2020-07-01 18:03:22 -07:00
|
|
|
// Code generated by go-swagger; DO NOT EDIT.
|
|
|
|
|
|
|
|
|
|
// This file is part of MinIO Console Server
|
2022-03-07 18:24:09 -08:00
|
|
|
// Copyright (c) 2022 MinIO, Inc.
|
2020-07-01 18:03:22 -07:00
|
|
|
//
|
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
package models
|
|
|
|
|
|
|
|
|
|
// This file was generated by the swagger tool.
|
|
|
|
|
// Editing this file might prove futile when you re-run the swagger generate command
|
|
|
|
|
|
|
|
|
|
import (
|
2021-06-08 12:35:39 -07:00
|
|
|
"context"
|
2020-07-01 18:03:22 -07:00
|
|
|
"strconv"
|
|
|
|
|
|
|
|
|
|
"github.com/go-openapi/errors"
|
|
|
|
|
"github.com/go-openapi/strfmt"
|
|
|
|
|
"github.com/go-openapi/swag"
|
|
|
|
|
"github.com/go-openapi/validate"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// CreateTenantRequest create tenant request
|
|
|
|
|
//
|
|
|
|
|
// swagger:model createTenantRequest
|
|
|
|
|
type CreateTenantRequest struct {
|
|
|
|
|
|
|
|
|
|
// access key
|
|
|
|
|
AccessKey string `json:"access_key,omitempty"`
|
|
|
|
|
|
|
|
|
|
// annotations
|
|
|
|
|
Annotations map[string]string `json:"annotations,omitempty"`
|
|
|
|
|
|
2022-04-14 00:42:38 -06:00
|
|
|
// domains
|
|
|
|
|
Domains *DomainsConfiguration `json:"domains,omitempty"`
|
|
|
|
|
|
2020-07-25 14:38:16 -07:00
|
|
|
// enable console
|
|
|
|
|
EnableConsole *bool `json:"enable_console,omitempty"`
|
2020-07-01 18:03:22 -07:00
|
|
|
|
2020-08-24 15:07:36 -07:00
|
|
|
// enable prometheus
|
|
|
|
|
EnablePrometheus *bool `json:"enable_prometheus,omitempty"`
|
|
|
|
|
|
2020-08-09 14:47:06 -07:00
|
|
|
// enable tls
|
|
|
|
|
EnableTLS *bool `json:"enable_tls,omitempty"`
|
2020-07-01 18:03:22 -07:00
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
// encryption
|
|
|
|
|
Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
|
|
|
|
|
|
2020-08-04 22:32:41 -07:00
|
|
|
// erasure coding parity
|
|
|
|
|
ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
|
|
|
|
|
|
2021-01-13 14:08:32 -06:00
|
|
|
// expose console
|
|
|
|
|
ExposeConsole bool `json:"expose_console,omitempty"`
|
|
|
|
|
|
|
|
|
|
// expose minio
|
|
|
|
|
ExposeMinio bool `json:"expose_minio,omitempty"`
|
|
|
|
|
|
2020-08-02 23:45:54 -07:00
|
|
|
// idp
|
|
|
|
|
Idp *IdpConfiguration `json:"idp,omitempty"`
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
// image
|
|
|
|
|
Image string `json:"image,omitempty"`
|
|
|
|
|
|
2020-08-11 18:20:43 -07:00
|
|
|
// image pull secret
|
|
|
|
|
ImagePullSecret string `json:"image_pull_secret,omitempty"`
|
|
|
|
|
|
2020-08-04 20:54:59 -07:00
|
|
|
// image registry
|
|
|
|
|
ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
|
2020-08-04 16:04:04 -07:00
|
|
|
|
2020-09-17 06:44:16 -07:00
|
|
|
// labels
|
|
|
|
|
Labels map[string]string `json:"labels,omitempty"`
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
// log search configuration
|
|
|
|
|
LogSearchConfiguration *LogSearchConfiguration `json:"logSearchConfiguration,omitempty"`
|
|
|
|
|
|
2022-09-06 08:20:16 -07:00
|
|
|
// mount path
|
|
|
|
|
MountPath string `json:"mount_path,omitempty"`
|
2020-07-01 18:03:22 -07:00
|
|
|
|
|
|
|
|
// name
|
|
|
|
|
// Required: true
|
|
|
|
|
// Pattern: ^[a-z0-9-]{3,63}$
|
|
|
|
|
Name *string `json:"name"`
|
|
|
|
|
|
|
|
|
|
// namespace
|
|
|
|
|
// Required: true
|
|
|
|
|
Namespace *string `json:"namespace"`
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
// pools
|
|
|
|
|
// Required: true
|
|
|
|
|
Pools []*Pool `json:"pools"`
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
// prometheus configuration
|
|
|
|
|
PrometheusConfiguration *PrometheusConfiguration `json:"prometheusConfiguration,omitempty"`
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
// secret key
|
|
|
|
|
SecretKey string `json:"secret_key,omitempty"`
|
|
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
// tls
|
|
|
|
|
TLS *TLSConfiguration `json:"tls,omitempty"`
|
2020-07-01 18:03:22 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Validate validates this create tenant request
|
|
|
|
|
func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
|
|
|
|
|
var res []error
|
|
|
|
|
|
2022-04-14 00:42:38 -06:00
|
|
|
if err := m.validateDomains(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
if err := m.validateEncryption(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-02 23:45:54 -07:00
|
|
|
if err := m.validateIdp(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-04 20:54:59 -07:00
|
|
|
if err := m.validateImageRegistry(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
if err := m.validateLogSearchConfiguration(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
if err := m.validateName(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.validateNamespace(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
if err := m.validatePools(formats); err != nil {
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
if err := m.validatePrometheusConfiguration(formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
if err := m.validateTLS(formats); err != nil {
|
2020-07-01 18:03:22 -07:00
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(res) > 0 {
|
|
|
|
|
return errors.CompositeValidationError(res...)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-14 00:42:38 -06:00
|
|
|
func (m *CreateTenantRequest) validateDomains(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.Domains) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.Domains != nil {
|
|
|
|
|
if err := m.Domains.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("domains")
|
|
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("domains")
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.Encryption) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.Encryption != nil {
|
|
|
|
|
if err := m.Encryption.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("encryption")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("encryption")
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-02 23:45:54 -07:00
|
|
|
func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.Idp) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.Idp != nil {
|
|
|
|
|
if err := m.Idp.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("idp")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("idp")
|
2020-08-02 23:45:54 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-04 20:54:59 -07:00
|
|
|
func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.ImageRegistry) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.ImageRegistry != nil {
|
|
|
|
|
if err := m.ImageRegistry.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("image_registry")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("image_registry")
|
2020-08-04 20:54:59 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
func (m *CreateTenantRequest) validateLogSearchConfiguration(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.LogSearchConfiguration) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.LogSearchConfiguration != nil {
|
|
|
|
|
if err := m.LogSearchConfiguration.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("logSearchConfiguration")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("logSearchConfiguration")
|
2021-04-21 01:39:14 -05:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if err := validate.Required("name", "body", m.Name); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
if err := validate.Pattern("name", "body", *m.Name, `^[a-z0-9-]{3,63}$`); err != nil {
|
2020-07-01 18:03:22 -07:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) validateNamespace(formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if err := validate.Required("namespace", "body", m.Namespace); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
func (m *CreateTenantRequest) validatePools(formats strfmt.Registry) error {
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
if err := validate.Required("pools", "body", m.Pools); err != nil {
|
|
|
|
|
return err
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
for i := 0; i < len(m.Pools); i++ {
|
|
|
|
|
if swag.IsZero(m.Pools[i]) { // not required
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.Pools[i] != nil {
|
|
|
|
|
if err := m.Pools[i].Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("pools" + "." + strconv.Itoa(i))
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("pools" + "." + strconv.Itoa(i))
|
2020-12-07 09:49:51 -06:00
|
|
|
}
|
|
|
|
|
return err
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
}
|
|
|
|
|
}
|
2020-12-07 09:49:51 -06:00
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-21 01:39:14 -05:00
|
|
|
func (m *CreateTenantRequest) validatePrometheusConfiguration(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.PrometheusConfiguration) { // not required
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if m.PrometheusConfiguration != nil {
|
|
|
|
|
if err := m.PrometheusConfiguration.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("prometheusConfiguration")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("prometheusConfiguration")
|
2021-04-21 01:39:14 -05:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
|
|
|
|
|
if swag.IsZero(m.TLS) { // not required
|
|
|
|
|
return nil
|
2020-07-01 18:03:22 -07:00
|
|
|
}
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
if m.TLS != nil {
|
|
|
|
|
if err := m.TLS.Validate(formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("tls")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("tls")
|
2020-07-01 18:03:22 -07:00
|
|
|
}
|
2020-12-07 09:49:51 -06:00
|
|
|
return err
|
2020-07-01 18:03:22 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
// ContextValidate validate this create tenant request based on the context it is used
|
|
|
|
|
func (m *CreateTenantRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
var res []error
|
|
|
|
|
|
2022-04-14 00:42:38 -06:00
|
|
|
if err := m.contextValidateDomains(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
if err := m.contextValidateEncryption(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidateIdp(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidateImageRegistry(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidateLogSearchConfiguration(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidatePools(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidatePrometheusConfiguration(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := m.contextValidateTLS(ctx, formats); err != nil {
|
|
|
|
|
res = append(res, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(res) > 0 {
|
|
|
|
|
return errors.CompositeValidationError(res...)
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-14 00:42:38 -06:00
|
|
|
func (m *CreateTenantRequest) contextValidateDomains(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.Domains != nil {
|
|
|
|
|
if err := m.Domains.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("domains")
|
|
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("domains")
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-08 12:35:39 -07:00
|
|
|
func (m *CreateTenantRequest) contextValidateEncryption(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.Encryption != nil {
|
|
|
|
|
if err := m.Encryption.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("encryption")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("encryption")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidateIdp(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.Idp != nil {
|
|
|
|
|
if err := m.Idp.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("idp")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("idp")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidateImageRegistry(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.ImageRegistry != nil {
|
|
|
|
|
if err := m.ImageRegistry.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("image_registry")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("image_registry")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidateLogSearchConfiguration(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.LogSearchConfiguration != nil {
|
|
|
|
|
if err := m.LogSearchConfiguration.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("logSearchConfiguration")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("logSearchConfiguration")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidatePools(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
for i := 0; i < len(m.Pools); i++ {
|
|
|
|
|
|
|
|
|
|
if m.Pools[i] != nil {
|
|
|
|
|
if err := m.Pools[i].ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("pools" + "." + strconv.Itoa(i))
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("pools" + "." + strconv.Itoa(i))
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidatePrometheusConfiguration(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.PrometheusConfiguration != nil {
|
|
|
|
|
if err := m.PrometheusConfiguration.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("prometheusConfiguration")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("prometheusConfiguration")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *CreateTenantRequest) contextValidateTLS(ctx context.Context, formats strfmt.Registry) error {
|
|
|
|
|
|
|
|
|
|
if m.TLS != nil {
|
|
|
|
|
if err := m.TLS.ContextValidate(ctx, formats); err != nil {
|
|
|
|
|
if ve, ok := err.(*errors.Validation); ok {
|
|
|
|
|
return ve.ValidateName("tls")
|
2022-01-12 18:59:14 -08:00
|
|
|
} else if ce, ok := err.(*errors.CompositeError); ok {
|
|
|
|
|
return ce.ValidateName("tls")
|
2021-06-08 12:35:39 -07:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
// MarshalBinary interface implementation
|
|
|
|
|
func (m *CreateTenantRequest) MarshalBinary() ([]byte, error) {
|
|
|
|
|
if m == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
return swag.WriteJSON(m)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalBinary interface implementation
|
|
|
|
|
func (m *CreateTenantRequest) UnmarshalBinary(b []byte) error {
|
|
|
|
|
var res CreateTenantRequest
|
|
|
|
|
if err := swag.ReadJSON(b, &res); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
*m = res
|
|
|
|
|
return nil
|
|
|
|
|
}
|