minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity

RELEASE: Multiple Issues (#647)

Browse Source 
Closes #639 
Closes #635 
Partially Addresses #590 

- MINIO #16026 https://github.com/minio/minio/pull/16026
- MINIO #16044 https://github.com/minio/minio/pull/16044
- MINIO #16035 https://github.com/minio/minio/pull/16035
- CONSOLE #2428 https://github.com/minio/console/pull/2428

Other Fixes:

- Removes admonition about IDP interactions (multi-IDP support)
- Update Console screenshots and overview page to cover layout changes
- Partial fix for DOCS #590 (Policy now under Identity section)
This commit is contained in:
Ravind Kumar
2022-11-23 14:51:47 -05:00
committed by GitHub
parent a31e3e7c8e
commit 1cfda2e9dc
58 changed files with 247 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
source/operations/external-iam/configure-ad-ldap-external-identity-management.rst
View File

@ -55,7 +55,7 @@ Instructions on configuring AD/LDAP are out of scope for this procedure.
- For AD/LDAP deployments external to the Kubernetes cluster, you must ensure the cluster supports routing communications between Kubernetes services and pods and the external network.
This may require configuration or deployment of additional Kubernetes network components and/or enabling access to the public internet.
MinIO requires a read-only service account with which it :ref:`binds <minio-external-identity-management-ad-ldap-lookup-bind>` to perform authenticated user and group queries.
MinIO requires a read-only access keys with which it :ref:`binds <minio-external-identity-management-ad-ldap-lookup-bind>` to perform authenticated user and group queries.
Ensure each AD/LDAP user and group intended for use with MinIO has a corresponding :ref:`policy <minio-external-identity-management-ad-ldap-access-control>` on the MinIO deployment.
An AD/LDAP user with no assigned policy *and* with membership in groups with no assigned policy has no permission to access any action or resource on the MinIO cluster.
@ -222,8 +222,8 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no
user is :ref:`authorized
<minio-external-identity-management-ad-ldap-access-control>`.
You can also create :ref:`service accounts <minio-idp-service-account>` for
supporting applications which must perform operations on MinIO. Service accounts
You can also create :ref:`access keys <minio-idp-service-account>` for
supporting applications which must perform operations on MinIO. Access Keys
are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the service
account.

8
source/operations/external-iam/configure-openid-external-identity-management.rst
View File

@ -19,7 +19,7 @@ The procedure on this page provides instructions for:
.. cond:: k8s
- Configuring a MinIO Tenant to use an external OIDC provider.
- Accessing the Tenant Console using AD/LDAP Credentials.
- Accessing the Tenant Console using OIDC Credentials.
- Using the MinIO ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications.
.. cond:: linux or container or macos or windows
@ -66,7 +66,7 @@ An OpenID user with no assigned policy has no permission to access any action or
This procedure assumes your Kubernetes cluster has sufficient resources to :ref:`deploy a new MinIO Tenant <minio-k8s-deploy-minio-tenant>`.
You can also use this procedure as guidance for modifying an existing MinIO Tenant to enable AD/LDAP Identity Management.
You can also use this procedure as guidance for modifying an existing MinIO Tenant to enable OIDC Identity Management.
.. cond:: linux or container or macos or windows
@ -215,8 +215,8 @@ An OpenID user with no assigned policy has no permission to access any action or
user is :ref:`authorized
<minio-external-identity-management-openid-access-control>`.
You can also create :ref:`service accounts <minio-idp-service-account>` for
supporting applications which must perform operations on MinIO. Service accounts
You can also create :ref:`access keys <minio-idp-service-account>` for
supporting applications which must perform operations on MinIO. Access Keys
are long-lived credentials which inherit their privileges from the parent user.
The parent user can further restrict those privileges while creating the service
account.