Other Fixes

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>

.github/workflows/goreleaser.yml

@@ -2,30 +2,35 @@ name: goreleaser
 
 on:
   pull_request:
+    branches:
+      - master
   push:
+    branches:
+      - master
 
 jobs:
   goreleaser:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Checkout
+      - name: Checkout
         uses: actions/checkout@v3
-      -
-        name: Set up Go
+      - name: Set up Go
         uses: actions/setup-go@v3
         with:
           go-version: 1.20.x
-      -
-        # Add support for more platforms with QEMU (optional)
+      - # Add support for more platforms with QEMU (optional)
         # https://github.com/docker/setup-qemu-action
         name: Set up QEMU
         uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2          
-      -
-        name: Run GoReleaser
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Set up swagger
+        run: |
+          download_url=$(curl -s https://api.github.com/repos/go-swagger/go-swagger/releases/latest | \
+            jq -r '.assets[] | select(.name | contains("'"$(uname | tr '[:upper:]' '[:lower:]')"'_amd64")) | .browser_download_url')
+          curl -o /usr/local/bin/swagger -L'#' "$download_url"
+          chmod +x /usr/local/bin/swagger
+      - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v4
         with:
           version: latest

.github/workflows/ui.yaml

@@ -440,30 +440,6 @@ jobs:
           repository: wadey/gocovmerge
           path: gocovmerge
 
-      - uses: actions/cache@v3
-        id: coverage-cache
-        name: Coverage Cache
-        with:
-          path: |
-            ./integration/coverage/
-          key: ${{ runner.os }}-coverage-2-${{ github.run_id }}
-
-      - uses: actions/cache@v3
-        id: coverage-cache-sso
-        name: Coverage Cache SSO
-        with:
-          path: |
-            ./sso-integration/coverage/
-          key: ${{ runner.os }}-sso-coverage-2-${{ github.run_id }}
-
-      - uses: actions/cache@v3
-        id: coverage-cache-replication
-        name: Coverage Cache Replication
-        with:
-          path: |
-            ./replication/coverage/
-          key: ${{ runner.os }}-replication-coverage-2-${{ github.run_id }}
-
       - uses: actions/cache@v3
         id: coverage-cache-operator
         name: Coverage Cache Operator
@@ -472,14 +448,6 @@ jobs:
             ./operator-integration/coverage/
           key: ${{ runner.os }}-coverage-2-operator-${{ github.run_id }}
 
-      - uses: actions/cache@v3
-        id: coverage-cache-restapi
-        name: Coverage Cache RestAPI
-        with:
-          path: |
-            ./restapi/coverage/
-          key: ${{ runner.os }}-coverage-restapi-2-${{ github.run_id }}
-
       - uses: actions/cache@v3
         id: coverage-cache-unittest-operatorapi
         name: Coverage Cache unit test operatorAPI
@@ -488,14 +456,6 @@ jobs:
             ./api/coverage/
           key: ${{ runner.os }}-coverage-unittest-operatorapi-2-${{ github.run_id }}
 
-      - uses: actions/cache@v3
-        id: coverage-cache-pkg
-        name: Coverage Cache Pkg
-        with:
-          path: |
-            ./pkg/coverage/
-          key: ${{ runner.os }}-coverage-pkg-2-${{ github.run_id }}
-
       # Get the replication.out file from the artifact since this is working for self host runner.
       - uses: actions/download-artifact@v3
         with:
@@ -513,7 +473,7 @@ jobs:
           echo "go build gocoverage.go"
           go build gocovmerge.go
           echo "put together the outs for final coverage resolution"
-          ./gocovmerge ../integration/coverage/system.out ../replication/coverage/replication.out ../sso-integration/coverage/sso-system.out ../restapi/coverage/coverage.out ../pkg/coverage/coverage-pkg.out ../operator-integration/coverage/operator-api.out ../api/coverage/coverage-unit-test-operatorapi.out > all.out
+          ./gocovmerge ../operator-integration/coverage/operator-api.out ../api/coverage/coverage-unit-test-operatorapi.out > all.out
           echo "Download mc for Ubuntu"
           wget -q https://dl.min.io/client/mc/release/linux-amd64/mc
           echo "Change the permissions to execute mc command"

Makefile

@@ -136,4 +136,4 @@ test-operator-integration:
 	@(cd operator-integration && go test -coverpkg=../api -c -tags testrunmain . && mkdir -p coverage && ./operator-integration.test -test.v -test.run "^Test*" -test.coverprofile=coverage/operator-api.out)
 
 test-operator:
-	@(env bash $(PWD)/portal-ui/tests/scripts/operator.sh)
+	@(env bash $(PWD)/web-app/tests/scripts/operator.sh)

api/configure_operator.go

@@ -51,7 +51,7 @@ import (
 	"github.com/minio/operator/models"
 )
 
-//go:generate swagger generate server --target ../../console --name Operator --spec ../swagger.yml --server-package api --principal models.Principal --exclude-main
+//go:generate swagger generate server --target ../ --name Operator --spec ../swagger.yml --server-package api --principal models.Principal --exclude-main
 
 var additionalServerFlags = struct {
 	CertsDir string `long:"certs-dir" description:"path to certs directory" env:"CONSOLE_CERTS_DIR"`

api/consts.go

@@ -35,11 +35,16 @@ const (
 	KESImageVersion = "minio/kes:v0.17.6"
 
 	// Constants for common configuration
-	MinIOServer        = "OPERATOR_MINIO_SERVER"
+	MinioImage         = "OPERATOR_MINIO_IMAGE"
 	OperatorUIHostname = "OPERATOR_HOSTNAME"
 	OperatorUIPort     = "OPERATOR_PORT"
 	OperatorUITLSPort  = "OPERATOR_TLS_PORT"
 
+	// K8sAPIServer address of the K8s API
+	K8sAPIServer = "OPERATOR_K8S_API_SERVER"
+	// K8SAPIServerTLSRootCA location of the root CA
+	K8SAPIServerTLSRootCA = "OPERATOR_K8S_API_SERVER_TLS_ROOT_CA"
+
 	// Constants for Secure middleware
 	SecureAllowedHosts                    = "OPERATOR_SECURE_ALLOWED_HOSTS"
 	SecureAllowedHostsAreRegex            = "OPERATOR_SECURE_ALLOWED_HOSTS_ARE_REGEX"

api/cookies.go

@@ -20,7 +20,7 @@ import (
 	"net/http"
 	"time"
 
-	xjwt "github.com/minio/console/pkg/auth/token"
+	xjwt "github.com/minio/operator/pkg/auth/token"
 )
 
 // NewSessionCookieForConsole creates a cookie for a token

api/directpv.go

@@ -22,14 +22,14 @@ import (
 	"sort"
 	"strings"
 
+	directpvclient "github.com/minio/directpv/pkg/client"
 	"github.com/minio/directpv/pkg/utils"
 
 	"github.com/go-openapi/runtime/middleware"
 	directcsi "github.com/minio/directpv/pkg/apis/direct.csi.min.io/v1beta4"
 	"github.com/minio/directpv/pkg/sys"
 	"github.com/minio/operator/api/operations"
 	"github.com/minio/operator/api/operations/operator_api"
-	"github.com/minio/operator/cluster"
 	"github.com/minio/operator/models"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -145,7 +145,7 @@ func getDirectPVDriveList(ctx context.Context, driveInterface DirectPVDrivesClie
 func getDirectPVDrivesListResponse(session *models.Principal) (*models.GetDirectPVDriveListResponse, *models.Error) {
 	ctx := context.Background()
 
-	driveInterface, err := cluster.DirectPVDriveInterface(session.STSSessionToken)
+	driveInterface, err := DirectPVDriveInterface(session.STSSessionToken)
 	if err != nil {
 		return nil, ErrorWithContext(ctx, err)
 	}
@@ -201,7 +201,7 @@ func getDirectPVVolumesList(ctx context.Context, volumeInterface DirectPVVolumes
 func getDirectPVVolumesListResponse(session *models.Principal) (*models.GetDirectPVVolumeListResponse, *models.Error) {
 	ctx := context.Background()
 
-	volumeInterface, err := cluster.DirectPVVolumeInterface(session.STSSessionToken)
+	volumeInterface, err := DirectPVVolumeInterface(session.STSSessionToken)
 	if err != nil {
 		return nil, ErrorWithContext(ctx, err)
 	}
@@ -311,7 +311,7 @@ func formatDrives(ctx context.Context, driveInterface DirectPVDrivesClientI, dri
 func formatVolumesResponse(session *models.Principal, params operator_api.DirectPVFormatDriveParams) (*models.FormatDirectPVDrivesResponse, *models.Error) {
 	ctx := context.Background()
 
-	driveInterface, err := cluster.DirectPVDriveInterface(session.STSSessionToken)
+	driveInterface, err := DirectPVDriveInterface(session.STSSessionToken)
 	if err != nil {
 		return nil, ErrorWithContext(ctx, err)
 	}
@@ -326,3 +326,15 @@ func formatVolumesResponse(session *models.Principal, params operator_api.Direct
 	}
 	return formatResult, nil
 }
+
+// DirectPV interfaces  required to fetch information
+
+// DirectPVDriveInterface returns a directpv client
+func DirectPVDriveInterface(token string) (*directpvclient.DirectCSIDriveInterface, error) {
+	return directpvclient.DirectCSIDriveInterfaceForConfig(GetK8sConfig(token))
+}
+
+// DirectPVVolumeInterface returns a volume client
+func DirectPVVolumeInterface(token string) (*directpvclient.DirectCSIVolumeInterface, error) {
+	return directpvclient.DirectCSIVolumeInterfaceForConfig(GetK8sConfig(token))
+}

cluster/config.go → api/kubernetes.go

@@ -1,5 +1,5 @@
 // This file is part of MinIO Operator
-// Copyright (c) 2021 MinIO, Inc.
+// Copyright (c) 2023 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -14,20 +14,17 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-package cluster
+package api
 
 import (
-	"io/ioutil"
 	"net"
 	"strings"
-	"time"
-
-	xhttp "github.com/minio/console/pkg/http"
-	"github.com/minio/console/restapi"
-
-	"github.com/minio/console/pkg/utils"
 
+	operator "github.com/minio/operator/pkg/client/clientset/versioned"
 	"github.com/minio/pkg/env"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	certutil "k8s.io/client-go/util/cert"
 )
 
 // GetK8sAPIServer returns the URL to use for the k8s api
@@ -51,34 +48,44 @@ func getK8sAPIServerTLSRootCA() string {
 	return strings.TrimSpace(env.Get(K8SAPIServerTLSRootCA, ""))
 }
 
-// GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
-// /var/run/secrets/kubernetes.io/serviceaccount/namespace file
-func GetNsFromFile() string {
-	dat, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
-	if err != nil {
-		return "default"
+// getTLSClientConfig will return the right TLS configuration for the K8S client based on the configured TLS certificate
+func getTLSClientConfig() rest.TLSClientConfig {
+	defaultRootCAFile := "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	customRootCAFile := getK8sAPIServerTLSRootCA()
+	tlsClientConfig := rest.TLSClientConfig{}
+	// if console is running inside k8s by default he will have access to the CA Cert from the k8s local authority
+	if _, err := certutil.NewPool(defaultRootCAFile); err == nil {
+		tlsClientConfig.CAFile = defaultRootCAFile
 	}
-	return string(dat)
+	// if the user explicitly define a custom CA certificate, instead, we will use that
+	if customRootCAFile != "" {
+		if _, err := certutil.NewPool(customRootCAFile); err == nil {
+			tlsClientConfig.CAFile = customRootCAFile
+		}
+	}
+	return tlsClientConfig
 }
 
-// GetMinioImage returns the image URL to be used when deploying a MinIO instance, if there is
-// a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
-// if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
-func GetMinioImage() (*string, error) {
-	image := strings.TrimSpace(env.Get(MinioImage, ""))
-	// if there is a preferred image configured by the user we'll always return that
-	if image != "" {
-		return &image, nil
-	}
-	client := restapi.GetConsoleHTTPClient("")
-	client.Timeout = 5 * time.Second
-	latestMinIOImage, errLatestMinIOImage := utils.GetLatestMinIOImage(
-		&xhttp.Client{
-			Client: client,
-		})
+// This operation will run only once at console startup
+var tlsClientConfig = getTLSClientConfig()
 
-	if errLatestMinIOImage != nil {
-		return nil, errLatestMinIOImage
+// GetK8sConfig returns the config for k8s api
+func GetK8sConfig(token string) *rest.Config {
+	config := &rest.Config{
+		Host:            GetK8sAPIServer(),
+		TLSClientConfig: tlsClientConfig,
+		APIPath:         "/",
+		BearerToken:     token,
 	}
-	return latestMinIOImage, nil
+	return config
+}
+
+// GetOperatorClient returns an operator client using GetK8sConfig for its config
+func GetOperatorClient(token string) (*operator.Clientset, error) {
+	return operator.NewForConfig(GetK8sConfig(token))
+}
+
+// K8sClient returns kubernetes client using GetK8sConfig for its config
+func K8sClient(token string) (*kubernetes.Clientset, error) {
+	return kubernetes.NewForConfig(GetK8sConfig(token))
 }

api/marketplace.go

@@ -29,7 +29,6 @@ import (
 	"github.com/golang-jwt/jwt/v4"
 	"github.com/minio/operator/api/operations"
 	"github.com/minio/operator/api/operations/operator_api"
-	"github.com/minio/operator/cluster"
 	"github.com/minio/operator/models"
 	"github.com/minio/operator/pkg"
 	"github.com/minio/pkg/env"
@@ -67,7 +66,7 @@ func registerMarketplaceHandlers(api *operations.OperatorAPI) {
 }
 
 func getMPIntegrationResponse(session *models.Principal, params operator_api.GetMPIntegrationParams) (*operator_api.GetMPIntegrationOKBody, *models.Error) {
-	clientSet, err := cluster.K8sClient(session.STSSessionToken)
+	clientSet, err := K8sClient(session.STSSessionToken)
 	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	if err != nil {
@@ -91,7 +90,7 @@ func getMPEmail(ctx context.Context, clientSet K8sClientI) (bool, error) {
 }
 
 func postMPIntegrationResponse(session *models.Principal, params operator_api.PostMPIntegrationParams) *models.Error {
-	clientSet, err := cluster.K8sClient(session.STSSessionToken)
+	clientSet, err := K8sClient(session.STSSessionToken)
 	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
 	if err != nil {

api/minio.go

@@ -0,0 +1,48 @@
+// This file is part of MinIO Operator
+// Copyright (c) 2023 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package api
+
+import (
+	"strings"
+	"time"
+
+	xhttp "github.com/minio/operator/pkg/http"
+	"github.com/minio/operator/pkg/utils"
+	"github.com/minio/pkg/env"
+)
+
+// GetMinioImage returns the image URL to be used when deploying a MinIO instance, if there is
+// a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
+// if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
+func GetMinioImage() (*string, error) {
+	image := strings.TrimSpace(env.Get(MinioImage, ""))
+	// if there is a preferred image configured by the user we'll always return that
+	if image != "" {
+		return &image, nil
+	}
+	client := GetConsoleHTTPClient("")
+	client.Timeout = 5 * time.Second
+	latestMinIOImage, errLatestMinIOImage := utils.GetLatestMinIOImage(
+		&xhttp.Client{
+			Client: client,
+		})
+
+	if errLatestMinIOImage != nil {
+		return nil, errLatestMinIOImage
+	}
+	return latestMinIOImage, nil
+}