RELEASE: Multiple Issues (#647)

Closes #639 
Closes #635 
Partially Addresses #590 

- MINIO #16026 https://github.com/minio/minio/pull/16026
- MINIO #16044 https://github.com/minio/minio/pull/16044
- MINIO #16035 https://github.com/minio/minio/pull/16035
- CONSOLE #2428 https://github.com/minio/console/pull/2428

Other Fixes:

- Removes admonition about IDP interactions (multi-IDP support)
- Update Console screenshots and overview page to cover layout changes
- Partial fix for DOCS #590 (Policy now under Identity section)

source/operations/external-iam/configure-ad-ldap-external-identity-management.rst

@@ -55,7 +55,7 @@ Instructions on configuring AD/LDAP are out of scope for this procedure.
    - For AD/LDAP deployments external to the Kubernetes cluster, you must ensure the cluster supports routing communications between Kubernetes services and pods and the external network.
      This may require configuration or deployment of additional Kubernetes network components and/or enabling access to the public internet.
 
-MinIO requires a read-only service account with which it :ref:`binds <minio-external-identity-management-ad-ldap-lookup-bind>` to perform authenticated user and group queries.
+MinIO requires a read-only access keys with which it :ref:`binds <minio-external-identity-management-ad-ldap-lookup-bind>` to perform authenticated user and group queries.
 
 Ensure each AD/LDAP user and group intended for use with MinIO has a corresponding :ref:`policy <minio-external-identity-management-ad-ldap-access-control>` on the MinIO deployment. 
 An AD/LDAP user with no assigned policy *and* with membership in groups with no assigned policy has no permission to access any action or resource on the MinIO cluster.
@@ -222,8 +222,8 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
    user is :ref:`authorized 
    <minio-external-identity-management-ad-ldap-access-control>`. 
 
-   You can also create :ref:`service accounts <minio-idp-service-account>` for
-   supporting applications which must perform operations on MinIO. Service accounts
+   You can also create :ref:`access keys <minio-idp-service-account>` for
+   supporting applications which must perform operations on MinIO. Access Keys
    are long-lived credentials which inherit their privileges from the parent user.
    The parent user can further restrict those privileges while creating the service
    account. 

source/operations/external-iam/configure-openid-external-identity-management.rst

@@ -19,7 +19,7 @@ The procedure on this page provides instructions for:
 .. cond:: k8s
 
    - Configuring a MinIO Tenant to use an external OIDC provider.
-   - Accessing the Tenant Console using AD/LDAP Credentials.
+   - Accessing the Tenant Console using OIDC Credentials.
    - Using the MinIO ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications.
 
 .. cond:: linux or container or macos or windows
@@ -66,7 +66,7 @@ An OpenID user with no assigned policy has no permission to access any action or
 
    This procedure assumes your Kubernetes cluster has sufficient resources to  :ref:`deploy a new MinIO Tenant <minio-k8s-deploy-minio-tenant>`.
 
-   You can also use this procedure as guidance for modifying an existing MinIO Tenant to enable AD/LDAP Identity Management.
+   You can also use this procedure as guidance for modifying an existing MinIO Tenant to enable OIDC Identity Management.
 
 .. cond:: linux or container or macos or windows
 
@@ -215,8 +215,8 @@ An OpenID user with no assigned policy has no permission to access any action or
    user is :ref:`authorized 
    <minio-external-identity-management-openid-access-control>`. 
 
-   You can also create :ref:`service accounts <minio-idp-service-account>` for
-   supporting applications which must perform operations on MinIO. Service accounts
+   You can also create :ref:`access keys <minio-idp-service-account>` for
+   supporting applications which must perform operations on MinIO. Access Keys
    are long-lived credentials which inherit their privileges from the parent user.
    The parent user can further restrict those privileges while creating the service
    account. 

source/operations/install-deploy-manage/multi-site-replication.rst

@@ -48,9 +48,9 @@ After enabling site replication, identity and access management (IAM) settings s
       #. Policies
       #. User accounts (for local users)
       #. Groups
-      #. Service accounts
+      #. Access Keys
          
-         Service accounts for ``root`` do not sync.
+         Access Keys for ``root`` do not sync.
 
       #. Policy mapping for synced user accounts
       #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
@@ -58,7 +58,7 @@ After enabling site replication, identity and access management (IAM) settings s
    .. tab-item:: OIDC
 
       #. Policies
-      #. Service accounts associated to OIDC accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` service accounts do not sync.
+      #. Access Keys associated to OIDC accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` access keys do not sync.
       #. Policy mapping for synced user accounts
       #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
 
@@ -66,7 +66,7 @@ After enabling site replication, identity and access management (IAM) settings s
 
       #. Policies
       #. Groups
-      #. Service accounts associated to LDAP accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` service accounts do not sync.
+      #. Access Keys associated to LDAP accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` access keys do not sync.
       #. Policy mapping for synced user accounts
       #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
 

source/operations/monitoring/metrics-and-alerts.rst

@@ -138,6 +138,8 @@ These metrics are only populated for MinIO clusters with
    Total number of replication operations failed for a given bucket.
    You can identify the bucket using the ``{ bucket="STRING" }`` label.
 
+.. _minio-metrics-and-alerts-capacity:
+
 Capacity Metrics
 ~~~~~~~~~~~~~~~~
 
@@ -172,6 +174,8 @@ Capacity Metrics
    Total storage used on a specific drive for a node in a MinIO deployment. 
    You can identify the drive and node using the ``{ disk="/path/to/disk",server="STRING"}`` labels respectively.
 
+.. _minio-metrics-and-alerts-lifecycle-management:
+
 Lifecycle Management Metrics
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -240,6 +244,31 @@ Node and Drive Health Metrics
    Time elapsed (in nano seconds) since last self healing activity. This is set
    to -1 until initial self heal
 
+Notification Queue Metrics
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. metric:: minio_audit_target_queue_length
+
+   Total number of unsent audit messages in the queue.
+
+.. metric:: minio_audit_total_messages
+
+   Total number of audit messages sent since last server start.
+
+.. metric:: minio_audit_failed_messages
+
+   Total number of audit messages which failed to send since last server start.
+
+.. metric:: minio_notify_current_send_in_progress
+
+   Total number of notification messages in progress to configured targets.
+
+.. metric:: minio_notify_target_queue_length
+
+   Total number of unsent notification messages in the queue.
+
+.. _minio-metrics-and-alerts-scanner:
+
 Scanner Metrics
 ~~~~~~~~~~~~~~~
 

source/operations/server-side-encryption/configure-minio-kes-gcp.rst

@@ -151,7 +151,7 @@ configurations:
 
   The ``Secret manager Admin`` role meets the minimum required permissions.
 
-  GCP should return a set of credentials associated to the new service account,
+  GCP should return a set of credentials associated to the new access keys,
   including private keys. Copy these credentials to a safe and secure location
   for use with this procedure.