README
¶
Getting Started
To create a storage bucket (using default scope created by boundary dev):
boundary storage-buckets create \
-scope-id p_1234567890 \
-name "Example Plugin-Based Storage Bucket" \
-description "Description for plugin-based storage bucket" \
-plugin-name minio \
-bucket-name="session_recording_storage" \
-bucket-prefix="foo/bar/zoo" \
-worker-filter '"minio-access" in "/tags/type"' \
-attr endpoint_url="https://my-minio-instance.dev/s3-api" \
-attr region=REGION \
-attr disable_credential_rotation=true \
-secret access_key_id='KEY' \
-secret secret_access_key='SECRET'
Attributes
The following attributes are valid on a MinIO storage bucket resource:
endpoint_url(string, required): Fully-qualified endpoint pointing to a MinIO S3 API.region(string, optional): The region to configure the storage bucket for.disable_credential_rotation(bool, optional): Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set tofalse, or not provided, the plugin will rotate the incoming credentials, using them to create a new MinIO service account, then delete the incoming credentials.
Secrets
The following secrets are valid on a MinIO storage bucket resource:
access_key_id(string, required): The MinIO service account's access key to use with this storage bucket.secret_access_key(string, required): The MinIO service account's secret key to use with this storage bucket.
Documentation
¶
Index ¶
- Constants
- type StorageAttributes
- type StoragePlugin
- func (sp *StoragePlugin) DeleteObjects(ctx context.Context, req *pb.DeleteObjectsRequest) (*pb.DeleteObjectsResponse, error)
- func (sp *StoragePlugin) GetObject(req *pb.GetObjectRequest, objServer pb.StoragePluginService_GetObjectServer) error
- func (sp *StoragePlugin) HeadObject(ctx context.Context, req *pb.HeadObjectRequest) (*pb.HeadObjectResponse, error)
- func (sp *StoragePlugin) OnCreateStorageBucket(ctx context.Context, req *pb.OnCreateStorageBucketRequest) (*pb.OnCreateStorageBucketResponse, error)
- func (sp *StoragePlugin) OnDeleteStorageBucket(ctx context.Context, req *pb.OnDeleteStorageBucketRequest) (*pb.OnDeleteStorageBucketResponse, error)
- func (sp *StoragePlugin) OnUpdateStorageBucket(ctx context.Context, req *pb.OnUpdateStorageBucketRequest) (*pb.OnUpdateStorageBucketResponse, error)
- func (sp *StoragePlugin) PutObject(ctx context.Context, req *pb.PutObjectRequest) (*pb.PutObjectResponse, error)
- func (sp *StoragePlugin) ValidatePermissions(ctx context.Context, req *pb.ValidatePermissionsRequest) (*pb.ValidatePermissionsResponse, error)
- type StorageSecrets
Constants ¶
View Source
const ( ConstEndpointUrl = "endpoint_url" ConstAccessKeyId = "access_key_id" ConstSecretAccessKey = "secret_access_key" ConstRegion = "region" ConstDisableCredentialRotation = "disable_credential_rotation" ConstLastRotatedTime = "creds_last_rotated_time" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type StorageAttributes ¶
type StorageAttributes struct {
// EndpointUrl is the MinIO server URL. This field is required and comes
// from user input.
EndpointUrl string
// Region is the MinIO region. This field is optional and comes from user
// input.
Region string
// UseSSL determines if the MinIO SDK will use SSL when communicating with
// the server. This field is determined based on the endpoint URL prefix.
UseSSL bool
// DisableCredentialRotation is used to configure whether this plugin should
// manage the MinIO credentials or not. By default, this field is set to
// false. See the plugin's OnCreateStorageBucket, OnUpdateStorageBucket and
// OnDeleteStorageBucket for how we use this.
DisableCredentialRotation bool
}
type StoragePlugin ¶
type StoragePlugin struct {
pb.UnimplementedStoragePluginServiceServer
}
StoragePlugin implements the StoragePluginServiceServer interface for the MinIO storage service plugin.
func (*StoragePlugin) DeleteObjects ¶
func (sp *StoragePlugin) DeleteObjects(ctx context.Context, req *pb.DeleteObjectsRequest) (*pb.DeleteObjectsResponse, error)
DeleteObjects deletes one or many files in an external object store via a provided key prefix.
func (*StoragePlugin) GetObject ¶
func (sp *StoragePlugin) GetObject(req *pb.GetObjectRequest, objServer pb.StoragePluginService_GetObjectServer) error
GetObject is a hook that retrieves objects.
func (*StoragePlugin) HeadObject ¶
func (sp *StoragePlugin) HeadObject(ctx context.Context, req *pb.HeadObjectRequest) (*pb.HeadObjectResponse, error)
HeadObject is a hook that retrieves metadata about an object.
func (*StoragePlugin) OnCreateStorageBucket ¶
func (sp *StoragePlugin) OnCreateStorageBucket(ctx context.Context, req *pb.OnCreateStorageBucketRequest) (*pb.OnCreateStorageBucketResponse, error)
OnCreateStorageBucket is a hook that runs when a storage bucket is created.
func (*StoragePlugin) OnDeleteStorageBucket ¶
func (sp *StoragePlugin) OnDeleteStorageBucket(ctx context.Context, req *pb.OnDeleteStorageBucketRequest) (*pb.OnDeleteStorageBucketResponse, error)
OnDeleteStorageBucket is a hook that runs when a storage bucket is deleted.
func (*StoragePlugin) OnUpdateStorageBucket ¶
func (sp *StoragePlugin) OnUpdateStorageBucket(ctx context.Context, req *pb.OnUpdateStorageBucketRequest) (*pb.OnUpdateStorageBucketResponse, error)
OnUpdateStorageBucket is a hook that runs when a storage bucket is updated.
func (*StoragePlugin) PutObject ¶
func (sp *StoragePlugin) PutObject(ctx context.Context, req *pb.PutObjectRequest) (*pb.PutObjectResponse, error)
PutObject is a hook that reads a file stored on local disk and stores it to an external object store.
func (*StoragePlugin) ValidatePermissions ¶
func (sp *StoragePlugin) ValidatePermissions(ctx context.Context, req *pb.ValidatePermissionsRequest) (*pb.ValidatePermissionsResponse, error)
ValidatePermissions is a hook that checks if the secrets associated with the storage bucket meet the requirements of the plugin.
type StorageSecrets ¶
type StorageSecrets struct {
// AccessKeyId is the MinIO Access Key Id. This field is required and comes
// from user input.
AccessKeyId string
// SecretAccessKey is the MinIO Secret Access Key. This field is required
// and comes from user input.
SecretAccessKey string
// LastRotatedTime is the time the secrets contained in this object were
// last rotated. Will be set to the zero-value (time.Time{}) if the
// credentials haven't been rotated.
LastRotatedTime time.Time
}
func (*StorageSecrets) AsMap ¶
func (sa *StorageSecrets) AsMap() map[string]any
AsMap returns a map StorageAttributes's secret fields as a map.
func (*StorageSecrets) Clone ¶
func (sec *StorageSecrets) Clone() *StorageSecrets
Clone returns a new StorageSecrets object with the same state as the incoming one.
Source Files
Click to show internal directories.
Click to hide internal directories.