From ca60d1f3c1fca8ee65e6c6d6562bdecead8412fd Mon Sep 17 00:00:00 2001
From: Daryl White <53910321+djwfyi@users.noreply.github.com>
Date: Fri, 24 Mar 2023 12:10:33 -0500
Subject: [PATCH] Adds changes for minio release from Feb 27 2023 (#774)

- updates list of metrics to add new IDP plugin metrics
- Adds info about expiring sts tokens

Depends on two topics added in PR #735  for internal links.

Closes #746
---
 .../minio-user-management.rst                 |  4 +++
 .../monitoring/metrics-and-alerts.rst         | 31 +++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/source/administration/identity-access-management/minio-user-management.rst b/source/administration/identity-access-management/minio-user-management.rst
index d3d0dc53..fe6b30ee 100644
--- a/source/administration/identity-access-management/minio-user-management.rst
+++ b/source/administration/identity-access-management/minio-user-management.rst
@@ -57,6 +57,10 @@ This allows application owners to generate arbitrary access keys for their appli
 Since the generated access keys have the same or fewer permissions as the parents, administrators can focus on managing the top-level parent users without micro-managing generated access keys.
 
 You can create access keys using either the :ref:`MinIO Console <minio-console-user-access-keys>` *or* by using the :mc-cmd:`mc admin user svcacct add` command.
+Identities created by these methods do not expire until you remove the access key or the parent account.
+
+You can also create :ref:`security token service <minio-sts-assumerolewithcustomtoken>` accounts :ref:`programmatically <minio-sts-assumerolewithcustomtoken>`.
+STS tokens default to expire in 1 hour, but you set expiration for up to 7 days from creation.
 
 .. admonition:: Access Keys are for Programmatic Access
    :class: dropdown, note
diff --git a/source/operations/monitoring/metrics-and-alerts.rst b/source/operations/monitoring/metrics-and-alerts.rst
index fea3711b..d89c62d9 100644
--- a/source/operations/monitoring/metrics-and-alerts.rst
+++ b/source/operations/monitoring/metrics-and-alerts.rst
@@ -430,6 +430,37 @@ IAM Metrics
    
    Number of successful IAM data syncs since server start. 
 
+IAM Plugin Metrics
+~~~~~~~~~~~~~~~~~~
+
+.. note::
+
+   The metrics in this section require that you have configured the :ref:`MinIO External Identity Management Plugin <minio-external-identity-management-plugin>`.
+
+.. metric:: minio_node_iam_plugin_authn_service_last_succ_seconds
+
+   Time (in seconds) since last successful request to the external IDP service.
+   
+.. metric:: minio_node_iam_plugin_authn_service_last_fail_seconds
+
+   Time (in seconds) since last failed request to the external IDP service.
+
+.. metric:: minio_node_iam_plugin_authn_service_total_requests_minute
+
+   Total requests count to the external IDP service in the last full minute.
+
+.. metric:: minio_node_iam_plugin_authn_service_failed_requests_minute
+
+   Count of the failed requests to the external IDP service in the last full minute.
+
+.. metric:: minio_node_iam_plugin_authn_service_succ_avg_rtt_ms_minute
+
+   Average round trip time (RTT) of successful requests to the IDP service in the last full minute.
+
+.. metric:: minio_node_iam_plugin_authn_service_succ_max_rtt_ms_minute
+
+   Maximum round trip time (RTT) of successful requests to the IDP service in the last full minute.
+
 Internal Metrics
 ~~~~~~~~~~~~~~~~