update to v0.7.2

Co-authored-by: Benjamin Perez <benjamin@bexsoft.net>
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>

.github/workflows/go.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.15.x]
+        go-version: [1.16.x]
         os: [ubuntu-latest]
     steps:
       - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}

.gitignore

@@ -27,7 +27,6 @@ dist/
 # Ignore node_modules
 
 portal-ui/node_modules/
-portal-ui/build/
 
 # Ignore tls cert and key
 private.key

.goreleaser.yml

@@ -3,7 +3,7 @@
 project_name: console
 
 release:
-   name_template: "Release version {{.Version}}"
+   name_template: "Release version {{.Tag}}"
    github:
     owner: minio
     name: console
@@ -27,8 +27,6 @@ builds:
       - s390x
       - arm64
     ignore:
-      - goos: darwin
-        goarch: arm64
       - goos: darwin
         goarch: arm
       - goos: windows
@@ -80,11 +78,16 @@ nfpms:
     formats:
       - deb
       - rpm
+    contents:
+      # Basic file that applies to all packagers
+      - src: systemd/console.service
+        dst: /etc/systemd/system/minio-console.service
 
 dockers:
 - image_templates:
   - "minio/console:{{ .Tag }}-amd64"
   use_buildx: true
+  goarch: amd64
   dockerfile: Dockerfile.release
   extra_files:
     - LICENSE
@@ -94,6 +97,7 @@ dockers:
 - image_templates:
   - "minio/console:{{ .Tag }}-ppc64le"
   use_buildx: true
+  goarch: ppc64le
   dockerfile: Dockerfile.release
   extra_files:
     - LICENSE
@@ -103,6 +107,7 @@ dockers:
 - image_templates:
   - "minio/console:{{ .Tag }}-s390x"
   use_buildx: true
+  goarch: s390x
   dockerfile: Dockerfile.release
   extra_files:
     - LICENSE
@@ -113,6 +118,7 @@ dockers:
   - "minio/console:{{ .Tag }}-arm64"
   use_buildx: true
   goarch: arm64
+  goos: linux
   dockerfile: Dockerfile.release
   extra_files:
     - LICENSE

CREDITS

@@ -2836,35 +2836,6 @@ Everyone is permitted to copy and distribute copies of this Agreement, but in or
 This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
 ================================================================
 
-github.com/elazarl/go-bindata-assetfs
-https://github.com/elazarl/go-bindata-assetfs
-----------------------------------------------------------------
-Copyright (c) 2014, Elazar Leibovich
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-================================================================
-
 github.com/evanphx/json-patch
 https://github.com/evanphx/json-patch
 ----------------------------------------------------------------
@@ -13173,28 +13144,28 @@ SOFTWARE.
 github.com/klauspost/readahead
 https://github.com/klauspost/readahead
 ----------------------------------------------------------------
-The MIT License (MIT)
-
-Copyright (c) 2015 Klaus Post
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
+The MIT License (MIT)
+
+Copyright (c) 2015 Klaus Post
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 
 ================================================================
 

DEVELOPMENT.md

@@ -67,7 +67,7 @@ $ cat > consoleAdmin.json << EOF
 }
 EOF
 $ mc admin policy add myminio consoleAdmin consoleAdmin.json
-$ mc admin policy set myminio consoleAdmin user=billy
+$ mc admin policy set myminio consoleAdmin user="uid=billy,dc=example,dc=org"
 ```
 
 ## Run MinIO

Dockerfile

@@ -1,14 +1,7 @@
-FROM golang:1.15 as binlayer
-
-RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
-
 FROM node:10 as uilayer
 
 WORKDIR /app
 
-COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
-COPY --from=binlayer /go/bin/go-bindata /bin/
-
 COPY ./portal-ui/package.json ./
 COPY ./portal-ui/yarn.lock ./
 RUN yarn install
@@ -19,7 +12,7 @@ RUN yarn install && make build-static
 
 USER node
 
-FROM golang:1.15 as golayer
+FROM golang:1.16 as golayer
 
 RUN apt-get update -y && apt-get install -y ca-certificates
 
@@ -33,16 +26,16 @@ RUN go mod download
 ADD . /go/src/github.com/minio/console/
 WORKDIR /go/src/github.com/minio/console/
 
-COPY --from=uilayer /app/bindata_assetfs.go /go/src/github.com/minio/console/portal-ui/bindata_assetfs.go
-
 ENV CGO_ENABLED=0
 
+COPY --from=uilayer /app/build /go/src/github.com/minio/console/portal-ui/build
 RUN go build -ldflags "-w -s" -a -o console ./cmd/console
 
 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090
 
+
 COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 COPY --from=golayer /go/src/github.com/minio/console/console .
 

Dockerfile.assets

@@ -1,14 +1,7 @@
-FROM golang:1.15 as binlayer
-
-RUN go get github.com/go-bindata/go-bindata/... && go get github.com/elazarl/go-bindata-assetfs/...
-
 FROM node:10 as uilayer
 
 WORKDIR /app
 
-COPY --from=binlayer /go/bin/go-bindata-assetfs /bin/
-COPY --from=binlayer /go/bin/go-bindata /bin/
-
 COPY ./portal-ui/package.json ./
 COPY ./portal-ui/yarn.lock ./
 RUN yarn install

Dockerfile.release

@@ -6,8 +6,8 @@ COPY LICENSE /licenses/LICENSE
 LABEL name="MinIO" \
       vendor="MinIO Inc <dev@min.io>" \
       maintainer="MinIO Inc <dev@min.io>" \
-      version="v0.5.2" \
-      release="v0.5.2" \
+      version="v0.6.6" \
+      release="v0.6.6" \
       summary="A graphical user interface for MinIO" \
       description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
 

Makefile

@@ -3,7 +3,7 @@ GOPATH := $(shell go env GOPATH)
 # Sets the build version based on the output of the following command, if we are building for a tag, that's the build else it uses the current git branch as the build
 BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
 BUILD_TIME:=$(shell date 2>/dev/null)
-TAG ?= "minio/console:$(VERSION)-dev"
+TAG ?= "minio/console:$(BUILD_VERSION)-dev"
 
 default: console
 

README.md

@@ -58,7 +58,7 @@ docker pull minio/console
 GO111MODULE=on go get github.com/minio/console/cmd/console
 ```
 > You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
-> Minimum version required is go1.14
+> Minimum version required is go1.16
 
 ## Setup
 

cluster/cluster.go

@@ -17,6 +17,7 @@
 package cluster
 
 import (
+	direct "github.com/minio/direct-csi/pkg/clientset"
 	operator "github.com/minio/operator/pkg/client/clientset/versioned"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
@@ -63,3 +64,8 @@ func OperatorClient(token string) (*operator.Clientset, error) {
 func K8sClient(token string) (*kubernetes.Clientset, error) {
 	return kubernetes.NewForConfig(GetK8sConfig(token))
 }
+
+// DirectCSIClient returns Direct CSI client using GetK8sConfig for its config
+func DirectCSIClient(token string) (*direct.Clientset, error) {
+	return direct.NewForConfig(GetK8sConfig(token))
+}

cmd/console/main.go

@@ -54,6 +54,7 @@ VERSION:
 
 var appCmds = []cli.Command{
 	serverCmd,
+	updateCmd,
 }
 
 func newApp(name string) *cli.App {

cmd/console/server.go

@@ -17,10 +17,15 @@
 package main
 
 import (
+	"context"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
+	"time"
+
+	"github.com/minio/minio/cmd/config"
 
 	"github.com/go-openapi/loads"
 	"github.com/jessevdk/go-flags"
@@ -67,6 +72,21 @@ var serverCmd = cli.Command{
 			Value: certs.GlobalCertsCADir.Get(),
 			Usage: "path to certs directory",
 		},
+		cli.StringFlag{
+			Name:  "tls-certificate",
+			Value: "",
+			Usage: "path tls certificate",
+		},
+		cli.StringFlag{
+			Name:  "tls-key",
+			Value: "",
+			Usage: "path tls key",
+		},
+		cli.StringFlag{
+			Name:  "tls-ca",
+			Value: "",
+			Usage: "path tls ca",
+		},
 	},
 }
 
@@ -121,6 +141,29 @@ func startServer(ctx *cli.Context) error {
 	// load the certificates and the CAs
 	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = certs.GetAllCertificatesAndCAs()
 
+	// TLS flags from swagger server, used to support older versions of minio-operator
+	swaggerServerCertificate := ctx.String("tls-certificate")
+	swaggerServerCertificateKey := ctx.String("tls-key")
+	SwaggerServerCACertificate := ctx.String("tls-ca")
+	// load tls cert and key from swagger server tls-certificate and tls-key flags
+	if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
+		if errAddCert := certs.AddCertificate(context.Background(), restapi.GlobalTLSCertsManager, swaggerServerCertificate, swaggerServerCertificateKey); errAddCert != nil {
+			log.Println(errAddCert)
+		}
+		if x509Certs, errParseCert := config.ParsePublicCertFile(swaggerServerCertificate); errParseCert == nil {
+			if len(x509Certs) > 0 {
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs[0])
+			}
+		}
+	}
+	// load ca cert from swagger server tls-ca flag
+	if SwaggerServerCACertificate != "" {
+		caCert, caCertErr := ioutil.ReadFile(SwaggerServerCACertificate)
+		if caCertErr == nil {
+			restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+		}
+	}
+
 	if len(restapi.GlobalPublicCerts) > 0 {
 		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
 		// plain HTTP connections to HTTPS server
@@ -135,6 +178,28 @@ func startServer(ctx *cli.Context) error {
 
 	server.ConfigureAPI()
 
+	// subnet license refresh process
+	go func() {
+		failedAttempts := 0
+		for {
+			if err := restapi.RefreshLicense(); err != nil {
+				log.Println(err)
+				failedAttempts++
+				// end license refresh after 3 consecutive failed attempts
+				if failedAttempts >= 3 {
+					return
+				}
+				// wait 5 minutes and retry again
+				time.Sleep(time.Minute * 5)
+				continue
+			}
+			// if license refreshed successfully reset the counter
+			failedAttempts = 0
+			// try to refresh license every 24 hrs
+			time.Sleep(time.Hour * 24)
+		}
+	}()
+
 	if err := server.Serve(); err != nil {
 		log.Fatalln(err)
 	}

cmd/console/update.go

@@ -0,0 +1,154 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/blang/semver/v4"
+	"github.com/cheggaaa/pb/v3"
+	"github.com/minio/cli"
+	"github.com/minio/console/pkg"
+	"github.com/minio/selfupdate"
+)
+
+func getUpdateTransport(timeout time.Duration) http.RoundTripper {
+	var updateTransport http.RoundTripper = &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   timeout,
+			KeepAlive: timeout,
+			DualStack: true,
+		}).DialContext,
+		IdleConnTimeout:       timeout,
+		TLSHandshakeTimeout:   timeout,
+		ExpectContinueTimeout: timeout,
+		DisableCompression:    true,
+	}
+	return updateTransport
+}
+
+func getUpdateReaderFromURL(u string, transport http.RoundTripper) (io.ReadCloser, int64, error) {
+	clnt := &http.Client{
+		Transport: transport,
+	}
+	req, err := http.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, -1, err
+	}
+
+	resp, err := clnt.Do(req)
+	if err != nil {
+		return nil, -1, err
+	}
+	return resp.Body, resp.ContentLength, nil
+}
+
+const defaultPubKey = "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+
+func getLatestRelease(tr http.RoundTripper) (string, error) {
+	releaseURL := "https://api.github.com/repos/minio/console/releases/latest"
+
+	body, _, err := getUpdateReaderFromURL(releaseURL, tr)
+	if err != nil {
+		return "", fmt.Errorf("unable to access github release URL %w", err)
+	}
+	defer body.Close()
+
+	lm := make(map[string]interface{})
+	if err = json.NewDecoder(body).Decode(&lm); err != nil {
+		return "", err
+	}
+	rel, ok := lm["tag_name"].(string)
+	if !ok {
+		return "", errors.New("unable to find latest release tag")
+	}
+	return rel, nil
+}
+
+// update console in-place
+var updateCmd = cli.Command{
+	Name:   "update",
+	Usage:  "update console to latest release",
+	Action: updateInplace,
+}
+
+func updateInplace(ctx *cli.Context) error {
+	transport := getUpdateTransport(30 * time.Second)
+	rel, err := getLatestRelease(transport)
+	if err != nil {
+		return err
+	}
+
+	latest, err := semver.Make(strings.TrimPrefix(rel, "v"))
+	if err != nil {
+		return err
+	}
+
+	current, err := semver.Make(pkg.Version)
+	if err != nil {
+		return err
+	}
+
+	if current.GTE(latest) {
+		fmt.Printf("You are already running the latest version v%v.\n", pkg.Version)
+		return nil
+	}
+
+	consoleBin := fmt.Sprintf("https://github.com/minio/console/releases/download/%s/console-%s-%s", rel, runtime.GOOS, runtime.GOARCH)
+	reader, length, err := getUpdateReaderFromURL(consoleBin, transport)
+	if err != nil {
+		return fmt.Errorf("unable to fetch binary from %s: %w", consoleBin, err)
+	}
+
+	minisignPubkey := os.Getenv("CONSOLE_MINISIGN_PUBKEY")
+	if minisignPubkey == "" {
+		minisignPubkey = defaultPubKey
+	}
+
+	v := selfupdate.NewVerifier()
+	if err = v.LoadFromURL(consoleBin+".minisig", minisignPubkey, transport); err != nil {
+		return fmt.Errorf("unable to fetch binary signature for %s: %w", consoleBin, err)
+	}
+	opts := selfupdate.Options{
+		Verifier: v,
+	}
+
+	tmpl := `{{ red "Downloading:" }} {{bar . (red "[") (green "=") (red "]")}} {{speed . | rndcolor }}`
+	bar := pb.ProgressBarTemplate(tmpl).Start64(length)
+	barReader := bar.NewProxyReader(reader)
+	if err = selfupdate.Apply(barReader, opts); err != nil {
+		bar.Finish()
+		if rerr := selfupdate.RollbackError(err); rerr != nil {
+			return rerr
+		}
+		return err
+	}
+
+	bar.Finish()
+	fmt.Printf("Updated 'console' to latest release %s\n", rel)
+	return nil
+}

compose/.env

@@ -0,0 +1,61 @@
+## PostgreSQL related variables
+
+# Postgres Docker image
+POSTGRES_IMAGE=library/postgres
+
+# Postgres user
+POSTGRES_USER=postgres
+
+# Postgres password
+POSTGRES_PASSWORD=magical_password
+
+# Postgres port number
+POSTGRES_PORT=5432
+
+# Postgres data directory
+PGDATA=/data/postgres
+
+
+## Logsearch related variables
+
+# Logsearch Docker image
+LOGSEARCH_IMAGE=minio/logsearchapi:v4.0.2
+
+# Logsearch storage max
+LOGSEARCH_DISK_CAPACITY_GB=5
+
+# Logsearch port number
+LOGSEARCH_PORT=8080
+
+# Log retention duration
+LOGSEARCH_MAX_RETENTION_MONTHS=1
+
+# Logsearch audit authentication token
+LOGSEARCH_AUDIT_AUTH_TOKEN=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+
+# Logsearch query authentication token
+LOGSEARCH_QUERY_AUTH_TOKEN=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+
+
+## Console related variables
+
+# Console Docker image
+CONSOLE_IMAGE=minio/console:v0.6.2
+
+# Salt to encrypt JWT payload
+CONSOLE_PBKDF_PASSPHRASE=top_secret
+
+# Required to encrypt JWT payload
+CONSOLE_PBKDF_SALT=top_secret1
+
+# MinIO Server URL
+CONSOLE_MINIO_SERVER=http://localhost:9000
+
+
+## Prometheus related variables
+
+# Prometheus Docker image
+PROMETHEUS_IMAGE=prom/prometheus:latest
+
+# Prometheus port number
+PROMETHEUS_PORT=9999

compose/README.md

@@ -0,0 +1,64 @@
+
+## Console Docker Compose
+
+This compose file allows users to quickly deploy MinIO Console, LogSearch & Prometheus in a baremetal (non Kubernetes) environment.
+
+### Pre-requisites
+
+1. [MinIO](https://docs.minio.io/docs/distributed-minio-quickstart-guide.html) cluster up and running.
+2. [mc](https://docs.minio.io/docs/minio-client-quickstart-guide.html) configured for this MinIO cluster.
+3. [Docker-Compose](https://docs.docker.com/compose/) installed on the server.
+
+### Getting Started
+
+- Download the contents of `compose` directory on your machine.
+
+- Edit the `prometheus.yaml` file and fill in the correct target (MinIO Endpoint). Optionally setup the `bearer_token` as explained [here](https://github.com/minio/minio/tree/master/docs/metrics/prometheus#31-authenticated-prometheus-config).
+
+- Setup a console admin policy.
+
+```sh
+cat > admin.json << EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+			"Action": [
+				"admin:*"
+			],
+			"Effect": "Allow",
+			"Sid": ""
+		},
+		{
+			"Action": [
+                "s3:*"
+			],
+			"Effect": "Allow",
+			"Resource": [
+				"arn:aws:s3:::*"
+			],
+			"Sid": ""
+		}
+	]
+}
+EOF
+```
+
+Then create this policy on MinIO server: `mc admin policy add myminio consoleAdmin admin.json`.
+
+- Setup user and policy for Console
+
+```
+mc admin user add myminio console console123
+mc admin policy set myminio consoleAdmin user=console
+```
+
+- Configure Webhook target on the MinIO server. Remember to change the `token` value in below URL to the actual token value as set in the `.env` file.
+
+```
+mc admin config set myminio audit_webhook:1 endpoint=http://localhost:8080/api/ingest?token=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+mc admin service restart myminio
+```
+
+### Configuration
+
+To configure the Console Compose file to custom setup, please take a look at the [`.env`](./.env) file.

compose/docker-compose.yaml

@@ -0,0 +1,62 @@
+version: '3.4'
+services:
+  pg_database:
+    image: ${POSTGRES_IMAGE}
+    network_mode: host
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - PGDATA=${PGDATA}
+      - POSTGRES_DB=minio_logs
+    volumes:
+      - database:${PGDATA}
+    ports:
+      - ${POSTGRES_PORT}:${POSTGRES_PORT}
+
+  log_search:
+    image: ${LOGSEARCH_IMAGE}
+    network_mode: host
+    environment:
+      - LOGSEARCH_AUDIT_AUTH_TOKEN=${LOGSEARCH_AUDIT_AUTH_TOKEN}
+      - LOGSEARCH_QUERY_AUTH_TOKEN=${LOGSEARCH_QUERY_AUTH_TOKEN}
+      - LOGSEARCH_DISK_CAPACITY_GB=${LOGSEARCH_DISK_CAPACITY_GB}
+      - LOGSEARCH_MAX_RETENTION_MONTHS=${LOGSEARCH_MAX_RETENTION_MONTHS}
+      - LOGSEARCH_PG_CONN_STR=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${POSTGRES_PORT}/minio_logs?sslmode=disable
+    ports:
+      - ${LOGSEARCH_PORT}:${LOGSEARCH_PORT}
+    command: ["/usr/bin/wait-for-it.sh", "localhost:${POSTGRES_PORT}", "--", "/logsearchapi"]
+    volumes:
+      - ./wait-for-it.sh:/usr/bin/wait-for-it.sh
+    depends_on:
+      - pg_database
+
+  console:
+    image: ${CONSOLE_IMAGE}
+    network_mode: host
+    environment:
+      - CONSOLE_PBKDF_PASSPHRASE=${CONSOLE_PBKDF_PASSPHRASE}
+      - CONSOLE_PBKDF_SALT=${CONSOLE_PBKDF_SALT}
+      - LOGSEARCH_QUERY_AUTH_TOKEN=${LOGSEARCH_QUERY_AUTH_TOKEN}
+      - CONSOLE_MINIO_SERVER=${CONSOLE_MINIO_SERVER}
+      - CONSOLE_LOG_QUERY_URL=http://localhost:${LOGSEARCH_PORT}
+      - CONSOLE_PROMETHEUS_URL=http://localhost:${PROMETHEUS_PORT}
+    ports:
+      - "9090:9090"
+    command: server
+    depends_on:
+      - log_search
+      - prometheus
+
+  prometheus:
+    image: ${PROMETHEUS_IMAGE}
+    network_mode: host
+    ports:
+      - ${PROMETHEUS_PORT}:${PROMETHEUS_PORT}
+    command:
+      - --config.file=/etc/prometheus/prometheus.yml 
+      - --web.listen-address=:${PROMETHEUS_PORT}
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+
+volumes:
+  database:

compose/prometheus.yml

@@ -0,0 +1,15 @@
+global:
+  scrape_interval:     10s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 30s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+    # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: minio-node1
+    metrics_path: /minio/v2/metrics/cluster
+    scheme: http
+    static_configs:
+    - targets: 
+      - 'localhost:9000'

compose/wait-for-it.sh

@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi

go.mod

@@ -1,10 +1,11 @@
 module github.com/minio/console
 
-go 1.15
+go 1.16
 
 require (
+	github.com/blang/semver/v4 v4.0.0
+	github.com/cheggaaa/pb/v3 v3.0.6
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/elazarl/go-bindata-assetfs v1.0.0
 	github.com/go-openapi/errors v0.19.6
 	github.com/go-openapi/loads v0.19.5
 	github.com/go-openapi/runtime v0.19.19
@@ -15,19 +16,22 @@ require (
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/minio/cli v1.22.0
+	github.com/minio/direct-csi v1.2.8
 	github.com/minio/kes v0.11.0
-	github.com/minio/mc v0.0.0-20210213084525-7672841f8c58
-	github.com/minio/minio v0.0.0-20210216195645-87cce344f6e4
-	github.com/minio/minio-go/v7 v7.0.9-0.20210210235136-83423dddb072
-	github.com/minio/operator v0.0.0-20210201110528-753019b838b4
+	github.com/minio/mc v0.0.0-20210422171734-4eae7ec7ed25
+	github.com/minio/minio v0.0.0-20210423185853-cbfdf97abf9f
+	github.com/minio/minio-go/v7 v7.0.11-0.20210407221404-ba867dba7ee1
+	github.com/minio/operator v0.0.0-20210419212754-93a9239fd18b
 	github.com/minio/operator/logsearchapi v0.0.0-20210201110528-753019b838b4
+	github.com/minio/selfupdate v0.3.1
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	github.com/rs/xid v1.2.1
 	github.com/secure-io/sio-go v0.3.1
 	github.com/stretchr/testify v1.6.1
 	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392
-	golang.org/x/net v0.0.0-20201216054612-986b41b23924
+	golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	gopkg.in/yaml.v2 v2.3.0
 	k8s.io/api v0.20.2

k8s/console/base/console-cluster-role.yaml

@@ -3,20 +3,6 @@ kind: ClusterRole
 metadata:
   name: console-sa-role
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - services
-      - events
-      - resourcequotas
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
   - apiGroups:
       - ""
     resources:
@@ -27,8 +13,33 @@ rules:
       - create
       - list
       - patch
+      - update
       - deletecollection
-      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
+      - watch
+      - update
   - apiGroups:
       - "storage.k8s.io"
     resources:
@@ -86,3 +97,126 @@ rules:
       - "*"
     verbs:
       - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - create
+    - list
+    - watch
+    - update
+    - patch
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshots
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshotcontents
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - csinodes
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - volumeattachments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - volumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - directcsidrives
+    - directcsivolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - pod
+    verbs:
+    - get
+    - list
+    - watch

k8s/console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.5.2
+          image: minio/console:v0.7.2
           imagePullPolicy: "IfNotPresent"
           args:
             - server

k8s/operator-console/base/console-cluster-role.yaml

@@ -38,6 +38,8 @@ rules:
       - deletecollection
       - list
       - get
+      - watch
+      - update
   - apiGroups:
       - "storage.k8s.io"
     resources:
@@ -95,3 +97,126 @@ rules:
       - "*"
     verbs:
       - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - create
+    - list
+    - watch
+    - update
+    - patch
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshots
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshotcontents
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - csinodes
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - volumeattachments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - volumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - directcsidrives
+    - directcsivolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - pod
+    verbs:
+    - get
+    - list
+    - watch

k8s/operator-console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.5.2
+          image: minio/console:v0.7.2
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_OPERATOR_MODE

models/add_bucket_lifecycle.go

@@ -0,0 +1,93 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketLifecycle add bucket lifecycle
+//
+// swagger:model addBucketLifecycle
+type AddBucketLifecycle struct {
+
+	// Non required, toggle to disable or enable rule
+	Disable bool `json:"disable,omitempty"`
+
+	// Non required, toggle to disable or enable rule
+	ExpiredObjectDeleteMarker bool `json:"expired_object_delete_marker,omitempty"`
+
+	// Required in case of expiry_days or transition fields are not set. it defines an expiry date for ILM
+	ExpiryDate string `json:"expiry_date,omitempty"`
+
+	// Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
+	ExpiryDays int32 `json:"expiry_days,omitempty"`
+
+	// Non required, can be set in case of expiration is enabled
+	NoncurrentversionExpirationDays int32 `json:"noncurrentversion_expiration_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionDays int32 `json:"noncurrentversion_transition_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionStorageClass string `json:"noncurrentversion_transition_storage_class,omitempty"`
+
+	// Non required field, it matches a prefix to perform ILM operations on it
+	Prefix string `json:"prefix,omitempty"`
+
+	// Required only in case of transition is set. it refers to a tier
+	StorageClass string `json:"storage_class,omitempty"`
+
+	// Non required field, tags to match ILM files
+	Tags string `json:"tags,omitempty"`
+
+	// Required in case of transition_days or expiry fields are not set. it defines a transition date for ILM
+	TransitionDate string `json:"transition_date,omitempty"`
+
+	// Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
+	TransitionDays int32 `json:"transition_days,omitempty"`
+}
+
+// Validate validates this add bucket lifecycle
+func (m *AddBucketLifecycle) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketLifecycle) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketLifecycle) UnmarshalBinary(b []byte) error {
+	var res AddBucketLifecycle
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_lifecycle_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketLifecycleResponse bucket lifecycle response
+//
+// swagger:model bucketLifecycleResponse
+type BucketLifecycleResponse struct {
+
+	// lifecycle
+	Lifecycle []*ObjectBucketLifecycle `json:"lifecycle"`
+}
+
+// Validate validates this bucket lifecycle response
+func (m *BucketLifecycleResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateLifecycle(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketLifecycleResponse) validateLifecycle(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Lifecycle) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Lifecycle); i++ {
+		if swag.IsZero(m.Lifecycle[i]) { // not required
+			continue
+		}
+
+		if m.Lifecycle[i] != nil {
+			if err := m.Lifecycle[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("lifecycle" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketLifecycleResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketLifecycleResponse) UnmarshalBinary(b []byte) error {
+	var res BucketLifecycleResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/bucket_ob_locking_response.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObLockingResponse bucket ob locking response
+//
+// swagger:model bucketObLockingResponse
+type BucketObLockingResponse struct {
+
+	// object locking enabled
+	ObjectLockingEnabled bool `json:"object_locking_enabled,omitempty"`
+}
+
+// Validate validates this bucket ob locking response
+func (m *BucketObLockingResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObLockingResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObLockingResponse) UnmarshalBinary(b []byte) error {
+	var res BucketObLockingResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/create_tenant_request.go

@@ -84,6 +84,9 @@ type CreateTenantRequest struct {
 	// labels
 	Labels map[string]string `json:"labels,omitempty"`
 
+	// log search configuration
+	LogSearchConfiguration *LogSearchConfiguration `json:"logSearchConfiguration,omitempty"`
+
 	// mounth path
 	MounthPath string `json:"mounth_path,omitempty"`
 
@@ -100,6 +103,9 @@ type CreateTenantRequest struct {
 	// Required: true
 	Pools []*Pool `json:"pools"`
 
+	// prometheus configuration
+	PrometheusConfiguration *PrometheusConfiguration `json:"prometheusConfiguration,omitempty"`
+
 	// secret key
 	SecretKey string `json:"secret_key,omitempty"`
 
@@ -127,6 +133,10 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateLogSearchConfiguration(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}
@@ -139,6 +149,10 @@ func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validatePrometheusConfiguration(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateTLS(formats); err != nil {
 		res = append(res, err)
 	}
@@ -221,6 +235,24 @@ func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) err
 	return nil
 }
 
+func (m *CreateTenantRequest) validateLogSearchConfiguration(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.LogSearchConfiguration) { // not required
+		return nil
+	}
+
+	if m.LogSearchConfiguration != nil {
+		if err := m.LogSearchConfiguration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("logSearchConfiguration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
 
 	if err := validate.Required("name", "body", m.Name); err != nil {
@@ -268,6 +300,24 @@ func (m *CreateTenantRequest) validatePools(formats strfmt.Registry) error {
 	return nil
 }
 
+func (m *CreateTenantRequest) validatePrometheusConfiguration(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PrometheusConfiguration) { // not required
+		return nil
+	}
+
+	if m.PrometheusConfiguration != nil {
+		if err := m.PrometheusConfiguration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("prometheusConfiguration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
 
 	if swag.IsZero(m.TLS) { // not required

models/create_tenant_response.go

@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"strconv"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -34,7 +36,7 @@ import (
 type CreateTenantResponse struct {
 
 	// console
-	Console *CreateTenantResponseConsole `json:"console,omitempty"`
+	Console []*TenantResponseItem `json:"console"`
 }
 
 // Validate validates this create tenant response
@@ -57,13 +59,20 @@ func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
 		return nil
 	}
 
-	if m.Console != nil {
-		if err := m.Console.Validate(formats); err != nil {
-			if ve, ok := err.(*errors.Validation); ok {
-				return ve.ValidateName("console")
-			}
-			return err
+	for i := 0; i < len(m.Console); i++ {
+		if swag.IsZero(m.Console[i]) { // not required
+			continue
 		}
+
+		if m.Console[i] != nil {
+			if err := m.Console[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("console" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
 	}
 
 	return nil
@@ -86,38 +95,3 @@ func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
-
-// CreateTenantResponseConsole create tenant response console
-//
-// swagger:model CreateTenantResponseConsole
-type CreateTenantResponseConsole struct {
-
-	// access key
-	AccessKey string `json:"access_key,omitempty"`
-
-	// secret key
-	SecretKey string `json:"secret_key,omitempty"`
-}
-
-// Validate validates this create tenant response console
-func (m *CreateTenantResponseConsole) Validate(formats strfmt.Registry) error {
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *CreateTenantResponseConsole) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *CreateTenantResponseConsole) UnmarshalBinary(b []byte) error {
-	var res CreateTenantResponseConsole
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}

models/csi_format_error_response.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CsiFormatErrorResponse csi format error response
+//
+// swagger:model csiFormatErrorResponse
+type CsiFormatErrorResponse struct {
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// error
+	Error string `json:"error,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+}
+
+// Validate validates this csi format error response
+func (m *CsiFormatErrorResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsiFormatErrorResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsiFormatErrorResponse) UnmarshalBinary(b []byte) error {
+	var res CsiFormatErrorResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/direct_c_s_i_drive_info.go

@@ -0,0 +1,78 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DirectCSIDriveInfo direct c s i drive info
+//
+// swagger:model directCSIDriveInfo
+type DirectCSIDriveInfo struct {
+
+	// allocated
+	Allocated int64 `json:"allocated,omitempty"`
+
+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// volumes
+	Volumes int64 `json:"volumes,omitempty"`
+}
+
+// Validate validates this direct c s i drive info
+func (m *DirectCSIDriveInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DirectCSIDriveInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DirectCSIDriveInfo) UnmarshalBinary(b []byte) error {
+	var res DirectCSIDriveInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/direct_c_s_i_volume_info.go

@@ -0,0 +1,69 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DirectCSIVolumeInfo direct c s i volume info
+//
+// swagger:model directCSIVolumeInfo
+type DirectCSIVolumeInfo struct {
+
+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+
+	// volume
+	Volume string `json:"volume,omitempty"`
+}
+
+// Validate validates this direct c s i volume info
+func (m *DirectCSIVolumeInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DirectCSIVolumeInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DirectCSIVolumeInfo) UnmarshalBinary(b []byte) error {
+	var res DirectCSIVolumeInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/encryption_configuration.go

@@ -49,6 +49,9 @@ type EncryptionConfiguration struct {
 	// image
 	Image string `json:"image,omitempty"`
 
+	// replicas
+	Replicas string `json:"replicas,omitempty"`
+
 	// server
 	Server *KeyPairConfiguration `json:"server,omitempty"`
 
@@ -77,6 +80,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
 
 		Image string `json:"image,omitempty"`
 
+		Replicas string `json:"replicas,omitempty"`
+
 		Server *KeyPairConfiguration `json:"server,omitempty"`
 
 		Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -95,6 +100,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
 
 	m.Image = dataAO1.Image
 
+	m.Replicas = dataAO1.Replicas
+
 	m.Server = dataAO1.Server
 
 	m.Vault = dataAO1.Vault
@@ -122,6 +129,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
 
 		Image string `json:"image,omitempty"`
 
+		Replicas string `json:"replicas,omitempty"`
+
 		Server *KeyPairConfiguration `json:"server,omitempty"`
 
 		Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -137,6 +146,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
 
 	dataAO1.Image = m.Image
 
+	dataAO1.Replicas = m.Replicas
+
 	dataAO1.Server = m.Server
 
 	dataAO1.Vault = m.Vault

models/expiration_response.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ExpirationResponse expiration response
+//
+// swagger:model expirationResponse
+type ExpirationResponse struct {
+
+	// date
+	Date string `json:"date,omitempty"`
+
+	// days
+	Days int64 `json:"days,omitempty"`
+
+	// delete marker
+	DeleteMarker bool `json:"delete_marker,omitempty"`
+}
+
+// Validate validates this expiration response
+func (m *ExpirationResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ExpirationResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ExpirationResponse) UnmarshalBinary(b []byte) error {
+	var res ExpirationResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/format_configuration.go

@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// FormatConfiguration format configuration
+//
+// swagger:model formatConfiguration
+type FormatConfiguration struct {
+
+	// drives
+	// Required: true
+	// Min Length: 1
+	Drives []string `json:"drives"`
+
+	// force
+	// Required: true
+	Force *bool `json:"force"`
+}
+
+// Validate validates this format configuration
+func (m *FormatConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDrives(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateForce(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *FormatConfiguration) validateDrives(formats strfmt.Registry) error {
+
+	if err := validate.Required("drives", "body", m.Drives); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *FormatConfiguration) validateForce(formats strfmt.Registry) error {
+
+	if err := validate.Required("force", "body", m.Force); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *FormatConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *FormatConfiguration) UnmarshalBinary(b []byte) error {
+	var res FormatConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/format_direct_c_s_i_drives_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// FormatDirectCSIDrivesResponse format direct c s i drives response
+//
+// swagger:model formatDirectCSIDrivesResponse
+type FormatDirectCSIDrivesResponse struct {
+
+	// format issues list
+	FormatIssuesList []*CsiFormatErrorResponse `json:"formatIssuesList"`
+}
+
+// Validate validates this format direct c s i drives response
+func (m *FormatDirectCSIDrivesResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateFormatIssuesList(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *FormatDirectCSIDrivesResponse) validateFormatIssuesList(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.FormatIssuesList) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.FormatIssuesList); i++ {
+		if swag.IsZero(m.FormatIssuesList[i]) { // not required
+			continue
+		}
+
+		if m.FormatIssuesList[i] != nil {
+			if err := m.FormatIssuesList[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("formatIssuesList" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *FormatDirectCSIDrivesResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *FormatDirectCSIDrivesResponse) UnmarshalBinary(b []byte) error {
+	var res FormatDirectCSIDrivesResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/get_direct_c_s_i_drive_list_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// GetDirectCSIDriveListResponse get direct c s i drive list response
+//
+// swagger:model getDirectCSIDriveListResponse
+type GetDirectCSIDriveListResponse struct {
+
+	// drives
+	Drives []*DirectCSIDriveInfo `json:"drives"`
+}
+
+// Validate validates this get direct c s i drive list response
+func (m *GetDirectCSIDriveListResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDrives(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GetDirectCSIDriveListResponse) validateDrives(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Drives) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Drives); i++ {
+		if swag.IsZero(m.Drives[i]) { // not required
+			continue
+		}
+
+		if m.Drives[i] != nil {
+			if err := m.Drives[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("drives" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GetDirectCSIDriveListResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GetDirectCSIDriveListResponse) UnmarshalBinary(b []byte) error {
+	var res GetDirectCSIDriveListResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/get_direct_c_s_i_volume_list_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// GetDirectCSIVolumeListResponse get direct c s i volume list response
+//
+// swagger:model getDirectCSIVolumeListResponse
+type GetDirectCSIVolumeListResponse struct {
+
+	// volumes
+	Volumes []*DirectCSIVolumeInfo `json:"volumes"`
+}
+
+// Validate validates this get direct c s i volume list response
+func (m *GetDirectCSIVolumeListResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateVolumes(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *GetDirectCSIVolumeListResponse) validateVolumes(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Volumes) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Volumes); i++ {
+		if swag.IsZero(m.Volumes[i]) { // not required
+			continue
+		}
+
+		if m.Volumes[i] != nil {
+			if err := m.Volumes[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("volumes" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *GetDirectCSIVolumeListResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *GetDirectCSIVolumeListResponse) UnmarshalBinary(b []byte) error {
+	var res GetDirectCSIVolumeListResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/has_permission_request.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// HasPermissionRequest has permission request
+//
+// swagger:model hasPermissionRequest
+type HasPermissionRequest struct {
+
+	// actions
+	Actions []*PolicyArgs `json:"actions"`
+}
+
+// Validate validates this has permission request
+func (m *HasPermissionRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateActions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *HasPermissionRequest) validateActions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Actions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Actions); i++ {
+		if swag.IsZero(m.Actions[i]) { // not required
+			continue
+		}
+
+		if m.Actions[i] != nil {
+			if err := m.Actions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("actions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *HasPermissionRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *HasPermissionRequest) UnmarshalBinary(b []byte) error {
+	var res HasPermissionRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/has_permission_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// HasPermissionResponse has permission response
+//
+// swagger:model hasPermissionResponse
+type HasPermissionResponse struct {
+
+	// permissions
+	Permissions []*PermissionAction `json:"permissions"`
+}
+
+// Validate validates this has permission response
+func (m *HasPermissionResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePermissions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *HasPermissionResponse) validatePermissions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Permissions) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Permissions); i++ {
+		if swag.IsZero(m.Permissions[i]) { // not required
+			continue
+		}
+
+		if m.Permissions[i] != nil {
+			if err := m.Permissions[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("permissions" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *HasPermissionResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *HasPermissionResponse) UnmarshalBinary(b []byte) error {
+	var res HasPermissionResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/idp_configuration.go

@@ -23,6 +23,8 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command
 
 import (
+	"strconv"
+
 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
@@ -37,6 +39,9 @@ type IdpConfiguration struct {
 	// active directory
 	ActiveDirectory *IdpConfigurationActiveDirectory `json:"active_directory,omitempty"`
 
+	// keys
+	Keys []*IdpConfigurationKeysItems0 `json:"keys"`
+
 	// oidc
 	Oidc *IdpConfigurationOidc `json:"oidc,omitempty"`
 }
@@ -49,6 +54,10 @@ func (m *IdpConfiguration) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}
 
+	if err := m.validateKeys(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateOidc(formats); err != nil {
 		res = append(res, err)
 	}
@@ -77,6 +86,31 @@ func (m *IdpConfiguration) validateActiveDirectory(formats strfmt.Registry) erro
 	return nil
 }
 
+func (m *IdpConfiguration) validateKeys(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Keys) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Keys); i++ {
+		if swag.IsZero(m.Keys[i]) { // not required
+			continue
+		}
+
+		if m.Keys[i] != nil {
+			if err := m.Keys[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("keys" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
 func (m *IdpConfiguration) validateOidc(formats strfmt.Registry) error {
 
 	if swag.IsZero(m.Oidc) { // not required
@@ -213,6 +247,74 @@ func (m *IdpConfigurationActiveDirectory) UnmarshalBinary(b []byte) error {
 	return nil
 }
 
+// IdpConfigurationKeysItems0 idp configuration keys items0
+//
+// swagger:model IdpConfigurationKeysItems0
+type IdpConfigurationKeysItems0 struct {
+
+	// access key
+	// Required: true
+	AccessKey *string `json:"access_key"`
+
+	// secret key
+	// Required: true
+	SecretKey *string `json:"secret_key"`
+}
+
+// Validate validates this idp configuration keys items0
+func (m *IdpConfigurationKeysItems0) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IdpConfigurationKeysItems0) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("access_key", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *IdpConfigurationKeysItems0) validateSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secret_key", "body", m.SecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IdpConfigurationKeysItems0) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IdpConfigurationKeysItems0) UnmarshalBinary(b []byte) error {
+	var res IdpConfigurationKeysItems0
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
 // IdpConfigurationOidc idp configuration oidc
 //
 // swagger:model IdpConfigurationOidc

models/lifecycle_tag.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// LifecycleTag lifecycle tag
+//
+// swagger:model lifecycleTag
+type LifecycleTag struct {
+
+	// key
+	Key string `json:"key,omitempty"`
+
+	// value
+	Value string `json:"value,omitempty"`
+}
+
+// Validate validates this lifecycle tag
+func (m *LifecycleTag) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *LifecycleTag) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *LifecycleTag) UnmarshalBinary(b []byte) error {
+	var res LifecycleTag
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/list_external_buckets_params.go

@@ -0,0 +1,145 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// ListExternalBucketsParams list external buckets params
+//
+// swagger:model listExternalBucketsParams
+type ListExternalBucketsParams struct {
+
+	// access key
+	// Required: true
+	// Min Length: 3
+	AccessKey *string `json:"accessKey"`
+
+	// region
+	Region string `json:"region,omitempty"`
+
+	// secret key
+	// Required: true
+	// Min Length: 8
+	SecretKey *string `json:"secretKey"`
+
+	// target URL
+	// Required: true
+	TargetURL *string `json:"targetURL"`
+
+	// use TLS
+	// Required: true
+	UseTLS *bool `json:"useTLS"`
+}
+
+// Validate validates this list external buckets params
+func (m *ListExternalBucketsParams) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUseTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListExternalBucketsParams) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("accessKey", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("accessKey", "body", string(*m.AccessKey), 3); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ListExternalBucketsParams) validateSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretKey", "body", m.SecretKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("secretKey", "body", string(*m.SecretKey), 8); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ListExternalBucketsParams) validateTargetURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetURL", "body", m.TargetURL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *ListExternalBucketsParams) validateUseTLS(formats strfmt.Registry) error {
+
+	if err := validate.Required("useTLS", "body", m.UseTLS); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListExternalBucketsParams) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListExternalBucketsParams) UnmarshalBinary(b []byte) error {
+	var res ListExternalBucketsParams
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/list_p_v_cs_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ListPVCsResponse list p v cs response
+//
+// swagger:model listPVCsResponse
+type ListPVCsResponse struct {
+
+	// pvcs
+	Pvcs []*PvcsListResponse `json:"pvcs"`
+}
+
+// Validate validates this list p v cs response
+func (m *ListPVCsResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePvcs(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ListPVCsResponse) validatePvcs(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Pvcs) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Pvcs); i++ {
+		if swag.IsZero(m.Pvcs[i]) { // not required
+			continue
+		}
+
+		if m.Pvcs[i] != nil {
+			if err := m.Pvcs[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("pvcs" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ListPVCsResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ListPVCsResponse) UnmarshalBinary(b []byte) error {
+	var res ListPVCsResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/log_search_configuration.go

@@ -0,0 +1,69 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// LogSearchConfiguration log search configuration
+//
+// swagger:model logSearchConfiguration
+type LogSearchConfiguration struct {
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// postgres image
+	PostgresImage string `json:"postgres_image,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// storage size
+	StorageSize *float64 `json:"storageSize,omitempty"`
+}
+
+// Validate validates this log search configuration
+func (m *LogSearchConfiguration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *LogSearchConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *LogSearchConfiguration) UnmarshalBinary(b []byte) error {
+	var res LogSearchConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/make_bucket_request.go

@@ -34,6 +34,9 @@ import (
 // swagger:model makeBucketRequest
 type MakeBucketRequest struct {
 
+	// locking
+	Locking bool `json:"locking,omitempty"`
+
 	// name
 	// Required: true
 	Name *string `json:"name"`

models/multi_bucket_replication.go

@@ -0,0 +1,164 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// MultiBucketReplication multi bucket replication
+//
+// swagger:model multiBucketReplication
+type MultiBucketReplication struct {
+
+	// access key
+	// Required: true
+	// Min Length: 3
+	AccessKey *string `json:"accessKey"`
+
+	// buckets relation
+	// Required: true
+	// Min Length: 1
+	BucketsRelation []*MultiBucketsRelation `json:"bucketsRelation"`
+
+	// region
+	Region string `json:"region,omitempty"`
+
+	// secret key
+	// Required: true
+	// Min Length: 8
+	SecretKey *string `json:"secretKey"`
+
+	// target URL
+	// Required: true
+	TargetURL *string `json:"targetURL"`
+}
+
+// Validate validates this multi bucket replication
+func (m *MultiBucketReplication) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateBucketsRelation(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *MultiBucketReplication) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("accessKey", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("accessKey", "body", string(*m.AccessKey), 3); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *MultiBucketReplication) validateBucketsRelation(formats strfmt.Registry) error {
+
+	if err := validate.Required("bucketsRelation", "body", m.BucketsRelation); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.BucketsRelation); i++ {
+		if swag.IsZero(m.BucketsRelation[i]) { // not required
+			continue
+		}
+
+		if m.BucketsRelation[i] != nil {
+			if err := m.BucketsRelation[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("bucketsRelation" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *MultiBucketReplication) validateSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretKey", "body", m.SecretKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("secretKey", "body", string(*m.SecretKey), 8); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *MultiBucketReplication) validateTargetURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetURL", "body", m.TargetURL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MultiBucketReplication) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MultiBucketReplication) UnmarshalBinary(b []byte) error {
+	var res MultiBucketReplication
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/multi_bucket_response_item.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MultiBucketResponseItem multi bucket response item
+//
+// swagger:model multiBucketResponseItem
+type MultiBucketResponseItem struct {
+
+	// error string
+	ErrorString string `json:"errorString,omitempty"`
+
+	// origin bucket
+	OriginBucket string `json:"originBucket,omitempty"`
+
+	// target bucket
+	TargetBucket string `json:"targetBucket,omitempty"`
+}
+
+// Validate validates this multi bucket response item
+func (m *MultiBucketResponseItem) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MultiBucketResponseItem) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MultiBucketResponseItem) UnmarshalBinary(b []byte) error {
+	var res MultiBucketResponseItem
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/multi_bucket_response_state.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MultiBucketResponseState multi bucket response state
+//
+// swagger:model multiBucketResponseState
+type MultiBucketResponseState struct {
+
+	// replication state
+	ReplicationState []*MultiBucketResponseItem `json:"replicationState"`
+}
+
+// Validate validates this multi bucket response state
+func (m *MultiBucketResponseState) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateReplicationState(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *MultiBucketResponseState) validateReplicationState(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ReplicationState) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.ReplicationState); i++ {
+		if swag.IsZero(m.ReplicationState[i]) { // not required
+			continue
+		}
+
+		if m.ReplicationState[i] != nil {
+			if err := m.ReplicationState[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("replicationState" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MultiBucketResponseState) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MultiBucketResponseState) UnmarshalBinary(b []byte) error {
+	var res MultiBucketResponseState
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/multi_buckets_relation.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// MultiBucketsRelation multi buckets relation
+//
+// swagger:model multiBucketsRelation
+type MultiBucketsRelation struct {
+
+	// destination bucket
+	DestinationBucket string `json:"destinationBucket,omitempty"`
+
+	// origin bucket
+	OriginBucket string `json:"originBucket,omitempty"`
+}
+
+// Validate validates this multi buckets relation
+func (m *MultiBucketsRelation) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *MultiBucketsRelation) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *MultiBucketsRelation) UnmarshalBinary(b []byte) error {
+	var res MultiBucketsRelation
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/object_bucket_lifecycle.go

@@ -0,0 +1,156 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ObjectBucketLifecycle object bucket lifecycle
+//
+// swagger:model objectBucketLifecycle
+type ObjectBucketLifecycle struct {
+
+	// expiration
+	Expiration *ExpirationResponse `json:"expiration,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// tags
+	Tags []*LifecycleTag `json:"tags"`
+
+	// transition
+	Transition *TransitionResponse `json:"transition,omitempty"`
+}
+
+// Validate validates this object bucket lifecycle
+func (m *ObjectBucketLifecycle) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateExpiration(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTags(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTransition(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ObjectBucketLifecycle) validateExpiration(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Expiration) { // not required
+		return nil
+	}
+
+	if m.Expiration != nil {
+		if err := m.Expiration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("expiration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *ObjectBucketLifecycle) validateTags(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Tags) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Tags); i++ {
+		if swag.IsZero(m.Tags[i]) { // not required
+			continue
+		}
+
+		if m.Tags[i] != nil {
+			if err := m.Tags[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("tags" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *ObjectBucketLifecycle) validateTransition(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Transition) { // not required
+		return nil
+	}
+
+	if m.Transition != nil {
+		if err := m.Transition.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("transition")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ObjectBucketLifecycle) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ObjectBucketLifecycle) UnmarshalBinary(b []byte) error {
+	var res ObjectBucketLifecycle
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/permission_action.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PermissionAction permission action
+//
+// swagger:model permissionAction
+type PermissionAction struct {
+
+	// can
+	Can bool `json:"can,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+}
+
+// Validate validates this permission action
+func (m *PermissionAction) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PermissionAction) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PermissionAction) UnmarshalBinary(b []byte) error {
+	var res PermissionAction
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/policy_args.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PolicyArgs policy args
+//
+// swagger:model policyArgs
+type PolicyArgs struct {
+
+	// action
+	Action string `json:"action,omitempty"`
+
+	// bucket name
+	BucketName string `json:"bucket_name,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+}
+
+// Validate validates this policy args
+func (m *PolicyArgs) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PolicyArgs) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PolicyArgs) UnmarshalBinary(b []byte) error {
+	var res PolicyArgs
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/principal.go

@@ -44,9 +44,6 @@ type Principal struct {
 	// account access key
 	AccountAccessKey string `json:"accountAccessKey,omitempty"`
 
-	// account secret key
-	AccountSecretKey string `json:"accountSecretKey,omitempty"`
-
 	// actions
 	Actions []string `json:"actions"`
 }

models/prometheus_configuration.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PrometheusConfiguration prometheus configuration
+//
+// swagger:model prometheusConfiguration
+type PrometheusConfiguration struct {
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// storage size
+	StorageSize *float64 `json:"storageSize,omitempty"`
+}
+
+// Validate validates this prometheus configuration
+func (m *PrometheusConfiguration) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PrometheusConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PrometheusConfiguration) UnmarshalBinary(b []byte) error {
+	var res PrometheusConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/pvcs_list_response.go

@@ -0,0 +1,78 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PvcsListResponse pvcs list response
+//
+// swagger:model pvcsListResponse
+type PvcsListResponse struct {
+
+	// age
+	Age string `json:"age,omitempty"`
+
+	// capacity
+	Capacity string `json:"capacity,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// namespace
+	Namespace string `json:"namespace,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storageClass,omitempty"`
+
+	// volume
+	Volume string `json:"volume,omitempty"`
+}
+
+// Validate validates this pvcs list response
+func (m *PvcsListResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PvcsListResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PvcsListResponse) UnmarshalBinary(b []byte) error {
+	var res PvcsListResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/session_response.go

@@ -36,6 +36,9 @@ import (
 // swagger:model sessionResponse
 type SessionResponse struct {
 
+	// features
+	Features []string `json:"features"`
+
 	// operator
 	Operator bool `json:"operator,omitempty"`
 

models/tenant.go

@@ -50,12 +50,27 @@ type Tenant struct {
 	// enable prometheus
 	EnablePrometheus bool `json:"enable_prometheus,omitempty"`
 
+	// encryption enabled
+	EncryptionEnabled bool `json:"encryptionEnabled,omitempty"`
+
 	// endpoints
 	Endpoints *TenantEndpoints `json:"endpoints,omitempty"`
 
+	// idp ad enabled
+	IdpAdEnabled bool `json:"idpAdEnabled,omitempty"`
+
+	// idp oic enabled
+	IdpOicEnabled bool `json:"idpOicEnabled,omitempty"`
+
 	// image
 	Image string `json:"image,omitempty"`
 
+	// log enabled
+	LogEnabled bool `json:"logEnabled,omitempty"`
+
+	// monitoring enabled
+	MonitoringEnabled bool `json:"monitoringEnabled,omitempty"`
+
 	// name
 	Name string `json:"name,omitempty"`
 

models/tenant_pod.go

@@ -0,0 +1,96 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// TenantPod tenant pod
+//
+// swagger:model tenantPod
+type TenantPod struct {
+
+	// name
+	// Required: true
+	Name *string `json:"name"`
+
+	// node
+	Node string `json:"node,omitempty"`
+
+	// pod IP
+	PodIP string `json:"podIP,omitempty"`
+
+	// restarts
+	Restarts int64 `json:"restarts,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// time created
+	TimeCreated int64 `json:"timeCreated,omitempty"`
+}
+
+// Validate validates this tenant pod
+func (m *TenantPod) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateName(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TenantPod) validateName(formats strfmt.Registry) error {
+
+	if err := validate.Required("name", "body", m.Name); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantPod) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantPod) UnmarshalBinary(b []byte) error {
+	var res TenantPod
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant_response_item.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TenantResponseItem tenant response item
+//
+// swagger:model tenantResponseItem
+type TenantResponseItem struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this tenant response item
+func (m *TenantResponseItem) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantResponseItem) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantResponseItem) UnmarshalBinary(b []byte) error {
+	var res TenantResponseItem
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tenant_y_a_m_l.go

@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TenantYAML tenant y a m l
+//
+// swagger:model tenantYAML
+type TenantYAML struct {
+
+	// yaml
+	Yaml string `json:"yaml,omitempty"`
+}
+
+// Validate validates this tenant y a m l
+func (m *TenantYAML) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantYAML) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantYAML) UnmarshalBinary(b []byte) error {
+	var res TenantYAML
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier.go

@@ -0,0 +1,198 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// Tier tier
+//
+// swagger:model tier
+type Tier struct {
+
+	// azure
+	Azure *TierAzure `json:"azure,omitempty"`
+
+	// gcs
+	Gcs *TierGcs `json:"gcs,omitempty"`
+
+	// s3
+	S3 *TierS3 `json:"s3,omitempty"`
+
+	// type
+	// Enum: [s3 gcs azure unsupported]
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this tier
+func (m *Tier) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAzure(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateGcs(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateS3(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *Tier) validateAzure(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Azure) { // not required
+		return nil
+	}
+
+	if m.Azure != nil {
+		if err := m.Azure.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("azure")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Tier) validateGcs(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Gcs) { // not required
+		return nil
+	}
+
+	if m.Gcs != nil {
+		if err := m.Gcs.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("gcs")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Tier) validateS3(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.S3) { // not required
+		return nil
+	}
+
+	if m.S3 != nil {
+		if err := m.S3.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("s3")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+var tierTypeTypePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["s3","gcs","azure","unsupported"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		tierTypeTypePropEnum = append(tierTypeTypePropEnum, v)
+	}
+}
+
+const (
+
+	// TierTypeS3 captures enum value "s3"
+	TierTypeS3 string = "s3"
+
+	// TierTypeGcs captures enum value "gcs"
+	TierTypeGcs string = "gcs"
+
+	// TierTypeAzure captures enum value "azure"
+	TierTypeAzure string = "azure"
+
+	// TierTypeUnsupported captures enum value "unsupported"
+	TierTypeUnsupported string = "unsupported"
+)
+
+// prop value enum
+func (m *Tier) validateTypeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, tierTypeTypePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *Tier) validateType(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Type) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateTypeEnum("type", "body", m.Type); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Tier) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Tier) UnmarshalBinary(b []byte) error {
+	var res Tier
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier_azure.go

@@ -0,0 +1,78 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TierAzure tier azure
+//
+// swagger:model tier_azure
+type TierAzure struct {
+
+	// accountkey
+	Accountkey string `json:"accountkey,omitempty"`
+
+	// accountname
+	Accountname string `json:"accountname,omitempty"`
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+
+	// endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// region
+	Region string `json:"region,omitempty"`
+}
+
+// Validate validates this tier azure
+func (m *TierAzure) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TierAzure) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TierAzure) UnmarshalBinary(b []byte) error {
+	var res TierAzure
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier_credentials_request.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TierCredentialsRequest tier credentials request
+//
+// swagger:model tierCredentialsRequest
+type TierCredentialsRequest struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// a base64 encoded value
+	Creds string `json:"creds,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+}
+
+// Validate validates this tier credentials request
+func (m *TierCredentialsRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TierCredentialsRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TierCredentialsRequest) UnmarshalBinary(b []byte) error {
+	var res TierCredentialsRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier_gcs.go

@@ -0,0 +1,75 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TierGcs tier gcs
+//
+// swagger:model tier_gcs
+type TierGcs struct {
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+
+	// creds
+	Creds string `json:"creds,omitempty"`
+
+	// endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// region
+	Region string `json:"region,omitempty"`
+}
+
+// Validate validates this tier gcs
+func (m *TierGcs) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TierGcs) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TierGcs) UnmarshalBinary(b []byte) error {
+	var res TierGcs
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier_list_response.go

@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TierListResponse tier list response
+//
+// swagger:model tierListResponse
+type TierListResponse struct {
+
+	// items
+	Items []*Tier `json:"items"`
+}
+
+// Validate validates this tier list response
+func (m *TierListResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateItems(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TierListResponse) validateItems(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Items) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Items); i++ {
+		if swag.IsZero(m.Items[i]) { // not required
+			continue
+		}
+
+		if m.Items[i] != nil {
+			if err := m.Items[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("items" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TierListResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TierListResponse) UnmarshalBinary(b []byte) error {
+	var res TierListResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/tier_s3.go

@@ -0,0 +1,81 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TierS3 tier s3
+//
+// swagger:model tier_s3
+type TierS3 struct {
+
+	// accesskey
+	Accesskey string `json:"accesskey,omitempty"`
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+
+	// endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// region
+	Region string `json:"region,omitempty"`
+
+	// secretkey
+	Secretkey string `json:"secretkey,omitempty"`
+
+	// storageclass
+	Storageclass string `json:"storageclass,omitempty"`
+}
+
+// Validate validates this tier s3
+func (m *TierS3) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TierS3) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TierS3) UnmarshalBinary(b []byte) error {
+	var res TierS3
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/transition_response.go

@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// TransitionResponse transition response
+//
+// swagger:model transitionResponse
+type TransitionResponse struct {
+
+	// date
+	Date string `json:"date,omitempty"`
+
+	// days
+	Days int64 `json:"days,omitempty"`
+
+	// storage class
+	StorageClass string `json:"storage_class,omitempty"`
+}
+
+// Validate validates this transition response
+func (m *TransitionResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TransitionResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TransitionResponse) UnmarshalBinary(b []byte) error {
+	var res TransitionResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/update_bucket_lifecycle.go

@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// UpdateBucketLifecycle update bucket lifecycle
+//
+// swagger:model updateBucketLifecycle
+type UpdateBucketLifecycle struct {
+
+	// disable
+	Disable bool `json:"disable,omitempty"`
+
+	// tags
+	Tags string `json:"tags,omitempty"`
+}
+
+// Validate validates this update bucket lifecycle
+func (m *UpdateBucketLifecycle) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *UpdateBucketLifecycle) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *UpdateBucketLifecycle) UnmarshalBinary(b []byte) error {
+	var res UpdateBucketLifecycle
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

models/user.go

@@ -39,7 +39,7 @@ type User struct {
 	MemberOf []string `json:"memberOf"`
 
 	// policy
-	Policy string `json:"policy,omitempty"`
+	Policy []string `json:"policy"`
 
 	// status
 	Status string `json:"status,omitempty"`

models/widget.go

@@ -35,6 +35,9 @@ import (
 // swagger:model widget
 type Widget struct {
 
+	// id
+	ID int32 `json:"id,omitempty"`
+
 	// options
 	Options *WidgetOptions `json:"options,omitempty"`
 

models/widget_details.go

@@ -0,0 +1,222 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// WidgetDetails widget details
+//
+// swagger:model widgetDetails
+type WidgetDetails struct {
+
+	// id
+	ID int32 `json:"id,omitempty"`
+
+	// options
+	Options *WidgetDetailsOptions `json:"options,omitempty"`
+
+	// targets
+	Targets []*ResultTarget `json:"targets"`
+
+	// title
+	Title string `json:"title,omitempty"`
+
+	// type
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this widget details
+func (m *WidgetDetails) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateOptions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargets(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *WidgetDetails) validateOptions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Options) { // not required
+		return nil
+	}
+
+	if m.Options != nil {
+		if err := m.Options.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("options")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *WidgetDetails) validateTargets(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Targets) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Targets); i++ {
+		if swag.IsZero(m.Targets[i]) { // not required
+			continue
+		}
+
+		if m.Targets[i] != nil {
+			if err := m.Targets[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("targets" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *WidgetDetails) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *WidgetDetails) UnmarshalBinary(b []byte) error {
+	var res WidgetDetails
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// WidgetDetailsOptions widget details options
+//
+// swagger:model WidgetDetailsOptions
+type WidgetDetailsOptions struct {
+
+	// reduce options
+	ReduceOptions *WidgetDetailsOptionsReduceOptions `json:"reduceOptions,omitempty"`
+}
+
+// Validate validates this widget details options
+func (m *WidgetDetailsOptions) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateReduceOptions(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *WidgetDetailsOptions) validateReduceOptions(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ReduceOptions) { // not required
+		return nil
+	}
+
+	if m.ReduceOptions != nil {
+		if err := m.ReduceOptions.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("options" + "." + "reduceOptions")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *WidgetDetailsOptions) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *WidgetDetailsOptions) UnmarshalBinary(b []byte) error {
+	var res WidgetDetailsOptions
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// WidgetDetailsOptionsReduceOptions widget details options reduce options
+//
+// swagger:model WidgetDetailsOptionsReduceOptions
+type WidgetDetailsOptionsReduceOptions struct {
+
+	// calcs
+	Calcs []string `json:"calcs"`
+}
+
+// Validate validates this widget details options reduce options
+func (m *WidgetDetailsOptionsReduceOptions) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *WidgetDetailsOptionsReduceOptions) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *WidgetDetailsOptionsReduceOptions) UnmarshalBinary(b []byte) error {
+	var res WidgetDetailsOptionsReduceOptions
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}

node_modules/.yarn-integrity

@@ -0,0 +1,10 @@
+{
+  "systemParams": "darwin-x64-88",
+  "modulesFolders": [],
+  "flags": [],
+  "linkedModules": [],
+  "topLevelPatterns": [],
+  "lockfileEntries": {},
+  "files": [],
+  "artifacts": {}
+}

pkg/acl/config.go

@@ -26,3 +26,7 @@ import (
 func GetOperatorMode() bool {
 	return strings.ToLower(env.Get(consoleOperatorMode, "off")) == "on"
 }
+
+func GetLDAPEnabled() bool {
+	return strings.ToLower(env.Get(ConsoleLDAPEnabled, "off")) == "on"
+}

pkg/acl/const.go

@@ -18,4 +18,6 @@ package acl
 
 const (
 	consoleOperatorMode = "CONSOLE_OPERATOR_MODE"
+	// const for ldap configuration
+	ConsoleLDAPEnabled = "CONSOLE_LDAP_ENABLED"
 )

pkg/acl/endpoints.go

@@ -24,16 +24,21 @@ import (
 var (
 	configuration       = "/settings"
 	users               = "/users"
+	usersDetail         = "/users/:userName"
 	groups              = "/groups"
 	iamPolicies         = "/policies"
+	policiesDetail      = "/policies/:policyName"
 	dashboard           = "/dashboard"
 	profiling           = "/profiling"
 	buckets             = "/buckets"
 	bucketsDetail       = "/buckets/:bucketName"
 	serviceAccounts     = "/account"
+	changePassword      = "/account/change-password"
 	tenants             = "/tenants"
-	addTenant           = "/add-tenant"
 	tenantsDetail       = "/namespaces/:tenantNamespace/tenants/:tenantName"
+	storage             = "/storage"
+	storageVolumes      = "/storage/volumes"
+	storageDrives       = "/storage/drives"
 	remoteBuckets       = "/remote-buckets"
 	replication         = "/replication"
 	objectBrowser       = "/object-browser/:bucket/*"
@@ -157,12 +162,27 @@ var serviceAccountsActionSet = ConfigurationActionSet{
 	actions:     iampolicy.NewActionSet(),
 }
 
+// changePasswordActionSet requires admin:CreateUser policy permission
+var changePasswordActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(
+		iampolicy.AllAdminActions,
+	),
+	actions: iampolicy.NewActionSet(
+		iampolicy.CreateUserAdminAction,
+	),
+}
+
 // tenantsActionSet temporally no actions needed for tenants sections to work
 var tenantsActionSet = ConfigurationActionSet{
 	actionTypes: iampolicy.NewActionSet(),
 	actions:     iampolicy.NewActionSet(),
 }
 
+var storageActionSet = ConfigurationActionSet{
+	actionTypes: iampolicy.NewActionSet(),
+	actions:     iampolicy.NewActionSet(),
+}
+
 var remoteBucketsActionSet = ConfigurationActionSet{
 	actionTypes: iampolicy.NewActionSet(
 		iampolicy.AllAdminActions,
@@ -243,17 +263,31 @@ var healthInfoActionSet = ConfigurationActionSet{
 	),
 }
 
+var displayRules = map[string]func() bool{
+	// disable users page if LDAP is enabled
+	users: func() bool {
+		return !GetLDAPEnabled()
+	},
+	// disable groups page if LDAP is enabled
+	groups: func() bool {
+		return !GetLDAPEnabled()
+	},
+}
+
 // endpointRules contains the mapping between endpoints and ActionSets, additional rules can be added here
 var endpointRules = map[string]ConfigurationActionSet{
 	configuration:       configurationActionSet,
 	users:               usersActionSet,
+	usersDetail:         usersActionSet,
 	groups:              groupsActionSet,
 	iamPolicies:         iamPoliciesActionSet,
+	policiesDetail:      iamPoliciesActionSet,
 	dashboard:           dashboardActionSet,
 	profiling:           profilingActionSet,
 	buckets:             bucketsActionSet,
 	bucketsDetail:       bucketsActionSet,
 	serviceAccounts:     serviceAccountsActionSet,
+	changePassword:      changePasswordActionSet,
 	remoteBuckets:       remoteBucketsActionSet,
 	replication:         replicationActionSet,
 	objectBrowser:       objectBrowserActionSet,
@@ -269,10 +303,12 @@ var endpointRules = map[string]ConfigurationActionSet{
 
 // operatorRules contains the mapping between endpoints and ActionSets for operator only mode
 var operatorRules = map[string]ConfigurationActionSet{
-	tenants:       tenantsActionSet,
-	tenantsDetail: tenantsActionSet,
-	addTenant:     tenantsActionSet,
-	license:       licenseActionSet,
+	tenants:        tenantsActionSet,
+	tenantsDetail:  tenantsActionSet,
+	storage:        storageActionSet,
+	storageDrives:  storageActionSet,
+	storageVolumes: storageActionSet,
+	license:        licenseActionSet,
 }
 
 // operatorOnly ENV variable
@@ -337,6 +373,15 @@ func GetAuthorizedEndpoints(actions []string) []string {
 	userAllowedAction := actionsStringToActionSet(actions)
 	var allowedEndpoints []string
 	for endpoint, rules := range rangeTake {
+
+		// check if display rule exists for this endpoint, this will control
+		// what user sees on the console UI
+		if rule, ok := displayRules[endpoint]; ok {
+			if rule != nil && !rule() {
+				continue
+			}
+		}
+
 		// check if user policy matches s3:* or admin:* typesIntersection
 		endpointActionTypes := rules.actionTypes
 		typesIntersection := endpointActionTypes.Intersection(userAllowedAction)

pkg/acl/endpoints_test.go

@@ -63,7 +63,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:ListUserPolicies",
 				},
 			},
-			want: 6,
+			want: 7,
 		},
 		{
 			name: "all admin endpoints",
@@ -72,7 +72,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"admin:*",
 				},
 			},
-			want: 18,
+			want: 21,
 		},
 		{
 			name: "all s3 endpoints",
@@ -91,7 +91,7 @@ func TestGetAuthorizedEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 20,
+			want: 23,
 		},
 		{
 			name: "Console User - default endpoints",
@@ -116,7 +116,7 @@ func TestOperatorOnlyEndpoints(t *testing.T) {
 					"admin:*",
 				},
 			},
-			want: 4,
+			want: 6,
 		},
 		{
 			name: "Operator Only - all s3 endpoints",
@@ -125,7 +125,7 @@ func TestOperatorOnlyEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 4,
+			want: 6,
 		},
 		{
 			name: "Operator Only - all admin and s3 endpoints",
@@ -135,14 +135,14 @@ func TestOperatorOnlyEndpoints(t *testing.T) {
 					"s3:*",
 				},
 			},
-			want: 4,
+			want: 6,
 		},
 		{
 			name: "Operator Only - default endpoints",
 			args: args{
 				[]string{},
 			},
-			want: 4,
+			want: 6,
 		},
 	}
 
@@ -177,7 +177,7 @@ func TestGetActionsStringFromPolicy(t *testing.T) {
 			args: args{
 				policy: &iampolicy.AdminDiagnostics,
 			},
-			want: 7,
+			want: 8,
 		},
 	}
 	for _, tt := range tests {

pkg/auth/idp/oauth2/config.go

@@ -66,3 +66,13 @@ var defaultSaltForIdpHmac = utils.RandomCharString(64)
 func getSaltForIdpHmac() string {
 	return env.Get(ConsoleIdpHmacSalt, defaultSaltForIdpHmac)
 }
+
+// getIdpScopes return default scopes during the IDP login request
+func getIdpScopes() string {
+	return env.Get(ConsoleIDPScopes, "openid,profile,email")
+}
+
+// getIdpTokenExpiration return default token expiration for access token (in seconds)
+func getIdpTokenExpiration() string {
+	return env.Get(ConsoleIDPTokenExpiration, "3600")
+}

pkg/auth/idp/oauth2/const.go

@@ -18,11 +18,13 @@ package oauth2
 
 const (
 	// const for idp configuration
-	ConsoleMinIOServer       = "CONSOLE_MINIO_SERVER"
-	ConsoleIdpURL            = "CONSOLE_IDP_URL"
-	ConsoleIdpClientID       = "CONSOLE_IDP_CLIENT_ID"
-	ConsoleIdpSecret         = "CONSOLE_IDP_SECRET"
-	ConsoleIdpCallbackURL    = "CONSOLE_IDP_CALLBACK"
-	ConsoleIdpHmacPassphrase = "CONSOLE_IDP_HMAC_PASSPHRASE"
-	ConsoleIdpHmacSalt       = "CONSOLE_IDP_HMAC_SALT"
+	ConsoleMinIOServer        = "CONSOLE_MINIO_SERVER"
+	ConsoleIdpURL             = "CONSOLE_IDP_URL"
+	ConsoleIdpClientID        = "CONSOLE_IDP_CLIENT_ID"
+	ConsoleIdpSecret          = "CONSOLE_IDP_SECRET"
+	ConsoleIdpCallbackURL     = "CONSOLE_IDP_CALLBACK"
+	ConsoleIdpHmacPassphrase  = "CONSOLE_IDP_HMAC_PASSPHRASE"
+	ConsoleIdpHmacSalt        = "CONSOLE_IDP_HMAC_SALT"
+	ConsoleIDPScopes          = "CONSOLE_IDP_SCOPES"
+	ConsoleIDPTokenExpiration = "CONSOLE_IDP_TOKEN_EXPIRATION"
 )

pkg/auth/idp/oauth2/provider.go

@@ -25,6 +25,7 @@ import (
 	"log"
 	"net/http"
 	"net/url"
+	"strconv"
 	"strings"
 	"time"
 
@@ -91,9 +92,10 @@ type Provider struct {
 	//   often available via site-specific packages, such as
 	//   google.Endpoint or github.Endpoint.
 	// - Scopes specifies optional requested permissions.
-	ClientID     string
-	oauth2Config Configuration
-	oidcProvider *oidc.Provider
+	ClientID       string
+	oauth2Config   Configuration
+	oidcProvider   *oidc.Provider
+	provHTTPClient *http.Client
 }
 
 // derivedKey is the key used to compute the HMAC for signing the oauth state parameter
@@ -103,14 +105,25 @@ var derivedKey = pbkdf2.Key([]byte(getPassphraseForIdpHmac()), []byte(getSaltFor
 // NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials
 // it returns a *Provider object that contains the necessary configuration to initiate an
 // oauth2 authentication flow
-func NewOauth2ProviderClient(ctx context.Context, scopes []string) (*Provider, error) {
-	provider, err := oidc.NewProvider(ctx, GetIdpURL())
+func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *http.Client) (*Provider, error) {
+	customCtx := oidc.ClientContext(ctx, httpClient)
+	provider, err := oidc.NewProvider(customCtx, GetIdpURL())
 	if err != nil {
 		return nil, err
 	}
-	// If provided scopes are empty we use a default list
+	// if google, change scopes
+	u, err := url.Parse(GetIdpURL())
+	if err != nil {
+		return nil, err
+	}
+	// below verification should not be necessary if the user configure exactly the
+	// scopes he need, will be removed on a future release
+	if u.Host == "google.com" {
+		scopes = []string{oidc.ScopeOpenID}
+	}
+	// If provided scopes are empty we use a default list or the user configured list
 	if len(scopes) == 0 {
-		scopes = []string{oidc.ScopeOpenID, "profile", "app_metadata", "user_metadata", "email"}
+		scopes = strings.Split(getIdpScopes(), ",")
 	}
 	client := new(Provider)
 	client.oauth2Config = &xoauth2.Config{
@@ -122,6 +135,7 @@ func NewOauth2ProviderClient(ctx context.Context, scopes []string) (*Provider, e
 	}
 	client.oidcProvider = provider
 	client.ClientID = GetIdpClientID()
+	client.provHTTPClient = httpClient
 
 	return client, nil
 }
@@ -166,16 +180,30 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state string)
 			return nil, errors.New("invalid token")
 		}
 
+		// expiration configured in the token itself
+		expiration := int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds())
+
+		// check if user configured a hardcoded expiration for console via env variables
+		// and override the incoming expiration
+		userConfiguredExpiration := getIdpTokenExpiration()
+		if userConfiguredExpiration != "" {
+			expiration, _ = strconv.Atoi(userConfiguredExpiration)
+		}
+		idToken := oauth2Token.Extra("id_token")
+		if idToken == nil {
+			return nil, errors.New("returned token is missing id_token claim")
+		}
 		return &credentials.WebIdentityToken{
-			Token:  oauth2Token.Extra("id_token").(string),
-			Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
+			Token:  idToken.(string),
+			Expiry: expiration,
 		}, nil
 	}
 	stsEndpoint := GetSTSEndpoint()
-	sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
-	if err != nil {
-		return nil, err
-	}
+	sts := credentials.New(&credentials.STSWebIdentity{
+		Client:              client.provHTTPClient,
+		STSEndpoint:         stsEndpoint,
+		GetWebIDTokenExpiry: getWebTokenExpiry,
+	})
 	return sts, nil
 }
 

pkg/auth/token.go

@@ -65,7 +65,6 @@ type TokenClaims struct {
 	STSSecretAccessKey string   `json:"stsSecretAccessKey,omitempty"`
 	STSSessionToken    string   `json:"stsSessionToken,omitempty"`
 	AccountAccessKey   string   `json:"accountAccessKey,omitempty"`
-	AccountSecretKey   string   `json:"accountSecretKey,omitempty"`
 	Actions            []string `json:"actions,omitempty"`
 }
 
@@ -79,7 +78,6 @@ type TokenClaims struct {
 //		STSSecretAccessKey
 //		STSSessionToken
 //		AccountAccessKey
-//		AccountSecretKey
 //		Actions
 //	}
 func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
@@ -100,14 +98,13 @@ func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
 
 // NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first
 // encrypts the claims and the sign them
-func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey, accountSecretKey string, actions []string) (string, error) {
+func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, actions []string) (string, error) {
 	if credentials != nil {
 		encryptedClaims, err := encryptClaims(&TokenClaims{
 			STSAccessKeyID:     credentials.AccessKeyID,
 			STSSecretAccessKey: credentials.SecretAccessKey,
 			STSSessionToken:    credentials.SessionToken,
 			AccountAccessKey:   accountAccessKey,
-			AccountSecretKey:   accountSecretKey,
 			Actions:            actions,
 		})
 		if err != nil {
@@ -330,6 +327,5 @@ func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
 		STSSecretAccessKey: claims.STSSecretAccessKey,
 		STSSessionToken:    claims.STSSessionToken,
 		AccountAccessKey:   claims.AccountAccessKey,
-		AccountSecretKey:   claims.AccountSecretKey,
 	}, nil
 }

pkg/auth/token_test.go

@@ -36,14 +36,14 @@ func TestNewJWTWithClaimsForClient(t *testing.T) {
 	funcAssert := assert.New(t)
 	// Test-1 : NewEncryptedTokenForClient() is generated correctly without errors
 	function := "NewEncryptedTokenForClient()"
-	token, err := NewEncryptedTokenForClient(creds, "", "", []string{""})
+	token, err := NewEncryptedTokenForClient(creds, "", []string{""})
 	if err != nil || token == "" {
 		t.Errorf("Failed on %s:, error occurred: %s", function, err)
 	}
 	// saving token for future tests
 	goodToken = token
 	// Test-2 : NewEncryptedTokenForClient() throws error because of empty credentials
-	if _, err = NewEncryptedTokenForClient(nil, "", "", []string{""}); err != nil {
+	if _, err = NewEncryptedTokenForClient(nil, "", []string{""}); err != nil {
 		funcAssert.Equal("provided credentials are empty", err.Error())
 	}
 }

pkg/certs/certs.go

@@ -228,3 +228,14 @@ func GetAllCertificatesAndCAs() (*x509.CertPool, []*x509.Certificate, *xcerts.Ma
 	logger.FatalIf(err, "Unable to load the TLS configuration")
 	return GlobalRootCAs, globalPublicCerts, globalTLSCertsManager
 }
+
+// AddCertificate check if Manager is initialized and then append a new certificate to it
+func AddCertificate(ctx context.Context, manager *xcerts.Manager, publicKey, privateKey string) (err error) {
+	// If Cert Manager is not nil add more certificates
+	if manager != nil {
+		return manager.AddCertificate(publicKey, privateKey)
+	}
+	// Initialize cert manager
+	manager, err = xcerts.NewManager(ctx, publicKey, privateKey, config.LoadX509KeyPair)
+	return err
+}

pkg/subnet/const.go

@@ -30,7 +30,8 @@ const (
 	// Constants for subnet configuration
 	ConsoleSubnetURL = "CONSOLE_SUBNET_URL"
 	// Subnet endpoints
-	publicKey          = "/downloads/license-pubkey.pem"
-	loginEndpoint      = "/api/auth/login"
-	licenseKeyEndpoint = "/api/auth/subscription/license-key"
+	publicKey                 = "/downloads/license-pubkey.pem"
+	loginEndpoint             = "/api/auth/login"
+	refreshLicenseKeyEndpoint = "/api/auth/subscription/renew-license"
+	licenseKeyEndpoint        = "/api/auth/subscription/license-key"
 )

pkg/subnet/subnet.go

@@ -67,6 +67,41 @@ type subnetLicenseResponse struct {
 	Metadata LicenseMetadata `json:"metadata"`
 }
 
+// subnetLoginRequest body request for subnet login
+type subnetRefreshRequest struct {
+	License string `json:"license"`
+}
+
+// getNewLicenseFromExistingLicense will perform license refresh based on the provided license key
+func getNewLicenseFromExistingLicense(client cluster.HTTPClientI, licenseKey string) (string, error) {
+	request := subnetRefreshRequest{
+		License: licenseKey,
+	}
+	// http body for login request
+	payloadBytes, err := json.Marshal(request)
+	if err != nil {
+		return "", err
+	}
+	subnetURL := GetSubnetURL()
+	url := fmt.Sprintf("%s%s", subnetURL, refreshLicenseKeyEndpoint)
+	resp, err := client.Post(url, "application/json", bytes.NewReader(payloadBytes))
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+	bodyBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	subnetLicense := &subnetLicenseResponse{}
+	// Parse subnet login response
+	err = json.Unmarshal(bodyBytes, subnetLicense)
+	if err != nil {
+		return "", err
+	}
+	return subnetLicense.License, nil
+}
+
 // getLicenseFromCredentials will perform authentication against subnet using
 // user provided credentials and return the current subnet license key
 func getLicenseFromCredentials(client cluster.HTTPClientI, username, password string) (string, error) {
@@ -171,3 +206,18 @@ func ValidateLicense(client cluster.HTTPClientI, licenseKey, email, password str
 	}
 	return licInfo, license, nil
 }
+
+func RefreshLicense(client cluster.HTTPClientI, licenseKey string) (licInfo *licverifier.LicenseInfo, license string, err error) {
+	if licenseKey != "" {
+		license, err = getNewLicenseFromExistingLicense(client, licenseKey)
+		if err != nil {
+			return nil, "", err
+		}
+		licenseInfo, rawLicense, err := ValidateLicense(client, license, "", "")
+		if err != nil {
+			return nil, "", err
+		}
+		return licenseInfo, rawLicense, nil
+	}
+	return nil, "", errors.New("invalid license")
+}

portal-ui/.gitignore

@@ -1,7 +1,6 @@
 # See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
 
 # dependencies
-/build
 node_modules/
 /.pnp
 .pnp.js
@@ -9,8 +8,6 @@ node_modules/
 # testing
 /coverage
 
-# production
-/build
 
 # misc
 .DS_Store

portal-ui/Makefile

@@ -3,5 +3,4 @@ default: build-static
 build-static:
 	@echo "Building frontend static assets to 'build'"
 	yarn build
-	go-bindata-assetfs -pkg portal build/...
 

portal-ui/assets.go

@@ -0,0 +1,10 @@
+package portalui
+
+import "embed"
+
+//go:embed build/*
+var fs embed.FS
+
+func GetStaticAssets() embed.FS {
+	return fs
+}