Files
openmaxio-object-browser/swagger-console.yml

4696 lines
106 KiB
YAML
Raw Normal View History

swagger: "2.0"
info:
title: MinIO Console Server
version: 0.1.0
consumes:
- application/json
produces:
- application/json
schemes:
- http
- ws
2020-04-03 13:17:31 -07:00
basePath: /api/v1
# We are going to be taking `Authorization: Bearer TOKEN` header for our authentication
securityDefinitions:
key:
type: oauth2
flow: accessCode
authorizationUrl: http://min.io
tokenUrl: http://min.io
# Apply the key security definition to all APIs
security:
- key: []
paths:
/login:
get:
summary: Returns login strategy, form or sso.
operationId: LoginDetail
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/loginDetails"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
# Exclude this API from the authentication requirement
security: []
tags:
- UserAPI
post:
2020-07-25 14:38:16 -07:00
summary: Login to Console
operationId: Login
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/loginRequest"
responses:
204:
description: A successful login.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
# Exclude this API from the authentication requirement
security: []
tags:
- UserAPI
/login/oauth2/auth:
post:
summary: Identity Provider oauth2 callback endpoint.
operationId: LoginOauth2Auth
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/loginOauth2AuthRequest"
responses:
204:
description: A successful login.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
security: []
tags:
- UserAPI
/logout:
post:
summary: Logout from Console.
operationId: Logout
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/session:
get:
summary: Endpoint to check if your session is still valid
operationId: SessionCheck
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/sessionResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/check-version:
get:
summary: Checks the current MinIO version against the latest
operationId: CheckMinIOVersion
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/checkVersionResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
security: []
tags:
- UserAPI
/account/change-password:
post:
summary: Change password of currently logged in user.
operationId: AccountChangePassword
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/accountChangePasswordRequest"
responses:
204:
description: A successful login.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/account/change-user-password:
post:
summary: Change password of currently logged in user.
operationId: ChangeUserPassword
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/changeUserPasswordRequest"
responses:
201:
description: Password successfully changed.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/buckets:
get:
summary: List Buckets
operationId: ListBuckets
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listBucketsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Make bucket
operationId: MakeBucket
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/makeBucketRequest"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-04-03 13:17:31 -07:00
/buckets/{name}:
get:
summary: Bucket Info
operationId: BucketInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Delete Bucket
operationId: DeleteBucket
parameters:
- name: name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/retention:
get:
summary: Get Bucket's retention config
operationId: GetBucketRetentionConfig
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/getBucketRetentionConfig"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
put:
summary: Set Bucket's retention config
operationId: SetBucketRetentionConfig
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/putBucketRetentionRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects:
get:
summary: List Objects
operationId: ListObjects
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: false
type: string
- name: recursive
in: query
required: false
type: boolean
- name: with_versions
in: query
required: false
type: boolean
- name: with_metadata
in: query
required: false
type: boolean
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listObjectsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Delete Object
operationId: DeleteObject
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: path
in: query
required: true
type: string
- name: version_id
in: query
required: false
type: string
- name: recursive
in: query
required: false
type: boolean
- name: all_versions
in: query
required: false
type: boolean
- name: non_current_versions
in: query
required: false
type: boolean
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/delete-objects:
post:
summary: Delete Multiple Objects
operationId: DeleteMultipleObjects
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: all_versions
in: query
required: false
type: boolean
- name: files
in: body
required: true
schema:
type: array
items:
$ref: "#/definitions/deleteFile"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects/upload:
post:
summary: Uploads an Object.
consumes:
- multipart/form-data
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
type: string
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects/download:
get:
summary: Download Object
operationId: Download Object
produces:
- application/octet-stream
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: false
type: string
- name: preview
in: query
required: false
type: boolean
default: false
responses:
200:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-10-22 11:18:27 -07:00
/buckets/{bucket_name}/objects/share:
get:
summary: Shares an Object on a url
operationId: ShareObject
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
- name: expires
in: query
required: false
type: string
responses:
200:
description: A successful response.
schema:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects/legalhold:
put:
summary: Put Object's legalhold status
operationId: PutObjectLegalHold
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/putObjectLegalHoldRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-10-23 15:04:02 -07:00
/buckets/{bucket_name}/objects/retention:
put:
summary: Put Object's retention status
operationId: PutObjectRetention
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/putObjectRetentionRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Delete Object retention from an object
operationId: DeleteObjectRetention
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-10-23 15:04:02 -07:00
/buckets/{bucket_name}/objects/tags:
put:
summary: Put Object's tags
operationId: PutObjectTags
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/putObjectTagsRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects/restore:
put:
summary: Restore Object to a selected version
operationId: PutObjectRestore
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
- name: version_id
in: query
required: true
type: string
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/objects/metadata:
get:
summary: Gets the metadata of an object
operationId: GetObjectMetadata
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: prefix
in: query
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/metadata"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/tags:
put:
summary: Put Bucket's tags
operationId: PutBucketTags
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/putBucketTagsRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-04-03 13:17:31 -07:00
/buckets/{name}/set-policy:
put:
summary: Bucket Set Policy
operationId: BucketSetPolicy
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setBucketPolicyRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{name}/quota:
get:
summary: Get Bucket Quota
operationId: GetBucketQuota
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketQuota"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
put:
summary: Bucket Quota
operationId: SetBucketQuota
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setBucketQuota"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-04-03 13:17:31 -07:00
/buckets/{bucket_name}/events:
get:
summary: List Bucket Events
operationId: ListBucketEvents
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listBucketEventsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Create Bucket Event
operationId: CreateBucketEvent
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/bucketEventRequest"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/events/{arn}:
delete:
summary: Delete Bucket Event
operationId: DeleteBucketEvent
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: arn
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/notificationDeleteRequest"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/list-external-buckets:
post:
summary: Lists an External list of buckets using custom credentials
operationId: ListExternalBuckets
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/listExternalBucketsParams"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listBucketsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets-replication:
post:
summary: Sets Multi Bucket Replication in multiple Buckets
operationId: SetMultiBucketReplication
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/multiBucketReplication"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/multiBucketResponseState"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/replication:
get:
summary: Bucket Replication
operationId: GetBucketReplication
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketReplicationResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/replication/{rule_id}:
get:
summary: Bucket Replication
operationId: GetBucketReplicationRule
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: rule_id
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketReplicationRule"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
put:
summary: Update Replication rule
operationId: UpdateMultiBucketReplication
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: rule_id
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/multiBucketReplicationEdit"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Bucket Replication Rule Delete
operationId: DeleteBucketReplicationRule
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: rule_id
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/delete-all-replication-rules:
delete:
summary: Deletes all replication rules from a bucket
operationId: DeleteAllReplicationRules
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/delete-selected-replication-rules:
delete:
summary: Deletes selected replication rules from a bucket
operationId: DeleteSelectedReplicationRules
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: rules
in: body
required: true
schema:
$ref: "#/definitions/bucketReplicationRuleList"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/versioning:
get:
summary: Bucket Versioning
operationId: GetBucketVersioning
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketVersioningResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
put:
summary: Set Bucket Versioning
operationId: SetBucketVersioning
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setBucketVersioning"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/object-locking:
get:
summary: Returns the status of object locking support on the bucket
operationId: GetBucketObjectLockingStatus
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketObLockingResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/encryption/enable:
post:
summary: Enable bucket encryption.
operationId: EnableBucketEncryption
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/bucketEncryptionRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/encryption/disable:
post:
summary: Disable bucket encryption.
operationId: DisableBucketEncryption
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/encryption/info:
get:
summary: Get bucket encryption information.
operationId: GetBucketEncryptionInfo
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketEncryptionInfo"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/lifecycle:
get:
summary: Bucket Lifecycle
operationId: GetBucketLifecycle
parameters:
- name: bucket_name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucketLifecycleResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Add Bucket Lifecycle
operationId: AddBucketLifecycle
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addBucketLifecycle"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/multi-lifecycle:
post:
summary: Add Multi Bucket Lifecycle
operationId: AddMultiBucketLifecycle
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addMultiBucketLifecycle"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/multiLifecycleResult"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/lifecycle/{lifecycle_id}:
put:
summary: Update Lifecycle rule
operationId: UpdateBucketLifecycle
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: lifecycle_id
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateBucketLifecycle"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Delete Lifecycle rule
operationId: DeleteBucketLifecycleRule
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: lifecycle_id
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/rewind/{date}:
get:
summary: Get objects in a bucket for a rewind date
operationId: GetBucketRewind
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: date
in: path
required: true
type: string
- name: prefix
in: query
required: false
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/rewindResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/service-accounts:
get:
summary: List User's Service Accounts
operationId: ListUserServiceAccounts
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccounts"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Create Service Account
operationId: CreateServiceAccount
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequest"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
MCS service account authentication with Mkube (#166) `MCS` will authenticate against `Mkube`using bearer tokens via HTTP `Authorization` header. The user will provide this token once in the login form, MCS will validate it against Mkube (list tenants) and if valid will generate and return a new MCS sessions with encrypted claims (the user Service account token will be inside the JWT in the data field) Kubernetes The provided `JWT token` corresponds to the `Kubernetes service account` that `Mkube` will use to run tasks on behalf of the user, ie: list, create, edit, delete tenants, storage class, etc. Development If you are running mcs in your local environment and wish to make request to `Mkube` you can set `MCS_M3_HOSTNAME`, if the environment variable is not present by default `MCS` will use `"http://m3:8787"`, additionally you will need to set the `MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI Extract the Service account token and use it with MCS For local development you can use the jwt associated to the `m3-sa` service account, you can get the token running the following command in your terminal: ``` kubectl get secret $(kubectl get serviceaccount m3-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode ``` Then run the mcs server ``` MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs server ``` Self-signed certificates and Custom certificate authority for Mkube If Mkube uses TLS with a self-signed certificate, or a certificate issued by a custom certificate authority you can add those certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable ```` MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs server ````
2020-06-23 11:37:46 -07:00
/service-account-credentials:
post:
summary: Create Service Account With Credentials
operationId: CreateServiceAccountCreds
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequestCreds"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/service-accounts/{access_key}:
delete:
summary: Delete Service Account
operationId: DeleteServiceAccount
parameters:
- name: access_key
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/service-accounts/delete-multi:
delete:
summary: Delete Multiple Service Accounts
operationId: DeleteMultipleServiceAccounts
parameters:
- name: selectedSA
in: body
required: true
schema:
type: array
items:
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/service-accounts/{access_key}/policy:
get:
summary: Get Service Account Policy
operationId: GetServiceAccountPolicy
parameters:
- name: access_key
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
put:
summary: Set Service Account Policy
operationId: SetServiceAccountPolicy
parameters:
- name: access_key
in: path
required: true
type: string
- name: policy
in: body
required: true
schema:
$ref: "#/definitions/addServiceAccountPolicyRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
2020-04-03 13:17:31 -07:00
/users:
get:
summary: List Users
operationId: ListUsers
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listUsersResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add User
operationId: AddUser
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addUserRequest"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/user:
get:
summary: Get User Info
operationId: GetUserInfo
parameters:
- name: name
in: query
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Update User Info
operationId: UpdateUserInfo
parameters:
- name: name
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateUser"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove user
operationId: RemoveUser
parameters:
- name: name
in: query
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/user/groups:
put:
summary: Update Groups for a user
operationId: UpdateUserGroups
parameters:
- name: name
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateUserGroups"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/user/{name}/service-accounts:
get:
summary: returns a list of service accounts for a user
operationId: ListAUserServiceAccounts
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccounts"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Create Service Account for User
operationId: CreateAUserServiceAccount
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequest"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/user/{name}/service-account-credentials:
post:
summary: Create Service Account for User With Credentials
operationId: CreateServiceAccountCredentials
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequestCreds"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users-groups-bulk:
put:
summary: Bulk functionality to Add Users to Groups
operationId: BulkUpdateUsersGroups
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/bulkUserGroups"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/groups:
get:
summary: List Groups
operationId: ListGroups
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listGroupsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add Group
operationId: AddGroup
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addGroupRequest"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/group:
get:
summary: Group info
operationId: GroupInfo
parameters:
- name: name
in: query
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/group"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove group
operationId: RemoveGroup
parameters:
- name: name
in: query
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Update Group Members or Status
operationId: UpdateGroup
parameters:
- name: name
in: query
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateGroupRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/group"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/policies:
get:
summary: List Policies
operationId: ListPolicies
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listPoliciesResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add Policy
operationId: AddPolicy
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addPolicyRequest"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/policy"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policies/{policy}/users:
get:
summary: List Users for a Policy
operationId: ListUsersForPolicy
parameters:
- name: policy
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
type: array
items:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policies/{policy}/groups:
get:
summary: List Groups for a Policy
operationId: ListGroupsForPolicy
parameters:
- name: policy
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
type: array
items:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/bucket-policy/{bucket}:
get:
summary: List Policies With Given Bucket
operationId: ListPoliciesWithBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listPoliciesResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/bucket/{bucket}/access-rules:
put:
summary: Add Access Rule To Given Bucket
operationId: SetAccessRuleWithBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: prefixaccess
in: body
required: true
schema:
$ref: "#/definitions/prefixAccessPair"
responses:
200:
description: A successful response.
schema:
type: boolean
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
get:
summary: List Access Rules With Given Bucket
operationId: ListAccessRulesWithBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listAccessRulesResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Delete Access Rule From Given Bucket
operationId: DeleteAccessRuleWithBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: prefix
in: body
required: true
schema:
$ref: "#/definitions/prefixWrapper"
responses:
200:
description: A successful response.
schema:
type: boolean
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/bucket-users/{bucket}:
get:
summary: List Users With Access to a Given Bucket
operationId: ListUsersWithAccessToBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
type: array
items:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policy:
get:
summary: Policy info
operationId: PolicyInfo
parameters:
- name: name
in: query
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/policy"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove policy
operationId: RemovePolicy
parameters:
- name: name
in: query
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/configs:
get:
summary: List Configurations
operationId: ListConfig
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listConfigResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/set-policy:
put:
summary: Set policy
operationId: SetPolicy
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setPolicyNameRequest"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/set-policy-multi:
put:
summary: Set policy to multiple users/groups
operationId: SetPolicyMultiple
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setPolicyMultipleNameRequest"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/configs/{name}:
get:
summary: Configuration info
operationId: ConfigInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/configuration"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Set Configuration
operationId: SetConfig
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setConfigRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/setConfigResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/configs/{name}/reset:
get:
summary: Configuration reset
operationId: ResetConfig
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/setConfigResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/service/restart:
post:
summary: Restart Service
operationId: RestartService
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/profiling/start:
post:
summary: Start recording profile data
operationId: ProfilingStart
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/profilingStartRequest"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/startProfilingList"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/profiling/stop:
post:
summary: Stop and download profile data
operationId: ProfilingStop
produces:
- application/zip
responses:
201:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/subnet/registration-token:
get:
summary: Subnet registraton token
operationId: SubnetRegToken
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/SubnetRegTokenResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/subnet/info:
get:
summary: Subnet info
operationId: SubnetInfo
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/license"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/subnet/register:
post:
summary: Register cluster with Subnet
operationId: SubnetRegister
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/subnetRegisterRequest"
responses:
200:
description: A successful response.
# schema:
# $ref: "#/definitions/subnetRegisterResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/subnet/login:
post:
summary: Login to subnet
operationId: SubnetLogin
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/subnetLoginRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/subnetLoginResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/subnet/login/mfa:
post:
summary: Login to subnet using mfa
operationId: SubnetLoginMFA
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/subnetLoginMFARequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/subnetLoginResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
2020-04-03 13:17:31 -07:00
/admin/info:
get:
summary: Returns information about the deployment
operationId: AdminInfo
parameters:
- name: defaultOnly
in: query
required: false
type: boolean
default: false
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/adminInfoResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/info/widgets/{widgetId}:
get:
summary: Returns information about the deployment
operationId: DashboardWidgetDetails
parameters:
- name: widgetId
in: path
type: integer
format: int32
required: true
- name: start
in: query
type: integer
- name: end
in: query
type: integer
- name: step
in: query
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/widgetDetails"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/arns:
get:
summary: Returns a list of active ARNs in the instance
operationId: ArnList
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/arnsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/notification_endpoints:
get:
summary: Returns a list of active notification endpoints
operationId: NotificationEndpointList
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/notifEndpointResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Allows to configure a new notification endpoint
operationId: AddNotificationEndpoint
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/notificationEndpoint"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/setNotificationEndpointResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/site-replication:
get:
summary: Get list of Replication Sites
operationId: GetSiteReplicationInfo
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/siteReplicationInfoResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add a Replication Site
operationId: SiteReplicationInfoAdd
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/siteReplicationAddRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/siteReplicationAddResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Edit a Replication Site
operationId: SiteReplicationEdit
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/peerInfo"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/peerSiteEditResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove a Replication Site
operationId: SiteReplicationRemove
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/peerInfoRemove"
responses:
204:
description: A successful response.
schema:
$ref: "#/definitions/peerSiteRemoveResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/tiers:
get:
summary: Returns a list of tiers for ilm
operationId: TiersList
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/tierListResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Allows to configure a new tier
operationId: AddTier
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/tier"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/tiers/{type}/{name}:
get:
summary: Get Tier
operationId: GetTier
parameters:
- name: type
in: path
required: true
type: string
enum:
- s3
- gcs
- azure
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/tier"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/tiers/{type}/{name}/credentials:
put:
summary: Edit Tier Credentials
operationId: EditTierCredentials
parameters:
- name: type
in: path
required: true
type: string
enum:
- s3
- gcs
- azure
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/tierCredentialsRequest"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/nodes:
get:
summary: Lists Nodes
operationId: ListNodes
responses:
200:
description: A successful response.
schema:
type: array
items:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/remote-buckets:
get:
summary: List Remote Buckets
operationId: ListRemoteBuckets
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listRemoteBucketsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Add Remote Bucket
operationId: AddRemoteBucket
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/createRemoteBucket"
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/remote-buckets/{name}:
get:
summary: Remote Bucket Details
operationId: RemoteBucketDetails
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/remoteBucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/remote-buckets/{source-bucket-name}/{arn}:
delete:
summary: Delete Remote Bucket
operationId: DeleteRemoteBucket
parameters:
- name: source-bucket-name
in: path
required: true
type: string
- name: arn
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/logs/search:
get:
summary: Search the logs
operationId: LogSearch
parameters:
- name: fp
description: Filter Parameters
in: query
collectionFormat: multi
type: array
items:
type: string
- name: pageSize
in: query
type: number
format: int32
default: 10
- name: pageNo
in: query
type: number
format: int32
default: 0
- name: order
in: query
type: string
enum: [timeDesc, timeAsc]
default: timeDesc
- name: timeStart
in: query
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/logSearchResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/admin/inspect:
get:
summary: Inspect Files on Drive
operationId: Inspect
produces:
- application/octet-stream
parameters:
- name: file
in: query
required: true
type: string
- name: volume
in: query
required: true
type: string
- name: encrypt
in: query
required: false
type: boolean
responses:
200:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
definitions:
accountChangePasswordRequest:
type: object
required:
- current_secret_key
- new_secret_key
properties:
current_secret_key:
type: string
new_secret_key:
type: string
changeUserPasswordRequest:
type: object
required:
- selectedUser
- newSecretKey
properties:
selectedUser:
type: string
newSecretKey:
type: string
bucketEncryptionType:
type: string
enum:
- sse-s3
- sse-kms
default: sse-s3
bucketAccess:
type: string
enum:
- PRIVATE
- PUBLIC
- CUSTOM
default: PRIVATE
bucket:
type: object
required:
- name
properties:
name:
type: string
minLength: 3
size:
type: integer
format: int64
access:
$ref: "#/definitions/bucketAccess"
definition:
type: string
rw_access:
type: object
properties:
write:
type: boolean
read:
type: boolean
objects:
type: integer
format: int64
details:
type: object
properties:
versioning:
type: boolean
versioningSuspended:
type: boolean
locking:
type: boolean
replication:
type: boolean
tags:
type: object
additionalProperties:
type: string
quota:
type: object
properties:
quota:
type: integer
format: int64
type:
type: string
enum:
- hard
creation_date:
type: string
bucketEncryptionRequest:
type: object
properties:
encType:
$ref: "#/definitions/bucketEncryptionType"
kmsKeyID:
type: string
bucketEncryptionInfo:
type: object
properties:
kmsMasterKeyID:
type: string
algorithm:
type: string
listBucketsResponse:
type: object
properties:
buckets:
type: array
items:
$ref: "#/definitions/bucket"
title: list of resulting buckets
total:
type: integer
format: int64
title: number of buckets accessible to the user
listObjectsResponse:
type: object
properties:
objects:
type: array
items:
$ref: "#/definitions/bucketObject"
title: list of resulting objects
total:
type: integer
format: int64
title: number of objects
bucketObject:
type: object
properties:
name:
type: string
size:
type: integer
format: int64
content_type:
type: string
last_modified:
type: string
is_latest:
type: boolean
is_delete_marker:
type: boolean
version_id:
type: string
user_tags:
type: object
additionalProperties:
type: string
expiration:
type: string
expiration_rule_id:
type: string
legal_hold_status:
type: string
retention_mode:
type: string
retention_until_date:
type: string
etag:
type: string
tags:
type: object
additionalProperties:
type: string
metadata:
type: object
additionalProperties:
type: string
user_metadata:
type: object
additionalProperties:
type: string
makeBucketRequest:
type: object
required:
- name
properties:
name:
type: string
locking:
type: boolean
versioning:
type: boolean
quota:
$ref: "#/definitions/setBucketQuota"
retention:
$ref: "#/definitions/putBucketRetentionRequest"
error:
type: object
required:
- message
- detailedMessage
properties:
code:
type: integer
format: int32
message:
type: string
detailedMessage:
type: string
user:
MCS service account authentication with Mkube (#166) `MCS` will authenticate against `Mkube`using bearer tokens via HTTP `Authorization` header. The user will provide this token once in the login form, MCS will validate it against Mkube (list tenants) and if valid will generate and return a new MCS sessions with encrypted claims (the user Service account token will be inside the JWT in the data field) Kubernetes The provided `JWT token` corresponds to the `Kubernetes service account` that `Mkube` will use to run tasks on behalf of the user, ie: list, create, edit, delete tenants, storage class, etc. Development If you are running mcs in your local environment and wish to make request to `Mkube` you can set `MCS_M3_HOSTNAME`, if the environment variable is not present by default `MCS` will use `"http://m3:8787"`, additionally you will need to set the `MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI Extract the Service account token and use it with MCS For local development you can use the jwt associated to the `m3-sa` service account, you can get the token running the following command in your terminal: ``` kubectl get secret $(kubectl get serviceaccount m3-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode ``` Then run the mcs server ``` MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs server ``` Self-signed certificates and Custom certificate authority for Mkube If Mkube uses TLS with a self-signed certificate, or a certificate issued by a custom certificate authority you can add those certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable ```` MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs server ````
2020-06-23 11:37:46 -07:00
type: object
properties:
accessKey:
MCS service account authentication with Mkube (#166) `MCS` will authenticate against `Mkube`using bearer tokens via HTTP `Authorization` header. The user will provide this token once in the login form, MCS will validate it against Mkube (list tenants) and if valid will generate and return a new MCS sessions with encrypted claims (the user Service account token will be inside the JWT in the data field) Kubernetes The provided `JWT token` corresponds to the `Kubernetes service account` that `Mkube` will use to run tasks on behalf of the user, ie: list, create, edit, delete tenants, storage class, etc. Development If you are running mcs in your local environment and wish to make request to `Mkube` you can set `MCS_M3_HOSTNAME`, if the environment variable is not present by default `MCS` will use `"http://m3:8787"`, additionally you will need to set the `MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI Extract the Service account token and use it with MCS For local development you can use the jwt associated to the `m3-sa` service account, you can get the token running the following command in your terminal: ``` kubectl get secret $(kubectl get serviceaccount m3-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode ``` Then run the mcs server ``` MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs server ``` Self-signed certificates and Custom certificate authority for Mkube If Mkube uses TLS with a self-signed certificate, or a certificate issued by a custom certificate authority you can add those certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable ```` MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs server ````
2020-06-23 11:37:46 -07:00
type: string
policy:
type: array
items:
type: string
memberOf:
type: array
items:
type: string
status:
type: string
hasPolicy:
type: boolean
listUsersResponse:
type: object
properties:
users:
type: array
items:
$ref: "#/definitions/user"
title: list of resulting users
addUserRequest:
type: object
required:
- accessKey
- secretKey
- groups
- policies
properties:
accessKey:
type: string
secretKey:
type: string
groups:
type: array
items:
type: string
policies:
type: array
items:
type: string
group:
type: object
properties:
name:
type: string
status:
type: string
members:
type: array
items:
type: string
policy:
type: string
addGroupRequest:
type: object
required:
- group
- members
properties:
group:
type: string
members:
type: array
items:
type: string
listGroupsResponse:
type: object
properties:
groups:
type: array
items:
type: string
title: list of groups
total:
type: integer
format: int64
title: total number of groups
policy:
type: object
properties:
name:
type: string
policy:
type: string
policyEntity:
type: string
enum:
- user
- group
default: user
setPolicyRequest:
type: object
required:
- entityType
- entityName
properties:
entityType:
$ref: "#/definitions/policyEntity"
entityName:
type: string
setPolicyNameRequest:
type: object
required:
- name
- entityType
- entityName
properties:
name:
type: array
items:
type: string
entityType:
$ref: "#/definitions/policyEntity"
entityName:
type: string
setPolicyMultipleNameRequest:
2020-04-02 15:54:34 -07:00
type: object
properties:
name:
type: array
items:
type: string
users:
type: array
items:
$ref: "#/definitions/iamEntity"
groups:
2021-04-01 16:13:57 -07:00
type: array
items:
$ref: "#/definitions/iamEntity"
iamEntity:
type: string
pattern: '^[\w+=,.@-]{1,64}$'
addPolicyRequest:
type: object
required:
- name
- policy
properties:
name:
2020-04-02 15:54:34 -07:00
type: string
policy:
type: string
addServiceAccountPolicyRequest:
type: object
required:
- policy
properties:
policy:
type: string
listPoliciesResponse:
type: object
properties:
policies:
type: array
items:
$ref: "#/definitions/policy"
title: list of policies
total:
type: integer
format: int64
title: total number of policies
listAccessRulesResponse:
type: object
properties:
accessRules:
type: array
items:
$ref: "#/definitions/accessRule"
title: list of policies
total:
type: integer
format: int64
title: total number of policies
accessRule:
type: object
properties:
prefix:
type: string
access:
type: string
updateGroupRequest:
type: object
required:
- members
- status
properties:
members:
type: array
items:
type: string
status:
type: string
configDescription:
type: object
properties:
key:
type: string
description:
type: string
configurationKV:
type: object
properties:
key:
type: string
value:
type: string
configuration:
type: object
properties:
name:
type: string
key_values:
type: array
items:
$ref: "#/definitions/configurationKV"
listConfigResponse:
type: object
properties:
configurations:
type: array
items:
$ref: "#/definitions/configDescription"
total:
type: integer
format: int64
title: total number of configurations
setConfigRequest:
type: object
required:
- key_values
properties:
key_values:
type: array
minItems: 1
items:
$ref: "#/definitions/configurationKV"
arn_resource_id:
type: string
title: Used if configuration is an event notification's target
notificationEventType:
type: string
enum:
- put
- delete
- get
notificationConfig:
type: object
required:
- arn
properties:
id:
type: string
arn:
type: string
events:
type: array
items:
$ref: "#/definitions/notificationEventType"
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
prefix:
type: string
title: "filter event associated to the specified prefix"
suffix:
type: string
title: "filter event associated to the specified suffix"
notificationDeleteRequest:
type: object
required:
- events
- prefix
- suffix
properties:
events:
type: array
minLength: 1
items:
$ref: "#/definitions/notificationEventType"
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
prefix:
type: string
title: "filter event associated to the specified prefix"
suffix:
type: string
title: "filter event associated to the specified suffix"
bucketEventRequest:
type: object
required:
- configuration
properties:
configuration:
$ref: "#/definitions/notificationConfig"
ignoreExisting:
type: boolean
bucketReplicationDestination:
type: object
properties:
bucket:
type: string
bucketReplicationRule:
type: object
properties:
id:
type: string
status:
type: string
enum:
- Enabled
- Disabled
priority:
type: integer
format: int32
syncMode:
type: string
enum:
- async
- sync
default: async
bandwidth:
type: string
healthCheckPeriod:
type: integer
delete_marker_replication:
type: boolean
deletes_replication:
type: boolean
existingObjects:
type: boolean
metadata_replication:
type: boolean
prefix:
type: string
tags:
type: string
storageClass:
type: string
destination:
$ref: "#/definitions/bucketReplicationDestination"
bucketReplicationRuleList:
type: object
properties:
rules:
type: array
items:
type: string
bucketReplicationResponse:
type: object
properties:
rules:
type: array
items:
$ref: "#/definitions/bucketReplicationRule"
# missing
# "Filter": {
# "And": {},
# "Tag": {}
# }
# }
#}
listExternalBucketsParams:
required:
- accessKey
- secretKey
- targetURL
- useTLS
properties:
accessKey:
type: string
minLength: 3
secretKey:
type: string
minLength: 8
targetURL:
type: string
useTLS:
type: boolean
region:
type: string
multiBucketReplication:
required:
- accessKey
- secretKey
- targetURL
- bucketsRelation
properties:
accessKey:
type: string
minLength: 3
secretKey:
type: string
minLength: 8
targetURL:
type: string
region:
type: string
syncMode:
type: string
enum:
- async
- sync
default: async
bandwidth:
type: integer
format: int64
healthCheckPeriod:
type: integer
format: int32
prefix:
type: string
tags:
type: string
replicateDeleteMarkers:
type: boolean
replicateDeletes:
type: boolean
replicateMetadata:
type: boolean
priority:
type: integer
format: int32
default: 0
storageClass:
type: string
default: ""
bucketsRelation:
type: array
minLength: 1
items:
$ref: "#/definitions/multiBucketsRelation"
multiBucketReplicationEdit:
properties:
ruleState:
type: boolean
arn:
type: string
prefix:
type: string
tags:
type: string
default: ""
replicateDeleteMarkers:
type: boolean
replicateDeletes:
type: boolean
replicateMetadata:
type: boolean
replicateExistingObjects:
type: boolean
priority:
type: integer
format: int32
default: 0
storageClass:
type: string
default: ""
multiBucketsRelation:
type: object
properties:
originBucket:
type: string
destinationBucket:
type: string
multiBucketResponseItem:
type: object
properties:
originBucket:
type: string
targetBucket:
type: string
errorString:
type: string
multiBucketResponseState:
type: object
properties:
replicationState:
type: array
items:
$ref: "#/definitions/multiBucketResponseItem"
addBucketReplication:
type: object
properties:
arn:
type: string
destination_bucket:
type: string
listBucketEventsResponse:
type: object
properties:
events:
type: array
items:
$ref: "#/definitions/notificationConfig"
total:
type: integer
format: int64
title: total number of bucket events
setBucketPolicyRequest:
type: object
required:
- access
properties:
access:
$ref: "#/definitions/bucketAccess"
definition:
type: string
bucketQuota:
type: object
properties:
quota:
type: integer
type:
type: string
enum:
- hard
setBucketQuota:
type: object
required:
- enabled
properties:
enabled:
type: boolean
quota_type:
type: string
enum:
- hard
amount:
type: integer
loginDetails:
type: object
properties:
loginStrategy:
type: string
enum: [form, redirect, service-account]
redirect:
type: string
loginOauth2AuthRequest:
type: object
required:
- state
- code
properties:
state:
type: string
code:
type: string
loginRequest:
type: object
required:
- accessKey
- secretKey
properties:
accessKey:
type: string
secretKey:
type: string
features:
type: object
properties:
hide_menu:
type: boolean
loginResponse:
type: object
properties:
sessionId:
type: string
# Structure that holds the `Bearer {TOKEN}` present on authenticated requests
principal:
type: object
properties:
STSAccessKeyID:
type: string
STSSecretAccessKey:
type: string
STSSessionToken:
type: string
accountAccessKey:
type: string
hm:
type: boolean
startProfilingItem:
type: object
properties:
nodeName:
type: string
success:
type: boolean
error:
type: string
startProfilingList:
type: object
properties:
total:
type: integer
format: int64
title: number of start results
startResults:
type: array
items:
$ref: "#/definitions/startProfilingItem"
profilingStartRequest:
type: object
required:
- type
properties:
type:
type: string
sessionResponse:
type: object
properties:
features:
type: array
items:
type: string
status:
type: string
enum: [ok]
operator:
type: boolean
distributedMode:
type: boolean
permissions:
type: object
additionalProperties:
type: array
items:
type: string
widgetResult:
type: object
properties:
metric:
type: object
additionalProperties:
type: string
values:
type: array
items: {}
resultTarget:
type: object
properties:
legendFormat:
type: string
resultType:
type: string
result:
type: array
items:
$ref: "#/definitions/widgetResult"
widget:
type: object
properties:
title:
type: string
type:
type: string
id:
type: integer
format: int32
options:
type: object
properties:
reduceOptions:
type: object
properties:
calcs:
type: array
items:
type: string
targets:
type: array
items:
$ref: "#/definitions/resultTarget"
widgetDetails:
type: object
properties:
title:
type: string
type:
type: string
id:
type: integer
format: int32
options:
type: object
properties:
reduceOptions:
type: object
properties:
calcs:
type: array
items:
type: string
targets:
type: array
items:
$ref: "#/definitions/resultTarget"
adminInfoResponse:
type: object
properties:
buckets:
type: integer
objects:
type: integer
usage:
type: integer
prometheusNotReady:
type: boolean
widgets:
type: array
items:
$ref: "#/definitions/widget"
servers:
type: array
items:
$ref: "#/definitions/serverProperties"
serverProperties:
type: object
properties:
state:
type: string
endpoint:
type: string
uptime:
type: integer
version:
type: string
commitID:
type: string
poolNumber:
type: integer
network:
type: object
additionalProperties:
type: string
drives:
type: array
items:
$ref: "#/definitions/serverDrives"
serverDrives:
type: object
properties:
uuid:
type: string
state:
type: string
endpoint:
type: string
drivePath:
type: string
rootDisk:
type: boolean
healing:
type: boolean
model:
type: string
totalSpace:
type: integer
usedSpace:
type: integer
availableSpace:
type: integer
arnsResponse:
type: object
properties:
arns:
type: array
items:
type: string
updateUserGroups:
type: object
required:
- groups
properties:
groups:
type: array
items:
type: string
nofiticationService:
type: string
enum:
- webhook
- amqp
- kafka
- mqtt
- nats
- nsq
- mysql
- postgres
- elasticsearch
- redis
notificationEndpointItem:
type: object
properties:
service:
$ref: "#/definitions/nofiticationService"
account_id:
type: string
status:
type: string
notificationEndpoint:
type: object
required:
- service
- account_id
- properties
properties:
service:
$ref: "#/definitions/nofiticationService"
account_id:
type: string
properties:
type: object
additionalProperties:
type: string
setNotificationEndpointResponse:
type: object
required:
- service
- account_id
- properties
properties:
service:
$ref: "#/definitions/nofiticationService"
account_id:
type: string
properties:
type: object
additionalProperties:
type: string
restart:
type: boolean
notifEndpointResponse:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: object
properties:
notification_endpoints:
type: array
items:
$ref: "#/definitions/notificationEndpointItem"
peerSiteRemoveResponse:
type: object
properties:
status:
type : string
errorDetail:
type : string
peerSiteEditResponse:
type: object
properties:
success:
type: boolean
status:
type: string
errorDetail:
type: string
peerSite:
type: object
properties:
name:
type : string
endpoint:
type : string
accessKey:
type: string
secretKey:
type: string
peerInfo:
type: object
properties:
endpoint:
type : string
name:
type: string
deploymentID:
type: string
peerInfoRemove:
type: object
required:
- sites
properties:
all:
type: boolean
sites:
type : array
items:
type: string
siteReplicationAddRequest:
type: array
items:
$ref: "#/definitions/peerSite"
siteReplicationAddResponse:
type: object
properties:
success:
type: boolean
status:
type: string
errorDetail:
type: string
initialSyncErrorMessage:
type: string
siteReplicationInfoResponse:
type: object
properties:
enabled:
type: boolean
name:
type: string
sites :
type: array
items:
$ref: "#/definitions/peerInfo"
serviceAccountAccessKey:
type: string
updateUser:
type: object
required:
- status
- groups
properties:
status:
type: string
groups:
type: array
items:
type: string
bulkUserGroups:
type: object
required:
- users
- groups
properties:
users:
type: array
items:
type: string
groups:
type: array
items:
type: string
serviceAccounts:
type: array
items:
type: string
serviceAccountRequest:
type: object
properties:
policy:
type: string
title: "policy to be applied to the Service Account if any"
serviceAccountRequestCreds:
type: object
properties:
policy:
type: string
title: "policy to be applied to the Service Account if any"
accessKey:
type: string
secretKey:
type: string
serviceAccountCreds:
type: object
properties:
accessKey:
type: string
secretKey:
type: string
url:
type: string
remoteBucket:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: object
required:
- accessKey
- sourceBucket
- remoteARN
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
properties:
accessKey:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: string
minLength: 3
secretKey:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: string
minLength: 8
sourceBucket:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: string
targetURL:
type: string
targetBucket:
type: string
remoteARN:
TLS with user provided certificates and KES support for MinIO (#213) This PR adds the following features: - Allow user to provide its own keypair certificates for enable TLS in MinIO - Allow user to configure data encryption at rest in MinIO with KES - Removes JWT schema for login and instead Console authentication will use encrypted session tokens Enable TLS between client and MinIO with user provided certificates Instead of using AutoCert feature now the user can provide `cert` and `key` via `tls` object, values must be valid `x509.Certificate` formatted files encoded in `base64` Enable encryption at rest configuring KES User can deploy KES via Console/Operator by defining the encryption object, AutoCert must be enabled or custom certificates for KES must be provided, KES support 3 KMS backends: `Vault`, `AWS KMS` and `Gemalto`, previous configuration of the KMS is necessary. eg of body request for create-tenant ``` { "name": "honeywell", "access_key": "minio", "secret_key": "minio123", "enable_mcs": false, "enable_ssl": false, "service_name": "honeywell", "zones": [ { "name": "honeywell-zone-1", "servers": 1, "volumes_per_server": 4, "volume_configuration": { "size": 256000000, "storage_class": "vsan-default-storage-policy" } } ], "namespace": "default", "tls": { "tls.crt": "", "tls.key": "" }, "encryption": { "server": { "tls.crt": "", "tls.key": "" }, "client": { "tls.crt": "", "tls.key": "" }, "vault": { "endpoint": "http://vault:8200", "prefix": "", "approle": { "id": "", "secret": "" } } } } ```
2020-07-30 17:49:56 -07:00
type: string
status:
type: string
service:
type: string
enum: [replication]
syncMode:
type: string
bandwidth:
type: integer
format: int64
healthCheckPeriod:
type: integer
createRemoteBucket:
required:
- accessKey
- secretKey
- targetURL
- sourceBucket
- targetBucket
properties:
accessKey:
type: string
minLength: 3
secretKey:
type: string
minLength: 8
targetURL:
type: string
sourceBucket:
type: string
targetBucket:
type: string
region:
type: string
syncMode:
type: string
enum:
- async
- sync
default: async
bandwidth:
type: integer
format: int64
healthCheckPeriod:
type: integer
format: int32
listRemoteBucketsResponse:
type: object
properties:
buckets:
type: array
items:
$ref: "#/definitions/remoteBucket"
title: list of remote buckets
total:
type: integer
format: int64
title: number of remote buckets accessible to user
bucketVersioningResponse:
type: object
properties:
is_versioned:
type: boolean
setBucketVersioning:
type: object
properties:
versioning:
type: boolean
bucketObLockingResponse:
type: object
properties:
object_locking_enabled:
type: boolean
logSearchResponse:
type: object
properties:
results:
type: object
title: list of log search responses
objectLegalHoldStatus:
type: string
enum:
- enabled
- disabled
putObjectLegalHoldRequest:
type: object
required:
- status
properties:
status:
$ref: "#/definitions/objectLegalHoldStatus"
2020-10-23 15:04:02 -07:00
objectRetentionMode:
type: string
enum:
- governance
- compliance
putObjectRetentionRequest:
type: object
required:
- mode
- expires
properties:
mode:
$ref: "#/definitions/objectRetentionMode"
expires:
type: string
governance_bypass:
type: boolean
putObjectTagsRequest:
type: object
properties:
tags:
additionalProperties:
type: string
putBucketTagsRequest:
type: object
properties:
tags:
additionalProperties:
type: string
objectRetentionUnit:
type: string
enum:
- days
- years
putBucketRetentionRequest:
type: object
required:
- mode
- unit
- validity
properties:
mode:
$ref: "#/definitions/objectRetentionMode"
unit:
$ref: "#/definitions/objectRetentionUnit"
validity:
type: integer
format: int32
getBucketRetentionConfig:
type: object
properties:
mode:
$ref: "#/definitions/objectRetentionMode"
unit:
$ref: "#/definitions/objectRetentionUnit"
validity:
type: integer
format: int32
bucketLifecycleResponse:
type: object
properties:
lifecycle:
type: array
items:
$ref: "#/definitions/objectBucketLifecycle"
expirationResponse:
type: object
properties:
date:
type: string
days:
type: integer
format: int64
delete_marker:
type: boolean
noncurrent_expiration_days:
type: integer
format: int64
transitionResponse:
type: object
properties:
date:
type: string
storage_class:
type: string
days:
type: integer
format: int64
noncurrent_transition_days:
type: integer
format: int64
noncurrent_storage_class:
type: string
lifecycleTag:
type: object
properties:
key:
type: string
value:
type: string
objectBucketLifecycle:
type: object
properties:
id:
type: string
prefix:
type: string
status:
type: string
expiration:
$ref: "#/definitions/expirationResponse"
transition:
$ref: "#/definitions/transitionResponse"
tags:
type: array
items:
$ref: "#/definitions/lifecycleTag"
addBucketLifecycle:
type: object
properties:
type:
description: ILM Rule type (Expiry or transition)
type: string
enum:
- expiry
- transition
prefix:
description: Non required field, it matches a prefix to perform ILM operations on it
type: string
tags:
description: Non required field, tags to match ILM files
type: string
expiry_days:
description: Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
type: integer
format: int32
default: 0
transition_days:
description: Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
type: integer
format: int32
default: 0
storage_class:
description: Required only in case of transition is set. it refers to a tier
type: string
disable:
description: Non required, toggle to disable or enable rule
type: boolean
expired_object_delete_marker:
description: Non required, toggle to disable or enable rule
type: boolean
noncurrentversion_expiration_days:
description: Non required, can be set in case of expiration is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_days:
description: Non required, can be set in case of transition is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_storage_class:
description: Non required, can be set in case of transition is enabled
type: string
updateBucketLifecycle:
type: object
required:
- type
properties:
type:
description: ILM Rule type (Expiry or transition)
type: string
enum:
- expiry
- transition
prefix:
description: Non required field, it matches a prefix to perform ILM operations on it
type: string
tags:
description: Non required field, tags to match ILM files
type: string
expiry_days:
description: Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
type: integer
format: int32
default: 0
transition_days:
description: Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
type: integer
format: int32
default: 0
storage_class:
description: Required only in case of transition is set. it refers to a tier
type: string
disable:
description: Non required, toggle to disable or enable rule
type: boolean
expired_object_delete_marker:
description: Non required, toggle to disable or enable rule
type: boolean
noncurrentversion_expiration_days:
description: Non required, can be set in case of expiration is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_days:
description: Non required, can be set in case of transition is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_storage_class:
description: Non required, can be set in case of transition is enabled
type: string
addMultiBucketLifecycle:
type: object
required:
- buckets
- type
properties:
buckets:
type: array
items:
type: string
type:
description: ILM Rule type (Expiry or transition)
type: string
enum:
- expiry
- transition
prefix:
description: Non required field, it matches a prefix to perform ILM operations on it
type: string
tags:
description: Non required field, tags to match ILM files
type: string
expiry_days:
description: Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
type: integer
format: int32
default: 0
transition_days:
description: Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
type: integer
format: int32
default: 0
storage_class:
description: Required only in case of transition is set. it refers to a tier
type: string
expired_object_delete_marker:
description: Non required, toggle to disable or enable rule
type: boolean
noncurrentversion_expiration_days:
description: Non required, can be set in case of expiration is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_days:
description: Non required, can be set in case of transition is enabled
type: integer
format: int32
default: 0
noncurrentversion_transition_storage_class:
description: Non required, can be set in case of transition is enabled
type: string
multicycleResultItem:
type: object
properties:
bucketName:
type: string
error:
type: string
multiLifecycleResult:
properties:
results:
type: array
items:
$ref: "#/definitions/multicycleResultItem"
prefixAccessPair:
type: object
properties:
prefix:
type: string
access:
type: string
prefixWrapper:
type: object
properties:
prefix:
type: string
setConfigResponse:
type: object
properties:
restart:
description: Returns wheter server needs to restart to apply changes or not
type: boolean
license:
type: object
properties:
email:
type: string
organization:
type: string
account_id:
type: integer
storage_capacity:
type: integer
plan:
type: string
expires_at:
type: string
policyArgs:
type: object
properties:
id:
type: string
action:
type: string
bucket_name:
type: string
tier_s3:
type: object
properties:
name:
type: string
endpoint:
type: string
accesskey:
type: string
secretkey:
type: string
bucket:
type: string
prefix:
type: string
region:
type: string
storageclass:
type: string
usage:
type: string
objects:
type: string
versions:
type: string
tier_azure:
type: object
properties:
name:
type: string
endpoint:
type: string
accountname:
type: string
accountkey:
type: string
bucket:
type: string
prefix:
type: string
region:
type: string
usage:
type: string
objects:
type: string
versions:
type: string
tier_gcs:
type: object
properties:
name:
type: string
endpoint:
type: string
creds:
type: string
bucket:
type: string
prefix:
type: string
region:
type: string
usage:
type: string
objects:
type: string
versions:
type: string
deleteFile:
type: object
properties:
path:
type: string
versionID:
type: string
recursive:
type: boolean
tier:
type: object
properties:
type:
type: string
enum:
- s3
- gcs
- azure
- unsupported
s3:
type: object
$ref: "#/definitions/tier_s3"
gcs:
type: object
$ref: "#/definitions/tier_gcs"
azure:
type: object
$ref: "#/definitions/tier_azure"
tierListResponse:
type: object
properties:
items:
type: array
items:
$ref: "#/definitions/tier"
tierCredentialsRequest:
type: object
properties:
access_key:
type: string
secret_key:
type: string
creds:
type: string
description: a base64 encoded value
rewindItem:
type: object
properties:
last_modified:
type: string
size:
type: integer
format: int64
version_id:
type: string
delete_flag:
type: boolean
action:
type: string
name:
type: string
rewindResponse:
type: object
properties:
objects:
type: array
items:
$ref: "#/definitions/rewindItem"
iamPolicy:
type: object
properties:
version:
type: string
statement:
type: array
items:
$ref: "#/definitions/iamPolicyStatement"
iamPolicyStatement:
type: object
properties:
effect:
type: string
action:
type: array
items:
type: string
resource:
type: array
items:
type: string
condition:
type: object
additionalProperties:
type: object
metadata:
type: object
properties:
objectMetadata:
type: object
additionalProperties: true
subnetLoginResponse:
type: object
properties:
access_token:
type: string
organizations:
type: array
items:
$ref: "#/definitions/subnetOrganization"
mfa_token:
type: string
registered:
type: boolean
subnetLoginRequest:
type: object
properties:
username:
type: string
password:
type: string
apiKey:
type: string
subnetLoginMFARequest:
type: object
required:
- username
- otp
- mfa_token
properties:
username:
type: string
otp:
type: string
mfa_token:
type: string
subnetRegisterRequest:
type: object
required:
- token
- account_id
properties:
token:
type: string
account_id:
type: string
SubnetRegTokenResponse:
type: object
properties:
regToken:
type: string
subnetOrganization:
type: object
properties:
userId:
type: integer
accountId:
type: integer
subscriptionStatus:
type: string
isAccountOwner:
type: boolean
company:
type: string
shortName:
2022-01-31 09:10:06 -08:00
type: string
checkVersionResponse:
type: object
properties:
current_version:
type: string
latest_version:
type: string