afc7a03071
Docs updates for two items from [MinIO RELEASE.2023-05-18T00-05-36Z](https://github.com/minio/docs/issues/860): * Max policy size of 2KiB for service accounts I _think_ this change now means json policy documents have the same max size in all cases. The limit wasn't documented previously. This change adds max size info throughout, not only for service accounts. * Webhook usage metrics Staged: http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-add.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-user-svcacct-edit.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/reference/minio-mc-admin/mc-admin-policy-create.html http://192.241.195.202:9000/staging/DOCS-860-part1/linux/html/administration/identity-access-management/policy-based-access-control.html#policy-document-structure Partly addresses https://github.com/minio/docs/issues/860 --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
11 KiB
Publish Events to Webhook
minio
Table of Contents
MinIO supports publishing bucket notification
<minio-bucket-notifications> events to a Webhook service
endpoint.
Add a Webhook Endpoint to a MinIO Deployment
The following procedure adds a new Webhook service endpoint for
supporting bucket notifications <minio-bucket-notifications>
in a MinIO deployment.
Prerequisites
MinIO mc Command Line
Tool
This procedure uses the mc command line tool for certain actions. See the
mc Quickstart <mc-install> for installation
instructions.
1) Add the Webhook Endpoint to MinIO
You can configure a new Webhook service endpoint using either environment variables or by setting runtime configuration settings.
Environment Variables
MinIO supports specifying the Webhook service endpoint and associated
configuration settings using environment variables
<minio-server-envvar-bucket-notification-webhook>. The
minio server process
applies the specified settings on its next startup.
The following example code sets all environment variables
related to configuring an Webhook service endpoint. The minimum
required variables are MINIO_NOTIFY_WEBHOOK_ENABLE and MINIO_NOTIFY_WEBHOOK_ENDPOINT:
set MINIO_NOTIFY_WEBHOOK_ENABLE_<IDENTIFIER>="on"
set MINIO_NOTIFY_WEBHOOK_ENDPOINT_<IDENTIFIER>="ENDPOINT"
set MINIO_NOTIFY_WEBHOOK_AUTH_TOKEN_<IDENTIFIER>="<string>"
set MINIO_NOTIFY_WEBHOOK_QUEUE_DIR_<IDENTIFIER>="<string>"
set MINIO_NOTIFY_WEBHOOK_QUEUE_LIMIT_<IDENTIFIER>="<string>"
set MINIO_NOTIFY_WEBHOOK_CLIENT_CERT_<IDENTIFIER>="<string>"
set MINIO_NOTIFY_WEBHOOK_CLIENT_KEY_<IDENTIFIER>="<string>"
set MINIO_NOTIFY_WEBHOOK_COMMENT_<IDENTIFIER>="<string>"Replace
<IDENTIFIER>with a unique descriptive string for the Webhook service endpoint. Use the same<IDENTIFIER>value for all environment variables related to the new target service endpoint. The following examples assume an identifier ofPRIMARY.If the specified
<IDENTIFIER>matches an existing Webhook service endpoint on the MinIO deployment, the new settings override any existing settings for that endpoint. Usemc admin config get notify_webhook <mc admin config get>to review the currently configured Webhook endpoints on the MinIO deployment.Replace
<ENDPOINT>with the URL of the Webhook service endpoint. For example:https://webhook.example.com
See Webhook Service for Bucket Notifications
<minio-server-envvar-bucket-notification-webhook> for
complete documentation on each environment variable.
Configuration Settings
MinIO supports adding or updating Webhook endpoints on a running
minio server process
using the mc admin config set command and the notify_webhook
configuration key. You must restart the minio server process to apply any new or updated
configuration settings.
The following example code sets all settings related to
configuring an Webhook service endpoint. The minimum required
setting is notify_webhook endpoint <notify_webhook.endpoint>:
mc admin config set ALIAS/ notify_webhook:IDENTIFIER \
endpoint="<ENDPOINT>" \
auth_token="<string>" \
queue_dir="<string>" \
queue_limit="<string>" \
client_cert="<string>" \
client_key="<string>" \
comment="<string>"Replace
IDENTIFIERwith a unique descriptive string for the Webhook service endpoint. The following examples in this procedure assume an identifier ofPRIMARY.If the specified
IDENTIFIERmatches an existing Webhook service endpoint on the MinIO deployment, the new settings override any existing settings for that endpoint. Usemc admin config get notify_webhook <mc admin config get>to review the currently configured Webhook endpoints on the MinIO deployment.Replace
ENDPOINTwith the URL of the Webhook service endpoint. For example:https://webhook.example.com
See Webhook Bucket Notification Configuration Settings
<minio-server-config-bucket-notification-webhook> for
complete documentation on each setting.
2) Restart the MinIO Deployment
You must restart the MinIO deployment to apply the configuration
changes. Use the mc admin service restart command to restart the
deployment.
mc admin service restart ALIASReplace ALIAS with the alias <alias> of the deployment to restart.
The minio server
process prints a line on startup for each configured Webhook target
similar to the following:
SQS ARNs: arn:minio:sqs::primary:webhookYou must specify the ARN resource when configuring bucket notifications with the associated Webhook deployment as a target.
3) Configure Bucket Notifications using the Webhook Endpoint as a Target
Use the mc event add
command to add a new bucket notification event with the configured
Webhook service as a target:
mc event add ALIAS/BUCKET arn:minio:sqs::primary:webhook \
--event EVENTS- Replace
ALIASwith thealias <alias>of a MinIO deployment. - Replace
BUCKETwith the name of the bucket in which to configure the event. - Replace
EVENTSwith a comma-separated list ofevents <mc-event-supported-events>for which MinIO triggers notifications.
Use mc event ls to
view all configured bucket events for a given notification target:
mc event ls ALIAS/BUCKET arn:minio:sqs::primary:webhook4) Validate the Configured Events
Perform an action on the bucket for which you configured the new
event and check the Webhook service for the notification data. The
action required depends on which events <mc event add --event> were specified
when configuring the bucket notification.
For example, if the bucket notification configuration includes the
s3:ObjectCreated:Put event, you can use the mc cp command to create a new
object in the bucket and trigger a notification.
mc cp ~/data/new-object.txt ALIAS/BUCKETUpdate an Webhook Endpoint in a MinIO Deployment
The following procedure updates an existing Webhook service endpoint
for supporting bucket notifications <minio-bucket-notifications>
in a MinIO deployment.
Prerequisites
MinIO mc Command Line
Tool
This procedure uses the mc command line tool for certain actions. See the
mc Quickstart <mc-install> for installation
instructions.
1) List Configured Webhook Endpoints In The Deployment
Use the mc admin config get command to list the currently
configured Webhook service endpoints in the deployment:
mc admin config get ALIAS/ notify_webhookReplace ALIAS with the alias <alias> of the MinIO deployment.
The command output resembles the following:
notify_webhook:primary endpoint="https://webhook.example.com" auth_token="" queue_limit="0" queue_dir="" client_cert="" client_key=""
notify_webhook:secondary endpoint="https://webhook.example.com" auth_token="" queue_limit="0" queue_dir="" client_cert="" client_key=""The notify_webhook key is the top-level configuration
key for an minio-server-config-bucket-notification-webhook. The
endpoint <notify_webhook.endpoint> key
specifies the Webhook service endpoint for the given notify_webhook key. The
notify_webhook:<IDENTIFIER> suffix describes the
unique identifier for that Webhook service endpoint.
Note the identifier for the Webhook service endpoint you want to update for the next step.
2) Update the Webhook Endpoint
Use the mc admin config set command to set the new
configuration for the Webhook service endpoint:
mc admin config set ALIAS/ notify_webhook:IDENTIFIER \
endpoint="<ENDPOINT>" \
auth_token="<string>" \
queue_dir="<string>" \
queue_limit="<string>" \
client_cert="<string>" \
client_key="<string>" \
comment="<string>"The notify_webhook endpoint <notify_webhook.endpoint>
configuration setting is the minimum required for an Webhook
service endpoint. All other configuration settings are
optional. See minio-server-config-bucket-notification-webhook for a
complete list of Webhook configuration settings.
3) Restart the MinIO Deployment
You must restart the MinIO deployment to apply the configuration
changes. Use the mc admin service restart command to restart the
deployment.
mc admin service restart ALIASReplace ALIAS with the alias <alias> of the deployment to restart.
The minio server
process prints a line on startup for each configured Webhook target
similar to the following:
SQS ARNs: arn:minio:sqs::primary:webhook4) Validate the Changes
Perform an action on a bucket which has an event configuration using
the updated Webhook service endpoint and check the Webhook service for
the notification data. The action required depends on which events <mc event add --event> were specified
when configuring the bucket notification.
For example, if the bucket notification configuration includes the
s3:ObjectCreated:Put event, you can use the mc cp command to create a new
object in the bucket and trigger a notification.
mc cp ~/data/new-object.txt ALIAS/BUCKETWebhook Metrics
MinIO publishes several metrics <minio-metrics-and-alerts> for
monitoring webhook endpoints. See minio-metrics-and-alerts-webhook for a list of
available metrics.