2020-04-01 18:18:57 -07:00
|
|
|
swagger: "2.0"
|
|
|
|
|
info:
|
|
|
|
|
title: MinIO Console Server
|
|
|
|
|
version: 0.1.0
|
|
|
|
|
consumes:
|
|
|
|
|
- application/json
|
|
|
|
|
produces:
|
|
|
|
|
- application/json
|
|
|
|
|
schemes:
|
|
|
|
|
- http
|
2020-04-30 10:50:51 -07:00
|
|
|
- ws
|
2020-04-03 13:17:31 -07:00
|
|
|
basePath: /api/v1
|
2020-04-01 18:18:57 -07:00
|
|
|
# We are going to be taking `Authorization: Bearer TOKEN` header for our authentication
|
|
|
|
|
securityDefinitions:
|
|
|
|
|
key:
|
|
|
|
|
type: oauth2
|
|
|
|
|
flow: accessCode
|
|
|
|
|
authorizationUrl: http://min.io
|
|
|
|
|
tokenUrl: http://min.io
|
|
|
|
|
# Apply the key security definition to all APIs
|
|
|
|
|
security:
|
|
|
|
|
- key: []
|
|
|
|
|
paths:
|
2020-04-16 13:56:12 -07:00
|
|
|
/login:
|
|
|
|
|
get:
|
|
|
|
|
summary: Returns login strategy, form or sso.
|
|
|
|
|
operationId: LoginDetail
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/loginDetails"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
# Exclude this API from the authentication requirement
|
|
|
|
|
security: []
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
post:
|
2020-07-25 14:38:16 -07:00
|
|
|
summary: Login to Console
|
2020-04-16 13:56:12 -07:00
|
|
|
operationId: Login
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/loginRequest"
|
2020-04-16 13:56:12 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful login.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/loginResponse"
|
2020-04-16 13:56:12 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
# Exclude this API from the authentication requirement
|
|
|
|
|
security: []
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-07-08 13:55:08 -07:00
|
|
|
/login/operator:
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
post:
|
2020-07-08 13:55:08 -07:00
|
|
|
summary: Login to Operator Console.
|
|
|
|
|
operationId: LoginOperator
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-13 20:36:27 -07:00
|
|
|
$ref: "#/definitions/loginOperatorRequest"
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful login.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/loginResponse"
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
security: []
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-05-01 08:38:52 -07:00
|
|
|
/login/oauth2/auth:
|
|
|
|
|
post:
|
|
|
|
|
summary: Identity Provider oauth2 callback endpoint.
|
|
|
|
|
operationId: LoginOauth2Auth
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/loginOauth2AuthRequest"
|
2020-05-01 08:38:52 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful login.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/loginResponse"
|
2020-05-01 08:38:52 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
security: []
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-04-16 13:56:12 -07:00
|
|
|
/logout:
|
|
|
|
|
post:
|
2020-07-25 14:38:16 -07:00
|
|
|
summary: Logout from Console.
|
2020-04-16 13:56:12 -07:00
|
|
|
operationId: Logout
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
|
|
|
|
/session:
|
|
|
|
|
get:
|
|
|
|
|
summary: Endpoint to check if your session is still valid
|
|
|
|
|
operationId: SessionCheck
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/sessionResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-12-07 17:11:08 -06:00
|
|
|
/account/change-password:
|
|
|
|
|
post:
|
|
|
|
|
summary: Change password of currently logged in user.
|
|
|
|
|
operationId: AccountChangePassword
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/accountChangePasswordRequest"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful login.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/loginResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/buckets:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Buckets
|
|
|
|
|
operationId: ListBuckets
|
|
|
|
|
parameters:
|
|
|
|
|
- name: sort_by
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listBucketsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Make bucket
|
|
|
|
|
operationId: MakeBucket
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/makeBucketRequest"
|
2020-04-01 18:18:57 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/buckets/{name}:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: Bucket Info
|
|
|
|
|
operationId: BucketInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucket"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
delete:
|
|
|
|
|
summary: Delete Bucket
|
|
|
|
|
operationId: DeleteBucket
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-12-03 13:45:45 -06:00
|
|
|
/buckets/{bucket_name}/retention:
|
|
|
|
|
put:
|
|
|
|
|
summary: Set Bucket's retention config
|
|
|
|
|
operationId: SetBucketRetentionConfig
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/putBucketRetentionRequest"
|
2020-12-03 13:45:45 -06:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-09-29 14:34:51 -07:00
|
|
|
/buckets/{bucket_name}/objects:
|
|
|
|
|
get:
|
|
|
|
|
summary: List Objects
|
|
|
|
|
operationId: ListObjects
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
- name: recursive
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: boolean
|
2020-10-06 16:07:33 -07:00
|
|
|
- name: with_versions
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: boolean
|
2020-09-29 14:34:51 -07:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listObjectsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-10-01 17:00:32 -07:00
|
|
|
delete:
|
|
|
|
|
summary: Delete Object
|
|
|
|
|
operationId: DeleteObject
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: path
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
- name: recursive
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: boolean
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-09-29 14:34:51 -07:00
|
|
|
|
2020-10-14 23:09:33 -07:00
|
|
|
/buckets/{bucket_name}/objects/upload:
|
|
|
|
|
post:
|
|
|
|
|
summary: Uploads an Object.
|
|
|
|
|
consumes:
|
|
|
|
|
- multipart/form-data
|
|
|
|
|
parameters:
|
|
|
|
|
- in: formData
|
|
|
|
|
name: upfile
|
|
|
|
|
type: file
|
|
|
|
|
required: true
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-10-09 11:43:15 -07:00
|
|
|
/buckets/{bucket_name}/objects/download:
|
|
|
|
|
get:
|
|
|
|
|
summary: Download Object
|
|
|
|
|
operationId: Download Object
|
|
|
|
|
produces:
|
|
|
|
|
- application/octet-stream
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
2020-11-19 15:04:13 -08:00
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
2020-12-03 11:37:53 -06:00
|
|
|
required: false
|
2020-11-19 15:04:13 -08:00
|
|
|
type: string
|
2020-10-09 11:43:15 -07:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
type: file
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-10-22 11:18:27 -07:00
|
|
|
/buckets/{bucket_name}/objects/share:
|
|
|
|
|
get:
|
|
|
|
|
summary: Shares an Object on a url
|
|
|
|
|
operationId: ShareObject
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: expires
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
type: string
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-10-22 16:23:29 -07:00
|
|
|
/buckets/{bucket_name}/objects/legalhold:
|
|
|
|
|
put:
|
|
|
|
|
summary: Put Object's legalhold status
|
|
|
|
|
operationId: PutObjectLegalHold
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/putObjectLegalHoldRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-10-23 15:04:02 -07:00
|
|
|
/buckets/{bucket_name}/objects/retention:
|
|
|
|
|
put:
|
|
|
|
|
summary: Put Object's retention status
|
|
|
|
|
operationId: PutObjectRetention
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/putObjectRetentionRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-12-03 16:21:44 -06:00
|
|
|
delete:
|
|
|
|
|
summary: Delete Object retention from an object
|
|
|
|
|
operationId: DeleteObjectRetention
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-10-23 15:04:02 -07:00
|
|
|
|
2020-10-28 16:08:26 -07:00
|
|
|
/buckets/{bucket_name}/objects/tags:
|
|
|
|
|
put:
|
|
|
|
|
summary: Put Object's tags
|
|
|
|
|
operationId: PutObjectTags
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: prefix
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: version_id
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/putObjectTagsRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/buckets/{name}/set-policy:
|
2020-04-01 18:18:57 -07:00
|
|
|
put:
|
|
|
|
|
summary: Bucket Set Policy
|
|
|
|
|
operationId: BucketSetPolicy
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/setBucketPolicyRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucket"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-10-01 18:59:20 -07:00
|
|
|
/buckets/{name}/quota:
|
|
|
|
|
get:
|
|
|
|
|
summary: Get Bucket Quota
|
|
|
|
|
operationId: GetBucketQuota
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listObjectsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
put:
|
|
|
|
|
summary: Bucket Quota
|
|
|
|
|
operationId: SetBucketQuota
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/setBucketQuota"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucket"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/buckets/{bucket_name}/events:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Bucket Events
|
|
|
|
|
operationId: ListBucketEvents
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listBucketEventsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-02 20:09:36 -07:00
|
|
|
post:
|
|
|
|
|
summary: Create Bucket Event
|
|
|
|
|
operationId: CreateBucketEvent
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/bucketEventRequest"
|
2020-04-02 20:09:36 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
|
|
|
|
/buckets/{bucket_name}/events/{arn}:
|
2020-04-07 09:27:25 -07:00
|
|
|
delete:
|
|
|
|
|
summary: Delete Bucket Event
|
|
|
|
|
operationId: DeleteBucketEvent
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
2020-04-16 13:56:12 -07:00
|
|
|
- name: arn
|
2020-04-07 09:27:25 -07:00
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
2020-04-16 13:56:12 -07:00
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/notificationDeleteRequest"
|
2020-04-07 09:27:25 -07:00
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-09-28 12:46:08 -05:00
|
|
|
/buckets/{bucket_name}/replication:
|
|
|
|
|
get:
|
|
|
|
|
summary: Bucket Replication
|
|
|
|
|
operationId: GetBucketReplication
|
|
|
|
|
parameters:
|
2020-09-29 14:34:51 -07:00
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
2020-09-28 12:46:08 -05:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucketReplicationResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Add Bucket Replication
|
|
|
|
|
operationId: AddBucketReplication
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/addBucketReplication"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
/buckets/{bucket_name}/versioning:
|
|
|
|
|
get:
|
|
|
|
|
summary: Bucket Versioning
|
|
|
|
|
operationId: GetBucketVersioning
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucketVersioningResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
put:
|
|
|
|
|
summary: Set Bucket Versioning
|
|
|
|
|
operationId: SetBucketVersioning
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/setBucketVersioning"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-10-25 12:56:23 -07:00
|
|
|
/buckets/{bucket_name}/encryption/enable:
|
|
|
|
|
post:
|
|
|
|
|
summary: Enable bucket encryption.
|
|
|
|
|
operationId: EnableBucketEncryption
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucketEncryptionRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
|
|
|
|
/buckets/{bucket_name}/encryption/disable:
|
|
|
|
|
post:
|
|
|
|
|
summary: Disable bucket encryption.
|
|
|
|
|
operationId: DisableBucketEncryption
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
|
|
|
|
/buckets/{bucket_name}/encryption/info:
|
|
|
|
|
get:
|
|
|
|
|
summary: Get bucket encryption information.
|
|
|
|
|
operationId: GetBucketEncryptionInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: bucket_name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bucketEncryptionInfo"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-04-29 18:28:28 -07:00
|
|
|
/service-accounts:
|
2020-05-04 15:48:38 -07:00
|
|
|
get:
|
|
|
|
|
summary: List User's Service Accounts
|
|
|
|
|
operationId: ListUserServiceAccounts
|
|
|
|
|
parameters:
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/serviceAccounts"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-29 18:28:28 -07:00
|
|
|
post:
|
|
|
|
|
summary: Create Service Account
|
|
|
|
|
operationId: CreateServiceAccount
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/serviceAccountRequest"
|
2020-04-29 18:28:28 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/serviceAccountCreds"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
|
2020-05-04 15:48:38 -07:00
|
|
|
/service-accounts/{access_key}:
|
|
|
|
|
delete:
|
|
|
|
|
summary: Delete Service Account
|
|
|
|
|
operationId: DeleteServiceAccount
|
|
|
|
|
parameters:
|
|
|
|
|
- name: access_key
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
2020-04-29 18:28:28 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/users:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Users
|
|
|
|
|
operationId: ListUsers
|
|
|
|
|
parameters:
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listUsersResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Add User
|
|
|
|
|
operationId: AddUser
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/addUserRequest"
|
2020-04-01 18:18:57 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/user"
|
2020-04-01 18:18:57 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-06 20:07:32 -05:00
|
|
|
/users/{name}:
|
2020-04-09 18:39:49 -05:00
|
|
|
get:
|
|
|
|
|
summary: Get User Info
|
|
|
|
|
operationId: GetUserInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/user"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
2020-07-09 12:24:01 -07:00
|
|
|
- AdminAPI
|
2020-04-09 18:39:49 -05:00
|
|
|
put:
|
|
|
|
|
summary: Update User Info
|
|
|
|
|
operationId: UpdateUserInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/updateUser"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/user"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-06 20:07:32 -05:00
|
|
|
delete:
|
|
|
|
|
summary: Remove user
|
|
|
|
|
operationId: RemoveUser
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-08 19:38:18 -05:00
|
|
|
/users/{name}/groups:
|
|
|
|
|
put:
|
|
|
|
|
summary: Update Groups for a user
|
|
|
|
|
operationId: UpdateUserGroups
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/updateUserGroups"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/user"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-15 20:08:35 -05:00
|
|
|
/users-groups-bulk:
|
|
|
|
|
put:
|
|
|
|
|
summary: Bulk functionality to Add Users to Groups
|
|
|
|
|
operationId: BulkUpdateUsersGroups
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/bulkUserGroups"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/groups:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Groups
|
|
|
|
|
operationId: ListGroups
|
|
|
|
|
parameters:
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listGroupsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Add Group
|
|
|
|
|
operationId: AddGroup
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/addGroupRequest"
|
2020-04-01 18:18:57 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/groups/{name}:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: Group info
|
|
|
|
|
operationId: GroupInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/group"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
delete:
|
2020-04-02 09:57:59 -07:00
|
|
|
summary: Remove group
|
2020-04-01 18:18:57 -07:00
|
|
|
operationId: RemoveGroup
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
put:
|
|
|
|
|
summary: Update Group Members or Status
|
|
|
|
|
operationId: UpdateGroup
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/updateGroupRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/group"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/policies:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Policies
|
|
|
|
|
operationId: ListPolicies
|
|
|
|
|
parameters:
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listPoliciesResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Add Policy
|
|
|
|
|
operationId: AddPolicy
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/addPolicyRequest"
|
2020-04-01 18:18:57 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/policy"
|
2020-04-01 18:18:57 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/policies/{name}:
|
2020-04-01 18:18:57 -07:00
|
|
|
delete:
|
|
|
|
|
summary: Remove policy
|
|
|
|
|
operationId: RemovePolicy
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
get:
|
|
|
|
|
summary: Policy info
|
|
|
|
|
operationId: PolicyInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/policy"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/configs:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: List Configurations
|
|
|
|
|
operationId: ListConfig
|
|
|
|
|
parameters:
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listConfigResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/set-policy/{name}:
|
2020-04-01 18:18:57 -07:00
|
|
|
put:
|
|
|
|
|
summary: Set policy
|
|
|
|
|
operationId: SetPolicy
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/setPolicyRequest"
|
2020-04-01 18:18:57 -07:00
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-11-30 15:23:14 -08:00
|
|
|
/set-policy-multi/{name}:
|
|
|
|
|
put:
|
|
|
|
|
summary: Set policy to multiple users/groups
|
|
|
|
|
operationId: SetPolicyMultiple
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/setPolicyMultipleRequest"
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/configs/{name}:
|
2020-04-01 18:18:57 -07:00
|
|
|
get:
|
|
|
|
|
summary: Configuration info
|
|
|
|
|
operationId: ConfigInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/configuration"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
put:
|
|
|
|
|
summary: Set Configuration
|
|
|
|
|
operationId: SetConfig
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/setConfigRequest"
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/service/restart:
|
2020-04-01 18:18:57 -07:00
|
|
|
post:
|
|
|
|
|
summary: Restart Service
|
|
|
|
|
operationId: RestartService
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-03 13:17:31 -07:00
|
|
|
/profiling/start:
|
2020-04-02 09:57:59 -07:00
|
|
|
post:
|
|
|
|
|
summary: Start recording profile data
|
|
|
|
|
operationId: ProfilingStart
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/profilingStartRequest"
|
2020-04-02 09:57:59 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/startProfilingList"
|
2020-04-02 09:57:59 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/profiling/stop:
|
2020-04-02 09:57:59 -07:00
|
|
|
post:
|
|
|
|
|
summary: Stop and download profile data
|
|
|
|
|
operationId: ProfilingStop
|
|
|
|
|
produces:
|
|
|
|
|
- application/octet-stream
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
type: file
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 13:17:31 -07:00
|
|
|
/admin/info:
|
2020-04-02 20:15:39 -07:00
|
|
|
get:
|
|
|
|
|
summary: Returns information about the deployment
|
|
|
|
|
operationId: AdminInfo
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/adminInfoResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-03 14:27:47 -07:00
|
|
|
/admin/arns:
|
|
|
|
|
get:
|
|
|
|
|
summary: Returns a list of active ARNs in the instance
|
|
|
|
|
operationId: ArnList
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/arnsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-04-09 16:07:26 -07:00
|
|
|
/admin/notification_endpoints:
|
|
|
|
|
get:
|
|
|
|
|
summary: Returns a list of active notification endpoints
|
|
|
|
|
operationId: NotificationEndpointList
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/notifEndpointResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Allows to configure a new notification endpoint
|
|
|
|
|
operationId: AddNotificationEndpoint
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/notificationEndpoint"
|
2020-04-09 16:07:26 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/notificationEndpoint"
|
2020-04-09 16:07:26 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-04-16 13:56:12 -07:00
|
|
|
|
2020-09-28 12:46:08 -05:00
|
|
|
/remote-buckets:
|
|
|
|
|
get:
|
|
|
|
|
summary: List Remote Buckets
|
|
|
|
|
operationId: ListRemoteBuckets
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listRemoteBucketsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Add Remote Bucket
|
|
|
|
|
operationId: AddRemoteBucket
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/createRemoteBucket"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
|
|
|
|
/remote-buckets/{name}:
|
|
|
|
|
get:
|
|
|
|
|
summary: Remote Bucket Details
|
|
|
|
|
operationId: RemoteBucketDetails
|
|
|
|
|
parameters:
|
|
|
|
|
- name: name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/remoteBucket"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
/remote-buckets/{source-bucket-name}/{arn}:
|
|
|
|
|
delete:
|
|
|
|
|
summary: Delete Remote Bucket
|
|
|
|
|
operationId: DeleteRemoteBucket
|
|
|
|
|
parameters:
|
|
|
|
|
- name: source-bucket-name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: arn
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- UserAPI
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
/tenants:
|
|
|
|
|
get:
|
|
|
|
|
summary: List Tenant of All Namespaces
|
|
|
|
|
operationId: ListAllTenants
|
|
|
|
|
parameters:
|
|
|
|
|
- name: sort_by
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listTenantsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
post:
|
|
|
|
|
summary: Create Tenant
|
|
|
|
|
operationId: CreateTenant
|
|
|
|
|
parameters:
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/createTenantRequest"
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/createTenantResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
|
|
|
|
/namespaces/{namespace}/tenants:
|
|
|
|
|
get:
|
|
|
|
|
summary: List Tenants by Namespace
|
|
|
|
|
operationId: ListTenants
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: sort_by
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: string
|
|
|
|
|
- name: offset
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
- name: limit
|
|
|
|
|
in: query
|
|
|
|
|
required: false
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/listTenantsResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
|
|
|
|
/namespaces/{namespace}/tenants/{tenant}:
|
|
|
|
|
get:
|
|
|
|
|
summary: Tenant Info
|
|
|
|
|
operationId: TenantInfo
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/tenant"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
delete:
|
2020-08-19 20:34:43 -07:00
|
|
|
summary: Delete tenant and underlying pvcs
|
2020-07-01 18:03:22 -07:00
|
|
|
operationId: DeleteTenant
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
2020-08-19 20:34:43 -07:00
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: false
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/deleteTenantRequest"
|
2020-07-01 18:03:22 -07:00
|
|
|
responses:
|
|
|
|
|
204:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
put:
|
|
|
|
|
summary: Update Tenant
|
|
|
|
|
operationId: UpdateTenant
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/updateTenantRequest"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
/namespaces/{namespace}/tenants/{tenant}/pools:
|
2020-07-13 20:36:27 -07:00
|
|
|
post:
|
2020-12-07 09:49:51 -06:00
|
|
|
summary: Tenant Add Pool
|
|
|
|
|
operationId: TenantAddPool
|
2020-07-13 20:36:27 -07:00
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/pool"
|
2020-07-13 20:36:27 -07:00
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-09-17 06:44:16 -07:00
|
|
|
put:
|
2020-12-07 09:49:51 -06:00
|
|
|
summary: Tenant Update Pools
|
|
|
|
|
operationId: TenantUpdatePools
|
2020-08-26 17:12:59 -07:00
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/poolUpdateRequest"
|
2020-08-26 17:12:59 -07:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/tenant"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-07-13 20:36:27 -07:00
|
|
|
|
2020-07-27 14:19:40 -07:00
|
|
|
/namespaces/{namespace}/tenants/{tenant}/usage:
|
|
|
|
|
get:
|
|
|
|
|
summary: Get Usage For The Tenant
|
|
|
|
|
operationId: GetTenantUsage
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/tenantUsage"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
2020-09-03 10:20:58 -07:00
|
|
|
- AdminAPI
|
|
|
|
|
|
|
|
|
|
/namespaces/{namespace}/tenants/{tenant}/certificates:
|
|
|
|
|
put:
|
|
|
|
|
summary: Tenant Update Certificates
|
|
|
|
|
operationId: TenantUpdateCertificate
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/tlsConfiguration"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
|
|
|
|
/namespaces/{namespace}/tenants/{tenant}/encryption:
|
|
|
|
|
put:
|
|
|
|
|
summary: Tenant Update Encryption
|
|
|
|
|
operationId: TenantUpdateEncryption
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: tenant
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: body
|
|
|
|
|
in: body
|
|
|
|
|
required: true
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/encryptionConfiguration"
|
|
|
|
|
responses:
|
|
|
|
|
201:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
2020-07-27 14:19:40 -07:00
|
|
|
- AdminAPI
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
/namespaces/{namespace}/resourcequotas/{resource-quota-name}:
|
|
|
|
|
get:
|
|
|
|
|
summary: Get Resource Quota
|
|
|
|
|
operationId: GetResourceQuota
|
|
|
|
|
parameters:
|
|
|
|
|
- name: namespace
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
- name: resource-quota-name
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: string
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/resourceQuota"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-09-02 17:06:02 -07:00
|
|
|
/cluster/max-allocatable-memory:
|
2020-08-28 21:06:45 -07:00
|
|
|
get:
|
2020-09-02 17:06:02 -07:00
|
|
|
summary: Get maximum allocatable memory for given number of nodes
|
|
|
|
|
operationId: GetMaxAllocatableMem
|
|
|
|
|
parameters:
|
|
|
|
|
- name: num_nodes
|
|
|
|
|
in: query
|
|
|
|
|
required: true
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
minimum: 1
|
2020-08-28 21:06:45 -07:00
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
2020-09-02 17:06:02 -07:00
|
|
|
$ref: "#/definitions/maxAllocatableMemResponse"
|
2020-08-28 21:06:45 -07:00
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
2020-07-01 18:03:22 -07:00
|
|
|
|
2020-09-22 11:15:21 -07:00
|
|
|
/get-parity/{nodes}/{disksPerNode}:
|
|
|
|
|
get:
|
|
|
|
|
summary: Gets parity by sending number of nodes & number of disks
|
|
|
|
|
operationId: GetParity
|
|
|
|
|
parameters:
|
|
|
|
|
- name: nodes
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: integer
|
|
|
|
|
minimum: 2
|
|
|
|
|
- name: disksPerNode
|
|
|
|
|
in: path
|
|
|
|
|
required: true
|
|
|
|
|
type: integer
|
|
|
|
|
minimum: 1
|
|
|
|
|
responses:
|
|
|
|
|
200:
|
|
|
|
|
description: A successful response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/parityResponse"
|
|
|
|
|
default:
|
|
|
|
|
description: Generic error response.
|
|
|
|
|
schema:
|
|
|
|
|
$ref: "#/definitions/error"
|
|
|
|
|
tags:
|
|
|
|
|
- AdminAPI
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
definitions:
|
2020-12-07 17:11:08 -06:00
|
|
|
|
|
|
|
|
accountChangePasswordRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- current_secret_key
|
|
|
|
|
- new_secret_key
|
|
|
|
|
properties:
|
|
|
|
|
current_secret_key:
|
|
|
|
|
type: string
|
|
|
|
|
new_secret_key:
|
|
|
|
|
type: string
|
|
|
|
|
|
2020-10-25 12:56:23 -07:00
|
|
|
bucketEncryptionType:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- sse-s3
|
|
|
|
|
- sse-kms
|
|
|
|
|
default: sse-s3
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
bucketAccess:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- PRIVATE
|
|
|
|
|
- PUBLIC
|
|
|
|
|
- CUSTOM
|
|
|
|
|
default: PRIVATE
|
2020-09-29 14:34:51 -07:00
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
bucket:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
minLength: 3
|
|
|
|
|
size:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
access:
|
|
|
|
|
$ref: "#/definitions/bucketAccess"
|
|
|
|
|
creation_date:
|
|
|
|
|
type: string
|
2020-09-29 14:34:51 -07:00
|
|
|
|
2020-10-25 12:56:23 -07:00
|
|
|
bucketEncryptionRequest:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
encType:
|
|
|
|
|
$ref: "#/definitions/bucketEncryptionType"
|
|
|
|
|
kmsKeyID:
|
|
|
|
|
type: string
|
|
|
|
|
|
|
|
|
|
bucketEncryptionInfo:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
kmsMasterKeyID:
|
|
|
|
|
type: string
|
|
|
|
|
algorithm:
|
|
|
|
|
type: string
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
listBucketsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
buckets:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/bucket"
|
|
|
|
|
title: list of resulting buckets
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: number of buckets accessible to tenant user
|
2020-09-29 14:34:51 -07:00
|
|
|
|
|
|
|
|
listObjectsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
objects:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/bucketObject"
|
|
|
|
|
title: list of resulting objects
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: number of objects
|
|
|
|
|
|
|
|
|
|
bucketObject:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
size:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
content_type:
|
|
|
|
|
type: string
|
|
|
|
|
last_modified:
|
|
|
|
|
type: string
|
2020-10-06 16:07:33 -07:00
|
|
|
is_latest:
|
|
|
|
|
type: boolean
|
|
|
|
|
is_delete_marker:
|
|
|
|
|
type: boolean
|
|
|
|
|
version_id:
|
|
|
|
|
type: string
|
|
|
|
|
user_tags:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
expiration:
|
|
|
|
|
type: string
|
|
|
|
|
expiration_rule_id:
|
|
|
|
|
type: string
|
|
|
|
|
legal_hold_status:
|
|
|
|
|
type: string
|
|
|
|
|
retention_mode:
|
|
|
|
|
type: string
|
|
|
|
|
retention_until_date:
|
|
|
|
|
type: string
|
2020-10-28 16:08:26 -07:00
|
|
|
tags:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-09-29 14:34:51 -07:00
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
makeBucketRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
2020-09-28 12:46:08 -05:00
|
|
|
versioning:
|
|
|
|
|
type: boolean
|
2020-10-01 18:59:20 -07:00
|
|
|
quota:
|
|
|
|
|
$ref: "#/definitions/setBucketQuota"
|
2020-12-11 10:22:25 -06:00
|
|
|
retention:
|
|
|
|
|
$ref: "#/definitions/putBucketRetentionRequest"
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
error:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- message
|
|
|
|
|
properties:
|
|
|
|
|
code:
|
|
|
|
|
type: integer
|
2020-09-04 20:32:57 -07:00
|
|
|
format: int32
|
2020-04-01 18:18:57 -07:00
|
|
|
message:
|
|
|
|
|
type: string
|
|
|
|
|
user:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
policy:
|
|
|
|
|
type: string
|
|
|
|
|
memberOf:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
listUsersResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
users:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/user"
|
|
|
|
|
title: list of resulting users
|
|
|
|
|
addUserRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- accessKey
|
|
|
|
|
- secretKey
|
2020-04-09 18:39:49 -05:00
|
|
|
- groups
|
2020-04-01 18:18:57 -07:00
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
secretKey:
|
|
|
|
|
type: string
|
2020-04-09 18:39:49 -05:00
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-04-01 18:18:57 -07:00
|
|
|
group:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
members:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
policy:
|
|
|
|
|
type: string
|
|
|
|
|
addGroupRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- group
|
|
|
|
|
- members
|
|
|
|
|
properties:
|
|
|
|
|
group:
|
|
|
|
|
type: string
|
|
|
|
|
members:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
listGroupsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
title: list of groups
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: total number of groups
|
|
|
|
|
policy:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
2020-04-06 19:10:10 -07:00
|
|
|
policy:
|
2020-04-01 18:18:57 -07:00
|
|
|
type: string
|
|
|
|
|
policyEntity:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- user
|
|
|
|
|
- group
|
|
|
|
|
default: user
|
|
|
|
|
setPolicyRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- entityType
|
|
|
|
|
- entityName
|
|
|
|
|
properties:
|
|
|
|
|
entityType:
|
|
|
|
|
$ref: "#/definitions/policyEntity"
|
|
|
|
|
entityName:
|
|
|
|
|
type: string
|
2020-11-30 15:23:14 -08:00
|
|
|
|
|
|
|
|
setPolicyMultipleRequest:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
users:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/iamEntity"
|
|
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/iamEntity"
|
|
|
|
|
|
|
|
|
|
iamEntity:
|
|
|
|
|
type: string
|
|
|
|
|
pattern: '^[\w+=,.@-]{1,64}$'
|
|
|
|
|
|
2020-04-01 18:18:57 -07:00
|
|
|
addPolicyRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- name
|
2020-04-06 19:10:10 -07:00
|
|
|
- policy
|
2020-04-01 18:18:57 -07:00
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
2020-04-06 19:10:10 -07:00
|
|
|
policy:
|
2020-04-01 18:18:57 -07:00
|
|
|
type: string
|
|
|
|
|
listPoliciesResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
policies:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/policy"
|
|
|
|
|
title: list of policies
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: total number of policies
|
|
|
|
|
updateGroupRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- members
|
|
|
|
|
- status
|
|
|
|
|
properties:
|
|
|
|
|
members:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
configDescription:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
type: string
|
|
|
|
|
description:
|
|
|
|
|
type: string
|
|
|
|
|
configurationKV:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
type: string
|
|
|
|
|
value:
|
|
|
|
|
type: string
|
|
|
|
|
configuration:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
key_values:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/configurationKV"
|
|
|
|
|
listConfigResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
configurations:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
2020-07-09 12:24:01 -07:00
|
|
|
$ref: "#/definitions/configDescription"
|
2020-04-01 18:18:57 -07:00
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: total number of configurations
|
|
|
|
|
setConfigRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- key_values
|
|
|
|
|
properties:
|
|
|
|
|
key_values:
|
|
|
|
|
type: array
|
|
|
|
|
minItems: 1
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/configurationKV"
|
|
|
|
|
arn_resource_id:
|
|
|
|
|
type: string
|
|
|
|
|
title: Used if configuration is an event notification's target
|
|
|
|
|
notificationEventType:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- put
|
|
|
|
|
- delete
|
|
|
|
|
- get
|
|
|
|
|
notificationConfig:
|
|
|
|
|
type: object
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
required:
|
2020-04-02 20:09:36 -07:00
|
|
|
- arn
|
2020-04-01 18:18:57 -07:00
|
|
|
properties:
|
|
|
|
|
id:
|
|
|
|
|
type: string
|
|
|
|
|
arn:
|
|
|
|
|
type: string
|
|
|
|
|
events:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/notificationEventType"
|
|
|
|
|
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
|
|
|
|
|
prefix:
|
|
|
|
|
type: string
|
|
|
|
|
title: "filter event associated to the specified prefix"
|
|
|
|
|
suffix:
|
|
|
|
|
type: string
|
|
|
|
|
title: "filter event associated to the specified suffix"
|
2020-04-16 13:56:12 -07:00
|
|
|
notificationDeleteRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- events
|
|
|
|
|
- prefix
|
|
|
|
|
- suffix
|
|
|
|
|
properties:
|
|
|
|
|
events:
|
|
|
|
|
type: array
|
|
|
|
|
minLength: 1
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/notificationEventType"
|
|
|
|
|
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
|
|
|
|
|
prefix:
|
|
|
|
|
type: string
|
|
|
|
|
title: "filter event associated to the specified prefix"
|
|
|
|
|
suffix:
|
|
|
|
|
type: string
|
|
|
|
|
title: "filter event associated to the specified suffix"
|
2020-04-02 20:09:36 -07:00
|
|
|
bucketEventRequest:
|
|
|
|
|
type: object
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
required:
|
2020-04-02 20:09:36 -07:00
|
|
|
- configuration
|
|
|
|
|
properties:
|
|
|
|
|
configuration:
|
|
|
|
|
$ref: "#/definitions/notificationConfig"
|
|
|
|
|
ignoreExisting:
|
|
|
|
|
type: boolean
|
2020-09-28 12:46:08 -05:00
|
|
|
bucketReplicationRuleMarker:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- Enabled
|
|
|
|
|
- Disabled
|
|
|
|
|
bucketReplicationDestination:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
bucket:
|
|
|
|
|
type: string
|
|
|
|
|
bucketReplicationRule:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
id:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- Enabled
|
|
|
|
|
- Disabled
|
|
|
|
|
priority:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
delete_marker_replication:
|
|
|
|
|
$ref: "#/definitions/bucketReplicationRuleMarker"
|
|
|
|
|
destination:
|
|
|
|
|
$ref: "#/definitions/bucketReplicationDestination"
|
|
|
|
|
|
|
|
|
|
bucketReplicationResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
rules:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/bucketReplicationRule"
|
|
|
|
|
# missimng
|
|
|
|
|
# "Filter": {
|
|
|
|
|
# "And": {},
|
|
|
|
|
# "Tag": {}
|
|
|
|
|
# }
|
|
|
|
|
# }
|
|
|
|
|
#}
|
|
|
|
|
addBucketReplication:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
arn:
|
|
|
|
|
type: string
|
|
|
|
|
destination_bucket:
|
|
|
|
|
type: string
|
2020-04-01 18:18:57 -07:00
|
|
|
listBucketEventsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
events:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/notificationConfig"
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: total number of bucket events
|
|
|
|
|
setBucketPolicyRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- access
|
|
|
|
|
properties:
|
|
|
|
|
access:
|
2020-04-02 09:57:59 -07:00
|
|
|
$ref: "#/definitions/bucketAccess"
|
2020-10-01 18:59:20 -07:00
|
|
|
setBucketQuota:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- enabled
|
|
|
|
|
properties:
|
|
|
|
|
enabled:
|
|
|
|
|
type: boolean
|
|
|
|
|
quota_type:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- fifo
|
|
|
|
|
- hard
|
|
|
|
|
amount:
|
|
|
|
|
type: integer
|
2020-04-01 18:18:57 -07:00
|
|
|
loginDetails:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
loginStrategy:
|
|
|
|
|
type: string
|
2020-07-09 12:24:01 -07:00
|
|
|
enum: [form, redirect, service-account]
|
2020-04-01 18:18:57 -07:00
|
|
|
redirect:
|
|
|
|
|
type: string
|
2020-05-01 08:38:52 -07:00
|
|
|
loginOauth2AuthRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- state
|
|
|
|
|
- code
|
|
|
|
|
properties:
|
|
|
|
|
state:
|
|
|
|
|
type: string
|
|
|
|
|
code:
|
|
|
|
|
type: string
|
2020-07-08 13:55:08 -07:00
|
|
|
loginOperatorRequest:
|
MCS service account authentication with Mkube (#166)
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)
Kubernetes
The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.
Development
If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI
Extract the Service account token and use it with MCS
For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:
```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```
Then run the mcs server
```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```
Self-signed certificates and Custom certificate authority for Mkube
If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable
````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- jwt
|
|
|
|
|
properties:
|
|
|
|
|
jwt:
|
|
|
|
|
type: string
|
2020-04-01 18:18:57 -07:00
|
|
|
loginRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- accessKey
|
|
|
|
|
- secretKey
|
|
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
secretKey:
|
|
|
|
|
type: string
|
|
|
|
|
loginResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
sessionId:
|
|
|
|
|
type: string
|
|
|
|
|
# Structure that holds the `Bearer {TOKEN}` present on authenticated requests
|
|
|
|
|
principal:
|
2020-07-10 19:14:28 -07:00
|
|
|
type: object
|
|
|
|
|
properties:
|
2020-12-07 17:11:08 -06:00
|
|
|
STSAccessKeyID:
|
2020-07-10 19:14:28 -07:00
|
|
|
type: string
|
2020-12-07 17:11:08 -06:00
|
|
|
STSSecretAccessKey:
|
2020-07-10 19:14:28 -07:00
|
|
|
type: string
|
2020-12-07 17:11:08 -06:00
|
|
|
STSSessionToken:
|
2020-07-10 19:14:28 -07:00
|
|
|
type: string
|
|
|
|
|
actions:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-12-07 17:11:08 -06:00
|
|
|
accountAccessKey:
|
|
|
|
|
type: string
|
|
|
|
|
accountSecretKey:
|
|
|
|
|
type: string
|
2020-04-02 09:57:59 -07:00
|
|
|
startProfilingItem:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
nodeName:
|
|
|
|
|
type: string
|
|
|
|
|
success:
|
|
|
|
|
type: boolean
|
|
|
|
|
error:
|
|
|
|
|
type: string
|
|
|
|
|
startProfilingList:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: number of start results
|
|
|
|
|
startResults:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/startProfilingItem"
|
|
|
|
|
profilerType:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- cpu
|
|
|
|
|
- mem
|
|
|
|
|
- block
|
|
|
|
|
- mutex
|
|
|
|
|
- trace
|
|
|
|
|
- threads
|
|
|
|
|
- goroutines
|
|
|
|
|
profilingStartRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- type
|
|
|
|
|
properties:
|
|
|
|
|
type:
|
2020-04-02 15:54:34 -07:00
|
|
|
$ref: "#/definitions/profilerType"
|
|
|
|
|
sessionResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
ACL for mcs (#123)
This PR sets the initial version of the ACL for mcs, the idea behind
this is to start using the principle of least privileges when assigning
policies to users when creating users through mcs, currently mcsAdmin policy uses admin:*
and s3:* and by default a user with that policy will have access to everything, if want to limit
that we can create a policy with least privileges.
We need to start validating explicitly if users has acccess to an
specific endpoint based on IAM policy actions.
In this first version every endpoint (you can see it as a page to),
defines a set of well defined admin/s3 actions to work properly, ie:
```
// corresponds to /groups endpoint used by the groups page
var groupsActionSet = iampolicy.NewActionSet(
iampolicy.ListGroupsAdminAction,
iampolicy.AddUserToGroupAdminAction,
//iampolicy.GetGroupAdminAction,
iampolicy.EnableGroupAdminAction,
iampolicy.DisableGroupAdminAction,
)
// corresponds to /policies endpoint used by the policies page
var iamPoliciesActionSet = iampolicy.NewActionSet(
iampolicy.GetPolicyAdminAction,
iampolicy.DeletePolicyAdminAction,
iampolicy.CreatePolicyAdminAction,
iampolicy.AttachPolicyAdminAction,
iampolicy.ListUserPoliciesAdminAction,
)
```
With that said, for this initial version, now the sessions endpoint will
return a list of authorized pages to be render on the UI, on subsequent
prs we will add this verification of authorization via a server
middleware.
2020-05-18 18:03:06 -07:00
|
|
|
pages:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-04-02 15:54:34 -07:00
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
enum: [ok]
|
2020-04-02 20:15:39 -07:00
|
|
|
adminInfoResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
buckets:
|
|
|
|
|
type: integer
|
|
|
|
|
objects:
|
|
|
|
|
type: integer
|
|
|
|
|
usage:
|
|
|
|
|
type: integer
|
2020-04-03 14:27:47 -07:00
|
|
|
arnsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
arns:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-04-08 19:38:18 -05:00
|
|
|
updateUserGroups:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- groups
|
|
|
|
|
properties:
|
|
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-04-09 16:07:26 -07:00
|
|
|
nofiticationService:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- webhook
|
|
|
|
|
- amqp
|
|
|
|
|
- kafka
|
|
|
|
|
- mqtt
|
|
|
|
|
- nats
|
|
|
|
|
- nsq
|
|
|
|
|
- mysql
|
|
|
|
|
- postgres
|
|
|
|
|
- elasticsearch
|
|
|
|
|
- redis
|
|
|
|
|
notificationEndpointItem:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
service:
|
|
|
|
|
$ref: "#/definitions/nofiticationService"
|
|
|
|
|
account_id:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
notificationEndpoint:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- service
|
|
|
|
|
- account_id
|
|
|
|
|
- properties
|
|
|
|
|
properties:
|
|
|
|
|
service:
|
|
|
|
|
$ref: "#/definitions/nofiticationService"
|
|
|
|
|
account_id:
|
|
|
|
|
type: string
|
|
|
|
|
properties:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
notifEndpointResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
notification_endpoints:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/notificationEndpointItem"
|
2020-04-09 18:39:49 -05:00
|
|
|
updateUser:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- status
|
|
|
|
|
- groups
|
|
|
|
|
properties:
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-04-15 20:08:35 -05:00
|
|
|
bulkUserGroups:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- users
|
|
|
|
|
- groups
|
|
|
|
|
properties:
|
|
|
|
|
users:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
groups:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-05-04 15:48:38 -07:00
|
|
|
serviceAccounts:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
serviceAccountRequest:
|
2020-04-29 18:28:28 -07:00
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
policy:
|
|
|
|
|
type: string
|
2020-07-09 12:24:01 -07:00
|
|
|
title: "policy to be applied to the Service Account if any"
|
2020-04-29 18:28:28 -07:00
|
|
|
serviceAccountCreds:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
secretKey:
|
|
|
|
|
type: string
|
2020-09-28 12:46:08 -05:00
|
|
|
remoteBucket:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- accessKey
|
|
|
|
|
- sourceBucket
|
|
|
|
|
- remoteARN
|
|
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
minLength: 3
|
|
|
|
|
secretKey:
|
|
|
|
|
type: string
|
|
|
|
|
minLength: 8
|
|
|
|
|
sourceBucket:
|
|
|
|
|
type: string
|
|
|
|
|
targetURL:
|
|
|
|
|
type: string
|
|
|
|
|
targetBucket:
|
|
|
|
|
type: string
|
|
|
|
|
remoteARN:
|
|
|
|
|
type: string
|
|
|
|
|
status:
|
|
|
|
|
type: string
|
|
|
|
|
service:
|
|
|
|
|
type: string
|
|
|
|
|
enum: [replication]
|
|
|
|
|
createRemoteBucket:
|
|
|
|
|
required:
|
|
|
|
|
- accessKey
|
|
|
|
|
- secretKey
|
|
|
|
|
- targetURL
|
|
|
|
|
- sourceBucket
|
|
|
|
|
- targetBucket
|
|
|
|
|
properties:
|
|
|
|
|
accessKey:
|
|
|
|
|
type: string
|
|
|
|
|
minLength: 3
|
|
|
|
|
secretKey:
|
|
|
|
|
type: string
|
|
|
|
|
minLength: 8
|
|
|
|
|
targetURL:
|
|
|
|
|
type: string
|
|
|
|
|
sourceBucket:
|
|
|
|
|
type: string
|
|
|
|
|
targetBucket:
|
|
|
|
|
type: string
|
|
|
|
|
region:
|
|
|
|
|
type: string
|
|
|
|
|
listRemoteBucketsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
buckets:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/remoteBucket"
|
|
|
|
|
title: list of remote buckets
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: number of remote buckets accessible to user
|
|
|
|
|
bucketVersioningResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
is_versioned:
|
|
|
|
|
type: boolean
|
|
|
|
|
setBucketVersioning:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
versioning:
|
|
|
|
|
type: boolean
|
2020-07-09 12:24:01 -07:00
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
tenant:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
creation_date:
|
|
|
|
|
type: string
|
2020-09-05 23:37:01 -07:00
|
|
|
deletion_date:
|
|
|
|
|
type: string
|
2020-07-01 18:03:22 -07:00
|
|
|
currentState:
|
|
|
|
|
type: string
|
2020-12-07 09:49:51 -06:00
|
|
|
pools:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: array
|
|
|
|
|
items:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/pool"
|
2020-07-09 12:24:01 -07:00
|
|
|
image:
|
|
|
|
|
type: string
|
2020-09-05 23:48:51 -07:00
|
|
|
console_image:
|
|
|
|
|
type: string
|
2020-07-01 18:03:22 -07:00
|
|
|
namespace:
|
|
|
|
|
type: string
|
2020-07-09 12:24:01 -07:00
|
|
|
total_size:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
2020-09-05 23:48:51 -07:00
|
|
|
enable_prometheus:
|
|
|
|
|
type: boolean
|
2020-07-27 14:19:40 -07:00
|
|
|
|
|
|
|
|
tenantUsage:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
2020-08-03 12:11:48 -07:00
|
|
|
used:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
disk_used:
|
2020-07-09 12:24:01 -07:00
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
tenantList:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
2020-12-07 09:49:51 -06:00
|
|
|
pool_count:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: integer
|
|
|
|
|
instance_count:
|
|
|
|
|
type: integer
|
2020-07-27 18:03:47 -07:00
|
|
|
total_size:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: integer
|
|
|
|
|
volume_count:
|
|
|
|
|
type: integer
|
|
|
|
|
creation_date:
|
|
|
|
|
type: string
|
2020-09-05 23:37:01 -07:00
|
|
|
deletion_date:
|
|
|
|
|
type: string
|
2020-07-01 18:03:22 -07:00
|
|
|
currentState:
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
|
|
|
|
type: string
|
2020-08-26 17:12:59 -07:00
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
listTenantsResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
tenants:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/tenantList"
|
|
|
|
|
title: list of resulting tenants
|
|
|
|
|
total:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
title: number of tenants accessible to tenant user
|
2020-08-04 16:04:04 -07:00
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
updateTenantRequest:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
image:
|
|
|
|
|
type: string
|
|
|
|
|
pattern: "^((.*?)/(.*?):(.+))$"
|
2020-08-11 18:20:43 -07:00
|
|
|
console_image:
|
|
|
|
|
type: string
|
|
|
|
|
pattern: "^((.*?)/(.*?):(.+))$"
|
2020-08-04 20:54:59 -07:00
|
|
|
image_registry:
|
|
|
|
|
$ref: "#/definitions/imageRegistry"
|
2020-08-11 18:20:43 -07:00
|
|
|
image_pull_secret:
|
|
|
|
|
type: string
|
2020-09-05 23:48:51 -07:00
|
|
|
enable_prometheus:
|
|
|
|
|
type: boolean
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-08-04 20:54:59 -07:00
|
|
|
imageRegistry:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- registry
|
|
|
|
|
- username
|
|
|
|
|
- password
|
|
|
|
|
properties:
|
|
|
|
|
registry:
|
|
|
|
|
type: string
|
|
|
|
|
username:
|
|
|
|
|
type: string
|
|
|
|
|
password:
|
|
|
|
|
type: string
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
createTenantRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- name
|
|
|
|
|
- namespace
|
2020-12-07 09:49:51 -06:00
|
|
|
- pools
|
2020-07-01 18:03:22 -07:00
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
pattern: "^[a-z0-9-]{3,63}$"
|
|
|
|
|
image:
|
|
|
|
|
type: string
|
2020-08-11 18:20:43 -07:00
|
|
|
console_image:
|
|
|
|
|
type: string
|
2020-12-07 09:49:51 -06:00
|
|
|
pools:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: array
|
|
|
|
|
items:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/pool"
|
2020-07-01 18:03:22 -07:00
|
|
|
mounth_path:
|
|
|
|
|
type: string
|
|
|
|
|
access_key:
|
|
|
|
|
type: string
|
|
|
|
|
secret_key:
|
|
|
|
|
type: string
|
2020-07-25 14:38:16 -07:00
|
|
|
enable_console:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: boolean
|
|
|
|
|
default: true
|
2020-08-09 14:47:06 -07:00
|
|
|
enable_tls:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: boolean
|
|
|
|
|
default: true
|
2020-08-24 15:07:36 -07:00
|
|
|
enable_prometheus:
|
|
|
|
|
type: boolean
|
|
|
|
|
default: false
|
2020-07-01 18:03:22 -07:00
|
|
|
namespace:
|
|
|
|
|
type: string
|
2020-08-04 22:32:41 -07:00
|
|
|
erasureCodingParity:
|
|
|
|
|
type: integer
|
2020-07-01 18:03:22 -07:00
|
|
|
annotations:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-09-17 06:44:16 -07:00
|
|
|
labels:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-08-04 20:54:59 -07:00
|
|
|
image_registry:
|
|
|
|
|
$ref: "#/definitions/imageRegistry"
|
2020-08-11 18:20:43 -07:00
|
|
|
image_pull_secret:
|
|
|
|
|
type: string
|
2020-08-02 23:45:54 -07:00
|
|
|
idp:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/idpConfiguration"
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
tls:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/tlsConfiguration"
|
|
|
|
|
encryption:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/encryptionConfiguration"
|
2020-09-22 15:50:37 -07:00
|
|
|
console:
|
|
|
|
|
type: object
|
2020-09-29 14:34:51 -07:00
|
|
|
$ref: "#/definitions/consoleConfiguration"
|
2020-09-22 15:50:37 -07:00
|
|
|
|
|
|
|
|
metadataFields:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
annotations:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
labels:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
node_selector:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
|
2020-08-09 14:47:06 -07:00
|
|
|
keyPairConfiguration:
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- crt
|
|
|
|
|
- key
|
|
|
|
|
properties:
|
|
|
|
|
crt:
|
|
|
|
|
type: string
|
|
|
|
|
key:
|
|
|
|
|
type: string
|
|
|
|
|
|
2020-08-09 14:47:06 -07:00
|
|
|
tlsConfiguration:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
minio:
|
2020-10-05 12:09:34 -07:00
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/keyPairConfiguration"
|
2020-08-09 14:47:06 -07:00
|
|
|
console:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/keyPairConfiguration"
|
|
|
|
|
|
2020-08-02 23:45:54 -07:00
|
|
|
idpConfiguration:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
oidc:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- url
|
|
|
|
|
- client_id
|
|
|
|
|
- secret_id
|
|
|
|
|
properties:
|
|
|
|
|
url:
|
|
|
|
|
type: string
|
|
|
|
|
client_id:
|
|
|
|
|
type: string
|
|
|
|
|
secret_id:
|
|
|
|
|
type: string
|
|
|
|
|
active_directory:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- url
|
|
|
|
|
- username_format
|
|
|
|
|
- user_search_filter
|
|
|
|
|
properties:
|
|
|
|
|
url:
|
|
|
|
|
type: string
|
|
|
|
|
username_format:
|
|
|
|
|
type: string
|
|
|
|
|
user_search_filter:
|
|
|
|
|
type: string
|
|
|
|
|
group_search_base_dn:
|
|
|
|
|
type: string
|
|
|
|
|
group_search_filter:
|
|
|
|
|
type: string
|
|
|
|
|
group_name_attribute:
|
|
|
|
|
type: string
|
2020-08-09 16:08:58 -07:00
|
|
|
skip_tls_verification:
|
2020-08-02 23:45:54 -07:00
|
|
|
type: boolean
|
|
|
|
|
server_insecure:
|
|
|
|
|
type: boolean
|
|
|
|
|
|
2020-09-22 15:50:37 -07:00
|
|
|
consoleConfiguration:
|
|
|
|
|
allOf:
|
2020-09-29 14:34:51 -07:00
|
|
|
- $ref: "#/definitions/metadataFields"
|
2020-09-22 15:50:37 -07:00
|
|
|
- type: object
|
|
|
|
|
properties:
|
|
|
|
|
image:
|
|
|
|
|
type: string
|
|
|
|
|
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
encryptionConfiguration:
|
2020-09-22 15:50:37 -07:00
|
|
|
allOf:
|
2020-09-29 14:34:51 -07:00
|
|
|
- $ref: "#/definitions/metadataFields"
|
2020-09-22 15:50:37 -07:00
|
|
|
- type: object
|
|
|
|
|
properties:
|
|
|
|
|
image:
|
|
|
|
|
type: string
|
|
|
|
|
server:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/keyPairConfiguration"
|
|
|
|
|
client:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/keyPairConfiguration"
|
|
|
|
|
gemalto:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/gemaltoConfiguration"
|
|
|
|
|
aws:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/awsConfiguration"
|
|
|
|
|
vault:
|
|
|
|
|
type: object
|
|
|
|
|
$ref: "#/definitions/vaultConfiguration"
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
|
|
|
|
|
vaultConfiguration:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- endpoint
|
|
|
|
|
- approle
|
|
|
|
|
properties:
|
|
|
|
|
endpoint:
|
|
|
|
|
type: string
|
|
|
|
|
engine:
|
|
|
|
|
type: string
|
|
|
|
|
namespace:
|
|
|
|
|
type: string
|
|
|
|
|
prefix:
|
|
|
|
|
type: string
|
|
|
|
|
approle:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- id
|
|
|
|
|
- secret
|
|
|
|
|
properties:
|
|
|
|
|
engine:
|
|
|
|
|
type: string
|
|
|
|
|
id:
|
|
|
|
|
type: string
|
|
|
|
|
secret:
|
|
|
|
|
type: string
|
|
|
|
|
retry:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
status:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
ping:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
2020-08-07 20:23:03 -07:00
|
|
|
tls:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
type: string
|
|
|
|
|
crt:
|
|
|
|
|
type: string
|
|
|
|
|
ca:
|
|
|
|
|
type: string
|
TLS with user provided certificates and KES support for MinIO (#213)
This PR adds the following features:
- Allow user to provide its own keypair certificates for enable TLS in
MinIO
- Allow user to configure data encryption at rest in MinIO with KES
- Removes JWT schema for login and instead Console authentication will use
encrypted session tokens
Enable TLS between client and MinIO with user provided certificates
Instead of using AutoCert feature now the user can provide `cert` and
`key` via `tls` object, values must be valid `x509.Certificate`
formatted files encoded in `base64`
Enable encryption at rest configuring KES
User can deploy KES via Console/Operator by defining the encryption
object, AutoCert must be enabled or custom certificates for KES must be
provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`,
previous configuration of the KMS is necessary.
eg of body request for create-tenant
```
{
"name": "honeywell",
"access_key": "minio",
"secret_key": "minio123",
"enable_mcs": false,
"enable_ssl": false,
"service_name": "honeywell",
"zones": [
{
"name": "honeywell-zone-1",
"servers": 1,
"volumes_per_server": 4,
"volume_configuration": {
"size": 256000000,
"storage_class": "vsan-default-storage-policy"
}
}
],
"namespace": "default",
"tls": {
"tls.crt": "",
"tls.key": ""
},
"encryption": {
"server": {
"tls.crt": "",
"tls.key": ""
},
"client": {
"tls.crt": "",
"tls.key": ""
},
"vault": {
"endpoint": "http://vault:8200",
"prefix": "",
"approle": {
"id": "",
"secret": ""
}
}
}
}
```
2020-07-30 17:49:56 -07:00
|
|
|
|
|
|
|
|
awsConfiguration:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- secretsmanager
|
|
|
|
|
properties:
|
|
|
|
|
secretsmanager:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- endpoint
|
|
|
|
|
- region
|
|
|
|
|
- credentials
|
|
|
|
|
properties:
|
|
|
|
|
endpoint:
|
|
|
|
|
type: string
|
|
|
|
|
region:
|
|
|
|
|
type: string
|
|
|
|
|
kmskey:
|
|
|
|
|
type: string
|
|
|
|
|
credentials:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- accesskey
|
|
|
|
|
- secretkey
|
|
|
|
|
properties:
|
|
|
|
|
accesskey:
|
|
|
|
|
type: string
|
|
|
|
|
secretkey:
|
|
|
|
|
type: string
|
|
|
|
|
token:
|
|
|
|
|
type: string
|
|
|
|
|
|
|
|
|
|
gemaltoConfiguration:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- keysecure
|
|
|
|
|
properties:
|
|
|
|
|
keysecure:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- endpoint
|
|
|
|
|
- credentials
|
|
|
|
|
properties:
|
|
|
|
|
endpoint:
|
|
|
|
|
type: string
|
|
|
|
|
credentials:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- token
|
|
|
|
|
- domain
|
|
|
|
|
properties:
|
|
|
|
|
token:
|
|
|
|
|
type: string
|
|
|
|
|
domain:
|
|
|
|
|
type: string
|
|
|
|
|
retry:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
tls:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- ca
|
|
|
|
|
properties:
|
|
|
|
|
ca:
|
|
|
|
|
type: string
|
|
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
createTenantResponse:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
2020-07-30 13:55:11 -07:00
|
|
|
console:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
access_key:
|
|
|
|
|
type: string
|
|
|
|
|
secret_key:
|
|
|
|
|
type: string
|
2020-12-07 09:49:51 -06:00
|
|
|
pool:
|
2020-07-01 18:03:22 -07:00
|
|
|
type: object
|
2020-07-13 20:36:27 -07:00
|
|
|
required:
|
|
|
|
|
- servers
|
2020-07-25 14:38:16 -07:00
|
|
|
- volumes_per_server
|
|
|
|
|
- volume_configuration
|
2020-07-01 18:03:22 -07:00
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
servers:
|
|
|
|
|
type: integer
|
2020-07-25 14:38:16 -07:00
|
|
|
volumes_per_server:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int32
|
|
|
|
|
volume_configuration:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- size
|
|
|
|
|
properties:
|
|
|
|
|
size:
|
|
|
|
|
type: integer
|
|
|
|
|
storage_class_name:
|
|
|
|
|
type: string
|
2020-08-20 22:46:07 -07:00
|
|
|
labels:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-09-17 06:44:16 -07:00
|
|
|
annotations:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-07-29 01:01:17 -07:00
|
|
|
resources:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/poolResources"
|
2020-07-29 01:01:17 -07:00
|
|
|
node_selector:
|
|
|
|
|
type: object
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
description: "NodeSelector is a selector which must be true for
|
|
|
|
|
the pod to fit on a node. Selector which must match a node's
|
|
|
|
|
labels for the pod to be scheduled on that node. More info:
|
|
|
|
|
https://kubernetes.io/docs/concepts/configuration/assign-pod-node/"
|
|
|
|
|
affinity:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/poolAffinity"
|
2020-07-29 01:01:17 -07:00
|
|
|
tolerations:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/poolTolerations"
|
2020-07-29 01:01:17 -07:00
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
poolTolerations:
|
2020-07-29 01:01:17 -07:00
|
|
|
description: Tolerations allows users to set entries like effect,
|
|
|
|
|
key, operator, value.
|
|
|
|
|
items:
|
|
|
|
|
description: The pod this Toleration is attached to tolerates
|
|
|
|
|
any taint that matches the triple <key,value,effect> using
|
|
|
|
|
the matching operator <operator>.
|
|
|
|
|
properties:
|
|
|
|
|
effect:
|
|
|
|
|
description: Effect indicates the taint effect to match.
|
|
|
|
|
Empty means match all taint effects. When specified, allowed
|
|
|
|
|
values are NoSchedule, PreferNoSchedule and NoExecute.
|
|
|
|
|
type: string
|
|
|
|
|
key:
|
|
|
|
|
description: Key is the taint key that the toleration applies
|
|
|
|
|
to. Empty means match all taint keys. If the key is empty,
|
|
|
|
|
operator must be Exists; this combination means to match
|
|
|
|
|
all values and all keys.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
|
|
|
|
description: Operator represents a key's relationship to
|
|
|
|
|
the value. Valid operators are Exists and Equal. Defaults
|
|
|
|
|
to Equal. Exists is equivalent to wildcard for value,
|
|
|
|
|
so that a pod can tolerate all taints of a particular
|
|
|
|
|
category.
|
|
|
|
|
type: string
|
|
|
|
|
tolerationSeconds:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/poolTolerationSeconds"
|
2020-07-29 01:01:17 -07:00
|
|
|
value:
|
|
|
|
|
description: Value is the taint value the toleration matches
|
|
|
|
|
to. If the operator is Exists, the value should be empty,
|
|
|
|
|
otherwise just a regular string.
|
|
|
|
|
type: string
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
poolTolerationSeconds:
|
2020-08-07 20:00:16 -07:00
|
|
|
description: TolerationSeconds represents the period of
|
2020-09-17 06:44:16 -07:00
|
|
|
time the toleration (which must be of effect NoExecute,
|
|
|
|
|
otherwise this field is ignored) tolerates the taint.
|
|
|
|
|
By default, it is not set, which means tolerate the taint
|
|
|
|
|
forever (do not evict). Zero and negative values will
|
|
|
|
|
be treated as 0 (evict immediately) by the system.
|
2020-08-07 20:00:16 -07:00
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- seconds
|
|
|
|
|
properties:
|
|
|
|
|
seconds:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
2020-07-29 01:01:17 -07:00
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
poolResources:
|
2020-07-29 01:01:17 -07:00
|
|
|
description: If provided, use these requests and limit for cpu/memory
|
|
|
|
|
resource allocation
|
|
|
|
|
properties:
|
|
|
|
|
limits:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
description: "Limits describes the maximum amount of compute
|
|
|
|
|
resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
|
|
|
|
|
type: object
|
|
|
|
|
requests:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
description: "Requests describes the minimum amount of compute
|
|
|
|
|
resources required. If Requests is omitted for a container,
|
|
|
|
|
it defaults to Limits if that is explicitly specified, otherwise
|
|
|
|
|
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/"
|
|
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
poolAffinity:
|
2020-07-29 01:01:17 -07:00
|
|
|
description: If specified, affinity will define the pod's scheduling
|
|
|
|
|
constraints
|
|
|
|
|
properties:
|
|
|
|
|
nodeAffinity:
|
|
|
|
|
description: Describes node affinity scheduling rules for
|
|
|
|
|
the pod.
|
|
|
|
|
properties:
|
|
|
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: The scheduler will prefer to schedule pods
|
|
|
|
|
to nodes that satisfy the affinity expressions specified
|
|
|
|
|
by this field, but it may choose a node that violates
|
|
|
|
|
one or more of the expressions. The node that is most
|
|
|
|
|
preferred is the one with the greatest sum of weights,
|
|
|
|
|
i.e. for each node that meets all of the scheduling
|
|
|
|
|
requirements (resource request, requiredDuringScheduling
|
|
|
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
|
|
|
through the elements of this field and adding "weight"
|
|
|
|
|
to the sum if the node matches the corresponding matchExpressions;
|
|
|
|
|
the node(s) with the highest sum are the most preferred.
|
|
|
|
|
items:
|
|
|
|
|
description: An empty preferred scheduling term matches
|
|
|
|
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
|
|
|
|
A null preferred scheduling term matches no objects
|
|
|
|
|
(i.e. is also a no-op).
|
|
|
|
|
properties:
|
|
|
|
|
preference:
|
|
|
|
|
description: A node selector term, associated with
|
|
|
|
|
the corresponding weight.
|
|
|
|
|
$ref: "#/definitions/nodeSelectorTerm"
|
|
|
|
|
type: object
|
|
|
|
|
weight:
|
|
|
|
|
description: Weight associated with matching the
|
|
|
|
|
corresponding nodeSelectorTerm, in the range 1-100.
|
|
|
|
|
format: int32
|
|
|
|
|
type: integer
|
|
|
|
|
required:
|
|
|
|
|
- preference
|
|
|
|
|
- weight
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: If the affinity requirements specified by
|
|
|
|
|
this field are not met at scheduling time, the pod will
|
|
|
|
|
not be scheduled onto the node. If the affinity requirements
|
|
|
|
|
specified by this field cease to be met at some point
|
|
|
|
|
during pod execution (e.g. due to an update), the system
|
|
|
|
|
may or may not try to eventually evict the pod from
|
|
|
|
|
its node.
|
|
|
|
|
properties:
|
|
|
|
|
nodeSelectorTerms:
|
|
|
|
|
description: Required. A list of node selector terms.
|
|
|
|
|
The terms are ORed.
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/nodeSelectorTerm"
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- nodeSelectorTerms
|
|
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
podAffinity:
|
|
|
|
|
description: Describes pod affinity scheduling rules (e.g.
|
2020-12-07 09:49:51 -06:00
|
|
|
co-locate this pod in the same node, pool, etc. as some
|
2020-07-29 01:01:17 -07:00
|
|
|
other pod(s)).
|
|
|
|
|
properties:
|
|
|
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: The scheduler will prefer to schedule pods
|
|
|
|
|
to nodes that satisfy the affinity expressions specified
|
|
|
|
|
by this field, but it may choose a node that violates
|
|
|
|
|
one or more of the expressions. The node that is most
|
|
|
|
|
preferred is the one with the greatest sum of weights,
|
|
|
|
|
i.e. for each node that meets all of the scheduling
|
|
|
|
|
requirements (resource request, requiredDuringScheduling
|
|
|
|
|
affinity expressions, etc.), compute a sum by iterating
|
|
|
|
|
through the elements of this field and adding "weight"
|
|
|
|
|
to the sum if the node has pods which matches the corresponding
|
|
|
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
|
|
|
the most preferred.
|
|
|
|
|
items:
|
|
|
|
|
description:
|
|
|
|
|
The weights of all of the matched WeightedPodAffinityTerm
|
|
|
|
|
fields are added per-node to find the most preferred
|
|
|
|
|
node(s)
|
|
|
|
|
properties:
|
|
|
|
|
podAffinityTerm:
|
|
|
|
|
$ref: "#/definitions/podAffinityTerm"
|
|
|
|
|
weight:
|
|
|
|
|
description: weight associated with matching the
|
|
|
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
|
|
|
format: int32
|
|
|
|
|
type: integer
|
|
|
|
|
required:
|
|
|
|
|
- podAffinityTerm
|
|
|
|
|
- weight
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: If the affinity requirements specified by
|
|
|
|
|
this field are not met at scheduling time, the pod will
|
|
|
|
|
not be scheduled onto the node. If the affinity requirements
|
|
|
|
|
specified by this field cease to be met at some point
|
|
|
|
|
during pod execution (e.g. due to a pod label update),
|
|
|
|
|
the system may or may not try to eventually evict the
|
|
|
|
|
pod from its node. When there are multiple elements,
|
|
|
|
|
the lists of nodes corresponding to each podAffinityTerm
|
|
|
|
|
are intersected, i.e. all terms must be satisfied.
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/podAffinityTerm"
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
podAntiAffinity:
|
|
|
|
|
description: Describes pod anti-affinity scheduling rules
|
2020-12-07 09:49:51 -06:00
|
|
|
(e.g. avoid putting this pod in the same node, pool, etc.
|
2020-07-29 01:01:17 -07:00
|
|
|
as some other pod(s)).
|
|
|
|
|
properties:
|
|
|
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: The scheduler will prefer to schedule pods
|
|
|
|
|
to nodes that satisfy the anti-affinity expressions
|
|
|
|
|
specified by this field, but it may choose a node that
|
|
|
|
|
violates one or more of the expressions. The node that
|
|
|
|
|
is most preferred is the one with the greatest sum of
|
|
|
|
|
weights, i.e. for each node that meets all of the scheduling
|
|
|
|
|
requirements (resource request, requiredDuringScheduling
|
|
|
|
|
anti-affinity expressions, etc.), compute a sum by iterating
|
|
|
|
|
through the elements of this field and adding "weight"
|
|
|
|
|
to the sum if the node has pods which matches the corresponding
|
|
|
|
|
podAffinityTerm; the node(s) with the highest sum are
|
|
|
|
|
the most preferred.
|
|
|
|
|
items:
|
|
|
|
|
description:
|
|
|
|
|
The weights of all of the matched WeightedPodAffinityTerm
|
|
|
|
|
fields are added per-node to find the most preferred
|
|
|
|
|
node(s)
|
|
|
|
|
properties:
|
|
|
|
|
podAffinityTerm:
|
|
|
|
|
$ref: "#/definitions/podAffinityTerm"
|
|
|
|
|
weight:
|
|
|
|
|
description: weight associated with matching the
|
|
|
|
|
corresponding podAffinityTerm, in the range 1-100.
|
|
|
|
|
format: int32
|
|
|
|
|
type: integer
|
|
|
|
|
required:
|
|
|
|
|
- podAffinityTerm
|
|
|
|
|
- weight
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
|
|
|
description: If the anti-affinity requirements specified
|
|
|
|
|
by this field are not met at scheduling time, the pod
|
|
|
|
|
will not be scheduled onto the node. If the anti-affinity
|
|
|
|
|
requirements specified by this field cease to be met
|
|
|
|
|
at some point during pod execution (e.g. due to a pod
|
|
|
|
|
label update), the system may or may not try to eventually
|
|
|
|
|
evict the pod from its node. When there are multiple
|
|
|
|
|
elements, the lists of nodes corresponding to each podAffinityTerm
|
|
|
|
|
are intersected, i.e. all terms must be satisfied.
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/podAffinityTerm"
|
|
|
|
|
type: array
|
|
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
|
|
|
|
|
nodeSelectorTerm:
|
|
|
|
|
type: object
|
|
|
|
|
description: A null or empty node selector term
|
|
|
|
|
matches no objects. The requirements of them are
|
|
|
|
|
ANDed. The TopologySelectorTerm type implements
|
|
|
|
|
a subset of the NodeSelectorTerm.
|
|
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: A list of node selector requirements
|
|
|
|
|
by node's labels.
|
|
|
|
|
items:
|
|
|
|
|
description: A node selector requirement is
|
|
|
|
|
a selector that contains values, a key,
|
|
|
|
|
and an operator that relates the key and
|
|
|
|
|
values.
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: The label key that the selector
|
|
|
|
|
applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
|
|
|
|
description: Represents a key's relationship
|
|
|
|
|
to a set of values. Valid operators
|
|
|
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
|
|
|
Gt, and Lt.
|
|
|
|
|
type: string
|
|
|
|
|
values:
|
|
|
|
|
description: An array of string values.
|
|
|
|
|
If the operator is In or NotIn, the
|
|
|
|
|
values array must be non-empty. If the
|
|
|
|
|
operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. If the
|
|
|
|
|
operator is Gt or Lt, the values array
|
|
|
|
|
must have a single element, which will
|
|
|
|
|
be interpreted as an integer. This array
|
|
|
|
|
is replaced during a strategic merge
|
|
|
|
|
patch.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
matchFields:
|
|
|
|
|
description: A list of node selector requirements
|
|
|
|
|
by node's fields.
|
|
|
|
|
items:
|
|
|
|
|
description: A node selector requirement is
|
|
|
|
|
a selector that contains values, a key,
|
|
|
|
|
and an operator that relates the key and
|
|
|
|
|
values.
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: The label key that the selector
|
|
|
|
|
applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
|
|
|
|
description: Represents a key's relationship
|
|
|
|
|
to a set of values. Valid operators
|
|
|
|
|
are In, NotIn, Exists, DoesNotExist.
|
|
|
|
|
Gt, and Lt.
|
|
|
|
|
type: string
|
|
|
|
|
values:
|
|
|
|
|
description: An array of string values.
|
|
|
|
|
If the operator is In or NotIn, the
|
|
|
|
|
values array must be non-empty. If the
|
|
|
|
|
operator is Exists or DoesNotExist,
|
|
|
|
|
the values array must be empty. If the
|
|
|
|
|
operator is Gt or Lt, the values array
|
|
|
|
|
must have a single element, which will
|
|
|
|
|
be interpreted as an integer. This array
|
|
|
|
|
is replaced during a strategic merge
|
|
|
|
|
patch.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
|
|
|
|
|
podAffinityTerm:
|
|
|
|
|
description: Required. A pod affinity term, associated
|
|
|
|
|
with the corresponding weight.
|
|
|
|
|
properties:
|
|
|
|
|
labelSelector:
|
|
|
|
|
description: A label query over a set of resources,
|
|
|
|
|
in this case pods.
|
|
|
|
|
properties:
|
|
|
|
|
matchExpressions:
|
|
|
|
|
description: matchExpressions is a list
|
|
|
|
|
of label selector requirements. The requirements
|
|
|
|
|
are ANDed.
|
|
|
|
|
items:
|
|
|
|
|
description: A label selector requirement
|
|
|
|
|
is a selector that contains values,
|
|
|
|
|
a key, and an operator that relates
|
|
|
|
|
the key and values.
|
|
|
|
|
properties:
|
|
|
|
|
key:
|
|
|
|
|
description: key is the label key
|
|
|
|
|
that the selector applies to.
|
|
|
|
|
type: string
|
|
|
|
|
operator:
|
|
|
|
|
description: operator represents a
|
|
|
|
|
key's relationship to a set of values.
|
|
|
|
|
Valid operators are In, NotIn, Exists
|
|
|
|
|
and DoesNotExist.
|
|
|
|
|
type: string
|
|
|
|
|
values:
|
|
|
|
|
description: values is an array of
|
|
|
|
|
string values. If the operator is
|
|
|
|
|
In or NotIn, the values array must
|
|
|
|
|
be non-empty. If the operator is
|
|
|
|
|
Exists or DoesNotExist, the values
|
|
|
|
|
array must be empty. This array
|
|
|
|
|
is replaced during a strategic merge
|
|
|
|
|
patch.
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
required:
|
|
|
|
|
- key
|
|
|
|
|
- operator
|
|
|
|
|
type: object
|
|
|
|
|
type: array
|
|
|
|
|
matchLabels:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
|
|
|
|
description: matchLabels is a map of {key,value}
|
|
|
|
|
pairs. A single {key,value} in the matchLabels
|
|
|
|
|
map is equivalent to an element of matchExpressions,
|
|
|
|
|
whose key field is "key", the operator
|
|
|
|
|
is "In", and the values array contains
|
|
|
|
|
only "value". The requirements are ANDed.
|
|
|
|
|
type: object
|
|
|
|
|
type: object
|
|
|
|
|
namespaces:
|
|
|
|
|
description: namespaces specifies which namespaces
|
|
|
|
|
the labelSelector applies to (matches against);
|
|
|
|
|
null or empty list means "this pod's namespace"
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
|
|
|
|
type: array
|
|
|
|
|
topologyKey:
|
|
|
|
|
description: This pod should be co-located (affinity)
|
|
|
|
|
or not co-located (anti-affinity) with the
|
|
|
|
|
pods matching the labelSelector in the specified
|
|
|
|
|
namespaces, where co-located is defined as
|
|
|
|
|
running on a node whose value of the label
|
|
|
|
|
with key topologyKey matches that of any node
|
|
|
|
|
on which any of the selected pods is running.
|
|
|
|
|
Empty topologyKey is not allowed.
|
|
|
|
|
type: string
|
|
|
|
|
required:
|
|
|
|
|
- topologyKey
|
|
|
|
|
type: object
|
2020-04-29 18:28:28 -07:00
|
|
|
|
2020-07-01 18:03:22 -07:00
|
|
|
resourceQuota:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
elements:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
$ref: "#/definitions/resourceQuotaElement"
|
|
|
|
|
|
|
|
|
|
resourceQuotaElement:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
name:
|
|
|
|
|
type: string
|
|
|
|
|
hard:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
|
|
|
|
used:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-08-19 20:34:43 -07:00
|
|
|
deleteTenantRequest:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
delete_pvcs:
|
|
|
|
|
type: boolean
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-12-07 09:49:51 -06:00
|
|
|
poolUpdateRequest:
|
2020-08-26 17:12:59 -07:00
|
|
|
type: object
|
|
|
|
|
required:
|
2020-12-07 09:49:51 -06:00
|
|
|
- pools
|
2020-08-26 17:12:59 -07:00
|
|
|
properties:
|
2020-12-07 09:49:51 -06:00
|
|
|
pools:
|
2020-08-26 17:12:59 -07:00
|
|
|
type: array
|
|
|
|
|
items:
|
2020-12-07 09:49:51 -06:00
|
|
|
$ref: "#/definitions/pool"
|
2020-09-17 06:44:16 -07:00
|
|
|
|
2020-09-02 17:06:02 -07:00
|
|
|
maxAllocatableMemResponse:
|
2020-08-28 21:06:45 -07:00
|
|
|
type: object
|
|
|
|
|
properties:
|
2020-09-02 17:06:02 -07:00
|
|
|
max_memory:
|
|
|
|
|
type: integer
|
|
|
|
|
format: int64
|
2020-09-22 11:15:21 -07:00
|
|
|
|
|
|
|
|
parityResponse:
|
|
|
|
|
type: array
|
|
|
|
|
items:
|
|
|
|
|
type: string
|
2020-10-22 16:23:29 -07:00
|
|
|
|
|
|
|
|
objectLegalHoldStatus:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- enabled
|
|
|
|
|
- disabled
|
|
|
|
|
|
|
|
|
|
putObjectLegalHoldRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- status
|
|
|
|
|
properties:
|
|
|
|
|
status:
|
|
|
|
|
$ref: "#/definitions/objectLegalHoldStatus"
|
2020-10-23 15:04:02 -07:00
|
|
|
|
|
|
|
|
objectLegalHoldStatus:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- enabled
|
|
|
|
|
- disabled
|
|
|
|
|
|
|
|
|
|
putObjectLegalHoldRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- status
|
|
|
|
|
properties:
|
|
|
|
|
status:
|
|
|
|
|
$ref: "#/definitions/objectLegalHoldStatus"
|
|
|
|
|
|
|
|
|
|
objectRetentionMode:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- governance
|
|
|
|
|
- compliance
|
|
|
|
|
|
|
|
|
|
putObjectRetentionRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- mode
|
|
|
|
|
- expires
|
|
|
|
|
properties:
|
|
|
|
|
mode:
|
|
|
|
|
$ref: "#/definitions/objectRetentionMode"
|
|
|
|
|
expires:
|
|
|
|
|
type: string
|
|
|
|
|
governance_bypass:
|
|
|
|
|
type: boolean
|
2020-10-28 16:08:26 -07:00
|
|
|
|
|
|
|
|
putObjectTagsRequest:
|
|
|
|
|
type: object
|
|
|
|
|
properties:
|
|
|
|
|
tags:
|
|
|
|
|
additionalProperties:
|
|
|
|
|
type: string
|
2020-12-03 13:45:45 -06:00
|
|
|
|
|
|
|
|
objectRetentionUnit:
|
|
|
|
|
type: string
|
|
|
|
|
enum:
|
|
|
|
|
- days
|
|
|
|
|
- years
|
|
|
|
|
|
|
|
|
|
putBucketRetentionRequest:
|
|
|
|
|
type: object
|
|
|
|
|
required:
|
|
|
|
|
- mode
|
|
|
|
|
- unit
|
|
|
|
|
- validity
|
|
|
|
|
properties:
|
|
|
|
|
mode:
|
|
|
|
|
$ref: "#/definitions/objectRetentionMode"
|
|
|
|
|
unit:
|
|
|
|
|
$ref: "#/definitions/objectRetentionUnit"
|
|
|
|
|
validity:
|
|
|
|
|
type: integer
|
2020-12-15 13:54:12 -06:00
|
|
|
format: int32
|