From f08b2d67aabf4cbcb74cdf4fbef43feafef3423e Mon Sep 17 00:00:00 2001 From: Ravind Kumar Date: Wed, 4 Jun 2025 16:51:51 -0400 Subject: [PATCH] Further removal of legacy console references --- .../console/managing-objects.rst | 32 +--- .../ad-ldap-access-management.rst | 6 +- .../minio-identity-management.rst | 3 +- .../minio-user-management.rst | 2 +- .../oidc-access-management.rst | 8 +- .../pluggable-authentication.rst | 2 +- source/administration/minio-console.rst | 2 - source/administration/monitoring.rst | 2 - .../object-management/object-retention.rst | 152 ++++-------------- .../object-management/object-versioning.rst | 97 +++-------- source/developers/rust/minio-rust.rst | 8 +- source/includes/common-installation.rst | 4 +- source/includes/common-mc-admin-config.rst | 1 - .../includes/common-minio-ad-ldap-params.rst | 1 - source/includes/common/common-deploy.rst | 7 +- source/includes/common/common-minio-kes.rst | 44 ++--- source/includes/container/common-deploy.rst | 2 +- ...configure-keycloak-identity-management.rst | 14 -- .../steps-configure-minio-kes-hashicorp.rst | 42 ++--- ...e-ad-ldap-external-identity-management.rst | 19 +-- ...configure-keycloak-identity-management.rst | 40 +---- ...re-openid-external-identity-management.rst | 19 +-- source/includes/linux/common-installation.rst | 3 +- source/includes/linux/deploy-standalone.rst | 3 +- ...configure-keycloak-identity-management.rst | 15 -- ...e-ad-ldap-external-identity-management.rst | 82 +++------- ...configure-keycloak-identity-management.rst | 3 - source/operations/monitoring.rst | 2 - .../mc-admin-accesskey-create.rst | 4 +- .../minio-server/settings/console.rst | 7 + 30 files changed, 125 insertions(+), 501 deletions(-) diff --git a/source/administration/console/managing-objects.rst b/source/administration/console/managing-objects.rst index 87074179..9aeef929 100644 --- a/source/administration/console/managing-objects.rst +++ b/source/administration/console/managing-objects.rst @@ -11,7 +11,7 @@ Managing Objects :local: :depth: 2 -You can use the MinIO Console to perform several of the bucket and object management and interaction functions available in MinIO. +You can use the MinIO Console to perform several of the bucket and object interaction functions available in MinIO. Depending on the permissions and IAM policies for the authenticated user, you can: - :ref:`Browse, upload, revert, manage, and interact with objects `. @@ -40,8 +40,6 @@ Example actions the user may be able to perform include: - Download objects - Share - Preview -- Manage legal holds -- Manage retention - Manage tags - Inspect - Display versions @@ -65,10 +63,6 @@ Buckets ------- The Console's :guilabel:`Bucket` section displays all buckets to which the authenticated user has :ref:`access `. -Use this section to create or manage these buckets, depending on your user's access. - -Creating Buckets -~~~~~~~~~~~~~~~~ Select :guilabel:`Create Bucket` to create a new bucket on the deployment. MinIO validates bucket names. @@ -85,27 +79,3 @@ While creating a bucket, you can enable :ref:`versioning `. - -When managing a bucket, your access settings may allow you to view or change any of the following: - -- The :guilabel:`Summary` section displays a summary of the bucket's configuration. - - Use this section to view and modify the bucket's access policy, encryption, quota, and tags. - -- Configure alerts in the :guilabel:`Events` section to trigger :ref:`notification events ` when a user uploads, accesses, or deletes matching objects. - -- Review security in the :guilabel:`Access` section by listing the :ref:`policies ` and :ref:`users ` with access to that bucket. - -- Properly secure unauthenticated access with the :guilabel:`Anonymous` section by managing rules for prefixes that unauthenticated users can use to read or write objects. diff --git a/source/administration/identity-access-management/ad-ldap-access-management.rst b/source/administration/identity-access-management/ad-ldap-access-management.rst index fbaa82bd..02d06393 100644 --- a/source/administration/identity-access-management/ad-ldap-access-management.rst +++ b/source/administration/identity-access-management/ad-ldap-access-management.rst @@ -58,10 +58,8 @@ Access Keys are long-lived credentials which inherit their privileges from the p The parent user can further restrict those privileges while creating the access keys. Use either of the following methods to create a new access key: -- Log into the :ref:`MinIO Console ` using the AD/LDAP-managed user credentials. - In the :guilabel:`User` section, select :guilabel:`Access Keys` followed by :guilabel:`Create access keys +`. - -- Use the :mc:`mc admin user svcacct add` command to create the access keys. Specify the user Distinguished Name as the username to which to associate the access keys. +Use the :mc:`mc admin user svcacct add` command to create the access keys. +Specify the user Distinguished Name as the username to which to associate the access keys. Mapping Policies to User DN diff --git a/source/administration/identity-access-management/minio-identity-management.rst b/source/administration/identity-access-management/minio-identity-management.rst index 8ba8242f..0d07bca1 100644 --- a/source/administration/identity-access-management/minio-identity-management.rst +++ b/source/administration/identity-access-management/minio-identity-management.rst @@ -20,8 +20,7 @@ a valid access key (username) and the corresponding secret key (password) of an existing MinIO user. Administrators use the :mc:`mc admin user` command to create and manage -MinIO users. The :minio-git:`MinIO Console ` provides a graphical -interface for creating users. +MinIO users. MinIO also supports creating :ref:`access keys `. Access Keys are child identities of an diff --git a/source/administration/identity-access-management/minio-user-management.rst b/source/administration/identity-access-management/minio-user-management.rst index 1cc16e1e..f95009c1 100644 --- a/source/administration/identity-access-management/minio-user-management.rst +++ b/source/administration/identity-access-management/minio-user-management.rst @@ -56,7 +56,7 @@ A MinIO user can generate any number of access keys. This allows application owners to generate arbitrary access keys for their applications without requiring action from the MinIO administrators. Since the generated access keys have the same or fewer permissions as the parents, administrators can focus on managing the top-level parent users without micro-managing generated access keys. -You can create access keys using either the :ref:`MinIO Console ` *or* by using the :mc:`mc admin user svcacct add` command. +You can create access keys by using the :mc:`mc admin user svcacct add` command. Identities created by these methods do not expire until you remove the access key or the parent account. You can also create :ref:`security token service ` accounts programmatically with the ``AssumeRole`` STS API endpoint. diff --git a/source/administration/identity-access-management/oidc-access-management.rst b/source/administration/identity-access-management/oidc-access-management.rst index 8022415a..d89f14ee 100644 --- a/source/administration/identity-access-management/oidc-access-management.rst +++ b/source/administration/identity-access-management/oidc-access-management.rst @@ -102,12 +102,6 @@ credentials with a JSON Web Token Claim flow is as follows: MinIO provides an example Go application :minio-git:`web-identity.go ` that handles the full login flow. -OIDC users can alternatively create :ref:`access keys `. -Access Keys are long-lived credentials which inherit their privileges from the parent user. -The parent user can further restrict those privileges while creating the access keys. -To create a new access key, log into the :ref:`MinIO Console ` using the OIDC-managed user credentials. -From the :guilabel:`Identity` section of the left navigation, select :guilabel:`Access Keys` followed by the :guilabel:`Create access keys +` button. - Identifying the JWT Claim Value +++++++++++++++++++++++++++++++ @@ -124,7 +118,7 @@ Defer to the documentation for your preferred OIDC provider for instructions on Creating Policies to Match Claims --------------------------------- -Use either the MinIO Console *or* the :mc:`mc admin policy` command to create policies that match one or more claim values. +Use the :mc:`mc admin policy` command to create policies that match one or more claim values. OIDC Policy Variables --------------------- diff --git a/source/administration/identity-access-management/pluggable-authentication.rst b/source/administration/identity-access-management/pluggable-authentication.rst index 30f447f7..0106ccbb 100644 --- a/source/administration/identity-access-management/pluggable-authentication.rst +++ b/source/administration/identity-access-management/pluggable-authentication.rst @@ -108,4 +108,4 @@ The ``"reason"`` field should include the reason for the 403. Creating Policies to Match Claims --------------------------------- -Use either the :ref:`MinIO Console ` *or* the :mc:`mc admin policy` command to create policies that match one or more claim values. +Use the :mc:`mc admin policy` command to create policies that match one or more claim values. diff --git a/source/administration/minio-console.rst b/source/administration/minio-console.rst index 50a68638..42ff81ac 100644 --- a/source/administration/minio-console.rst +++ b/source/administration/minio-console.rst @@ -124,8 +124,6 @@ Logging In The MinIO Console displays a login screen for unauthenticated users. The Console defaults to providing a username and password prompt for a :ref:`MinIO-managed user `. -For deployments configured with multiple :ref:`identity managers `, you can also log in using credentials generated using a :ref:`Security Token Service (STS) ` API. - .. admonition:: Try out the Console using MinIO's Play testing environment :class: note diff --git a/source/administration/monitoring.rst b/source/administration/monitoring.rst index 302186da..ead1dfed 100644 --- a/source/administration/monitoring.rst +++ b/source/administration/monitoring.rst @@ -37,8 +37,6 @@ Deployment Metrics MinIO provides a Prometheus-compatible endpoint for supporting time-series querying of metrics. -MinIO deployments :ref:`configured to enable Prometheus scraping ` provide a detailed metrics view through the MinIO Console. - Server Logs ----------- diff --git a/source/administration/object-management/object-retention.rst b/source/administration/object-management/object-retention.rst index 9737f37d..4a1e763f 100644 --- a/source/administration/object-management/object-retention.rst +++ b/source/administration/object-management/object-retention.rst @@ -192,164 +192,70 @@ Create Bucket with Object Locking Enabled ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You must enable object locking during bucket creation as per S3 behavior. -You can create a bucket with object locking enabled using the MinIO Console, -the MinIO :mc:`mc` CLI, or using an S3-compatible SDK. +You can create a bucket with object locking enabled using the MinIO :mc:`mc` CLI or using an S3-compatible SDK. -.. tab-set:: +Use the :mc:`mc mb` command with the :mc-cmd:`~mc mb --with-lock` +option to create a bucket with object locking enabled: - .. tab-item:: MinIO Console - :sync: console +.. code-block:: shell + :class: copyable - Select the :guilabel:`Buckets` section of the MinIO Console to access - bucket creation and management functions. Select the bucket row from the - list of buckets. You can use the :octicon:`search` :guilabel:`Search` bar - to filter the list. - - .. image:: /images/minio-console/console-bucket.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center + mc mb --with-lock ALIAS/BUCKET - Click the :guilabel:`Create Bucket` button to open the bucket creation - modal. Toggle the :guilabel:`Object Locking` selector to enable object - locking on the bucket. +- Replace ``ALIAS`` with the :mc:`alias ` of a configured + MinIO deployment. - .. image:: /images/minio-console/console-bucket-create-bucket-with-locking.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center - - .. tab-item:: MinIO CLI - :sync: cli - - Use the :mc:`mc mb` command with the :mc-cmd:`~mc mb --with-lock` - option to create a bucket with object locking enabled: - - .. code-block:: shell - :class: copyable - - mc mb --with-lock ALIAS/BUCKET - - - Replace ``ALIAS`` with the :mc:`alias ` of a configured - MinIO deployment. - - - Replace ``BUCKET`` with the - :mc-cmd:`name ` of the bucket to create. +- Replace ``BUCKET`` with the + :mc-cmd:`name ` of the bucket to create. Configure Bucket-Default Object Retention ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can configure object locking rules ("object retention") using the -MinIO Console, the MinIO :mc:`mc` CLI, or using an S3-compatible SDK. +You can configure object locking rules ("object retention") using the MinIO :mc:`mc` CLI, or using an S3-compatible SDK. MinIO supports setting both bucket-default *and* per-object retention rules. The following examples set bucket-default retention. For per-object retention settings, defer to the documentation for the ``PUT`` operation used by your preferred SDK. -.. tab-set:: - .. tab-item:: MinIO Console - :sync: console +Use the :mc:`mc retention set` command with the +:mc-cmd:`--recursive ` and +:mc-cmd:`--default ` options to set the +default retention mode for a bucket: - Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list. - - .. image:: /images/minio-console/console-bucket.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center +.. code-block:: shell + :class: copyable - Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket. + mc retention set --recursive --default MODE DURATION ALIAS/BUCKET - .. image:: /images/minio-console/console-bucket-manage.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center +- Replace :mc-cmd:`MODE ` with either either :ref:`COMPLIANCE ` or :ref:`GOVERNANCE `. - From the :guilabel:`Retention` section, select :guilabel:`Enabled`. - This section is only visible for buckets created with object locking enabled. +- Replace :mc-cmd:`DURATION ` with the duration for which the object lock remains in effect. - From the :guilabel:`Set Retention Configuration` modal, set the desired bucket default retention settings. +- Replace :mc-cmd:`ALIAS ` with the :mc:`alias ` of a configured MinIO deployment. - - For :guilabel:`Retention Mode`, select either :ref:`COMPLIANCE ` or :ref:`GOVERNANCE `. - - - For :guilabel:`Duration`, select the retention duration units of :guilabel:`Days` or :guilabel:`Years`. - - - For :guilabel:`Retention Validity`, set the duration of time for which MinIO holds objects under the specified retention mode for the bucket. - - .. tab-item:: MinIO CLI - :sync: cli - - Use the :mc:`mc retention set` command with the - :mc-cmd:`--recursive ` and - :mc-cmd:`--default ` options to set the - default retention mode for a bucket: - - .. code-block:: shell - :class: copyable - - mc retention set --recursive --default MODE DURATION ALIAS/BUCKET - - - Replace :mc-cmd:`MODE ` with either either - :ref:`COMPLIANCE ` or - :ref:`GOVERNANCE `. - - - Replace :mc-cmd:`DURATION ` with the - duration for which the object lock remains in effect. - - - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of a configured MinIO deployment. - - - Replace :mc-cmd:`BUCKET ` with the - name of the bucket on which to set the default retention rule. +- Replace :mc-cmd:`BUCKET ` with the name of the bucket on which to set the default retention rule. Enable Legal Hold Retention ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can enable or disable indefinite legal hold retention for an object using the MinIO Console, the MinIO :mc:`mc` CLI, or using an S3-compatible SDK. +You can enable or disable indefinite legal hold retention for an object using the MinIO :mc:`mc` CLI or using an S3-compatible SDK. You can place a legal hold on an object already held under a :ref:`COMPLIANCE ` or :ref:`GOVERNANCE ` lock. The object remains WORM locked under the legal hold even when the retention lock expires. You or another user with the necessary permissions must explicitly lift the legal hold to remove the WORM lock. -.. tab-set:: +Use the :guilabel:`mc legalhold set` command to toggle the legal hold status on an object. - .. tab-item:: MinIO Console - :sync: console +.. code-block:: shell + :class: copyable - Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. - You can use the :octicon:`search` :guilabel:`Search` bar to filter the list. + mc legalhold set ALIAS/PATH - .. image:: /images/minio-console/console-bucket.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center +- Replace :mc-cmd:`ALIAS ` with the :mc:`alias ` of a configured MinIO deployment. - Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket. - - .. image:: /images/minio-console/console-object-browser.png - :width: 600px - :alt: MinIO Console Bucket Object Browser - :align: center - - Browse to the object and select it to open the object details view. - Select the :guilabel:`Legal Hold` button to toggle the legal hold status of the object. - - .. tab-item:: MinIO CLI - :sync: cli - - Use the :guilabel:`mc legalhold set` command to toggle the legal hold status on an object. - - .. code-block:: shell - :class: copyable - - mc legalhold set ALIAS/PATH - - - Replace :mc-cmd:`ALIAS ` with the - :mc:`alias ` of a configured MinIO deployment. - - - Replace :mc-cmd:`PATH ` with the - path to the object for which to enable the legal hold. +- Replace :mc-cmd:`PATH ` with the path to the object for which to enable the legal hold. .. _minio-object-locking-retention-modes: diff --git a/source/administration/object-management/object-versioning.rst b/source/administration/object-management/object-versioning.rst index f84cffc2..a0fc1bb0 100644 --- a/source/administration/object-management/object-versioning.rst +++ b/source/administration/object-management/object-versioning.rst @@ -245,50 +245,22 @@ Enable Bucket Versioning You can enable versioning using the MinIO Console, the MinIO :mc:`mc` CLI, or using an S3-compatible SDK. -.. tab-set:: +Use the :mc:`mc version enable` command to enable versioning on an +existing bucket: - .. tab-item:: MinIO Console +.. code-block:: shell + :class: copyable - Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list. - - .. image:: /images/minio-console/console-bucket.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center + mc version enable ALIAS/BUCKET - Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket. +- Replace ``ALIAS`` with the :mc:`alias ` of a configured + MinIO deployment. - .. image:: /images/minio-console/console-bucket-manage.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center - - Toggle the :guilabel:`Versioning` field to enable versioning on the bucket. - - The MinIO Console also supports enabling versioning as part of bucket - creation. See :ref:`minio-console-buckets` for more information on - bucket management using the MinIO Console. - - .. tab-item:: MinIO CLI - - Use the :mc:`mc version enable` command to enable versioning on an - existing bucket: - - .. code-block:: shell - :class: copyable - - mc version enable ALIAS/BUCKET - - - Replace ``ALIAS`` with the :mc:`alias ` of a configured - MinIO deployment. - - - Replace ``BUCKET`` with the - :mc-cmd:`target bucket ` on which to enable - versioning. - -Objects created prior to enabling versioning have a -``null`` :ref:`version ID `. +- Replace ``BUCKET`` with the + :mc-cmd:`target bucket ` on which to enable + versioning. +Objects created prior to enabling versioning have a ``null`` :ref:`version ID `. Exclude a Prefix From Versioning ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -426,48 +398,21 @@ To disable folder exclusion and resume versioning all folders, repeat the :mc:`m Suspend Bucket Versioning ~~~~~~~~~~~~~~~~~~~~~~~~~ -You can suspend bucket versioning at any time using the MinIO Console, the -MinIO :mc:`mc` CLI, or using an S3-compatible SDK. +You can suspend bucket versioning at any time using he MinIO :mc:`mc` CLI or using an S3-compatible SDK. -.. tab-set:: +Use the :mc:`mc version suspend` command to enable versioning on an existing bucket: - .. tab-item:: MinIO Console +.. code-block:: shell + :class: copyable - Select the :guilabel:`Buckets` section of the MinIO Console to access bucket creation and management functions. You can use the :octicon:`search` :guilabel:`Search` bar to filter the list. - - .. image:: /images/minio-console/console-bucket.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center + mc version suspend ALIAS/BUCKET - Each bucket row has a :guilabel:`Manage` button that opens the management view for that bucket. +- Replace ``ALIAS`` with the :mc:`alias ` of a configured + MinIO deployment. - .. image:: /images/minio-console/console-bucket-manage.png - :width: 600px - :alt: MinIO Console Bucket Management - :align: center - - Select the :guilabel:`Versioning` field and follow the instructions to suspend versioning in the bucket. - - See :ref:`minio-console-buckets` for more information on bucket - management using the MinIO Console. - - .. tab-item:: MinIO CLI - - Use the :mc:`mc version suspend` command to enable versioning on an - existing bucket: - - .. code-block:: shell - :class: copyable - - mc version suspend ALIAS/BUCKET - - - Replace ``ALIAS`` with the :mc:`alias ` of a configured - MinIO deployment. - - - Replace ``BUCKET`` with the - :mc-cmd:`target bucket ` on which to disable - versioning. +- Replace ``BUCKET`` with the + :mc-cmd:`target bucket ` on which to disable + versioning. Objects created while versioning is suspended are assigned a ``null`` :ref:`version ID `. Any mutations to an object while versioning is suspended result in overwriting that ``null`` versioned object. diff --git a/source/developers/rust/minio-rust.rst b/source/developers/rust/minio-rust.rst index 16c51023..317113b6 100644 --- a/source/developers/rust/minio-rust.rst +++ b/source/developers/rust/minio-rust.rst @@ -13,8 +13,8 @@ Rust Quickstart Guide .. include:: /developers/rust/quickstart.md :parser: myst_parser.sphinx_ -.. toctree:: - :titlesonly: - :hidden: +.. .. toctree:: +.. :titlesonly: +.. :hidden: - .. /developers/go/API.md +.. /developers/rust/API.md diff --git a/source/includes/common-installation.rst b/source/includes/common-installation.rst index 68357bde..385afdd0 100644 --- a/source/includes/common-installation.rst +++ b/source/includes/common-installation.rst @@ -157,9 +157,7 @@ from the previous step. :alt: MinIO Console Login Page :align: center -You can use the MinIO Console for general administration tasks like -Identity and Access Management, Metrics and Log Monitoring, or -Server Configuration. Each MinIO server includes its own embedded MinIO +Each MinIO server includes its own embedded MinIO Console. .. end-install-minio-console-desc diff --git a/source/includes/common-mc-admin-config.rst b/source/includes/common-mc-admin-config.rst index c45567a8..4f002cbd 100644 --- a/source/includes/common-mc-admin-config.rst +++ b/source/includes/common-mc-admin-config.rst @@ -105,7 +105,6 @@ You can establish or modify settings by defining: - an *environment variable* on the host system prior to starting or restarting the MinIO Server. Refer to your operating system's documentation for how to define an environment variable. - a *configuration setting* using :mc:`mc admin config set`. -- a *configuration setting* using the :ref:`MinIO Console's ` :guilabel:`Administrator > Settings` pages. If you define both an environment variable and the similar configuration setting, MinIO uses the environment variable value. diff --git a/source/includes/common-minio-ad-ldap-params.rst b/source/includes/common-minio-ad-ldap-params.rst index 95e7a8dc..549db646 100644 --- a/source/includes/common-minio-ad-ldap-params.rst +++ b/source/includes/common-minio-ad-ldap-params.rst @@ -148,7 +148,6 @@ This command works against :ref:`access keys ` created by Create AD/LDAP service accounts with the :mc-cmd:`mc idp ldap accesskey create` command. -Authenticated users can manage their own long-term Access Keys using the :ref:`MinIO Console `. MinIO supports using :ref:`AssumeRoleWithLDAPIdentity ` to generate temporary access keys using the :ref:`Security Token Service `. .. end-minio-ad-ldap-accesskey-creation \ No newline at end of file diff --git a/source/includes/common/common-deploy.rst b/source/includes/common/common-deploy.rst index 2902e0a9..188bda49 100644 --- a/source/includes/common/common-deploy.rst +++ b/source/includes/common/common-deploy.rst @@ -98,12 +98,7 @@ Include any other environment variables as required for your local deployment. Log in with the :envvar:`MINIO_ROOT_USER` and :envvar:`MINIO_ROOT_PASSWORD` configured in the environment file specified to the container. - .. image:: /images/minio-console/console-bucket-none.png - :width: 600px - :alt: MinIO Console displaying Buckets view in a fresh installation - :align: center - - You can use the MinIO Console for general administration tasks like Identity and Access Management, Metrics and Log Monitoring, or Server Configuration. Each MinIO server includes its own embedded MinIO Console. + Each MinIO server includes its own embedded MinIO Console. If your local host firewall permits external access to the Console port, other hosts on the same network can access the Console using the IP or hostname for your local host. diff --git a/source/includes/common/common-minio-kes.rst b/source/includes/common/common-minio-kes.rst index 7340792c..4c807e31 100644 --- a/source/includes/common/common-minio-kes.rst +++ b/source/includes/common/common-minio-kes.rst @@ -156,44 +156,24 @@ MinIO uses the :envvar:`MINIO_KMS_KES_KEY_NAME` key for the following cryptograp .. start-kes-enable-sse-kms-desc -You can use either the MinIO Console or the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key: +Use the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key: -.. tab-set:: +The following commands: - .. tab-item:: MinIO Console +- Create a new :ref:`alias ` for the MinIO deployment +- Create a new bucket for storing encrypted data +- Enable SSE-KMS encryption on that bucket - Open the MinIO Console by navigating to http://127.0.0.1:9001 in your preferred browser and logging in with the root credentials specified to the MinIO Server. - If you deployed MinIO using a different Console listen port, substitute ``9001`` with that port value. +.. code-block:: shell + :class: copyable - Once logged in, create a new Bucket and name it to your preference. - Select the Gear :octicon:`gear` icon to open the management view. + mc alias set local http://127.0.0.1:9000 ROOTUSER ROOTPASSWORD - Select the pencil :octicon:`pencil` icon next to the :guilabel:`Encryption` field to open the modal for configuring a bucket default SSE scheme. + mc mb local/encryptedbucket + mc encrypt set SSE-KMS encrypted-bucket-key ALIAS/encryptedbucket - Select :guilabel:`SSE-KMS`, then enter the name of the key created in the previous step. - - Once you save your changes, try to upload a file to the bucket. - When viewing that file in the object browser, note that the sidebar metadata includes the SSE encryption scheme and information on the key used to encrypt that object. - This indicates the successful encrypted state of the object. - - .. tab-item:: MinIO CLI - - The following commands: - - - Create a new :ref:`alias ` for the MinIO deployment - - Create a new bucket for storing encrypted data - - Enable SSE-KMS encryption on that bucket - - .. code-block:: shell - :class: copyable - - mc alias set local http://127.0.0.1:9000 ROOTUSER ROOTPASSWORD - - mc mb local/encryptedbucket - mc encrypt set SSE-KMS encrypted-bucket-key ALIAS/encryptedbucket - - Write a file to the bucket using :mc:`mc cp` or any S3-compatible SDK with a ``PutObject`` function. - You can then run :mc:`mc stat` on the file to confirm the associated encryption metadata. +Write a file to the bucket using :mc:`mc cp` or any S3-compatible SDK with a ``PutObject`` function. +You can then run :mc:`mc stat` on the file to confirm the associated encryption metadata. .. end-kes-enable-sse-kms-desc diff --git a/source/includes/container/common-deploy.rst b/source/includes/container/common-deploy.rst index 0134ab59..9b1f748b 100644 --- a/source/includes/container/common-deploy.rst +++ b/source/includes/container/common-deploy.rst @@ -81,7 +81,7 @@ The instructions include examples for both quay.io and DockerHub: :alt: MinIO Console displaying Buckets view in a fresh installation. :align: center - You can use the MinIO Console for general administration tasks like Identity and Access Management, Metrics and Log Monitoring, or Server Configuration. Each MinIO server includes its own embedded MinIO Console. + Each MinIO server includes its own embedded MinIO Console. If your local host firewall permits external access to the Console port, other hosts on the same network can access the Console using the IP or hostname for your local host. diff --git a/source/includes/container/steps-configure-keycloak-identity-management.rst b/source/includes/container/steps-configure-keycloak-identity-management.rst index 712d8191..96be9dfc 100644 --- a/source/includes/container/steps-configure-keycloak-identity-management.rst +++ b/source/includes/container/steps-configure-keycloak-identity-management.rst @@ -91,18 +91,11 @@ Log in using the default credentials ``minioadmin:minioadmin``. MinIO supports multiple methods for configuring Keycloak authentication: -- Using the MinIO Console - Using a terminal/shell and the :mc:`mc idp openid` command - Using environment variables set prior to starting MinIO .. tab-set:: - .. tab-item:: MinIO Console - - .. include:: /includes/common/common-configure-keycloak-identity-management.rst - :start-after: start-configure-keycloak-minio-console - :end-before: end-configure-keycloak-minio-console - .. tab-item:: CLI .. include:: /includes/common/common-configure-keycloak-identity-management.rst @@ -120,11 +113,6 @@ You must restart the MinIO deployment for the changes to apply. Check the :ref:`MinIO server logs ` and verify that startup succeeded with no errors related to the Keycloak configuration. -If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`. - -Specify a configured user and attempt to log in. -MinIO should automatically redirect you to the Keycloak login entry. -Upon successful authentication, Keycloak should redirect you back to the MinIO Console. 8) Generate Application Credentials using the Security Token Service (STS) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -138,5 +126,3 @@ Next Steps Applications should implement the :ref:`STS ` flow using their :ref:`SDK ` of choice. When STS credentials expire, applications should have logic in place to regenerate the JWT token, STS token, and MinIO credentials before retrying and continuing operations. - -Alternatively, users can generate :ref:`access keys ` through the MinIO Console for the purpose of creating long-lived API-key like access using their Keycloak credentials. diff --git a/source/includes/container/steps-configure-minio-kes-hashicorp.rst b/source/includes/container/steps-configure-minio-kes-hashicorp.rst index b3fbdf62..15f56a69 100644 --- a/source/includes/container/steps-configure-minio-kes-hashicorp.rst +++ b/source/includes/container/steps-configure-minio-kes-hashicorp.rst @@ -82,40 +82,22 @@ b. Create the MinIO Environment File 4) Enable SSE-KMS for a Bucket ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -You can use either the MinIO Console or the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key: +Use the MinIO :mc:`mc` CLI to enable bucket-default SSE-KMS with the generated key: -.. tab-set:: - .. tab-item:: MinIO Console +The following commands: - Open the MinIO Console by navigating to http://127.0.0.1:9001 in your preferred browser and logging in with the root credentials specified to the MinIO container. +- Create a new :ref:`alias ` for the MinIO deployment +- Create a new bucket for storing encrypted data +- Enable SSE-KMS encryption on that bucket - Once logged in, create a new Bucket and name it to your preference. - Select the Gear :octicon:`gear` icon to open the management view. +.. code-block:: shell + :class: copyable - Select the pencil :octicon:`pencil` icon next to the :guilabel:`Encryption` field to open the modal for configuring a bucket default SSE scheme. + mc alias set local http://127.0.0.1:9000 ROOTUSER ROOTPASSWORD - Select :guilabel:`SSE-KMS`, then enter the name of the key created in the previous step. + mc mb local/encryptedbucket + mc encrypt set SSE-KMS encrypted-bucket-key ALIAS/encryptedbucket - Once you save your changes, try to upload a file to the bucket. - When viewing that file in the object browser, note that in the sidebar the metadata includes the SSE encryption scheme and information on the key used to encrypt that object. - This indicates the successful encrypted state of the object. - - .. tab-item:: MinIO CLI - - The following commands: - - - Create a new :ref:`alias ` for the MinIO deployment - - Create a new bucket for storing encrypted data - - Enable SSE-KMS encryption on that bucket - - .. code-block:: shell - :class: copyable - - mc alias set local http://127.0.0.1:9000 ROOTUSER ROOTPASSWORD - - mc mb local/encryptedbucket - mc encrypt set SSE-KMS encrypted-bucket-key ALIAS/encryptedbucket - - Write a file to the bucket using :mc:`mc cp` or any S3-compatible SDK with a ``PutObject`` function. - You can then run :mc:`mc stat` on the file to confirm the associated encryption metadata. +Write a file to the bucket using :mc:`mc cp` or any S3-compatible SDK with a ``PutObject`` function. +You can then run :mc:`mc stat` on the file to confirm the associated encryption metadata. diff --git a/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst b/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst index 7765f01b..7e6ca901 100644 --- a/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst +++ b/source/includes/k8s/steps-configure-ad-ldap-external-identity-management.rst @@ -79,24 +79,7 @@ Replace ``POLICY`` with the name of the MinIO policy to assign to the user or gr See :ref:`minio-external-identity-management-ad-ldap-access-control` for more information on access control with AD/LDAP users and groups. -4) Use the MinIO Tenant Console to Log In with AD/LDAP Credentials -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The MinIO Console supports the full workflow of authenticating to the AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment. - -See :ref:`Deploy MinIO Tenant: Connect to the Tenant ` for additonal information about accessing the Tenant Console. - -If the AD/LDAP configuration succeeded, the Console displays a button to login with AD/LDAP credentials. - -Enter the user's AD/LDAP credentials and log in to access the Console. - -Once logged in, you can perform any action for which the authenticated user is :ref:`authorized `. - -You can also create :ref:`access keys ` for supporting applications which must perform operations on MinIO. -Access Keys are long-lived credentials which inherit their privileges from the parent user. -The parent user can further restrict those privileges while creating the access keys. - -5) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials +4) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Applications can use an AD/LDAP user credential to generate temporary S3-compatible credentials as-needed using the :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) API endpoint. diff --git a/source/includes/k8s/steps-configure-keycloak-identity-management.rst b/source/includes/k8s/steps-configure-keycloak-identity-management.rst index bbe34929..94e3f8d9 100644 --- a/source/includes/k8s/steps-configure-keycloak-identity-management.rst +++ b/source/includes/k8s/steps-configure-keycloak-identity-management.rst @@ -35,48 +35,14 @@ Set the value to any :ref:`policy ` on the MinIO deployment. 4) Configure MinIO for Keycloak Authentication ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -MinIO supports multiple methods for configuring Keycloak authentication: - -- Using the MinIO Tenant Console -- Using a terminal/shell and the :mc:`mc idp openid` command - -.. tab-set:: - - .. tab-item:: MinIO Tenant Console - - You can use the MinIO Tenant Console to configure Keycloak as the External Identity Provider for the MinIO Tenant. - - Access the Console service using the NodePort, Ingress, or Load Balancer endpoint. - You can use the following command to review the Console configuration: - - .. code-block:: shell - :class: copyable - - kubectl describe svc/TENANT_NAME-console -n TENANT_NAMESPACE - - Replace ``TENANT_NAME`` and ``TENANT_NAMESPACE`` with the name of the MinIO Tenant and it's Namespace, respectively. - - .. include:: /includes/common/common-configure-keycloak-identity-management.rst - :start-after: start-configure-keycloak-minio-console - :end-before: end-configure-keycloak-minio-console - - Select :guilabel:`Save` to apply the configuration. - - .. tab-item:: CLI - - .. include:: /includes/common/common-configure-keycloak-identity-management.rst - :start-after: start-configure-keycloak-minio-cli - :end-before: end-configure-keycloak-minio-cli +.. include:: /includes/common/common-configure-keycloak-identity-management.rst + :start-after: start-configure-keycloak-minio-cli + :end-before: end-configure-keycloak-minio-cli Restart the MinIO deployment for the changes to apply. Check the MinIO logs and verify that startup succeeded with no errors related to the OIDC configuration. -If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`. - -Specify a configured user and attempt to log in. -MinIO should automatically redirect you to the Keycloak login entry. -Upon successful authentication, Keycloak should redirect you back to the MinIO Console using either the originating Console URL *or* the :guilabel:`Redirect URI` if configured. 5) Generate Application Credentials using the Security Token Service (STS) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/includes/k8s/steps-configure-openid-external-identity-management.rst b/source/includes/k8s/steps-configure-openid-external-identity-management.rst index 6363a05c..6bdfe0ea 100644 --- a/source/includes/k8s/steps-configure-openid-external-identity-management.rst +++ b/source/includes/k8s/steps-configure-openid-external-identity-management.rst @@ -97,24 +97,7 @@ MinIO attaches the ``datareadonly`` policy to any authenticated OIDC user with ` See :ref:`minio-external-identity-management-openid-access-control` for more information on access control with OIDC users and groups. -4) Use the MinIO Tenant Console to Log In with OIDC Credentials -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The MinIO Console supports the full workflow of authenticating to the OIDC provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment. - -See :ref:`Deploy MinIO Tenant: Connect to the Tenant ` for additonal information about accessing the Tenant Console. - -If the OIDC configuration succeeded, the Console displays a button to login with OIDC credentials. - -Enter the user's OIDC credentials and log in to access the Console. - -Once logged in, you can perform any action for which the authenticated user is :ref:`authorized `. - -You can also create :ref:`access keys ` for supporting applications which must perform operations on MinIO. -Access Keys are long-lived credentials which inherit their privileges from the parent user. -The parent user can further restrict those privileges while creating the access keys. - -5) Generate S3-Compatible Temporary Credentials using OIDC Credentials +4) Generate S3-Compatible Temporary Credentials using OIDC Credentials ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Applications can generate temporary access credentials as-needed using the :ref:`minio-sts-assumerolewithwebidentity` Security Token Service (STS) API endpoint and the JSON Web Token (JWT) returned by the :abbr:`OIDC (OpenID Connect)` provider. diff --git a/source/includes/linux/common-installation.rst b/source/includes/linux/common-installation.rst index 013fcca2..1f2d190f 100644 --- a/source/includes/linux/common-installation.rst +++ b/source/includes/linux/common-installation.rst @@ -143,8 +143,7 @@ to the following: Open your browser to any of the listed :guilabel:`Console` addresses to open the :ref:`MinIO Console ` and log in with the :guilabel:`RootUser` -and :guilabel:`RootPass`. You can use the MinIO Console for performing -administration on the MinIO server. +and :guilabel:`RootPass`. For applications, use the :guilabel:`API` addresses to access the MinIO server and perform S3 operations. diff --git a/source/includes/linux/deploy-standalone.rst b/source/includes/linux/deploy-standalone.rst index 564d5213..c90f686c 100644 --- a/source/includes/linux/deploy-standalone.rst +++ b/source/includes/linux/deploy-standalone.rst @@ -85,8 +85,7 @@ to the following: Open your browser to any of the listed :guilabel:`Console` addresses to open the :ref:`MinIO Console ` and log in with the :guilabel:`RootUser` -and :guilabel:`RootPass`. You can use the MinIO Console for performing -administration on the MinIO server. +and :guilabel:`RootPass`. For applications, use the :guilabel:`API` addresses to access the MinIO server and perform S3 operations. diff --git a/source/includes/linux/steps-configure-keycloak-identity-management.rst b/source/includes/linux/steps-configure-keycloak-identity-management.rst index 3fbd0744..d89af20d 100644 --- a/source/includes/linux/steps-configure-keycloak-identity-management.rst +++ b/source/includes/linux/steps-configure-keycloak-identity-management.rst @@ -37,18 +37,11 @@ Set the value to any :ref:`policy ` on the MinIO deployment. MinIO supports multiple methods for configuring Keycloak authentication: -- Using the MinIO Console - Using a terminal/shell and the :mc:`mc idp openid` command - Using environment variables set prior to starting MinIO .. tab-set:: - .. tab-item:: MinIO Console - - .. include:: /includes/common/common-configure-keycloak-identity-management.rst - :start-after: start-configure-keycloak-minio-console - :end-before: end-configure-keycloak-minio-console - .. tab-item:: CLI .. include:: /includes/common/common-configure-keycloak-identity-management.rst @@ -65,12 +58,6 @@ Restart the MinIO deployment for the changes to apply. Check the MinIO logs and verify that startup succeeded with no errors related to the OIDC configuration. -If you attempt to log in with the Console, you should now see an (SSO) button using the configured :guilabel:`Display Name`. - -Specify a configured user and attempt to log in. -MinIO should automatically redirect you to the Keycloak login entry. -Upon successful authentication, Keycloak should redirect you back to the MinIO Console using either the originating Console URL *or* the :guilabel:`Redirect URI` if configured. - 5) Generate Application Credentials using the Security Token Service (STS) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -84,8 +71,6 @@ Next Steps Applications should implement the :ref:`STS AssumeRoleWithWebIdentity ` flow using their :ref:`SDK ` of choice. When STS credentials expire, applications should have logic in place to regenerate the JWT token, STS token, and MinIO credentials before retrying and continuing operations. -Alternatively, users can generate :ref:`access keys ` through the MinIO Console for the purpose of creating long-lived API-key like access using their Keycloak credentials. - diff --git a/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst b/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst index 636f8d92..1ea0260e 100644 --- a/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst +++ b/source/operations/external-iam/configure-ad-ldap-external-identity-management.rst @@ -21,13 +21,11 @@ The procedure on this page provides instructions for: .. cond:: k8s - Configuring a MinIO Tenant to use an external AD/LDAP provider - - Accessing the Tenant Console using AD/LDAP Credentials. - Using the MinIO ``AssumeRoleWithLDAPIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications. .. cond:: linux or macos or container or windows - Configuring a MinIO cluster for an external AD/LDAP provider. - - Accessing the MinIO Console using AD/LDAP credentials. - Using the MinIO ``AssumeRoleWithLDAPIdentity`` Security Token Service (STS) API to generate temporary credentials for use by applications. This procedure is generic for AD/LDAP services. @@ -118,7 +116,6 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no * MinIO Client * Environment variables - * MinIO Console All methods require starting/restarting the MinIO deployment to apply changes. @@ -133,7 +130,7 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no For distributed deployments, the :mc:`mc idp ldap` command applies the configuration to all nodes in the deployment. The following example code sets *all* configuration settings related to configuring an AD/LDAP provider for external identity management. - The minimum *required* settings are: + The minimum *required* settings are: - :mc-conf:`server_addr ` - :mc-conf:`lookup_bind_dn ` @@ -141,40 +138,32 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no - :mc-conf:`user_dn_search_base_dn ` - :mc-conf:`user_dn_search_filter ` - .. code-block:: shell - :class: copyable + .. code-block:: shell + :class: copyable - mc idp ldap add ALIAS \ - server_addr="ldaps.example.net:636" \ - lookup_bind_dn="CN=xxxxx,OU=xxxxx,OU=xxxxx,DC=example,DC=net" \ - lookup_bind_password="xxxxxxxx" \ - user_dn_search_base_dn="DC=example,DC=net" \ - user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))" \ - group_search_filter= "(&(objectClass=group)(member=%d))" \ - group_search_base_dn="ou=MinIO Users,dc=example,dc=net" \ - enabled="true" \ - tls_skip_verify="off" \ - server_insecure=off \ - server_starttls="off" \ - srv_record_name="" \ - comment="Test LDAP server" + mc idp ldap add ALIAS \ + server_addr="ldaps.example.net:636" \ + lookup_bind_dn="CN=xxxxx,OU=xxxxx,OU=xxxxx,DC=example,DC=net" \ + lookup_bind_password="xxxxxxxx" \ + user_dn_search_base_dn="DC=example,DC=net" \ + user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))" \ + group_search_filter= "(&(objectClass=group)(member=%d))" \ + group_search_base_dn="ou=MinIO Users,dc=example,dc=net" \ + enabled="true" \ + tls_skip_verify="off" \ + server_insecure=off \ + server_starttls="off" \ + srv_record_name="" \ + comment="Test LDAP server" - For more complete documentation on these settings, see :mc:`mc idp ldap`. - - .. admonition:: :mc:`mc idp ldap` recommended - :class: note - - :mc:`mc idp ldap` offers additional features and improved validation over :mc-cmd:`mc admin config set` runtime configuration settings. - :mc:`mc idp ldap` supports the same settings as :mc:`mc admin config` and the :mc-conf:`identity_ldap` configuration key. - - The :mc-conf:`identity_ldap` configuration key remains available for existing scripts and tools. + For more complete documentation on these settings, see :mc:`mc idp ldap`. .. tab-item:: Environment Variables MinIO supports specifying the AD/LDAP provider settings using :ref:`environment variables `. - The :mc:`minio server` process applies the specified settings on its next startup. - For distributed deployments, specify these settings across all nodes in the deployment using the *same* values. - Any differences in server configurations between nodes will result in startup or configuration failures. + The :mc:`minio server` process applies the specified settings on its next startup. + For distributed deployments, specify these settings across all nodes in the deployment using the *same* values. + Any differences in server configurations between nodes will result in startup or configuration failures. The following example code sets *all* environment variables related to configuring an AD/LDAP provider for external identity management. The minimum *required* variable are: @@ -202,23 +191,11 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap` - .. tab-item:: MinIO Console - - MinIO supports specifying the AD/LDAP provider settings using the :ref:`MinIO Console `. - For distributed deployments, configuring AD/LDAP from the Console applies the configuration to all nodes in the deployment. - - .. include:: /includes/common-minio-external-auth.rst - :start-after: start-minio-ad-ldap-console-enable - :end-before: end-minio-ad-ldap-console-enable - 2) Restart the MinIO Deployment ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You must restart the MinIO deployment to apply the configuration changes. - If you configured AD/LDAP from the MinIO Console, no additional action is required. - The MinIO Console automatically restarts the deployment after saving the new AD/LDAP configuration. - For MinIO Client and environment variable configuration, use the :mc-cmd:`mc admin service restart` command to restart the deployment: .. code-block:: shell @@ -228,20 +205,7 @@ An AD/LDAP user with no assigned policy *and* with membership in groups with no Replace ``ALIAS`` with the :ref:`alias ` of the deployment to restart. - 3) Use the MinIO Console to Log In with AD/LDAP Credentials - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - The MinIO Console supports the full workflow of authenticating to the AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment. - - You can access the Console by opening the root URL for the MinIO cluster. For example, ``https://minio.example.net:9000``. - - Once logged in, you can perform any action for which the authenticated user is :ref:`authorized `. - - You can also create :ref:`access keys ` for supporting applications which must perform operations on MinIO. - Access Keys are long-lived credentials which inherit their privileges from the parent user. - The parent user can further restrict those privileges while creating the service account. - - 4) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials + 3) Generate S3-Compatible Temporary Credentials using AD/LDAP Credentials ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MinIO requires clients to authenticate using :s3-api:`AWS Signature Version 4 protocol ` with support for the deprecated Signature Version 2 protocol. @@ -281,5 +245,3 @@ You can enable and disable the configured AD/LDAP connection as needed. Use :mc:`mc idp ldap disable` to deactivate a configured connection. Use :mc:`mc idp ldap enable` to activate a previously configured connection. - -You may also enable or disable AD/LDAP from the :ref:`MinIO Console `. diff --git a/source/operations/external-iam/configure-keycloak-identity-management.rst b/source/operations/external-iam/configure-keycloak-identity-management.rst index cde64d15..6d616ce3 100644 --- a/source/operations/external-iam/configure-keycloak-identity-management.rst +++ b/source/operations/external-iam/configure-keycloak-identity-management.rst @@ -23,7 +23,6 @@ This procedure specifically covers the following steps: - Configure Keycloak for use with MinIO authentication and authorization - Configure a new or existing MinIO Tenant to use Keycloak as the OIDC provider - Create policies to control access of Keycloak-authenticated users - - Log into the MinIO Tenant Console using SSO and a Keycloak-managed identity - Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API .. cond:: linux or macos or windows @@ -31,7 +30,6 @@ This procedure specifically covers the following steps: - Configure Keycloak for use with MinIO authentication and authorization - Configure a new or existing MinIO cluster to use Keycloak as the OIDC provider - Create policies to control access of Keycloak-authenticated users - - Log into the MinIO Console using SSO and a Keycloak-managed identity - Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API .. cond:: container @@ -40,7 +38,6 @@ This procedure specifically covers the following steps: - Configure Keycloak for use with MinIO authentication and authorization - Configure MinIO to use Keycloak as the OIDC provider - Create policies to control access of Keycloak-authenticated users - - Log into the MinIO Console using SSO and a Keycloak-managed identity - Generate temporary S3 access credentials using the ``AssumeRoleWithWebIdentity`` Security Token Service (STS) API This procedure was written and tested against Keycloak ``21.0.0``. diff --git a/source/operations/monitoring.rst b/source/operations/monitoring.rst index 1575a93c..de6bf9aa 100644 --- a/source/operations/monitoring.rst +++ b/source/operations/monitoring.rst @@ -29,8 +29,6 @@ The following table lists tutorials for integrating MinIO metrics with select th * - :ref:`minio-metrics-collect-using-prometheus` - Configure Prometheus to Monitor and Alert for a MinIO deployment - Configure MinIO to query the Prometheus deployment to enable historical metrics via the MinIO Console - * - :ref:`minio-metrics-influxdb` - Configure InfluxDB to Monitor and Alert for a MinIO deployment. diff --git a/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst b/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst index c4b28399..5675c04b 100644 --- a/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst +++ b/source/reference/minio-mc-admin/mc-admin-accesskey-create.rst @@ -27,9 +27,7 @@ The :mc-cmd:`mc admin accesskey create` command adds a new access key and secret This command is for access keys for users created directly on the MinIO deployment and not managed by a third party solution. - - To generate access keys for :ref:`OpenID Connect users `, use the :ref:`MinIO Console `. - - - To generate access keys for :ref:`Active Directory/LDAP users `, use :mc:`mc idp ldap accesskey create`. + To generate access keys for :ref:`Active Directory/LDAP users `, use :mc:`mc idp ldap accesskey create`. .. tab-set:: diff --git a/source/reference/minio-server/settings/console.rst b/source/reference/minio-server/settings/console.rst index 6d458c07..b870520a 100644 --- a/source/reference/minio-server/settings/console.rst +++ b/source/reference/minio-server/settings/console.rst @@ -10,6 +10,13 @@ MinIO Console Settings :local: :depth: 2 +.. versionchanged:: RELEASE.2025-05-24T17-08-30Z + + The Console now presents only object browser capabilities similar to those available through the :mc:`mc` tool. + For administrative interactions, such as user management, use the :mc:`mc admin` command. + + Some of the settings on this page may no longer be relevant for newer deployments. + This page covers settings that manage access and behavior for the MinIO Console. .. include:: /includes/common-mc-admin-config.rst