2020-04-01 18:18:57 -07:00
|
|
|
// Code generated by go-swagger; DO NOT EDIT.
|
|
|
|
|
|
|
|
|
|
// This file is part of MinIO Console Server
|
2023-02-06 22:32:49 -06:00
|
|
|
// Copyright (c) 2023 MinIO, Inc.
|
2020-04-01 18:18:57 -07:00
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
// This file was generated by the swagger tool.
|
|
|
|
|
// Editing this file might prove futile when you re-run the swagger generate command
|
|
|
|
|
|
|
|
|
|
import (
|
2021-06-08 12:35:39 -07:00
|
|
|
"context"
|
2020-04-01 18:18:57 -07:00
|
|
|
"encoding/json"
|
2022-10-20 20:08:54 -05:00
|
|
|
"strconv"
|
2020-04-01 18:18:57 -07:00
|
|
|
|
|
|
|
|
"github.com/go-openapi/errors"
|
|
|
|
|
"github.com/go-openapi/strfmt"
|
|
|
|
|
"github.com/go-openapi/swag"
|
|
|
|
|
"github.com/go-openapi/validate"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// LoginDetails login details
|
|
|
|
|
//
|
|
|
|
|
// swagger:model loginDetails
|
|
|
|
|
type LoginDetails struct {
|
|
|
|
|
|
2023-05-03 11:36:41 -06:00
|
|
|
// animated login
|
|
|
|
|
AnimatedLogin bool `json:"animatedLogin,omitempty"`
|
|
|
|
|
|
2022-12-06 09:53:01 -08:00
|
|
|
// is k8 s
|
|
|
|
|
IsK8S bool `json:"isK8S,omitempty"`
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
// login strategy
|
2024-11-05 14:56:53 -06:00
|
|
|
// Enum: [form redirect service-account redirect-service-account]
|
2020-04-01 18:18:57 -07:00
|
|
|
LoginStrategy string `json:"loginStrategy,omitempty"`
|
|
|
|
|
|
2022-10-20 20:08:54 -05:00
|
|
|
// redirect rules
|
|
|
|
|
RedirectRules []*RedirectRule `json:"redirectRules"`
|
2020-04-01 18:18:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate validates this login details
|
|
|
|
|
func (m *LoginDetails) Validate(formats strfmt.Registry) error {
|
|
|
|
|
var res []error
|
|
|
|
|
|
|
|
|
|
if err := m.validateLoginStrategy(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-20 20:08:54 -05:00
|
|
|
if err := m.validateRedirectRules(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
if len(res) > 0 {
|
|
|
|
|
return errors.CompositeValidationError(res...)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var loginDetailsTypeLoginStrategyPropEnum []interface{}
|
|
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
|
var res []string
|
2022-04-18 15:47:16 -07:00
|
|
|
if err := json.Unmarshal([]byte(`["form","redirect","service-account","redirect-service-account"]`), &res); err != nil {
|
2020-04-01 18:18:57 -07:00
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
for _, v := range res {
|
|
|
|
|
loginDetailsTypeLoginStrategyPropEnum = append(loginDetailsTypeLoginStrategyPropEnum, v)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
|
|
|
|
// LoginDetailsLoginStrategyForm captures enum value "form"
|
|
|
|
|
LoginDetailsLoginStrategyForm string = "form"
|
|
|
|
|
|
|
|
|
|
// LoginDetailsLoginStrategyRedirect captures enum value "redirect"
|
|
|
|
|
LoginDetailsLoginStrategyRedirect string = "redirect"
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
// LoginDetailsLoginStrategyServiceDashAccount captures enum value "service-account"
|
|
|
|
|
LoginDetailsLoginStrategyServiceDashAccount string = "service-account"
|
2022-04-18 15:47:16 -07:00
|
|
|
|
|
|
|
|
// LoginDetailsLoginStrategyRedirectDashServiceDashAccount captures enum value "redirect-service-account"
|
|
|
|
|
LoginDetailsLoginStrategyRedirectDashServiceDashAccount string = "redirect-service-account"
|
2020-04-01 18:18:57 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// prop value enum
|
|
|
|
|
func (m *LoginDetails) validateLoginStrategyEnum(path, location string, value string) error {
|
2020-07-01 18:03:22 -07:00
|
|
|
if err := validate.EnumCase(path, location, value, loginDetailsTypeLoginStrategyPropEnum, true); err != nil {
|
2020-04-01 18:18:57 -07:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *LoginDetails) validateLoginStrategy(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.LoginStrategy) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// value enum
|
|
|
|
|
if err := m.validateLoginStrategyEnum("loginStrategy", "body", m.LoginStrategy); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-20 20:08:54 -05:00
|
|
|
func (m *LoginDetails) validateRedirectRules(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.RedirectRules) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for i := 0; i < len(m.RedirectRules); i++ {
|
|
|
|
|
if swag.IsZero(m.RedirectRules[i]) { // not required
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.RedirectRules[i] != nil {
|
|
|
|
|
if err := m.RedirectRules[i].Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("redirectRules" + "." + strconv.Itoa(i))
|
|
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("redirectRules" + "." + strconv.Itoa(i))
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ContextValidate validate this login details based on the context it is used
|
2021-06-08 12:35:39 -07:00
|
|
|
func (m *LoginDetails) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
2022-10-20 20:08:54 -05:00
|
|
|
var res []error
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidateRedirectRules(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(res) > 0 {
|
|
|
|
|
return errors.CompositeValidationError(res...)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *LoginDetails) contextValidateRedirectRules(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
for i := 0; i < len(m.RedirectRules); i++ {
|
|
|
|
|
|
|
|
|
|
if m.RedirectRules[i] != nil {
|
2023-10-19 12:49:38 -07:00
|
|
|
|
|
|
|
|
if swag.IsZero(m.RedirectRules[i]) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-20 20:08:54 -05:00
|
|
|
if err := m.RedirectRules[i].ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("redirectRules" + "." + strconv.Itoa(i))
|
|
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("redirectRules" + "." + strconv.Itoa(i))
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
// MarshalBinary interface implementation
|
|
|
|
|
func (m *LoginDetails) MarshalBinary() ([]byte, error) {
|
|
|
|
|
if m == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
return swag.WriteJSON(m)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalBinary interface implementation
|
|
|
|
|
func (m *LoginDetails) UnmarshalBinary(b []byte) error {
|
|
|
|
|
var res LoginDetails
|
|
|
|
|
if err := swag.ReadJSON(b, &res); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
*m = res
|
|
|
|
|
return nil
|
|
|
|
|
}
|