Update help messages with new wording (#8616)

Final update to all messages across sub-systems
after final review, the only change here is that
NATS now has TLS and TLSSkipVerify to be consistent
for all other notification targets.
master
Harshavardhana 5 years ago committed by kannappanr
parent f1e2e1cc9e
commit 476111968a
  1. 14
      cmd/config-current.go
  2. 8
      cmd/config/config.go
  3. 4
      cmd/config/etcd/help.go
  4. 12
      cmd/config/identity/ldap/help.go
  5. 4
      cmd/config/identity/openid/help.go
  6. 398
      cmd/config/notify/help.go
  7. 6
      cmd/config/notify/legacy.go
  8. 29
      cmd/config/notify/parse.go
  9. 4
      cmd/config/policy/opa/help.go
  10. 16
      cmd/crypto/help.go
  11. 8
      cmd/logger/help.go
  12. 4
      docs/bucket/notifications/README.md
  13. 8
      docs/logging/README.md
  14. 16
      pkg/event/target/nats.go

@ -94,7 +94,7 @@ func initHelp() {
},
config.HelpKV{
Key: config.KmsVaultSubSys,
Description: "enable external HashiCorp Vault for KMS",
Description: "enable external HashiCorp Vault key management service",
},
config.HelpKV{
Key: config.LoggerWebhookSubSys,
@ -138,22 +138,22 @@ func initHelp() {
},
config.HelpKV{
Key: config.NotifyMySQLSubSys,
Description: "publish bucket notifications to MySQL endpoints",
Description: "publish bucket notifications to MySQL databases",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyPostgresSubSys,
Description: "publish bucket notifications to Postgres endpoints",
Description: "publish bucket notifications to Postgres databases",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyRedisSubSys,
Description: "publish bucket notifications to Redis endpoints",
Key: config.NotifyESSubSys,
Description: "publish bucket notifications to Elasticsearch endpoints",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyESSubSys,
Description: "publish bucket notifications to Elasticsearch endpoints",
Key: config.NotifyRedisSubSys,
Description: "publish bucket notifications to Redis datastores",
MultipleTargets: true,
},
}

@ -491,8 +491,14 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error) {
if !strings.HasPrefix(hkv.Key, subSysPrefix) {
continue
}
if c[hkv.Key][Default].Empty() {
targets = append(targets, Target{
SubSystem: hkv.Key,
KVS: defaultKVS[hkv.Key],
})
}
for k, kvs := range c[hkv.Key] {
for _, dkv := range defaultKVS[subSysPrefix] {
for _, dkv := range defaultKVS[hkv.Key] {
_, ok := kvs.Lookup(dkv.Key)
if !ok {
kvs.Set(dkv.Key, dkv.Value)

@ -28,13 +28,13 @@ var (
},
config.HelpKV{
Key: PathPrefix,
Description: `default etcd path prefix to populate all IAM assets eg: "customer/"`,
Description: `namespace prefix to isolate tenants e.g. "customer1/"`,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: CoreDNSPath,
Description: `default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
Description: `shared bucket DNS records, default is "/skydns"`,
Optional: true,
Type: "path",
},

@ -28,36 +28,36 @@ var (
},
config.HelpKV{
Key: UsernameFormat,
Description: `AD/LDAP format of full username DN e.g. "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
Description: `username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`,
Type: "string",
},
config.HelpKV{
Key: GroupSearchFilter,
Description: `search filter to find groups of a user (optional) e.g. "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: GroupNameAttribute,
Description: `attribute of search results to use as group name (optional) e.g. "cn"`,
Description: `search attribute for group name e.g. "cn"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: GroupSearchBaseDN,
Description: `base DN in AD/LDAP hierarchy to use in search requests (optional) e.g. "dc=myldapserver,dc=com"`,
Description: `group search base DNs e.g. "dc=myldapserver,dc=com"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: STSExpiry,
Description: `AD/LDAP STS credentials validity duration e.g. "1h"`,
Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`,
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: TLSSkipVerify,
Description: "enable this to disable client verification of server certificates",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},

@ -28,13 +28,13 @@ var (
},
config.HelpKV{
Key: ClientID,
Description: `client identifier of the authenticating party at the identity provider`,
Description: `unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"`,
Type: "string",
Optional: true,
},
config.HelpKV{
Key: ClaimPrefix,
Description: `openid JWT claim namespace prefix e.g. "customer"`,
Description: `JWT claim namespace prefix e.g. "customer1"`,
Optional: true,
Type: "string",
},

@ -21,8 +21,46 @@ import (
"github.com/minio/minio/pkg/event/target"
)
const (
formatComment = `'namespace' reflects current bucket/object list and 'access' reflects a journal of object operations, defaults to 'namespace'`
queueDirComment = `staging dir for undelivered messages e.g. '/home/events'`
queueLimitComment = `maximum limit for undelivered messages, defaults to '10000'`
)
// Help template inputs for all notification targets
var (
HelpWebhook = config.HelpKVS{
config.HelpKV{
Key: target.WebhookEndpoint,
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
Type: "url",
},
config.HelpKV{
Key: target.WebhookAuthToken,
Description: "opaque string or JWT authorization token",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.WebhookQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.WebhookQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpAMQP = config.HelpKVS{
config.HelpKV{
Key: target.AmqpURL,
@ -37,7 +75,7 @@ var (
},
config.HelpKV{
Key: target.AmqpExchangeType,
Description: "kind of AMQP exchange type",
Description: "AMQP exchange type",
Optional: true,
Type: "string",
},
@ -49,49 +87,49 @@ var (
},
config.HelpKV{
Key: target.AmqpMandatory,
Description: "set this to 'on' for server to return an unroutable message with a Return method. If this flag is 'off', the server silently drops the message",
Description: "quietly ignore undelivered messages when set to 'off', default is 'on'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpDurable,
Description: "set this to 'on' for queue to survive broker restarts",
Description: "persist queue across broker restarts when set to 'on', default is 'off'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpNoWait,
Description: "when no_wait is 'on', declare without waiting for a confirmation from the server",
Description: "non-blocking message delivery when set to 'on', default is 'off'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpInternal,
Description: "set this to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
Description: "set to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpAutoDeleted,
Description: "set this to 'on' for queue that has had at least one consumer is deleted when last consumer unsubscribes",
Description: "auto delete queue when set to 'on', when there are no consumers",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpDeliveryMode,
Description: "delivery queue implementation use non-persistent (1) or persistent (2)",
Description: "set to '1' for non-persistent or '2' for persistent queue",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.AmqpQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.AmqpQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -135,45 +173,45 @@ var (
},
config.HelpKV{
Key: target.KafkaSASL,
Description: "set this to 'on' to enable SASL authentication",
Description: "set to 'on' to enable SASL authentication",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaTLS,
Description: "set this to 'on' to enable TLS",
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaTLSSkipVerify,
Description: "set this to 'on' to disable client verification of server certificate chain",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Key: target.KafkaClientTLSCert,
Description: "path to client certificate for mTLS auth",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.KafkaQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Key: target.KafkaClientTLSKey,
Description: "path to client key for mTLS auth",
Optional: true,
Type: "number",
Type: "path",
},
config.HelpKV{
Key: target.KafkaClientTLSCert,
Description: "Set path to client certificate",
Key: target.KafkaQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.KafkaClientTLSKey,
Description: "Set path to client key",
Key: target.KafkaQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "path",
Type: "number",
},
config.HelpKV{
Key: config.Comment,
@ -191,48 +229,48 @@ var (
},
config.HelpKV{
Key: target.MqttTopic,
Description: "name of the MQTT topic to publish on, e.g. `minio`",
Description: "name of the MQTT topic to publish",
Type: "string",
},
config.HelpKV{
Key: target.MqttUsername,
Description: "username to connect to the MQTT server",
Description: "MQTT username",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MqttPassword,
Description: "password to connect to the MQTT server",
Description: "MQTT password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MqttQoS,
Description: "set the Quality of Service Level for MQTT endpoint",
Description: "set the quality of service priority, defaults to '0'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.MqttKeepAliveInterval,
Description: "keep alive interval for MQTT connections",
Description: "keep-alive interval for MQTT connections in s,m,h,d",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.MqttReconnectInterval,
Description: "reconnect interval for MQTT connections",
Description: "reconnect interval for MQTT connections in s,m,h,d",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.MqttQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.MqttQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -244,171 +282,61 @@ var (
},
}
HelpES = config.HelpKVS{
config.HelpKV{
Key: target.ElasticURL,
Description: "Elasticsearch server's address, with optional authentication info",
Type: "url",
},
config.HelpKV{
Key: target.ElasticFormat,
Description: "set this to `namespace` or `access`, defaults to 'namespace'",
Type: "namespace*|access",
},
config.HelpKV{
Key: target.ElasticIndex,
Description: "the name of an Elasticsearch index in which MinIO will store document",
Type: "string",
},
config.HelpKV{
Key: target.ElasticQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.ElasticQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpWebhook = config.HelpKVS{
config.HelpKV{
Key: target.WebhookEndpoint,
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
Type: "url",
},
config.HelpKV{
Key: target.WebhookAuthToken,
Description: "authorization token used for webhook server endpoint",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.WebhookQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.WebhookQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpRedis = config.HelpKVS{
config.HelpKV{
Key: target.RedisAddress,
Description: "Redis server's address. For example: `localhost:6379`",
Type: "address",
},
config.HelpKV{
Key: target.RedisFormat,
Description: "specifies how data is populated, a hash is used in case of `namespace` format and a list in case of `access` format, defaults to 'namespace'",
Type: "namespace*|access",
},
config.HelpKV{
Key: target.RedisKey,
Description: "name of the Redis key under which events are stored",
Type: "string",
},
HelpPostgres = config.HelpKVS{
config.HelpKV{
Key: target.RedisPassword,
Description: "Redis server's password",
Optional: true,
Key: target.PostgresConnectionString,
Description: "Postgres server connection-string",
Type: "string",
},
config.HelpKV{
Key: target.RedisQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.RedisQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpPostgres = config.HelpKVS{
config.HelpKV{
Key: target.PostgresConnectionString,
Description: "connection string parameters for the PostgreSQL server",
Key: target.PostgresTable,
Description: "DB table name to store/update events, table is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.PostgresFormat,
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.PostgresTable,
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
Type: "string",
},
config.HelpKV{
Key: target.PostgresHost,
Description: "host name of the PostgreSQL server. Defaults to `localhost`. IPv6 host should be enclosed with `[` and `]`",
Description: "Postgres server hostname (used only if `connection_string` is empty)",
Optional: true,
Type: "hostname",
},
config.HelpKV{
Key: target.PostgresPort,
Description: "port on which to connect to PostgreSQL server, defaults to `5432`",
Description: "Postgres server port, defaults to `5432` (used only if `connection_string` is empty)",
Optional: true,
Type: "port",
},
config.HelpKV{
Key: target.PostgresUsername,
Description: "database username, defaults to user running the MinIO process if not specified",
Description: "database username (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresPassword,
Description: "database password",
Description: "database password (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresDatabase,
Description: "postgres Database name",
Description: "database name (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.PostgresQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -423,58 +351,58 @@ var (
HelpMySQL = config.HelpKVS{
config.HelpKV{
Key: target.MySQLDSNString,
Description: "data source name connection string for the MySQL server",
Description: "MySQL data-source-name connection string",
Type: "string",
},
config.HelpKV{
Key: target.MySQLTable,
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
Description: "DB table name to store/update events, table is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.MySQLFormat,
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.MySQLHost,
Description: "host name of the MySQL server (used only if `dsnString` is empty)",
Description: "MySQL server hostname (used only if `dsn_string` is empty)",
Optional: true,
Type: "hostname",
},
config.HelpKV{
Key: target.MySQLPort,
Description: "port on which to connect to the MySQL server (used only if `dsn_string` is empty)",
Description: "MySQL server port (used only if `dsn_string` is empty)",
Optional: true,
Type: "port",
},
config.HelpKV{
Key: target.MySQLUsername,
Description: "database user-name (used only if `dsnString` is empty)",
Description: "database username (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLPassword,
Description: "database password (used only if `dsnString` is empty)",
Description: "database password (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLDatabase,
Description: "database name (used only if `dsnString` is empty)",
Description: "database name (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.MySQLQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -494,92 +422,98 @@ var (
},
config.HelpKV{
Key: target.NATSSubject,
Description: "NATS subject that represents this subscription",
Description: "NATS subscription subject",
Type: "string",
},
config.HelpKV{
Key: target.NATSUsername,
Description: "username to be used when connecting to the server",
Description: "NATS username",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSPassword,
Description: "password to be used when connecting to a server",
Description: "NATS password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSToken,
Description: "token to be used when connecting to a server",
Description: "NATS token",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSSecure,
Description: "set this to 'on', enables TLS secure connections that skip server verification (not recommended)",
Key: target.NATSTLS,
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSTLSSkipVerify,
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSPingInterval,
Description: "client ping commands interval to the server, disabled by default",
Description: "client ping commands interval in s,m,h,d. Disabled by default",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.NATSStreaming,
Description: "set this to 'on', to use streaming NATS server",
Description: "set to 'on', to use streaming NATS server",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSStreamingAsync,
Description: "set this to 'on', to enable asynchronous publish, process the ACK or error state",
Description: "set to 'on', to enable asynchronous publish",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSStreamingMaxPubAcksInFlight,
Description: "specifies how many messages can be published without getting ACKs back from NATS streaming server",
Description: "number of messages to publish without waiting for ACKs",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.NATSStreamingClusterID,
Description: "unique ID for the NATS streaming cluster",
Description: "unique ID for NATS streaming cluster",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Key: target.NATSCertAuthority,
Description: "path to certificate chain of the target NATS server",
Optional: true,
Type: "number",
Type: "string",
},
config.HelpKV{
Key: target.NATSQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Key: target.NATSClientCert,
Description: "client cert for NATS mTLS auth",
Optional: true,
Type: "path",
Type: "string",
},
config.HelpKV{
Key: target.NATSCertAuthority,
Description: "certificate chain of the target NATS server if self signed certs were used",
Key: target.NATSClientKey,
Description: "client cert key for NATS mTLS auth",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSClientCert,
Description: "TLS Cert used for NATS configured to require client certificates",
Key: target.NATSQueueDir,
Description: queueDirComment,
Optional: true,
Type: "string",
Type: "path",
},
config.HelpKV{
Key: target.NATSClientKey,
Description: "TLS Key used for NATS configured to require client certificates",
Key: target.NATSQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "string",
Type: "number",
},
config.HelpKV{
Key: config.Comment,
@ -597,30 +531,108 @@ var (
},
config.HelpKV{
Key: target.NSQTopic,
Description: "NSQ topic unique per target",
Description: "NSQ topic",
Type: "string",
},
config.HelpKV{
Key: target.NSQTLS,
Description: "set this to 'on', to enable TLS negotiation",
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NSQTLSSkipVerify,
Description: "set this to 'on', to disable client verification of server certificates",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NSQQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.NSQQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpES = config.HelpKVS{
config.HelpKV{
Key: target.ElasticURL,
Description: "Elasticsearch server's address, with optional authentication info",
Type: "url",
},
config.HelpKV{
Key: target.ElasticIndex,
Description: `Elasticsearch index to store/update events, index is auto-created`,
Type: "string",
},
config.HelpKV{
Key: target.ElasticFormat,
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.ElasticQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.ElasticQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpRedis = config.HelpKVS{
config.HelpKV{
Key: target.RedisAddress,
Description: "Redis server's address. For example: `localhost:6379`",
Type: "address",
},
config.HelpKV{
Key: target.RedisKey,
Description: "Redis key to store/update events, key is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.RedisFormat,
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.RedisPassword,
Description: "Redis server password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.RedisQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.RedisQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},

@ -422,7 +422,11 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
Value: cfg.ClientKey,
},
config.KV{
Key: target.NATSSecure,
Key: target.NATSTLS,
Value: config.FormatBool(cfg.Secure),
},
config.KV{
Key: target.NATSTLSSkipVerify,
Value: config.FormatBool(cfg.Secure),
},
config.KV{

@ -85,7 +85,7 @@ func RegisterNotificationTargets(cfg config.Config, doneCh <-chan struct{}, root
return nil, err
}
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys])
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys], rootCAs)
if err != nil {
return nil, err
}
@ -840,6 +840,14 @@ var (
Key: target.NATSToken,
Value: "",
},
config.KV{
Key: target.NATSTLS,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSTLSSkipVerify,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSCertAuthority,
Value: "",
@ -852,10 +860,6 @@ var (
Key: target.NATSClientKey,
Value: "",
},
config.KV{
Key: target.NATSSecure,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSPingInterval,
Value: "0",
@ -888,7 +892,7 @@ var (
)
// GetNotifyNATS - returns a map of registered notification 'nats' targets
func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, error) {
func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[string]target.NATSArgs, error) {
natsTargets := make(map[string]target.NATSArgs)
for k, kv := range mergeTargets(natsKVS, target.EnvNATSEnable, DefaultNATSKVS) {
enableEnv := target.EnvNATSEnable
@ -934,9 +938,14 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
return nil, err
}
secureEnv := target.EnvNATSSecure
tlsEnv := target.EnvNATSTLS
if k != config.Default {
tlsEnv = tlsEnv + config.Default + k
}
tlsSkipVerifyEnv := target.EnvNATSTLSSkipVerify
if k != config.Default {
secureEnv = secureEnv + config.Default + k
tlsSkipVerifyEnv = tlsSkipVerifyEnv + config.Default + k
}
subjectEnv := target.EnvNATSSubject
@ -989,10 +998,12 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
Secure: env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.EnableOn,
TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
PingInterval: pingInterval,
QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
QueueLimit: queueLimit,
RootCAs: rootCAs,
}
streamingEnableEnv := target.EnvNATSStreaming

@ -23,12 +23,12 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: URL,
Description: `OPA HTTP API endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
Description: `OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for OPA HTTP API endpoint",
Description: "authorization token for OPA endpoint",
Optional: true,
Type: "string",
},

@ -23,44 +23,44 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: KMSVaultEndpoint,
Description: `HashiCorp Vault API endpoint e.g. "http://vault-endpoint-ip:8200"`,
Description: `API endpoint e.g. "http://vault-endpoint-ip:8200"`,
Type: "url",
},
config.HelpKV{
Key: KMSVaultKeyName,
Description: `transit key name used in vault policy, must be unique name e.g. "my-minio-key"`,
Description: `unique transit key name e.g. "my-minio-key"`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAuthType,
Description: `authentication type to Vault API endpoint e.g. "approle"`,
Description: `supported auth type(s) ["approle"], defaults to "approle"`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAppRoleID,
Description: `unique role ID created for AppRole`,
Description: `unique role ID for approle`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAppRoleSecret,
Description: `unique secret ID created for AppRole`,
Description: `unique secret ID for approle`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultNamespace,
Description: `only needed if AppRole engine is scoped to Vault Namespace e.g. "ns1"`,
Description: `optional KMS namespace e.g. "customer1"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: KMSVaultKeyVersion,
Description: `KMS Vault key version`,
Description: `optional key version number`,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: KMSVaultCAPath,
Description: `path to PEM-encoded CA cert files to use mTLS authentication (optional) e.g. "/home/user/custom-certs"`,
Description: `optional path to PEM-encoded CA certs e.g. "/home/user/custom-certs"`,
Optional: true,
Type: "path",
},

@ -23,12 +23,12 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: Endpoint,
Description: `HTTP logger endpoint e.g. "http://localhost:8080/minio/logs/server"`,
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/server"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for logger endpoint",
Description: `opaque string or JWT authorization token`,
Optional: true,
Type: "string",
},
@ -43,12 +43,12 @@ var (
HelpAudit = config.HelpKVS{
config.HelpKV{
Key: Endpoint,
Description: `HTTP Audit logger endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for audit logger endpoint",
Description: `opaque string or JWT authorization token`,
Optional: true,
Type: "string",
},

@ -486,13 +486,13 @@ To update the configuration, use `mc admin config get` command to get the curren
```sh
$ mc admin config get myminio/ notify_nats
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" tls_skip_verify="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
```
Use `mc admin config set` command to update the configuration for the deployment.Restart MinIO server to reflect config changes. `bucketevents` is the subject used by NATS in this example.
```sh
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
```
MinIO server also supports [NATS Streaming mode](http://nats.io/documentation/streaming/nats-streaming-intro/) that offers additional functionality like `At-least-once-delivery`, and `Publisher rate limiting`. To configure MinIO server to send notifications to NATS Streaming server, update the MinIO server configuration file as follows:

@ -16,11 +16,11 @@ HTTP target logs to a generic HTTP endpoint in JSON format and is not enabled by
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
```
mc admin config get myminio/ logger_webhook
logger_webhook:target1 auth_token="" endpoint=""
logger_webhook:name1 auth_token="" endpoint=""
```
```
mc admin config set myminio logger_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
mc admin config set myminio logger_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
mc admin service restart myminio
```
@ -38,11 +38,11 @@ minio server /mnt/data
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
```
mc admin config get myminio/ audit_webhook
audit_webhook:target1 auth_token="" endpoint=""
audit_webhook:name1 auth_token="" endpoint=""
```
```
mc admin config set myminio audit_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
mc admin config set myminio audit_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
mc admin service restart myminio
```

@ -18,6 +18,8 @@ package target
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
"errors"
"net/url"
@ -37,7 +39,8 @@ const (
NATSUsername = "username"
NATSPassword = "password"
NATSToken = "token"
NATSSecure = "secure"
NATSTLS = "tls"
NATSTLSSkipVerify = "tls_skip_verify"
NATSPingInterval = "ping_interval"
NATSQueueDir = "queue_dir"
NATSQueueLimit = "queue_limit"
@ -57,7 +60,8 @@ const (
EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME"
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
EnvNATSSecure = "MINIO_NOTIFY_NATS_SECURE"
EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS"
EnvNATSTLSSkipVerify = "MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY"
EnvNATSPingInterval = "MINIO_NOTIFY_NATS_PING_INTERVAL"
EnvNATSQueueDir = "MINIO_NOTIFY_NATS_QUEUE_DIR"
EnvNATSQueueLimit = "MINIO_NOTIFY_NATS_QUEUE_LIMIT"
@ -80,6 +84,8 @@ type NATSArgs struct {
Username string `json:"username"`
Password string `json:"password"`
Token string `json:"token"`
TLS bool `json:"tls"`
TLSSkipVerify bool `json:"tlsSkipVerify"`
Secure bool `json:"secure"`
CertAuthority string `json:"certAuthority"`
ClientCert string `json:"clientCert"`
@ -93,6 +99,8 @@ type NATSArgs struct {
Async bool `json:"async"`
MaxPubAcksInflight int `json:"maxPubAcksInflight"`
} `json:"streaming"`
RootCAs *x509.CertPool `json:"-"`
}
// Validate NATSArgs fields
@ -140,8 +148,10 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) {
if n.Token != "" {
connOpts = append(connOpts, nats.Token(n.Token))
}
if n.Secure {
if n.Secure || n.TLS && n.TLSSkipVerify {
connOpts = append(connOpts, nats.Secure(nil))
} else if n.TLS {
connOpts = append(connOpts, nats.Secure(&tls.Config{RootCAs: n.RootCAs}))
}
if n.CertAuthority != "" {
connOpts = append(connOpts, nats.RootCAs(n.CertAuthority))

Loading…
Cancel
Save