@@ -334,7 +334,8 @@ func getListTenantsResponse(session *models.Principal, params admin_api.ListTena
334
334
}
335
335
336
336
func getTenantCreatedResponse (session * models.Principal , params admin_api.CreateTenantParams ) (* models.CreateTenantResponse , error ) {
337
- minioImage := params .Body .Image
337
+ tenantReq := params .Body
338
+ minioImage := tenantReq .Image
338
339
339
340
if minioImage == "" {
340
341
minImg , err := cluster .GetMinioImage ()
@@ -349,20 +350,20 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
349
350
return nil , err
350
351
}
351
352
352
- ns := * params . Body .Namespace
353
+ ns := * tenantReq .Namespace
353
354
354
355
// if access/secret are provided, use them, else create a random pair
355
356
accessKey := RandomCharString (16 )
356
357
secretKey := RandomCharString (32 )
357
358
358
- if params . Body .AccessKey != "" {
359
- accessKey = params . Body .AccessKey
359
+ if tenantReq .AccessKey != "" {
360
+ accessKey = tenantReq .AccessKey
360
361
}
361
- if params . Body .SecretKey != "" {
362
- secretKey = params . Body .SecretKey
362
+ if tenantReq .SecretKey != "" {
363
+ secretKey = tenantReq .SecretKey
363
364
}
364
365
365
- secretName := fmt .Sprintf ("%s-secret" , * params . Body .Name )
366
+ secretName := fmt .Sprintf ("%s-secret" , * tenantReq .Name )
366
367
imm := true
367
368
368
369
instanceSecret := corev1.Secret {
@@ -384,7 +385,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
384
385
//Construct a MinIO Instance with everything we are getting from parameters
385
386
minInst := operator.Tenant {
386
387
ObjectMeta : metav1.ObjectMeta {
387
- Name : * params . Body .Name ,
388
+ Name : * tenantReq .Name ,
388
389
},
389
390
Spec : operator.TenantSpec {
390
391
Image : minioImage ,
@@ -397,15 +398,15 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
397
398
}
398
399
idpEnabled := false
399
400
// Enable IDP (Active Directory) for MinIO
400
- if params . Body . Idp != nil && params . Body .Idp .ActiveDirectory != nil {
401
- url := * params . Body .Idp .ActiveDirectory .URL
402
- userNameFormat := * params . Body .Idp .ActiveDirectory .UsernameFormat
403
- userSearchFilter := * params . Body .Idp .ActiveDirectory .UserSearchFilter
404
- tlsSkipVerify := params . Body .Idp .ActiveDirectory .SkipSslVerification
405
- serverInsecure := params . Body .Idp .ActiveDirectory .ServerInsecure
406
- groupSearchDN := params . Body .Idp .ActiveDirectory .GroupSearchBaseDn
407
- groupSearchFilter := params . Body .Idp .ActiveDirectory .GroupSearchFilter
408
- groupNameAttribute := params . Body .Idp .ActiveDirectory .GroupNameAttribute
401
+ if tenantReq . Idp != nil && tenantReq .Idp .ActiveDirectory != nil {
402
+ url := * tenantReq .Idp .ActiveDirectory .URL
403
+ userNameFormat := * tenantReq .Idp .ActiveDirectory .UsernameFormat
404
+ userSearchFilter := * tenantReq .Idp .ActiveDirectory .UserSearchFilter
405
+ tlsSkipVerify := tenantReq .Idp .ActiveDirectory .SkipSslVerification
406
+ serverInsecure := tenantReq .Idp .ActiveDirectory .ServerInsecure
407
+ groupSearchDN := tenantReq .Idp .ActiveDirectory .GroupSearchBaseDn
408
+ groupSearchFilter := tenantReq .Idp .ActiveDirectory .GroupSearchFilter
409
+ groupNameAttribute := tenantReq .Idp .ActiveDirectory .GroupNameAttribute
409
410
if url != "" && userNameFormat != "" && userSearchFilter != "" {
410
411
// CONSOLE_LDAP_ENABLED
411
412
idpEnabled = true
@@ -449,24 +450,24 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
449
450
450
451
// operator request AutoCert feature
451
452
encryption := false
452
- if params . Body .EnableSsl != nil {
453
+ if tenantReq .EnableSsl != nil {
453
454
encryption = true
454
- minInst .Spec .RequestAutoCert = * params . Body .EnableSsl
455
+ minInst .Spec .RequestAutoCert = * tenantReq .EnableSsl
455
456
}
456
457
457
458
// User provided TLS certificates (this will take priority over autoCert)
458
- if params . Body . TLS != nil && params . Body . TLS .Crt != nil && params . Body .TLS .Key != nil {
459
+ if tenantReq . TLS != nil && tenantReq . TLS .Crt != nil && tenantReq .TLS .Key != nil {
459
460
encryption = true
460
461
externalTLSCertificateSecretName := fmt .Sprintf ("%s-instance-external-certificates" , secretName )
461
462
// disable autoCert
462
463
minInst .Spec .RequestAutoCert = false
463
464
464
- tlsCrt , err := base64 .StdEncoding .DecodeString (* params . Body .TLS .Crt )
465
+ tlsCrt , err := base64 .StdEncoding .DecodeString (* tenantReq .TLS .Crt )
465
466
if err != nil {
466
467
return nil , err
467
468
}
468
469
469
- tlsKey , err := base64 .StdEncoding .DecodeString (* params . Body .TLS .Key )
470
+ tlsKey , err := base64 .StdEncoding .DecodeString (* tenantReq .TLS .Key )
470
471
if err != nil {
471
472
return nil , err
472
473
}
@@ -493,19 +494,19 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
493
494
}
494
495
}
495
496
496
- if params . Body .Encryption != nil && encryption {
497
+ if tenantReq .Encryption != nil && encryption {
497
498
// Enable auto encryption
498
499
minInst .Spec .Env = append (minInst .Spec .Env , corev1.EnvVar {
499
500
Name : "MINIO_KMS_AUTO_ENCRYPTION" ,
500
501
Value : "on" ,
501
502
})
502
503
503
- if params . Body .Encryption .MasterKey != "" {
504
+ if tenantReq .Encryption .MasterKey != "" {
504
505
// Configure MinIO to use MINIO_KMS_MASTER_KEY legacy key
505
506
// https://docs.min.io/docs/minio-vault-legacy.html
506
507
minInst .Spec .Env = append (minInst .Spec .Env , corev1.EnvVar {
507
508
Name : "MINIO_KMS_MASTER_KEY" ,
508
- Value : params . Body .Encryption .MasterKey ,
509
+ Value : tenantReq .Encryption .MasterKey ,
509
510
})
510
511
} else {
511
512
// KES configuration for Tenant instance
@@ -515,16 +516,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
515
516
Metadata : nil ,
516
517
}
517
518
// Using custom image for KES
518
- if params . Body .Encryption .Image != "" {
519
- minInst .Spec .KES .Image = params . Body .Encryption .Image
519
+ if tenantReq .Encryption .Image != "" {
520
+ minInst .Spec .KES .Image = tenantReq .Encryption .Image
520
521
}
521
522
// Secret to store KES server TLS certificates
522
523
// TODO check if AutoCert it's already configured
523
- serverTLSCrt , err := base64 .StdEncoding .DecodeString (* params . Body .Encryption .Server .Crt )
524
+ serverTLSCrt , err := base64 .StdEncoding .DecodeString (* tenantReq .Encryption .Server .Crt )
524
525
if err != nil {
525
526
return nil , err
526
527
}
527
- serverTLSKey , err := base64 .StdEncoding .DecodeString (* params . Body .Encryption .Server .Key )
528
+ serverTLSKey , err := base64 .StdEncoding .DecodeString (* tenantReq .Encryption .Server .Key )
528
529
if err != nil {
529
530
return nil , err
530
531
}
@@ -551,11 +552,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
551
552
}
552
553
553
554
// Secret to store KES clients TLS certificates (mTLS authentication)
554
- clientTLSCrt , err := base64 .StdEncoding .DecodeString (* params . Body .Encryption .Client .Crt )
555
+ clientTLSCrt , err := base64 .StdEncoding .DecodeString (* tenantReq .Encryption .Client .Crt )
555
556
if err != nil {
556
557
return nil , err
557
558
}
558
- clientTLSKey , err := base64 .StdEncoding .DecodeString (* params . Body .Encryption .Client .Key )
559
+ clientTLSKey , err := base64 .StdEncoding .DecodeString (* tenantReq .Encryption .Client .Key )
559
560
if err != nil {
560
561
return nil , err
561
562
}
@@ -621,66 +622,66 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
621
622
Keys : kes.Keys {},
622
623
}
623
624
// if encryption is enabled and encryption is configured to use Vault
624
- if params . Body .Encryption .Vault != nil {
625
+ if tenantReq .Encryption .Vault != nil {
625
626
// Initialize Vault Config
626
627
kesConfig .Keys .Vault = & kes.Vault {
627
- Endpoint : * params . Body .Encryption .Vault .Endpoint ,
628
- EnginePath : params . Body .Encryption .Vault .Engine ,
629
- Namespace : params . Body .Encryption .Vault .Namespace ,
630
- Prefix : params . Body .Encryption .Vault .Prefix ,
628
+ Endpoint : * tenantReq .Encryption .Vault .Endpoint ,
629
+ EnginePath : tenantReq .Encryption .Vault .Engine ,
630
+ Namespace : tenantReq .Encryption .Vault .Namespace ,
631
+ Prefix : tenantReq .Encryption .Vault .Prefix ,
631
632
Status : & kes.VaultStatus {
632
633
Ping : 10 * time .Second ,
633
634
},
634
635
}
635
636
// Vault AppRole credentials
636
- if params . Body .Encryption .Vault .Approle != nil {
637
+ if tenantReq .Encryption .Vault .Approle != nil {
637
638
kesConfig .Keys .Vault .AppRole = & kes.AppRole {
638
- EnginePath : params . Body .Encryption .Vault .Approle .Engine ,
639
- ID : * params . Body .Encryption .Vault .Approle .ID ,
640
- Secret : * params . Body .Encryption .Vault .Approle .Secret ,
639
+ EnginePath : tenantReq .Encryption .Vault .Approle .Engine ,
640
+ ID : * tenantReq .Encryption .Vault .Approle .ID ,
641
+ Secret : * tenantReq .Encryption .Vault .Approle .Secret ,
641
642
Retry : 15 * time .Second ,
642
643
}
643
644
} else {
644
645
return nil , errors .New ("approle credentials missing for kes" )
645
646
}
646
- } else if params . Body .Encryption .Aws != nil {
647
+ } else if tenantReq .Encryption .Aws != nil {
647
648
// Initialize AWS
648
649
kesConfig .Keys .Aws = & kes.Aws {
649
650
SecretsManager : & kes.AwsSecretManager {},
650
651
}
651
652
// AWS basic configuration
652
- if params . Body .Encryption .Aws .Secretsmanager != nil {
653
- kesConfig .Keys .Aws .SecretsManager .Endpoint = * params . Body .Encryption .Aws .Secretsmanager .Endpoint
654
- kesConfig .Keys .Aws .SecretsManager .Region = * params . Body .Encryption .Aws .Secretsmanager .Region
655
- kesConfig .Keys .Aws .SecretsManager .KmsKey = params . Body .Encryption .Aws .Secretsmanager .Kmskey
653
+ if tenantReq .Encryption .Aws .Secretsmanager != nil {
654
+ kesConfig .Keys .Aws .SecretsManager .Endpoint = * tenantReq .Encryption .Aws .Secretsmanager .Endpoint
655
+ kesConfig .Keys .Aws .SecretsManager .Region = * tenantReq .Encryption .Aws .Secretsmanager .Region
656
+ kesConfig .Keys .Aws .SecretsManager .KmsKey = tenantReq .Encryption .Aws .Secretsmanager .Kmskey
656
657
// AWS credentials
657
- if params . Body .Encryption .Aws .Secretsmanager .Credentials != nil {
658
+ if tenantReq .Encryption .Aws .Secretsmanager .Credentials != nil {
658
659
kesConfig .Keys .Aws .SecretsManager .Login = & kes.AwsSecretManagerLogin {
659
- AccessKey : * params . Body .Encryption .Aws .Secretsmanager .Credentials .Accesskey ,
660
- SecretKey : * params . Body .Encryption .Aws .Secretsmanager .Credentials .Secretkey ,
661
- SessionToken : params . Body .Encryption .Aws .Secretsmanager .Credentials .Token ,
660
+ AccessKey : * tenantReq .Encryption .Aws .Secretsmanager .Credentials .Accesskey ,
661
+ SecretKey : * tenantReq .Encryption .Aws .Secretsmanager .Credentials .Secretkey ,
662
+ SessionToken : tenantReq .Encryption .Aws .Secretsmanager .Credentials .Token ,
662
663
}
663
664
}
664
665
}
665
- } else if params . Body .Encryption .Gemalto != nil {
666
+ } else if tenantReq .Encryption .Gemalto != nil {
666
667
// Initialize Gemalto
667
668
kesConfig .Keys .Gemalto = & kes.Gemalto {
668
669
KeySecure : & kes.GemaltoKeySecure {},
669
670
}
670
671
// Gemalto Configuration
671
- if params . Body .Encryption .Gemalto .Keysecure != nil {
672
- kesConfig .Keys .Gemalto .KeySecure .Endpoint = * params . Body .Encryption .Gemalto .Keysecure .Endpoint
672
+ if tenantReq .Encryption .Gemalto .Keysecure != nil {
673
+ kesConfig .Keys .Gemalto .KeySecure .Endpoint = * tenantReq .Encryption .Gemalto .Keysecure .Endpoint
673
674
// Gemalto TLS configuration
674
- if params . Body .Encryption .Gemalto .Keysecure .TLS != nil {
675
+ if tenantReq .Encryption .Gemalto .Keysecure .TLS != nil {
675
676
kesConfig .Keys .Gemalto .KeySecure .TLS = & kes.GemaltoTLS {
676
- CAPath : * params . Body .Encryption .Gemalto .Keysecure .TLS .Ca ,
677
+ CAPath : * tenantReq .Encryption .Gemalto .Keysecure .TLS .Ca ,
677
678
}
678
679
}
679
680
// Gemalto Login
680
- if params . Body .Encryption .Gemalto .Keysecure .Credentials != nil {
681
+ if tenantReq .Encryption .Gemalto .Keysecure .Credentials != nil {
681
682
kesConfig .Keys .Gemalto .KeySecure .Credentials = & kes.GemaltoCredentials {
682
- Token : * params . Body .Encryption .Gemalto .Keysecure .Credentials .Token ,
683
- Domain : * params . Body .Encryption .Gemalto .Keysecure .Credentials .Domain ,
683
+ Token : * tenantReq .Encryption .Gemalto .Keysecure .Credentials .Token ,
684
+ Domain : * tenantReq .Encryption .Gemalto .Keysecure .Credentials .Domain ,
684
685
Retry : 15 * time .Second ,
685
686
}
686
687
}
@@ -718,12 +719,12 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
718
719
var consoleSecret string
719
720
720
721
enableConsole := true
721
- if params . Body .EnableConsole != nil {
722
- enableConsole = * params . Body .EnableConsole
722
+ if tenantReq .EnableConsole != nil {
723
+ enableConsole = * tenantReq .EnableConsole
723
724
}
724
725
725
726
if enableConsole {
726
- consoleSelector := fmt .Sprintf ("%s-console" , * params . Body .Name )
727
+ consoleSelector := fmt .Sprintf ("%s-console" , * tenantReq .Name )
727
728
consoleSecretName := fmt .Sprintf ("%s-secret" , consoleSelector )
728
729
consoleAccess = RandomCharString (16 )
729
730
consoleSecret = RandomCharString (32 )
@@ -743,10 +744,10 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
743
744
}
744
745
745
746
// Enable IDP (Open ID Connect) for console
746
- if ! idpEnabled && params . Body . Idp != nil && params . Body .Idp .Oidc != nil {
747
- url := * params . Body .Idp .Oidc .URL
748
- clientID := * params . Body .Idp .Oidc .ClientID
749
- secretID := * params . Body .Idp .Oidc .SecretID
747
+ if ! idpEnabled && tenantReq . Idp != nil && tenantReq .Idp .Oidc != nil {
748
+ url := * tenantReq .Idp .Oidc .URL
749
+ clientID := * tenantReq .Idp .Oidc .ClientID
750
+ secretID := * tenantReq .Idp .Oidc .SecretID
750
751
if url != "" && clientID != "" && secretID != "" {
751
752
instanceSecret .Data ["CONSOLE_IDP_URL" ] = []byte (url )
752
753
instanceSecret .Data ["CONSOLE_IDP_CLIENT_ID" ] = []byte (clientID )
@@ -782,11 +783,11 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
782
783
}
783
784
784
785
// set the service name if provided
785
- if params . Body .ServiceName != "" {
786
- minInst .Spec .ServiceName = params . Body .ServiceName
786
+ if tenantReq .ServiceName != "" {
787
+ minInst .Spec .ServiceName = tenantReq .ServiceName
787
788
}
788
789
// set the zones if they are provided
789
- for _ , zone := range params . Body .Zones {
790
+ for _ , zone := range tenantReq .Zones {
790
791
zone , err := parseTenantZoneRequest (zone )
791
792
if err != nil {
792
793
return nil , err
@@ -795,15 +796,22 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
795
796
}
796
797
797
798
// Set Mount Path if provided
798
- if params . Body .MounthPath != "" {
799
- minInst .Spec .Mountpath = params . Body .MounthPath
799
+ if tenantReq .MounthPath != "" {
800
+ minInst .Spec .Mountpath = tenantReq .MounthPath
800
801
}
801
802
// add annotations
802
- if len (params . Body .Annotations ) > 0 {
803
+ if len (tenantReq .Annotations ) > 0 {
803
804
if minInst .Spec .Metadata == nil {
804
805
minInst .Spec .Metadata = & metav1.ObjectMeta {}
805
806
}
806
- minInst .Spec .Metadata .Annotations = params .Body .Annotations
807
+ minInst .Spec .Metadata .Annotations = tenantReq .Annotations
808
+ }
809
+
810
+ // Set Image Pull Secrets Name if defined
811
+ if tenantReq .ImagePullSecretsName != "" {
812
+ minInst .Spec .ImagePullSecret = corev1.LocalObjectReference {
813
+ Name : tenantReq .ImagePullSecretsName ,
814
+ }
807
815
}
808
816
809
817
opClient , err := cluster .OperatorClient (session .SessionToken )
@@ -818,7 +826,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
818
826
819
827
// Integratrions
820
828
if os .Getenv ("GKE_INTEGRATION" ) != "" {
821
- err := gkeIntegration (clientset , * params . Body .Name , ns , session .SessionToken )
829
+ err := gkeIntegration (clientset , * tenantReq .Name , ns , session .SessionToken )
822
830
if err != nil {
823
831
return nil , err
824
832
}
@@ -829,9 +837,10 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
829
837
}
830
838
// Attach Console Credentials
831
839
if enableConsole {
832
- response .Console = & models.CreateTenantResponseConsole {}
833
- response .Console .AccessKey = consoleAccess
834
- response .Console .SecretKey = consoleSecret
840
+ response .Console = & models.CreateTenantResponseConsole {
841
+ AccessKey : consoleAccess ,
842
+ SecretKey : consoleSecret ,
843
+ }
835
844
}
836
845
return response , nil
837
846
}
0 commit comments