minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

General work on releases (#797)

Browse Source 
Closes #750 
Closes #736 
Partially Address #767
This commit is contained in:
Ravind Kumar
2023-04-10 16:03:13 -04:00
committed by GitHub
parent ab49b29916
commit 8caa50e3d1
7 changed files with 194 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/reference/minio-mc-admin.rst
View File

@ -145,6 +145,11 @@ The following table lists :mc:`mc admin` commands:
:start-after: start-mc-admin-user-svcacct-desc
:end-before: end-mc-admin-user-svcacct-desc
* - :mc:`mc admin user sts`
- .. include:: /reference/minio-mc-admin/mc-admin-user-sts.rst
:start-after: start-mc-admin-user-sts-desc
:end-before: end-mc-admin-user-sts-desc
.. _mc-admin-install:
Installation

92
source/reference/minio-mc-admin/mc-admin-config.rst
View File

@ -1984,6 +1984,7 @@ configuration settings.
:class: copyable
mc admin config set identity_ldap \
enabled="true" \
server_addr="https://ad-ldap.example.net/" \
lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
lookup_bind_dn_password="userpassword" \
@ -1996,26 +1997,14 @@ configuration settings.
.. mc-conf:: server_addr
:delimiter: " "
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-server-addr
:end-before: end-minio-ad-ldap-server-addr
This environment configuration setting with the
:envvar:`MINIO_IDENTITY_LDAP_SERVER_ADDR` environment variable.
.. mc-conf:: sts_expiry
:delimiter: " "
*Optional*
*Required*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-sts-expiry
:end-before: end-minio-ad-ldap-sts-expiry
:start-after: start-minio-ad-ldap-server-addr
:end-before: end-minio-ad-ldap-server-addr
This environment configuration setting with the
:envvar:`MINIO_IDENTITY_LDAP_STS_EXPIRY` environment variable.
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_SERVER_ADDR` environment variable.
.. mc-conf:: lookup_bind_dn
:delimiter: " "
@ -2026,7 +2015,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-lookup-bind-dn
:end-before: end-minio-ad-ldap-lookup-bind-dn
This environment configuration setting with the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN` environment variable.
.. mc-conf:: lookup_bind_password
@ -2038,7 +2027,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-lookup-bind-password
:end-before: end-minio-ad-ldap-lookup-bind-password
This environment variable configuration setting the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD` environment variable.
.. mc-conf:: user_dn_search_base_dn
@ -2050,7 +2039,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-user-dn-search-base-dn
:end-before: end-minio-ad-ldap-user-dn-search-base-dn
This environment variable configuration setting the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN` environment variable.
.. mc-conf:: user_dn_search_filter
@ -2062,9 +2051,32 @@ configuration settings.
:start-after: start-minio-ad-ldap-user-dn-search-filter
:end-before: end-minio-ad-ldap-user-dn-search-filter
This environment variable configuration setting the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER` environment variable.
.. mc-conf:: enabled
:delimiter: " "
*Optional*
Set to ``false`` to disable the AD/LDAP configuration.
If ``false``, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider.
Defaults to ``true`` or "enabled".
.. mc-conf:: sts_expiry
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-sts-expiry
:end-before: end-minio-ad-ldap-sts-expiry
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_STS_EXPIRY` environment variable.
.. mc-conf:: username_format
:delimiter: " "
@ -2074,7 +2086,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-username-format
:end-before: end-minio-ad-ldap-username-format
This environment configuration setting with the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_USERNAME_FORMAT` environment variable.
.. mc-conf:: group_search_filter
@ -2086,7 +2098,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-group-search-filter
:end-before: end-minio-ad-ldap-group-search-filter
This environment variable configuration setting the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER` environment variable.
.. mc-conf:: group_search_base_dn
@ -2098,7 +2110,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-group-search-base-dn
:end-before: end-minio-ad-ldap-group-search-base-dn
This environment variable configuration setting the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN` environment variable.
.. mc-conf:: tls_skip_verify
@ -2110,7 +2122,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-tls-skip-verify
:end-before: end-minio-ad-ldap-tls-skip-verify
This environment configuration setting with the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY` environment variable.
.. mc-conf:: server_insecure
@ -2122,7 +2134,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-server-insecure
:end-before: end-minio-ad-ldap-server-insecure
This environment configuration setting with the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_SERVER_INSECURE` environment variable.
.. mc-conf:: server_starttls
@ -2134,7 +2146,7 @@ configuration settings.
:start-after: start-minio-ad-ldap-server-starttls
:end-before: end-minio-ad-ldap-server-starttls
This environment configuration setting with the
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_LDAP_SERVER_STARTTLS` environment variable.
.. mc-conf:: comment
@ -2190,9 +2202,22 @@ configuration settings.
This configuration setting corresponds with the
:envvar:`MINIO_IDENTITY_OPENID_CONFIG_URL` environment variable.
.. mc-conf:: enabled
:delimiter: " "
*Optional*
Set to ``false`` to disable the OpenID configuration.
Applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider if set to ``false``.
Defaults to ``true`` or "enabled".
.. mc-conf:: client_id
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-client-id
:end-before: end-minio-openid-client-id
@ -2203,6 +2228,8 @@ configuration settings.
.. mc-conf:: client_secret
:delimiter: " "
*Optional*
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-openid-client-secret
:end-before: end-minio-openid-client-secret
@ -2380,6 +2407,17 @@ See :ref:`minio-external-identity-management-plugin` for a tutorial on using the
:start-after: start-minio-identity-management-role-policy
:end-before: end-minio-identity-management-role-policy
.. mc-conf:: enabled
:delimiter: " "
*Optional*
Set to ``false`` to disable the identity provider configuration.
Applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider if set to ``false``.
Defaults to ``true`` or "enabled".
.. mc-conf:: token
:delimiter: " "

106
source/reference/minio-mc-admin/mc-admin-idp-ldap.rst
View File

@ -46,9 +46,6 @@ The :mc-cmd:`mc admin idp ldap` command has the following subcommands:
* - :mc-cmd:`mc admin idp ldap remove`
- Remove an AD/LDAP IDP server configuration from a deployment.
* - :mc-cmd:`mc admin idp ldap list`
- Outputs a list of the existing AD/LDAP server configurations for a deployment.
* - :mc-cmd:`mc admin idp ldap info`
- Displays details for a specific AD/LDAP server configuration.
@ -74,22 +71,20 @@ Syntax
.. mc-cmd:: add
Create a new set of configurations for an AD/LDAP provider.
You can run the command multiple times to set up multiple Active Directory or LDAP providers.
Create a new configuration for an AD/LDAP provider.
MinIO supports no more than *one* (1) AD/LDAP provider per deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example creates the configuration settings for the ``myminio`` deployment as defined in a new ``test-config`` setup for LDAP integration.
The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap add \
myminio \
test-config \
myminio \
server_addr=myldapserver:636 \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret \
@ -107,13 +102,10 @@ Syntax
mc [GLOBALFLAGS] admin idp ldap add \
ALIAS \
[CFG_NAME] \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command creates default configuration values.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to create for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. mc-cmd:: update
@ -124,14 +116,13 @@ Syntax
.. tab-item:: EXAMPLE
The following example changes two of the configuration settings for the ``myminio`` deployment as defined in the ``test-config`` setup for LDAP integration.
The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap update \
myminio \
test_config \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret
@ -144,29 +135,26 @@ Syntax
mc [GLOBALFLAGS] admin idp ldap update \
ALIAS \
[CFG_NAME] \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command updates the default configuration.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to update for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs to update in the format of ``PARAMETER="value"``.
.. mc-cmd:: remove
Remove an existing set of configurations for an AD/LDAP provider.
Remove the existing configuration for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example removes the ``test-config`` settings for the ``myminio`` deployment.
The following example removes the AD/LDAP provider settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap remove myminio test_config
mc admin idp ldap remove myminio
.. tab-item:: SYNTAX
@ -176,54 +164,25 @@ Syntax
:class: copyable
mc [GLOBALFLAGS] admin idp ldap remove \
ALIAS \
[CFG_NAME]
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command removes the default configurations.
.. mc-cmd:: list
Outputs a list of existing configuration sets for AD/LDAP providers.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs a list of all AD/LDAP configuration sets defined for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap list myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin idp ldap list ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to list AD/LDAP integration for.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to remove the AD/LDAP integration.
.. mc-cmd:: info
Outputs the set of values defined for an existing set of server configurations for an AD/LDAP provider.
Outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs the configuration settings defined for the ``test_config`` set of AD/LDAP settings on the ``myminio`` deployment.
The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap info myminio test_config
mc admin idp ldap info myminio
.. tab-item:: SYNTAX
@ -233,29 +192,25 @@ Syntax
:class: copyable
mc [GLOBALFLAGS] admin idp ldap info \
ALIAS \
[CFG_NAME]
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the information displays for the default server configuration.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to retrieve info on the AD/LDAP integration.
.. mc-cmd:: enable
Begin using an existing set of configurations for an AD/LDAP provider.
Enables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example enables the server configurations defined as ``test_config`` on the ``myminio`` deployment.
The following example enables the AD/LDAP configuration on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap enable \
myminio \
test_config
myminio
.. tab-item:: SYNTAX
@ -265,29 +220,25 @@ Syntax
:class: copyable
mc [GLOBALFLAGS] admin idp ldap enable \
ALIAS \
[CFG_NAME]
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command enables the default configuration values.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to enable the AD/LDAP integration.
.. mc-cmd:: disable
Stop using a set of configurations for an AD/LDAP provider.
Disables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example disables the server configurations defined as ``test_config`` on the ``myminio`` deployment.
The following example disables the AD/LDAP configurations on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc admin idp ldap disable \
myminio \
test_config
myminio
.. tab-item:: SYNTAX
@ -297,12 +248,9 @@ Syntax
:class: copyable
mc [GLOBALFLAGS] admin idp ldap disable \
ALIAS \
[CFG_NAME]
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``CFG_NAME`` with a unique string for this configuration.
If not specified, the command disables the default configuration values.
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to disable the AD/LDAP integration.
Global Flags
------------

89
source/reference/minio-mc-admin/mc-admin-user-sts.rst Normal file
View File

@ -0,0 +1,89 @@
.. _minio-mc-admin-user-sts:
=====================
``mc admin user sts``
=====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc admin user sts
Description
-----------
.. versionadded:: RELEASE.2023-02-16T19-20-11Z
.. start-mc-admin-user-sts-desc
The :mc:`mc admin user sts` command operates on credentials generated using a :ref:`Security Token Service (STS) <minio-security-token-service>` API.
.. end-mc-admin-user-sts-desc
:abbr:`STS (Security Token Service)` credentials provide temporary access to the MinIO deployment.
.. admonition:: Use ``mc admin`` on MinIO Deployments Only
:class: note
.. include:: /includes/facts-mc-admin.rst
:start-after: start-minio-only
:end-before: end-minio-only
The :mc:`mc admin user sts` command has the following subcommands:
.. list-table::
:header-rows: 1
:widths: 40 60
* - Subcommand
- Description
* - :mc-cmd:`mc admin user sts info`
- Retrieves information on the specified STS credential, including the parent user who generated the credentials and it's attached policies.
Syntax
------
.. mc-cmd:: info
:fullpath:
Retrieves information on the specified STS credential, such as the parent user who generated the credentials.
.. tab-set::
.. tab-item:: EXAMPLE
The following command retrieves information on the STS credentials with specified access key:
.. code-block:: shell
:class: copyable
mc admin user sts info myminio/ "J123C4ZXEQN8RK6ND35I"
.. tab-item:: SYNTAX
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] admin user sts info \
[--policy] \
ALIAS \
STSACCESSKEY
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which the STS credentials were generated.
.. mc-cmd:: STSACCESSKEY
:required:
The access key for the STS credentials.
.. mc-cmd:: --policy
:optional:
Prints the policy attached to the specified STS credentials in JSON format.