From afc7a03071249555bd6b3b68997aae94b7f032ad Mon Sep 17 00:00:00 2001 From: Andrea Longo Date: Wed, 14 Jun 2023 15:32:03 -0600 Subject: [PATCH] Docs 860 part1: max policy document size, webhook metrics (#882) Docs updates for two items from [MinIO RELEASE.2023-05-18T00-05-36Z](https://github.com/minio/docs/issues/860): * Max policy size of 2KiB for service accounts I _think_ this change now means json policy documents have the same max size in all cases. The limit wasn't documented previously. This change adds max size info throughout, not only for service accounts. * Webhook usage metrics Staged: http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-add.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-edit.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-policy-create.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/administration/identity-access-management/policy-based-access-control.html#policy-document-structure Partly addresses https://github.com/minio/docs/issues/860 --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com> --- .../policy-based-access-control.rst | 3 ++- .../monitoring/publish-events-to-webhook.rst | 6 ++++++ .../monitoring/metrics-and-alerts.rst | 21 +++++++++++++++++++ .../minio-mc-admin/mc-admin-policy-create.rst | 4 ++-- .../mc-admin-user-svcacct-add.rst | 3 ++- .../mc-admin-user-svcacct-edit.rst | 2 +- 6 files changed, 34 insertions(+), 5 deletions(-) diff --git a/source/administration/identity-access-management/policy-based-access-control.rst b/source/administration/identity-access-management/policy-based-access-control.rst index 53f0f5df..c5c379bf 100644 --- a/source/administration/identity-access-management/policy-based-access-control.rst +++ b/source/administration/identity-access-management/policy-based-access-control.rst @@ -159,7 +159,8 @@ MinIO policy documents use the same schema as The following sample document provides a template for creating custom policies for use with a MinIO deployment. For more complete documentation on IAM policy elements, see the :aws-docs:`IAM JSON Policy Elements Reference -`. +`. +The maximum size for a policy document is 2048 characters. .. code-block:: javascript :class: copyable diff --git a/source/administration/monitoring/publish-events-to-webhook.rst b/source/administration/monitoring/publish-events-to-webhook.rst index 82981ce7..404021b9 100644 --- a/source/administration/monitoring/publish-events-to-webhook.rst +++ b/source/administration/monitoring/publish-events-to-webhook.rst @@ -311,3 +311,9 @@ a notification. :class: copyable mc cp ~/data/new-object.txt ALIAS/BUCKET + +Webhook Metrics +--------------- + +MinIO publishes several :ref:`metrics ` for monitoring webhook endpoints. +See :ref:`minio-metrics-and-alerts-webhook` for a list of available metrics. diff --git a/source/operations/monitoring/metrics-and-alerts.rst b/source/operations/monitoring/metrics-and-alerts.rst index e5b0af2a..1ae54de7 100644 --- a/source/operations/monitoring/metrics-and-alerts.rst +++ b/source/operations/monitoring/metrics-and-alerts.rst @@ -613,6 +613,27 @@ Lock Metrics Number of current READ locks on the peer. +.. _minio-metrics-and-alerts-webhook: + +Webhook Metrics +~~~~~~~~~~~~~~~ + +.. metric:: minio_cluster_webhook_failed_messages + + Number of messages that failed to send. + +.. metric:: minio_cluster_webhook_online + + Reports whether the webhook endpoint is online (1) or offline (0). + +.. metric:: minio_cluster_webhook_queue_length + + Number of messages in the webhook queue. + +.. metric:: minio_cluster_webhook_total_messages + + Number of messages sent to this webhook endpoint. + .. toctree:: :titlesonly: :hidden: diff --git a/source/reference/minio-mc-admin/mc-admin-policy-create.rst b/source/reference/minio-mc-admin/mc-admin-policy-create.rst index b59e2d9d..de0b896c 100644 --- a/source/reference/minio-mc-admin/mc-admin-policy-create.rst +++ b/source/reference/minio-mc-admin/mc-admin-policy-create.rst @@ -94,7 +94,7 @@ The :mc-cmd:`mc admin policy create` command accepts the following arguments: .. mc-cmd:: POLICYPATH The file path of the policy to add. - The file *must* be a JSON-formatted file with :iam-docs:`IAM-compatible syntax `. + The file *must* be a JSON-formatted file with :iam-docs:`IAM-compatible syntax ` and no more than 2048 characters. Global Flags ~~~~~~~~~~~~ @@ -111,4 +111,4 @@ Create a new policy called ``writeonly`` from the JSON file at ``/tmp/writeonly. .. code-block:: shell :class: copyable - mc admin policy create myminio writeonly /tmp/writeonly.json \ No newline at end of file + mc admin policy create myminio writeonly /tmp/writeonly.json diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst index 580a5ab1..bb37f549 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-add.rst @@ -119,8 +119,9 @@ Parameters .. mc-cmd:: --policy :optional: - The path to a :ref:`policy document ` to attach to the new access key. + The path to a :ref:`policy document ` to attach to the new access key, with a maximum size of 2048 characters. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policies. + .. mc-cmd:: --secret-key :optional: diff --git a/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst b/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst index 5bca1b6c..3c8d9c0f 100644 --- a/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst +++ b/source/reference/minio-mc-admin/mc-admin-user-svcacct-edit.rst @@ -85,7 +85,7 @@ Parameters .. mc-cmd:: --policy :optional: - The path to a :ref:`policy document ` to attach to the new access key. + The path to a :ref:`policy document ` to attach to the new access key, with a maximum size of 2048 characters. The attached policy cannot grant access to any action or resource not explicitly allowed by the parent user's policies. The new policy overwrites any previously attached policy.