+		}
+
+		configureServer(domainSocket, "unix", string(s.SocketPath))
+
+		servers = append(servers, domainSocket)
+		wg.Add(1)
+		s.Logf("Serving console at unix://%s", s.SocketPath)
+		go func(l net.Listener) {
+			defer wg.Done()
+			if err := domainSocket.Serve(l); err != nil && err != http.ErrServerClosed {
+				s.Fatalf("%v", err)
+			}
+			s.Logf("Stopped serving console at unix://%s", s.SocketPath)
+		}(s.domainSocketL)
+	}
+
+	if s.hasScheme(schemeHTTP) {
+		httpServer := new(http.Server)
+		httpServer.MaxHeaderBytes = int(s.MaxHeaderSize)
+		httpServer.ReadTimeout = s.ReadTimeout
+		httpServer.WriteTimeout = s.WriteTimeout
+		httpServer.SetKeepAlivesEnabled(int64(s.KeepAlive) > 0)
+		if s.ListenLimit > 0 {
+			for i := range s.httpServerL {
+				s.httpServerL[i] = netutil.LimitListener(s.httpServerL[i], s.ListenLimit)
+			}
+		}
+
+		if int64(s.CleanupTimeout) > 0 {
+			httpServer.IdleTimeout = s.CleanupTimeout
+		}
+
+		httpServer.Handler = s.handler
+
+		configureServer(httpServer, "http", s.httpServerL[0].Addr().String())
+
+		servers = append(servers, httpServer)
+		s.Logf("Serving console at http://%s", s.httpServerL[0].Addr())
+		for i := range s.httpServerL {
+			wg.Add(1)
+			go func(l net.Listener) {
+				defer wg.Done()
+				if err := httpServer.Serve(l); err != nil && err != http.ErrServerClosed {
+					s.Fatalf("%v", err)
+				}
+				s.Logf("Stopped serving console at http://%s", l.Addr())
+			}(s.httpServerL[i])
+		}
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		httpsServer := new(http.Server)
+		httpsServer.MaxHeaderBytes = int(s.MaxHeaderSize)
+		httpsServer.ReadTimeout = s.TLSReadTimeout
+		httpsServer.WriteTimeout = s.TLSWriteTimeout
+		httpsServer.SetKeepAlivesEnabled(int64(s.TLSKeepAlive) > 0)
+		if s.TLSListenLimit > 0 {
+			for i := range s.httpsServerL {
+				s.httpsServerL[i] = netutil.LimitListener(s.httpsServerL[i], s.TLSListenLimit)
+			}
+		}
+		if int64(s.CleanupTimeout) > 0 {
+			httpsServer.IdleTimeout = s.CleanupTimeout
+		}
+		httpsServer.Handler = s.handler
+
+		// Inspired by https://blog.bracebin.com/achieving-perfect-ssl-labs-score-with-go
+		httpsServer.TLSConfig = &tls.Config{
+			// Causes servers to use Go's default ciphersuite preferences,
+			// which are tuned to avoid attacks. Does nothing on clients.
+			PreferServerCipherSuites: true,
+			// Only use curves which have assembly implementations
+			// https://github.com/golang/go/tree/master/src/crypto/elliptic
+			CurvePreferences: []tls.CurveID{tls.CurveP256},
+			// Use modern tls mode https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+			NextProtos: []string{"h2", "http/1.1"},
+			// https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Protocols
+			MinVersion: tls.VersionTLS12,
+			// These ciphersuites support Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			},
+		}
+
+		// build standard config from server options
+		if s.TLSCertificate != "" && s.TLSCertificateKey != "" {
+			httpsServer.TLSConfig.Certificates = make([]tls.Certificate, 1)
+			httpsServer.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(string(s.TLSCertificate), string(s.TLSCertificateKey))
+			if err != nil {
+				return err
+			}
+		}
+
+		if s.TLSCACertificate != "" {
+			// include specified CA certificate
+			caCert, caCertErr := os.ReadFile(string(s.TLSCACertificate))
+			if caCertErr != nil {
+				return caCertErr
+			}
+			caCertPool := x509.NewCertPool()
+			ok := caCertPool.AppendCertsFromPEM(caCert)
+			if !ok {
+				return fmt.Errorf("cannot parse CA certificate")
+			}
+			httpsServer.TLSConfig.ClientCAs = caCertPool
+			httpsServer.TLSConfig.ClientAuth = tls.RequireAndVerifyClientCert
+		}
+
+		// call custom TLS configurator
+		configureTLS(httpsServer.TLSConfig)
+
+		if len(httpsServer.TLSConfig.Certificates) == 0 && httpsServer.TLSConfig.GetCertificate == nil {
+			// after standard and custom config are passed, this ends up with no certificate
+			if s.TLSCertificate == "" {
+				if s.TLSCertificateKey == "" {
+					s.Fatalf("the required flags `--tls-certificate` and `--tls-key` were not specified")
+				}
+				s.Fatalf("the required flag `--tls-certificate` was not specified")
+			}
+			if s.TLSCertificateKey == "" {
+				s.Fatalf("the required flag `--tls-key` was not specified")
+			}
+			// this happens with a wrong custom TLS configurator
+			s.Fatalf("no certificate was configured for TLS")
+		}
+
+		configureServer(httpsServer, "https", s.httpsServerL[0].Addr().String())
+
+		servers = append(servers, httpsServer)
+		s.Logf("Serving console at https://%s", s.httpsServerL[0].Addr())
+		for i := range s.httpsServerL {
+			wg.Add(1)
+			go func(l net.Listener) {
+				defer wg.Done()
+				if err := httpsServer.Serve(l); err != nil && err != http.ErrServerClosed {
+					s.Fatalf("%v", err)
+				}
+				s.Logf("Stopped serving console at https://%s", l.Addr())
+			}(tls.NewListener(s.httpsServerL[i], httpsServer.TLSConfig))
+		}
+	}
+
+	wg.Add(1)
+	go s.handleShutdown(wg, &servers)
+
+	wg.Wait()
+	return nil
+}
+
+// Listen creates the listeners for the server
+func (s *Server) Listen() error {
+	if s.hasListeners { // already done this
+		return nil
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		// Use http host if https host wasn't defined
+		if s.TLSHost == "" {
+			s.TLSHost = s.Host
+		}
+		// Use http listen limit if https listen limit wasn't defined
+		if s.TLSListenLimit == 0 {
+			s.TLSListenLimit = s.ListenLimit
+		}
+		// Use http tcp keep alive if https tcp keep alive wasn't defined
+		if int64(s.TLSKeepAlive) == 0 {
+			s.TLSKeepAlive = s.KeepAlive
+		}
+		// Use http read timeout if https read timeout wasn't defined
+		if int64(s.TLSReadTimeout) == 0 {
+			s.TLSReadTimeout = s.ReadTimeout
+		}
+		// Use http write timeout if https write timeout wasn't defined
+		if int64(s.TLSWriteTimeout) == 0 {
+			s.TLSWriteTimeout = s.WriteTimeout
+		}
+	}
+
+	if s.hasScheme(schemeUnix) {
+		domSockListener, err := net.Listen("unix", string(s.SocketPath))
+		if err != nil {
+			return err
+		}
+		s.domainSocketL = domSockListener
+	}
+
+	lookup := func(addr string) []net.IP {
+		ips, err := net.LookupIP(addr)
+		if err == nil {
+			return ips
+		}
+		return []net.IP{net.ParseIP(addr)}
+	}
+
+	convert := func(ip net.IP) (string, string) {
+		if ip == nil {
+			return "", "tcp"
+		}
+		proto := "tcp4"
+		if ip.To4() == nil {
+			proto = "tcp6"
+		}
+		return ip.String(), proto
+	}
+
+	if s.hasScheme(schemeHTTP) {
+		for _, ip := range lookup(s.Host) {
+			host, proto := convert(ip)
+			listener, err := net.Listen(proto, net.JoinHostPort(host, strconv.Itoa(s.Port)))
+			if err != nil {
+				return err
+			}
+			if s.Host == "" || s.Port == 0 {
+				h, p, err := swag.SplitHostPort(listener.Addr().String())
+				if err != nil {
+					return err
+				}
+				s.Host = h
+				s.Port = p
+			}
+			s.httpServerL = append(s.httpServerL, listener)
+		}
+	}
+
+	if s.hasScheme(schemeHTTPS) {
+		for _, ip := range lookup(s.TLSHost) {
+			host, proto := convert(ip)
+			tlsListener, err := net.Listen(proto, net.JoinHostPort(host, strconv.Itoa(s.TLSPort)))
+			if err != nil {
+				return err
+			}
+			if s.TLSHost == "" || s.TLSPort == 0 {
+				sh, sp, err := swag.SplitHostPort(tlsListener.Addr().String())
+				if err != nil {
+					return err
+				}
+				s.TLSHost = sh
+				s.TLSPort = sp
+			}
+			s.httpsServerL = append(s.httpsServerL, tlsListener)
+		}
+	}
+
+	s.hasListeners = true
+	return nil
+}
+
+// Shutdown server and clean up resources
+func (s *Server) Shutdown() error {
+	if atomic.CompareAndSwapInt32(&s.shuttingDown, 0, 1) {
+		close(s.shutdown)
+	}
+	return nil
+}
+
+func (s *Server) handleShutdown(wg *sync.WaitGroup, serversPtr *[]*http.Server) {
+	// wg.Done must occur last, after s.api.ServerShutdown()
+	// (to preserve old behavior)
+	defer wg.Done()
+
+	<-s.shutdown
+
+	servers := *serversPtr
+
+	ctx, cancel := context.WithTimeout(context.TODO(), s.GracefulTimeout)
+	defer cancel()
+
+	// first execute the pre-shutdown hook
+	s.api.PreServerShutdown()
+
+	shutdownChan := make(chan bool)
+	for i := range servers {
+		server := servers[i]
+		go func() {
+			var success bool
+			defer func() {
+				shutdownChan <- success
+			}()
+			if err := server.Shutdown(ctx); err != nil {
+				// Error from closing listeners, or context timeout:
+				s.Logf("HTTP server Shutdown: %v", err)
+			} else {
+				success = true
+			}
+		}()
+	}
+
+	// Wait until all listeners have successfully shut down before calling ServerShutdown
+	success := true
+	for range servers {
+		success = success && <-shutdownChan
+	}
+	if success {
+		s.api.ServerShutdown()
+	}
+}
+
+// GetHandler returns a handler useful for testing
+func (s *Server) GetHandler() http.Handler {
+	return s.handler
+}
+
+// SetHandler allows for setting a http handler on this server
+func (s *Server) SetHandler(handler http.Handler) {
+	s.handler = handler
+}
+
+// UnixListener returns the domain socket listener
+func (s *Server) UnixListener() (net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.domainSocketL, nil
+}
+
+// HTTPListener returns the http listener
+func (s *Server) HTTPListener() ([]net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.httpServerL, nil
+}
+
+// TLSListener returns the https listener
+func (s *Server) TLSListener() ([]net.Listener, error) {
+	if !s.hasListeners {
+		if err := s.Listen(); err != nil {
+			return nil, err
+		}
+	}
+	return s.httpsServerL, nil
+}
+
+func handleInterrupt(once *sync.Once, s *Server) {
+	once.Do(func() {
+		for range s.interrupt {
+			if s.interrupted {
+				s.Logf("Server already shutting down")
+				continue
+			}
+			s.interrupted = true
+			s.Logf("Shutting down... ")
+			if err := s.Shutdown(); err != nil {
+				s.Logf("HTTP server Shutdown: %v", err)
+			}
+		}
+	})
+}
+
+func signalNotify(interrupt chan<- os.Signal) {
+	signal.Notify(interrupt, syscall.SIGINT, syscall.SIGTERM)
+}

api/doc.go

@@ -16,7 +16,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-// Package restapi MinIO Console Server
+// Package api MinIO Console Server
 //
 //	Schemes:
 //	  http
@@ -35,4 +35,4 @@
 //	  - application/json
 //
 // swagger:meta
-package restapi
+package api

api/errors.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -53,6 +53,7 @@ var (
 	ErrAvoidSelfAccountDelete           = errors.New("logged in user cannot be deleted by itself")
 	ErrAccessDenied                     = errors.New("access denied")
 	ErrOauth2Provider                   = errors.New("unable to contact configured identity provider")
+	ErrOauth2Login                      = errors.New("unable to login using configured identity provider")
 	ErrNonUniqueAccessKey               = errors.New("access key already in use")
 	ErrRemoteTierExists                 = errors.New("specified remote tier already exists")
 	ErrRemoteTierNotFound               = errors.New("specified remote tier was not found")
@@ -84,10 +85,12 @@ type CodedAPIError struct {
 func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 	errorCode := 500
 	errorMessage := ErrDefault.Error()
+	var detailedMessage string
 	var err1 error
 	var exists bool
 	if len(err) > 0 {
 		if err1, exists = err[0].(error); exists {
+			detailedMessage = err1.Error()
 			var lastError error
 			if len(err) > 1 {
 				if err2, lastExists := err[1].(error); lastExists {
@@ -105,15 +108,22 @@ func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 				errorMessage = ErrNotFound.Error()
 			}
 			if errors.Is(err1, ErrInvalidLogin) {
+				detailedMessage = ""
 				errorCode = 401
 				errorMessage = ErrInvalidLogin.Error()
 			}
+			if strings.Contains(strings.ToLower(err1.Error()), ErrAccessDenied.Error()) {
+				errorCode = 403
+				errorMessage = err1.Error()
+			}
 			// If the last error is ErrInvalidLogin, this is a login failure
 			if errors.Is(lastError, ErrInvalidLogin) {
+				detailedMessage = ""
 				errorCode = 401
 				errorMessage = err1.Error()
 			}
 			if strings.Contains(err1.Error(), ErrLoginNotAllowed.Error()) {
+				detailedMessage = ""
 				errorCode = 400
 				errorMessage = ErrLoginNotAllowed.Error()
 			}
@@ -207,6 +217,7 @@ func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 				errorMessage = ErrAccessDenied.Error()
 			}
 			if madmin.ToErrorResponse(err1).Code == "InvalidAccessKeyId" {
+
 				errorCode = 401
 				errorMessage = ErrInvalidSession.Error()
 			}
@@ -257,7 +268,7 @@ func ErrorWithContext(ctx context.Context, err ...interface{}) *CodedAPIError {
 			}
 		}
 	}
-	return &CodedAPIError{Code: errorCode, APIError: &models.APIError{Message: errorMessage, DetailedMessage: err1.Error()}}
+	return &CodedAPIError{Code: errorCode, APIError: &models.APIError{Message: errorMessage, DetailedMessage: detailedMessage}}
 }
 
 // Error receives an errors object and parse it against k8sErrors, returns the right errors code paired with a generic errors message

api/errors_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"context"
@@ -44,37 +44,38 @@ func TestError(t *testing.T) {
 	}
 
 	appErrors := map[string]expectedError{
-		"ErrDefault":                          {code: 500, err: ErrDefault},
-		"ErrInvalidLogin":                     {code: 401, err: ErrInvalidLogin},
-		"ErrForbidden":                        {code: 403, err: ErrForbidden},
-		"ErrFileTooLarge":                     {code: 413, err: ErrFileTooLarge},
-		"ErrInvalidSession":                   {code: 401, err: ErrInvalidSession},
-		"ErrNotFound":                         {code: 404, err: ErrNotFound},
-		"ErrGroupAlreadyExists":               {code: 400, err: ErrGroupAlreadyExists},
-		"ErrInvalidErasureCodingValue":        {code: 400, err: ErrInvalidErasureCodingValue},
-		"ErrBucketBodyNotInRequest":           {code: 400, err: ErrBucketBodyNotInRequest},
-		"ErrBucketNameNotInRequest":           {code: 400, err: ErrBucketNameNotInRequest},
-		"ErrGroupBodyNotInRequest":            {code: 400, err: ErrGroupBodyNotInRequest},
-		"ErrGroupNameNotInRequest":            {code: 400, err: ErrGroupNameNotInRequest},
-		"ErrPolicyNameNotInRequest":           {code: 400, err: ErrPolicyNameNotInRequest},
-		"ErrPolicyBodyNotInRequest":           {code: 400, err: ErrPolicyBodyNotInRequest},
-		"ErrInvalidEncryptionAlgorithm":       {code: 500, err: ErrInvalidEncryptionAlgorithm},
-		"ErrSSENotConfigured":                 {code: 404, err: ErrSSENotConfigured},
-		"ErrBucketLifeCycleNotConfigured":     {code: 404, err: ErrBucketLifeCycleNotConfigured},
-		"ErrChangePassword":                   {code: 403, err: ErrChangePassword},
-		"ErrInvalidLicense":                   {code: 404, err: ErrInvalidLicense},
-		"ErrLicenseNotFound":                  {code: 404, err: ErrLicenseNotFound},
-		"ErrAvoidSelfAccountDelete":           {code: 403, err: ErrAvoidSelfAccountDelete},
-		"ErrAccessDenied":                     {code: 403, err: ErrAccessDenied},
+		"ErrDefault": {code: 500, err: ErrDefault},
+
+		"ErrForbidden":                    {code: 403, err: ErrForbidden},
+		"ErrFileTooLarge":                 {code: 413, err: ErrFileTooLarge},
+		"ErrInvalidSession":               {code: 401, err: ErrInvalidSession},
+		"ErrNotFound":                     {code: 404, err: ErrNotFound},
+		"ErrGroupAlreadyExists":           {code: 400, err: ErrGroupAlreadyExists},
+		"ErrInvalidErasureCodingValue":    {code: 400, err: ErrInvalidErasureCodingValue},
+		"ErrBucketBodyNotInRequest":       {code: 400, err: ErrBucketBodyNotInRequest},
+		"ErrBucketNameNotInRequest":       {code: 400, err: ErrBucketNameNotInRequest},
+		"ErrGroupBodyNotInRequest":        {code: 400, err: ErrGroupBodyNotInRequest},
+		"ErrGroupNameNotInRequest":        {code: 400, err: ErrGroupNameNotInRequest},
+		"ErrPolicyNameNotInRequest":       {code: 400, err: ErrPolicyNameNotInRequest},
+		"ErrPolicyBodyNotInRequest":       {code: 400, err: ErrPolicyBodyNotInRequest},
+		"ErrInvalidEncryptionAlgorithm":   {code: 500, err: ErrInvalidEncryptionAlgorithm},
+		"ErrSSENotConfigured":             {code: 404, err: ErrSSENotConfigured},
+		"ErrBucketLifeCycleNotConfigured": {code: 404, err: ErrBucketLifeCycleNotConfigured},
+		"ErrChangePassword":               {code: 403, err: ErrChangePassword},
+		"ErrInvalidLicense":               {code: 404, err: ErrInvalidLicense},
+		"ErrLicenseNotFound":              {code: 404, err: ErrLicenseNotFound},
+		"ErrAvoidSelfAccountDelete":       {code: 403, err: ErrAvoidSelfAccountDelete},
+
 		"ErrNonUniqueAccessKey":               {code: 500, err: ErrNonUniqueAccessKey},
 		"ErrRemoteTierExists":                 {code: 400, err: ErrRemoteTierExists},
 		"ErrRemoteTierNotFound":               {code: 400, err: ErrRemoteTierNotFound},
 		"ErrRemoteTierUppercase":              {code: 400, err: ErrRemoteTierUppercase},
 		"ErrRemoteTierBucketNotFound":         {code: 400, err: ErrRemoteTierBucketNotFound},
 		"ErrRemoteInvalidCredentials":         {code: 403, err: ErrRemoteInvalidCredentials},
+		"ErrTooFewNodes":                      {code: 500, err: ErrTooFewNodes},
 		"ErrUnableToGetTenantUsage":           {code: 500, err: ErrUnableToGetTenantUsage},
 		"ErrTooManyNodes":                     {code: 500, err: ErrTooManyNodes},
-		"ErrTooFewNodes":                      {code: 500, err: ErrTooFewNodes},
+		"ErrAccessDenied":                     {code: 403, err: ErrAccessDenied},
 		"ErrTooFewAvailableNodes":             {code: 500, err: ErrTooFewAvailableNodes},
 		"ErrFewerThanFourNodes":               {code: 500, err: ErrFewerThanFourNodes},
 		"ErrUnableToGetTenantLogs":            {code: 500, err: ErrUnableToGetTenantLogs},
@@ -96,6 +97,7 @@ func TestError(t *testing.T) {
 			},
 		})
 	}
+
 	tests = append(tests,
 		testError{
 			name: "passing multiple errors but ErrInvalidLogin is last",
@@ -104,9 +106,21 @@ func TestError(t *testing.T) {
 			},
 			want: &CodedAPIError{
 				Code:     int(401),
-				APIError: &models.APIError{Message: ErrDefault.Error(), DetailedMessage: ErrDefault.Error()},
+				APIError: &models.APIError{Message: ErrDefault.Error(), DetailedMessage: ""},
 			},
 		})
+	tests = append(tests,
+		testError{
+			name: "login error omits detailedMessage",
+			args: args{
+				err: []interface{}{ErrInvalidLogin},
+			},
+			want: &CodedAPIError{
+				Code:     int(401),
+				APIError: &models.APIError{Message: ErrInvalidLogin.Error(), DetailedMessage: ""},
+			},
+		})
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got := Error(tt.args.err...)

api/license.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"os"

api/logs.go

@@ -15,7 +15,7 @@
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 //
 
-package restapi
+package api
 
 import (
 	"context"
@@ -58,7 +58,7 @@ type Context struct {
 	TLSCertificate, TLSKey, TLSca string
 }
 
-// Load loads restapi Context from command line context.
+// Load loads api Context from command line context.
 func (c *Context) Load(ctx *cli.Context) error {
 	*c = Context{
 		Host:        ctx.String("host"),

api/logs_test.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package restapi
+package api
 
 import (
 	"flag"