admin

package
v1.86.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 24, 2023 License: AGPL-3.0 Imports: 35 Imported by: 0

README

satellite/admin

Satellite Admin package provides API endpoints for administrative tasks.

Requires setting Authorization header for requests.

API design

Successful responses

For non-get requests (PUT, POST, DELETE), endpoints should return an empty response body on success. GET requests can return a non-empty body for the resource that we're interacting with.

Error responses

When an API endpoint returns a client error (status code 4XX) it returns a JSON error response which contains 2 fields:

  • error: The error message.
  • detail (may be empty): Some detail about the returned error.

Example:

{
  "error": "usage for the current month exists",
  "detail": ""
}

API Endpoints

User Management
POST /api/users

Adds a new user.

An example of a required request body:

{
    "email": "alice@mail.test",
    "fullName": "Alice Test",
    "password": "password"
}

A successful response body:

{
    "id":           "12345678-1234-1234-1234-123456789abc",
    "email":        "alice@mail.test",
    "fullName":     "Alice Test",
    "shortName":    "",
    "passwordHash": ""
}
PUT /api/users/{user-email}

Updates the details of existing user found by its email.

Some example request bodies:

{
    "email": "alice+2@mail.test"
}
{
    "email": "alice+2@mail.test",
    "shortName": "myNickName"
}
{
    "projectLimit": 200
}
GET /api/users/{user-email}

This endpoint returns information about user and their projects.

A successful response body:

{
    "user":{
        "id": "12345678-1234-1234-1234-123456789abc",
        "fullName": "Alice Bob",
        "email":"alice@example.test",
        "projectLimit": 10
    },
    "projects":[
        {
            "id": "abcabcab-1234-abcd-abcd-abecdefedcab",
            "name": "Project",
            "description": "Project to store data.",
            "ownerId": "12345678-1234-1234-1234-123456789abc"
        }
    ]
}
GET /api/users/{user-email}/limits

This endpoint returns information about users limits.

DELETE /api/users/{user-email}

Deletes the user.

PUT /api/users/{user-email}/limits

Updates the limits of the user and user's existing project(s) limits found by its email.

DELETE /api/users/{user-email}/mfa

Disables the user's mfa.

PUT /api/users/{user-email}/freeze

Freezes a user account so no uploads or downloads may occur.

DELETE /api/users/{user-email}/freeze

Unfreezes a user account so uploads and downloads may resume.

PATCH /api/users/{user-email}/geofence

Sets the account level geofence for the user.

Example request:

{
  "region": "US"
}
DELETE /api/users/{user-email}/geofence

Removes the account level geofence for the user.

OAuth Client Management

Manages oauth clients known to the Satellite.

POST /api/oauth/clients

Create a new OAuthClient. A client ID and clientSecret will be returned upon creation.

Example request:

{
  "id": "uuid-of-the-client",
  "secret": "shh-this-should-be-kept-safe",
  "redirectURL": "http://localhost:8888/oauth/storj/callback",
  "userID": "uuid-of-the-owner",
  "appName": "Example App",
  "appLogoURL": "http://localhost:8888/logo.png"
}
PUT /api/oauth/clients/{id}

Update an existing oauth client.

Example request:

{
  "redirectURL": "http://localhost:8888/oauth/storj/callback",
  "appName": "Example App",
  "appLogoURL": "http://localhost:8888/logo.png"
}
DELETE /api/oauth/clients/{id}

Delete the identified oauth client.

Project Management
POST /api/projects

Adds a project for specific user.

An example of a required request body:

{
    "ownerId": "ca7aa0fb-442a-4d4e-aa36-a49abddae837",
    "projectName": "My Second Project"
}

A successful response body:

{
    "projectId": "ca7aa0fb-442a-4d4e-aa36-a49abddae646"
}
GET /api/projects/{project-id}

Gets the common information about a project.

PUT /api/projects/{project-id}

Updates project name or description.

{
    "projectName": "My new Project Name",
    "description": "My new awesome description!"
}
DELETE /api/projects/{project-id}

Deletes the project.

GET /api/projects/{project}/apikeys

Get the list of the API keys of a specific project.

A successful response body:

[
    {
        "id": "b6988bd2-8d21-4bee-91ac-a3445bf38180",
        "ownerId": "ca7aa0fb-442a-4d4e-aa36-a49abddae837",
        "name": "mine",
        "partnerID": "a9d3b7ee-17da-4848-bb0e-1f64cf45af18",
        "createdAt": "2020-05-19T00:34:13.265761+02:00"
    },
    {
        "id": "f9f887c1-b178-4eb8-b669-14379c5a97ca",
        "ownerId": "3eb45ae9-822a-470e-a51a-9144dedda63e",
        "name": "family",
        "partnerID": "",
        "createdAt": "2020-02-20T15:34:24.265761+02:00"
    }
]
POST /api/projects/{project}/apikeys

Adds an apikey for specific project.

An example of a required request body:

{
    "name": "My first API Key"
}

Note: Additionally you can specify partnerId to associate it with the given apikey. If you specify it, it has to be a valid uuid and not an empty string.

A successful response body:

{
    "apikey": "13YqdMKxAVBamFsS6Mj3sCQ35HySoA254xmXCCQGJqffLnqrBaQDoTcCiCfbkaFPNewHT79rrFC5XRm4Z2PENtRSBDVNz8zcjS28W5v"
}
DELETE /api/projects/{project}/apikeys/{name}

Deletes the given apikey by its name.

GET /api/projects/{project-id}/usage

This endpoint returns whether the project has outstanding usage or not.

A project with not usage returns status code 200 and {"result":"no project usage exist"}. Otherwise, it returns status code 409 with a JSON error.{"error":"usage for current month exists""}.

GET /api/projects/{project-id}/limit

This endpoint returns information about project limits.

A successful response body:

{
  "usage": {
    "amount": "1.0 TB",
    "bytes": 1000000000000
  },
  "bandwidth": {
    "amount": "1.0 TB",
    "bytes": 1000000000000
  },
  "rate": {
    "rps": 0
  },
  "maxBuckets": 1000,
  "maxSegments": 1000000000
}
Update limits

You can update the different limits with one single request just adding the various query parameters (e.g. usage=5000000&bandwidth=9000000)

POST /api/projects/{project-id}/limit?usage={value}

Updates usage limit for a project. The value must be in bytes.

POST /api/projects/{project-id}/limit?bandwidth={value}

Updates bandwidth limit for a project. The value must be in bytes.

POST /api/projects/{project-id}/limit?rate={value}

Updates rate limit for a project.

POST /api/projects/{project-id}/limit?buckets={value}

Updates number of buckets limit for a project.

POST /api/projects/{project-id}/limit?burst={value}

Updates burst limit for a project.

POST /api/projects/{project-id}/limit?segments={value}

Updates number of segments limit for a project.

Bucket Management

This set of APIs provide administrative functionality over bucket functionality.

GET /api/projects/{project-id}/buckets/{bucket-name}

Returns all the information of the specified bucket.

Geofencing

Manage geofencing capabilities for a given bucket.

POST /api/projects/{project-id}/buckets/{bucket-name}/geofence?region={value}

Enables the geofencing configuration for the specified bucket. The bucket MUST be empty in order for this to work. Valid values for the region parameter are:

  • EU - restrict placement to data nodes that reside in the European Union
  • EEA - restrict placement to data nodes that reside in the European Economic Area
  • US - restricts placement to data nodes in the United States
  • DE - restricts placement to data nodes in Germany
DELETE /api/projects/{project-id}/buckets/{bucket-name}/geofence

Removes the geofencing configuration for the specified bucket. The bucket MUST be empty in order for this to work.

APIKey Management
GET /api/apikeys/{apikey}

Gets information on the given apikey.

A successful response body:

{
  "api_key": {
    "id": "12345678-1234-1234-1234-123456789abc",
    "name": "my key",
    "createdAt": "2020-05-19T00:34:13.265761+02:00"
  },
  "project": {
    "id": "12345678-1234-1234-1234-123456789abc",
    "name": "My Project",
  },
  "owner": {
    "id": "12345678-1234-1234-1234-123456789abc",
    "fullName": "test user",
    "email": "bob@example.test",
    "paidTier": true
  }
}
DELETE /api/apikeys/{apikey}

Deletes the given apikey.

Documentation

Overview

Package admin implements administrative endpoints for satellite.

Index

Constants

View Source
const (
	// UnauthorizedThroughOauth - message for full accesses through Oauth.
	UnauthorizedThroughOauth = "This operation is not authorized through oauth."
	// UnauthorizedNotInGroup - message for when api user is not part of a required access group.
	UnauthorizedNotInGroup = "User must be a member of one of these groups to conduct this operation: %s"
	// AuthorizationNotEnabled - message for when authorization is disabled.
	AuthorizationNotEnabled = "Authorization not enabled."
)

Variables

View Source
var Error = errs.Class("admin")

Error is default error class for admin package.

Functions

This section is empty.

Types

type Config

type Config struct {
	Address          string `help:"admin peer http listening address" releaseDefault:"" devDefault:""`
	StaticDir        string `` /* 149-byte string literal not displayed */
	AllowedOauthHost string `help:"the oauth host allowed to bypass token authentication."`
	Groups           Groups

	AuthorizationToken string `internal:"true"`
}

Config defines configuration for debug server.

type DB added in v0.34.1

type DB interface {
	// ProjectAccounting returns database for storing information about project data use
	ProjectAccounting() accounting.ProjectAccounting
	// Console returns database for satellite console
	Console() console.DB
	// OIDC returns the database for OIDC and OAuth information.
	OIDC() oidc.DB
	// StripeCoinPayments returns database for satellite stripe coin payments
	StripeCoinPayments() stripe.DB
	// Buckets returns database for buckets metainfo.
	Buckets() buckets.DB
	// Attribution returns database for value attribution.
	Attribution() attribution.DB
}

DB is databases needed for the admin server.

type Groups added in v1.74.1

type Groups struct {
	LimitUpdate string `help:"the group which is only allowed to update user and project limits and freeze and unfreeze accounts."`
}

Groups defines permission groups.

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server provides endpoints for administrative tasks.

func NewServer

func NewServer(log *zap.Logger, listener net.Listener, db DB, buckets *buckets.Service, restKeys *restkeys.Service, freezeAccounts *console.AccountFreezeService, accounts payments.Accounts, console consoleweb.Config, config Config) *Server

NewServer returns a new administration Server.

func (*Server) Close

func (server *Server) Close() error

Close closes server and underlying listener.

func (*Server) Run

func (server *Server) Run(ctx context.Context) error

Run starts the admin endpoint.

func (*Server) SetAllowedOauthHost added in v1.78.1

func (server *Server) SetAllowedOauthHost(host string)

SetAllowedOauthHost allows tests to set which address to recognize as belonging to the OAuth proxy.

func (*Server) SetNow added in v1.13.1

func (server *Server) SetNow(nowFn func() time.Time)

SetNow allows tests to have the server act as if the current time is whatever they want.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL