From 9db99342d4b4bc67a086bd8cd11bb84646fb2ae5 Mon Sep 17 00:00:00 2001 From: Daryl White <53910321+djwfyi@users.noreply.github.com> Date: Tue, 6 Dec 2022 17:41:33 -0600 Subject: [PATCH] MinIO Nov 2022 releases updates (#658) Updates docs for various releases through November 2022. ## Updates for mc RELEASE.2022-11-17T21-20-39Z - Creates `mc admin idp ldap policy entities` section - Corrects incorrect `--tier` flag in `mc ilm add` - Adds info to `mc ilm ls` about new tabular format of output Closes #645 - Adds info about modifying endpoints for distributed endpoits. Partially addresses #644 ## Updates for Bugfix [minio RELEASE.2022-11-29T23-40-49Z](https://github.com/minio/minio/releases/tag/RELEASE.2022-11-29T23-40-49Z) - Adds information about the --remove flag dropping data directories as well and running on a per-drive basis [PR 16122](https://github.com/minio/minio/pull/16122) - Adds note that MinIO only supports one JWT based OpenID provider [PR #16145](https://github.com/minio/minio/pull/16145) Note: There was no Docs issue to track this release. ## Other fix: - Minor correction to Admin Trace - Clarifies that mc admin idp ldap policy entities command is cumulative, not exclusive when using multiple flags ## Add additional `mc admin config` commands - Adds three additional commands. - Notes under several commands that environment variables override config keys. Closes #653 --- .../minio-mc-admin/mc-admin-config.rst | 31 ++++++- .../minio-mc-admin/mc-admin-heal.rst | 2 +- .../mc-admin-idp-ldap-policy.rst | 87 +++++++++++++++++++ .../minio-mc-admin/mc-admin-idp-ldap.rst | 8 +- .../minio-mc-admin/mc-admin-idp-openid.rst | 3 + .../minio-mc-admin/mc-admin-trace.rst | 2 +- source/reference/minio-mc/mc-ilm-add.rst | 6 +- source/reference/minio-mc/mc-ilm-ls.rst | 50 +++++++++-- 8 files changed, 169 insertions(+), 20 deletions(-) create mode 100644 source/reference/minio-mc-admin/mc-admin-idp-ldap-policy.rst diff --git a/source/reference/minio-mc-admin/mc-admin-config.rst b/source/reference/minio-mc-admin/mc-admin-config.rst index 27dd52bb..31b7c390 100644 --- a/source/reference/minio-mc-admin/mc-admin-config.rst +++ b/source/reference/minio-mc-admin/mc-admin-config.rst @@ -38,24 +38,47 @@ Syntax .. mc-cmd:: set :fullpath: - Sets a :ref:`configuration key ` on the - MinIO deployment. + Sets a :ref:`configuration key ` on the MinIO deployment. + Configurations defined by environment variables override configurations defined by this command. + + For distributed deployments, use to modify existing endpoints. + + Endpoints using the http protocol can be either the hostname or IP address, and they may use either ``http`` or ``https``. .. mc-cmd:: get :fullpath: - Gets a :ref:`configuration key ` on the - MinIO deployment. + Gets a :ref:`configuration key ` on the MinIO deployment created using `mc admin config set`. .. mc-cmd:: export :fullpath: Exports any configuration settings created using `mc admin config set`. +.. mc-cmd:: history + :fullpath: + + Lists the history of changes made to configuration keys by `mc admin config`. + + Configurations defined by environment variables do not show. + .. mc-cmd:: import :fullpath: Imports configuration settings exported using `mc admin config export`. + +.. mc-cmd:: reset + :fullpath: + + Resets config to defaults. + Configurations defined in environment variables are not affected. + +.. mc-cmd:: restore + :fullpath: + + Roll back changes to configuration keys to a previous point in history. + + Does not affect configurations defined by environment variables. .. _minio-server-configuration-settings: diff --git a/source/reference/minio-mc-admin/mc-admin-heal.rst b/source/reference/minio-mc-admin/mc-admin-heal.rst index de0ede8f..1f30c054 100644 --- a/source/reference/minio-mc-admin/mc-admin-heal.rst +++ b/source/reference/minio-mc-admin/mc-admin-heal.rst @@ -93,4 +93,4 @@ Syntax .. mc-cmd:: --remove - Removes dangling objects in the healing process. + Removes dangling objects and data directories in the healing process not referenced by the metadata on a per-drive basis. diff --git a/source/reference/minio-mc-admin/mc-admin-idp-ldap-policy.rst b/source/reference/minio-mc-admin/mc-admin-idp-ldap-policy.rst new file mode 100644 index 00000000..2afae142 --- /dev/null +++ b/source/reference/minio-mc-admin/mc-admin-idp-ldap-policy.rst @@ -0,0 +1,87 @@ +.. _minio-mc-admin-idp-ldap-policy: + +============================ +``mc admin idp ldap policy`` +============================ + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc admin idp ldap policy + +Description +----------- + +.. start-mc-admin-idp-ldap-policy-desc + +The :mc-cmd:`mc admin idp ldap policy` command allows you to view the mapping relationships between policies and the associated groups or users. + +.. end-mc-admin-idp-ldap-policy-desc + + +The :mc-cmd:`mc admin idp ldap policy` command has the following subcommands: + +.. list-table:: + :header-rows: 1 + :widths: 40 60 + + * - Subcommand + - Description + + * - :mc-cmd:`mc admin idp ldap policy entities` + - List policy entity mappings + +Syntax +------ + +.. mc-cmd:: entities + + Display a list of mappings for a user, group, and/or policy. + + .. tab-set:: + + .. tab-item:: EXAMPLES + + The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment. + + Specifically, it lists + - Users mapped to the ``finteam-policy`` policy. + - Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user + - Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group + + .. code-block:: shell + :class: copyable + + mc admin idp ldap policy entities myminio/ \ + --policy finteam-policy \ + --user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \ + --group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] admin idp ldap policy entities \ + ALIAS \ + [--user `value`, -u `value`] \ + [--group `value`, -g `value`] \ + [--policy value] + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. + - You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command. + - For each flag, the output lists the entities mapped to the specified policy, user, or group. + - Omit all flags to return a list of mappings for all policies. + + +Global Flags +------------ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals \ No newline at end of file diff --git a/source/reference/minio-mc-admin/mc-admin-idp-ldap.rst b/source/reference/minio-mc-admin/mc-admin-idp-ldap.rst index 9c94503e..8a84051f 100644 --- a/source/reference/minio-mc-admin/mc-admin-idp-ldap.rst +++ b/source/reference/minio-mc-admin/mc-admin-idp-ldap.rst @@ -58,6 +58,9 @@ The :mc-cmd:`mc admin idp ldap` command has the following subcommands: * - :mc-cmd:`mc admin idp ldap disable` - Disables an AD/LDAP server configuration. + * - :mc-cmd:`mc admin idp ldap policy entities` + - List policy association entities + Configuration Parameters ------------------------ @@ -301,11 +304,10 @@ Syntax - Replace ``CFG_NAME`` with a unique string for this configuration. If not specified, the command disables the default configuration values. - - Global Flags ------------ .. include:: /includes/common-minio-mc.rst :start-after: start-minio-mc-globals - :end-before: end-minio-mc-globals \ No newline at end of file + :end-before: end-minio-mc-globals + diff --git a/source/reference/minio-mc-admin/mc-admin-idp-openid.rst b/source/reference/minio-mc-admin/mc-admin-idp-openid.rst index 243e38d8..03dd3065 100644 --- a/source/reference/minio-mc-admin/mc-admin-idp-openid.rst +++ b/source/reference/minio-mc-admin/mc-admin-idp-openid.rst @@ -71,6 +71,9 @@ Syntax You can run the command multiple times to set up multiple OpenID providers. + When adding multiple OpenID providers, only one can be a JWT Claim-based provider. + All others must be role-based providers. + .. tab-set:: .. tab-item:: EXAMPLE diff --git a/source/reference/minio-mc-admin/mc-admin-trace.rst b/source/reference/minio-mc-admin/mc-admin-trace.rst index 005bf0fb..b10483f3 100644 --- a/source/reference/minio-mc-admin/mc-admin-trace.rst +++ b/source/reference/minio-mc-admin/mc-admin-trace.rst @@ -56,7 +56,7 @@ Use :mc-cmd:`mc admin trace` to monitor API operations that return a service una See Console Trace for a Path ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Use :mc-cmd:`mc admin trace` to monitory activity for a specific path: +Use :mc-cmd:`mc admin trace` to monitor activity for a specific path: .. code-block:: shell :class: copyable diff --git a/source/reference/minio-mc/mc-ilm-add.rst b/source/reference/minio-mc/mc-ilm-add.rst index faa2f956..5548c4e8 100644 --- a/source/reference/minio-mc/mc-ilm-add.rst +++ b/source/reference/minio-mc/mc-ilm-add.rst @@ -36,7 +36,7 @@ The command supports adding both :ref:`Transition (Tiering) ` and full path to the bucket on the MinIO + The :ref:`alias ` and full path to the bucket on the MinIO deployment for which to list the object lifecycle management rules. For example: @@ -63,18 +98,17 @@ Parameters .. mc-cmd:: --expiry + :optional: - *Optional* :mc:`mc ilm ls` returns only fields related to lifecycle rule - expiration. + :mc:`mc ilm ls` returns only fields related to lifecycle rule expiration. Mutually exclusive with :mc-cmd:`~mc ilm ls --transition`. .. mc-cmd:: --transition - + :optional: - *Optional* :mc:`mc ilm ls` returns only fields related to lifecycle rule - transition. + :mc:`mc ilm ls` returns only fields related to lifecycle rule transition. Mutually exclusive with :mc-cmd:`~mc ilm ls --expiry`.