Documentation
¶
Overview ¶
Package restapi MinIO Console Server
Schemes: http ws Host: localhost BasePath: /api/v1 Version: 0.1.0 Consumes: - application/json - multipart/form-data Produces: - application/octet-stream - application/json
swagger:meta
Index ¶
- Constants
- Variables
- func AuthenticationMiddleware(next http.Handler) http.Handler
- func DifferenceArrays(a, b []string) []string
- func ExpireSessionCookie() http.Cookie
- func FileExists(filename string) bool
- func FileServerMiddleware(next http.Handler) http.Handler
- func GetConsoleSTSClient() *http.Client
- func GetHostname() string
- func GetMinIORegion() string
- func GetPort() int
- func GetSecureAllowedHosts() []string
- func GetSecureAllowedHostsAreRegex() bool
- func GetSecureBrowserXSSFilter() bool
- func GetSecureContentSecurityPolicy() string
- func GetSecureContentSecurityPolicyReportOnly() string
- func GetSecureContentTypeNonSniff() bool
- func GetSecureExpectCTHeader() string
- func GetSecureFeaturePolicy() string
- func GetSecureForceSTSHeader() bool
- func GetSecureFrameDeny() bool
- func GetSecureHostsProxyHeaders() []string
- func GetSecurePublicKey() string
- func GetSecureReferrerPolicy() string
- func GetSecureSTSIncludeSubdomains() bool
- func GetSecureSTSPreload() bool
- func GetSecureSTSSeconds() int64
- func GetSecureTLSHost() string
- func GetSecureTLSTemporaryRedirect() bool
- func GetSubnetLicense() string
- func GetTLSHostname() string
- func GetTLSPort() int
- func GetTLSRedirect() string
- func IsElementInArray(a []string, b string) bool
- func NewAdminClient(url, accessKey, secretKey, sessionToken string) (*madmin.AdminClient, *probe.Error)
- func NewAdminClientWithInsecure(url, accessKey, secretKey, sessionToken string, insecure bool) (*madmin.AdminClient, *probe.Error)
- func NewConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error)
- func NewMinioAdminClient(sessionClaims *models.Principal) (*madmin.AdminClient, error)
- func NewSessionCookieForConsole(token string) http.Cookie
- func PrepareSTSClient(insecure bool) *http.Client
- func RandomCharString(n int) string
- func RandomCharStringWithAlphabet(n int, alphabet string) string
- func UniqueKeys(a []string) []string
- type AdminClient
- type ConsoleCredentials
- type ConsoleCredentialsI
- type ConsoleWebsocket
- type ConsoleWebsocketAdmin
- type Context
- type DataResult
- type GridPos
- type LabelResponse
- type LabelResults
- type MCClient
- type Metric
- type MetricOptions
- type MinioAdmin
- type MinioClient
- type PromResp
- type PromRespData
- type ReduceOptions
- type RemoteBucketResult
- type Server
- func (s *Server) ConfigureAPI()
- func (s *Server) ConfigureFlags()
- func (s *Server) Fatalf(f string, args ...interface{})
- func (s *Server) GetHandler() http.Handler
- func (s *Server) HTTPListener() (net.Listener, error)
- func (s *Server) Listen() error
- func (s *Server) Logf(f string, args ...interface{})
- func (s *Server) Serve() (err error)
- func (s *Server) SetAPI(api *operations.ConsoleAPI)
- func (s *Server) SetHandler(handler http.Handler)
- func (s *Server) Shutdown() error
- func (s *Server) TLSListener() (net.Listener, error)
- func (s *Server) UnixListener() (net.Listener, error)
- type Target
- type TraceRequest
- type UsageInfo
- type VersionState
- type WSConn
- type Widget
- type WidgetLabel
Constants ¶
const ( Unknown = 0 Allow = 1 Deny = -1 )
Policy evaluated constants
const ( // Constants for common configuration ConsoleMinIOServer = "CONSOLE_MINIO_SERVER" ConsoleMinIORegion = "CONSOLE_MINIO_REGION" ConsoleHostname = "CONSOLE_HOSTNAME" ConsolePort = "CONSOLE_PORT" ConsoleTLSHostname = "CONSOLE_TLS_HOSTNAME" ConsoleTLSPort = "CONSOLE_TLS_PORT" ConsoleSubnetLicense = "CONSOLE_SUBNET_LICENSE" // Constants for Secure middleware ConsoleSecureAllowedHosts = "CONSOLE_SECURE_ALLOWED_HOSTS" ConsoleSecureAllowedHostsAreRegex = "CONSOLE_SECURE_ALLOWED_HOSTS_ARE_REGEX" ConsoleSecureFrameDeny = "CONSOLE_SECURE_FRAME_DENY" ConsoleSecureContentTypeNoSniff = "CONSOLE_SECURE_CONTENT_TYPE_NO_SNIFF" ConsoleSecureBrowserXSSFilter = "CONSOLE_SECURE_BROWSER_XSS_FILTER" ConsoleSecureContentSecurityPolicy = "CONSOLE_SECURE_CONTENT_SECURITY_POLICY" ConsoleSecureContentSecurityPolicyReportOnly = "CONSOLE_SECURE_CONTENT_SECURITY_POLICY_REPORT_ONLY" ConsoleSecureHostsProxyHeaders = "CONSOLE_SECURE_HOSTS_PROXY_HEADERS" ConsoleSecureSTSSeconds = "CONSOLE_SECURE_STS_SECONDS" ConsoleSecureSTSIncludeSubdomains = "CONSOLE_SECURE_STS_INCLUDE_SUB_DOMAINS" ConsoleSecureSTSPreload = "CONSOLE_SECURE_STS_PRELOAD" ConsoleSecureTLSRedirect = "CONSOLE_SECURE_TLS_REDIRECT" ConsoleSecureTLSHost = "CONSOLE_SECURE_TLS_HOST" ConsoleSecureTLSTemporaryRedirect = "CONSOLE_SECURE_TLS_TEMPORARY_REDIRECT" ConsoleSecureForceSTSHeader = "CONSOLE_SECURE_FORCE_STS_HEADER" ConsoleSecurePublicKey = "CONSOLE_SECURE_PUBLIC_KEY" ConsoleSecureReferrerPolicy = "CONSOLE_SECURE_REFERRER_POLICY" ConsoleSecureFeaturePolicy = "CONSOLE_SECURE_FEATURE_POLICY" ConsoleSecureExpectCTHeader = "CONSOLE_SECURE_EXPECT_CT_HEADER" PrometheusURL = "CONSOLE_PROMETHEUS_URL" PrometheusJobID = "CONSOLE_PROMETHEUS_JOB_ID" ConsoleLogQueryURL = "CONSOLE_LOG_QUERY_URL" ConsoleLogQueryAuthToken = "CONSOLE_LOG_QUERY_AUTH_TOKEN" LogSearchQueryAuthToken = "LOGSEARCH_QUERY_AUTH_TOKEN" )
list of all console environment constants
Variables ¶
var ( // Port console default port Port = "9090" // Hostname console hostname // avoid listening on 0.0.0.0 by default // instead listen on all IPv4 and IPv6 // - Hostname should be empty. Hostname = "" // TLSPort console tls port TLSPort = "9443" // TLSRedirect console tls redirect rule TLSRedirect = "on" // SessionDuration cookie validity duration SessionDuration = 45 * time.Minute // LicenseKey in memory license key used by console ui LicenseKey = "" )
var ( // GlobalRootCAs is CA root certificates, a nil value means system certs pool will be used GlobalRootCAs *x509.CertPool // GlobalPublicCerts has certificates Console will use to serve clients GlobalPublicCerts []*x509.Certificate // GlobalTLSCertsManager custom TLS Manager for SNI support GlobalTLSCertsManager *xcerts.Manager )
var ( // SwaggerJSON embedded version of the swagger document used at generation time SwaggerJSON json.RawMessage // FlatSwaggerJSON embedded flattened version of the swagger document used at generation time FlatSwaggerJSON json.RawMessage )
var ( // ErrorGeneric is a heneric error message ErrorGeneric = errors.New("an error occurred, please try again") // ErrorGenericNotFound Generic error for not found ErrorGenericNotFound = errors.New("not found") )
var ( LogInfo = logInfo LogError = logError )
globally changeable logger styles
Functions ¶
func AuthenticationMiddleware ¶ added in v0.4.6
func DifferenceArrays ¶
DifferenceArrays returns the elements in `a` that aren't in `b`.
func ExpireSessionCookie ¶ added in v0.4.6
func FileExists ¶
FileExists verifies if a file exist on the desired location and its not a folder
func FileServerMiddleware ¶
FileServerMiddleware serves files from the static folder
func GetConsoleSTSClient ¶ added in v0.4.6
GetConsoleSTSClient will initialize the console STS Client with Custom TLS Transport that with loads certs at .console/certs/CAs
func GetHostname ¶
func GetHostname() string
GetHostname gets console hostname set on env variable, default one or defined on run command
func GetMinIORegion ¶ added in v0.8.0
func GetMinIORegion() string
func GetSecureAllowedHosts ¶ added in v0.8.0
func GetSecureAllowedHosts() []string
Get secure middleware env variable configurations
func GetSecureAllowedHostsAreRegex ¶ added in v0.8.0
func GetSecureAllowedHostsAreRegex() bool
AllowedHostsAreRegex determines, if the provided AllowedHosts slice contains valid regular expressions. Default is false.
func GetSecureBrowserXSSFilter ¶ added in v0.8.0
func GetSecureBrowserXSSFilter() bool
If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`. Default is true.
func GetSecureContentSecurityPolicy ¶ added in v0.8.0
func GetSecureContentSecurityPolicy() string
ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value. Default is "". Passing a template string will replace `$NONCE` with a dynamic nonce value of 16 bytes for each request which can be later retrieved using the Nonce function.
func GetSecureContentSecurityPolicyReportOnly ¶ added in v0.8.0
func GetSecureContentSecurityPolicyReportOnly() string
ContentSecurityPolicyReportOnly allows the Content-Security-Policy-Report-Only header value to be set with a custom value. Default is "".
func GetSecureContentTypeNonSniff ¶ added in v0.8.0
func GetSecureContentTypeNonSniff() bool
If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`. Default is true.
func GetSecureExpectCTHeader ¶ added in v0.8.0
func GetSecureExpectCTHeader() string
func GetSecureFeaturePolicy ¶ added in v0.8.0
func GetSecureFeaturePolicy() string
FeaturePolicy allows the Feature-Policy header with the value to be set with a custom value. Default is "".
func GetSecureForceSTSHeader ¶ added in v0.8.0
func GetSecureForceSTSHeader() bool
STS header is only included when the connection is HTTPS.
func GetSecureFrameDeny ¶ added in v0.8.0
func GetSecureFrameDeny() bool
If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`. Default is true.
func GetSecureHostsProxyHeaders ¶ added in v0.8.0
func GetSecureHostsProxyHeaders() []string
HostsProxyHeaders is a set of header keys that may hold a proxied hostname value for the request.
func GetSecurePublicKey ¶ added in v0.8.0
func GetSecurePublicKey() string
PublicKey implements HPKP to prevent MITM attacks with forged certificates. Default is "".
func GetSecureReferrerPolicy ¶ added in v0.8.0
func GetSecureReferrerPolicy() string
ReferrerPolicy allows the Referrer-Policy header with the value to be set with a custom value. Default is "".
func GetSecureSTSIncludeSubdomains ¶ added in v0.8.0
func GetSecureSTSIncludeSubdomains() bool
If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header. Default is false.
func GetSecureSTSPreload ¶ added in v0.8.0
func GetSecureSTSPreload() bool
If STSPreload is set to true, the `preload` flag will be appended to the Strict-Transport-Security header. Default is false.
func GetSecureSTSSeconds ¶ added in v0.8.0
func GetSecureSTSSeconds() int64
STSSeconds is the max-age of the Strict-Transport-Security header. Default is 0, which would NOT include the header.
func GetSecureTLSHost ¶ added in v0.8.0
func GetSecureTLSHost() string
TLSHost is the host name that is used to redirect HTTP requests to HTTPS. Default is "", which indicates to use the same host.
func GetSecureTLSTemporaryRedirect ¶ added in v0.8.0
func GetSecureTLSTemporaryRedirect() bool
If TLSTemporaryRedirect is true, the a 302 will be used while redirecting. Default is false (301).
func GetSubnetLicense ¶ added in v0.5.0
func GetSubnetLicense() string
GetSubnetLicense returns the current subnet jwt license
func GetTLSHostname ¶ added in v0.3.11
func GetTLSHostname() string
GetTLSHostname gets console tls hostname set on env variable or default one
func GetTLSPort ¶ added in v0.3.11
func GetTLSPort() int
GetTLSPort gets console tls port set on env variable or default one
func GetTLSRedirect ¶ added in v0.6.0
func GetTLSRedirect() string
If GetTLSRedirect is set to true, then only allow HTTPS requests. Default is true.
func IsElementInArray ¶
IsElementInArray returns true if the string belongs to the slice
func NewAdminClient ¶
func NewAdminClient(url, accessKey, secretKey, sessionToken string) (*madmin.AdminClient, *probe.Error)
NewAdminClient gives a new madmin client interface
func NewAdminClientWithInsecure ¶ added in v0.3.5
func NewAdminClientWithInsecure(url, accessKey, secretKey, sessionToken string, insecure bool) (*madmin.AdminClient, *probe.Error)
NewAdminClientWithInsecure gives a new madmin client interface either secure or insecure based on parameter
func NewConsoleCredentials ¶ added in v0.8.0
func NewConsoleCredentials(accessKey, secretKey, location string) (*credentials.Credentials, error)
func NewMinioAdminClient ¶ added in v0.8.0
func NewSessionCookieForConsole ¶ added in v0.4.6
func PrepareSTSClient ¶
PrepareSTSClient returns an http.Client with custom configurations need it by *credentials.STSAssumeRole custom configurations include the use of CA certificates
func RandomCharString ¶
func UniqueKeys ¶
UniqueKeys returns an array without duplicated keys
Types ¶
type AdminClient ¶ added in v0.8.0
type AdminClient struct {
Client *madmin.AdminClient
}
Interface implementation
Define the structure of a minIO Client and define the functions that are actually used from minIO api.
func (AdminClient) AccountInfo ¶ added in v0.8.0
func (ac AdminClient) AccountInfo(ctx context.Context) (madmin.AccountInfo, error)
AccountInfo implements madmin.AccountingUsageInfo()
type ConsoleCredentials ¶
type ConsoleCredentials struct {
ConsoleCredentials *credentials.Credentials
AccountAccessKey string
Actions []string
}
Interface implementation
func (ConsoleCredentials) Expire ¶
func (c ConsoleCredentials) Expire()
Expire implements *Login.Expire()
func (ConsoleCredentials) Get ¶
func (c ConsoleCredentials) Get() (credentials.Value, error)
Get implements *Login.Get()
func (ConsoleCredentials) GetAccountAccessKey ¶ added in v0.8.0
func (c ConsoleCredentials) GetAccountAccessKey() string
func (ConsoleCredentials) GetActions ¶ added in v0.8.0
func (c ConsoleCredentials) GetActions() []string
type ConsoleCredentialsI ¶ added in v0.5.0
type ConsoleCredentialsI interface {
Get() (credentials.Value, error)
Expire()
GetAccountAccessKey() string
GetActions() []string
}
ConsoleCredentialsI interface with all functions to be implemented by mock when testing, it should include all needed consoleCredentials.Login api calls that are used within this project.
type ConsoleWebsocket ¶
type ConsoleWebsocket interface {
// contains filtered or unexported methods
}
ConsoleWebsocket interface of a Websocket Client
type ConsoleWebsocketAdmin ¶
type ConsoleWebsocketAdmin interface {
// contains filtered or unexported methods
}
ConsoleWebsocketAdmin interface of a Websocket Client
type Context ¶ added in v0.7.5
type Context struct {
Host string
HTTPPort, HTTPSPort int
TLSRedirect string
// Legacy options, TODO: remove in future
TLSCertificate, TLSKey, TLSca string
}
Context captures all command line flags values
type DataResult ¶ added in v0.5.0
type LabelResponse ¶ added in v0.5.0
type LabelResults ¶ added in v0.5.0
type LabelResults struct {
Label string
Response LabelResponse
}
type MCClient ¶ added in v0.3.1
type MCClient interface {
// contains filtered or unexported methods
}
MCClient interface with all functions to be implemented by mock when testing, it should include all mc/S3Client respective api calls that are used within this project.
type MetricOptions ¶ added in v0.5.0
type MetricOptions struct {
ReduceOptions ReduceOptions
}
type MinioAdmin ¶
type MinioAdmin interface {
AccountInfo(ctx context.Context) (madmin.AccountInfo, error)
// contains filtered or unexported methods
}
MinioAdmin interface with all functions to be implemented by mock when testing, it should include all MinioAdmin respective api calls that are used within this project.
type MinioClient ¶
type MinioClient interface {
// contains filtered or unexported methods
}
MinioClient interface with all functions to be implemented by mock when testing, it should include all MinioClient respective api calls that are used within this project.
type PromResp ¶ added in v0.5.0
type PromResp struct {
Status string `json:"status"`
Data PromRespData `json:"data"`
}
type PromRespData ¶ added in v0.5.0
type PromRespData struct {
ResultType string `json:"resultType"`
Result []DataResult `json:"result"`
}
type ReduceOptions ¶ added in v0.5.0
type ReduceOptions struct {
Calcs []string
}
type RemoteBucketResult ¶ added in v0.6.7
type Server ¶
type Server struct {
EnabledListeners []string `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"`
CleanupTimeout time.Duration `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"`
GracefulTimeout time.Duration `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"`
MaxHeaderSize flagext.ByteSize `` /* 231-byte string literal not displayed */
SocketPath flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/console.sock"`
Host string `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"`
Port int `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"`
ListenLimit int `long:"listen-limit" description:"limit the number of outstanding requests"`
KeepAlive time.Duration `` /* 169-byte string literal not displayed */
ReadTimeout time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"`
WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"`
TLSHost string `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
TLSPort int `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"`
TLSCertificate flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"`
TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"`
TLSCACertificate flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"`
TLSListenLimit int `long:"tls-listen-limit" description:"limit the number of outstanding requests"`
TLSKeepAlive time.Duration `` /* 160-byte string literal not displayed */
TLSReadTimeout time.Duration `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"`
TLSWriteTimeout time.Duration `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"`
// contains filtered or unexported fields
}
Server for the console API
func NewServer ¶
func NewServer(api *operations.ConsoleAPI) *Server
NewServer creates a new api console server but does not configure it
func (*Server) ConfigureAPI ¶
func (s *Server) ConfigureAPI()
ConfigureAPI configures the API and handlers.
func (*Server) ConfigureFlags ¶
func (s *Server) ConfigureFlags()
ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse
func (*Server) Fatalf ¶
Fatalf logs message either via defined user logger or via system one if no user logger is defined. Exits with non-zero status after printing
func (*Server) GetHandler ¶
GetHandler returns a handler useful for testing
func (*Server) HTTPListener ¶
HTTPListener returns the http listener
func (*Server) Logf ¶
Logf logs message either via defined user logger or via system one if no user logger is defined.
func (*Server) SetAPI ¶
func (s *Server) SetAPI(api *operations.ConsoleAPI)
SetAPI configures the server with the specified API. Needs to be called before Serve
func (*Server) SetHandler ¶
SetHandler allows for setting a http handler on this server
func (*Server) TLSListener ¶
TLSListener returns the https listener
type TraceRequest ¶ added in v0.7.5
type TraceRequest struct {
// contains filtered or unexported fields
}
Types for trace request. this adds support for calls, threshold, status and extra filters
type UsageInfo ¶ added in v0.8.0
func GetAdminInfo ¶ added in v0.8.0
func GetAdminInfo(ctx context.Context, client MinioAdmin) (*UsageInfo, error)
GetAdminInfo invokes admin info and returns a parsed `UsageInfo` structure
type VersionState ¶ added in v0.6.4
type VersionState string
const ( VersionEnable VersionState = "enable" VersionSuspend = "suspend" )
type WSConn ¶
type WSConn interface {
// contains filtered or unexported methods
}
WSConn interface with all functions to be implemented by mock when testing, it should include all websocket.Conn respective api calls that are used within this project.
type WidgetLabel ¶ added in v0.5.0
type WidgetLabel struct {
Name string
}
Source Files
¶
- admin_arns.go
- admin_config.go
- admin_console.go
- admin_groups.go
- admin_heal.go
- admin_health_info.go
- admin_info.go
- admin_notification_endpoints.go
- admin_policies.go
- admin_profiling.go
- admin_remote_buckets.go
- admin_service.go
- admin_subscription.go
- admin_tiers.go
- admin_trace.go
- admin_users.go
- client-admin.go
- client.go
- config.go
- configure_console.go
- consts.go
- doc.go
- embedded_spec.go
- error.go
- logs.go
- server.go
- tls.go
- user_account.go
- user_bucket_quota.go
- user_buckets.go
- user_buckets_events.go
- user_buckets_lifecycle.go
- user_log_search.go
- user_login.go
- user_logout.go
- user_objects.go
- user_service_accounts.go
- user_session.go
- user_watch.go
- utils.go
- ws_handle.go
Directories