minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Move reference docs for mc admin idp commands to mc idp (#873)

Browse Source 
All the `mc admin idp *` commands have been renamed `mc idp *`.
Deprecate everything under `mc admin idp` and create pages for their new
names in the MinIO Client section.

Affects the following commands and subcommands;
* `mc admin idp ldap`
* `mc admin idp openid`
*  `mc admin idp ldap policy`

The new pages maintain the existing content and page structure. New
pages for each subcommand are out of scope for this PR.

Partly addresses https://github.com/minio/docs/issues/859 and
https://github.com/minio/docs/issues/866

Staged:

http://192.241.195.202:9000/staging/DOCS-859-part-2-idp/linux/html/reference/minio-mc.html

http://192.241.195.202:9000/staging/DOCS-859-part-2-idp/linux/html/reference/minio-mc-admin.html

http://192.241.195.202:9000/staging/DOCS-859-part-2-idp/linux/html/reference/minio-mc-deprecated.html

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Andrea Longo
2023-06-08 11:58:22 -06:00
committed by GitHub
parent 7f200b96b6
commit 4c735072f7
24 changed files with 942 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
source/reference/deprecated/mc-admin-idp-ldap-policy.rst Normal file
View File

@ -0,0 +1,196 @@
.. _minio-mc-admin-idp-ldap-policy:
============================
``mc admin idp ldap policy``
============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin idp ldap policy
.. versionchanged:: RELEASE.2023-05-26T23-31-54Z
``mc admin idp ldap policy`` has moved to :mc-cmd:`mc idp ldap policy`.
Description
-----------
.. start-mc-admin-idp-ldap-policy-desc
The :mc-cmd:`mc admin idp ldap policy` command allows you to view the mapping relationships between policies and the associated groups or users.
.. end-mc-admin-idp-ldap-policy-desc
The :mc-cmd:`mc admin idp ldap policy` command has the following subcommands:
.. list-table::
:header-rows: 1
:widths: 40 60
* - Subcommand
- Description
* - :mc-cmd:`mc admin idp ldap policy attach`
- Attach a policy to an entity
* - :mc-cmd:`mc admin idp ldap policy detach`
- Detach a policy from an entity
* - :mc-cmd:`mc admin idp ldap policy entities`
- List policy entity mappings
Syntax
------
.. mc-cmd:: attach
Attach one or more polices to entity.
.. tab-set::
.. tab-item:: EXAMPLES
The following example attaches two policies, ``policy1`` and ``policy2``, to the ``projectb`` group on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap policy attach myminio/ \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
The following example attaches the policy, ``userpolicy``, to the user ``bobfisher`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap policy attach myminio/ \
mypolicy \
policy2 \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap policy attach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to attach to the entity.
You may list multiple policies to attach to the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. mc-cmd:: detach
Detach one or more policies from an entity.
.. tab-set::
.. tab-item:: EXAMPLES
The following example detaches two policies, ``policy1`` and ``policy2``, from the ``projectb`` group on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap policy detach myminio/ \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
The following example detaches the policy, ``userpolicy``, from the user ``bobfisher`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap policy detach myminio/ \
mypolicy \
policy2 \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap policy detach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to detach from the entity.
You may list multiple policies to detach from the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. mc-cmd:: entities
Display a list of mappings for a user, group, and/or policy.
.. tab-set::
.. tab-item:: EXAMPLES
The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment.
Specifically, it lists
- Users mapped to the ``finteam-policy`` policy.
- Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user
- Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group
.. code-block:: shell
:class: copyable
mc admin idp ldap policy entities myminio/ \
--policy finteam-policy \
--user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \
--group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap policy entities \
ALIAS \
[--user `value`, -u `value`] \
[--group `value`, -g `value`] \
[--policy value]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command.
- For each flag, the output lists the entities mapped to the specified policy, user, or group.
- Omit all flags to return a list of mappings for all policies.
Global Flags
------------
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals

294
source/reference/deprecated/mc-admin-idp-ldap.rst Normal file
View File

@ -0,0 +1,294 @@
.. _minio-mc-admin-idp-ldap:
=====================
``mc admin idp ldap``
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin idp ldap
.. versionchanged:: RELEASE.2023-05-26T23-31-54Z
``mc admin idp ldap`` and its subcommands have moved to :mc-cmd:`mc idp ldap`.
Description
-----------
.. start-mc-admin-idp-ldap-desc
The :mc-cmd:`mc admin idp ldap` commands allow you to add, modify, review, list, remove, enable, and disable server configurations to 3rd party :ref:`Active Directory or LDAP Identity and Access Management (IAM) integrations <minio-external-identity-management-ad-ldap>`.
.. end-mc-admin-idp-ldap-desc
Define configuration settings as an alternative to using environment variables when :ref:`setting up an AD/LDAP connection <minio-authenticate-using-ad-ldap-generic>`.
.. note::
Configuration settings do **not** override settings configured as environment variables.
The :mc-cmd:`mc admin idp ldap` command has the following subcommands:
.. list-table::
:header-rows: 1
:widths: 40 60
* - Subcommand
- Description
* - :mc-cmd:`mc admin idp ldap add`
- Create an AD/LDAP IDP server configuration.
* - :mc-cmd:`mc admin idp ldap update`
- Modify an existing AD/LDAP IDP server configuration.
* - :mc-cmd:`mc admin idp ldap ls`
- Lists AD/LDAP server configurations.
* - :mc-cmd:`mc admin idp ldap rm`
- Remove an AD/LDAP IDP server configuration from a deployment.
* - :mc-cmd:`mc admin idp ldap info`
- Displays details for a specific AD/LDAP server configuration.
* - :mc-cmd:`mc admin idp ldap enable`
- Enables an AD/LDAP server configuration.
* - :mc-cmd:`mc admin idp ldap disable`
- Disables an AD/LDAP server configuration.
* - :mc-cmd:`mc admin idp ldap policy entities`
- List policy association entities
Configuration Parameters
------------------------
The :mc-cmd:`mc admin idp ldap` subcommands support configuration parameters.
The parameters define the server's interaction with the Active Directory or LDAP IAM provider.
For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation <minio-ldap-config-settings>`.
Syntax
------
.. mc-cmd:: add
Create a new configuration for an AD/LDAP provider.
MinIO supports no more than *one* (1) AD/LDAP provider per deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap add \
myminio \
server_addr=myldapserver:636 \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret \
user_dn_search_base_dn=dc=min,dc=io \
user_dn_search_filter="(uid=%s)" \
group_search_base_dn=ou=swengg,dc=min,dc=io \
group_search_filter="(&(objectclass=groupofnames)(member=%d))"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap add \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to create for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. mc-cmd:: update
Modify an existing set of configurations for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap update \
myminio \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap update \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to update for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs to update in the format of ``PARAMETER="value"``.
.. mc-cmd:: ls, list
Lists the existing set of configurations for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap ls myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap ls ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to list the AD/LDAP integration.
.. mc-cmd:: rm, remove
Remove the existing configuration for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example removes the AD/LDAP provider settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap rm myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap rm \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to remove the AD/LDAP integration.
.. mc-cmd:: info
Outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap info myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap info \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to retrieve info on the AD/LDAP integration.
.. mc-cmd:: enable
Enables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example enables the AD/LDAP configuration on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap enable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap enable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to enable the AD/LDAP integration.
.. mc-cmd:: disable
Disables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example disables the AD/LDAP configurations on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap disable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap disable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to disable the AD/LDAP integration.
Global Flags
------------
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals

311
source/reference/deprecated/mc-admin-idp-openid.rst Normal file
View File

@ -0,0 +1,311 @@
.. _minio-mc-admin-idp-openid:
=======================
``mc admin idp openid``
=======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin idp openid
.. versionchanged:: RELEASE.2023-05-26T23-31-54Z
``mc admin idp openid`` and its subcommands have moved to :mc-cmd:`mc idp openid`.
Description
-----------
.. start-mc-admin-idp-openid-desc
The :mc-cmd:`mc admin idp openid` commands allow you to add, modify, review, list, remove, enable, and disable server configurations to 3rd party :ref:`OpenID Identity and Access Management (IAM) integrations <minio-external-identity-management-openid>`.
.. end-mc-admin-idp-openid-desc
Define configuration settings as an alternative to using environment variables when :ref:`setting up an OpenID connection <minio-external-identity-management-openid-configure>`.
The :mc-cmd:`mc admin idp openid` command has the following subcommands:
.. list-table::
:header-rows: 1
:widths: 40 60
* - Subcommand
- Description
* - :mc-cmd:`mc admin idp openid add`
- Create an OpenID IDP server configuration.
* - :mc-cmd:`mc admin idp openid update`
- Modify an existing OpenID IDP server configuration.
* - :mc-cmd:`mc admin idp openid rm`
- Remove an OpenID IDP server configuration from a deployment.
* - :mc-cmd:`mc admin idp openid ls`
- Outputs a list of the existing OpenID server configurations for a deployment.
* - :mc-cmd:`mc admin idp openid info`
- Displays details for a specific OpenID server configuration.
* - :mc-cmd:`mc admin idp openid enable`
- Enables an OpenID server configuration.
* - :mc-cmd:`mc admin idp openid disable`
- Disables an OpenID server configuration.
Configuration Parameters
------------------------
The :mc-cmd:`mc admin idp openid` subcommands support configuration parameters.
The parameters define the server's interaction with the IAM provider.
For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation <minio-open-id-config-settings>`.
Syntax
------
.. mc-cmd:: add
Create a new set of configurations for an OpenID provider.
You can run the command multiple times to set up multiple OpenID providers.
When adding multiple OpenID providers, only one can be a JWT Claim-based provider.
All others must be role-based providers.
.. tab-set::
.. tab-item:: EXAMPLE
The following example creates the configuration settings for the ``myminio`` deployment as defined in a new ``test-config`` setup for Dex integration.
.. code-block:: shell
:class: copyable
mc admin idp openid add myminio test-config \
client_id=minio-client-app \
client_secret=minio-client-app-secret \
config_url="http://localhost:5556/dex/.well-known/openid-configuration" \
scopes="openid,groups" \
redirect_uri="http://127.0.0.1:10000/oauth_callback" \
role_policy="consoleAdmin"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid add \
ALIAS \
[CFG_NAME] \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command creates default configuration values.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-open-id-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. mc-cmd:: update
Modify an existing set of configurations for an OpenID provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example changes two of the configuration settings for the ``myminio`` deployment as defined in the ``test-config`` setup for Dex integration.
.. code-block:: shell
:class: copyable
mc admin idp openid update \
myminio \
test_config \
scopes="openid,groups" \
role_policy="consoleAdmin"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid update \
ALIAS \
[CFG_NAME] \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command updates the default configuration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-open-id-config-settings>` key-value pairs to update in the format of ``PARAMETER="value"``.
.. mc-cmd:: rm, remove
Remove an existing set of configurations for an OpenID provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example removes the ``test-config`` settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp openid rm myminio test_config
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid rm \
ALIAS \
[CFG_NAME]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command removes the default configurations.
.. mc-cmd:: ls, list
Outputs a list of existing configuration sets for OpenID providers.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs a list of all OpenID configuration sets defined for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp openid ls myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid ls ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to list OpenID integrations for.
.. mc-cmd:: info
Outputs the set of values defined for an existing set of server configurations for an OpenID provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs the configuration settings defined for the ``test_config`` set of OpenID settings on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp openid info myminio test_config
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid info \
ALIAS \
[CFG_NAME]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the information displays for the default server configuration.
.. mc-cmd:: enable
Begin using an existing set of configurations for an OpenID provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example enables the server configurations defined as ``test_config`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp openid enable \
myminio \
test_config
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid enable \
ALIAS \
[CFG_NAME]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command enables the default configuration values.
.. mc-cmd:: disable
Stop using a set of configurations for an OpenID provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example disables the server configurations defined as ``test_config`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp openid disable \
myminio \
test_config
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp openid disable \
ALIAS \
[CFG_NAME]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for OpenID integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command disables the default configuration values.
Global Flags
------------
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals