Documentation ¶
Overview ¶
Package restapi MinIO Console Server
Schemes: http ws Host: localhost BasePath: /api/v1 Version: 0.1.0 Consumes: - application/json - multipart/form-data Produces: - application/octet-stream - application/json
swagger:meta
Index ¶
- Constants
- Variables
- func AuthenticationMiddleware(next http.Handler) http.Handler
- func DifferenceArrays(a, b []string) []string
- func ExpireSessionCookie() http.Cookie
- func FileExists(filename string) bool
- func FileServerMiddleware(next http.Handler) http.Handler
- func GetConsoleHTTPClient() *http.Client
- func GetHostname() string
- func GetMinIORegion() string
- func GetPort() int
- func GetSecureAllowedHosts() []string
- func GetSecureAllowedHostsAreRegex() bool
- func GetSecureBrowserXSSFilter() bool
- func GetSecureContentSecurityPolicy() string
- func GetSecureContentSecurityPolicyReportOnly() string
- func GetSecureContentTypeNonSniff() bool
- func GetSecureExpectCTHeader() string
- func GetSecureFeaturePolicy() string
- func GetSecureForceSTSHeader() bool
- func GetSecureFrameDeny() bool
- func GetSecureHostsProxyHeaders() []string
- func GetSecurePublicKey() string
- func GetSecureReferrerPolicy() string
- func GetSecureSTSIncludeSubdomains() bool
- func GetSecureSTSPreload() bool
- func GetSecureSTSSeconds() int64
- func GetSecureTLSHost() string
- func GetSecureTLSTemporaryRedirect() bool
- func GetSubnetHTTPClient(proxy string) (*cluster.HTTPClient, error)
- func GetSubnetInfoResponse(session *models.Principal) (*models.License, *models.Error)
- func GetSubnetKeyFromMinIOConfig(ctx context.Context, minioClient MinioAdmin) (*subnet.LicenseTokenConfig, error)
- func GetSubnetLicense() string
- func GetSubnetLoginResponse(session *models.Principal, params admin_api.SubnetLoginParams) (*models.SubnetLoginResponse, *models.Error)
- func GetSubnetLoginWithMFAResponse(params admin_api.SubnetLoginMFAParams) (*models.SubnetLoginResponse, *models.Error)
- func GetSubnetRegToken(ctx context.Context, minioClient MinioAdmin) (string, error)
- func GetSubnetRegTokenResponse(session *models.Principal) (*models.SubnetRegTokenResponse, *models.Error)
- func GetSubnetRegister(ctx context.Context, minioClient MinioAdmin, httpClient cluster.HTTPClientI, ...) error
- func GetSubnetRegisterResponse(session *models.Principal, params admin_api.SubnetRegisterParams) *models.Error
- func GetTLSPort() int
- func GetTLSRedirect() string
- func IsElementInArray(a []string, b string) bool
- func NewAdminClient(url, accessKey, secretKey, sessionToken string) (*madmin.AdminClient, *probe.Error)
- func NewAdminClientWithInsecure(url, accessKey, secretKey, sessionToken string, insecure bool) (*madmin.AdminClient, *probe.Error)
- func NewConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error)
- func NewMinioAdminClient(sessionClaims *models.Principal) (*madmin.AdminClient, error)
- func NewSessionCookieForConsole(token string) http.Cookie
- func PrepareConsoleHTTPClient(insecure bool) *http.Client
- func RandomCharString(n int) string
- func RandomCharStringWithAlphabet(n int, alphabet string) string
- func RejectS3Middleware(next http.Handler) http.Handler
- func SanitizeEncodedPrefix(rawPrefix string) string
- func SubnetLogin(client cluster.HTTPClientI, username, password string) (string, string, error)
- func SubnetLoginWithMFA(client cluster.HTTPClientI, username, mfaToken, otp string) (*models.SubnetLoginResponse, error)
- func SubnetRegisterWithAPIKey(ctx context.Context, minioClient MinioAdmin, apiKey string) (bool, error)
- func UniqueKeys(a []string) []string
- type AdminClient
- type ConsoleCredentials
- type ConsoleCredentialsI
- type ConsoleWebsocket
- type ConsoleWebsocketAdmin
- type Context
- type DataResult
- type GridPos
- type LabelResponse
- type LabelResults
- type MCClient
- type Metric
- type MetricOptions
- type MinioAdmin
- type MinioClient
- type PromResp
- type PromRespData
- type ReduceOptions
- type RemoteBucketResult
- type Server
- func (s *Server) ConfigureAPI()
- func (s *Server) ConfigureFlags()
- func (s *Server) Fatalf(f string, args ...interface{})
- func (s *Server) GetHandler() http.Handler
- func (s *Server) HTTPListener() (net.Listener, error)
- func (s *Server) Listen() error
- func (s *Server) Logf(f string, args ...interface{})
- func (s *Server) Serve() (err error)
- func (s *Server) SetAPI(api *operations.ConsoleAPI)
- func (s *Server) SetHandler(handler http.Handler)
- func (s *Server) Shutdown() error
- func (s *Server) TLSListener() (net.Listener, error)
- func (s *Server) UnixListener() (net.Listener, error)
- type SubnetRegistration
- type Target
- type TraceRequest
- type UsageInfo
- type VersionState
- type WSConn
- type Widget
- type WidgetLabel
Constants ¶
const ( Unknown = 0 Allow = 1 Deny = -1 )
Policy evaluated constants
const ( // Constants for common configuration ConsoleMinIOServer = "CONSOLE_MINIO_SERVER" ConsoleMinIORegion = "CONSOLE_MINIO_REGION" ConsoleHostname = "CONSOLE_HOSTNAME" ConsolePort = "CONSOLE_PORT" ConsoleTLSHostname = "CONSOLE_TLS_HOSTNAME" ConsoleTLSPort = "CONSOLE_TLS_PORT" ConsoleSubnetLicense = "CONSOLE_SUBNET_LICENSE" MinIOConfigEnvFile = "MINIO_CONFIG_ENV_FILE" MinIOSubnetLicense = "MINIO_SUBNET_LICENSE" // Constants for Secure middleware ConsoleSecureAllowedHosts = "CONSOLE_SECURE_ALLOWED_HOSTS" ConsoleSecureAllowedHostsAreRegex = "CONSOLE_SECURE_ALLOWED_HOSTS_ARE_REGEX" ConsoleSecureFrameDeny = "CONSOLE_SECURE_FRAME_DENY" ConsoleSecureContentTypeNoSniff = "CONSOLE_SECURE_CONTENT_TYPE_NO_SNIFF" ConsoleSecureBrowserXSSFilter = "CONSOLE_SECURE_BROWSER_XSS_FILTER" ConsoleSecureContentSecurityPolicy = "CONSOLE_SECURE_CONTENT_SECURITY_POLICY" ConsoleSecureContentSecurityPolicyReportOnly = "CONSOLE_SECURE_CONTENT_SECURITY_POLICY_REPORT_ONLY" ConsoleSecureHostsProxyHeaders = "CONSOLE_SECURE_HOSTS_PROXY_HEADERS" ConsoleSecureSTSSeconds = "CONSOLE_SECURE_STS_SECONDS" ConsoleSecureSTSIncludeSubdomains = "CONSOLE_SECURE_STS_INCLUDE_SUB_DOMAINS" ConsoleSecureSTSPreload = "CONSOLE_SECURE_STS_PRELOAD" ConsoleSecureTLSRedirect = "CONSOLE_SECURE_TLS_REDIRECT" ConsoleSecureTLSHost = "CONSOLE_SECURE_TLS_HOST" ConsoleSecureTLSTemporaryRedirect = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT" ConsoleSecureForceSTSHeader = "CONSOLE_SECURE_FORCE_STS_HEADER" ConsoleSecurePublicKey = "CONSOLE_SECURE_PUBLIC_KEY" ConsoleSecureReferrerPolicy = "CONSOLE_SECURE_REFERRER_POLICY" ConsoleSecureFeaturePolicy = "CONSOLE_SECURE_FEATURE_POLICY" ConsoleSecureExpectCTHeader = "CONSOLE_SECURE_EXPECT_CT_HEADER" PrometheusURL = "CONSOLE_PROMETHEUS_URL" PrometheusJobID = "CONSOLE_PROMETHEUS_JOB_ID" ConsoleLogQueryURL = "CONSOLE_LOG_QUERY_URL" ConsoleLogQueryAuthToken = "CONSOLE_LOG_QUERY_AUTH_TOKEN" LogSearchQueryAuthToken = "LOGSEARCH_QUERY_AUTH_TOKEN" SlashSeparator = "/" )
list of all console environment constants
Variables ¶
var ( // Port console default port Port = "9090" // Hostname console hostname // avoid listening on 0.0.0.0 by default // instead listen on all IPv4 and IPv6 // - Hostname should be empty. Hostname = "" // TLSPort console tls port TLSPort = "9443" // TLSRedirect console tls redirect rule TLSRedirect = "on" ConsoleResourceName = "console-ui" )
var ( // GlobalRootCAs is CA root certificates, a nil value means system certs pool will be used GlobalRootCAs *x509.CertPool // GlobalPublicCerts has certificates Console will use to serve clients GlobalPublicCerts []*x509.Certificate // GlobalTLSCertsManager custom TLS Manager for SNI support GlobalTLSCertsManager *xcerts.Manager )
var ( // SwaggerJSON embedded version of the swagger document used at generation time SwaggerJSON json.RawMessage // FlatSwaggerJSON embedded flattened version of the swagger document used at generation time FlatSwaggerJSON json.RawMessage )
var ( // ErrorGeneric is a generic error message ErrorGeneric = errors.New("an error occurred, please try again") // ErrorGenericNotFound Generic error for not found ErrorGenericNotFound = errors.New("not found") )
var ( LogInfo = logInfo LogError = logError )
globally changeable logger styles
Functions ¶
func DifferenceArrays ¶
DifferenceArrays returns the elements in `a` that aren't in `b`.
func FileExists ¶
FileExists verifies if a file exist on the desired location and its not a folder
func FileServerMiddleware ¶
FileServerMiddleware serves files from the static folder
func GetConsoleHTTPClient ¶
GetConsoleHTTPClient will initialize the console HTTP Client with fully populated custom TLS Transport that with loads certs at - ${HOME}/.console/certs/CAs - ${HOME}/.minio/certs/CAs
func GetHostname ¶
func GetHostname() string
GetHostname gets console hostname set on env variable, default one or defined on run command
func GetSecureAllowedHosts ¶
func GetSecureAllowedHosts() []string
Get secure middleware env variable configurations
func GetSecureAllowedHostsAreRegex ¶
func GetSecureAllowedHostsAreRegex() bool
AllowedHostsAreRegex determines, if the provided AllowedHosts slice contains valid regular expressions. Default is false.
func GetSecureBrowserXSSFilter ¶
func GetSecureBrowserXSSFilter() bool
If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is true.
func GetSecureContentSecurityPolicy ¶
func GetSecureContentSecurityPolicy() string
ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "". Passing a template string will replace `$NONCE` with a dynamic nonce value of 16 bytes for each request which can be later retrieved using the Nonce function.
func GetSecureContentSecurityPolicyReportOnly ¶
func GetSecureContentSecurityPolicyReportOnly() string
ContentSecurityPolicyReportOnly allows the Content-Security-Policy-Report-Only header value to be set with a custom value. Default is "".
func GetSecureContentTypeNonSniff ¶
func GetSecureContentTypeNonSniff() bool
If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is true.
func GetSecureFeaturePolicy ¶
func GetSecureFeaturePolicy() string
FeaturePolicy allows the Feature-Policy header with the value to be set with a custom value. Default is "".
func GetSecureForceSTSHeader ¶
func GetSecureForceSTSHeader() bool
STS header is only included when the connection is HTTPS.
func GetSecureFrameDeny ¶
func GetSecureFrameDeny() bool
If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is true.
func GetSecureHostsProxyHeaders ¶
func GetSecureHostsProxyHeaders() []string
HostsProxyHeaders is a set of header keys that may hold a proxied hostname value for the request.
func GetSecurePublicKey ¶
func GetSecurePublicKey() string
PublicKey implements HPKP to prevent MITM attacks with forged certificates. Default is "".
func GetSecureReferrerPolicy ¶
func GetSecureReferrerPolicy() string
ReferrerPolicy allows the Referrer-Policy header with the value to be set with a custom value. Default is "".
func GetSecureSTSIncludeSubdomains ¶
func GetSecureSTSIncludeSubdomains() bool
If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false.
func GetSecureSTSPreload ¶
func GetSecureSTSPreload() bool
If STSPreload is set to true, the `preload` flag will be appended to the Strict-Transport-Security header. Default is false.
func GetSecureSTSSeconds ¶
func GetSecureSTSSeconds() int64
STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
func GetSecureTLSHost ¶
func GetSecureTLSHost() string
TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
func GetSecureTLSTemporaryRedirect ¶
func GetSecureTLSTemporaryRedirect() bool
If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
func GetSubnetHTTPClient ¶
func GetSubnetHTTPClient(proxy string) (*cluster.HTTPClient, error)
GetSubnetHTTPClient will return a client with proxy if configured, otherwise will return the default console http client
func GetSubnetInfoResponse ¶
func GetSubnetKeyFromMinIOConfig ¶
func GetSubnetKeyFromMinIOConfig(ctx context.Context, minioClient MinioAdmin) (*subnet.LicenseTokenConfig, error)
func GetSubnetLicense ¶
func GetSubnetLicense() string
GetSubnetLicense returns the current subnet jwt license
func GetSubnetLoginResponse ¶
func GetSubnetLoginResponse(session *models.Principal, params admin_api.SubnetLoginParams) (*models.SubnetLoginResponse, *models.Error)
func GetSubnetLoginWithMFAResponse ¶
func GetSubnetLoginWithMFAResponse(params admin_api.SubnetLoginMFAParams) (*models.SubnetLoginResponse, *models.Error)
func GetSubnetRegToken ¶
func GetSubnetRegToken(ctx context.Context, minioClient MinioAdmin) (string, error)
func GetSubnetRegTokenResponse ¶
func GetSubnetRegister ¶
func GetSubnetRegister(ctx context.Context, minioClient MinioAdmin, httpClient cluster.HTTPClientI, params admin_api.SubnetRegisterParams) error
func GetSubnetRegisterResponse ¶
func GetTLSPort ¶
func GetTLSPort() int
GetTLSPort gets console tls port set on env variable or default one
func GetTLSRedirect ¶
func GetTLSRedirect() string
If GetTLSRedirect is set to true, then only allow HTTPS requests. Default is true.
func IsElementInArray ¶
IsElementInArray returns true if the string belongs to the slice
func NewAdminClient ¶
func NewAdminClient(url, accessKey, secretKey, sessionToken string) (*madmin.AdminClient, *probe.Error)
NewAdminClient gives a new madmin client interface
func NewAdminClientWithInsecure ¶
func NewAdminClientWithInsecure(url, accessKey, secretKey, sessionToken string, insecure bool) (*madmin.AdminClient, *probe.Error)
NewAdminClientWithInsecure gives a new madmin client interface either secure or insecure based on parameter
func NewConsoleCredentials ¶
func NewConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error)
func NewMinioAdminClient ¶
func PrepareConsoleHTTPClient ¶
PrepareConsoleHTTPClient returns an http.Client with custom configurations need it by *credentials.STSAssumeRole custom configurations include the use of CA certificates
func RandomCharStringWithAlphabet ¶
func RejectS3Middleware ¶
RejectS3Middleware will reject requests that have AWS S3 specific headers.
func SanitizeEncodedPrefix ¶
SanitizeEncodedPrefix replaces spaces for + since those are lost when you do GET parameters
func SubnetLogin ¶
func SubnetLoginWithMFA ¶
func SubnetLoginWithMFA(client cluster.HTTPClientI, username, mfaToken, otp string) (*models.SubnetLoginResponse, error)
func SubnetRegisterWithAPIKey ¶
Types ¶
type AdminClient ¶
type AdminClient struct {
Client *madmin.AdminClient
}
Interface implementation
Define the structure of a minIO Client and define the functions that are actually used from minIO api.
func (AdminClient) AccountInfo ¶
func (ac AdminClient) AccountInfo(ctx context.Context) (madmin.AccountInfo, error)
AccountInfo implements madmin.AccountInfo()
type ConsoleCredentials ¶
type ConsoleCredentials struct { ConsoleCredentials *credentials.Credentials AccountAccessKey string }
Interface implementation
func (ConsoleCredentials) Expire ¶
func (c ConsoleCredentials) Expire()
Expire implements *Login.Expire()
func (ConsoleCredentials) Get ¶
func (c ConsoleCredentials) Get() (credentials.Value, error)
Get implements *Login.Get()
func (ConsoleCredentials) GetAccountAccessKey ¶
func (c ConsoleCredentials) GetAccountAccessKey() string
type ConsoleCredentialsI ¶
type ConsoleCredentialsI interface { Get() (credentials.Value, error) Expire() GetAccountAccessKey() string }
ConsoleCredentialsI interface with all functions to be implemented by mock when testing, it should include all needed consoleCredentials.Login api calls that are used within this project.
type ConsoleWebsocket ¶
type ConsoleWebsocket interface {
// contains filtered or unexported methods
}
ConsoleWebsocket interface of a Websocket Client
type ConsoleWebsocketAdmin ¶
type ConsoleWebsocketAdmin interface {
// contains filtered or unexported methods
}
ConsoleWebsocketAdmin interface of a Websocket Client
type Context ¶
type Context struct { Host string HTTPPort, HTTPSPort int TLSRedirect string // Legacy options, TODO: remove in future TLSCertificate, TLSKey, TLSca string }
Context captures all command line flags values
type DataResult ¶
type LabelResponse ¶
type LabelResults ¶
type LabelResults struct { Label string Response LabelResponse }
type MCClient ¶
type MCClient interface {
// contains filtered or unexported methods
}
MCClient interface with all functions to be implemented by mock when testing, it should include all mc/S3Client respective api calls that are used within this project.
type Metric ¶
type MetricOptions ¶
type MetricOptions struct {
ReduceOptions ReduceOptions
}
type MinioAdmin ¶
type MinioAdmin interface { AccountInfo(ctx context.Context) (madmin.AccountInfo, error) // contains filtered or unexported methods }
MinioAdmin interface with all functions to be implemented by mock when testing, it should include all MinioAdmin respective api calls that are used within this project.
type MinioClient ¶
type MinioClient interface { GetBucketTagging(ctx context.Context, bucketName string) (*tags.Tags, error) SetBucketTagging(ctx context.Context, bucketName string, tags *tags.Tags) error RemoveBucketTagging(ctx context.Context, bucketName string) error // contains filtered or unexported methods }
MinioClient interface with all functions to be implemented by mock when testing, it should include all MinioClient respective api calls that are used within this project.
type PromResp ¶
type PromResp struct { Status string `json:"status"` Data PromRespData `json:"data"` }
type PromRespData ¶
type PromRespData struct { ResultType string `json:"resultType"` Result []DataResult `json:"result"` }
type RemoteBucketResult ¶
type Server ¶
type Server struct { EnabledListeners []string `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"` CleanupTimeout time.Duration `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"` GracefulTimeout time.Duration `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"` MaxHeaderSize flagext.ByteSize `` /* 231-byte string literal not displayed */ SocketPath flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/console.sock"` Host string `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"` Port int `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"` ListenLimit int `long:"listen-limit" description:"limit the number of outstanding requests"` KeepAlive time.Duration `` /* 169-byte string literal not displayed */ ReadTimeout time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"` WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"` TLSHost string `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"` TLSPort int `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"` TLSCertificate flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"` TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"` TLSCACertificate flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"` TLSListenLimit int `long:"tls-listen-limit" description:"limit the number of outstanding requests"` TLSKeepAlive time.Duration `` /* 160-byte string literal not displayed */ TLSReadTimeout time.Duration `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"` TLSWriteTimeout time.Duration `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"` // contains filtered or unexported fields }
Server for the console API
func NewServer ¶
func NewServer(api *operations.ConsoleAPI) *Server
NewServer creates a new api console server but does not configure it
func (*Server) ConfigureAPI ¶
func (s *Server) ConfigureAPI()
ConfigureAPI configures the API and handlers.
func (*Server) ConfigureFlags ¶
func (s *Server) ConfigureFlags()
ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse
func (*Server) Fatalf ¶
Fatalf logs message either via defined user logger or via system one if no user logger is defined. Exits with non-zero status after printing
func (*Server) GetHandler ¶
GetHandler returns a handler useful for testing
func (*Server) HTTPListener ¶
HTTPListener returns the http listener
func (*Server) Logf ¶
Logf logs message either via defined user logger or via system one if no user logger is defined.
func (*Server) SetAPI ¶
func (s *Server) SetAPI(api *operations.ConsoleAPI)
SetAPI configures the server with the specified API. Needs to be called before Serve
func (*Server) SetHandler ¶
SetHandler allows for setting a http handler on this server
func (*Server) TLSListener ¶
TLSListener returns the https listener
type SubnetRegistration ¶
type SubnetRegistration struct { AccessToken string MFAToken string Organizations []models.SubnetOrganization }
type TraceRequest ¶
type TraceRequest struct {
// contains filtered or unexported fields
}
Types for trace request. this adds support for calls, threshold, status and extra filters
type UsageInfo ¶
type VersionState ¶
type VersionState string
const ( VersionEnable VersionState = "enable" VersionSuspend = "suspend" )
type WSConn ¶
type WSConn interface {
// contains filtered or unexported methods
}
WSConn interface with all functions to be implemented by mock when testing, it should include all websocket.Conn respective api calls that are used within this project.
Source Files ¶
- admin_arns.go
- admin_config.go
- admin_console.go
- admin_groups.go
- admin_heal.go
- admin_health_info.go
- admin_info.go
- admin_notification_endpoints.go
- admin_policies.go
- admin_profiling.go
- admin_remote_buckets.go
- admin_service.go
- admin_speedtest.go
- admin_subnet.go
- admin_tiers.go
- admin_trace.go
- admin_users.go
- client-admin.go
- client.go
- config.go
- configure_console.go
- consts.go
- doc.go
- embedded_spec.go
- error.go
- logs.go
- server.go
- tls.go
- user_account.go
- user_bucket_quota.go
- user_buckets.go
- user_buckets_events.go
- user_buckets_lifecycle.go
- user_log_search.go
- user_login.go
- user_logout.go
- user_objects.go
- user_service_accounts.go
- user_session.go
- user_watch.go
- utils.go
- ws_handle.go