Release v0.13.0 (#1343 )

update madmin-go and minio-go dependency (#1341 )
Autofocus support in InputBoxWrapper (#1340 )
2021-12-26 20:46:36 -08:00 · 2021-12-23 11:51:02 -08:00 · 2021-12-23 11:10:10 -06:00 · 2021-12-23 11:05:07 -06:00 · 2021-12-22 13:52:17 -08:00 · 2021-12-22 13:35:27 -08:00
1104 changed files with 283302 additions and 22076 deletions
--- a/.github/workflows/compiles.yml
+++ b/.github/workflows/compiles.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/crosscompile-1.yml
+++ b/.github/workflows/crosscompile-1.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/crosscompile-2.yml
+++ b/.github/workflows/crosscompile-2.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/crosscompile-3.yml
+++ b/.github/workflows/crosscompile-3.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/crosscompile-4.yml
+++ b/.github/workflows/crosscompile-4.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/crosscompile-5.yml
+++ b/.github/workflows/crosscompile-5.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/go-test-pkg.yml
+++ b/.github/workflows/go-test-pkg.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -0,0 +1,38 @@
+name: Go
+
+on:
+  pull_request:
+    branches:
+      - master
+  push:
+    branches:
+      - master
+
+# This ensures that previous jobs for the PR are canceled when the PR is
+# updated.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref }}
+  cancel-in-progress: true
+
+jobs:
+  minio-test:
+    name: Integration Tests with Latest Distributed MinIO
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        go-version: [1.17.x]
+
+    steps:
+      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
+        uses: actions/setup-go@v2
+        with:
+          go-version: ${{ matrix.go-version }}
+        id: go
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v2
+
+      - name: Build on ${{ matrix.os }}
+        run: |
+          make test-integration
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.16.x]
+        go-version: [1.17.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -86,7 +86,7 @@ nfpms:
 dockers:
 - image_templates:
  - "minio/console:{{ .Tag }}-amd64"
-  use_buildx: true
+  use: buildx
  goarch: amd64
  dockerfile: Dockerfile.release
  extra_files:
@@ -97,7 +97,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "minio/console:{{ .Tag }}-ppc64le"
-  use_buildx: true
+  use: buildx
  goarch: ppc64le
  dockerfile: Dockerfile.release
  extra_files:
@@ -108,7 +108,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "minio/console:{{ .Tag }}-s390x"
-  use_buildx: true
+  use: buildx
  goarch: s390x
  dockerfile: Dockerfile.release
  extra_files:
@@ -119,7 +119,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "minio/console:{{ .Tag }}-arm64"
-  use_buildx: true
+  use: buildx
  goarch: arm64
  goos: linux
  dockerfile: Dockerfile.release
@@ -131,7 +131,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "quay.io/minio/console:{{ .Tag }}-amd64"
-  use_buildx: true
+  use: buildx
  goarch: amd64
  dockerfile: Dockerfile.release
  extra_files:
@@ -142,7 +142,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "quay.io/minio/console:{{ .Tag }}-ppc64le"
-  use_buildx: true
+  use: buildx
  goarch: ppc64le
  dockerfile: Dockerfile.release
  extra_files:
@@ -153,7 +153,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "quay.io/minio/console:{{ .Tag }}-s390x"
-  use_buildx: true
+  use: buildx
  goarch: s390x
  dockerfile: Dockerfile.release
  extra_files:
@@ -164,7 +164,7 @@ dockers:
  - "--build-arg=TAG={{ .Tag }}"
 - image_templates:
  - "quay.io/minio/console:{{ .Tag }}-arm64"
-  use_buildx: true
+  use: buildx
  goarch: arm64
  goos: linux
  dockerfile: Dockerfile.release
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM node:10 as uilayer
+FROM node:14 as uilayer

 WORKDIR /app

@@ -8,7 +8,7 @@ RUN yarn install

 COPY ./portal-ui .

-RUN yarn install && make build-static
+RUN make build-static

 USER node

--- a/Dockerfile.assets
+++ b/Dockerfile.assets
@@ -1,4 +1,4 @@
-FROM node:10 as uilayer
+FROM node:14 as uilayer

 WORKDIR /app

--- a/9
+++ b/9
@@ -61,7 +61,12 @@ swagger-operator:
 	@swagger generate server -A operator --main-package=operator --server-package=operatorapi --exclude-main -P models.Principal -f ./swagger-operator.yml -r NOTICE

 assets:
-	@(cd portal-ui; yarn install; make build-static; yarn prettier --write . --loglevel warn;  cd ..)
+	@(cd portal-ui; yarn install; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+
+test-integration:
+	@(docker run -d --name minio --rm -p 9000:9000 quay.io/minio/minio:latest server /data{1...4} && sleep 5)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/integration/...)
+	@(docker stop minio)

 test:
 	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
@@ -79,4 +84,4 @@ clean:
 	@rm -vf console

 docker:
-	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@docker buildx build --output=type=docker --platform linux/amd64 -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
--- a/README.md
+++ b/README.md
@@ -53,12 +53,12 @@ docker pull minio/console
 ```

 ### Build from source
+> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
+> Minimum version required is go1.17

 ```
-GO111MODULE=on go install github.com/minio/console/cmd/console@latest
+go install github.com/minio/console/cmd/console@latest
 ```
-> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
-> Minimum version required is go1.16

 ## Setup

--- a/cmd/console/operator.go
+++ b/cmd/console/operator.go
@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"path/filepath"
 	"strconv"
+	"syscall"
 	"time"

 	"github.com/minio/console/restapi"
@@ -173,6 +174,10 @@ func loadOperatorAllCerts(ctx *cli.Context) error {
 		}
 	}

+	if restapi.GlobalTLSCertsManager != nil {
+		restapi.GlobalTLSCertsManager.ReloadOnSignal(syscall.SIGHUP)
+	}
+
 	return nil
 }

--- a/cmd/console/server.go
+++ b/cmd/console/server.go
@@ -22,6 +22,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"syscall"
 	"time"

 	"github.com/go-openapi/loads"
@@ -172,6 +173,10 @@ func loadAllCerts(ctx *cli.Context) error {
 		}
 	}

+	if restapi.GlobalTLSCertsManager != nil {
+		restapi.GlobalTLSCertsManager.ReloadOnSignal(syscall.SIGHUP)
+	}
+
 	return nil
 }

--- a/go.mod
+++ b/go.mod
@@ -1,11 +1,10 @@
 module github.com/minio/console

-go 1.16
+go 1.17

 require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cheggaaa/pb/v3 v3.0.6
-	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/dustin/go-humanize v1.0.0
 	github.com/go-openapi/errors v0.19.9
 	github.com/go-openapi/loads v0.20.2
@@ -14,31 +13,144 @@ require (
 	github.com/go-openapi/strfmt v0.20.0
 	github.com/go-openapi/swag v0.19.14
 	github.com/go-openapi/validate v0.20.2
+	github.com/golang-jwt/jwt/v4 v4.1.0
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
+	github.com/klauspost/compress v1.13.6
 	github.com/minio/cli v1.22.0
 	github.com/minio/direct-csi v1.3.5-0.20210601185811-f7776f7961bf
 	github.com/minio/kes v0.11.0
-	github.com/minio/madmin-go v1.0.17
-	github.com/minio/mc v0.0.0-20210626002108-cebf3318546f
-	github.com/minio/minio-go/v7 v7.0.13-0.20210715203016-9e713532886e
-	github.com/minio/operator v0.0.0-20210812082324-26350f153661
-	github.com/minio/operator/logsearchapi v0.0.0-20210812082324-26350f153661
-	github.com/minio/pkg v1.0.8
+	github.com/minio/madmin-go v1.1.21
+	github.com/minio/mc v0.0.0-20211207230606-23a05f5a17f2
+	github.com/minio/minio-go/v7 v7.0.19
+	github.com/minio/operator v0.0.0-20211011212245-31460bbbc4b7
+	github.com/minio/operator/logsearchapi v0.0.0-20211011212245-31460bbbc4b7
+	github.com/minio/pkg v1.1.10
 	github.com/minio/selfupdate v0.3.1
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/rs/xid v1.2.1
+	github.com/rs/xid v1.3.0
 	github.com/secure-io/sio-go v0.3.1
 	github.com/stretchr/testify v1.7.0
-	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b
-	golang.org/x/net v0.0.0-20210421230115-4e50805a0758
-	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	github.com/unrolled/secure v1.0.9
+	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
+	golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f
+	golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.21.1
 	k8s.io/apimachinery v0.21.1
 	k8s.io/client-go v0.21.1
 )

+require (
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/StackExchange/wmi v1.2.1 // indirect
+	github.com/VividCortex/ewma v1.1.1 // indirect
+	github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/briandowns/spinner v1.16.0 // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cheggaaa/pb v1.0.29 // indirect
+	github.com/coreos/go-semver v0.3.0 // indirect
+	github.com/coreos/go-systemd/v22 v22.3.2 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/evanphx/json-patch v4.9.0+incompatible // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/structs v1.1.0 // indirect
+	github.com/georgysavva/scany v0.2.7 // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/go-ole/go-ole v1.2.6 // indirect
+	github.com/go-openapi/analysis v0.20.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-stack/stack v1.8.0 // indirect
+	github.com/goccy/go-json v0.7.9 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/googleapis/gnostic v0.5.1 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/klauspost/cpuid/v2 v2.0.9 // indirect
+	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
+	github.com/lestrrat-go/blackmagic v1.0.0 // indirect
+	github.com/lestrrat-go/httpcc v1.0.0 // indirect
+	github.com/lestrrat-go/iter v1.0.1 // indirect
+	github.com/lestrrat-go/jwx v1.2.7 // indirect
+	github.com/lestrrat-go/option v1.0.0 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mattn/go-colorable v0.1.10 // indirect
+	github.com/mattn/go-ieproxy v0.0.1 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/mb0/glob v0.0.0-20160210091149-1eb79d2de6c4 // indirect
+	github.com/minio/argon2 v1.0.0 // indirect
+	github.com/minio/colorjson v1.0.1 // indirect
+	github.com/minio/filepath v1.0.0 // indirect
+	github.com/minio/md5-simd v1.1.2 // indirect
+	github.com/minio/sha256-simd v1.0.0 // indirect
+	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/philhofer/fwd v1.1.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/profile v1.6.0 // indirect
+	github.com/pkg/xattr v0.4.3 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/posener/complete v1.2.3 // indirect
+	github.com/prometheus/client_golang v1.11.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.31.1 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rjeczalik/notify v0.9.2 // indirect
+	github.com/shirou/gopsutil/v3 v3.21.8 // indirect
+	github.com/sirupsen/logrus v1.8.1 // indirect
+	github.com/stretchr/objx v0.2.0 // indirect
+	github.com/tidwall/gjson v1.10.2 // indirect
+	github.com/tidwall/match v1.1.1 // indirect
+	github.com/tidwall/pretty v1.2.0 // indirect
+	github.com/tinylib/msgp v1.1.6 // indirect
+	github.com/tklauser/go-sysconf v0.3.9 // indirect
+	github.com/tklauser/numcpus v0.3.0 // indirect
+	go.etcd.io/etcd/api/v3 v3.5.0 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.5.0 // indirect
+	go.etcd.io/etcd/client/v3 v3.5.0 // indirect
+	go.mongodb.org/mongo-driver v1.4.6 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	go.uber.org/multierr v1.7.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/sys v0.0.0-20211015200801-69063c4bb744 // indirect
+	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba // indirect
+	google.golang.org/appengine v1.6.6 // indirect
+	google.golang.org/genproto v0.0.0-20210928142010-c7af6a1a74c9 // indirect
+	google.golang.org/grpc v1.41.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/h2non/filetype.v1 v1.0.5 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/ini.v1 v1.63.2 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/klog/v2 v2.8.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 // indirect
+	k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
+	maze.io/x/duration v0.0.0-20160924141736-faac084b6075 // indirect
+	sigs.k8s.io/controller-runtime v0.8.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.0 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+)
+
 replace google.golang.org/grpc => google.golang.org/grpc v1.29.1
--- a/go.sum
+++ b/go.sum
@@ -14,11 +14,15 @@ cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.60.0/go.mod h1:yw2G51M9IfRboUH61Us8GqCeF1PzPblB823Mn2q2eAU=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk=
@@ -30,6 +34,7 @@ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiy
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 code.gitea.io/sdk/gitea v0.12.0/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA=
 contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0=
@@ -107,8 +112,9 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
 github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
-github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d h1:G0m3OIz70MZUWq3EgK3CesDbo8upS2Vm9/P3FtgI+Jk=
 github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
+github.com/StackExchange/wmi v1.2.1 h1:VIkavFPXSjcnS+O8yTq7NI32k0R5Aj+v39y29VYDOSA=
+github.com/StackExchange/wmi v1.2.1/go.mod h1:rcmrprowKIVzvc+NUiLncP2uuArMWLCbu9SBzvHz7e8=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
@@ -154,6 +160,8 @@ github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU
 github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
+github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -170,6 +178,8 @@ github.com/bombsimon/wsl/v2 v2.0.0/go.mod h1:mf25kr/SqFEPhhcxW1+7pxzGlW+hIl/hYTK
 github.com/bombsimon/wsl/v2 v2.2.0/go.mod h1:Azh8c3XGEJl9LyX0/sFC+CKMc7Ssgua0g+6abzXN4Pg=
 github.com/bombsimon/wsl/v3 v3.0.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
 github.com/bombsimon/wsl/v3 v3.1.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc=
+github.com/briandowns/spinner v1.16.0 h1:DFmp6hEaIx2QXXuqSJmtfSBSAjRmpGiKG6ip2Wm/yOs=
+github.com/briandowns/spinner v1.16.0/go.mod h1:QOuQk7x+EaDASo80FEXwlwiA+j/PPIcX3FScO+3/ZPQ=
 github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw=
 github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo=
 github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
@@ -179,8 +189,9 @@ github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
-github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo=
 github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30=
 github.com/cheggaaa/pb/v3 v3.0.6 h1:ULPm1wpzvj60FvmCrX7bIaB80UgbhI+zSaQJKRfCbAs=
@@ -196,8 +207,6 @@ github.com/cockroachdb/cockroach-go/v2 v2.0.3 h1:ZA346ACHIZctef6trOTwBAEvPVm1k0u
 github.com/cockroachdb/cockroach-go/v2 v2.0.3/go.mod h1:hAuDgiVgDVkfirP9JnhXEfcXEPRKBpYdGz+l7mvYSzw=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/codegangsta/negroni v1.0.0 h1:+aYywywx4bnKXWvoWtRfJ91vC59NbEhEY03sZjQhbVY=
-github.com/codegangsta/negroni v1.0.0/go.mod h1:v0y3T5G7Y1UlFfyxFn/QLRU4a2EuNau2iZY63YTKWo0=
 github.com/container-storage-interface/spec v1.1.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4=
 github.com/container-storage-interface/spec v1.3.0/go.mod h1:6URME8mwIBbpVyZV93Ce5St17xBiQJQY67NDsuohiy4=
 github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
@@ -206,8 +215,6 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
 github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
-github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
-github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
@@ -215,8 +222,9 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f h1:JOrtw2xFKzlg+cbHpyrpLDmnN1HqhBfnX7WDiW7eG2c=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/go-systemd/v22 v22.3.1 h1:7OO2CXWMYNDdaAzP51t4lCCZWwpQHmvPbm9sxWjm3So=
 github.com/coreos/go-systemd/v22 v22.3.1/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/coreos/go-systemd/v22 v22.3.2 h1:D9/bQk5vlXQFZ6Kwuu6zaiXJ9oTPe68++AzAJc1DzSI=
+github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
@@ -232,11 +240,12 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decred/dcrd/chaincfg/chainhash v1.0.2/go.mod h1:BpbrGgrPTr3YJYRN3Bm+D9NuaFd+zGyNeIKgrhCXK60=
 github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
-github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0 h1:sgNeV1VRMDzs6rzyPpxyM0jp317hnwiq58Filgag2xw=
 github.com/decred/dcrd/dcrec/secp256k1/v3 v3.0.0/go.mod h1:J70FGZSbzsjecRTiTzER+3f1KZLNaXkuv+yeFTKoxM8=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0 h1:Fe5DW39aaoS/fqZiYlylEqQWIKznnbatWSHpWdFA3oQ=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs=
 github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
@@ -274,8 +283,9 @@ github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQo
 github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
-github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
 github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -301,6 +311,7 @@ github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3I
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-ldap/ldap v3.0.2+incompatible/go.mod h1:qfd9rJvER9Q0/D/Sqn1DfHRoBp40uXYvFoEVrNEPqRc=
 github.com/go-lintpack/lintpack v0.5.2/go.mod h1:NwZuYi2nUHho8XEIZ6SIxihrnPoqBTDqfpXvXAN0sXM=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
@@ -313,8 +324,10 @@ github.com/go-logr/logr v0.4.0 h1:K7/B1jt6fIBQVd4Owv2MqGQClcgf0R266+7C/QjRcLc=
 github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/zapr v0.2.0/go.mod h1:qhKdvif7YF5GI9NWEpyxTSSBdGmzkNguibrdCNVPunU=
 github.com/go-ole/go-ole v1.2.1/go.mod h1:7FAglXiTm7HKlQRDeOQ6ZNUHidzCWXuZWq/1dTyBNF8=
-github.com/go-ole/go-ole v1.2.4 h1:nNBDSCOigTSiarFpYE9J/KtEA1IOW4CNeqT9TQDqCxI=
 github.com/go-ole/go-ole v1.2.4/go.mod h1:XCwSNxSkXRo4vlyPy93sltvi/qJq0jqQhjqQNIwKuxM=
+github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI=
 github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
 github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik=
@@ -416,6 +429,7 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/go-toolsmith/astcast v1.0.0/go.mod h1:mt2OdQTeAQcY4DQgPSArJjHCcOwlX+Wl/kwN+LbLGQ4=
 github.com/go-toolsmith/astcopy v1.0.0/go.mod h1:vrgyG+5Bxrnz4MZWPF+pI4R8h3qKRjjyvV/DSez4WVQ=
@@ -457,8 +471,10 @@ github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGt
 github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
 github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.4.8 h1:TfwOxfSp8hXH+ivoOk36RyDNmXATUETRdaNWDaZglf8=
 github.com/goccy/go-json v0.4.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.7.8/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.7.9 h1:mSp3uo1tr6MXQTYopSNhHTUnJhd2zQ4Yk+HdJZP+ZRY=
+github.com/goccy/go-json v0.7.9/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
 github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
@@ -469,8 +485,11 @@ github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
 github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-jwt/jwt/v4 v4.1.0 h1:XUgk2Ex5veyVFVeLm0xhusUTQybEbexJXrvPNOKkSY0=
+github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -486,6 +505,7 @@ github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFU
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -506,7 +526,6 @@ github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4=
 github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
 github.com/golangci/errcheck v0.0.0-20181223084120-ef45e06d44b6/go.mod h1:DbHgvLiFKX1Sh2T1w8Q/h4NAI8MHIpzCdnBUDTXU3I0=
@@ -534,6 +553,7 @@ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
@@ -549,19 +569,23 @@ github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200507031123-427632fa3b1c/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg=
 github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk=
 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s=
 github.com/google/wire v0.4.0/go.mod h1:ngWDr9Qvq3yZA10YrxfyGELY/AFWGVpy9c1LTRi1EoU=
 github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY=
@@ -577,7 +601,6 @@ github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2c
 github.com/gookit/color v1.2.4/go.mod h1:AhIE+pS6D4Ql0SQWbBeXPHw7gY0/sjHoA4s/n1KB7xg=
 github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f h1:4Gslotqbs16iAg+1KR/XdabIfq8TlAWHdwS5QJFksLc=
 github.com/gopherjs/gopherjs v0.0.0-20190328170749-bb2674552d8f/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/goreleaser/goreleaser v0.136.0/go.mod h1:wiKrPUeSNh6Wu8nUHxZydSOVQ/OZvOaO7DTtFqie904=
 github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w=
@@ -606,8 +629,9 @@ github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBt
 github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
 github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
 github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
+github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
+github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
@@ -615,8 +639,9 @@ github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrj
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
+github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
+github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY=
 github.com/hashicorp/go-retryablehttp v0.5.4/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs=
 github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY=
@@ -630,6 +655,7 @@ github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
 github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
 github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
+github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
@@ -653,8 +679,7 @@ github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ
 github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
 github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
-github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf h1:WfD7VjIE6z8dIvMsI4/s+1qr5EL+zoIGev1BQj1eoJ8=
-github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
+github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0=
@@ -745,11 +770,11 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
@@ -762,15 +787,18 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.4.0/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.12.2 h1:2KCfW3I9M7nSc5wOqXAlW2v2U6v+w6cbjvbfp+OykW8=
-github.com/klauspost/compress v1.12.2/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg=
+github.com/klauspost/compress v1.13.5/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
+github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/klauspost/cpuid v0.0.0-20180405133222-e7e905edc00e/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid v1.3.1 h1:5JNjFYYQrZeKRJ0734q51WCEEn2huer72Dc7K+R/b6s=
 github.com/klauspost/cpuid v1.3.1/go.mod h1:bYW4mA6ZgKPob1/Dlai2LviZJO7KGI3uoWLd42rAQw4=
-github.com/klauspost/cpuid/v2 v2.0.4 h1:g0I61F2K2DjRHz1cnxlkNSBIaePVoJIjjnHui8QHbiw=
+github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.0.9 h1:lgaqFMSdTdQYdZ04uHyN2d/eKdOMyi2YLSvlQIBFYa4=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -784,21 +812,23 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kubernetes-csi/csi-lib-utils v0.7.0/go.mod h1:bze+2G9+cmoHxN6+WyG1qT4MDxgZJMLGwc7V4acPNm0=
-github.com/lestrrat-go/backoff/v2 v2.0.7 h1:i2SeK33aOFJlUNJZzf2IpXRBvqBBnaGXfY5Xaop/GsE=
 github.com/lestrrat-go/backoff/v2 v2.0.7/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
+github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
 github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
 github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
 github.com/lestrrat-go/codegen v1.0.0/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
+github.com/lestrrat-go/codegen v1.0.2/go.mod h1:JhJw6OQAuPEfVKUCLItpaVLumDGWQznd1VaXrBk9TdM=
 github.com/lestrrat-go/httpcc v1.0.0 h1:FszVC6cKfDvBKcJv646+lkh4GydQg2Z29scgUfkOpYc=
 github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
 github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
 github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
-github.com/lestrrat-go/jwx v1.2.0 h1:n08WEu8cJy3uzuQ39KWAOIhM4XfeozgaEGA8mTiioZ8=
 github.com/lestrrat-go/jwx v1.2.0/go.mod h1:Tg2uP7bpxEHUDtuWjap/PxroJ4okxGzkQznXiG+a5Dc=
+github.com/lestrrat-go/jwx v1.2.7 h1:wO7fEc3PW56wpQBMU5CyRkrk4DVsXxCoJg7oIm5HHE4=
+github.com/lestrrat-go/jwx v1.2.7/go.mod h1:bw24IXWbavc0R2RsOtpXL7RtMyP589yZ1+L7kd09ZGA=
 github.com/lestrrat-go/option v0.0.0-20210103042652-6f1ecfceda35/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
 github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/lestrrat-go/pdebug/v3 v3.0.1 h1:3G5sX/aw/TbMTtVc9U7IHBWRZtMvwvBziF1e4HoQtv8=
 github.com/lestrrat-go/pdebug/v3 v3.0.1/go.mod h1:za+m+Ve24yCxTEhR59N7UlnJomWwCiIqbJRmKeiADU4=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -832,8 +862,10 @@ github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcncea
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.10 h1:KWqbp83oZ6YOEgIbNW3BM1Jbe2tz4jgmWA9FOuAF8bw=
+github.com/mattn/go-colorable v0.1.10/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
 github.com/mattn/go-ieproxy v0.0.0-20190702010315-6dee0af9227d/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc=
 github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
@@ -846,13 +878,15 @@ github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hd
 github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
 github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA=
 github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
 github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
-github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.9.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
 github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
@@ -879,25 +913,30 @@ github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEX
 github.com/minio/kes v0.11.0 h1:8ma6OCVSxKT50b1uYXLJro3m7PmZtCLxBaTddQexI5k=
 github.com/minio/kes v0.11.0/go.mod h1:mTF1Bv8YVEtQqF/B7Felp4tLee44Pp+dgI0rhCvgNg8=
 github.com/minio/madmin-go v1.0.12/go.mod h1:BK+z4XRx7Y1v8SFWXsuLNqQqnq5BO/axJ8IDJfgyvfs=
-github.com/minio/madmin-go v1.0.17 h1:VMEn4nMKf0X3uNH0u+fZcn17KSwVkQGwyER/igG556E=
-github.com/minio/madmin-go v1.0.17/go.mod h1:4nl9hvLWFnwCjkLfZSsZXEHgDODa2XSG6xGlIZyQ2oA=
-github.com/minio/mc v0.0.0-20210626002108-cebf3318546f h1:hyFvo5hSFw2K417YvDr/vAKlgCG69uTuhZW/5LNdL0U=
-github.com/minio/mc v0.0.0-20210626002108-cebf3318546f/go.mod h1:tuaonkPjVApCXkbtKENHBtsqUf7YTV33qmFrC+Pgp5g=
+github.com/minio/madmin-go v1.1.15/go.mod h1:Iu0OnrMWNBYx1lqJTW+BFjBMx0Hi0wjw8VmqhiOs2Jo=
+github.com/minio/madmin-go v1.1.19/go.mod h1:Iu0OnrMWNBYx1lqJTW+BFjBMx0Hi0wjw8VmqhiOs2Jo=
+github.com/minio/madmin-go v1.1.21 h1:RzWjnFP/UzMf3BTCfL38z6hoi7TWT+kqW917nKOmh5o=
+github.com/minio/madmin-go v1.1.21/go.mod h1:vIDiJEjYOG27M/CgZPmxBdgdn3Yz5SIwtXtMzGAsqsA=
+github.com/minio/mc v0.0.0-20211207230606-23a05f5a17f2 h1:xocb1RGyrDJ8PxkNn0NSbaBlfdU6J/Ag9QK62pb7nR8=
+github.com/minio/mc v0.0.0-20211207230606-23a05f5a17f2/go.mod h1:siI9jWTzj1KsNXgz6NOL/S7OTaAUM0OMi+zEkF08gnA=
 github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
-github.com/minio/md5-simd v1.1.1 h1:9ojcLbuZ4gXbB2sX53MKn8JUZ0sB/2wfwsEcRw+I08U=
-github.com/minio/md5-simd v1.1.1/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77ZrKZ0Gw=
+github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
+github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v7 v7.0.11-0.20210302210017-6ae69c73ce78/go.mod h1:mTh2uJuAbEqdhMVl6CMIIZLUeiMiWtJR4JB8/5g2skw=
-github.com/minio/minio-go/v7 v7.0.11-0.20210607181445-e162fdb8e584/go.mod h1:WoyW+ySKAKjY98B9+7ZbI8z8S3jaxaisdcvj9TGlazA=
-github.com/minio/minio-go/v7 v7.0.13-0.20210715203016-9e713532886e h1:aVnxKPpUI1gVeEf9vC+QEt8OxMXiiNMeUWcrBM62oDU=
-github.com/minio/minio-go/v7 v7.0.13-0.20210715203016-9e713532886e/go.mod h1:S23iSP5/gbMwtxeY5FM71R+TkAYyzEdoNEDDwpt8yWs=
-github.com/minio/operator v0.0.0-20210812082324-26350f153661 h1:dGAJHpfmhNukFg0M0wDqH+G1OB2YPgZCcT6uv4n9YQk=
-github.com/minio/operator v0.0.0-20210812082324-26350f153661/go.mod h1:zQqn6VGT46xlSpVXh1I/VZRv+eSgHtVu6URdg71YKX8=
-github.com/minio/operator/logsearchapi v0.0.0-20210812082324-26350f153661 h1:tJw15hS3b1dVTf5PwA4roXZ/oRNnHyZ/8Y+yNTmQ5rA=
-github.com/minio/operator/logsearchapi v0.0.0-20210812082324-26350f153661/go.mod h1:R+38Pf3wfm+JMiyLPb/r8OMrBm0vK2hZgUT4y4aYoSY=
+github.com/minio/minio-go/v7 v7.0.16-0.20211108161804-a7a36ee131df/go.mod h1:pUV0Pc+hPd1nccgmzQF/EXh48l/Z/yps6QPF1aaie4g=
+github.com/minio/minio-go/v7 v7.0.18/go.mod h1:SyQ1IFeJuaa+eV5yEDxW7hYE1s5VVq5sgImDe27R+zg=
+github.com/minio/minio-go/v7 v7.0.19 h1:7igdH+/zj3DO3VDr3RBUXfbCnkauKWk/tIw3IA9P1GE=
+github.com/minio/minio-go/v7 v7.0.19/go.mod h1:SyQ1IFeJuaa+eV5yEDxW7hYE1s5VVq5sgImDe27R+zg=
+github.com/minio/operator v0.0.0-20211011212245-31460bbbc4b7 h1:dkfuMNslMjGoJ4ArAMSoQhidYNdm3SgzLBP+f96O3/E=
+github.com/minio/operator v0.0.0-20211011212245-31460bbbc4b7/go.mod h1:lDpuz8nwsfhKlfiBaA3Z8AW019fWEAjO2gltfLbdorE=
+github.com/minio/operator/logsearchapi v0.0.0-20211011212245-31460bbbc4b7 h1:vFtQqCt67ETp0JAkOKRWTKkgwFv14Vc1jJSxmQ8wJE0=
+github.com/minio/operator/logsearchapi v0.0.0-20211011212245-31460bbbc4b7/go.mod h1:R+38Pf3wfm+JMiyLPb/r8OMrBm0vK2hZgUT4y4aYoSY=
 github.com/minio/pkg v1.0.3/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
 github.com/minio/pkg v1.0.4/go.mod h1:obU54TZ9QlMv0TRaDgQ/JTzf11ZSXxnSfLrm4tMtBP8=
-github.com/minio/pkg v1.0.8 h1:lWQwHSeYlvnRoPpO+wS0I4mL6c00ABxBgbGjSmjwOi4=
-github.com/minio/pkg v1.0.8/go.mod h1:32x/3OmGB0EOi1N+3ggnp+B5VFkSBBB9svPMVfpnf14=
+github.com/minio/pkg v1.0.11/go.mod h1:32x/3OmGB0EOi1N+3ggnp+B5VFkSBBB9svPMVfpnf14=
+github.com/minio/pkg v1.1.3/go.mod h1:32x/3OmGB0EOi1N+3ggnp+B5VFkSBBB9svPMVfpnf14=
+github.com/minio/pkg v1.1.10 h1:EZvPb8XsTQaafg7EfZVWu/CkNRAf38dtuWsfrOmDqG8=
+github.com/minio/pkg v1.1.10/go.mod h1:3I8LLp1/HDhNKl35I8ve0mhzp7+bvVTrJmLqkdkOHME=
 github.com/minio/selfupdate v0.3.1 h1:BWEFSNnrZVMUWXbXIgLDNDjbejkmpAmZvy/nCz1HlEs=
 github.com/minio/selfupdate v0.3.1/go.mod h1:b8ThJzzH7u2MkF6PcIra7KaXO9Khf6alWPvMSyTDCFM=
 github.com/minio/sha256-simd v0.1.1/go.mod h1:B5e1o+1/KgNmWrSQK08Y6Z1Vb5pwIktudl0J58iy0KM=
@@ -932,8 +971,9 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
@@ -955,8 +995,9 @@ github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OS
 github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
+github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
@@ -970,8 +1011,9 @@ github.com/onsi/ginkgo v1.10.2/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+
 github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
-github.com/onsi/ginkgo v1.14.1 h1:jMU0WaQrP0a/YAEq8eJmJKjBoMs+pClEr1vDMlM/Do4=
 github.com/onsi/ginkgo v1.14.1/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.1 h1:foqVmeWDD6yYpK+Yz3fHyNIxFYNxswxqNFjSKe+vI54=
+github.com/onsi/ginkgo v1.16.1/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -980,8 +1022,9 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
-github.com/onsi/gomega v1.10.2 h1:aY/nuoWlKJud2J6U0E3NWsjlg+0GtwXxgEqthRdzlcs=
 github.com/onsi/gomega v1.10.2/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
+github.com/onsi/gomega v1.11.0 h1:+CqWgvj0OZycCaqclBD1pxKHAU+tOkHmQIWvDHq2aug=
+github.com/onsi/gomega v1.11.0/go.mod h1:azGKhqFUon9Vuj0YmTfLSmx0FUwqXYSTl5re8lQLTUg=
 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
 github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
@@ -1014,10 +1057,10 @@ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pkg/profile v1.3.0 h1:OQIvuDgm00gWVWGTf4m4mCt6W1/0YqU7Ntg0mySWgaI=
-github.com/pkg/profile v1.3.0/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pkg/xattr v0.4.1 h1:dhclzL6EqOXNaPDWqoeb9tIxATfBSmjqL0b4DpSjwRw=
-github.com/pkg/xattr v0.4.1/go.mod h1:W2cGD0TBEus7MkUgv0tNZ9JutLtVO3cXu+IBRuHqnFs=
+github.com/pkg/profile v1.6.0 h1:hUDfIISABYI59DyeB3OTay/HxSRwTQ8rB/H83k6r5dM=
+github.com/pkg/profile v1.6.0/go.mod h1:qBsxPvzyUincmltOk6iyRVxHYg4adc0OFOv72ZdLa18=
+github.com/pkg/xattr v0.4.3 h1:5Jx4GCg5ABtqWZH8WLzeI4fOtM1HyX4RBawuCoua1es=
+github.com/pkg/xattr v0.4.3/go.mod h1:sBD3RAqlr8Q+RC3FutZcikpT8nyDrIEEBw2J744gVWs=
 github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
@@ -1026,8 +1069,6 @@ github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndr
 github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo=
 github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s=
 github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
-github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.44.1/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
 github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.46.0/go.mod h1:3WYi4xqXxGGXWDdQIITnLNmuDzO5n6wYva9spVhR4fg=
 github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0/go.mod h1:k4BrWlVQQsvBiTcDnKEMgyh/euRxyxgrHdur/ZX/sdA=
@@ -1038,8 +1079,9 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
 github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
 github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
 github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.8.0 h1:zvJNkoCFAnYFNC24FV8nW4JdRJ3GIFcLbg65lL/JDcw=
 github.com/prometheus/client_golang v1.8.0/go.mod h1:O9VU6huf47PktckDQfMTX0Y8tY0/7TSWwj+ITvv0TnM=
+github.com/prometheus/client_golang v1.11.0 h1:HNkLOAEQMIDv/K+04rukrLx6ch7msSRwf3/SASFAGtQ=
+github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -1054,8 +1096,10 @@ github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y8
 github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
 github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.14.0 h1:RHRyE8UocrbjU+6UvRzwi6HjiDfxrrBU91TtbKzkGp4=
 github.com/prometheus/common v0.14.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s=
+github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
+github.com/prometheus/common v0.31.1 h1:d18hG4PkHnNAKNMOmFuXFaiY8Us0nird/2m60uS1AMs=
+github.com/prometheus/common v0.31.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
@@ -1063,13 +1107,16 @@ github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsT
 github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
+github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
+github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI=
 github.com/quasilyte/go-ruleguard v0.1.2-0.20200318202121-b00d7a75d3d8/go.mod h1:CGFX09Ci3pq9QZdj86B+VGIdNj4VyCo2iPOGS9esB/k=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rjeczalik/notify v0.9.2 h1:MiTWrPj55mNDHEiIX5YUSKefw/+lCQVoAFmD6oQm5w8=
 github.com/rjeczalik/notify v0.9.2/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa4QEjJeqM=
 github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
@@ -1079,8 +1126,9 @@ github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.5.2/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rs/xid v1.2.1 h1:mhH9Nq+C1fY2l1XIpgxIiUOfNpRBYH1kKcr+qfKgjRc=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
+github.com/rs/xid v1.3.0 h1:6NjYksEUlhurdVehpc7S7dk6DAmcKv8V9gG0FsVN2U4=
+github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
 github.com/rubiojr/go-vhd v0.0.0-20160810183302-0bfd3b39853c/go.mod h1:DM5xW0nvfNNm2uytzsvhI3OnX8uzaRAg8UX/CnDqbto=
@@ -1106,8 +1154,10 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm
 github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada h1:WokF3GuxBeL+n4Lk4Fa8v9mbdjlrl7bHuneF4N1bk2I=
 github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc=
 github.com/shirou/gopsutil/v3 v3.21.4/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw=
-github.com/shirou/gopsutil/v3 v3.21.6 h1:vU7jrp1Ic/2sHB7w6UNs7MIkn7ebVtTb5D9j45o9VYE=
+github.com/shirou/gopsutil/v3 v3.21.5/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw=
 github.com/shirou/gopsutil/v3 v3.21.6/go.mod h1:JfVbDpIBLVzT8oKbvMg9P3wEIMDDpVn+LwHTKj0ST88=
+github.com/shirou/gopsutil/v3 v3.21.8 h1:nKct+uP0TV8DjjNiHanKf8SAuub+GNsbrOtM9Nl9biA=
+github.com/shirou/gopsutil/v3 v3.21.8/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
 github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
@@ -1126,10 +1176,8 @@ github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
-github.com/smartystreets/assertions v1.1.1 h1:T/YLemO5Yp7KPzS+lVtu+WsHn8yoSwTfItdAd1r3cck=
 github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
@@ -1177,28 +1225,31 @@ github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0
 github.com/tdakkota/asciicheck v0.0.0-20200416200610-e657995f937b/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM=
 github.com/tetafro/godot v0.3.7/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
 github.com/tetafro/godot v0.4.2/go.mod h1:/7NLHhv08H1+8DNj0MElpAACw1ajsCuf3TKNQxA5S+0=
-github.com/tidwall/gjson v1.7.5 h1:zmAN/xmX7OtpAkv4Ovfso60r/BiCi5IErCDYGNJu+uc=
-github.com/tidwall/gjson v1.7.5/go.mod h1:5/xDoumyyDNerp2U36lyolv46b3uF/9Bu6OfyQ9GImk=
-github.com/tidwall/match v1.0.3 h1:FQUVvBImDutD8wJLN6c5eMzWtjgONK9MwIBCOrUJKeE=
-github.com/tidwall/match v1.0.3/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
+github.com/tidwall/gjson v1.10.2 h1:APbLGOM0rrEkd8WBw9C24nllro4ajFuJu0Sc9hRz8Bo=
+github.com/tidwall/gjson v1.10.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
+github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/tidwall/pretty v1.1.0 h1:K3hMW5epkdAVwibsQEfR/7Zj0Qgt4DxtNumTq/VloO8=
-github.com/tidwall/pretty v1.1.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
+github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
+github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
 github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
 github.com/timakin/bodyclose v0.0.0-20200424151742-cb6215831a94/go.mod h1:Qimiffbc6q9tBWlVV6x0P9sat/ao1xEkREYPPj9hphk=
-github.com/tinylib/msgp v1.1.3 h1:3giwAkmtaEDLSV0MdO1lDLuPgklgPzmk8H9+So2BVfA=
 github.com/tinylib/msgp v1.1.3/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+github.com/tinylib/msgp v1.1.6 h1:i+SbKraHhnrf9M5MYmvQhFnbLhAXSDWF8WWsuyRdocw=
+github.com/tinylib/msgp v1.1.6/go.mod h1:75BAfg2hauQhs3qedfdDZmWAPcFMAvJE5b9rGOMufyw=
 github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0=
 github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0=
 github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao=
 github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4=
 github.com/tklauser/go-sysconf v0.3.4/go.mod h1:Cl2c8ZRWfHD5IrfHo9VN+FX9kCFjIOyVklgXycLB6ek=
 github.com/tklauser/go-sysconf v0.3.5/go.mod h1:MkWzOF4RMCshBAMXuhXJs64Rte09mITnppBXY/rYEFI=
-github.com/tklauser/go-sysconf v0.3.6 h1:oc1sJWvKkmvIxhDHeKWvZS4f6AW+YcoguSfRF2/Hmo4=
 github.com/tklauser/go-sysconf v0.3.6/go.mod h1:MkWzOF4RMCshBAMXuhXJs64Rte09mITnppBXY/rYEFI=
+github.com/tklauser/go-sysconf v0.3.9 h1:JeUVdAOWhhxVcU6Eqr/ATFHgXk/mmiItdKeJPev3vTo=
+github.com/tklauser/go-sysconf v0.3.9/go.mod h1:11DU/5sG7UexIrp/O6g35hrWzu0JxlwQ3LSFUzyeuhs=
 github.com/tklauser/numcpus v0.2.1/go.mod h1:9aU+wOc6WjUIZEwWMP62PL/41d65P+iks1gBkr4QyP8=
-github.com/tklauser/numcpus v0.2.2 h1:oyhllyrScuYI6g+h/zUvNXNp1wy7x8qQy3t/piefldA=
 github.com/tklauser/numcpus v0.2.2/go.mod h1:x3qojaO3uyYt0i56EW/VUYs7uBvdl2fkfZFu0T9wgjM=
+github.com/tklauser/numcpus v0.3.0 h1:ILuRUQBtssgnxw0XXIjKUC56fgnOrFoQQ/4+DeU2biQ=
+github.com/tklauser/numcpus v0.3.0/go.mod h1:yFGUr7TUHQRAhyqBcEg0Ge34zDBAsIvJJcyE6boqnA8=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tommy-muehle/go-mnd v1.1.1/go.mod h1:dSUh0FtTP8VhvkL1S+gUR1OKd9ZnSaozuI6r3m6wOig=
@@ -1209,10 +1260,12 @@ github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4A
 github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA=
 github.com/ultraware/whitespace v0.0.4/go.mod h1:aVMh/gQve5Maj9hQ/hg+F75lr/X5A89uZnzAmWSineA=
-github.com/unrolled/secure v1.0.7 h1:BcQHp3iKZyZCKj5gRqwQG+5urnGBF00wGgoPPwtheVQ=
-github.com/unrolled/secure v1.0.7/go.mod h1:uGc1OcRF8gCVBA+ANksKmvM85Hka6SZtQIbrKc3sHS4=
+github.com/unrolled/secure v1.0.9 h1:BWRuEb1vDrBFFDdbCnKkof3gZ35I/bnHGyt0LB0TNyQ=
+github.com/unrolled/secure v1.0.9/go.mod h1:fO+mEan+FLB0CdEnHf6Q4ZZVNqG+5fuLFnP8p0BXDPI=
 github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
 github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
+github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
+github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
 github.com/uudashr/gocognit v1.0.1/go.mod h1:j44Ayx2KW4+oB6SWMv8KsmHzZrOInQav7D3cQMJ5JUM=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s=
@@ -1232,6 +1285,7 @@ github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
@@ -1239,12 +1293,15 @@ go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
 go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489 h1:1JFLBqwIgdyHN1ZtgjTBwO+blA6gVOmZurpiMEsETKo=
 go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg=
-go.etcd.io/etcd/api/v3 v3.5.0-beta.4 h1:etIejKeELg3fIXt0i71TXtx1OjK9q+oegcv00zipiis=
 go.etcd.io/etcd/api/v3 v3.5.0-beta.4/go.mod h1:yF0YUmBghT48aC0/eTFrhULo+uKQAr5spQQ6sRhPauE=
-go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.4 h1:IVvCfkch8truS86wSy67AbnXCYq8nYpM8NPTW14Ttp0=
+go.etcd.io/etcd/api/v3 v3.5.0 h1:GsV3S+OfZEOCNXdtNkBSR7kgLobAa/SO6tCxRa0GAYw=
+go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs=
 go.etcd.io/etcd/client/pkg/v3 v3.5.0-beta.4/go.mod h1:a+pbz+UrcOpvve1Qxf6tGovi15PjgtRhi0QTO2Nlc4U=
-go.etcd.io/etcd/client/v3 v3.5.0-beta.4 h1:AW/Sj3Oq7ZYjgNsYU0xad/tu3BH/Jnn2OuLvQoUNMEM=
+go.etcd.io/etcd/client/pkg/v3 v3.5.0 h1:2aQv6F436YnN7I4VbI8PPYrBhu+SmrTaADcf8Mi/6PU=
+go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g=
 go.etcd.io/etcd/client/v3 v3.5.0-beta.4/go.mod h1:0L1RulN1QSXq6uKPMUSX+OTAYyFkapMK7iUHXXIH/1E=
+go.etcd.io/etcd/client/v3 v3.5.0 h1:62Eh0XOro+rDwkrypAGDfgmNh5Joq+z+W9HZdlXMzek=
+go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0=
 go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
 go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM=
@@ -1261,26 +1318,33 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
 go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
+go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
 go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.7.0 h1:zaiO/rmgFjbmCXdSYJWQcdvOCsthmdaHfr3Gm2Kx4Ec=
+go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
 go.uber.org/zap v1.8.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
 go.uber.org/zap v1.15.0/go.mod h1:Mb2vm2krFEG5DV0W9qcHBYFtp/Wku1cvYaqPsS/WYfc=
-go.uber.org/zap v1.16.1-0.20210329175301-c23abee72d19 h1:040c3dLNhgFQkoojH2AMpHCy4SrvhmxdU72d9GLGGE0=
 go.uber.org/zap v1.16.1-0.20210329175301-c23abee72d19/go.mod h1:aMfIlz3TDBfB0BwTCKFU1XbEmj9zevr5S5LcBr85MXw=
+go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI=
+go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
 gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -1316,8 +1380,9 @@ golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b h1:7mWr3k41Qtv8XlltBkDkl8LoP3mpSgBW8BUoxtEdbXg=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1341,6 +1406,7 @@ golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -1351,6 +1417,7 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.1-0.20200828183125-ce943fd02449/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1391,7 +1458,9 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -1403,16 +1472,20 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210421230115-4e50805a0758 h1:aEpZnXcAmXkd6AvLb2OPt+EN1Zu/8Ne3pCqPjja5PXY=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f h1:OfiFi4JbukWwe3lzw+xunroH1mnC1e2Gy5cxNJApiSY=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI=
+golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1424,13 +1497,13 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180816055513-1c9583448a9c/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180926160741-c2ed4eda69e7/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181021155630-eda9bb28ed51/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1458,6 +1531,7 @@ golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1481,28 +1555,41 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210316164454-77fc1eacc6aa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe h1:WdX7u8s3yOigWAhHEaDl8r9G+4XwFQEQFtBMYyN+kXQ=
 golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210816074244-15123e1e1f71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211015200801-69063c4bb744 h1:KzbpndAYEM+4oHRp9JmB2ewj0NHHxO3Z0g7Gus2O1kk=
+golang.org/x/sys v0.0.0-20211015200801-69063c4bb744/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1512,8 +1599,9 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1598,13 +1686,22 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200502202811-ed308ab3e770/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200626171337-aa94e735be7f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU=
+golang.org/x/tools v0.0.0-20201022035929-9cf592e881e9/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210114065538-d78b04bdf963/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
+golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -1634,6 +1731,9 @@ google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/
 google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1672,10 +1772,18 @@ google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfG
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a h1:pOwg4OoaRYScjmR4LlLgdtnyoHYTSAVhhqe5uPdpII8=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200626011028-ee7919e894b5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0=
+google.golang.org/genproto v0.0.0-20210928142010-c7af6a1a74c9 h1:XTH066D35LyHehRwlYhoK3qA+Hcgvg5xREG4kFQEW1Y=
+google.golang.org/genproto v0.0.0-20210928142010-c7af6a1a74c9/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.29.1 h1:EC2SB8S04d2r73uptxphDSUG+kTKVgjRPF+N3xpxRB4=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
@@ -1689,8 +1797,9 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
+google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1711,12 +1820,12 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.63.2 h1:tGK/CyBg7SMzb60vP1M03vNZ3VDu3wGQJwn7Sxi9r3c=
+gopkg.in/ini.v1 v1.63.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
 gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/square/go-jose.v2 v2.3.1 h1:SK5KegNXmKmqE342YYN2qPHEnUYeoMiXXl1poUlI+o4=
 gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
@@ -1748,6 +1857,7 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.5/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI=
 k8s.io/api v0.17.4/go.mod h1:5qxx6vjmwUVG2nHQTKGlLts8Tbok8PzHl4vHtVFuZCA=
--- a/images/pic1.png
+++ b/images/pic1.png
--- a/images/pic2.png
+++ b/images/pic2.png
--- a/integration/buckets_test.go
+++ b/integration/buckets_test.go
@@ -0,0 +1,488 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"os"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/go-openapi/loads"
+	"github.com/minio/console/restapi"
+	"github.com/minio/console/restapi/operations"
+
+	"github.com/minio/console/models"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var token string
+
+func initConsoleServer() (*restapi.Server, error) {
+
+	//os.Setenv("CONSOLE_MINIO_SERVER", "localhost:9000")
+
+	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	noLog := func(string, ...interface{}) {
+		// nothing to log
+	}
+
+	// Initialize MinIO loggers
+	restapi.LogInfo = noLog
+	restapi.LogError = noLog
+
+	api := operations.NewConsoleAPI(swaggerSpec)
+	api.Logger = noLog
+
+	server := restapi.NewServer(api)
+	// register all APIs
+	server.ConfigureAPI()
+
+	//restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = globalRootCAs, globalPublicCerts, globalTLSCerts
+
+	consolePort, _ := strconv.Atoi("9090")
+
+	server.Host = "0.0.0.0"
+	server.Port = consolePort
+	restapi.Port = "9090"
+	restapi.Hostname = "0.0.0.0"
+
+	return server, nil
+}
+
+func TestMain(m *testing.M) {
+
+	// start console server
+	go func() {
+		fmt.Println("start server")
+		srv, err := initConsoleServer()
+		if err != nil {
+			log.Println(err)
+			log.Println("init fail")
+			return
+		}
+		srv.Serve()
+
+	}()
+
+	fmt.Println("sleeping")
+	time.Sleep(2 * time.Second)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	// get login credentials
+
+	requestData := map[string]string{
+		"accessKey": "minioadmin",
+		"secretKey": "minioadmin",
+	}
+
+	requestDataJSON, _ := json.Marshal(requestData)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/login", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		for _, cookie := range response.Cookies() {
+			if cookie.Name == "token" {
+				token = cookie.Value
+				break
+			}
+		}
+	}
+
+	if token == "" {
+		log.Println("authentication token not found in cookies response")
+		return
+	}
+
+	code := m.Run()
+
+	requestDataAdd := map[string]interface{}{
+		"name": "test1",
+	}
+
+	requestDataJSON, _ = json.Marshal(requestDataAdd)
+
+	requestDataBody = bytes.NewReader(requestDataJSON)
+
+	// get list of buckets
+	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test1", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		fmt.Println("DELETE StatusCode:", response.StatusCode)
+	}
+
+	os.Exit(code)
+}
+
+func TestAddBucket(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       "test1",
+		"versioning": false,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	// get list of buckets
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		assert.Equal(201, response.StatusCode, "Status Code is incorrect")
+	}
+}
+
+func TestGetBucket(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       "test3",
+		"versioning": false,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	// put bucket
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	// get bucket
+	request, err = http.NewRequest("GET", "http://localhost:9090/api/v1/buckets/test3", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		assert.Equal(200, response.StatusCode, "Status Code is incorrect")
+	}
+}
+
+func TestSetBucketTags(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	requestDataAdd := map[string]interface{}{
+		"name":       "test4",
+		"versioning": false,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataAdd)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	// put bucket
+	request, err := http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	request.Close = true
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	requestDataTags := map[string]interface{}{
+		"tags": map[string]interface{}{
+			"test": "TAG",
+		},
+	}
+
+	requestTagsJSON, _ := json.Marshal(requestDataTags)
+
+	requestTagsBody := bytes.NewBuffer(requestTagsJSON)
+
+	request, err = http.NewRequest(http.MethodPut, "http://localhost:9090/api/v1/buckets/test4/tags", requestTagsBody)
+	request.Close = true
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	// get bucket
+	request, err = http.NewRequest("GET", "http://localhost:9090/api/v1/buckets/test4", nil)
+	request.Close = true
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+	bucket := models.Bucket{}
+	err = json.Unmarshal(bodyBytes, &bucket)
+	if err != nil {
+		log.Println(err)
+	}
+
+	assert.Equal("TAG", bucket.Details.Tags["test"], "Failed to add tag")
+}
+
+func TestBucketVersioning(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/session", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	var distributedSystem bool
+
+	if response != nil {
+
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		sessionResponse := models.SessionResponse{}
+		err = json.Unmarshal(bodyBytes, &sessionResponse)
+		if err != nil {
+			log.Println(err)
+		}
+
+		distributedSystem = sessionResponse.DistributedMode
+
+	}
+
+	requestDataVersioning := map[string]interface{}{
+		"name":       "test2",
+		"versioning": true,
+		"locking":    false,
+	}
+
+	requestDataJSON, _ := json.Marshal(requestDataVersioning)
+
+	requestDataBody := bytes.NewReader(requestDataJSON)
+
+	request, err = http.NewRequest("POST", "http://localhost:9090/api/v1/buckets", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	fmt.Println("Versioned bucket creation test status:", response.Status)
+	if distributedSystem {
+		assert.Equal(201, response.StatusCode, "Versioning test Status Code is incorrect - bucket failed to create")
+	} else {
+		assert.NotEqual(201, response.StatusCode, "Versioning test Status Code is incorrect -  versioned bucket created on non-distributed system")
+	}
+
+	request, err = http.NewRequest("DELETE", "http://localhost:9090/api/v1/buckets/test2", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	response, err = client.Do(request)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		fmt.Println("DELETE StatusCode:", response.StatusCode)
+	}
+
+}
+
+func TestBucketsGet(t *testing.T) {
+	assert := assert.New(t)
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+
+	// get list of buckets
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/buckets", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		assert.Equal(200, response.StatusCode, "Status Code is incorrect")
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		listBuckets := models.ListBucketsResponse{}
+		err = json.Unmarshal(bodyBytes, &listBuckets)
+		if err != nil {
+			log.Println(err)
+			assert.Nil(err)
+		}
+
+		assert.Greater(len(listBuckets.Buckets), 0, "No bucket was returned")
+		assert.Greater(listBuckets.Total, int64(0), "Total buckets is 0")
+
+	}
+
+}
--- a/integration/login_test.go
+++ b/integration/login_test.go
@@ -0,0 +1,71 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package integration
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/minio/console/models"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoginStrategy(t *testing.T) {
+	assert := assert.New(t)
+
+	// image for now:
+	// minio: 9000
+	// console: 9090
+
+	client := &http.Client{
+		Timeout: 2 * time.Second,
+	}
+	// copy query params
+	request, err := http.NewRequest("GET", "http://localhost:9090/api/v1/login", nil)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	response, err := client.Do(request)
+	assert.Nil(err)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+
+	if response != nil {
+		bodyBytes, _ := ioutil.ReadAll(response.Body)
+
+		loginDetails := models.LoginDetails{}
+
+		err = json.Unmarshal(bodyBytes, &loginDetails)
+		if err != nil {
+			log.Println(err)
+		}
+		assert.Nil(err)
+
+		assert.Equal(models.LoginDetailsLoginStrategyForm, loginDetails.LoginStrategy, "Login Details don't match")
+
+	}
+
+}
--- a/k8s/console/base/console-cluster-role-binding.yaml
+++ b/k8s/console/base/console-cluster-role-binding.yaml
@@ -1,12 +0,0 @@
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: console-sa-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: console-sa-role
-subjects:
-  - kind: ServiceAccount
-    name: console-sa
-    namespace: default
--- a/k8s/console/base/console-cluster-role.yaml
+++ b/k8s/console/base/console-cluster-role.yaml
@@ -1,222 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: console-sa-role
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-      - update
-      - deletecollection
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-      - pods
-      - services
-      - events
-      - resourcequotas
-      - nodes
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - persistentvolumeclaims
-    verbs:
-      - deletecollection
-      - list
-      - get
-      - watch
-      - update
-  - apiGroups:
-      - "storage.k8s.io"
-    resources:
-      - storageclasses
-    verbs:
-      - get
-      - watch
-      - create
-      - list
-      - patch
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - batch
-    resources:
-      - jobs
-    verbs:
-      - get
-      - create
-      - list
-      - patch
-      - watch
-      - update
-      - delete
-  - apiGroups:
-      - "certificates.k8s.io"
-    resources:
-      - "certificatesigningrequests"
-      - "certificatesigningrequests/approval"
-      - "certificatesigningrequests/status"
-    verbs:
-      - update
-      - create
-      - get
-  - apiGroups:
-      - minio.min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-      - min.io
-    resources:
-      - "*"
-    verbs:
-      - "*"
-  - apiGroups:
-    - ""
-    resources:
-    - persistentvolumes
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - delete
-  - apiGroups:
-    - ""
-    resources:
-    - persistentvolumeclaims
-    verbs:
-    - get
-    - list
-    - watch
-    - update
-  - apiGroups:
-    - ""
-    resources:
-    - events
-    verbs:
-    - create
-    - list
-    - watch
-    - update
-    - patch
-  - apiGroups:
-    - snapshot.storage.k8s.io
-    resources:
-    - volumesnapshots
-    verbs:
-    - get
-    - list
-  - apiGroups:
-    - snapshot.storage.k8s.io
-    resources:
-    - volumesnapshotcontents
-    verbs:
-    - get
-    - list
-  - apiGroups:
-    - storage.k8s.io
-    resources:
-    - csinodes
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - storage.k8s.io
-    resources:
-    - volumeattachments
-    verbs:
-    - get
-    - list
-    - watch
-  - apiGroups:
-    - ""
-    resources:
-    - endpoints
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - delete
-  - apiGroups:
-    - coordination.k8s.io
-    resources:
-    - leases
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - delete
-  - apiGroups:
-    - direct.csi.min.io
-    resources:
-    - volumes
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - delete
-  - apiGroups:
-    - apiextensions.k8s.io
-    resources:
-    - customresourcedefinitions
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - delete
-  - apiGroups:
-    - direct.csi.min.io
-    resources:
-    - directcsidrives
-    - directcsivolumes
-    verbs:
-    - get
-    - list
-    - watch
-    - create
-    - update
-    - delete
-  - apiGroups:
-    - ""
-    resources:
-    - pod
-    verbs:
-    - get
-    - list
-    - watch
--- a/k8s/console/base/console-configmap.yaml
+++ b/k8s/console/base/console-configmap.yaml
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: console-env
-data:
-  CONSOLE_PORT: "9090"
-  CONSOLE_TLS_PORT: "9443"
--- a/k8s/console/base/console-deployment.yaml
+++ b/k8s/console/base/console-deployment.yaml
@@ -1,26 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: console
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: console
-  template:
-    metadata:
-      labels:
-        app: console
-    spec:
-      serviceAccountName: console-sa
-      containers:
-        - name: console
-          image: minio/console:v0.9.2
-          imagePullPolicy: "IfNotPresent"
-          args:
-            - server
-          ports:
-            - containerPort: 9090
-              name: http
-            - containerPort: 9433
-              name: https
--- a/k8s/console/base/console-service-account.yaml
+++ b/k8s/console/base/console-service-account.yaml
@@ -1,5 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: console-sa
-  namespace: default
--- a/k8s/console/base/console-service.yaml
+++ b/k8s/console/base/console-service.yaml
@@ -1,14 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: console
-  labels:
-    name: console
-spec:
-  ports:
-    - port: 9090
-      name: http
-    - port: 9443
-      name: https
-  selector:
-    app: console
--- a/k8s/console/base/kustomization.yaml
+++ b/k8s/console/base/kustomization.yaml
@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-# beginning of customizations
-resources:
-  - console-service-account.yaml
-  - console-cluster-role.yaml
-  - console-cluster-role-binding.yaml
-  - console-configmap.yaml
-  - console-service.yaml
-  - console-deployment.yaml
-  - https://github.com/minio/operator/?ref=v3.0.10
--- a/k8s/operator-console/base/console-cluster-role.yaml
+++ b/k8s/operator-console/base/console-cluster-role.yaml
@@ -19,7 +19,6 @@ rules:
      - ""
    resources:
      - namespaces
-      - pods
      - services
      - events
      - resourcequotas
@@ -30,6 +29,18 @@ rules:
      - create
      - list
      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - delete
+      - deletecollection
  - apiGroups:
      - ""
    resources:
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -15,7 +15,7 @@ spec:
      serviceAccountName: console-sa
      containers:
        - name: console
-          image: minio/console:v0.9.2
+          image: minio/console:v0.13.0
          imagePullPolicy: "IfNotPresent"
          env:
            - name: CONSOLE_OPERATOR_MODE
--- a/k8s/operator-console/operator/kustomization.yaml
+++ b/k8s/operator-console/operator/kustomization.yaml
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-# beginning of customizations
-#namespace: min-ns
-
-resources:
-  - ../base
-  - https://github.com/minio/operator/?ref=v3.0.29
-
--- a/k8s/operator-console/standalone/console-deployment.yaml
+++ b/k8s/operator-console/standalone/console-deployment.yaml
@@ -0,0 +1,46 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  namespace: default
+  labels:
+    name: console
+spec:
+  ports:
+    - port: 9090
+      name: http
+    - port: 9443
+      name: https
+  selector:
+    app: console-standalone
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: console-standalone
+  template:
+    metadata:
+      labels:
+        app: console-standalone
+    spec:
+      containers:
+        - name: console
+          image: minio/console:v0.13.0
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: CONSOLE_MINIO_SERVER
+              value: "https://minio.default.svc.cluster.local"
+          args:
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https
--- a/models/admin_info_response.go
+++ b/models/admin_info_response.go
@@ -42,6 +42,12 @@ type AdminInfoResponse struct {
 	// objects
 	Objects int64 `json:"objects,omitempty"`

+	// prometheus not ready
+	PrometheusNotReady bool `json:"prometheusNotReady,omitempty"`
+
+	// servers
+	Servers []*ServerProperties `json:"servers"`
+
 	// usage
 	Usage int64 `json:"usage,omitempty"`

@@ -53,6 +59,10 @@ type AdminInfoResponse struct {
 func (m *AdminInfoResponse) Validate(formats strfmt.Registry) error {
 	var res []error

+	if err := m.validateServers(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateWidgets(formats); err != nil {
 		res = append(res, err)
 	}
@@ -63,6 +73,30 @@ func (m *AdminInfoResponse) Validate(formats strfmt.Registry) error {
 	return nil
 }

+func (m *AdminInfoResponse) validateServers(formats strfmt.Registry) error {
+	if swag.IsZero(m.Servers) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Servers); i++ {
+		if swag.IsZero(m.Servers[i]) { // not required
+			continue
+		}
+
+		if m.Servers[i] != nil {
+			if err := m.Servers[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("servers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
 func (m *AdminInfoResponse) validateWidgets(formats strfmt.Registry) error {
 	if swag.IsZero(m.Widgets) { // not required
 		return nil
@@ -91,6 +125,10 @@ func (m *AdminInfoResponse) validateWidgets(formats strfmt.Registry) error {
 func (m *AdminInfoResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error

+	if err := m.contextValidateServers(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateWidgets(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -101,6 +139,24 @@ func (m *AdminInfoResponse) ContextValidate(ctx context.Context, formats strfmt.
 	return nil
 }

+func (m *AdminInfoResponse) contextValidateServers(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Servers); i++ {
+
+		if m.Servers[i] != nil {
+			if err := m.Servers[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("servers" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
 func (m *AdminInfoResponse) contextValidateWidgets(ctx context.Context, formats strfmt.Registry) error {

 	for i := 0; i < len(m.Widgets); i++ {
--- a/models/allocatable_resources_response.go
+++ b/models/allocatable_resources_response.go
@@ -0,0 +1,165 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AllocatableResourcesResponse allocatable resources response
+//
+// swagger:model allocatableResourcesResponse
+type AllocatableResourcesResponse struct {
+
+	// cpu priority
+	CPUPriority *NodeMaxAllocatableResources `json:"cpu_priority,omitempty"`
+
+	// mem priority
+	MemPriority *NodeMaxAllocatableResources `json:"mem_priority,omitempty"`
+
+	// min allocatable cpu
+	MinAllocatableCPU int64 `json:"min_allocatable_cpu,omitempty"`
+
+	// min allocatable mem
+	MinAllocatableMem int64 `json:"min_allocatable_mem,omitempty"`
+}
+
+// Validate validates this allocatable resources response
+func (m *AllocatableResourcesResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCPUPriority(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateMemPriority(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AllocatableResourcesResponse) validateCPUPriority(formats strfmt.Registry) error {
+	if swag.IsZero(m.CPUPriority) { // not required
+		return nil
+	}
+
+	if m.CPUPriority != nil {
+		if err := m.CPUPriority.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("cpu_priority")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AllocatableResourcesResponse) validateMemPriority(formats strfmt.Registry) error {
+	if swag.IsZero(m.MemPriority) { // not required
+		return nil
+	}
+
+	if m.MemPriority != nil {
+		if err := m.MemPriority.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("mem_priority")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this allocatable resources response based on the context it is used
+func (m *AllocatableResourcesResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateCPUPriority(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateMemPriority(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AllocatableResourcesResponse) contextValidateCPUPriority(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.CPUPriority != nil {
+		if err := m.CPUPriority.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("cpu_priority")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AllocatableResourcesResponse) contextValidateMemPriority(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.MemPriority != nil {
+		if err := m.MemPriority.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("mem_priority")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AllocatableResourcesResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AllocatableResourcesResponse) UnmarshalBinary(b []byte) error {
+	var res AllocatableResourcesResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/azure_configuration.go
+++ b/models/azure_configuration.go
@@ -0,0 +1,313 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AzureConfiguration azure configuration
+//
+// swagger:model azureConfiguration
+type AzureConfiguration struct {
+
+	// keyvault
+	// Required: true
+	Keyvault *AzureConfigurationKeyvault `json:"keyvault"`
+}
+
+// Validate validates this azure configuration
+func (m *AzureConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateKeyvault(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfiguration) validateKeyvault(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault", "body", m.Keyvault); err != nil {
+		return err
+	}
+
+	if m.Keyvault != nil {
+		if err := m.Keyvault.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this azure configuration based on the context it is used
+func (m *AzureConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateKeyvault(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfiguration) contextValidateKeyvault(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Keyvault != nil {
+		if err := m.Keyvault.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfiguration) UnmarshalBinary(b []byte) error {
+	var res AzureConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AzureConfigurationKeyvault azure configuration keyvault
+//
+// swagger:model AzureConfigurationKeyvault
+type AzureConfigurationKeyvault struct {
+
+	// credentials
+	Credentials *AzureConfigurationKeyvaultCredentials `json:"credentials,omitempty"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+}
+
+// Validate validates this azure configuration keyvault
+func (m *AzureConfigurationKeyvault) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) validateCredentials(formats strfmt.Registry) error {
+	if swag.IsZero(m.Credentials) { // not required
+		return nil
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this azure configuration keyvault based on the context it is used
+func (m *AzureConfigurationKeyvault) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateCredentials(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvault) contextValidateCredentials(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Credentials != nil {
+		if err := m.Credentials.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("keyvault" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfigurationKeyvault) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfigurationKeyvault) UnmarshalBinary(b []byte) error {
+	var res AzureConfigurationKeyvault
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AzureConfigurationKeyvaultCredentials azure configuration keyvault credentials
+//
+// swagger:model AzureConfigurationKeyvaultCredentials
+type AzureConfigurationKeyvaultCredentials struct {
+
+	// client id
+	// Required: true
+	ClientID *string `json:"client_id"`
+
+	// client secret
+	// Required: true
+	ClientSecret *string `json:"client_secret"`
+
+	// tenant id
+	// Required: true
+	TenantID *string `json:"tenant_id"`
+}
+
+// Validate validates this azure configuration keyvault credentials
+func (m *AzureConfigurationKeyvaultCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateClientID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateClientSecret(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTenantID(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateClientID(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"client_id", "body", m.ClientID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateClientSecret(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"client_secret", "body", m.ClientSecret); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AzureConfigurationKeyvaultCredentials) validateTenantID(formats strfmt.Registry) error {
+
+	if err := validate.Required("keyvault"+"."+"credentials"+"."+"tenant_id", "body", m.TenantID); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this azure configuration keyvault credentials based on context it is used
+func (m *AzureConfigurationKeyvaultCredentials) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AzureConfigurationKeyvaultCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AzureConfigurationKeyvaultCredentials) UnmarshalBinary(b []byte) error {
+	var res AzureConfigurationKeyvaultCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket.go
+++ b/models/bucket.go
@@ -24,6 +24,7 @@ package models

 import (
 	"context"
+	"encoding/json"

 	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
@@ -42,11 +43,20 @@ type Bucket struct {
 	// creation date
 	CreationDate string `json:"creation_date,omitempty"`

+	// details
+	Details *BucketDetails `json:"details,omitempty"`
+
 	// name
 	// Required: true
 	// Min Length: 3
 	Name *string `json:"name"`

+	// objects
+	Objects int64 `json:"objects,omitempty"`
+
+	// rw access
+	RwAccess *BucketRwAccess `json:"rw_access,omitempty"`
+
 	// size
 	Size int64 `json:"size,omitempty"`
 }
@@ -59,10 +69,18 @@ func (m *Bucket) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateDetails(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateName(formats); err != nil {
 		res = append(res, err)
 	}

+	if err := m.validateRwAccess(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -86,6 +104,23 @@ func (m *Bucket) validateAccess(formats strfmt.Registry) error {
 	return nil
 }

+func (m *Bucket) validateDetails(formats strfmt.Registry) error {
+	if swag.IsZero(m.Details) { // not required
+		return nil
+	}
+
+	if m.Details != nil {
+		if err := m.Details.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Bucket) validateName(formats strfmt.Registry) error {

 	if err := validate.Required("name", "body", m.Name); err != nil {
@@ -99,6 +134,23 @@ func (m *Bucket) validateName(formats strfmt.Registry) error {
 	return nil
 }

+func (m *Bucket) validateRwAccess(formats strfmt.Registry) error {
+	if swag.IsZero(m.RwAccess) { // not required
+		return nil
+	}
+
+	if m.RwAccess != nil {
+		if err := m.RwAccess.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("rw_access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // ContextValidate validate this bucket based on the context it is used
 func (m *Bucket) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error
@@ -107,6 +159,14 @@ func (m *Bucket) ContextValidate(ctx context.Context, formats strfmt.Registry) e
 		res = append(res, err)
 	}

+	if err := m.contextValidateDetails(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateRwAccess(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -127,6 +187,34 @@ func (m *Bucket) contextValidateAccess(ctx context.Context, formats strfmt.Regis
 	return nil
 }

+func (m *Bucket) contextValidateDetails(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Details != nil {
+		if err := m.Details.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *Bucket) contextValidateRwAccess(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.RwAccess != nil {
+		if err := m.RwAccess.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("rw_access")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 // MarshalBinary interface implementation
 func (m *Bucket) MarshalBinary() ([]byte, error) {
 	if m == nil {
@@ -144,3 +232,236 @@ func (m *Bucket) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// BucketDetails bucket details
+//
+// swagger:model BucketDetails
+type BucketDetails struct {
+
+	// locking
+	Locking bool `json:"locking,omitempty"`
+
+	// quota
+	Quota *BucketDetailsQuota `json:"quota,omitempty"`
+
+	// replication
+	Replication bool `json:"replication,omitempty"`
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+
+	// versioning
+	Versioning bool `json:"versioning,omitempty"`
+
+	// versioning suspended
+	VersioningSuspended bool `json:"versioningSuspended,omitempty"`
+}
+
+// Validate validates this bucket details
+func (m *BucketDetails) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateQuota(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketDetails) validateQuota(formats strfmt.Registry) error {
+	if swag.IsZero(m.Quota) { // not required
+		return nil
+	}
+
+	if m.Quota != nil {
+		if err := m.Quota.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details" + "." + "quota")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this bucket details based on the context it is used
+func (m *BucketDetails) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateQuota(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketDetails) contextValidateQuota(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Quota != nil {
+		if err := m.Quota.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("details" + "." + "quota")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketDetails) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketDetails) UnmarshalBinary(b []byte) error {
+	var res BucketDetails
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// BucketDetailsQuota bucket details quota
+//
+// swagger:model BucketDetailsQuota
+type BucketDetailsQuota struct {
+
+	// quota
+	Quota int64 `json:"quota,omitempty"`
+
+	// type
+	// Enum: [fifo hard]
+	Type string `json:"type,omitempty"`
+}
+
+// Validate validates this bucket details quota
+func (m *BucketDetailsQuota) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+var bucketDetailsQuotaTypeTypePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["fifo","hard"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketDetailsQuotaTypeTypePropEnum = append(bucketDetailsQuotaTypeTypePropEnum, v)
+	}
+}
+
+const (
+
+	// BucketDetailsQuotaTypeFifo captures enum value "fifo"
+	BucketDetailsQuotaTypeFifo string = "fifo"
+
+	// BucketDetailsQuotaTypeHard captures enum value "hard"
+	BucketDetailsQuotaTypeHard string = "hard"
+)
+
+// prop value enum
+func (m *BucketDetailsQuota) validateTypeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketDetailsQuotaTypeTypePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketDetailsQuota) validateType(formats strfmt.Registry) error {
+	if swag.IsZero(m.Type) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateTypeEnum("details"+"."+"quota"+"."+"type", "body", m.Type); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this bucket details quota based on context it is used
+func (m *BucketDetailsQuota) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketDetailsQuota) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketDetailsQuota) UnmarshalBinary(b []byte) error {
+	var res BucketDetailsQuota
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// BucketRwAccess bucket rw access
+//
+// swagger:model BucketRwAccess
+type BucketRwAccess struct {
+
+	// read
+	Read bool `json:"read,omitempty"`
+
+	// write
+	Write bool `json:"write,omitempty"`
+}
+
+// Validate validates this bucket rw access
+func (m *BucketRwAccess) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this bucket rw access based on context it is used
+func (m *BucketRwAccess) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketRwAccess) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketRwAccess) UnmarshalBinary(b []byte) error {
+	var res BucketRwAccess
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/encryption_configuration.go
+++ b/models/encryption_configuration.go
@@ -39,6 +39,9 @@ type EncryptionConfiguration struct {
 	// aws
 	Aws *AwsConfiguration `json:"aws,omitempty"`

+	// azure
+	Azure *AzureConfiguration `json:"azure,omitempty"`
+
 	// client
 	Client *KeyPairConfiguration `json:"client,omitempty"`

@@ -54,6 +57,9 @@ type EncryptionConfiguration struct {
 	// replicas
 	Replicas string `json:"replicas,omitempty"`

+	// security context
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
 	// server
 	Server *KeyPairConfiguration `json:"server,omitempty"`

@@ -74,6 +80,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
 	var dataAO1 struct {
 		Aws *AwsConfiguration `json:"aws,omitempty"`

+		Azure *AzureConfiguration `json:"azure,omitempty"`
+
 		Client *KeyPairConfiguration `json:"client,omitempty"`

 		Gcp *GcpConfiguration `json:"gcp,omitempty"`
@@ -84,6 +92,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {

 		Replicas string `json:"replicas,omitempty"`

+		SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
 		Server *KeyPairConfiguration `json:"server,omitempty"`

 		Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -94,6 +104,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {

 	m.Aws = dataAO1.Aws

+	m.Azure = dataAO1.Azure
+
 	m.Client = dataAO1.Client

 	m.Gcp = dataAO1.Gcp
@@ -104,6 +116,8 @@ func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {

 	m.Replicas = dataAO1.Replicas

+	m.SecurityContext = dataAO1.SecurityContext
+
 	m.Server = dataAO1.Server

 	m.Vault = dataAO1.Vault
@@ -123,6 +137,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
 	var dataAO1 struct {
 		Aws *AwsConfiguration `json:"aws,omitempty"`

+		Azure *AzureConfiguration `json:"azure,omitempty"`
+
 		Client *KeyPairConfiguration `json:"client,omitempty"`

 		Gcp *GcpConfiguration `json:"gcp,omitempty"`
@@ -133,6 +149,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {

 		Replicas string `json:"replicas,omitempty"`

+		SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
 		Server *KeyPairConfiguration `json:"server,omitempty"`

 		Vault *VaultConfiguration `json:"vault,omitempty"`
@@ -140,6 +158,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {

 	dataAO1.Aws = m.Aws

+	dataAO1.Azure = m.Azure
+
 	dataAO1.Client = m.Client

 	dataAO1.Gcp = m.Gcp
@@ -150,6 +170,8 @@ func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {

 	dataAO1.Replicas = m.Replicas

+	dataAO1.SecurityContext = m.SecurityContext
+
 	dataAO1.Server = m.Server

 	dataAO1.Vault = m.Vault
@@ -175,6 +197,10 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateAzure(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateClient(formats); err != nil {
 		res = append(res, err)
 	}
@@ -187,6 +213,10 @@ func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateSecurityContext(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateServer(formats); err != nil {
 		res = append(res, err)
 	}
@@ -219,6 +249,24 @@ func (m *EncryptionConfiguration) validateAws(formats strfmt.Registry) error {
 	return nil
 }

+func (m *EncryptionConfiguration) validateAzure(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Azure) { // not required
+		return nil
+	}
+
+	if m.Azure != nil {
+		if err := m.Azure.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("azure")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {

 	if swag.IsZero(m.Client) { // not required
@@ -273,6 +321,24 @@ func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error
 	return nil
 }

+func (m *EncryptionConfiguration) validateSecurityContext(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.SecurityContext) { // not required
+		return nil
+	}
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {

 	if swag.IsZero(m.Server) { // not required
@@ -322,6 +388,10 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s
 		res = append(res, err)
 	}

+	if err := m.contextValidateAzure(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateClient(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -334,6 +404,10 @@ func (m *EncryptionConfiguration) ContextValidate(ctx context.Context, formats s
 		res = append(res, err)
 	}

+	if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateServer(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -362,6 +436,20 @@ func (m *EncryptionConfiguration) contextValidateAws(ctx context.Context, format
 	return nil
 }

+func (m *EncryptionConfiguration) contextValidateAzure(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Azure != nil {
+		if err := m.Azure.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("azure")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *EncryptionConfiguration) contextValidateClient(ctx context.Context, formats strfmt.Registry) error {

 	if m.Client != nil {
@@ -404,6 +492,20 @@ func (m *EncryptionConfiguration) contextValidateGemalto(ctx context.Context, fo
 	return nil
 }

+func (m *EncryptionConfiguration) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *EncryptionConfiguration) contextValidateServer(ctx context.Context, formats strfmt.Registry) error {

 	if m.Server != nil {
--- a/models/iam_policy.go
+++ b/models/iam_policy.go
@@ -0,0 +1,132 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// IamPolicy iam policy
+//
+// swagger:model iamPolicy
+type IamPolicy struct {
+
+	// statement
+	Statement []*IamPolicyStatement `json:"statement"`
+
+	// version
+	Version string `json:"version,omitempty"`
+}
+
+// Validate validates this iam policy
+func (m *IamPolicy) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateStatement(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IamPolicy) validateStatement(formats strfmt.Registry) error {
+	if swag.IsZero(m.Statement) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Statement); i++ {
+		if swag.IsZero(m.Statement[i]) { // not required
+			continue
+		}
+
+		if m.Statement[i] != nil {
+			if err := m.Statement[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("statement" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this iam policy based on the context it is used
+func (m *IamPolicy) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateStatement(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *IamPolicy) contextValidateStatement(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Statement); i++ {
+
+		if m.Statement[i] != nil {
+			if err := m.Statement[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("statement" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IamPolicy) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IamPolicy) UnmarshalBinary(b []byte) error {
+	var res IamPolicy
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/iam_policy_statement.go
+++ b/models/iam_policy_statement.go
@@ -0,0 +1,76 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// IamPolicyStatement iam policy statement
+//
+// swagger:model iamPolicyStatement
+type IamPolicyStatement struct {
+
+	// action
+	Action []string `json:"action"`
+
+	// condition
+	Condition map[string]interface{} `json:"condition,omitempty"`
+
+	// effect
+	Effect string `json:"effect,omitempty"`
+
+	// resource
+	Resource []string `json:"resource"`
+}
+
+// Validate validates this iam policy statement
+func (m *IamPolicyStatement) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this iam policy statement based on context it is used
+func (m *IamPolicyStatement) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *IamPolicyStatement) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *IamPolicyStatement) UnmarshalBinary(b []byte) error {
+	var res IamPolicyStatement
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/idp_configuration.go
+++ b/models/idp_configuration.go
@@ -407,10 +407,6 @@ type IdpConfigurationOidc struct {
 	// secret id
 	// Required: true
 	SecretID *string `json:"secret_id"`
-
-	// url
-	// Required: true
-	URL *string `json:"url"`
 }

 // Validate validates this idp configuration oidc
@@ -433,10 +429,6 @@ func (m *IdpConfigurationOidc) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

-	if err := m.validateURL(formats); err != nil {
-		res = append(res, err)
-	}
-
 	if len(res) > 0 {
 		return errors.CompositeValidationError(res...)
 	}
@@ -479,15 +471,6 @@ func (m *IdpConfigurationOidc) validateSecretID(formats strfmt.Registry) error {
 	return nil
 }

-func (m *IdpConfigurationOidc) validateURL(formats strfmt.Registry) error {
-
-	if err := validate.Required("oidc"+"."+"url", "body", m.URL); err != nil {
-		return err
-	}
-
-	return nil
-}
-
 // ContextValidate validates this idp configuration oidc based on context it is used
 func (m *IdpConfigurationOidc) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	return nil
--- a/models/log_search_configuration.go
+++ b/models/log_search_configuration.go
@@ -25,6 +25,7 @@ package models
 import (
 	"context"

+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -40,6 +41,15 @@ type LogSearchConfiguration struct {
 	// postgres image
 	PostgresImage string `json:"postgres_image,omitempty"`

+	// postgres init image
+	PostgresInitImage string `json:"postgres_init_image,omitempty"`
+
+	// postgres security context
+	PostgresSecurityContext *SecurityContext `json:"postgres_securityContext,omitempty"`
+
+	// security context
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
 	// storage class
 	StorageClass string `json:"storageClass,omitempty"`

@@ -49,11 +59,99 @@ type LogSearchConfiguration struct {

 // Validate validates this log search configuration
 func (m *LogSearchConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validatePostgresSecurityContext(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecurityContext(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
 	return nil
 }

-// ContextValidate validates this log search configuration based on context it is used
+func (m *LogSearchConfiguration) validatePostgresSecurityContext(formats strfmt.Registry) error {
+	if swag.IsZero(m.PostgresSecurityContext) { // not required
+		return nil
+	}
+
+	if m.PostgresSecurityContext != nil {
+		if err := m.PostgresSecurityContext.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("postgres_securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *LogSearchConfiguration) validateSecurityContext(formats strfmt.Registry) error {
+	if swag.IsZero(m.SecurityContext) { // not required
+		return nil
+	}
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this log search configuration based on the context it is used
 func (m *LogSearchConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidatePostgresSecurityContext(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *LogSearchConfiguration) contextValidatePostgresSecurityContext(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.PostgresSecurityContext != nil {
+		if err := m.PostgresSecurityContext.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("postgres_securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *LogSearchConfiguration) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
 	return nil
 }

--- a/models/metadata.go
+++ b/models/metadata.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// Metadata metadata
+//
+// swagger:model metadata
+type Metadata struct {
+
+	// object metadata
+	ObjectMetadata interface{} `json:"objectMetadata,omitempty"`
+}
+
+// Validate validates this metadata
+func (m *Metadata) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this metadata based on context it is used
+func (m *Metadata) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *Metadata) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *Metadata) UnmarshalBinary(b []byte) error {
+	var res Metadata
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/node_max_allocatable_resources.go
+++ b/models/node_max_allocatable_resources.go
@@ -0,0 +1,70 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// NodeMaxAllocatableResources node max allocatable resources
+//
+// swagger:model nodeMaxAllocatableResources
+type NodeMaxAllocatableResources struct {
+
+	// max allocatable cpu
+	MaxAllocatableCPU int64 `json:"max_allocatable_cpu,omitempty"`
+
+	// max allocatable mem
+	MaxAllocatableMem int64 `json:"max_allocatable_mem,omitempty"`
+}
+
+// Validate validates this node max allocatable resources
+func (m *NodeMaxAllocatableResources) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this node max allocatable resources based on context it is used
+func (m *NodeMaxAllocatableResources) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *NodeMaxAllocatableResources) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *NodeMaxAllocatableResources) UnmarshalBinary(b []byte) error {
+	var res NodeMaxAllocatableResources
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/operator_session_response.go
+++ b/models/operator_session_response.go
@@ -37,14 +37,11 @@ import (
 // swagger:model operatorSessionResponse
 type OperatorSessionResponse struct {

-	// features
-	Features []string `json:"features"`
-
 	// operator
 	Operator bool `json:"operator,omitempty"`

-	// pages
-	Pages []string `json:"pages"`
+	// permissions
+	Permissions map[string][]string `json:"permissions,omitempty"`

 	// status
 	// Enum: [ok]
--- a/models/pool.go
+++ b/models/pool.go
@@ -48,6 +48,9 @@ type Pool struct {
 	// resources
 	Resources *PoolResources `json:"resources,omitempty"`

+	// security context
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
 	// servers
 	// Required: true
 	Servers *int64 `json:"servers"`
@@ -76,6 +79,10 @@ func (m *Pool) Validate(formats strfmt.Registry) error {
 		res = append(res, err)
 	}

+	if err := m.validateSecurityContext(formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.validateServers(formats); err != nil {
 		res = append(res, err)
 	}
@@ -132,6 +139,23 @@ func (m *Pool) validateResources(formats strfmt.Registry) error {
 	return nil
 }

+func (m *Pool) validateSecurityContext(formats strfmt.Registry) error {
+	if swag.IsZero(m.SecurityContext) { // not required
+		return nil
+	}
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Pool) validateServers(formats strfmt.Registry) error {

 	if err := validate.Required("servers", "body", m.Servers); err != nil {
@@ -195,6 +219,10 @@ func (m *Pool) ContextValidate(ctx context.Context, formats strfmt.Registry) err
 		res = append(res, err)
 	}

+	if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := m.contextValidateTolerations(ctx, formats); err != nil {
 		res = append(res, err)
 	}
@@ -237,6 +265,20 @@ func (m *Pool) contextValidateResources(ctx context.Context, formats strfmt.Regi
 	return nil
 }

+func (m *Pool) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
 func (m *Pool) contextValidateTolerations(ctx context.Context, formats strfmt.Registry) error {

 	if err := m.Tolerations.ContextValidate(ctx, formats); err != nil {
--- a/models/prefix_wrapper.go
+++ b/models/prefix_wrapper.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PrefixWrapper prefix wrapper
+//
+// swagger:model prefixWrapper
+type PrefixWrapper struct {
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+}
+
+// Validate validates this prefix wrapper
+func (m *PrefixWrapper) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this prefix wrapper based on context it is used
+func (m *PrefixWrapper) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PrefixWrapper) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PrefixWrapper) UnmarshalBinary(b []byte) error {
+	var res PrefixWrapper
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/principal.go
+++ b/models/principal.go
@@ -45,9 +45,6 @@ type Principal struct {

 	// account access key
 	AccountAccessKey string `json:"accountAccessKey,omitempty"`
-
-	// actions
-	Actions []string `json:"actions"`
 }

 // Validate validates this principal
--- a/models/prometheus_configuration.go
+++ b/models/prometheus_configuration.go
@@ -25,6 +25,7 @@ package models
 import (
 	"context"

+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -37,6 +38,15 @@ type PrometheusConfiguration struct {
 	// image
 	Image string `json:"image,omitempty"`

+	// init image
+	InitImage string `json:"init_image,omitempty"`
+
+	// security context
+	SecurityContext *SecurityContext `json:"securityContext,omitempty"`
+
+	// sidecar image
+	SidecarImage string `json:"sidecar_image,omitempty"`
+
 	// storage class
 	StorageClass string `json:"storageClass,omitempty"`

@@ -46,11 +56,60 @@ type PrometheusConfiguration struct {

 // Validate validates this prometheus configuration
 func (m *PrometheusConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSecurityContext(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
 	return nil
 }

-// ContextValidate validates this prometheus configuration based on context it is used
+func (m *PrometheusConfiguration) validateSecurityContext(formats strfmt.Registry) error {
+	if swag.IsZero(m.SecurityContext) { // not required
+		return nil
+	}
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this prometheus configuration based on the context it is used
 func (m *PrometheusConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateSecurityContext(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *PrometheusConfiguration) contextValidateSecurityContext(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.SecurityContext != nil {
+		if err := m.SecurityContext.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("securityContext")
+			}
+			return err
+		}
+	}
+
 	return nil
 }

--- a/models/put_bucket_tags_request.go
+++ b/models/put_bucket_tags_request.go
@@ -0,0 +1,67 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// PutBucketTagsRequest put bucket tags request
+//
+// swagger:model putBucketTagsRequest
+type PutBucketTagsRequest struct {
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+}
+
+// Validate validates this put bucket tags request
+func (m *PutBucketTagsRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this put bucket tags request based on context it is used
+func (m *PutBucketTagsRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *PutBucketTagsRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *PutBucketTagsRequest) UnmarshalBinary(b []byte) error {
+	var res PutBucketTagsRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/security_context.go
+++ b/models/security_context.go
@@ -0,0 +1,139 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// SecurityContext security context
+//
+// swagger:model securityContext
+type SecurityContext struct {
+
+	// fs group
+	// Required: true
+	FsGroup *string `json:"fsGroup"`
+
+	// run as group
+	// Required: true
+	RunAsGroup *string `json:"runAsGroup"`
+
+	// run as non root
+	// Required: true
+	RunAsNonRoot *bool `json:"runAsNonRoot"`
+
+	// run as user
+	// Required: true
+	RunAsUser *string `json:"runAsUser"`
+}
+
+// Validate validates this security context
+func (m *SecurityContext) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateFsGroup(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRunAsGroup(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRunAsNonRoot(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRunAsUser(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SecurityContext) validateFsGroup(formats strfmt.Registry) error {
+
+	if err := validate.Required("fsGroup", "body", m.FsGroup); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *SecurityContext) validateRunAsGroup(formats strfmt.Registry) error {
+
+	if err := validate.Required("runAsGroup", "body", m.RunAsGroup); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *SecurityContext) validateRunAsNonRoot(formats strfmt.Registry) error {
+
+	if err := validate.Required("runAsNonRoot", "body", m.RunAsNonRoot); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *SecurityContext) validateRunAsUser(formats strfmt.Registry) error {
+
+	if err := validate.Required("runAsUser", "body", m.RunAsUser); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validates this security context based on context it is used
+func (m *SecurityContext) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SecurityContext) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SecurityContext) UnmarshalBinary(b []byte) error {
+	var res SecurityContext
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/server_drives.go
+++ b/models/server_drives.go
@@ -0,0 +1,94 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ServerDrives server drives
+//
+// swagger:model serverDrives
+type ServerDrives struct {
+
+	// available space
+	AvailableSpace int64 `json:"availableSpace,omitempty"`
+
+	// drive path
+	DrivePath string `json:"drivePath,omitempty"`
+
+	// endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
+	// healing
+	Healing bool `json:"healing,omitempty"`
+
+	// model
+	Model string `json:"model,omitempty"`
+
+	// root disk
+	RootDisk bool `json:"rootDisk,omitempty"`
+
+	// state
+	State string `json:"state,omitempty"`
+
+	// total space
+	TotalSpace int64 `json:"totalSpace,omitempty"`
+
+	// used space
+	UsedSpace int64 `json:"usedSpace,omitempty"`
+
+	// uuid
+	UUID string `json:"uuid,omitempty"`
+}
+
+// Validate validates this server drives
+func (m *ServerDrives) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this server drives based on context it is used
+func (m *ServerDrives) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ServerDrives) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ServerDrives) UnmarshalBinary(b []byte) error {
+	var res ServerDrives
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/server_properties.go
+++ b/models/server_properties.go
@@ -0,0 +1,150 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ServerProperties server properties
+//
+// swagger:model serverProperties
+type ServerProperties struct {
+
+	// commit ID
+	CommitID string `json:"commitID,omitempty"`
+
+	// drives
+	Drives []*ServerDrives `json:"drives"`
+
+	// endpoint
+	Endpoint string `json:"endpoint,omitempty"`
+
+	// network
+	Network map[string]string `json:"network,omitempty"`
+
+	// pool number
+	PoolNumber int64 `json:"poolNumber,omitempty"`
+
+	// state
+	State string `json:"state,omitempty"`
+
+	// uptime
+	Uptime int64 `json:"uptime,omitempty"`
+
+	// version
+	Version string `json:"version,omitempty"`
+}
+
+// Validate validates this server properties
+func (m *ServerProperties) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDrives(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ServerProperties) validateDrives(formats strfmt.Registry) error {
+	if swag.IsZero(m.Drives) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Drives); i++ {
+		if swag.IsZero(m.Drives[i]) { // not required
+			continue
+		}
+
+		if m.Drives[i] != nil {
+			if err := m.Drives[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("drives" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// ContextValidate validate this server properties based on the context it is used
+func (m *ServerProperties) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateDrives(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *ServerProperties) contextValidateDrives(ctx context.Context, formats strfmt.Registry) error {
+
+	for i := 0; i < len(m.Drives); i++ {
+
+		if m.Drives[i] != nil {
+			if err := m.Drives[i].ContextValidate(ctx, formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("drives" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ServerProperties) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ServerProperties) UnmarshalBinary(b []byte) error {
+	var res ServerProperties
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/service_account_request_creds.go
+++ b/models/service_account_request_creds.go
@@ -0,0 +1,73 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ServiceAccountRequestCreds service account request creds
+//
+// swagger:model serviceAccountRequestCreds
+type ServiceAccountRequestCreds struct {
+
+	// access key
+	AccessKey string `json:"accessKey,omitempty"`
+
+	// policy to be applied to the Service Account if any
+	Policy string `json:"policy,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secretKey,omitempty"`
+}
+
+// Validate validates this service account request creds
+func (m *ServiceAccountRequestCreds) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this service account request creds based on context it is used
+func (m *ServiceAccountRequestCreds) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ServiceAccountRequestCreds) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ServiceAccountRequestCreds) UnmarshalBinary(b []byte) error {
+	var res ServiceAccountRequestCreds
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/session_response.go
+++ b/models/session_response.go
@@ -46,8 +46,8 @@ type SessionResponse struct {
 	// operator
 	Operator bool `json:"operator,omitempty"`

-	// pages
-	Pages []string `json:"pages"`
+	// permissions
+	Permissions map[string][]string `json:"permissions,omitempty"`

 	// status
 	// Enum: [ok]
--- a/models/set_policy_multiple_name_request.go
+++ b/models/set_policy_multiple_name_request.go
@@ -31,20 +31,23 @@ import (
 	"github.com/go-openapi/swag"
 )

-// SetPolicyMultipleRequest set policy multiple request
+// SetPolicyMultipleNameRequest set policy multiple name request
 //
-// swagger:model setPolicyMultipleRequest
-type SetPolicyMultipleRequest struct {
+// swagger:model setPolicyMultipleNameRequest
+type SetPolicyMultipleNameRequest struct {

 	// groups
 	Groups []IamEntity `json:"groups"`

+	// name
+	Name []string `json:"name"`
+
 	// users
 	Users []IamEntity `json:"users"`
 }

-// Validate validates this set policy multiple request
-func (m *SetPolicyMultipleRequest) Validate(formats strfmt.Registry) error {
+// Validate validates this set policy multiple name request
+func (m *SetPolicyMultipleNameRequest) Validate(formats strfmt.Registry) error {
 	var res []error

 	if err := m.validateGroups(formats); err != nil {
@@ -61,7 +64,7 @@ func (m *SetPolicyMultipleRequest) Validate(formats strfmt.Registry) error {
 	return nil
 }

-func (m *SetPolicyMultipleRequest) validateGroups(formats strfmt.Registry) error {
+func (m *SetPolicyMultipleNameRequest) validateGroups(formats strfmt.Registry) error {
 	if swag.IsZero(m.Groups) { // not required
 		return nil
 	}
@@ -80,7 +83,7 @@ func (m *SetPolicyMultipleRequest) validateGroups(formats strfmt.Registry) error
 	return nil
 }

-func (m *SetPolicyMultipleRequest) validateUsers(formats strfmt.Registry) error {
+func (m *SetPolicyMultipleNameRequest) validateUsers(formats strfmt.Registry) error {
 	if swag.IsZero(m.Users) { // not required
 		return nil
 	}
@@ -99,8 +102,8 @@ func (m *SetPolicyMultipleRequest) validateUsers(formats strfmt.Registry) error
 	return nil
 }

-// ContextValidate validate this set policy multiple request based on the context it is used
-func (m *SetPolicyMultipleRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+// ContextValidate validate this set policy multiple name request based on the context it is used
+func (m *SetPolicyMultipleNameRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
 	var res []error

 	if err := m.contextValidateGroups(ctx, formats); err != nil {
@@ -117,7 +120,7 @@ func (m *SetPolicyMultipleRequest) ContextValidate(ctx context.Context, formats
 	return nil
 }

-func (m *SetPolicyMultipleRequest) contextValidateGroups(ctx context.Context, formats strfmt.Registry) error {
+func (m *SetPolicyMultipleNameRequest) contextValidateGroups(ctx context.Context, formats strfmt.Registry) error {

 	for i := 0; i < len(m.Groups); i++ {

@@ -133,7 +136,7 @@ func (m *SetPolicyMultipleRequest) contextValidateGroups(ctx context.Context, fo
 	return nil
 }

-func (m *SetPolicyMultipleRequest) contextValidateUsers(ctx context.Context, formats strfmt.Registry) error {
+func (m *SetPolicyMultipleNameRequest) contextValidateUsers(ctx context.Context, formats strfmt.Registry) error {

 	for i := 0; i < len(m.Users); i++ {

@@ -150,7 +153,7 @@ func (m *SetPolicyMultipleRequest) contextValidateUsers(ctx context.Context, for
 }

 // MarshalBinary interface implementation
-func (m *SetPolicyMultipleRequest) MarshalBinary() ([]byte, error) {
+func (m *SetPolicyMultipleNameRequest) MarshalBinary() ([]byte, error) {
 	if m == nil {
 		return nil, nil
 	}
@@ -158,8 +161,8 @@ func (m *SetPolicyMultipleRequest) MarshalBinary() ([]byte, error) {
 }

 // UnmarshalBinary interface implementation
-func (m *SetPolicyMultipleRequest) UnmarshalBinary(b []byte) error {
-	var res SetPolicyMultipleRequest
+func (m *SetPolicyMultipleNameRequest) UnmarshalBinary(b []byte) error {
+	var res SetPolicyMultipleNameRequest
 	if err := swag.ReadJSON(b, &res); err != nil {
 		return err
 	}
--- a/models/set_policy_name_request.go
+++ b/models/set_policy_name_request.go
@@ -0,0 +1,158 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"context"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// SetPolicyNameRequest set policy name request
+//
+// swagger:model setPolicyNameRequest
+type SetPolicyNameRequest struct {
+
+	// entity name
+	// Required: true
+	EntityName *string `json:"entityName"`
+
+	// entity type
+	// Required: true
+	EntityType *PolicyEntity `json:"entityType"`
+
+	// name
+	// Required: true
+	Name []string `json:"name"`
+}
+
+// Validate validates this set policy name request
+func (m *SetPolicyNameRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEntityName(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEntityType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateName(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SetPolicyNameRequest) validateEntityName(formats strfmt.Registry) error {
+
+	if err := validate.Required("entityName", "body", m.EntityName); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *SetPolicyNameRequest) validateEntityType(formats strfmt.Registry) error {
+
+	if err := validate.Required("entityType", "body", m.EntityType); err != nil {
+		return err
+	}
+
+	if err := validate.Required("entityType", "body", m.EntityType); err != nil {
+		return err
+	}
+
+	if m.EntityType != nil {
+		if err := m.EntityType.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("entityType")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *SetPolicyNameRequest) validateName(formats strfmt.Registry) error {
+
+	if err := validate.Required("name", "body", m.Name); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// ContextValidate validate this set policy name request based on the context it is used
+func (m *SetPolicyNameRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateEntityType(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SetPolicyNameRequest) contextValidateEntityType(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.EntityType != nil {
+		if err := m.EntityType.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("entityType")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SetPolicyNameRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SetPolicyNameRequest) UnmarshalBinary(b []byte) error {
+	var res SetPolicyNameRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/tenant_list.go
+++ b/models/tenant_list.go
@@ -34,6 +34,18 @@ import (
 // swagger:model tenantList
 type TenantList struct {

+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// capacity raw
+	CapacityRaw int64 `json:"capacity_raw,omitempty"`
+
+	// capacity raw usage
+	CapacityRawUsage int64 `json:"capacity_raw_usage,omitempty"`
+
+	// capacity usage
+	CapacityUsage int64 `json:"capacity_usage,omitempty"`
+
 	// creation date
 	CreationDate string `json:"creation_date,omitempty"`

--- a/models/tenant_status.go
+++ b/models/tenant_status.go
@@ -25,6 +25,7 @@ package models
 import (
 	"context"

+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -46,17 +47,69 @@ type TenantStatus struct {
 	// health status
 	HealthStatus string `json:"health_status,omitempty"`

+	// usage
+	Usage *TenantStatusUsage `json:"usage,omitempty"`
+
 	// write quorum
 	WriteQuorum int32 `json:"write_quorum,omitempty"`
 }

 // Validate validates this tenant status
 func (m *TenantStatus) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateUsage(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
 	return nil
 }

-// ContextValidate validates this tenant status based on context it is used
+func (m *TenantStatus) validateUsage(formats strfmt.Registry) error {
+	if swag.IsZero(m.Usage) { // not required
+		return nil
+	}
+
+	if m.Usage != nil {
+		if err := m.Usage.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("usage")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// ContextValidate validate this tenant status based on the context it is used
 func (m *TenantStatus) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.contextValidateUsage(ctx, formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *TenantStatus) contextValidateUsage(ctx context.Context, formats strfmt.Registry) error {
+
+	if m.Usage != nil {
+		if err := m.Usage.ContextValidate(ctx, formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("usage")
+			}
+			return err
+		}
+	}
+
 	return nil
 }

@@ -77,3 +130,49 @@ func (m *TenantStatus) UnmarshalBinary(b []byte) error {
 	*m = res
 	return nil
 }
+
+// TenantStatusUsage tenant status usage
+//
+// swagger:model TenantStatusUsage
+type TenantStatusUsage struct {
+
+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// capacity usage
+	CapacityUsage int64 `json:"capacity_usage,omitempty"`
+
+	// raw
+	Raw int64 `json:"raw,omitempty"`
+
+	// raw usage
+	RawUsage int64 `json:"raw_usage,omitempty"`
+}
+
+// Validate validates this tenant status usage
+func (m *TenantStatusUsage) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// ContextValidate validates this tenant status usage based on context it is used
+func (m *TenantStatusUsage) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *TenantStatusUsage) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *TenantStatusUsage) UnmarshalBinary(b []byte) error {
+	var res TenantStatusUsage
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/user.go
+++ b/models/user.go
@@ -37,6 +37,9 @@ type User struct {
 	// access key
 	AccessKey string `json:"accessKey,omitempty"`

+	// has policy
+	HasPolicy bool `json:"hasPolicy,omitempty"`
+
 	// member of
 	MemberOf []string `json:"memberOf"`

--- a/node_modules/.yarn-integrity
+++ b/node_modules/.yarn-integrity
@@ -1,5 +1,5 @@
 {
-  "systemParams": "darwin-x64-93",
+  "systemParams": "linux-x64-102",
  "modulesFolders": [
    "node_modules"
  ],
--- a/operatorapi/configure_operator.go
+++ b/operatorapi/configure_operator.go
@@ -24,6 +24,8 @@ import (
 	"net/http"
 	"strings"

+	"github.com/klauspost/compress/gzhttp"
+
 	"github.com/minio/console/restapi"
 	"github.com/unrolled/secure"

@@ -65,13 +67,13 @@ func configureAPI(api *operations.OperatorAPI) http.Handler {
 		}
 		return &models.Principal{
 			STSAccessKeyID:     claims.STSAccessKeyID,
-			Actions:            claims.Actions,
 			STSSecretAccessKey: claims.STSSecretAccessKey,
 			STSSessionToken:    claims.STSSessionToken,
 			AccountAccessKey:   claims.AccountAccessKey,
 		}, nil
 	}
-
+	// Register logout handlers
+	registerLogoutHandlers(api)
 	// Register login handlers
 	registerLoginHandlers(api)
 	registerSessionHandlers(api)
@@ -155,7 +157,7 @@ func proxyMiddleware(next http.Handler) http.Handler {
 func setupGlobalMiddleware(handler http.Handler) http.Handler {
 	// handle cookie or authorization header for session
 	next := AuthenticationMiddleware(handler)
-	// serve static files
+	// proxy requests
 	next = proxyMiddleware(next)
 	// serve static files
 	next = restapi.FileServerMiddleware(next)
@@ -185,5 +187,6 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		IsDevelopment:                   false,
 	}
 	secureMiddleware := secure.New(secureOptions)
-	return secureMiddleware.Handler(next)
+	next = secureMiddleware.Handler(next)
+	return gzhttp.GzipHandler(next)
 }
--- a/operatorapi/consts.go
+++ b/operatorapi/consts.go
@@ -18,10 +18,9 @@ package operatorapi

 // list of all console environment constants
 const (
-	ConsoleSubnetLicense        = "CONSOLE_SUBNET_LICENSE"
-	ConsoleOperatorSAToken      = "CONSOLE_OPERATOR_SA_TOKEN"
-	ConsoleOperatorConsoleImage = "CONSOLE_OPERATOR_CONSOLE_IMAGE"
-	MinIOSubnetLicense          = "MINIO_SUBNET_LICENSE"
+	ConsoleSubnetLicense   = "CONSOLE_SUBNET_LICENSE"
+	ConsoleOperatorSAToken = "CONSOLE_OPERATOR_SA_TOKEN"
+	MinIOSubnetLicense     = "MINIO_SUBNET_LICENSE"

 	// Constants for prometheus annotations
 	prometheusPath   = "prometheus.io/path"
@@ -31,8 +30,7 @@ const (

 // Image versions
 const (
-	KESImageVersion            = "minio/kes:v0.15.1"
-	ConsoleImageDefaultVersion = "minio/console:v0.9.2"
+	KESImageVersion = "minio/kes:v0.16.1"
 )

 // K8s
--- a/operatorapi/embedded_spec.go
+++ b/operatorapi/embedded_spec.go
@@ -52,6 +52,39 @@ func init() {
  },
  "basePath": "/api/v1",
  "paths": {
+    "/cluster/allocatable-resources": {
+      "get": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "Get allocatable cpu and memory for given number of nodes",
+        "operationId": "GetAllocatableResources",
+        "parameters": [
+          {
+            "minimum": 1,
+            "type": "integer",
+            "format": "int32",
+            "name": "num_nodes",
+            "in": "query",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/allocatableResourcesResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/cluster/max-allocatable-memory": {
      "get": {
        "tags": [
@@ -272,38 +305,6 @@ func init() {
            }
          }
        }
-      },
-      "post": {
-        "security": [],
-        "tags": [
-          "UserAPI"
-        ],
-        "summary": "Login to Console",
-        "operationId": "Login",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/loginRequest"
-            }
-          }
-        ],
-        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
-          },
-          "default": {
-            "description": "Generic error response.",
-            "schema": {
-              "$ref": "#/definitions/error"
-            }
-          }
-        }
      }
    },
    "/login/oauth2/auth": {
@@ -325,11 +326,8 @@ func init() {
          }
        ],
        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
+          "204": {
+            "description": "A successful login."
          },
          "default": {
            "description": "Generic error response.",
@@ -359,11 +357,8 @@ func init() {
          }
        ],
        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
+          "204": {
+            "description": "A successful login."
          },
          "default": {
            "description": "Generic error response.",
@@ -379,7 +374,7 @@ func init() {
        "tags": [
          "UserAPI"
        ],
-        "summary": "Logout from Console.",
+        "summary": "Logout from Operator.",
        "operationId": "Logout",
        "responses": {
          "200": {
@@ -958,6 +953,43 @@ func init() {
        }
      }
    },
+    "/namespaces/{namespace}/tenants/{tenant}/pvcs": {
+      "get": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "List all PVCs from given Tenant",
+        "operationId": "ListPVCsForTenant",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "tenant",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/listPVCsResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/namespaces/{namespace}/tenants/{tenant}/security": {
      "get": {
        "tags": [
@@ -1383,6 +1415,25 @@ func init() {
    }
  },
  "definitions": {
+    "allocatableResourcesResponse": {
+      "type": "object",
+      "properties": {
+        "cpu_priority": {
+          "$ref": "#/definitions/nodeMaxAllocatableResources"
+        },
+        "mem_priority": {
+          "$ref": "#/definitions/nodeMaxAllocatableResources"
+        },
+        "min_allocatable_cpu": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "min_allocatable_mem": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "awsConfiguration": {
      "type": "object",
      "required": [
@@ -1428,6 +1479,44 @@ func init() {
        }
      }
    },
+    "azureConfiguration": {
+      "type": "object",
+      "required": [
+        "keyvault"
+      ],
+      "properties": {
+        "keyvault": {
+          "type": "object",
+          "required": [
+            "endpoint"
+          ],
+          "properties": {
+            "credentials": {
+              "type": "object",
+              "required": [
+                "tenant_id",
+                "client_id",
+                "client_secret"
+              ],
+              "properties": {
+                "client_id": {
+                  "type": "string"
+                },
+                "client_secret": {
+                  "type": "string"
+                },
+                "tenant_id": {
+                  "type": "string"
+                }
+              }
+            },
+            "endpoint": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
    "certificateInfo": {
      "type": "object",
      "properties": {
@@ -1635,6 +1724,10 @@ func init() {
              "type": "object",
              "$ref": "#/definitions/awsConfiguration"
            },
+            "azure": {
+              "type": "object",
+              "$ref": "#/definitions/azureConfiguration"
+            },
            "client": {
              "type": "object",
              "$ref": "#/definitions/keyPairConfiguration"
@@ -1653,6 +1746,10 @@ func init() {
            "replicas": {
              "type": "string"
            },
+            "securityContext": {
+              "type": "object",
+              "$ref": "#/definitions/securityContext"
+            },
            "server": {
              "type": "object",
              "$ref": "#/definitions/keyPairConfiguration"
@@ -1933,7 +2030,6 @@ func init() {
          "type": "object",
          "required": [
            "configuration_url",
-            "url",
            "client_id",
            "secret_id",
            "claim_name"
@@ -1956,9 +2052,6 @@ func init() {
            },
            "secret_id": {
              "type": "string"
-            },
-            "url": {
-              "type": "string"
            }
          }
        }
@@ -2058,6 +2151,17 @@ func init() {
        "postgres_image": {
          "type": "string"
        },
+        "postgres_init_image": {
+          "type": "string"
+        },
+        "postgres_securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
        "storageClass": {
          "type": "string",
          "default": ""
@@ -2125,14 +2229,6 @@ func init() {
        }
      }
    },
-    "loginResponse": {
-      "type": "object",
-      "properties": {
-        "sessionId": {
-          "type": "string"
-        }
-      }
-    },
    "maxAllocatableMemResponse": {
      "type": "object",
      "properties": {
@@ -2185,6 +2281,19 @@ func init() {
        }
      }
    },
+    "nodeMaxAllocatableResources": {
+      "type": "object",
+      "properties": {
+        "max_allocatable_cpu": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "max_allocatable_mem": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "nodeSelectorTerm": {
      "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
      "type": "object",
@@ -2252,19 +2361,16 @@ func init() {
    "operatorSessionResponse": {
      "type": "object",
      "properties": {
-        "features": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "operator": {
          "type": "boolean"
        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
+        "permissions": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
          }
        },
        "status": {
@@ -2367,6 +2473,10 @@ func init() {
        "resources": {
          "$ref": "#/definitions/poolResources"
        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
        "servers": {
          "type": "integer"
        },
@@ -2611,6 +2721,16 @@ func init() {
        "image": {
          "type": "string"
        },
+        "init_image": {
+          "type": "string"
+        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
+        "sidecar_image": {
+          "type": "string"
+        },
        "storageClass": {
          "type": "string",
          "default": ""
@@ -2680,6 +2800,29 @@ func init() {
        }
      }
    },
+    "securityContext": {
+      "type": "object",
+      "required": [
+        "runAsUser",
+        "runAsGroup",
+        "runAsNonRoot",
+        "fsGroup"
+      ],
+      "properties": {
+        "fsGroup": {
+          "type": "string"
+        },
+        "runAsGroup": {
+          "type": "string"
+        },
+        "runAsNonRoot": {
+          "type": "boolean"
+        },
+        "runAsUser": {
+          "type": "string"
+        }
+      }
+    },
    "subscriptionValidateRequest": {
      "type": "object",
      "properties": {
@@ -2768,6 +2911,22 @@ func init() {
    "tenantList": {
      "type": "object",
      "properties": {
+        "capacity": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_raw": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_raw_usage": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_usage": {
+          "type": "integer",
+          "format": "int64"
+        },
        "creation_date": {
          "type": "string"
        },
@@ -2880,6 +3039,27 @@ func init() {
        "health_status": {
          "type": "string"
        },
+        "usage": {
+          "type": "object",
+          "properties": {
+            "capacity": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "capacity_usage": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "raw": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "raw_usage": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        },
        "write_quorum": {
          "type": "integer",
          "format": "int32"
@@ -3072,6 +3252,39 @@ func init() {
  },
  "basePath": "/api/v1",
  "paths": {
+    "/cluster/allocatable-resources": {
+      "get": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "Get allocatable cpu and memory for given number of nodes",
+        "operationId": "GetAllocatableResources",
+        "parameters": [
+          {
+            "minimum": 1,
+            "type": "integer",
+            "format": "int32",
+            "name": "num_nodes",
+            "in": "query",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/allocatableResourcesResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/cluster/max-allocatable-memory": {
      "get": {
        "tags": [
@@ -3292,38 +3505,6 @@ func init() {
            }
          }
        }
-      },
-      "post": {
-        "security": [],
-        "tags": [
-          "UserAPI"
-        ],
-        "summary": "Login to Console",
-        "operationId": "Login",
-        "parameters": [
-          {
-            "name": "body",
-            "in": "body",
-            "required": true,
-            "schema": {
-              "$ref": "#/definitions/loginRequest"
-            }
-          }
-        ],
-        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
-          },
-          "default": {
-            "description": "Generic error response.",
-            "schema": {
-              "$ref": "#/definitions/error"
-            }
-          }
-        }
      }
    },
    "/login/oauth2/auth": {
@@ -3345,11 +3526,8 @@ func init() {
          }
        ],
        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
+          "204": {
+            "description": "A successful login."
          },
          "default": {
            "description": "Generic error response.",
@@ -3379,11 +3557,8 @@ func init() {
          }
        ],
        "responses": {
-          "201": {
-            "description": "A successful login.",
-            "schema": {
-              "$ref": "#/definitions/loginResponse"
-            }
+          "204": {
+            "description": "A successful login."
          },
          "default": {
            "description": "Generic error response.",
@@ -3399,7 +3574,7 @@ func init() {
        "tags": [
          "UserAPI"
        ],
-        "summary": "Logout from Console.",
+        "summary": "Logout from Operator.",
        "operationId": "Logout",
        "responses": {
          "200": {
@@ -3978,6 +4153,43 @@ func init() {
        }
      }
    },
+    "/namespaces/{namespace}/tenants/{tenant}/pvcs": {
+      "get": {
+        "tags": [
+          "OperatorAPI"
+        ],
+        "summary": "List all PVCs from given Tenant",
+        "operationId": "ListPVCsForTenant",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "name": "tenant",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/listPVCsResponse"
+            }
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/namespaces/{namespace}/tenants/{tenant}/security": {
      "get": {
        "tags": [
@@ -4458,6 +4670,55 @@ func init() {
        }
      }
    },
+    "AzureConfigurationKeyvault": {
+      "type": "object",
+      "required": [
+        "endpoint"
+      ],
+      "properties": {
+        "credentials": {
+          "type": "object",
+          "required": [
+            "tenant_id",
+            "client_id",
+            "client_secret"
+          ],
+          "properties": {
+            "client_id": {
+              "type": "string"
+            },
+            "client_secret": {
+              "type": "string"
+            },
+            "tenant_id": {
+              "type": "string"
+            }
+          }
+        },
+        "endpoint": {
+          "type": "string"
+        }
+      }
+    },
+    "AzureConfigurationKeyvaultCredentials": {
+      "type": "object",
+      "required": [
+        "tenant_id",
+        "client_id",
+        "client_secret"
+      ],
+      "properties": {
+        "client_id": {
+          "type": "string"
+        },
+        "client_secret": {
+          "type": "string"
+        },
+        "tenant_id": {
+          "type": "string"
+        }
+      }
+    },
    "GcpConfigurationSecretmanager": {
      "type": "object",
      "required": [
@@ -4650,7 +4911,6 @@ func init() {
      "type": "object",
      "required": [
        "configuration_url",
-        "url",
        "client_id",
        "secret_id",
        "claim_name"
@@ -4673,9 +4933,6 @@ func init() {
        },
        "secret_id": {
          "type": "string"
-        },
-        "url": {
-          "type": "string"
        }
      }
    },
@@ -4994,6 +5251,27 @@ func init() {
        }
      }
    },
+    "TenantStatusUsage": {
+      "type": "object",
+      "properties": {
+        "capacity": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_usage": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "raw": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "raw_usage": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "UpdateTenantSecurityRequestCustomCertificates": {
      "type": "object",
      "properties": {
@@ -5062,6 +5340,25 @@ func init() {
        }
      }
    },
+    "allocatableResourcesResponse": {
+      "type": "object",
+      "properties": {
+        "cpu_priority": {
+          "$ref": "#/definitions/nodeMaxAllocatableResources"
+        },
+        "mem_priority": {
+          "$ref": "#/definitions/nodeMaxAllocatableResources"
+        },
+        "min_allocatable_cpu": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "min_allocatable_mem": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "awsConfiguration": {
      "type": "object",
      "required": [
@@ -5107,6 +5404,44 @@ func init() {
        }
      }
    },
+    "azureConfiguration": {
+      "type": "object",
+      "required": [
+        "keyvault"
+      ],
+      "properties": {
+        "keyvault": {
+          "type": "object",
+          "required": [
+            "endpoint"
+          ],
+          "properties": {
+            "credentials": {
+              "type": "object",
+              "required": [
+                "tenant_id",
+                "client_id",
+                "client_secret"
+              ],
+              "properties": {
+                "client_id": {
+                  "type": "string"
+                },
+                "client_secret": {
+                  "type": "string"
+                },
+                "tenant_id": {
+                  "type": "string"
+                }
+              }
+            },
+            "endpoint": {
+              "type": "string"
+            }
+          }
+        }
+      }
+    },
    "certificateInfo": {
      "type": "object",
      "properties": {
@@ -5314,6 +5649,10 @@ func init() {
              "type": "object",
              "$ref": "#/definitions/awsConfiguration"
            },
+            "azure": {
+              "type": "object",
+              "$ref": "#/definitions/azureConfiguration"
+            },
            "client": {
              "type": "object",
              "$ref": "#/definitions/keyPairConfiguration"
@@ -5332,6 +5671,10 @@ func init() {
            "replicas": {
              "type": "string"
            },
+            "securityContext": {
+              "type": "object",
+              "$ref": "#/definitions/securityContext"
+            },
            "server": {
              "type": "object",
              "$ref": "#/definitions/keyPairConfiguration"
@@ -5600,7 +5943,6 @@ func init() {
          "type": "object",
          "required": [
            "configuration_url",
-            "url",
            "client_id",
            "secret_id",
            "claim_name"
@@ -5623,9 +5965,6 @@ func init() {
            },
            "secret_id": {
              "type": "string"
-            },
-            "url": {
-              "type": "string"
            }
          }
        }
@@ -5725,6 +6064,17 @@ func init() {
        "postgres_image": {
          "type": "string"
        },
+        "postgres_init_image": {
+          "type": "string"
+        },
+        "postgres_securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
        "storageClass": {
          "type": "string",
          "default": ""
@@ -5792,14 +6142,6 @@ func init() {
        }
      }
    },
-    "loginResponse": {
-      "type": "object",
-      "properties": {
-        "sessionId": {
-          "type": "string"
-        }
-      }
-    },
    "maxAllocatableMemResponse": {
      "type": "object",
      "properties": {
@@ -5852,6 +6194,19 @@ func init() {
        }
      }
    },
+    "nodeMaxAllocatableResources": {
+      "type": "object",
+      "properties": {
+        "max_allocatable_cpu": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "max_allocatable_mem": {
+          "type": "integer",
+          "format": "int64"
+        }
+      }
+    },
    "nodeSelectorTerm": {
      "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
      "type": "object",
@@ -5875,19 +6230,16 @@ func init() {
    "operatorSessionResponse": {
      "type": "object",
      "properties": {
-        "features": {
-          "type": "array",
-          "items": {
-            "type": "string"
-          }
-        },
        "operator": {
          "type": "boolean"
        },
-        "pages": {
-          "type": "array",
-          "items": {
-            "type": "string"
+        "permissions": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
          }
        },
        "status": {
@@ -5968,6 +6320,10 @@ func init() {
        "resources": {
          "$ref": "#/definitions/poolResources"
        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
        "servers": {
          "type": "integer"
        },
@@ -6143,6 +6499,16 @@ func init() {
        "image": {
          "type": "string"
        },
+        "init_image": {
+          "type": "string"
+        },
+        "securityContext": {
+          "type": "object",
+          "$ref": "#/definitions/securityContext"
+        },
+        "sidecar_image": {
+          "type": "string"
+        },
        "storageClass": {
          "type": "string",
          "default": ""
@@ -6212,6 +6578,29 @@ func init() {
        }
      }
    },
+    "securityContext": {
+      "type": "object",
+      "required": [
+        "runAsUser",
+        "runAsGroup",
+        "runAsNonRoot",
+        "fsGroup"
+      ],
+      "properties": {
+        "fsGroup": {
+          "type": "string"
+        },
+        "runAsGroup": {
+          "type": "string"
+        },
+        "runAsNonRoot": {
+          "type": "boolean"
+        },
+        "runAsUser": {
+          "type": "string"
+        }
+      }
+    },
    "subscriptionValidateRequest": {
      "type": "object",
      "properties": {
@@ -6300,6 +6689,22 @@ func init() {
    "tenantList": {
      "type": "object",
      "properties": {
+        "capacity": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_raw": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_raw_usage": {
+          "type": "integer",
+          "format": "int64"
+        },
+        "capacity_usage": {
+          "type": "integer",
+          "format": "int64"
+        },
        "creation_date": {
          "type": "string"
        },
@@ -6412,6 +6817,27 @@ func init() {
        "health_status": {
          "type": "string"
        },
+        "usage": {
+          "type": "object",
+          "properties": {
+            "capacity": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "capacity_usage": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "raw": {
+              "type": "integer",
+              "format": "int64"
+            },
+            "raw_usage": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        },
        "write_quorum": {
          "type": "integer",
          "format": "int32"
--- a/operatorapi/operations/operator_api.go
+++ b/operatorapi/operations/operator_api.go
@@ -78,6 +78,9 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIDirectCSIFormatDriveHandler: operator_api.DirectCSIFormatDriveHandlerFunc(func(params operator_api.DirectCSIFormatDriveParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.DirectCSIFormatDrive has not yet been implemented")
 		}),
+		OperatorAPIGetAllocatableResourcesHandler: operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.GetAllocatableResources has not yet been implemented")
+		}),
 		OperatorAPIGetDirectCSIDriveListHandler: operator_api.GetDirectCSIDriveListHandlerFunc(func(params operator_api.GetDirectCSIDriveListParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.GetDirectCSIDriveList has not yet been implemented")
 		}),
@@ -117,12 +120,12 @@ func NewOperatorAPI(spec *loads.Document) *OperatorAPI {
 		OperatorAPIListPVCsHandler: operator_api.ListPVCsHandlerFunc(func(params operator_api.ListPVCsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListPVCs has not yet been implemented")
 		}),
+		OperatorAPIListPVCsForTenantHandler: operator_api.ListPVCsForTenantHandlerFunc(func(params operator_api.ListPVCsForTenantParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation operator_api.ListPVCsForTenant has not yet been implemented")
+		}),
 		OperatorAPIListTenantsHandler: operator_api.ListTenantsHandlerFunc(func(params operator_api.ListTenantsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation operator_api.ListTenants has not yet been implemented")
 		}),
-		UserAPILoginHandler: user_api.LoginHandlerFunc(func(params user_api.LoginParams) middleware.Responder {
-			return middleware.NotImplemented("operation user_api.Login has not yet been implemented")
-		}),
 		UserAPILoginDetailHandler: user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.LoginDetail has not yet been implemented")
 		}),
@@ -236,6 +239,8 @@ type OperatorAPI struct {
 	OperatorAPIDeleteTenantHandler operator_api.DeleteTenantHandler
 	// OperatorAPIDirectCSIFormatDriveHandler sets the operation handler for the direct c s i format drive operation
 	OperatorAPIDirectCSIFormatDriveHandler operator_api.DirectCSIFormatDriveHandler
+	// OperatorAPIGetAllocatableResourcesHandler sets the operation handler for the get allocatable resources operation
+	OperatorAPIGetAllocatableResourcesHandler operator_api.GetAllocatableResourcesHandler
 	// OperatorAPIGetDirectCSIDriveListHandler sets the operation handler for the get direct c s i drive list operation
 	OperatorAPIGetDirectCSIDriveListHandler operator_api.GetDirectCSIDriveListHandler
 	// OperatorAPIGetDirectCSIVolumeListHandler sets the operation handler for the get direct c s i volume list operation
@@ -262,10 +267,10 @@ type OperatorAPI struct {
 	OperatorAPIListNodeLabelsHandler operator_api.ListNodeLabelsHandler
 	// OperatorAPIListPVCsHandler sets the operation handler for the list p v cs operation
 	OperatorAPIListPVCsHandler operator_api.ListPVCsHandler
+	// OperatorAPIListPVCsForTenantHandler sets the operation handler for the list p v cs for tenant operation
+	OperatorAPIListPVCsForTenantHandler operator_api.ListPVCsForTenantHandler
 	// OperatorAPIListTenantsHandler sets the operation handler for the list tenants operation
 	OperatorAPIListTenantsHandler operator_api.ListTenantsHandler
-	// UserAPILoginHandler sets the operation handler for the login operation
-	UserAPILoginHandler user_api.LoginHandler
 	// UserAPILoginDetailHandler sets the operation handler for the login detail operation
 	UserAPILoginDetailHandler user_api.LoginDetailHandler
 	// UserAPILoginOauth2AuthHandler sets the operation handler for the login oauth2 auth operation
@@ -398,6 +403,9 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIDirectCSIFormatDriveHandler == nil {
 		unregistered = append(unregistered, "operator_api.DirectCSIFormatDriveHandler")
 	}
+	if o.OperatorAPIGetAllocatableResourcesHandler == nil {
+		unregistered = append(unregistered, "operator_api.GetAllocatableResourcesHandler")
+	}
 	if o.OperatorAPIGetDirectCSIDriveListHandler == nil {
 		unregistered = append(unregistered, "operator_api.GetDirectCSIDriveListHandler")
 	}
@@ -437,12 +445,12 @@ func (o *OperatorAPI) Validate() error {
 	if o.OperatorAPIListPVCsHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListPVCsHandler")
 	}
+	if o.OperatorAPIListPVCsForTenantHandler == nil {
+		unregistered = append(unregistered, "operator_api.ListPVCsForTenantHandler")
+	}
 	if o.OperatorAPIListTenantsHandler == nil {
 		unregistered = append(unregistered, "operator_api.ListTenantsHandler")
 	}
-	if o.UserAPILoginHandler == nil {
-		unregistered = append(unregistered, "user_api.LoginHandler")
-	}
 	if o.UserAPILoginDetailHandler == nil {
 		unregistered = append(unregistered, "user_api.LoginDetailHandler")
 	}
@@ -618,6 +626,10 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
+	o.handlers["GET"]["/cluster/allocatable-resources"] = operator_api.NewGetAllocatableResources(o.context, o.OperatorAPIGetAllocatableResourcesHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
+	}
 	o.handlers["GET"]["/direct-csi/drives"] = operator_api.NewGetDirectCSIDriveList(o.context, o.OperatorAPIGetDirectCSIDriveListHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
@@ -670,11 +682,11 @@ func (o *OperatorAPI) initHandlerCache() {
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["GET"]["/namespaces/{namespace}/tenants"] = operator_api.NewListTenants(o.context, o.OperatorAPIListTenantsHandler)
-	if o.handlers["POST"] == nil {
-		o.handlers["POST"] = make(map[string]http.Handler)
+	o.handlers["GET"]["/namespaces/{namespace}/tenants/{tenant}/pvcs"] = operator_api.NewListPVCsForTenant(o.context, o.OperatorAPIListPVCsForTenantHandler)
+	if o.handlers["GET"] == nil {
+		o.handlers["GET"] = make(map[string]http.Handler)
 	}
-	o.handlers["POST"]["/login"] = user_api.NewLogin(o.context, o.UserAPILoginHandler)
+	o.handlers["GET"]["/namespaces/{namespace}/tenants"] = operator_api.NewListTenants(o.context, o.OperatorAPIListTenantsHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
--- a/operatorapi/operations/operator_api/get_allocatable_resources.go
+++ b/operatorapi/operations/operator_api/get_allocatable_resources.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// GetAllocatableResourcesHandlerFunc turns a function with the right signature into a get allocatable resources handler
+type GetAllocatableResourcesHandlerFunc func(GetAllocatableResourcesParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn GetAllocatableResourcesHandlerFunc) Handle(params GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// GetAllocatableResourcesHandler interface for that can handle valid get allocatable resources params
+type GetAllocatableResourcesHandler interface {
+	Handle(GetAllocatableResourcesParams, *models.Principal) middleware.Responder
+}
+
+// NewGetAllocatableResources creates a new http.Handler for the get allocatable resources operation
+func NewGetAllocatableResources(ctx *middleware.Context, handler GetAllocatableResourcesHandler) *GetAllocatableResources {
+	return &GetAllocatableResources{Context: ctx, Handler: handler}
+}
+
+/* GetAllocatableResources swagger:route GET /cluster/allocatable-resources OperatorAPI getAllocatableResources
+
+Get allocatable cpu and memory for given number of nodes
+
+*/
+type GetAllocatableResources struct {
+	Context *middleware.Context
+	Handler GetAllocatableResourcesHandler
+}
+
+func (o *GetAllocatableResources) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewGetAllocatableResourcesParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/get_allocatable_resources_parameters.go
+++ b/operatorapi/operations/operator_api/get_allocatable_resources_parameters.go
@@ -0,0 +1,120 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// NewGetAllocatableResourcesParams creates a new GetAllocatableResourcesParams object
+//
+// There are no default values defined in the spec.
+func NewGetAllocatableResourcesParams() GetAllocatableResourcesParams {
+
+	return GetAllocatableResourcesParams{}
+}
+
+// GetAllocatableResourcesParams contains all the bound params for the get allocatable resources operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters GetAllocatableResources
+type GetAllocatableResourcesParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  Minimum: 1
+	  In: query
+	*/
+	NumNodes int32
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewGetAllocatableResourcesParams() beforehand.
+func (o *GetAllocatableResourcesParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	qs := runtime.Values(r.URL.Query())
+
+	qNumNodes, qhkNumNodes, _ := qs.GetOK("num_nodes")
+	if err := o.bindNumNodes(qNumNodes, qhkNumNodes, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNumNodes binds and validates parameter NumNodes from query.
+func (o *GetAllocatableResourcesParams) bindNumNodes(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	if !hasKey {
+		return errors.Required("num_nodes", "query", rawData)
+	}
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// AllowEmptyValue: false
+
+	if err := validate.RequiredString("num_nodes", "query", raw); err != nil {
+		return err
+	}
+
+	value, err := swag.ConvertInt32(raw)
+	if err != nil {
+		return errors.InvalidType("num_nodes", "query", "int32", raw)
+	}
+	o.NumNodes = value
+
+	if err := o.validateNumNodes(formats); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// validateNumNodes carries on validations for parameter NumNodes
+func (o *GetAllocatableResourcesParams) validateNumNodes(formats strfmt.Registry) error {
+
+	if err := validate.MinimumInt("num_nodes", "query", int64(o.NumNodes), 1, false); err != nil {
+		return err
+	}
+
+	return nil
+}
--- a/operatorapi/operations/operator_api/get_allocatable_resources_responses.go
+++ b/operatorapi/operations/operator_api/get_allocatable_resources_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// GetAllocatableResourcesOKCode is the HTTP code returned for type GetAllocatableResourcesOK
+const GetAllocatableResourcesOKCode int = 200
+
+/*GetAllocatableResourcesOK A successful response.
+
+swagger:response getAllocatableResourcesOK
+*/
+type GetAllocatableResourcesOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.AllocatableResourcesResponse `json:"body,omitempty"`
+}
+
+// NewGetAllocatableResourcesOK creates GetAllocatableResourcesOK with default headers values
+func NewGetAllocatableResourcesOK() *GetAllocatableResourcesOK {
+
+	return &GetAllocatableResourcesOK{}
+}
+
+// WithPayload adds the payload to the get allocatable resources o k response
+func (o *GetAllocatableResourcesOK) WithPayload(payload *models.AllocatableResourcesResponse) *GetAllocatableResourcesOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get allocatable resources o k response
+func (o *GetAllocatableResourcesOK) SetPayload(payload *models.AllocatableResourcesResponse) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetAllocatableResourcesOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*GetAllocatableResourcesDefault Generic error response.
+
+swagger:response getAllocatableResourcesDefault
+*/
+type GetAllocatableResourcesDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewGetAllocatableResourcesDefault creates GetAllocatableResourcesDefault with default headers values
+func NewGetAllocatableResourcesDefault(code int) *GetAllocatableResourcesDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &GetAllocatableResourcesDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the get allocatable resources default response
+func (o *GetAllocatableResourcesDefault) WithStatusCode(code int) *GetAllocatableResourcesDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the get allocatable resources default response
+func (o *GetAllocatableResourcesDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the get allocatable resources default response
+func (o *GetAllocatableResourcesDefault) WithPayload(payload *models.Error) *GetAllocatableResourcesDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the get allocatable resources default response
+func (o *GetAllocatableResourcesDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *GetAllocatableResourcesDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/operatorapi/operations/operator_api/get_allocatable_resources_urlbuilder.go
+++ b/operatorapi/operations/operator_api/get_allocatable_resources_urlbuilder.go
@@ -0,0 +1,119 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+
+	"github.com/go-openapi/swag"
+)
+
+// GetAllocatableResourcesURL generates an URL for the get allocatable resources operation
+type GetAllocatableResourcesURL struct {
+	NumNodes int32
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *GetAllocatableResourcesURL) WithBasePath(bp string) *GetAllocatableResourcesURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *GetAllocatableResourcesURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *GetAllocatableResourcesURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/cluster/allocatable-resources"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	qs := make(url.Values)
+
+	numNodesQ := swag.FormatInt32(o.NumNodes)
+	if numNodesQ != "" {
+		qs.Set("num_nodes", numNodesQ)
+	}
+
+	_result.RawQuery = qs.Encode()
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *GetAllocatableResourcesURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *GetAllocatableResourcesURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *GetAllocatableResourcesURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on GetAllocatableResourcesURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on GetAllocatableResourcesURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *GetAllocatableResourcesURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/operatorapi/operations/operator_api/list_p_v_cs_for_tenant.go
+++ b/operatorapi/operations/operator_api/list_p_v_cs_for_tenant.go
@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// ListPVCsForTenantHandlerFunc turns a function with the right signature into a list p v cs for tenant handler
+type ListPVCsForTenantHandlerFunc func(ListPVCsForTenantParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ListPVCsForTenantHandlerFunc) Handle(params ListPVCsForTenantParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// ListPVCsForTenantHandler interface for that can handle valid list p v cs for tenant params
+type ListPVCsForTenantHandler interface {
+	Handle(ListPVCsForTenantParams, *models.Principal) middleware.Responder
+}
+
+// NewListPVCsForTenant creates a new http.Handler for the list p v cs for tenant operation
+func NewListPVCsForTenant(ctx *middleware.Context, handler ListPVCsForTenantHandler) *ListPVCsForTenant {
+	return &ListPVCsForTenant{Context: ctx, Handler: handler}
+}
+
+/* ListPVCsForTenant swagger:route GET /namespaces/{namespace}/tenants/{tenant}/pvcs OperatorAPI listPVCsForTenant
+
+List all PVCs from given Tenant
+
+*/
+type ListPVCsForTenant struct {
+	Context *middleware.Context
+	Handler ListPVCsForTenantHandler
+}
+
+func (o *ListPVCsForTenant) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewListPVCsForTenantParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_parameters.go
+++ b/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_parameters.go
@@ -0,0 +1,112 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+)
+
+// NewListPVCsForTenantParams creates a new ListPVCsForTenantParams object
+//
+// There are no default values defined in the spec.
+func NewListPVCsForTenantParams() ListPVCsForTenantParams {
+
+	return ListPVCsForTenantParams{}
+}
+
+// ListPVCsForTenantParams contains all the bound params for the list p v cs for tenant operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters ListPVCsForTenant
+type ListPVCsForTenantParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: path
+	*/
+	Namespace string
+	/*
+	  Required: true
+	  In: path
+	*/
+	Tenant string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewListPVCsForTenantParams() beforehand.
+func (o *ListPVCsForTenantParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	rNamespace, rhkNamespace, _ := route.Params.GetOK("namespace")
+	if err := o.bindNamespace(rNamespace, rhkNamespace, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	rTenant, rhkTenant, _ := route.Params.GetOK("tenant")
+	if err := o.bindTenant(rTenant, rhkTenant, route.Formats); err != nil {
+		res = append(res, err)
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindNamespace binds and validates parameter Namespace from path.
+func (o *ListPVCsForTenantParams) bindNamespace(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Namespace = raw
+
+	return nil
+}
+
+// bindTenant binds and validates parameter Tenant from path.
+func (o *ListPVCsForTenantParams) bindTenant(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+	o.Tenant = raw
+
+	return nil
+}
--- a/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_responses.go
+++ b/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// ListPVCsForTenantOKCode is the HTTP code returned for type ListPVCsForTenantOK
+const ListPVCsForTenantOKCode int = 200
+
+/*ListPVCsForTenantOK A successful response.
+
+swagger:response listPVCsForTenantOK
+*/
+type ListPVCsForTenantOK struct {
+
+	/*
+	  In: Body
+	*/
+	Payload *models.ListPVCsResponse `json:"body,omitempty"`
+}
+
+// NewListPVCsForTenantOK creates ListPVCsForTenantOK with default headers values
+func NewListPVCsForTenantOK() *ListPVCsForTenantOK {
+
+	return &ListPVCsForTenantOK{}
+}
+
+// WithPayload adds the payload to the list p v cs for tenant o k response
+func (o *ListPVCsForTenantOK) WithPayload(payload *models.ListPVCsResponse) *ListPVCsForTenantOK {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list p v cs for tenant o k response
+func (o *ListPVCsForTenantOK) SetPayload(payload *models.ListPVCsResponse) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListPVCsForTenantOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(200)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
+
+/*ListPVCsForTenantDefault Generic error response.
+
+swagger:response listPVCsForTenantDefault
+*/
+type ListPVCsForTenantDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewListPVCsForTenantDefault creates ListPVCsForTenantDefault with default headers values
+func NewListPVCsForTenantDefault(code int) *ListPVCsForTenantDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &ListPVCsForTenantDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the list p v cs for tenant default response
+func (o *ListPVCsForTenantDefault) WithStatusCode(code int) *ListPVCsForTenantDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the list p v cs for tenant default response
+func (o *ListPVCsForTenantDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the list p v cs for tenant default response
+func (o *ListPVCsForTenantDefault) WithPayload(payload *models.Error) *ListPVCsForTenantDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the list p v cs for tenant default response
+func (o *ListPVCsForTenantDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListPVCsForTenantDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_urlbuilder.go
+++ b/operatorapi/operations/operator_api/list_p_v_cs_for_tenant_urlbuilder.go
@@ -0,0 +1,124 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package operator_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// ListPVCsForTenantURL generates an URL for the list p v cs for tenant operation
+type ListPVCsForTenantURL struct {
+	Namespace string
+	Tenant    string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListPVCsForTenantURL) WithBasePath(bp string) *ListPVCsForTenantURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListPVCsForTenantURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *ListPVCsForTenantURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/namespaces/{namespace}/tenants/{tenant}/pvcs"
+
+	namespace := o.Namespace
+	if namespace != "" {
+		_path = strings.Replace(_path, "{namespace}", namespace, -1)
+	} else {
+		return nil, errors.New("namespace is required on ListPVCsForTenantURL")
+	}
+
+	tenant := o.Tenant
+	if tenant != "" {
+		_path = strings.Replace(_path, "{tenant}", tenant, -1)
+	} else {
+		return nil, errors.New("tenant is required on ListPVCsForTenantURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *ListPVCsForTenantURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *ListPVCsForTenantURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *ListPVCsForTenantURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on ListPVCsForTenantURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on ListPVCsForTenantURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *ListPVCsForTenantURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/operatorapi/operations/user_api/login.go
+++ b/operatorapi/operations/user_api/login.go
@@ -1,73 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
-
-package user_api
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the generate command
-
-import (
-	"net/http"
-
-	"github.com/go-openapi/runtime/middleware"
-)
-
-// LoginHandlerFunc turns a function with the right signature into a login handler
-type LoginHandlerFunc func(LoginParams) middleware.Responder
-
-// Handle executing the request and returning a response
-func (fn LoginHandlerFunc) Handle(params LoginParams) middleware.Responder {
-	return fn(params)
-}
-
-// LoginHandler interface for that can handle valid login params
-type LoginHandler interface {
-	Handle(LoginParams) middleware.Responder
-}
-
-// NewLogin creates a new http.Handler for the login operation
-func NewLogin(ctx *middleware.Context, handler LoginHandler) *Login {
-	return &Login{Context: ctx, Handler: handler}
-}
-
-/* Login swagger:route POST /login UserAPI login
-
-Login to Console
-
-*/
-type Login struct {
-	Context *middleware.Context
-	Handler LoginHandler
-}
-
-func (o *Login) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
-	route, rCtx, _ := o.Context.RouteInfo(r)
-	if rCtx != nil {
-		*r = *rCtx
-	}
-	var Params = NewLoginParams()
-	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
-		o.Context.Respond(rw, r, route.Produces, route, err)
-		return
-	}
-
-	res := o.Handler.Handle(Params) // actually handle the request
-	o.Context.Respond(rw, r, route.Produces, route, res)
-
-}
--- a/operatorapi/operations/user_api/login_oauth2_auth_responses.go
+++ b/operatorapi/operations/user_api/login_oauth2_auth_responses.go
@@ -30,48 +30,28 @@ import (
 	"github.com/minio/console/models"
 )

-// LoginOauth2AuthCreatedCode is the HTTP code returned for type LoginOauth2AuthCreated
-const LoginOauth2AuthCreatedCode int = 201
+// LoginOauth2AuthNoContentCode is the HTTP code returned for type LoginOauth2AuthNoContent
+const LoginOauth2AuthNoContentCode int = 204

-/*LoginOauth2AuthCreated A successful login.
+/*LoginOauth2AuthNoContent A successful login.

-swagger:response loginOauth2AuthCreated
+swagger:response loginOauth2AuthNoContent
 */
-type LoginOauth2AuthCreated struct {
-
-	/*
-	  In: Body
-	*/
-	Payload *models.LoginResponse `json:"body,omitempty"`
+type LoginOauth2AuthNoContent struct {
 }

-// NewLoginOauth2AuthCreated creates LoginOauth2AuthCreated with default headers values
-func NewLoginOauth2AuthCreated() *LoginOauth2AuthCreated {
+// NewLoginOauth2AuthNoContent creates LoginOauth2AuthNoContent with default headers values
+func NewLoginOauth2AuthNoContent() *LoginOauth2AuthNoContent {

-	return &LoginOauth2AuthCreated{}
-}
-
-// WithPayload adds the payload to the login oauth2 auth created response
-func (o *LoginOauth2AuthCreated) WithPayload(payload *models.LoginResponse) *LoginOauth2AuthCreated {
-	o.Payload = payload
-	return o
-}
-
-// SetPayload sets the payload to the login oauth2 auth created response
-func (o *LoginOauth2AuthCreated) SetPayload(payload *models.LoginResponse) {
-	o.Payload = payload
+	return &LoginOauth2AuthNoContent{}
 }

 // WriteResponse to the client
-func (o *LoginOauth2AuthCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LoginOauth2AuthNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

-	rw.WriteHeader(201)
-	if o.Payload != nil {
-		payload := o.Payload
-		if err := producer.Produce(rw, payload); err != nil {
-			panic(err) // let the recovery middleware deal with this
-		}
-	}
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(204)
 }

 /*LoginOauth2AuthDefault Generic error response.
--- a/operatorapi/operations/user_api/login_operator_responses.go
+++ b/operatorapi/operations/user_api/login_operator_responses.go
@@ -30,48 +30,28 @@ import (
 	"github.com/minio/console/models"
 )

-// LoginOperatorCreatedCode is the HTTP code returned for type LoginOperatorCreated
-const LoginOperatorCreatedCode int = 201
+// LoginOperatorNoContentCode is the HTTP code returned for type LoginOperatorNoContent
+const LoginOperatorNoContentCode int = 204

-/*LoginOperatorCreated A successful login.
+/*LoginOperatorNoContent A successful login.

-swagger:response loginOperatorCreated
+swagger:response loginOperatorNoContent
 */
-type LoginOperatorCreated struct {
-
-	/*
-	  In: Body
-	*/
-	Payload *models.LoginResponse `json:"body,omitempty"`
+type LoginOperatorNoContent struct {
 }

-// NewLoginOperatorCreated creates LoginOperatorCreated with default headers values
-func NewLoginOperatorCreated() *LoginOperatorCreated {
+// NewLoginOperatorNoContent creates LoginOperatorNoContent with default headers values
+func NewLoginOperatorNoContent() *LoginOperatorNoContent {

-	return &LoginOperatorCreated{}
-}
-
-// WithPayload adds the payload to the login operator created response
-func (o *LoginOperatorCreated) WithPayload(payload *models.LoginResponse) *LoginOperatorCreated {
-	o.Payload = payload
-	return o
-}
-
-// SetPayload sets the payload to the login operator created response
-func (o *LoginOperatorCreated) SetPayload(payload *models.LoginResponse) {
-	o.Payload = payload
+	return &LoginOperatorNoContent{}
 }

 // WriteResponse to the client
-func (o *LoginOperatorCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+func (o *LoginOperatorNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {

-	rw.WriteHeader(201)
-	if o.Payload != nil {
-		payload := o.Payload
-		if err := producer.Produce(rw, payload); err != nil {
-			panic(err) // let the recovery middleware deal with this
-		}
-	}
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(204)
 }

 /*LoginOperatorDefault Generic error response.
--- a/operatorapi/operations/user_api/logout.go
+++ b/operatorapi/operations/user_api/logout.go
@@ -50,7 +50,7 @@ func NewLogout(ctx *middleware.Context, handler LogoutHandler) *Logout {

 /* Logout swagger:route POST /logout UserAPI logout

-Logout from Console.
+Logout from Operator.

 */
 type Logout struct {
--- a/operatorapi/operator_login.go
+++ b/operatorapi/operator_login.go
@@ -17,61 +17,35 @@
 package operatorapi

 import (
-	"bytes"
 	"context"
 	"net/http"
 	"time"

+	xoauth2 "golang.org/x/oauth2"
+
 	"github.com/minio/minio-go/v7/pkg/credentials"

 	"github.com/minio/console/restapi"

-	iampolicy "github.com/minio/pkg/iam/policy"
-
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
 	"github.com/minio/console/operatorapi/operations/user_api"
-	"github.com/minio/console/pkg/acl"
 	"github.com/minio/console/pkg/auth"
 	"github.com/minio/console/pkg/auth/idp/oauth2"
 )

 func registerLoginHandlers(api *operations.OperatorAPI) {
-	// get login strategy
+	// GET login strategy
 	api.UserAPILoginDetailHandler = user_api.LoginDetailHandlerFunc(func(params user_api.LoginDetailParams) middleware.Responder {
-		loginDetails, err := getLoginDetailsResponse()
+		loginDetails, err := getLoginDetailsResponse(params.HTTPRequest)
 		if err != nil {
 			return user_api.NewLoginDetailDefault(int(err.Code)).WithPayload(err)
 		}
 		return user_api.NewLoginDetailOK().WithPayload(loginDetails)
 	})
-	// post login
-	api.UserAPILoginHandler = user_api.LoginHandlerFunc(func(params user_api.LoginParams) middleware.Responder {
-		loginResponse, err := getLoginResponse(params.Body)
-		if err != nil {
-			return user_api.NewLoginDefault(int(err.Code)).WithPayload(err)
-		}
-		// Custom response writer to set the session cookies
-		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
-			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
-			http.SetCookie(w, &cookie)
-			user_api.NewLoginCreated().WithPayload(loginResponse).WriteResponse(w, p)
-		})
-	})
-	api.UserAPILoginOauth2AuthHandler = user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
-		loginResponse, err := getLoginOauth2AuthResponse()
-		if err != nil {
-			return user_api.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
-		}
-		// Custom response writer to set the session cookies
-		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
-			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
-			http.SetCookie(w, &cookie)
-			user_api.NewLoginOauth2AuthCreated().WithPayload(loginResponse).WriteResponse(w, p)
-		})
-	})
+	// POST login using k8s service account token
 	api.UserAPILoginOperatorHandler = user_api.LoginOperatorHandlerFunc(func(params user_api.LoginOperatorParams) middleware.Responder {
 		loginResponse, err := getLoginOperatorResponse(params.Body)
 		if err != nil {
@@ -81,7 +55,20 @@ func registerLoginHandlers(api *operations.OperatorAPI) {
 		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
 			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
 			http.SetCookie(w, &cookie)
-			user_api.NewLoginOperatorCreated().WithPayload(loginResponse).WriteResponse(w, p)
+			user_api.NewLoginOperatorNoContent().WriteResponse(w, p)
+		})
+	})
+	// POST login using external IDP
+	api.UserAPILoginOauth2AuthHandler = user_api.LoginOauth2AuthHandlerFunc(func(params user_api.LoginOauth2AuthParams) middleware.Responder {
+		loginResponse, err := getLoginOauth2AuthResponse(params.HTTPRequest, params.Body)
+		if err != nil {
+			return user_api.NewLoginOauth2AuthDefault(int(err.Code)).WithPayload(err)
+		}
+		// Custom response writer to set the session cookies
+		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
+			cookie := restapi.NewSessionCookieForConsole(loginResponse.SessionID)
+			http.SetCookie(w, &cookie)
+			user_api.NewLoginOauth2AuthNoContent().WriteResponse(w, p)
 		})
 	})
 }
@@ -95,7 +82,7 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 		return nil, err
 	}
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
-	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), credentials.GetActions())
+	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey())
 	if err != nil {
 		LogError("error authenticating user: %v", err)
 		return nil, errInvalidCredentials
@@ -103,92 +90,15 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 	return &token, nil
 }

-// getAccountPolicy will return the associated policy of the current account
-func getAccountPolicy(ctx context.Context, client restapi.MinioAdmin) (*iampolicy.Policy, error) {
-	// Obtain the current policy assigned to this user
-	// necessary for generating the list of allowed endpoints
-	accountInfo, err := client.AccountInfo(ctx)
-	if err != nil {
-		return nil, err
-	}
-	return iampolicy.ParseConfig(bytes.NewReader(accountInfo.Policy))
-}
-
-// getConsoleCredentials will return consoleCredentials interface including the associated policy of the current account
-func getConsoleCredentials(ctx context.Context, accessKey, secretKey string) (*restapi.ConsoleCredentials, error) {
-	creds, err := newConsoleCredentials(secretKey)
-	if err != nil {
-		return nil, err
-	}
-	// cCredentials will be sts credentials, account credentials will be need it in the scenario the user wish
-	// to change its password
-	cCredentials := &restapi.ConsoleCredentials{
-		ConsoleCredentials: creds,
-		AccountAccessKey:   accessKey,
-	}
-	tokens, err := cCredentials.Get()
-	if err != nil {
-		return nil, err
-	}
-	// initialize admin client
-	mAdminClient, err := restapi.NewMinioAdminClient(&models.Principal{
-		STSAccessKeyID:     tokens.AccessKeyID,
-		STSSecretAccessKey: tokens.SecretAccessKey,
-		STSSessionToken:    tokens.SessionToken,
-	})
-	if err != nil {
-		return nil, err
-	}
-	userAdminClient := restapi.AdminClient{Client: mAdminClient}
-	// Obtain the current policy assigned to this user
-	// necessary for generating the list of allowed endpoints
-	policy, err := getAccountPolicy(ctx, userAdminClient)
-	if err != nil {
-		return nil, err
-	}
-	// by default every user starts with an empty array of available actions
-	// therefore we would have access only to pages that doesn't require any privilege
-	// ie: service-account page
-	var actions []string
-	// if a policy is assigned to this user we parse the actions from there
-	if policy != nil {
-		actions = acl.GetActionsStringFromPolicy(policy)
-	}
-	cCredentials.Actions = actions
-	return cCredentials, nil
-}
-
-// getLoginResponse performs login() and serializes it to the handler's output
-func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.Error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
-	defer cancel()
-	// prepare console credentials
-	consolCreds, err := getConsoleCredentials(ctx, *lr.AccessKey, *lr.SecretKey)
-	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
-	}
-	sessionID, err := login(consolCreds)
-	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
-	}
-	// serialize output
-	loginResponse := &models.LoginResponse{
-		SessionID: *sessionID,
-	}
-	return loginResponse, nil
-}
-
 // getLoginDetailsResponse returns information regarding the Console authentication mechanism.
-func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
-	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
-	defer cancel()
+func getLoginDetailsResponse(r *http.Request) (*models.LoginDetails, *models.Error) {
 	loginStrategy := models.LoginDetailsLoginStrategyServiceDashAccount
 	redirectURL := ""

-	if oauth2.IsIdpEnabled() {
+	if oauth2.IsIDPEnabled() {
 		loginStrategy = models.LoginDetailsLoginStrategyRedirect
 		// initialize new oauth2 client
-		oauth2Client, err := oauth2.NewOauth2ProviderClient(ctx, nil, restapi.GetConsoleHTTPClient())
+		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
 		if err != nil {
 			return nil, prepareError(err)
 		}
@@ -204,22 +114,48 @@ func getLoginDetailsResponse() (*models.LoginDetails, *models.Error) {
 	return loginDetails, nil
 }

-func getLoginOauth2AuthResponse() (*models.LoginResponse, *models.Error) {
+// verifyUserAgainstIDP will verify user identity against the configured IDP and return MinIO credentials
+func verifyUserAgainstIDP(ctx context.Context, provider auth.IdentityProviderI, code, state string) (*xoauth2.Token, error) {
+	oauth2Token, err := provider.VerifyIdentityForOperator(ctx, code, state)
+	if err != nil {
+		return nil, err
+	}
+	return oauth2Token, nil
+}

-	creds, err := newConsoleCredentials(getK8sSAToken())
-	if err != nil {
-		return nil, prepareError(err)
+func getLoginOauth2AuthResponse(r *http.Request, lr *models.LoginOauth2AuthRequest) (*models.LoginResponse, *models.Error) {
+	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+	defer cancel()
+	if oauth2.IsIDPEnabled() {
+		// initialize new oauth2 client
+		oauth2Client, err := oauth2.NewOauth2ProviderClient(nil, r, restapi.GetConsoleHTTPClient())
+		if err != nil {
+			return nil, prepareError(err)
+		}
+		// initialize new identity provider
+		identityProvider := auth.IdentityProvider{Client: oauth2Client}
+		// Validate user against IDP
+		_, err = verifyUserAgainstIDP(ctx, identityProvider, *lr.Code, *lr.State)
+		if err != nil {
+			return nil, prepareError(err)
+		}
+		// If we pass here that means the IDP correctly authenticate the user with the operator resource
+		// we proceed to use the service account token configured in the operator-console pod
+		creds, err := newConsoleCredentials(getK8sSAToken())
+		if err != nil {
+			return nil, prepareError(err)
+		}
+		token, err := login(restapi.ConsoleCredentials{ConsoleCredentials: creds})
+		if err != nil {
+			return nil, prepareError(errInvalidCredentials, nil, err)
+		}
+		// serialize output
+		loginResponse := &models.LoginResponse{
+			SessionID: *token,
+		}
+		return loginResponse, nil
 	}
-	consoleCredentials := restapi.ConsoleCredentials{ConsoleCredentials: creds, Actions: []string{}}
-	token, err := login(consoleCredentials)
-	if err != nil {
-		return nil, prepareError(errInvalidCredentials, nil, err)
-	}
-	// serialize output
-	loginResponse := &models.LoginResponse{
-		SessionID: *token,
-	}
-	return loginResponse, nil
+	return nil, prepareError(errorGeneric)
 }

 func newConsoleCredentials(secretKey string) (*credentials.Credentials, error) {
@@ -236,7 +172,7 @@ func getLoginOperatorResponse(lmr *models.LoginOperatorRequest) (*models.LoginRe
 	if err != nil {
 		return nil, prepareError(err)
 	}
-	consoleCreds := restapi.ConsoleCredentials{ConsoleCredentials: creds, Actions: []string{}}
+	consoleCreds := restapi.ConsoleCredentials{ConsoleCredentials: creds}
 	token, err := login(consoleCreds)
 	if err != nil {
 		return nil, prepareError(errInvalidCredentials, nil, err)
--- a/operatorapi/operator_logout.go
+++ b/operatorapi/operator_logout.go
@@ -0,0 +1,42 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package operatorapi
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/minio/console/models"
+	"github.com/minio/console/operatorapi/operations"
+	"github.com/minio/console/operatorapi/operations/user_api"
+	"github.com/minio/console/restapi"
+)
+
+func registerLogoutHandlers(api *operations.OperatorAPI) {
+	// logout from console
+	api.UserAPILogoutHandler = user_api.LogoutHandlerFunc(func(params user_api.LogoutParams, session *models.Principal) middleware.Responder {
+		// Custom response writer to expire the session cookies
+		return middleware.ResponderFunc(func(w http.ResponseWriter, p runtime.Producer) {
+			expiredCookie := restapi.ExpireSessionCookie()
+			// this will tell the browser to clear the cookie and invalidate user session
+			// additionally we are deleting the cookie from the client side
+			http.SetCookie(w, &expiredCookie)
+			user_api.NewLogoutOK().WriteResponse(w, p)
+		})
+	})
+}
--- a/operatorapi/operator_nodes.go
+++ b/operatorapi/operator_nodes.go
@@ -18,6 +18,7 @@ package operatorapi

 import (
 	"context"
+	"errors"
 	"sort"

 	"github.com/minio/minio-go/v7/pkg/set"
@@ -50,6 +51,20 @@ func registerNodesHandlers(api *operations.OperatorAPI) {
 		}
 		return operator_api.NewListNodeLabelsOK().WithPayload(*resp)
 	})
+
+	api.OperatorAPIGetAllocatableResourcesHandler = operator_api.GetAllocatableResourcesHandlerFunc(func(params operator_api.GetAllocatableResourcesParams, principal *models.Principal) middleware.Responder {
+		resp, err := getAllocatableResourcesResponse(params.NumNodes, principal)
+		if err != nil {
+			return operator_api.NewGetAllocatableResourcesDefault(int(err.Code)).WithPayload(err)
+		}
+		return operator_api.NewGetAllocatableResourcesOK().WithPayload(resp)
+	})
+}
+
+type NodeResourceInfo struct {
+	Name              string
+	AllocatableMemory int64
+	AllocatableCPU    int64
 }

 // getMaxAllocatableMemory get max allocatable memory given a desired number of nodes
@@ -211,3 +226,147 @@ func getNodeLabelsResponse(ctx context.Context, session *models.Principal) (*mod
 	}
 	return clusterResources, nil
 }
+
+func getClusterResourcesInfo(numNodes int32, inNodesResources []NodeResourceInfo) *models.AllocatableResourcesResponse {
+
+	// purge any nodes with 0 cpu
+	var nodesResources []NodeResourceInfo
+	for _, n := range inNodesResources {
+		if n.AllocatableCPU > 0 {
+			nodesResources = append(nodesResources, n)
+		}
+	}
+
+	if int32(len(nodesResources)) < numNodes || numNodes == 0 {
+		return &models.AllocatableResourcesResponse{
+			CPUPriority: &models.NodeMaxAllocatableResources{
+				MaxAllocatableCPU: 0,
+				MaxAllocatableMem: 0,
+			},
+			MemPriority: &models.NodeMaxAllocatableResources{
+				MaxAllocatableCPU: 0,
+				MaxAllocatableMem: 0,
+			},
+			MinAllocatableCPU: 0,
+			MinAllocatableMem: 0,
+		}
+	}
+
+	allocatableResources := &models.AllocatableResourcesResponse{}
+
+	// sort nodesResources giving CPU priority
+	sort.Slice(nodesResources, func(i, j int) bool { return nodesResources[i].AllocatableCPU < nodesResources[j].AllocatableCPU })
+	maxCPUNodesNeeded := len(nodesResources) - int(numNodes)
+	maxMemNodesNeeded := maxCPUNodesNeeded
+
+	maxAllocatableCPU := nodesResources[maxCPUNodesNeeded].AllocatableCPU
+	minAllocatableCPU := nodesResources[maxCPUNodesNeeded].AllocatableCPU
+	minAllocatableMem := nodesResources[maxMemNodesNeeded].AllocatableMemory
+
+	availableMemsForMaxCPU := []int64{}
+	for _, info := range nodesResources {
+		if info.AllocatableCPU >= maxAllocatableCPU {
+			availableMemsForMaxCPU = append(availableMemsForMaxCPU, info.AllocatableMemory)
+		}
+		// min allocatable resources overall
+		minAllocatableCPU = min(minAllocatableCPU, info.AllocatableCPU)
+		minAllocatableMem = min(minAllocatableMem, info.AllocatableMemory)
+	}
+
+	sort.Slice(availableMemsForMaxCPU, func(i, j int) bool { return availableMemsForMaxCPU[i] < availableMemsForMaxCPU[j] })
+	maxAllocatableMem := availableMemsForMaxCPU[len(availableMemsForMaxCPU)-int(numNodes)]
+
+	allocatableResources.MinAllocatableCPU = minAllocatableCPU
+	allocatableResources.MinAllocatableMem = minAllocatableMem
+	allocatableResources.CPUPriority = &models.NodeMaxAllocatableResources{
+		MaxAllocatableCPU: maxAllocatableCPU,
+		MaxAllocatableMem: maxAllocatableMem,
+	}
+
+	// sort nodesResources giving Mem priority
+	sort.Slice(nodesResources, func(i, j int) bool { return nodesResources[i].AllocatableMemory < nodesResources[j].AllocatableMemory })
+	maxMemNodesNeeded = len(nodesResources) - int(numNodes)
+	maxAllocatableMem = nodesResources[maxMemNodesNeeded].AllocatableMemory
+
+	availableCPUsForMaxMem := []int64{}
+	for _, info := range nodesResources {
+		if info.AllocatableMemory >= maxAllocatableMem {
+			availableCPUsForMaxMem = append(availableCPUsForMaxMem, info.AllocatableCPU)
+		}
+	}
+
+	sort.Slice(availableCPUsForMaxMem, func(i, j int) bool { return availableCPUsForMaxMem[i] < availableCPUsForMaxMem[j] })
+	maxAllocatableCPU = availableCPUsForMaxMem[len(availableCPUsForMaxMem)-int(numNodes)]
+
+	allocatableResources.MemPriority = &models.NodeMaxAllocatableResources{
+		MaxAllocatableCPU: maxAllocatableCPU,
+		MaxAllocatableMem: maxAllocatableMem,
+	}
+
+	return allocatableResources
+}
+
+// getAllocatableResources get max allocatable memory given a desired number of nodes
+func getAllocatableResources(ctx context.Context, clientset v1.CoreV1Interface, numNodes int32) (*models.AllocatableResourcesResponse, error) {
+	if numNodes == 0 {
+		return nil, errors.New("error NumNodes must be greated than 0")
+	}
+
+	// get all nodes from cluster
+	nodes, err := clientset.Nodes().List(ctx, metav1.ListOptions{})
+	if err != nil {
+		return nil, err
+	}
+	nodesInfo := []NodeResourceInfo{}
+OUTER:
+	for _, n := range nodes.Items {
+		// Don't consider node if it has a NoSchedule or NoExecute Taint
+		for _, t := range n.Spec.Taints {
+			switch t.Effect {
+			case corev1.TaintEffectNoSchedule:
+				continue OUTER
+			case corev1.TaintEffectNoExecute:
+				continue OUTER
+			default:
+				continue
+			}
+		}
+
+		var nodeMemory int64
+		var nodeCPU int64
+		if quantity, ok := n.Status.Allocatable[corev1.ResourceMemory]; ok {
+			// availableMemSizes = append(availableMemSizes, quantity.Value())
+			nodeMemory = quantity.Value()
+		}
+		// we assume all nodes have allocatable cpu resource
+		if quantity, ok := n.Status.Allocatable[corev1.ResourceCPU]; ok {
+			// availableCPU = append(availableCPU, quantity.Value())
+			nodeCPU = quantity.Value()
+		}
+		nodeInfo := NodeResourceInfo{
+			Name:              n.Name,
+			AllocatableCPU:    nodeCPU,
+			AllocatableMemory: nodeMemory,
+		}
+		nodesInfo = append(nodesInfo, nodeInfo)
+	}
+	res := getClusterResourcesInfo(numNodes, nodesInfo)
+
+	return res, nil
+}
+
+// Get allocatable resources response
+
+func getAllocatableResourcesResponse(numNodes int32, session *models.Principal) (*models.AllocatableResourcesResponse, *models.Error) {
+	ctx := context.Background()
+	client, err := cluster.K8sClient(session.STSSessionToken)
+	if err != nil {
+		return nil, prepareError(err)
+	}
+
+	clusterResources, err := getAllocatableResources(ctx, client.CoreV1(), numNodes)
+	if err != nil {
+		return nil, prepareError(err)
+	}
+	return clusterResources, nil
+}
--- a/operatorapi/operator_session.go
+++ b/operatorapi/operator_session.go
@@ -21,7 +21,6 @@ import (
 	"github.com/minio/console/models"
 	"github.com/minio/console/operatorapi/operations"
 	"github.com/minio/console/operatorapi/operations/user_api"
-	"github.com/minio/console/pkg/acl"
 )

 func registerSessionHandlers(api *operations.OperatorAPI) {
@@ -42,16 +41,9 @@ func getSessionResponse(session *models.Principal) (*models.OperatorSessionRespo
 		return nil, prepareError(errorGenericInvalidSession)
 	}
 	sessionResp := &models.OperatorSessionResponse{
-		Pages:    acl.GetAuthorizedEndpoints(session.Actions),
-		Features: getListOfEnabledFeatures(),
-		Status:   models.OperatorSessionResponseStatusOk,
-		Operator: true,
+		Status:      models.OperatorSessionResponseStatusOk,
+		Operator:    true,
+		Permissions: map[string][]string{},
 	}
 	return sessionResp, nil
 }
-
-// getListOfEnabledFeatures returns a list of features
-func getListOfEnabledFeatures() []string {
-	var features []string
-	return features
-}
--- a/operatorapi/operator_tenants.go
+++ b/operatorapi/operator_tenants.go
@@ -264,7 +264,14 @@ func getDeleteTenantResponse(session *models.Principal, params operator_api.Dele
 	if params.Body != nil {
 		deleteTenantPVCs = params.Body.DeletePvcs
 	}
-	if err = deleteTenantAction(context.Background(), opClient, clientset.CoreV1(), params.Namespace, params.Tenant, deleteTenantPVCs); err != nil {
+
+	tenant, err := opClient.TenantGet(params.HTTPRequest.Context(), params.Namespace, params.Tenant, metav1.GetOptions{})
+	if err != nil {
+		return prepareError(err)
+	}
+	tenant.EnsureDefaults()
+
+	if err = deleteTenantAction(params.HTTPRequest.Context(), opClient, clientset.CoreV1(), tenant, deleteTenantPVCs); err != nil {
 		return prepareError(err)
 	}
 	return nil
@@ -277,10 +284,10 @@ func deleteTenantAction(
 	ctx context.Context,
 	operatorClient OperatorClientI,
 	clientset v1.CoreV1Interface,
-	namespace, tenantName string,
+	tenant *miniov2.Tenant,
 	deletePvcs bool) error {

-	err := operatorClient.TenantDelete(ctx, namespace, tenantName, metav1.DeleteOptions{})
+	err := operatorClient.TenantDelete(ctx, tenant.Namespace, tenant.Name, metav1.DeleteOptions{})
 	if err != nil {
 		// try to delete pvc even if the tenant doesn't exist anymore but only if deletePvcs is set to true,
 		// else, we return the error
@@ -290,15 +297,37 @@ func deleteTenantAction(
 	}

 	if deletePvcs {
+
+		// delete MinIO PVCs
 		opts := metav1.ListOptions{
-			LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, tenantName),
+			LabelSelector: fmt.Sprintf("%s=%s", miniov2.TenantLabel, tenant.Name),
 		}
-		err = clientset.PersistentVolumeClaims(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
+		err = clientset.PersistentVolumeClaims(tenant.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
 		if err != nil {
 			return err
 		}
+		// delete postgres PVCs
+
+		logOpts := metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%s=%s", miniov2.LogDBInstanceLabel, tenant.LogStatefulsetName()),
+		}
+		err := clientset.PersistentVolumeClaims(tenant.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, logOpts)
+		if err != nil {
+			return err
+		}
+
+		// delete prometheus PVCs
+
+		promOpts := metav1.ListOptions{
+			LabelSelector: fmt.Sprintf("%s=%s", miniov2.PrometheusInstanceLabel, tenant.PrometheusStatefulsetName()),
+		}
+
+		if err := clientset.PersistentVolumeClaims(tenant.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, promOpts); err != nil {
+			return err
+		}
+
 		// delete all tenant's secrets only if deletePvcs = true
-		return clientset.Secrets(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
+		return clientset.Secrets(tenant.Namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
 	}
 	return nil
 }
@@ -369,11 +398,11 @@ func getTenantCreds(ctx context.Context, client K8sClientI, tenant *miniov2.Tena
 }

 func getTenant(ctx context.Context, operatorClient OperatorClientI, namespace, tenantName string) (*miniov2.Tenant, error) {
-	minInst, err := operatorClient.TenantGet(ctx, namespace, tenantName, metav1.GetOptions{})
+	tenant, err := operatorClient.TenantGet(ctx, namespace, tenantName, metav1.GetOptions{})
 	if err != nil {
 		return nil, err
 	}
-	return minInst, nil
+	return tenant, nil
 }

 func isPrometheusEnabled(annotations map[string]string) bool {
@@ -497,6 +526,12 @@ func getTenantDetailsResponse(session *models.Principal, params operator_api.Ten
 		DrivesOffline: minTenant.Status.DrivesOffline,
 		DrivesOnline:  minTenant.Status.DrivesOnline,
 		WriteQuorum:   minTenant.Status.WriteQuorum,
+		Usage: &models.TenantStatusUsage{
+			Raw:           minTenant.Status.Usage.RawCapacity,
+			RawUsage:      minTenant.Status.Usage.RawUsage,
+			Capacity:      minTenant.Status.Usage.Capacity,
+			CapacityUsage: minTenant.Status.Usage.Usage,
+		},
 	}

 	// get tenant service
@@ -795,16 +830,20 @@ func listTenants(ctx context.Context, operatorClient OperatorClientI, namespace
 		}

 		tenants = append(tenants, &models.TenantList{
-			CreationDate:  tenant.ObjectMeta.CreationTimestamp.Format(time.RFC3339),
-			DeletionDate:  deletion,
-			Name:          tenant.ObjectMeta.Name,
-			PoolCount:     int64(len(tenant.Spec.Pools)),
-			InstanceCount: instanceCount,
-			VolumeCount:   volumeCount,
-			CurrentState:  tenant.Status.CurrentState,
-			Namespace:     tenant.ObjectMeta.Namespace,
-			TotalSize:     totalSize,
-			HealthStatus:  string(tenant.Status.HealthStatus),
+			CreationDate:     tenant.ObjectMeta.CreationTimestamp.Format(time.RFC3339),
+			DeletionDate:     deletion,
+			Name:             tenant.ObjectMeta.Name,
+			PoolCount:        int64(len(tenant.Spec.Pools)),
+			InstanceCount:    instanceCount,
+			VolumeCount:      volumeCount,
+			CurrentState:     tenant.Status.CurrentState,
+			Namespace:        tenant.ObjectMeta.Namespace,
+			TotalSize:        totalSize,
+			HealthStatus:     string(tenant.Status.HealthStatus),
+			CapacityRaw:      tenant.Status.Usage.RawCapacity,
+			CapacityRawUsage: tenant.Status.Usage.RawUsage,
+			Capacity:         tenant.Status.Usage.Capacity,
+			CapacityUsage:    tenant.Status.Usage.Usage,
 		})
 	}

@@ -904,6 +943,11 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		},
 	}

+	_, err = clientSet.CoreV1().Secrets(ns).Create(ctx, &instanceSecret, metav1.CreateOptions{})
+	if err != nil {
+		return nil, prepareError(err)
+	}
+
 	// Enable/Disable console object browser for MinIO tenant (default is on)
 	enabledConsole := "on"
 	if tenantReq.EnableConsole != nil && !*tenantReq.EnableConsole {
@@ -913,11 +957,6 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	tenantConfigurationENV["MINIO_ROOT_USER"] = accessKey
 	tenantConfigurationENV["MINIO_ROOT_PASSWORD"] = secretKey

-	_, err = clientSet.CoreV1().Secrets(ns).Create(ctx, &instanceSecret, metav1.CreateOptions{})
-	if err != nil {
-		return nil, prepareError(err)
-	}
-
 	// delete secrets created if an error occurred during tenant creation,
 	defer func() {
 		if mError != nil {
@@ -1029,13 +1068,13 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		} else if tenantReq.Idp.Oidc != nil {
 			tenantExternalIDPConfigured = true
 			// Enable IDP (OIDC) for MinIO
-			url := *tenantReq.Idp.Oidc.ConfigurationURL
+			configurationURL := *tenantReq.Idp.Oidc.ConfigurationURL
 			clientID := *tenantReq.Idp.Oidc.ClientID
 			secretID := *tenantReq.Idp.Oidc.SecretID
 			claimName := *tenantReq.Idp.Oidc.ClaimName
 			scopes := tenantReq.Idp.Oidc.Scopes
 			callbackURL := tenantReq.Idp.Oidc.CallbackURL
-			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = url
+			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CONFIG_URL"] = configurationURL
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_ID"] = clientID
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLIENT_SECRET"] = secretID
 			tenantConfigurationENV["MINIO_IDENTITY_OPENID_CLAIM_NAME"] = claimName
@@ -1118,6 +1157,14 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		minInst.Spec.KES.Labels = tenantReq.Encryption.Labels
 		minInst.Spec.KES.Annotations = tenantReq.Encryption.Annotations
 		minInst.Spec.KES.NodeSelector = tenantReq.Encryption.NodeSelector
+
+		if tenantReq.Encryption.SecurityContext != nil {
+			sc, err := parseSecurityContext(tenantReq.Encryption.SecurityContext)
+			if err != nil {
+				return nil, prepareError(err)
+			}
+			minInst.Spec.KES.SecurityContext = sc
+		}
 	}
 	// External TLS CA certificates for MinIO
 	if tenantReq.TLS != nil && len(tenantReq.TLS.CaCertificates) > 0 {
@@ -1199,6 +1246,9 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	logSearchStorageClass := ""                    // Default is ""
 	logSearchImage := ""
 	logSearchPgImage := ""
+	logSearchPgInitImage := ""
+	var logSearchSecurityContext *corev1.PodSecurityContext
+	var logSearchPgSecurityContext *corev1.PodSecurityContext

 	if tenantReq.LogSearchConfiguration != nil {
 		if tenantReq.LogSearchConfiguration.StorageSize != nil {
@@ -1216,6 +1266,25 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.LogSearchConfiguration.PostgresImage != "" {
 			logSearchPgImage = tenantReq.LogSearchConfiguration.PostgresImage
 		}
+		if tenantReq.LogSearchConfiguration.PostgresInitImage != "" {
+			logSearchPgInitImage = tenantReq.LogSearchConfiguration.PostgresInitImage
+		}
+		// if security context for logSearch is present, configure it.
+		if tenantReq.LogSearchConfiguration.SecurityContext != nil {
+			sc, err := parseSecurityContext(tenantReq.LogSearchConfiguration.SecurityContext)
+			if err != nil {
+				return nil, prepareError(err)
+			}
+			logSearchSecurityContext = sc
+		}
+		// if security context for logSearch is present, configure it.
+		if tenantReq.LogSearchConfiguration.PostgresSecurityContext != nil {
+			sc, err := parseSecurityContext(tenantReq.LogSearchConfiguration.PostgresSecurityContext)
+			if err != nil {
+				return nil, prepareError(err)
+			}
+			logSearchPgSecurityContext = sc
+		}
 	}

 	logSearchDiskSpace := resource.NewQuantity(diskSpaceFromAPI, resource.DecimalExponent)
@@ -1247,16 +1316,28 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 			},
 		},
 	}
+	// set log search images if any
 	if logSearchImage != "" {
 		minInst.Spec.Log.Image = logSearchImage
 	}
 	if logSearchPgImage != "" {
 		minInst.Spec.Log.Db.Image = logSearchPgImage
 	}
+	if logSearchPgInitImage != "" {
+		minInst.Spec.Log.Db.InitImage = logSearchPgInitImage
+	}
+	if logSearchSecurityContext != nil {
+		minInst.Spec.Log.SecurityContext = logSearchSecurityContext
+	}
+	if logSearchPgSecurityContext != nil {
+		minInst.Spec.Log.Db.SecurityContext = logSearchPgSecurityContext
+	}

-	prometheusDiskSpace := 5     // Default is 5 by API
-	prometheusStorageClass := "" // Default is ""
-	prometheusImage := ""        // Default is ""
+	prometheusDiskSpace := 5      // Default is 5 by API
+	prometheusStorageClass := ""  // Default is ""
+	prometheusImage := ""         // Default is ""
+	prometheusSidecardImage := "" // Default is ""
+	prometheusInitImage := ""     // Default is ""

 	if tenantReq.PrometheusConfiguration != nil {
 		if tenantReq.PrometheusConfiguration.StorageSize != nil {
@@ -1274,6 +1355,12 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 		if tenantReq.PrometheusConfiguration.Image != "" {
 			prometheusImage = tenantReq.PrometheusConfiguration.Image
 		}
+		if tenantReq.PrometheusConfiguration.SidecarImage != "" {
+			prometheusSidecardImage = tenantReq.PrometheusConfiguration.SidecarImage
+		}
+		if tenantReq.PrometheusConfiguration.InitImage != "" {
+			prometheusInitImage = tenantReq.PrometheusConfiguration.InitImage
+		}
 	}

 	minInst.Spec.Prometheus = &miniov2.PrometheusConfig{
@@ -1283,6 +1370,20 @@ func getTenantCreatedResponse(session *models.Principal, params operator_api.Cre
 	if prometheusImage != "" {
 		minInst.Spec.Prometheus.Image = prometheusImage
 	}
+	if prometheusSidecardImage != "" {
+		minInst.Spec.Prometheus.SideCarImage = prometheusSidecardImage
+	}
+	if prometheusInitImage != "" {
+		minInst.Spec.Prometheus.InitImage = prometheusInitImage
+	}
+	// if security context for prometheus is present, configure it.
+	if tenantReq.PrometheusConfiguration != nil && tenantReq.PrometheusConfiguration.SecurityContext != nil {
+		sc, err := parseSecurityContext(tenantReq.PrometheusConfiguration.SecurityContext)
+		if err != nil {
+			return nil, prepareError(err)
+		}
+		minInst.Spec.Prometheus.SecurityContext = sc
+	}

 	// expose services
 	minInst.Spec.ExposeServices = &miniov2.ExposeServices{
@@ -1851,6 +1952,14 @@ func parseTenantPoolRequest(poolParams *models.Pool) (*miniov2.Pool, error) {
 		Affinity:     affinity,
 		Tolerations:  tolerations,
 	}
+	// if security context for Tenant is present, configure it.
+	if poolParams.SecurityContext != nil {
+		sc, err := parseSecurityContext(poolParams.SecurityContext)
+		if err != nil {
+			return nil, err
+		}
+		pool.SecurityContext = sc
+	}
 	return pool, nil
 }

--- a/operatorapi/operator_tenants_helper.go
+++ b/operatorapi/operator_tenants_helper.go
@@ -19,6 +19,7 @@ package operatorapi
 import (
 	"context"
 	"crypto"
+	"crypto/tls"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
@@ -38,6 +39,31 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

+// parseSecurityContext validate and return securityContext for pods
+func parseSecurityContext(sc *models.SecurityContext) (*corev1.PodSecurityContext, error) {
+	if sc == nil {
+		return nil, errors.New("invalid security context")
+	}
+	runAsUser, err := strconv.ParseInt(*sc.RunAsUser, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	RunAsGroup, err := strconv.ParseInt(*sc.RunAsGroup, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	FsGroup, err := strconv.ParseInt(*sc.FsGroup, 10, 64)
+	if err != nil {
+		return nil, err
+	}
+	return &corev1.PodSecurityContext{
+		RunAsUser:    &runAsUser,
+		RunAsGroup:   &RunAsGroup,
+		RunAsNonRoot: sc.RunAsNonRoot,
+		FSGroup:      &FsGroup,
+	}, nil
+}
+
 // tenantUpdateCertificates receives the keyPair certificates (public and private keys) for Minio and Console and will try
 // to replace the existing kubernetes secrets with the new values, then will restart the affected pods so the new volumes can be mounted
 func tenantUpdateCertificates(ctx context.Context, operatorClient OperatorClientI, clientSet K8sClientI, namespace string, params operator_api.TenantUpdateCertificateParams) error {
@@ -282,6 +308,10 @@ func createOrReplaceExternalCertSecrets(ctx context.Context, clientSet K8sClient
 		if err != nil {
 			return nil, err
 		}
+		// check if the key pair is valid
+		if _, err = tls.X509KeyPair(tlsCrt, tlsKey); err != nil {
+			return nil, err
+		}
 		externalTLSCertificateSecret := &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: keyPairSecretName,
@@ -498,6 +528,21 @@ func createOrReplaceKesConfigurationSecrets(ctx context.Context, clientSet K8sCl
 				}
 			}
 		}
+	} else if encryptionCfg.Azure != nil {
+		// Initialize Azure
+		kesConfig.Keys.Azure = &kes.Azure{
+			KeyVault: &kes.AzureKeyVault{},
+		}
+		if encryptionCfg.Azure.Keyvault != nil {
+			kesConfig.Keys.Azure.KeyVault.Endpoint = *encryptionCfg.Azure.Keyvault.Endpoint
+			if encryptionCfg.Azure.Keyvault.Credentials != nil {
+				kesConfig.Keys.Azure.KeyVault.Credentials = &kes.AzureCredentials{
+					TenantID:     *encryptionCfg.Azure.Keyvault.Credentials.TenantID,
+					ClientID:     *encryptionCfg.Azure.Keyvault.Credentials.ClientID,
+					ClientSecret: *encryptionCfg.Azure.Keyvault.Credentials.ClientSecret,
+				}
+			}
+		}
 	}
 	imm := true
 	// if mTLSCertificates contains elements we create the kubernetes secret
--- a/operatorapi/operator_tenants_test.go
+++ b/operatorapi/operator_tenants_test.go
@@ -501,8 +501,7 @@ func Test_deleteTenantAction(t *testing.T) {
 	type args struct {
 		ctx              context.Context
 		operatorClient   OperatorClientI
-		nameSpace        string
-		tenantName       string
+		tenant           *miniov2.Tenant
 		deletePvcs       bool
 		objs             []runtime.Object
 		mockTenantDelete func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error
@@ -517,9 +516,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "default",
-				tenantName:     "minio-tenant",
-				deletePvcs:     false,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "default",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: false,
 				mockTenantDelete: func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error {
 					return nil
 				},
@@ -531,9 +534,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "default",
-				tenantName:     "minio-tenant",
-				deletePvcs:     false,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "default",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: false,
 				mockTenantDelete: func(ctx context.Context, namespace string, tenantName string, options metav1.DeleteOptions) error {
 					return errors.New("something happened")
 				},
@@ -546,9 +553,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "minio-tenant",
-				tenantName:     "tenant1",
-				deletePvcs:     true,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "tenant1",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: true,
 				objs: []runtime.Object{
 					&corev1.PersistentVolumeClaim{
 						ObjectMeta: metav1.ObjectMeta{
@@ -573,9 +584,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "minio-tenant",
-				tenantName:     "tenant1",
-				deletePvcs:     false,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "tenant1",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: false,
 				objs: []runtime.Object{
 					&corev1.PersistentVolumeClaim{
 						ObjectMeta: metav1.ObjectMeta{
@@ -600,9 +615,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "minio-tenant",
-				tenantName:     "tenant1",
-				deletePvcs:     true,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "tenant1",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: true,
 				objs: []runtime.Object{
 					&corev1.PersistentVolumeClaim{
 						ObjectMeta: metav1.ObjectMeta{
@@ -627,9 +646,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "minio-tenant",
-				tenantName:     "tenant1",
-				deletePvcs:     true,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "tenant1",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: true,
 				objs: []runtime.Object{
 					&corev1.PersistentVolumeClaim{
 						ObjectMeta: metav1.ObjectMeta{
@@ -655,9 +678,13 @@ func Test_deleteTenantAction(t *testing.T) {
 			args: args{
 				ctx:            context.Background(),
 				operatorClient: opClient,
-				nameSpace:      "minio-tenant",
-				tenantName:     "tenant1",
-				deletePvcs:     false,
+				tenant: &miniov2.Tenant{
+					ObjectMeta: metav1.ObjectMeta{
+						Name:      "tenant1",
+						Namespace: "minio-tenant",
+					},
+				},
+				deletePvcs: false,
 				objs: []runtime.Object{
 					&corev1.PersistentVolumeClaim{
 						ObjectMeta: metav1.ObjectMeta{
@@ -681,7 +708,7 @@ func Test_deleteTenantAction(t *testing.T) {
 		opClientTenantDeleteMock = tt.args.mockTenantDelete
 		kubeClient := fake.NewSimpleClientset(tt.args.objs...)
 		t.Run(tt.name, func(t *testing.T) {
-			if err := deleteTenantAction(tt.args.ctx, tt.args.operatorClient, kubeClient.CoreV1(), tt.args.nameSpace, tt.args.tenantName, tt.args.deletePvcs); (err != nil) != tt.wantErr {
+			if err := deleteTenantAction(tt.args.ctx, tt.args.operatorClient, kubeClient.CoreV1(), tt.args.tenant, tt.args.deletePvcs); (err != nil) != tt.wantErr {
 				t.Errorf("deleteTenantAction() error = %v, wantErr %v", err, tt.wantErr)
 			}
 		})
--- a/operatorapi/operator_volumes.go
+++ b/operatorapi/operator_volumes.go
@@ -18,6 +18,7 @@ package operatorapi

 import (
 	"context"
+	"fmt"

 	miniov1 "github.com/minio/operator/pkg/apis/minio.min.io/v1"

@@ -39,6 +40,16 @@ func registerVolumesHandlers(api *operations.OperatorAPI) {

 		return operator_api.NewListPVCsOK().WithPayload(payload)
 	})
+
+	api.OperatorAPIListPVCsForTenantHandler = operator_api.ListPVCsForTenantHandlerFunc(func(params operator_api.ListPVCsForTenantParams, session *models.Principal) middleware.Responder {
+		payload, err := getPVCsForTenantResponse(session, params)
+
+		if err != nil {
+			return operator_api.NewListPVCsForTenantDefault(int(err.Code)).WithPayload(err)
+		}
+
+		return operator_api.NewListPVCsForTenantOK().WithPayload(payload)
+	})
 }

 func getPVCsResponse(session *models.Principal) (*models.ListPVCsResponse, *models.Error) {
@@ -83,3 +94,46 @@ func getPVCsResponse(session *models.Principal) (*models.ListPVCsResponse, *mode

 	return &PVCsResponse, nil
 }
+
+func getPVCsForTenantResponse(session *models.Principal, params operator_api.ListPVCsForTenantParams) (*models.ListPVCsResponse, *models.Error) {
+	ctx := context.Background()
+	clientset, err := cluster.K8sClient(session.STSSessionToken)
+
+	if err != nil {
+		return nil, prepareError(err)
+	}
+
+	// Filter Tenant PVCs. They keep their v1 tenant annotation
+	listOpts := metav1.ListOptions{
+		LabelSelector: fmt.Sprintf("v1.min.io/tenant=%s", params.Tenant),
+	}
+
+	// List all PVCs
+	listAllPvcs, err2 := clientset.CoreV1().PersistentVolumeClaims(params.Namespace).List(ctx, listOpts)
+
+	if err2 != nil {
+		return nil, prepareError(err2)
+	}
+
+	var ListPVCs []*models.PvcsListResponse
+
+	for _, pvc := range listAllPvcs.Items {
+		pvcResponse := models.PvcsListResponse{
+			Name:         pvc.Name,
+			Age:          pvc.CreationTimestamp.String(),
+			Capacity:     pvc.Status.Capacity.Storage().String(),
+			Namespace:    pvc.Namespace,
+			Status:       string(pvc.Status.Phase),
+			StorageClass: *pvc.Spec.StorageClassName,
+			Volume:       pvc.Spec.VolumeName,
+			Tenant:       pvc.Labels["v1.min.io/tenant"],
+		}
+		ListPVCs = append(ListPVCs, &pvcResponse)
+	}
+
+	PVCsResponse := models.ListPVCsResponse{
+		Pvcs: ListPVCs,
+	}
+
+	return &PVCsResponse, nil
+}
--- a/operatorapi/proxy.go
+++ b/operatorapi/proxy.go
@@ -87,7 +87,7 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {

 	tenantSchema := "http"
 	tenantPort := fmt.Sprintf(":%d", v2.ConsolePort)
-	if tenant.AutoCert() {
+	if tenant.AutoCert() || tenant.ExternalCert() {
 		tenantSchema = "https"
 		tenantPort = fmt.Sprintf(":%d", v2.ConsoleTLSPort)
 	}
@@ -185,7 +185,8 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 		responseWriter.WriteHeader(500)
 		return
 	}
-	targetURL.Path = strings.Replace(req.URL.Path, fmt.Sprintf("/api/proxy/%s/%s", tenant.Namespace, tenant.Name), "", -1)
+	tenantBase := fmt.Sprintf("/api/proxy/%s/%s", tenant.Namespace, tenant.Name)
+	targetURL.Path = strings.Replace(req.URL.Path, tenantBase, "", -1)

 	proxiedCookie := &http.Cookie{
 		Name:     "token",
@@ -207,8 +208,17 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			return http.ErrUseLastResponse
 		}}
+
+	// are we proxying something with cp=y? (console proxy) then add cpb (console proxy base) so the console
+	// on the other side updates the <base href="" /> to this value overriding sub path or root
+	if v := req.URL.Query().Get("cp"); v == "y" {
+		q := req.URL.Query()
+		q.Add("cpb", tenantBase)
+		req.URL.RawQuery = q.Encode()
+	}
 	// copy query params
 	targetURL.RawQuery = req.URL.Query().Encode()
+
 	proxRequest, err := http.NewRequest(req.Method, targetURL.String(), req.Body)
 	if err != nil {
 		log.Println(err)
--- a/pkg/acl/endpoints.go
+++ b/pkg/acl/endpoints.go
@@ -1,414 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package acl
-
-import (
-	iampolicy "github.com/minio/pkg/iam/policy"
-)
-
-// endpoints definition
-var (
-	configuration         = "/settings"
-	users                 = "/users"
-	usersDetail           = "/users/:userName+"
-	groups                = "/groups"
-	iamPolicies           = "/policies"
-	policiesDetail        = "/policies/:policyName"
-	dashboard             = "/dashboard"
-	metrics               = "/metrics"
-	profiling             = "/profiling"
-	buckets               = "/buckets"
-	bucketsDetail         = "/buckets/*"
-	serviceAccounts       = "/account"
-	changePassword        = "/account/change-password"
-	tenants               = "/tenants"
-	tenantsDetail         = "/namespaces/:tenantNamespace/tenants/:tenantName"
-	tenantHop             = "/namespaces/:tenantNamespace/tenants/:tenantName/hop"
-	podsDetail            = "/namespaces/:tenantNamespace/tenants/:tenantName/pods/:podName"
-	tenantsDetailSummary  = "/namespaces/:tenantNamespace/tenants/:tenantName/summary"
-	tenantsDetailMetrics  = "/namespaces/:tenantNamespace/tenants/:tenantName/metrics"
-	tenantsDetailPods     = "/namespaces/:tenantNamespace/tenants/:tenantName/pods"
-	tenantsDetailPools    = "/namespaces/:tenantNamespace/tenants/:tenantName/pools"
-	tenantsDetailLicense  = "/namespaces/:tenantNamespace/tenants/:tenantName/license"
-	tenantsDetailSecurity = "/namespaces/:tenantNamespace/tenants/:tenantName/security"
-	storage               = "/storage"
-	storageVolumes        = "/storage/volumes"
-	storageDrives         = "/storage/drives"
-	remoteBuckets         = "/remote-buckets"
-	replication           = "/replication"
-	objectBrowser         = "/object-browser/:bucket/*"
-	objectBrowserBucket   = "/object-browser/:bucket"
-	mainObjectBrowser     = "/object-browser"
-	license               = "/license"
-	watch                 = "/watch"
-	heal                  = "/heal"
-	trace                 = "/trace"
-	logs                  = "/logs"
-	healthInfo            = "/health-info"
-)
-
-type ConfigurationActionSet struct {
-	actionTypes iampolicy.ActionSet
-	actions     iampolicy.ActionSet
-}
-
-// configurationActionSet contains the list of admin actions required for this endpoint to work
-var configurationActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ConfigUpdateAdminAction,
-	),
-}
-
-// dashboardActionSet contains the list of admin actions required for this endpoint to work
-var dashboardActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ServerInfoAdminAction,
-	),
-}
-
-// groupsActionSet contains the list of admin actions required for this endpoint to work
-var groupsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ListGroupsAdminAction,
-		iampolicy.AddUserToGroupAdminAction,
-		//iampolicy.GetGroupAdminAction,
-		iampolicy.EnableGroupAdminAction,
-		iampolicy.DisableGroupAdminAction,
-	),
-}
-
-// iamPoliciesActionSet contains the list of admin actions required for this endpoint to work
-var iamPoliciesActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.GetPolicyAdminAction,
-		iampolicy.DeletePolicyAdminAction,
-		iampolicy.CreatePolicyAdminAction,
-		iampolicy.AttachPolicyAdminAction,
-		iampolicy.ListUserPoliciesAdminAction,
-	),
-}
-
-// profilingActionSet contains the list of admin actions required for this endpoint to work
-var profilingActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ProfilingAdminAction,
-	),
-}
-
-// usersActionSet contains the list of admin actions required for this endpoint to work
-var usersActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ListUsersAdminAction,
-		iampolicy.CreateUserAdminAction,
-		iampolicy.DeleteUserAdminAction,
-		iampolicy.GetUserAdminAction,
-		iampolicy.EnableUserAdminAction,
-		iampolicy.DisableUserAdminAction,
-	),
-}
-
-// bucketsActionSet contains the list of admin actions required for this endpoint to work
-var bucketsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllActions,
-	),
-	actions: iampolicy.NewActionSet(
-		// Read access to buckets
-		iampolicy.ListMultipartUploadPartsAction,
-		iampolicy.ListBucketMultipartUploadsAction,
-		iampolicy.ListBucketAction,
-		iampolicy.HeadBucketAction,
-		iampolicy.GetObjectAction,
-		iampolicy.GetBucketLocationAction,
-		// Write access to buckets
-		iampolicy.AbortMultipartUploadAction,
-		iampolicy.CreateBucketAction,
-		iampolicy.PutObjectAction,
-		iampolicy.DeleteObjectAction,
-		iampolicy.DeleteBucketAction,
-		// Assign bucket policies
-		iampolicy.PutBucketPolicyAction,
-		iampolicy.DeleteBucketPolicyAction,
-		iampolicy.GetBucketPolicyAction,
-	),
-}
-
-// serviceAccountsActionSet no actions needed for this module to work
-var serviceAccountsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-// changePasswordActionSet requires admin:CreateUser policy permission
-var changePasswordActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-// tenantsActionSet temporally no actions needed for tenants sections to work
-var tenantsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-var storageActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-var remoteBucketsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ConfigUpdateAdminAction,
-	),
-}
-
-var replicationActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ConfigUpdateAdminAction,
-	),
-}
-
-// objectBrowserActionSet no actions needed for this module to work
-var objectBrowserActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-// licenseActionSet no actions needed for this module to work
-var licenseActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(),
-	actions:     iampolicy.NewActionSet(),
-}
-
-// watchActionSet contains the list of admin actions required for this endpoint to work
-var watchActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ListenBucketNotificationAction,
-	),
-}
-
-// healActionSet contains the list of admin actions required for this endpoint to work
-var healActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.HealAdminAction,
-	),
-}
-
-// logsActionSet contains the list of admin actions required for this endpoint to work
-var logsActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.ConsoleLogAdminAction,
-	),
-}
-
-// traceActionSet contains the list of admin actions required for this endpoint to work
-var traceActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.TraceAdminAction,
-	),
-}
-
-// healthInfoActionSet contains the list of admin actions required for this endpoint to work
-var healthInfoActionSet = ConfigurationActionSet{
-	actionTypes: iampolicy.NewActionSet(
-		iampolicy.AllAdminActions,
-	),
-	actions: iampolicy.NewActionSet(
-		iampolicy.HealthInfoAdminAction,
-	),
-}
-
-var displayRules = map[string]func() bool{
-	// disable users page if LDAP is enabled
-	users: func() bool {
-		return !GetLDAPEnabled()
-	},
-	// disable groups page if LDAP is enabled
-	groups: func() bool {
-		return !GetLDAPEnabled()
-	},
-}
-
-// endpointRules contains the mapping between endpoints and ActionSets, additional rules can be added here
-var endpointRules = map[string]ConfigurationActionSet{
-	configuration:       configurationActionSet,
-	users:               usersActionSet,
-	usersDetail:         usersActionSet,
-	groups:              groupsActionSet,
-	iamPolicies:         iamPoliciesActionSet,
-	policiesDetail:      iamPoliciesActionSet,
-	dashboard:           dashboardActionSet,
-	metrics:             dashboardActionSet,
-	profiling:           profilingActionSet,
-	buckets:             bucketsActionSet,
-	bucketsDetail:       bucketsActionSet,
-	serviceAccounts:     serviceAccountsActionSet,
-	changePassword:      changePasswordActionSet,
-	remoteBuckets:       remoteBucketsActionSet,
-	replication:         replicationActionSet,
-	objectBrowser:       objectBrowserActionSet,
-	mainObjectBrowser:   objectBrowserActionSet,
-	objectBrowserBucket: objectBrowserActionSet,
-	license:             licenseActionSet,
-	watch:               watchActionSet,
-	heal:                healActionSet,
-	trace:               traceActionSet,
-	logs:                logsActionSet,
-	healthInfo:          healthInfoActionSet,
-}
-
-// operatorRules contains the mapping between endpoints and ActionSets for operator only mode
-var operatorRules = map[string]ConfigurationActionSet{
-	tenants:               tenantsActionSet,
-	tenantsDetail:         tenantsActionSet,
-	tenantHop:             tenantsActionSet,
-	tenantsDetailSummary:  tenantsActionSet,
-	tenantsDetailMetrics:  tenantsActionSet,
-	tenantsDetailPods:     tenantsActionSet,
-	tenantsDetailPools:    tenantsActionSet,
-	tenantsDetailLicense:  tenantsActionSet,
-	tenantsDetailSecurity: tenantsActionSet,
-	podsDetail:            tenantsActionSet,
-	storage:               storageActionSet,
-	storageDrives:         storageActionSet,
-	storageVolumes:        storageActionSet,
-	license:               licenseActionSet,
-}
-
-// operatorOnly ENV variable
-var operatorOnly = GetOperatorMode()
-
-// GetActionsStringFromPolicy extract the admin/s3 actions from a given policy and return them in []string format
-//
-// ie:
-//	{
-//		"Version": "2012-10-17",
-//		"Statement": [{
-//				"Action": [
-//					"admin:ServerInfo",
-//					"admin:CreatePolicy",
-//					"admin:GetUser"
-//				],
-//				...
-//			},
-//			{
-//				"Action": [
-//					"s3:ListenBucketNotification",
-//					"s3:PutBucketNotification"
-//				],
-//				...
-//			}
-//		]
-//	}
-// Will produce an array like: ["admin:ServerInfo", "admin:CreatePolicy", "admin:GetUser", "s3:ListenBucketNotification", "s3:PutBucketNotification"]\
-func GetActionsStringFromPolicy(policy *iampolicy.Policy) []string {
-	var actions []string
-	for _, statement := range policy.Statements {
-		// We only care about allowed actions
-		if statement.Effect.IsAllowed(true) {
-			for _, action := range statement.Actions.ToSlice() {
-				actions = append(actions, string(action))
-			}
-		}
-	}
-	return actions
-}
-
-// actionsStringToActionSet convert a given string array to iampolicy.ActionSet structure
-// this avoids ending with duplicate actions
-func actionsStringToActionSet(actions []string) iampolicy.ActionSet {
-	actionsSet := iampolicy.ActionSet{}
-	for _, action := range actions {
-		actionsSet.Add(iampolicy.Action(action))
-	}
-	return actionsSet
-}
-
-// GetAuthorizedEndpoints return a list of allowed endpoint based on a provided *iampolicy.Policy
-// ie: pages the user should have access based on his current privileges
-func GetAuthorizedEndpoints(actions []string) []string {
-	rangeTake := endpointRules
-
-	if operatorOnly {
-		rangeTake = operatorRules
-	}
-
-	// Prepare new ActionSet structure that will hold all the user actions
-	userAllowedAction := actionsStringToActionSet(actions)
-	var allowedEndpoints []string
-	for endpoint, rules := range rangeTake {
-
-		// check if display rule exists for this endpoint, this will control
-		// what user sees on the console UI
-		if rule, ok := displayRules[endpoint]; ok {
-			if rule != nil && !rule() {
-				continue
-			}
-		}
-
-		// check if user policy matches s3:* or admin:* typesIntersection
-		endpointActionTypes := rules.actionTypes
-		typesIntersection := endpointActionTypes.Intersection(userAllowedAction)
-		if len(typesIntersection) == len(endpointActionTypes.ToSlice()) {
-			allowedEndpoints = append(allowedEndpoints, endpoint)
-			continue
-		}
-		// check if user policy matches explicitly defined endpoint required actions
-		endpointRequiredActions := rules.actions
-		actionsIntersection := endpointRequiredActions.Intersection(userAllowedAction)
-		if len(actionsIntersection) == len(endpointRequiredActions.ToSlice()) {
-			allowedEndpoints = append(allowedEndpoints, endpoint)
-		}
-	}
-	return allowedEndpoints
-}
--- a/pkg/acl/endpoints_test.go
+++ b/pkg/acl/endpoints_test.go
@@ -1,190 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2021 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package acl
-
-import (
-	"reflect"
-	"testing"
-
-	iampolicy "github.com/minio/pkg/iam/policy"
-)
-
-type args struct {
-	actions []string
-}
-
-type endpoint struct {
-	name string
-	args args
-	want int
-}
-
-func validateEndpoints(t *testing.T, configs []endpoint) {
-	for _, tt := range configs {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := GetAuthorizedEndpoints(tt.args.actions); !reflect.DeepEqual(len(got), tt.want) {
-				t.Errorf("GetAuthorizedEndpoints() = %v, want %v", len(got), tt.want)
-			}
-		})
-	}
-}
-
-func TestGetAuthorizedEndpoints(t *testing.T) {
-	tests := []endpoint{
-		{
-			name: "dashboard endpoint",
-			args: args{
-				[]string{"admin:ServerInfo"},
-			},
-			want: 8,
-		},
-		{
-			name: "policies endpoint",
-			args: args{
-				[]string{
-					"admin:CreatePolicy",
-					"admin:DeletePolicy",
-					"admin:GetPolicy",
-					"admin:AttachUserOrGroupPolicy",
-					"admin:ListUserPolicies",
-				},
-			},
-			want: 8,
-		},
-		{
-			name: "all admin endpoints",
-			args: args{
-				[]string{
-					"admin:*",
-				},
-			},
-			want: 22,
-		},
-		{
-			name: "all s3 endpoints",
-			args: args{
-				[]string{
-					"s3:*",
-				},
-			},
-			want: 8,
-		},
-		{
-			name: "all admin and s3 endpoints",
-			args: args{
-				[]string{
-					"admin:*",
-					"s3:*",
-				},
-			},
-			want: 24,
-		},
-		{
-			name: "Console User - default endpoints",
-			args: args{
-				[]string{},
-			},
-			want: 6,
-		},
-	}
-
-	validateEndpoints(t, tests)
-}
-
-func TestOperatorOnlyEndpoints(t *testing.T) {
-	operatorOnly = true
-
-	tests := []endpoint{
-		{
-			name: "Operator Only - all admin endpoints",
-			args: args{
-				[]string{
-					"admin:*",
-				},
-			},
-			want: 14,
-		},
-		{
-			name: "Operator Only - all s3 endpoints",
-			args: args{
-				[]string{
-					"s3:*",
-				},
-			},
-			want: 14,
-		},
-		{
-			name: "Operator Only - all admin and s3 endpoints",
-			args: args{
-				[]string{
-					"admin:*",
-					"s3:*",
-				},
-			},
-			want: 14,
-		},
-		{
-			name: "Operator Only - default endpoints",
-			args: args{
-				[]string{},
-			},
-			want: 14,
-		},
-	}
-
-	validateEndpoints(t, tests)
-}
-
-func TestGetActionsStringFromPolicy(t *testing.T) {
-	type args struct {
-		policy *iampolicy.Policy
-	}
-	tests := []struct {
-		name string
-		args args
-		want int
-	}{
-		{
-			name: "parse ReadOnly policy",
-			args: args{
-				policy: &iampolicy.ReadOnly,
-			},
-			want: 2,
-		},
-		{
-			name: "parse WriteOnly policy",
-			args: args{
-				policy: &iampolicy.WriteOnly,
-			},
-			want: 1,
-		},
-		{
-			name: "parse AdminDiagnostics policy",
-			args: args{
-				policy: &iampolicy.AdminDiagnostics,
-			},
-			want: 8,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if got := GetActionsStringFromPolicy(tt.args.policy); !reflect.DeepEqual(len(got), tt.want) {
-				t.Errorf("GetActionsStringFromPolicy() = %v, want %v", len(got), tt.want)
-			}
-		})
-	}
-}
--- a/pkg/apis/networking.gke.io/v1beta1/zz_generated.deepcopy.go
+++ b/pkg/apis/networking.gke.io/v1beta1/zz_generated.deepcopy.go
@@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/pkg/apis/networking.gke.io/v1beta2/zz_generated.deepcopy.go
+++ b/pkg/apis/networking.gke.io/v1beta2/zz_generated.deepcopy.go
@@ -1,3 +1,4 @@
+//go:build !ignore_autogenerated
 // +build !ignore_autogenerated

 /*
--- a/pkg/auth/idp.go
+++ b/pkg/auth/idp.go
@@ -20,8 +20,8 @@ import (
 	"context"

 	"github.com/minio/console/pkg/auth/idp/oauth2"
-
 	"github.com/minio/minio-go/v7/pkg/credentials"
+	xoauth2 "golang.org/x/oauth2"
 )

 // IdentityProviderI interface with all functions to be implemented
@@ -29,6 +29,7 @@ import (
 // that are used within this project.
 type IdentityProviderI interface {
 	VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error)
+	VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error)
 	GenerateLoginURL() string
 }

@@ -45,6 +46,11 @@ func (c IdentityProvider) VerifyIdentity(ctx context.Context, code, state string
 	return c.Client.VerifyIdentity(ctx, code, state)
 }

+// VerifyIdentityForOperator will verify the user identity against the idp using the authorization code flow
+func (c IdentityProvider) VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error) {
+	return c.Client.VerifyIdentityForOperator(ctx, code, state)
+}
+
 // GenerateLoginURL returns a new URL used by the user to login against the idp
 func (c IdentityProvider) GenerateLoginURL() string {
 	return c.Client.GenerateLoginURL()
--- a/pkg/auth/idp/oauth2/config.go
+++ b/pkg/auth/idp/oauth2/config.go
@@ -29,49 +29,57 @@ func GetSTSEndpoint() string {
 	return strings.TrimSpace(env.Get(ConsoleMinIOServer, "http://localhost:9000"))
 }

-func GetIdpURL() string {
-	return env.Get(ConsoleIdpURL, "")
+func GetIDPURL() string {
+	return env.Get(ConsoleIDPURL, "")
 }

-func GetIdpClientID() string {
-	return env.Get(ConsoleIdpClientID, "")
+func GetIDPClientID() string {
+	return env.Get(ConsoleIDPClientID, "")
 }

-func GetIdpSecret() string {
-	return env.Get(ConsoleIdpSecret, "")
+func GetIDPUserInfo() bool {
+	return env.Get(ConsoleIDPUserInfo, "") == "on"
 }

-// Public endpoint used by the identity oidcProvider when redirecting the user after identity verification
-func GetIdpCallbackURL() string {
-	return env.Get(ConsoleIdpCallbackURL, "")
+func GetIDPSecret() string {
+	return env.Get(ConsoleIDPSecret, "")
 }

-func IsIdpEnabled() bool {
-	return GetIdpURL() != "" &&
-		GetIdpClientID() != "" &&
-		GetIdpCallbackURL() != ""
+// Public endpoint used by the identity oidcProvider when redirecting
+// the user after identity verification
+func GetIDPCallbackURL() string {
+	return env.Get(ConsoleIDPCallbackURL, "")
 }

-var defaultPassphraseForIdpHmac = utils.RandomCharString(64)
-
-// GetPassphraseForIdpHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
-func getPassphraseForIdpHmac() string {
-	return env.Get(ConsoleIdpHmacPassphrase, defaultPassphraseForIdpHmac)
+func GetIDPCallbackURLDynamic() bool {
+	return env.Get(ConsoleIDPCallbackURLDynamic, "") == "on"
 }

-var defaultSaltForIdpHmac = utils.RandomCharString(64)
-
-// GetSaltForIdpHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
-func getSaltForIdpHmac() string {
-	return env.Get(ConsoleIdpHmacSalt, defaultSaltForIdpHmac)
+func IsIDPEnabled() bool {
+	return GetIDPURL() != "" &&
+		GetIDPClientID() != ""
 }

-// getIdpScopes return default scopes during the IDP login request
-func getIdpScopes() string {
+var defaultPassphraseForIDPHmac = utils.RandomCharString(64)
+
+// GetPassphraseForIDPHmac returns passphrase for the pbkdf2 function used to sign the oauth2 state parameter
+func getPassphraseForIDPHmac() string {
+	return env.Get(ConsoleIDPHmacPassphrase, defaultPassphraseForIDPHmac)
+}
+
+var defaultSaltForIDPHmac = utils.RandomCharString(64)
+
+// GetSaltForIDPHmac returns salt for the pbkdf2 function used to sign the oauth2 state parameter
+func getSaltForIDPHmac() string {
+	return env.Get(ConsoleIDPHmacSalt, defaultSaltForIDPHmac)
+}
+
+// getIDPScopes return default scopes during the IDP login request
+func getIDPScopes() string {
 	return env.Get(ConsoleIDPScopes, "openid,profile,email")
 }

-// getIdpTokenExpiration return default token expiration for access token (in seconds)
-func getIdpTokenExpiration() string {
+// getIDPTokenExpiration return default token expiration for access token (in seconds)
+func getIDPTokenExpiration() string {
 	return env.Get(ConsoleIDPTokenExpiration, "3600")
 }
--- a/pkg/auth/idp/oauth2/const.go
+++ b/pkg/auth/idp/oauth2/const.go
@@ -16,15 +16,17 @@

 package oauth2

+// Environment constants for console IDP/SSO configuration
 const (
-	// const for idp configuration
-	ConsoleMinIOServer        = "CONSOLE_MINIO_SERVER"
-	ConsoleIdpURL             = "CONSOLE_IDP_URL"
-	ConsoleIdpClientID        = "CONSOLE_IDP_CLIENT_ID"
-	ConsoleIdpSecret          = "CONSOLE_IDP_SECRET"
-	ConsoleIdpCallbackURL     = "CONSOLE_IDP_CALLBACK"
-	ConsoleIdpHmacPassphrase  = "CONSOLE_IDP_HMAC_PASSPHRASE"
-	ConsoleIdpHmacSalt        = "CONSOLE_IDP_HMAC_SALT"
-	ConsoleIDPScopes          = "CONSOLE_IDP_SCOPES"
-	ConsoleIDPTokenExpiration = "CONSOLE_IDP_TOKEN_EXPIRATION"
+	ConsoleMinIOServer           = "CONSOLE_MINIO_SERVER"
+	ConsoleIDPURL                = "CONSOLE_IDP_URL"
+	ConsoleIDPClientID           = "CONSOLE_IDP_CLIENT_ID"
+	ConsoleIDPSecret             = "CONSOLE_IDP_SECRET"
+	ConsoleIDPCallbackURL        = "CONSOLE_IDP_CALLBACK"
+	ConsoleIDPCallbackURLDynamic = "CONSOLE_IDP_CALLBACK_DYNAMIC"
+	ConsoleIDPHmacPassphrase     = "CONSOLE_IDP_HMAC_PASSPHRASE"
+	ConsoleIDPHmacSalt           = "CONSOLE_IDP_HMAC_SALT"
+	ConsoleIDPScopes             = "CONSOLE_IDP_SCOPES"
+	ConsoleIDPUserInfo           = "CONSOLE_IDP_USERINFO"
+	ConsoleIDPTokenExpiration    = "CONSOLE_IDP_TOKEN_EXPIRATION"
 )
--- a/pkg/auth/idp/oauth2/provider.go
+++ b/pkg/auth/idp/oauth2/provider.go
@@ -20,6 +20,7 @@ import (
 	"context"
 	"crypto/sha1"
 	"encoding/base64"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
@@ -30,7 +31,6 @@ import (

 	"github.com/minio/minio-go/v7/pkg/credentials"

-	"github.com/coreos/go-oidc"
 	"github.com/minio/console/pkg/auth/utils"
 	"golang.org/x/crypto/pbkdf2"
 	"golang.org/x/oauth2"
@@ -49,6 +49,24 @@ type Config struct {
 	xoauth2.Config
 }

+// DiscoveryDoc - parses the output from openid-configuration
+// for example https://accounts.google.com/.well-known/openid-configuration
+type DiscoveryDoc struct {
+	Issuer                           string   `json:"issuer,omitempty"`
+	AuthEndpoint                     string   `json:"authorization_endpoint,omitempty"`
+	TokenEndpoint                    string   `json:"token_endpoint,omitempty"`
+	UserInfoEndpoint                 string   `json:"userinfo_endpoint,omitempty"`
+	RevocationEndpoint               string   `json:"revocation_endpoint,omitempty"`
+	JwksURI                          string   `json:"jwks_uri,omitempty"`
+	ResponseTypesSupported           []string `json:"response_types_supported,omitempty"`
+	SubjectTypesSupported            []string `json:"subject_types_supported,omitempty"`
+	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
+	ScopesSupported                  []string `json:"scopes_supported,omitempty"`
+	TokenEndpointAuthMethods         []string `json:"token_endpoint_auth_methods_supported,omitempty"`
+	ClaimsSupported                  []string `json:"claims_supported,omitempty"`
+	CodeChallengeMethodsSupported    []string `json:"code_challenge_methods_supported,omitempty"`
+}
+
 func (ac Config) Exchange(ctx context.Context, code string, opts ...xoauth2.AuthCodeOption) (*xoauth2.Token, error) {
 	return ac.Exchange(ctx, code, opts...)
 }
@@ -88,51 +106,80 @@ type Provider struct {
 	//   often available via site-specific packages, such as
 	//   google.Endpoint or github.Endpoint.
 	// - Scopes specifies optional requested permissions.
-	ClientID       string
+	ClientID string
+	// if enabled means that we need extrace access_token as well
+	UserInfo       bool
 	oauth2Config   Configuration
-	oidcProvider   *oidc.Provider
 	provHTTPClient *http.Client
 }

 // derivedKey is the key used to compute the HMAC for signing the oauth state parameter
 // its derived using pbkdf on CONSOLE_IDP_HMAC_PASSPHRASE with CONSOLE_IDP_HMAC_SALT
 var derivedKey = func() []byte {
-	return pbkdf2.Key([]byte(getPassphraseForIdpHmac()), []byte(getSaltForIdpHmac()), 4096, 32, sha1.New)
+	return pbkdf2.Key([]byte(getPassphraseForIDPHmac()), []byte(getSaltForIDPHmac()), 4096, 32, sha1.New)
+}
+
+const (
+	schemeHTTP  = "http"
+	schemeHTTPS = "https"
+)
+
+func getLoginCallbackURL(r *http.Request) string {
+	scheme := getSourceScheme(r)
+	if scheme == "" {
+		if r.TLS != nil {
+			scheme = schemeHTTPS
+		} else {
+			scheme = schemeHTTP
+		}
+	}
+
+	redirectURL := scheme + "://" + r.Host + "/oauth_callback"
+	_, err := url.Parse(redirectURL)
+	if err != nil {
+		panic(err)
+	}
+	return redirectURL
 }

 // NewOauth2ProviderClient instantiates a new oauth2 client using the configured credentials
 // it returns a *Provider object that contains the necessary configuration to initiate an
 // oauth2 authentication flow
-func NewOauth2ProviderClient(ctx context.Context, scopes []string, httpClient *http.Client) (*Provider, error) {
-	customCtx := oidc.ClientContext(ctx, httpClient)
-	provider, err := oidc.NewProvider(customCtx, GetIdpURL())
+func NewOauth2ProviderClient(scopes []string, r *http.Request, httpClient *http.Client) (*Provider, error) {
+	ddoc, err := parseDiscoveryDoc(GetIDPURL(), httpClient)
 	if err != nil {
 		return nil, err
 	}
-	// if google, change scopes
-	u, err := url.Parse(GetIdpURL())
-	if err != nil {
-		return nil, err
-	}
-	// below verification should not be necessary if the user configure exactly the
-	// scopes he need, will be removed on a future release
-	if u.Host == "google.com" {
-		scopes = []string{oidc.ScopeOpenID}
-	}
+
 	// If provided scopes are empty we use a default list or the user configured list
 	if len(scopes) == 0 {
-		scopes = strings.Split(getIdpScopes(), ",")
+		scopes = strings.Split(getIDPScopes(), ",")
 	}
+
+	redirectURL := GetIDPCallbackURL()
+	if GetIDPCallbackURLDynamic() {
+		// dynamic redirect if set, will generate redirect URLs
+		// dynamically based on incoming requests.
+		redirectURL = getLoginCallbackURL(r)
+	}
+
+	// add "openid" scope always.
+	scopes = append(scopes, "openid")
+
 	client := new(Provider)
 	client.oauth2Config = &xoauth2.Config{
-		ClientID:     GetIdpClientID(),
-		ClientSecret: GetIdpSecret(),
-		RedirectURL:  GetIdpCallbackURL(),
-		Endpoint:     provider.Endpoint(),
-		Scopes:       scopes,
+		ClientID:     GetIDPClientID(),
+		ClientSecret: GetIDPSecret(),
+		RedirectURL:  redirectURL,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  ddoc.AuthEndpoint,
+			TokenURL: ddoc.TokenEndpoint,
+		},
+		Scopes: scopes,
 	}
-	client.oidcProvider = provider
-	client.ClientID = GetIdpClientID()
+
+	client.ClientID = GetIDPClientID()
+	client.UserInfo = GetIDPUserInfo()
 	client.provHTTPClient = httpClient

 	return client, nil
@@ -163,7 +210,8 @@ type User struct {
 	Username          string                 `json:"username"`
 }

-// VerifyIdentity will contact the configured IDP and validate the user identity based on the authorization code
+// VerifyIdentity will contact the configured IDP to the user identity based on the authorization code and state
+// if the user is valid, then it will contact MinIO to get valid sts credentials based on the identity provided by the IDP
 func (client *Provider) VerifyIdentity(ctx context.Context, code, state string) (*credentials.Credentials, error) {
 	// verify the provided state is valid (prevents CSRF attacks)
 	if err := validateOauth2State(state); err != nil {
@@ -184,18 +232,26 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state string)

 		// check if user configured a hardcoded expiration for console via env variables
 		// and override the incoming expiration
-		userConfiguredExpiration := getIdpTokenExpiration()
+		userConfiguredExpiration := getIDPTokenExpiration()
 		if userConfiguredExpiration != "" {
 			expiration, _ = strconv.Atoi(userConfiguredExpiration)
 		}
 		idToken := oauth2Token.Extra("id_token")
 		if idToken == nil {
-			return nil, errors.New("returned token is missing id_token claim")
+			return nil, errors.New("missing id_token")
 		}
-		return &credentials.WebIdentityToken{
+		token := &credentials.WebIdentityToken{
 			Token:  idToken.(string),
 			Expiry: expiration,
-		}, nil
+		}
+		if client.UserInfo { // look for access_token only if userinfo is requested.
+			accessToken := oauth2Token.Extra("access_token")
+			if accessToken == nil {
+				return nil, errors.New("missing access_token")
+			}
+			token.AccessToken = accessToken.(string)
+		}
+		return token, nil
 	}
 	stsEndpoint := GetSTSEndpoint()
 	sts := credentials.New(&credentials.STSWebIdentity{
@@ -206,6 +262,23 @@ func (client *Provider) VerifyIdentity(ctx context.Context, code, state string)
 	return sts, nil
 }

+// VerifyIdentityForOperator will contact the configured IDP and validate the user identity based on the authorization code and state
+func (client *Provider) VerifyIdentityForOperator(ctx context.Context, code, state string) (*xoauth2.Token, error) {
+	// verify the provided state is valid (prevents CSRF attacks)
+	if err := validateOauth2State(state); err != nil {
+		return nil, err
+	}
+	customCtx := context.WithValue(ctx, oauth2.HTTPClient, client.provHTTPClient)
+	oauth2Token, err := client.oauth2Config.Exchange(customCtx, code)
+	if err != nil {
+		return nil, err
+	}
+	if !oauth2Token.Valid() {
+		return nil, errors.New("invalid token")
+	}
+	return oauth2Token, nil
+}
+
 // validateOauth2State validates the provided state was originated using the same
 // instance (or one configured using the same secrets) of Console, this is basically used to prevent CSRF attacks
 // https://security.stackexchange.com/questions/20187/oauth2-cross-site-request-forgery-and-state-parameter
@@ -235,6 +308,32 @@ func validateOauth2State(state string) error {
 	return nil
 }

+// parseDiscoveryDoc parses a discovery doc from an OAuth provider
+// into a DiscoveryDoc struct that have the correct endpoints
+func parseDiscoveryDoc(ustr string, httpClient *http.Client) (DiscoveryDoc, error) {
+	d := DiscoveryDoc{}
+	req, err := http.NewRequest(http.MethodGet, ustr, nil)
+	if err != nil {
+		return d, err
+	}
+	clnt := http.Client{
+		Transport: httpClient.Transport,
+	}
+	resp, err := clnt.Do(req)
+	if err != nil {
+		return d, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return d, err
+	}
+	dec := json.NewDecoder(resp.Body)
+	if err = dec.Decode(&d); err != nil {
+		return d, err
+	}
+	return d, nil
+}
+
 // GetRandomStateWithHMAC computes message + hmac(message, pbkdf2(key, salt)) to be used as state during the oauth authorization
 func GetRandomStateWithHMAC(length int) string {
 	state := utils.RandomCharString(length)
--- a/pkg/auth/idp/oauth2/provider_test.go
+++ b/pkg/auth/idp/oauth2/provider_test.go
@@ -21,7 +21,6 @@ import (
 	"net/http"
 	"testing"

-	"github.com/coreos/go-oidc"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/oauth2"
 )
@@ -58,7 +57,6 @@ func TestGenerateLoginURL(t *testing.T) {
 	funcAssert := assert.New(t)
 	oauth2Provider := Provider{
 		oauth2Config: Oauth2configMock{},
-		oidcProvider: &oidc.Provider{},
 	}
 	// Test-1 : GenerateLoginURL() generates URL correctly with provided state
 	oauth2ConfigAuthCodeURLMock = func(state string, opts ...oauth2.AuthCodeOption) string {
--- a/pkg/auth/idp/oauth2/proxy.go
+++ b/pkg/auth/idp/oauth2/proxy.go
@@ -0,0 +1,70 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package oauth2
+
+import (
+	"net/http"
+	"regexp"
+	"strings"
+)
+
+var (
+	// De-facto standard header keys.
+	xForwardedProto  = http.CanonicalHeaderKey("X-Forwarded-Proto")
+	xForwardedScheme = http.CanonicalHeaderKey("X-Forwarded-Scheme")
+)
+
+var (
+	// RFC7239 defines a new "Forwarded: " header designed to replace the
+	// existing use of X-Forwarded-* headers.
+	// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43
+	forwarded = http.CanonicalHeaderKey("Forwarded")
+	// Allows for a sub-match of the first value after 'for=' to the next
+	// comma, semi-colon or space. The match is case-insensitive.
+	forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|,| )]+)(.*)`)
+	// Allows for a sub-match for the first instance of scheme (http|https)
+	// prefixed by 'proto='. The match is case-insensitive.
+	protoRegex = regexp.MustCompile(`(?i)^(;|,| )+(?:proto=)(https|http)`)
+)
+
+// getSourceScheme retrieves the scheme from the X-Forwarded-Proto and RFC7239
+// Forwarded headers (in that order).
+func getSourceScheme(r *http.Request) string {
+	var scheme string
+
+	// Retrieve the scheme from X-Forwarded-Proto.
+	if proto := r.Header.Get(xForwardedProto); proto != "" {
+		scheme = strings.ToLower(proto)
+	} else if proto = r.Header.Get(xForwardedScheme); proto != "" {
+		scheme = strings.ToLower(proto)
+	} else if proto := r.Header.Get(forwarded); proto != "" {
+		// match should contain at least two elements if the protocol was
+		// specified in the Forwarded header. The first element will always be
+		// the 'for=', which we ignore, subsequently we proceed to look for
+		// 'proto=' which should precede right after `for=` if not
+		// we simply ignore the values and return empty. This is in line
+		// with the approach we took for returning first ip from multiple
+		// params.
+		if match := forRegex.FindStringSubmatch(proto); len(match) > 1 {
+			if match = protoRegex.FindStringSubmatch(match[2]); len(match) > 1 {
+				scheme = strings.ToLower(match[2])
+			}
+		}
+	}
+
+	return scheme
+}
--- a/pkg/auth/token.go
+++ b/pkg/auth/token.go
@@ -54,7 +54,7 @@ var derivedKey = func() []byte {
 	return pbkdf2.Key([]byte(token.GetPBKDFPassphrase()), []byte(token.GetPBKDFSalt()), 4096, 32, sha1.New)
 }

-// IsSessionTokenValid returns true or false depending if the provided session token is valid or not
+// IsSessionTokenValid returns true or false depending upon the provided session if the token is valid or not
 func IsSessionTokenValid(token string) bool {
 	_, err := SessionTokenAuthenticate(token)
 	return err == nil
@@ -62,11 +62,10 @@ func IsSessionTokenValid(token string) bool {

 // TokenClaims claims struct for decrypted credentials
 type TokenClaims struct {
-	STSAccessKeyID     string   `json:"stsAccessKeyID,omitempty"`
-	STSSecretAccessKey string   `json:"stsSecretAccessKey,omitempty"`
-	STSSessionToken    string   `json:"stsSessionToken,omitempty"`
-	AccountAccessKey   string   `json:"accountAccessKey,omitempty"`
-	Actions            []string `json:"actions,omitempty"`
+	STSAccessKeyID     string `json:"stsAccessKeyID,omitempty"`
+	STSSecretAccessKey string `json:"stsSecretAccessKey,omitempty"`
+	STSSessionToken    string `json:"stsSessionToken,omitempty"`
+	AccountAccessKey   string `json:"accountAccessKey,omitempty"`
 }

 // SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature
@@ -79,7 +78,6 @@ type TokenClaims struct {
 //		STSSecretAccessKey
 //		STSSessionToken
 //		AccountAccessKey
-//		Actions
 //	}
 func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
 	if token == "" {
@@ -98,14 +96,13 @@ func SessionTokenAuthenticate(token string) (*TokenClaims, error) {

 // NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first
 // encrypts the claims and the sign them
-func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, actions []string) (string, error) {
+func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string) (string, error) {
 	if credentials != nil {
 		encryptedClaims, err := encryptClaims(&TokenClaims{
 			STSAccessKeyID:     credentials.AccessKeyID,
 			STSSecretAccessKey: credentials.SecretAccessKey,
 			STSSessionToken:    credentials.SessionToken,
 			AccountAccessKey:   accountAccessKey,
-			Actions:            actions,
 		})
 		if err != nil {
 			return "", err
@@ -311,7 +308,6 @@ func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
 	}
 	return &models.Principal{
 		STSAccessKeyID:     claims.STSAccessKeyID,
-		Actions:            claims.Actions,
 		STSSecretAccessKey: claims.STSSecretAccessKey,
 		STSSessionToken:    claims.STSSessionToken,
 		AccountAccessKey:   claims.AccountAccessKey,
--- a/pkg/auth/token/config.go
+++ b/pkg/auth/token/config.go
@@ -17,17 +17,25 @@
 package token

 import (
-	"strconv"
+	"time"

 	"github.com/minio/console/pkg/auth/utils"
 	"github.com/minio/pkg/env"
 )

-// ConsoleSTSDurationSeconds returns the default session duration for the STS requested tokens.
-func GetConsoleSTSDurationInSeconds() int {
-	duration, err := strconv.Atoi(env.Get(ConsoleSTSDurationSeconds, "3600"))
+// GetConsoleSTSDuration returns the default session duration for the STS requested tokens (defaults to 1h)
+func GetConsoleSTSDuration() time.Duration {
+	durationSeconds := env.Get(ConsoleSTSDurationSeconds, "")
+	if durationSeconds != "" {
+		duration, err := time.ParseDuration(durationSeconds + "s")
+		if err != nil {
+			duration = 1 * time.Hour
+		}
+		return duration
+	}
+	duration, err := time.ParseDuration(env.Get(ConsoleSTSDuration, "1h"))
 	if err != nil {
-		duration = 3600
+		duration = 1 * time.Hour
 	}
 	return duration
 }
--- a/pkg/auth/token/const.go
+++ b/pkg/auth/token/const.go
@@ -17,7 +17,8 @@
 package token

 const (
-	ConsoleSTSDurationSeconds = "CONSOLE_STS_DURATION_SECONDS"
+	ConsoleSTSDurationSeconds = "CONSOLE_STS_DURATION_SECONDS" // (deprecated), set value in seconds for sts session, ie: 3600
+	ConsoleSTSDuration        = "CONSOLE_STS_DURATION"         // time.Duration format, ie: 3600s, 2h45m, 1h, etc
 	ConsolePBKDFPassphrase    = "CONSOLE_PBKDF_PASSPHRASE"
 	ConsolePBKDFSalt          = "CONSOLE_PBKDF_SALT"
 )
--- a/Show More
+++ b/Show More