Merge branch 'master' into disable-support-non-activated

Author: cniackz

.github/workflows/jobs.yaml

@@ -4,6 +4,12 @@ linters-settings:
 
   misspell:
     locale: US
+    
+  goheader:
+    values:
+      regexp:
+        copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
+    template-path: .license.tmpl
 
 linters:
   disable-all: true
@@ -28,13 +34,6 @@ linters:
     - tenv
     - durationcheck
 
-linters-settings:
-  goheader:
-    values:
-      regexp:
-        copyright-holder: Copyright \(c\) (20\d\d\-20\d\d)|2021|({{year}})
-    template-path: .license.tmpl
-
 service:
   golangci-lint-version: 1.43.0 # use the fixed version to not introduce new linters unexpectedly
 
@@ -52,3 +51,4 @@ run:
   skip-dirs:
     - pkg/clientgen
     - pkg/apis/networking.gke.io
+    - restapi/operations

.golangci.yml

@@ -0,0 +1 @@
+17

.nvmrc

@@ -1,4 +1,5 @@
-FROM node:17 as uilayer
+ARG NODE_VERSION
+FROM node:$NODE_VERSION as uilayer
 
 WORKDIR /app
 

CREDITS

@@ -1,4 +1,5 @@
-FROM node:17 as uilayer
+ARG NODE_VERSION
+FROM node:$NODE_VERSION as uilayer
 
 WORKDIR /app
 

Dockerfile

@@ -6,6 +6,7 @@ BUILD_TIME:=$(shell date 2>/dev/null)
 TAG ?= "minio/console:$(BUILD_VERSION)-dev"
 MINIO_VERSION ?= "quay.io/minio/minio:latest"
 TARGET_BUCKET ?= "target"
+NODE_VERSION := $(shell cat .nvmrc)
 
 default: console
 
@@ -15,13 +16,13 @@ console:
 	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue,operator --ldflags "-s -w" -o console ./cmd/console)
 
 k8sdev:
-	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' --build-arg NODE_VERSION='$(NODE_VERSION)' .
 	@kind load docker-image $(TAG)
 	@echo "Done, now restart your console deployment"
 
 getdeps:
 	@mkdir -p ${GOPATH}/bin
-	@echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin v1.45.2
+	@echo "Installing golangci-lint" && curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin
 
 verifiers: getdeps fmt lint
 
@@ -63,7 +64,8 @@ swagger-operator:
 	@swagger generate server -A operator --main-package=operator --server-package=operatorapi --exclude-main -P models.Principal -f ./swagger-operator.yml -r NOTICE
 
 assets:
-	@(cd portal-ui; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
+	@(if [ -f "${NVM_DIR}/nvm.sh" ]; then \. "${NVM_DIR}/nvm.sh" && nvm install && nvm use && npm install -g yarn ; fi &&\
+	  cd portal-ui; yarn install --prefer-offline; make build-static; yarn prettier --write . --loglevel warn; cd ..)
 
 test-integration:
 	@(docker stop pgsqlcontainer || true)
@@ -261,7 +263,7 @@ clean:
 	@rm -vf console
 
 docker:
-	@docker buildx build --output=type=docker --platform linux/amd64 -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@docker buildx build --output=type=docker --platform linux/amd64 -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' --build-arg NODE_VERSION='$(NODE_VERSION)' .
 
 release: swagger-gen
 	@echo "Generating Release: $(RELEASE)"

Dockerfile.assets

@@ -1541,7 +1541,6 @@ func getTenantLogsResponse(session *models.Principal, params operator_api.GetTen
 func setTenantLogsResponse(session *models.Principal, params operator_api.SetTenantLogsParams) (bool, *models.Error) {
 	ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
 	defer cancel()
-
 	opClientClientSet, err := cluster.OperatorClient(session.STSSessionToken)
 	if err != nil {
 		return false, restapi.ErrorWithContext(ctx, err, restapi.ErrUnableToGetTenantUsage)
@@ -1725,6 +1724,7 @@ func setTenantLogsResponse(session *models.Principal, params operator_api.SetTen
 				minTenant.Spec.Log.Db.Annotations = dbAnnotations
 				minTenant.Spec.Log.Db.NodeSelector = dbNodeSelector
 				minTenant.Spec.Log.Db.Image = params.Data.DbImage
+				minTenant.Spec.Log.Db.InitImage = params.Data.DbInitImage
 				minTenant.Spec.Log.Db.ServiceAccountName = params.Data.DbServiceAccountName
 				minTenant.Spec.Log.Db.SecurityContext, err = convertModelSCToK8sSC(params.Data.DbSecurityContext)
 				if err != nil {

Makefile

@@ -180,8 +180,9 @@ const (
 // or data key provided as plaintext.
 //
 // The returned ciphertext data consists of:
-//    AEAD ID | iv | nonce | encrypted data
-//       1      16		 12     ~ len(data)
+//
+//	AEAD ID | iv | nonce | encrypted data
+//	   1      16		 12     ~ len(data)
 func encrypt(plaintext, associatedData []byte) ([]byte, error) {
 	iv, err := sioutil.Random(16) // 16 bytes IV
 	if err != nil {

operatorapi/tenants.go

@@ -19,8 +19,6 @@ package certs
 import (
 	"bytes"
 	"context"
-	"crypto"
-	"crypto/ecdsa"
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
@@ -213,24 +211,7 @@ func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error) {
 		}
 		keyPEMBlock = pem.EncodeToMemory(&pem.Block{Type: key.Type, Bytes: decryptedKey})
 	}
-	cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
-	if err != nil {
-		return tls.Certificate{}, err
-	}
-	// Ensure that the private key is not a P-384 or P-521 EC key.
-	// The Go TLS stack does not provide constant-time implementations of P-384 and P-521.
-	if priv, ok := cert.PrivateKey.(crypto.Signer); ok {
-		if pub, ok := priv.Public().(*ecdsa.PublicKey); ok {
-			switch pub.Params().Name {
-			case "P-384":
-				fallthrough
-			case "P-521":
-				// unfortunately there is no cleaner way to check
-				return tls.Certificate{}, fmt.Errorf("tls: the ECDSA curve '%s' is not supported", pub.Params().Name)
-			}
-		}
-	}
-	return cert, nil
+	return tls.X509KeyPair(certPEMBlock, keyPEMBlock)
 }
 
 func GetTLSConfig() (x509Certs []*x509.Certificate, manager *xcerts.Manager, err error) {