oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update help messages with new wording (#8616)

Browse Source 
Final update to all messages across sub-systems
after final review, the only change here is that
NATS now has TLS and TLSSkipVerify to be consistent
for all other notification targets.
master
Harshavardhana 5 years ago committed by kannappanr
parent f1e2e1cc9e
commit 476111968a
14 changed files with 287 additions and 244 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      cmd/config-current.go
  2. 8
      cmd/config/config.go
  3. 4
      cmd/config/etcd/help.go
  4. 12
      cmd/config/identity/ldap/help.go
  5. 4
      cmd/config/identity/openid/help.go
  6. 398
      cmd/config/notify/help.go
  7. 6
      cmd/config/notify/legacy.go
  8. 29
      cmd/config/notify/parse.go
  9. 4
      cmd/config/policy/opa/help.go
  10. 16
      cmd/crypto/help.go
  11. 8
      cmd/logger/help.go
  12. 4
      docs/bucket/notifications/README.md
  13. 8
      docs/logging/README.md
  14. 16
      pkg/event/target/nats.go

14
cmd/config-current.go
Unescape View File

@ -94,7 +94,7 @@ func initHelp() {
},
config.HelpKV{
Key: config.KmsVaultSubSys,
Description: "enable external HashiCorp Vault for KMS",
Description: "enable external HashiCorp Vault key management service",
},
config.HelpKV{
Key: config.LoggerWebhookSubSys,
@ -138,22 +138,22 @@ func initHelp() {
},
config.HelpKV{
Key: config.NotifyMySQLSubSys,
Description: "publish bucket notifications to MySQL endpoints",
Description: "publish bucket notifications to MySQL databases",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyPostgresSubSys,
Description: "publish bucket notifications to Postgres endpoints",
Description: "publish bucket notifications to Postgres databases",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyRedisSubSys,
Description: "publish bucket notifications to Redis endpoints",
Key: config.NotifyESSubSys,
Description: "publish bucket notifications to Elasticsearch endpoints",
MultipleTargets: true,
},
config.HelpKV{
Key: config.NotifyESSubSys,
Description: "publish bucket notifications to Elasticsearch endpoints",
Key: config.NotifyRedisSubSys,
Description: "publish bucket notifications to Redis datastores",
MultipleTargets: true,
},
}

8
cmd/config/config.go
Unescape View File

@ -491,8 +491,14 @@ func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error) {
if !strings.HasPrefix(hkv.Key, subSysPrefix) {
continue
}
if c[hkv.Key][Default].Empty() {
targets = append(targets, Target{
SubSystem: hkv.Key,
KVS: defaultKVS[hkv.Key],
})
}
for k, kvs := range c[hkv.Key] {
for _, dkv := range defaultKVS[subSysPrefix] {
for _, dkv := range defaultKVS[hkv.Key] {
_, ok := kvs.Lookup(dkv.Key)
if !ok {
kvs.Set(dkv.Key, dkv.Value)

4
cmd/config/etcd/help.go
Unescape View File

@ -28,13 +28,13 @@ var (
},
config.HelpKV{
Key: PathPrefix,
Description: `default etcd path prefix to populate all IAM assets eg: "customer/"`,
Description: `namespace prefix to isolate tenants e.g. "customer1/"`,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: CoreDNSPath,
Description: `default etcd path location to populate bucket DNS srv records eg: "/skydns"`,
Description: `shared bucket DNS records, default is "/skydns"`,
Optional: true,
Type: "path",
},

12
cmd/config/identity/ldap/help.go
Unescape View File

@ -28,36 +28,36 @@ var (
},
config.HelpKV{
Key: UsernameFormat,
Description: `AD/LDAP format of full username DN e.g. "uid={username},cn=accounts,dc=myldapserver,dc=com"`,
Description: `username bind DNs e.g. "uid=%s,cn=accounts,dc=myldapserver,dc=com"`,
Type: "string",
},
config.HelpKV{
Key: GroupSearchFilter,
Description: `search filter to find groups of a user (optional) e.g. "(&(objectclass=groupOfNames)(member={usernamedn}))"`,
Description: `search filter for groups e.g. "(&(objectclass=groupOfNames)(memberUid=%s))"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: GroupNameAttribute,
Description: `attribute of search results to use as group name (optional) e.g. "cn"`,
Description: `search attribute for group name e.g. "cn"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: GroupSearchBaseDN,
Description: `base DN in AD/LDAP hierarchy to use in search requests (optional) e.g. "dc=myldapserver,dc=com"`,
Description: `group search base DNs e.g. "dc=myldapserver,dc=com"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: STSExpiry,
Description: `AD/LDAP STS credentials validity duration e.g. "1h"`,
Description: `temporary credentials validity duration in s,m,h,d. Default is "1h"`,
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: TLSSkipVerify,
Description: "enable this to disable client verification of server certificates",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},

4
cmd/config/identity/openid/help.go
Unescape View File

@ -28,13 +28,13 @@ var (
},
config.HelpKV{
Key: ClientID,
Description: `client identifier of the authenticating party at the identity provider`,
Description: `unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com"`,
Type: "string",
Optional: true,
},
config.HelpKV{
Key: ClaimPrefix,
Description: `openid JWT claim namespace prefix e.g. "customer"`,
Description: `JWT claim namespace prefix e.g. "customer1"`,
Optional: true,
Type: "string",
},

398
cmd/config/notify/help.go
Unescape View File

@ -21,8 +21,46 @@ import (
"github.com/minio/minio/pkg/event/target"
)
const (
formatComment = `'namespace' reflects current bucket/object list and 'access' reflects a journal of object operations, defaults to 'namespace'`
queueDirComment = `staging dir for undelivered messages e.g. '/home/events'`
queueLimitComment = `maximum limit for undelivered messages, defaults to '10000'`
)
// Help template inputs for all notification targets
var (
HelpWebhook = config.HelpKVS{
config.HelpKV{
Key: target.WebhookEndpoint,
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
Type: "url",
},
config.HelpKV{
Key: target.WebhookAuthToken,
Description: "opaque string or JWT authorization token",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.WebhookQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.WebhookQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpAMQP = config.HelpKVS{
config.HelpKV{
Key: target.AmqpURL,
@ -37,7 +75,7 @@ var (
},
config.HelpKV{
Key: target.AmqpExchangeType,
Description: "kind of AMQP exchange type",
Description: "AMQP exchange type",
Optional: true,
Type: "string",
},
@ -49,49 +87,49 @@ var (
},
config.HelpKV{
Key: target.AmqpMandatory,
Description: "set this to 'on' for server to return an unroutable message with a Return method. If this flag is 'off', the server silently drops the message",
Description: "quietly ignore undelivered messages when set to 'off', default is 'on'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpDurable,
Description: "set this to 'on' for queue to survive broker restarts",
Description: "persist queue across broker restarts when set to 'on', default is 'off'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpNoWait,
Description: "when no_wait is 'on', declare without waiting for a confirmation from the server",
Description: "non-blocking message delivery when set to 'on', default is 'off'",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpInternal,
Description: "set this to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
Description: "set to 'on' for exchange to be not used directly by publishers, but only when bound to other exchanges",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpAutoDeleted,
Description: "set this to 'on' for queue that has had at least one consumer is deleted when last consumer unsubscribes",
Description: "auto delete queue when set to 'on', when there are no consumers",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.AmqpDeliveryMode,
Description: "delivery queue implementation use non-persistent (1) or persistent (2)",
Description: "set to '1' for non-persistent or '2' for persistent queue",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.AmqpQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.AmqpQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -135,45 +173,45 @@ var (
},
config.HelpKV{
Key: target.KafkaSASL,
Description: "set this to 'on' to enable SASL authentication",
Description: "set to 'on' to enable SASL authentication",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaTLS,
Description: "set this to 'on' to enable TLS",
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaTLSSkipVerify,
Description: "set this to 'on' to disable client verification of server certificate chain",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.KafkaQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Key: target.KafkaClientTLSCert,
Description: "path to client certificate for mTLS auth",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.KafkaQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Key: target.KafkaClientTLSKey,
Description: "path to client key for mTLS auth",
Optional: true,
Type: "number",
Type: "path",
},
config.HelpKV{
Key: target.KafkaClientTLSCert,
Description: "Set path to client certificate",
Key: target.KafkaQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.KafkaClientTLSKey,
Description: "Set path to client key",
Key: target.KafkaQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "path",
Type: "number",
},
config.HelpKV{
Key: config.Comment,
@ -191,48 +229,48 @@ var (
},
config.HelpKV{
Key: target.MqttTopic,
Description: "name of the MQTT topic to publish on, e.g. `minio`",
Description: "name of the MQTT topic to publish",
Type: "string",
},
config.HelpKV{
Key: target.MqttUsername,
Description: "username to connect to the MQTT server",
Description: "MQTT username",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MqttPassword,
Description: "password to connect to the MQTT server",
Description: "MQTT password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MqttQoS,
Description: "set the Quality of Service Level for MQTT endpoint",
Description: "set the quality of service priority, defaults to '0'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.MqttKeepAliveInterval,
Description: "keep alive interval for MQTT connections",
Description: "keep-alive interval for MQTT connections in s,m,h,d",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.MqttReconnectInterval,
Description: "reconnect interval for MQTT connections",
Description: "reconnect interval for MQTT connections in s,m,h,d",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.MqttQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.MqttQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -244,171 +282,61 @@ var (
},
}
HelpES = config.HelpKVS{
config.HelpKV{
Key: target.ElasticURL,
Description: "Elasticsearch server's address, with optional authentication info",
Type: "url",
},
config.HelpKV{
Key: target.ElasticFormat,
Description: "set this to `namespace` or `access`, defaults to 'namespace'",
Type: "namespace*|access",
},
config.HelpKV{
Key: target.ElasticIndex,
Description: "the name of an Elasticsearch index in which MinIO will store document",
Type: "string",
},
config.HelpKV{
Key: target.ElasticQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.ElasticQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpWebhook = config.HelpKVS{
config.HelpKV{
Key: target.WebhookEndpoint,
Description: "webhook server endpoint e.g. http://localhost:8080/minio/events",
Type: "url",
},
config.HelpKV{
Key: target.WebhookAuthToken,
Description: "authorization token used for webhook server endpoint",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.WebhookQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.WebhookQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpRedis = config.HelpKVS{
config.HelpKV{
Key: target.RedisAddress,
Description: "Redis server's address. For example: `localhost:6379`",
Type: "address",
},
config.HelpKV{
Key: target.RedisFormat,
Description: "specifies how data is populated, a hash is used in case of `namespace` format and a list in case of `access` format, defaults to 'namespace'",
Type: "namespace*|access",
},
config.HelpKV{
Key: target.RedisKey,
Description: "name of the Redis key under which events are stored",
Type: "string",
},
HelpPostgres = config.HelpKVS{
config.HelpKV{
Key: target.RedisPassword,
Description: "Redis server's password",
Optional: true,
Key: target.PostgresConnectionString,
Description: "Postgres server connection-string",
Type: "string",
},
config.HelpKV{
Key: target.RedisQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.RedisQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpPostgres = config.HelpKVS{
config.HelpKV{
Key: target.PostgresConnectionString,
Description: "connection string parameters for the PostgreSQL server",
Key: target.PostgresTable,
Description: "DB table name to store/update events, table is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.PostgresFormat,
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.PostgresTable,
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
Type: "string",
},
config.HelpKV{
Key: target.PostgresHost,
Description: "host name of the PostgreSQL server. Defaults to `localhost`. IPv6 host should be enclosed with `[` and `]`",
Description: "Postgres server hostname (used only if `connection_string` is empty)",
Optional: true,
Type: "hostname",
},
config.HelpKV{
Key: target.PostgresPort,
Description: "port on which to connect to PostgreSQL server, defaults to `5432`",
Description: "Postgres server port, defaults to `5432` (used only if `connection_string` is empty)",
Optional: true,
Type: "port",
},
config.HelpKV{
Key: target.PostgresUsername,
Description: "database username, defaults to user running the MinIO process if not specified",
Description: "database username (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresPassword,
Description: "database password",
Description: "database password (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresDatabase,
Description: "postgres Database name",
Description: "database name (used only if `connection_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.PostgresQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.PostgresQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -423,58 +351,58 @@ var (
HelpMySQL = config.HelpKVS{
config.HelpKV{
Key: target.MySQLDSNString,
Description: "data source name connection string for the MySQL server",
Description: "MySQL data-source-name connection string",
Type: "string",
},
config.HelpKV{
Key: target.MySQLTable,
Description: "table name in which events will be stored/updated. If the table does not exist, the MinIO server creates it at start-up",
Description: "DB table name to store/update events, table is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.MySQLFormat,
Description: "specifies how data is populated, `namespace` format and `access` format, defaults to 'namespace'",
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.MySQLHost,
Description: "host name of the MySQL server (used only if `dsnString` is empty)",
Description: "MySQL server hostname (used only if `dsn_string` is empty)",
Optional: true,
Type: "hostname",
},
config.HelpKV{
Key: target.MySQLPort,
Description: "port on which to connect to the MySQL server (used only if `dsn_string` is empty)",
Description: "MySQL server port (used only if `dsn_string` is empty)",
Optional: true,
Type: "port",
},
config.HelpKV{
Key: target.MySQLUsername,
Description: "database user-name (used only if `dsnString` is empty)",
Description: "database username (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLPassword,
Description: "database password (used only if `dsnString` is empty)",
Description: "database password (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLDatabase,
Description: "database name (used only if `dsnString` is empty)",
Description: "database name (used only if `dsn_string` is empty)",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.MySQLQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.MySQLQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
@ -494,92 +422,98 @@ var (
},
config.HelpKV{
Key: target.NATSSubject,
Description: "NATS subject that represents this subscription",
Description: "NATS subscription subject",
Type: "string",
},
config.HelpKV{
Key: target.NATSUsername,
Description: "username to be used when connecting to the server",
Description: "NATS username",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSPassword,
Description: "password to be used when connecting to a server",
Description: "NATS password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSToken,
Description: "token to be used when connecting to a server",
Description: "NATS token",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSSecure,
Description: "set this to 'on', enables TLS secure connections that skip server verification (not recommended)",
Key: target.NATSTLS,
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSTLSSkipVerify,
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSPingInterval,
Description: "client ping commands interval to the server, disabled by default",
Description: "client ping commands interval in s,m,h,d. Disabled by default",
Optional: true,
Type: "duration",
},
config.HelpKV{
Key: target.NATSStreaming,
Description: "set this to 'on', to use streaming NATS server",
Description: "set to 'on', to use streaming NATS server",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSStreamingAsync,
Description: "set this to 'on', to enable asynchronous publish, process the ACK or error state",
Description: "set to 'on', to enable asynchronous publish",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NATSStreamingMaxPubAcksInFlight,
Description: "specifies how many messages can be published without getting ACKs back from NATS streaming server",
Description: "number of messages to publish without waiting for ACKs",
Optional: true,
Type: "number",
},
config.HelpKV{
Key: target.NATSStreamingClusterID,
Description: "unique ID for the NATS streaming cluster",
Description: "unique ID for NATS streaming cluster",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Key: target.NATSCertAuthority,
Description: "path to certificate chain of the target NATS server",
Optional: true,
Type: "number",
Type: "string",
},
config.HelpKV{
Key: target.NATSQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Key: target.NATSClientCert,
Description: "client cert for NATS mTLS auth",
Optional: true,
Type: "path",
Type: "string",
},
config.HelpKV{
Key: target.NATSCertAuthority,
Description: "certificate chain of the target NATS server if self signed certs were used",
Key: target.NATSClientKey,
Description: "client cert key for NATS mTLS auth",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.NATSClientCert,
Description: "TLS Cert used for NATS configured to require client certificates",
Key: target.NATSQueueDir,
Description: queueDirComment,
Optional: true,
Type: "string",
Type: "path",
},
config.HelpKV{
Key: target.NATSClientKey,
Description: "TLS Key used for NATS configured to require client certificates",
Key: target.NATSQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "string",
Type: "number",
},
config.HelpKV{
Key: config.Comment,
@ -597,30 +531,108 @@ var (
},
config.HelpKV{
Key: target.NSQTopic,
Description: "NSQ topic unique per target",
Description: "NSQ topic",
Type: "string",
},
config.HelpKV{
Key: target.NSQTLS,
Description: "set this to 'on', to enable TLS negotiation",
Description: "set to 'on' to enable TLS",
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NSQTLSSkipVerify,
Description: "set this to 'on', to disable client verification of server certificates",
Description: `trust server TLS without verification, defaults to "on" (verify)`,
Optional: true,
Type: "on|off",
},
config.HelpKV{
Key: target.NSQQueueDir,
Description: "local directory where events are stored e.g. '/home/events'",
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.NSQQueueLimit,
Description: "enable persistent event store queue limit, defaults to '10000'",
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpES = config.HelpKVS{
config.HelpKV{
Key: target.ElasticURL,
Description: "Elasticsearch server's address, with optional authentication info",
Type: "url",
},
config.HelpKV{
Key: target.ElasticIndex,
Description: `Elasticsearch index to store/update events, index is auto-created`,
Type: "string",
},
config.HelpKV{
Key: target.ElasticFormat,
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.ElasticQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.ElasticQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: config.Comment,
Description: config.DefaultComment,
Optional: true,
Type: "sentence",
},
}
HelpRedis = config.HelpKVS{
config.HelpKV{
Key: target.RedisAddress,
Description: "Redis server's address. For example: `localhost:6379`",
Type: "address",
},
config.HelpKV{
Key: target.RedisKey,
Description: "Redis key to store/update events, key is auto-created",
Type: "string",
},
config.HelpKV{
Key: target.RedisFormat,
Description: formatComment,
Type: "namespace*|access",
},
config.HelpKV{
Key: target.RedisPassword,
Description: "Redis server password",
Optional: true,
Type: "string",
},
config.HelpKV{
Key: target.RedisQueueDir,
Description: queueDirComment,
Optional: true,
Type: "path",
},
config.HelpKV{
Key: target.RedisQueueLimit,
Description: queueLimitComment,
Optional: true,
Type: "number",
},

6
cmd/config/notify/legacy.go
Unescape View File

@ -422,7 +422,11 @@ func SetNotifyNATS(s config.Config, natsName string, cfg target.NATSArgs) error
Value: cfg.ClientKey,
},
config.KV{
Key: target.NATSSecure,
Key: target.NATSTLS,
Value: config.FormatBool(cfg.Secure),
},
config.KV{
Key: target.NATSTLSSkipVerify,
Value: config.FormatBool(cfg.Secure),
},
config.KV{

29
cmd/config/notify/parse.go
Unescape View File

@ -85,7 +85,7 @@ func RegisterNotificationTargets(cfg config.Config, doneCh <-chan struct{}, root
return nil, err
}
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys])
natsTargets, err := GetNotifyNATS(cfg[config.NotifyNATSSubSys], rootCAs)
if err != nil {
return nil, err
}
@ -840,6 +840,14 @@ var (
Key: target.NATSToken,
Value: "",
},
config.KV{
Key: target.NATSTLS,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSTLSSkipVerify,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSCertAuthority,
Value: "",
@ -852,10 +860,6 @@ var (
Key: target.NATSClientKey,
Value: "",
},
config.KV{
Key: target.NATSSecure,
Value: config.EnableOff,
},
config.KV{
Key: target.NATSPingInterval,
Value: "0",
@ -888,7 +892,7 @@ var (
)
// GetNotifyNATS - returns a map of registered notification 'nats' targets
func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, error) {
func GetNotifyNATS(natsKVS map[string]config.KVS, rootCAs *x509.CertPool) (map[string]target.NATSArgs, error) {
natsTargets := make(map[string]target.NATSArgs)
for k, kv := range mergeTargets(natsKVS, target.EnvNATSEnable, DefaultNATSKVS) {
enableEnv := target.EnvNATSEnable
@ -934,9 +938,14 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
return nil, err
}
secureEnv := target.EnvNATSSecure
tlsEnv := target.EnvNATSTLS
if k != config.Default {
tlsEnv = tlsEnv + config.Default + k
}
tlsSkipVerifyEnv := target.EnvNATSTLSSkipVerify
if k != config.Default {
secureEnv = secureEnv + config.Default + k
tlsSkipVerifyEnv = tlsSkipVerifyEnv + config.Default + k
}
subjectEnv := target.EnvNATSSubject
@ -989,10 +998,12 @@ func GetNotifyNATS(natsKVS map[string]config.KVS) (map[string]target.NATSArgs, e
ClientCert: env.Get(clientCertEnv, kv.Get(target.NATSClientCert)),
ClientKey: env.Get(clientKeyEnv, kv.Get(target.NATSClientKey)),
Token: env.Get(tokenEnv, kv.Get(target.NATSToken)),
Secure: env.Get(secureEnv, kv.Get(target.NATSSecure)) == config.EnableOn,
TLS: env.Get(tlsEnv, kv.Get(target.NATSTLS)) == config.EnableOn,
TLSSkipVerify: env.Get(tlsSkipVerifyEnv, kv.Get(target.NATSTLSSkipVerify)) == config.EnableOn,
PingInterval: pingInterval,
QueueDir: env.Get(queueDirEnv, kv.Get(target.NATSQueueDir)),
QueueLimit: queueLimit,
RootCAs: rootCAs,
}
streamingEnableEnv := target.EnvNATSStreaming

4
cmd/config/policy/opa/help.go
Unescape View File

@ -23,12 +23,12 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: URL,
Description: `OPA HTTP API endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
Description: `OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for OPA HTTP API endpoint",
Description: "authorization token for OPA endpoint",
Optional: true,
Type: "string",
},

16
cmd/crypto/help.go
Unescape View File

@ -23,44 +23,44 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: KMSVaultEndpoint,
Description: `HashiCorp Vault API endpoint e.g. "http://vault-endpoint-ip:8200"`,
Description: `API endpoint e.g. "http://vault-endpoint-ip:8200"`,
Type: "url",
},
config.HelpKV{
Key: KMSVaultKeyName,
Description: `transit key name used in vault policy, must be unique name e.g. "my-minio-key"`,
Description: `unique transit key name e.g. "my-minio-key"`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAuthType,
Description: `authentication type to Vault API endpoint e.g. "approle"`,
Description: `supported auth type(s) ["approle"], defaults to "approle"`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAppRoleID,
Description: `unique role ID created for AppRole`,
Description: `unique role ID for approle`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultAppRoleSecret,
Description: `unique secret ID created for AppRole`,
Description: `unique secret ID for approle`,
Type: "string",
},
config.HelpKV{
Key: KMSVaultNamespace,
Description: `only needed if AppRole engine is scoped to Vault Namespace e.g. "ns1"`,
Description: `optional KMS namespace e.g. "customer1"`,
Optional: true,
Type: "string",
},
config.HelpKV{
Key: KMSVaultKeyVersion,
Description: `KMS Vault key version`,
Description: `optional key version number`,
Optional: true,
Type: "number",
},
config.HelpKV{
Key: KMSVaultCAPath,
Description: `path to PEM-encoded CA cert files to use mTLS authentication (optional) e.g. "/home/user/custom-certs"`,
Description: `optional path to PEM-encoded CA certs e.g. "/home/user/custom-certs"`,
Optional: true,
Type: "path",
},

8
cmd/logger/help.go
Unescape View File

@ -23,12 +23,12 @@ var (
Help = config.HelpKVS{
config.HelpKV{
Key: Endpoint,
Description: `HTTP logger endpoint e.g. "http://localhost:8080/minio/logs/server"`,
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/server"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for logger endpoint",
Description: `opaque string or JWT authorization token`,
Optional: true,
Type: "string",
},
@ -43,12 +43,12 @@ var (
HelpAudit = config.HelpKVS{
config.HelpKV{
Key: Endpoint,
Description: `HTTP Audit logger endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
Description: `HTTP(s) endpoint e.g. "http://localhost:8080/minio/logs/audit"`,
Type: "url",
},
config.HelpKV{
Key: AuthToken,
Description: "authorization token for audit logger endpoint",
Description: `opaque string or JWT authorization token`,
Optional: true,
Type: "string",
},

4
docs/bucket/notifications/README.md
Unescape View File

@ -486,13 +486,13 @@ To update the configuration, use `mc admin config get` command to get the curren
```sh
$ mc admin config get myminio/ notify_nats
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" tls_skip_verify="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
```
Use `mc admin config set` command to update the configuration for the deployment.Restart MinIO server to reflect config changes. `bucketevents` is the subject used by NATS in this example.
```sh
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" secure="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
$ mc admin config set myminio notify_nats:1 password="yoursecret" streaming_max_pub_acks_in_flight="10" subject="" address="0.0.0.0:4222" token="" username="yourusername" ping_interval="0" queue_limit="0" tls="off" streaming_async="on" queue_dir="" streaming_cluster_id="test-cluster" streaming_enable="on"
```
MinIO server also supports [NATS Streaming mode](http://nats.io/documentation/streaming/nats-streaming-intro/) that offers additional functionality like `At-least-once-delivery`, and `Publisher rate limiting`. To configure MinIO server to send notifications to NATS Streaming server, update the MinIO server configuration file as follows:

8
docs/logging/README.md
Unescape View File

@ -16,11 +16,11 @@ HTTP target logs to a generic HTTP endpoint in JSON format and is not enabled by
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
```
mc admin config get myminio/ logger_webhook
logger_webhook:target1 auth_token="" endpoint=""
logger_webhook:name1 auth_token="" endpoint=""
```
```
mc admin config set myminio logger_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
mc admin config set myminio logger_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
mc admin service restart myminio
```
@ -38,11 +38,11 @@ minio server /mnt/data
Assuming `mc` is already [configured](https://docs.min.io/docs/minio-client-quickstart-guide.html)
```
mc admin config get myminio/ audit_webhook
audit_webhook:target1 auth_token="" endpoint=""
audit_webhook:name1 auth_token="" endpoint=""
```
```
mc admin config set myminio audit_webhook:target1 auth_token="" endpoint="http://endpoint:port/path"
mc admin config set myminio audit_webhook:name1 auth_token="" endpoint="http://endpoint:port/path"
mc admin service restart myminio
```

16
pkg/event/target/nats.go
Unescape View File

@ -18,6 +18,8 @@ package target
import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/json"
"errors"
"net/url"
@ -37,7 +39,8 @@ const (
NATSUsername = "username"
NATSPassword = "password"
NATSToken = "token"
NATSSecure = "secure"
NATSTLS = "tls"
NATSTLSSkipVerify = "tls_skip_verify"
NATSPingInterval = "ping_interval"
NATSQueueDir = "queue_dir"
NATSQueueLimit = "queue_limit"
@ -57,7 +60,8 @@ const (
EnvNATSUsername = "MINIO_NOTIFY_NATS_USERNAME"
EnvNATSPassword = "MINIO_NOTIFY_NATS_PASSWORD"
EnvNATSToken = "MINIO_NOTIFY_NATS_TOKEN"
EnvNATSSecure = "MINIO_NOTIFY_NATS_SECURE"
EnvNATSTLS = "MINIO_NOTIFY_NATS_TLS"
EnvNATSTLSSkipVerify = "MINIO_NOTIFY_NATS_TLS_SKIP_VERIFY"
EnvNATSPingInterval = "MINIO_NOTIFY_NATS_PING_INTERVAL"
EnvNATSQueueDir = "MINIO_NOTIFY_NATS_QUEUE_DIR"
EnvNATSQueueLimit = "MINIO_NOTIFY_NATS_QUEUE_LIMIT"
@ -80,6 +84,8 @@ type NATSArgs struct {
Username string `json:"username"`
Password string `json:"password"`
Token string `json:"token"`
TLS bool `json:"tls"`
TLSSkipVerify bool `json:"tlsSkipVerify"`
Secure bool `json:"secure"`
CertAuthority string `json:"certAuthority"`
ClientCert string `json:"clientCert"`
@ -93,6 +99,8 @@ type NATSArgs struct {
Async bool `json:"async"`
MaxPubAcksInflight int `json:"maxPubAcksInflight"`
} `json:"streaming"`
RootCAs *x509.CertPool `json:"-"`
}
// Validate NATSArgs fields
@ -140,8 +148,10 @@ func (n NATSArgs) connectNats() (*nats.Conn, error) {
if n.Token != "" {
connOpts = append(connOpts, nats.Token(n.Token))
}
if n.Secure {
if n.Secure || n.TLS && n.TLSSkipVerify {
connOpts = append(connOpts, nats.Secure(nil))
} else if n.TLS {
connOpts = append(connOpts, nats.Secure(&tls.Config{RootCAs: n.RootCAs}))
}
if n.CertAuthority != "" {
connOpts = append(connOpts, nats.RootCAs(n.CertAuthority))

Write Preview
Loading…
Cancel
Save