mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e7f272a6772062da12e882bdf8af2636fbf508e
object-browser/swagger.yml
Lenin Alevski 1e7f272a67 MCS service account authentication with Mkube (#166) 
`MCS` will authenticate against `Mkube`using bearer tokens via HTTP
`Authorization` header. The user will provide this token once
in the login form, MCS will validate it against Mkube (list tenants) and
if valid will generate and return a new MCS sessions
with encrypted claims (the user Service account token will be inside the
JWT in the data field)

Kubernetes

The provided `JWT token` corresponds to the `Kubernetes service account`
that `Mkube` will use to run tasks on behalf of the
user, ie: list, create, edit, delete tenants, storage class, etc.

Development

If you are running mcs in your local environment and wish to make
request to `Mkube` you can set `MCS_M3_HOSTNAME`, if
the environment variable is not present by default `MCS` will use
`"http://m3:8787"`, additionally you will need to set the
`MCS_MKUBE_ADMIN_ONLY=on` variable to make MCS display the Mkube UI

Extract the Service account token and use it with MCS

For local development you can use the jwt associated to the `m3-sa`
service account, you can get the token running
the following command in your terminal:

```
kubectl get secret $(kubectl get serviceaccount m3-sa -o
jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64
--decode
```

Then run the mcs server

```
MCS_M3_HOSTNAME=http://localhost:8787 MCS_MKUBE_ADMIN_ONLY=on ./mcs
server
```

Self-signed certificates and Custom certificate authority for Mkube

If Mkube uses TLS with a self-signed certificate, or a certificate
issued by a custom certificate authority you can add those
certificates usinng the `MCS_M3_SERVER_TLS_CA_CERTIFICATE` env variable

````
MCS_M3_SERVER_TLS_CA_CERTIFICATE=cert1.pem,cert2.pem,cert3.pem ./mcs
server
````
2020-06-23 11:37:46 -07:00

1465 lines
33 KiB
YAML
Raw Blame History

swagger: "2.0"
info:
title: MinIO Console Server
version: 0.1.0
consumes:
- application/json
produces:
- application/json
schemes:
- http
- ws
basePath: /api/v1
# We are going to be taking `Authorization: Bearer TOKEN` header for our authentication
securityDefinitions:
key:
type: oauth2
flow: accessCode
authorizationUrl: http://min.io
tokenUrl: http://min.io
# Apply the key security definition to all APIs
security:
- key: []
paths:
/login:
get:
summary: Returns login strategy, form or sso.
operationId: LoginDetail
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/loginDetails"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
# Exclude this API from the authentication requirement
security: []
tags:
- UserAPI
post:
summary: Login to mcs
operationId: Login
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/loginRequest'
responses:
201:
description: A successful login.
schema:
$ref: '#/definitions/loginResponse'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
# Exclude this API from the authentication requirement
security: []
tags:
- UserAPI
/login/mkube:
post:
summary: Login to Mkube.
operationId: LoginMkube
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/loginMkubeRequest'
responses:
201:
description: A successful login.
schema:
$ref: '#/definitions/loginResponse'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
security: []
tags:
- UserAPI
/login/oauth2/auth:
post:
summary: Identity Provider oauth2 callback endpoint.
operationId: LoginOauth2Auth
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/loginOauth2AuthRequest'
responses:
201:
description: A successful login.
schema:
$ref: '#/definitions/loginResponse'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
security: []
tags:
- UserAPI
/logout:
post:
summary: Logout from mcs.
operationId: Logout
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/session:
get:
summary: Endpoint to check if your session is still valid
operationId: SessionCheck
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/sessionResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets:
get:
summary: List Buckets
operationId: ListBuckets
parameters:
- name: sort_by
in: query
required: false
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listBucketsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Make bucket
operationId: MakeBucket
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/makeBucketRequest'
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{name}:
get:
summary: Bucket Info
operationId: BucketInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
delete:
summary: Delete Bucket
operationId: DeleteBucket
parameters:
- name: name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{name}/set-policy:
put:
summary: Bucket Set Policy
operationId: BucketSetPolicy
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setBucketPolicyRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/bucket"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/events:
get:
summary: List Bucket Events
operationId: ListBucketEvents
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listBucketEventsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Create Bucket Event
operationId: CreateBucketEvent
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: '#/definitions/bucketEventRequest'
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/buckets/{bucket_name}/events/{arn}:
delete:
summary: Delete Bucket Event
operationId: DeleteBucketEvent
parameters:
- name: bucket_name
in: path
required: true
type: string
- name: arn
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: '#/definitions/notificationDeleteRequest'
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/service-accounts:
get:
summary: List User's Service Accounts
operationId: ListUserServiceAccounts
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccounts"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
post:
summary: Create Service Account
operationId: CreateServiceAccount
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/serviceAccountRequest'
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/service-accounts/{access_key}:
delete:
summary: Delete Service Account
operationId: DeleteServiceAccount
parameters:
- name: access_key
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- UserAPI
/users:
get:
summary: List Users
operationId: ListUsers
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listUsersResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add User
operationId: AddUser
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/addUserRequest'
responses:
201:
description: A successful response.
schema:
$ref: '#/definitions/user'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users/{name}:
get:
summary: Get User Info
operationId: GetUserInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Update User Info
operationId: UpdateUserInfo
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateUser"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove user
operationId: RemoveUser
parameters:
- name: name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users/{name}/groups:
put:
summary: Update Groups for a user
operationId: UpdateUserGroups
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateUserGroups"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/user"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users-groups-bulk:
put:
summary: Bulk functionality to Add Users to Groups
operationId: BulkUpdateUsersGroups
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/bulkUserGroups"
responses:
200:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/groups:
get:
summary: List Groups
operationId: ListGroups
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listGroupsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add Group
operationId: AddGroup
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/addGroupRequest'
responses:
201:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/groups/{name}:
get:
summary: Group info
operationId: GroupInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/group"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
delete:
summary: Remove group
operationId: RemoveGroup
parameters:
- name: name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Update Group Members or Status
operationId: UpdateGroup
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/updateGroupRequest"
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/group"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policies:
get:
summary: List Policies
operationId: ListPolicies
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listPoliciesResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Add Policy
operationId: AddPolicy
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/addPolicyRequest'
responses:
201:
description: A successful response.
schema:
$ref: '#/definitions/policy'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policies/{name}:
delete:
summary: Remove policy
operationId: RemovePolicy
parameters:
- name: name
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
get:
summary: Policy info
operationId: PolicyInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/policy"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/configs:
get:
summary: List Configurations
operationId: ListConfig
parameters:
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/listConfigResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/set-policy/{name}:
put:
summary: Set policy
operationId: SetPolicy
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: '#/definitions/setPolicyRequest'
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/configs/{name}:
get:
summary: Configuration info
operationId: ConfigInfo
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/configuration"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
put:
summary: Set Configuration
operationId: SetConfig
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/setConfigRequest"
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/service/restart:
post:
summary: Restart Service
operationId: RestartService
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/profiling/start:
post:
summary: Start recording profile data
operationId: ProfilingStart
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/profilingStartRequest'
responses:
201:
description: A successful response.
schema:
$ref: '#/definitions/startProfilingList'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/profiling/stop:
post:
summary: Stop and download profile data
operationId: ProfilingStop
produces:
- application/octet-stream
responses:
201:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/info:
get:
summary: Returns information about the deployment
operationId: AdminInfo
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/adminInfoResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/arns:
get:
summary: Returns a list of active ARNs in the instance
operationId: ArnList
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/arnsResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/admin/notification_endpoints:
get:
summary: Returns a list of active notification endpoints
operationId: NotificationEndpointList
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/notifEndpointResponse"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
post:
summary: Allows to configure a new notification endpoint
operationId: AddNotificationEndpoint
parameters:
- name: body
in: body
required: true
schema:
$ref: '#/definitions/notificationEndpoint'
responses:
201:
description: A successful response.
schema:
$ref: '#/definitions/notificationEndpoint'
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
definitions:
bucketAccess:
type: string
enum:
- PRIVATE
- PUBLIC
- CUSTOM
default: PRIVATE
bucket:
type: object
required:
- name
properties:
name:
type: string
minLength: 3
size:
type: integer
format: int64
access:
$ref: "#/definitions/bucketAccess"
creation_date:
type: string
listBucketsResponse:
type: object
properties:
buckets:
type: array
items:
$ref: "#/definitions/bucket"
title: list of resulting buckets
total:
type: integer
format: int64
title: number of buckets accessible to tenant user
makeBucketRequest:
type: object
required:
- name
properties:
name:
type: string
error:
type: object
required:
- message
properties:
code:
type: integer
format: int64
message:
type: string
user:
type: object
properties:
accessKey:
type: string
policy:
type: string
memberOf:
type: array
items:
type: string
status:
type: string
listUsersResponse:
type: object
properties:
users:
type: array
items:
$ref: "#/definitions/user"
title: list of resulting users
addUserRequest:
type: object
required:
- accessKey
- secretKey
- groups
properties:
accessKey:
type: string
secretKey:
type: string
groups:
type: array
items:
type: string
group:
type: object
properties:
name:
type: string
status:
type: string
members:
type: array
items:
type: string
policy:
type: string
addGroupRequest:
type: object
required:
- group
- members
properties:
group:
type: string
members:
type: array
items:
type: string
listGroupsResponse:
type: object
properties:
groups:
type: array
items:
type: string
title: list of groups
total:
type: integer
format: int64
title: total number of groups
policy:
type: object
properties:
name:
type: string
policy:
type: string
policyEntity:
type: string
enum:
- user
- group
default: user
setPolicyRequest:
type: object
required:
- entityType
- entityName
properties:
entityType:
$ref: "#/definitions/policyEntity"
entityName:
type: string
addPolicyRequest:
type: object
required:
- name
- policy
properties:
name:
type: string
policy:
type: string
listPoliciesResponse:
type: object
properties:
policies:
type: array
items:
$ref: "#/definitions/policy"
title: list of policies
total:
type: integer
format: int64
title: total number of policies
updateGroupRequest:
type: object
required:
- members
- status
properties:
members:
type: array
items:
type: string
status:
type: string
configDescription:
type: object
properties:
key:
type: string
description:
type: string
configurationKV:
type: object
properties:
key:
type: string
value:
type: string
configuration:
type: object
properties:
name:
type: string
key_values:
type: array
items:
$ref: "#/definitions/configurationKV"
listConfigResponse:
type: object
properties:
configurations:
type: array
items:
$ref: '#/definitions/configDescription'
total:
type: integer
format: int64
title: total number of configurations
setConfigRequest:
type: object
required:
- key_values
properties:
key_values:
type: array
minItems: 1
items:
$ref: "#/definitions/configurationKV"
arn_resource_id:
type: string
title: Used if configuration is an event notification's target
notificationEventType:
type: string
enum:
- put
- delete
- get
notificationConfig:
type: object
required:
- arn
properties:
id:
type: string
arn:
type: string
events:
type: array
items:
$ref: "#/definitions/notificationEventType"
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
prefix:
type: string
title: "filter event associated to the specified prefix"
suffix:
type: string
title: "filter event associated to the specified suffix"
notificationDeleteRequest:
type: object
required:
- events
- prefix
- suffix
properties:
events:
type: array
minLength: 1
items:
$ref: "#/definitions/notificationEventType"
title: "filter specific type of event. Defaults to all event (default: '[put,delete,get]')"
prefix:
type: string
title: "filter event associated to the specified prefix"
suffix:
type: string
title: "filter event associated to the specified suffix"
bucketEventRequest:
type: object
required:
- configuration
properties:
configuration:
$ref: "#/definitions/notificationConfig"
ignoreExisting:
type: boolean
listBucketEventsResponse:
type: object
properties:
events:
type: array
items:
$ref: "#/definitions/notificationConfig"
total:
type: integer
format: int64
title: total number of bucket events
setBucketPolicyRequest:
type: object
required:
- access
properties:
access:
$ref: "#/definitions/bucketAccess"
loginDetails:
type: object
properties:
loginStrategy:
type: string
enum: [form,redirect,service-account]
redirect:
type: string
loginOauth2AuthRequest:
type: object
required:
- state
- code
properties:
state:
type: string
code:
type: string
loginMkubeRequest:
type: object
required:
- jwt
properties:
jwt:
type: string
loginRequest:
type: object
required:
- accessKey
- secretKey
properties:
accessKey:
type: string
secretKey:
type: string
loginResponse:
type: object
properties:
sessionId:
type: string
# Structure that holds the `Bearer {TOKEN}` present on authenticated requests
principal:
type: string
startProfilingItem:
type: object
properties:
nodeName:
type: string
success:
type: boolean
error:
type: string
startProfilingList:
type: object
properties:
total:
type: integer
format: int64
title: number of start results
startResults:
type: array
items:
$ref: "#/definitions/startProfilingItem"
profilerType:
type: string
enum:
- cpu
- mem
- block
- mutex
- trace
- threads
- goroutines
profilingStartRequest:
type: object
required:
- type
properties:
type:
$ref: "#/definitions/profilerType"
sessionResponse:
type: object
properties:
pages:
type: array
items:
type: string
status:
type: string
enum: [ok]
adminInfoResponse:
type: object
properties:
buckets:
type: integer
objects:
type: integer
usage:
type: integer
arnsResponse:
type: object
properties:
arns:
type: array
items:
type: string
updateUserGroups:
type: object
required:
- groups
properties:
groups:
type: array
items:
type: string
nofiticationService:
type: string
enum:
- webhook
- amqp
- kafka
- mqtt
- nats
- nsq
- mysql
- postgres
- elasticsearch
- redis
notificationEndpointItem:
type: object
properties:
service:
$ref: "#/definitions/nofiticationService"
account_id:
type: string
status:
type: string
notificationEndpoint:
type: object
required:
- service
- account_id
- properties
properties:
service:
$ref: "#/definitions/nofiticationService"
account_id:
type: string
properties:
type: object
additionalProperties:
type: string
notifEndpointResponse:
type: object
properties:
notification_endpoints:
type: array
items:
$ref: "#/definitions/notificationEndpointItem"
updateUser:
type: object
required:
- status
- groups
properties:
status:
type: string
groups:
type: array
items:
type: string
bulkUserGroups:
type: object
required:
- users
- groups
properties:
users:
type: array
items:
type: string
groups:
type: array
items:
type: string
serviceAccounts:
type: array
items:
type: string
serviceAccountRequest:
type: object
properties:
policy:
type: string
title : "policy to be applied to the Service Account if any"
serviceAccountCreds:
type: object
properties:
accessKey:
type: string
secretKey:
type: string
Reference in New Issue View Git Blame Copy Permalink