diff --git a/cmd/console/server.go b/cmd/console/server.go index ebd20e4f6..171b50f5f 100644 --- a/cmd/console/server.go +++ b/cmd/console/server.go @@ -47,12 +47,12 @@ var serverCmd = cli.Command{ }, cli.StringFlag{ Name: "tls-host", - Value: restapi.GetSSLHostname(), + Value: restapi.GetTLSHostname(), Usage: "HTTPS server hostname", }, cli.IntFlag{ Name: "tls-port", - Value: restapi.GetSSLPort(), + Value: restapi.GetTLSPort(), Usage: "HTTPS server port", }, cli.StringFlag{ diff --git a/k8s/console/base/minio-operator.yaml b/k8s/console/base/minio-operator.yaml index 641e9a5b8..e14ee6cb3 100644 --- a/k8s/console/base/minio-operator.yaml +++ b/k8s/console/base/minio-operator.yaml @@ -426,7 +426,7 @@ spec: externalCertSecret: description: ExternalCertSecret allows a user to specify custom - CA certificate, and private key for group replication SSL. + CA certificate, and private key for group replication TLS. properties: name: type: string diff --git a/models/idp_configuration.go b/models/idp_configuration.go index 9d8fb7fac..a743069ab 100644 --- a/models/idp_configuration.go +++ b/models/idp_configuration.go @@ -130,8 +130,8 @@ type IdpConfigurationActiveDirectory struct { // server insecure ServerInsecure bool `json:"server_insecure,omitempty"` - // skip ssl verification - SkipSslVerification bool `json:"skip_ssl_verification,omitempty"` + // skip tls verification + SkipTLSVerification bool `json:"skip_tls_verification,omitempty"` // url // Required: true diff --git a/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx b/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx index 77a896b1e..2f4df5a5c 100644 --- a/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx +++ b/portal-ui/src/screens/Console/Tenants/ListTenants/AddTenant.tsx @@ -111,7 +111,7 @@ const AddTenant = ({ const [accessKey, setAccessKey] = useState(""); const [secretKey, setSecretKey] = useState(""); const [enableConsole, setEnableConsole] = useState(true); - const [enableSSL, setEnableSSL] = useState(false); + const [enableTLS, setEnableTLS] = useState(false); const [sizeFactor, setSizeFactor] = useState("Gi"); const [storageClasses, setStorageClassesList] = useState([]); const [validationErrors, setValidationErrors] = useState({}); @@ -274,7 +274,7 @@ const AddTenant = ({ name: tenantName, service_name: tenantName, image: imageName, - enable_ssl: enableSSL, + enable_tls: enableTLS, enable_console: enableConsole, access_key: accessKey, secret_key: secretKey, @@ -750,17 +750,17 @@ const AddTenant = ({ { const targetD = e.target; const checked = targetD.checked; - setEnableSSL(checked); + setEnableTLS(checked); }} - label={"Enable SSL"} + label={"Enable TLS"} /> @@ -882,9 +882,9 @@ const AddTenant = ({ - Enable SSL + Enable TLS - {enableSSL ? "Enabled" : "Disabled"} + {enableTLS ? "Enabled" : "Disabled"} diff --git a/restapi/admin_tenants.go b/restapi/admin_tenants.go index 8fd166049..90e856095 100644 --- a/restapi/admin_tenants.go +++ b/restapi/admin_tenants.go @@ -420,7 +420,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create url := *tenantReq.Idp.ActiveDirectory.URL userNameFormat := *tenantReq.Idp.ActiveDirectory.UsernameFormat userSearchFilter := *tenantReq.Idp.ActiveDirectory.UserSearchFilter - tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipSslVerification + tlsSkipVerify := tenantReq.Idp.ActiveDirectory.SkipTLSVerification serverInsecure := tenantReq.Idp.ActiveDirectory.ServerInsecure groupSearchDN := tenantReq.Idp.ActiveDirectory.GroupSearchBaseDn groupSearchFilter := tenantReq.Idp.ActiveDirectory.GroupSearchFilter diff --git a/restapi/client.go b/restapi/client.go index 019089804..376a4d653 100644 --- a/restapi/client.go +++ b/restapi/client.go @@ -249,7 +249,7 @@ func newMinioClient(claims *models.Principal) (*minio.Client, error) { // newS3BucketClient creates a new mc S3Client to talk to the server based on a bucket func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Client, error) { endpoint := getMinIOServer() - useSSL := getMinIOEndpointIsSecure() + useTLS := getMinIOEndpointIsSecure() if strings.TrimSpace(bucketName) != "" { endpoint += fmt.Sprintf("/%s", bucketName) @@ -259,7 +259,7 @@ func newS3BucketClient(claims *models.Principal, bucketName string) (*mc.S3Clien return nil, fmt.Errorf("the provided credentials are invalid") } - s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useSSL) + s3Config := newS3Config(endpoint, claims.AccessKeyID, claims.SecretAccessKey, claims.SessionToken, !useTLS) client, pErr := mc.S3New(s3Config) if pErr != nil { return nil, pErr.Cause diff --git a/restapi/config.go b/restapi/config.go index da3810216..9811cfad0 100644 --- a/restapi/config.go +++ b/restapi/config.go @@ -105,15 +105,15 @@ func GetPort() int { return port } -// GetSSLHostname gets console ssl hostname set on env variable +// GetTLSHostname gets console tls hostname set on env variable // or default one -func GetSSLHostname() string { +func GetTLSHostname() string { return strings.ToLower(env.Get(ConsoleTLSHostname, TLSHostname)) } -// GetSSLPort gets console ssl port set on env variable +// GetTLSPort gets console tls port set on env variable // or default one -func GetSSLPort() int { +func GetTLSPort() int { port, err := strconv.Atoi(env.Get(ConsoleTLSPort, TLSPort)) if err != nil { port = 9443 @@ -171,14 +171,14 @@ func getSecureHostsProxyHeaders() []string { return []string{} } -// If SSLRedirect is set to true, then only allow HTTPS requests. Default is true. -func getSSLRedirect() bool { - return strings.ToLower(env.Get(ConsoleSecureSSLRedirect, TLSRedirect)) == "on" +// If TLSRedirect is set to true, then only allow HTTPS requests. Default is true. +func getTLSRedirect() bool { + return strings.ToLower(env.Get(ConsoleSecureTLSRedirect, TLSRedirect)) == "on" } -// SSLHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host. -func getSecureSSLHost() string { - return env.Get(ConsoleSecureSSLHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort)) +// TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host. +func getSecureTLSHost() string { + return env.Get(ConsoleSecureTLSHost, fmt.Sprintf("%s:%s", TLSHostname, TLSPort)) } // STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header. @@ -200,9 +200,9 @@ func getSecureSTSPreload() bool { return strings.ToLower(env.Get(ConsoleSecureSTSPreload, "off")) == "on" } -// If SSLTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301). -func getSecureSSLTemporaryRedirect() bool { - return strings.ToLower(env.Get(ConsoleSecureSSLTemporaryRedirect, "off")) == "on" +// If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301). +func getSecureTLSTemporaryRedirect() bool { + return strings.ToLower(env.Get(ConsoleSecureTLSTemporaryRedirect, "off")) == "on" } // STS header is only included when the connection is HTTPS. diff --git a/restapi/configure_console.go b/restapi/configure_console.go index 0586b40bc..cc348ad0d 100644 --- a/restapi/configure_console.go +++ b/restapi/configure_console.go @@ -149,12 +149,12 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler { AllowedHosts: getSecureAllowedHosts(), AllowedHostsAreRegex: getSecureAllowedHostsAreRegex(), HostsProxyHeaders: getSecureHostsProxyHeaders(), - SSLRedirect: getSSLRedirect(), - SSLHost: getSecureSSLHost(), + SSLRedirect: getTLSRedirect(), + SSLHost: getSecureTLSHost(), STSSeconds: getSecureSTSSeconds(), STSIncludeSubdomains: getSecureSTSIncludeSubdomains(), STSPreload: getSecureSTSPreload(), - SSLTemporaryRedirect: getSecureSSLTemporaryRedirect(), + SSLTemporaryRedirect: getSecureTLSTemporaryRedirect(), SSLHostFunc: nil, ForceSTSHeader: getSecureForceSTSHeader(), FrameDeny: getSecureFrameDeny(), diff --git a/restapi/consts.go b/restapi/consts.go index f8995dc33..85c683910 100644 --- a/restapi/consts.go +++ b/restapi/consts.go @@ -41,9 +41,9 @@ const ( ConsoleSecureSTSSeconds = "CONSOLE_SECURE_STS_SECONDS" ConsoleSecureSTSIncludeSubdomains = "CONSOLE_SECURE_STS_INCLUDE_SUB_DOMAINS" ConsoleSecureSTSPreload = "CONSOLE_SECURE_STS_PRELOAD" - ConsoleSecureSSLRedirect = "CONSOLE_SECURE_SSL_REDIRECT" - ConsoleSecureSSLHost = "CONSOLE_SECURE_SSL_HOST" - ConsoleSecureSSLTemporaryRedirect = "CONSOLE_SECURE_SSL_TEMPORARY_REDIRECT" + ConsoleSecureTLSRedirect = "CONSOLE_SECURE_TLS_REDIRECT" + ConsoleSecureTLSHost = "CONSOLE_SECURE_TLS_HOST" + ConsoleSecureTLSTemporaryRedirect = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT" ConsoleSecureForceSTSHeader = "CONSOLE_SECURE_FORCE_STS_HEADER" ConsoleSecurePublicKey = "CONSOLE_SECURE_PUBLIC_KEY" ConsoleSecureReferrerPolicy = "CONSOLE_SECURE_REFERRER_POLICY" diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go index fba4c760e..1b8ecaaba 100644 --- a/restapi/embedded_spec.go +++ b/restapi/embedded_spec.go @@ -2235,7 +2235,7 @@ func init() { "server_insecure": { "type": "boolean" }, - "skip_ssl_verification": { + "skip_tls_verification": { "type": "boolean" }, "url": { @@ -5341,7 +5341,7 @@ func init() { "server_insecure": { "type": "boolean" }, - "skip_ssl_verification": { + "skip_tls_verification": { "type": "boolean" }, "url": { @@ -6149,7 +6149,7 @@ func init() { "server_insecure": { "type": "boolean" }, - "skip_ssl_verification": { + "skip_tls_verification": { "type": "boolean" }, "url": { diff --git a/swagger.yml b/swagger.yml index d4def579b..b570546be 100644 --- a/swagger.yml +++ b/swagger.yml @@ -1901,7 +1901,7 @@ definitions: type: string group_name_attribute: type: string - skip_ssl_verification: + skip_tls_verification: type: boolean server_insecure: type: boolean