2021-04-18 12:41:13 -07:00
// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
2019-10-22 22:59:13 -07:00
package openid
2021-06-01 14:59:40 -07:00
import "github.com/minio/minio/internal/config"
2019-10-22 22:59:13 -07:00
// Help template for OpenID identity feature.
var (
2022-04-27 08:41:37 +05:30
defaultHelpPostfix = func ( key string ) string {
return config . DefaultHelpPostfix ( DefaultKVS , key )
}
2019-11-19 13:48:13 -08:00
Help = config . HelpKVS {
2022-05-05 04:17:04 -07:00
config . HelpKV {
Key : config . Enable ,
Description : "Enable or disable OpenID" ,
Type : "on|off" ,
Optional : true ,
Sensitive : false ,
} ,
2022-04-28 18:27:09 -07:00
config . HelpKV {
Key : DisplayName ,
Description : "Friendly display name for this Provider/App" + defaultHelpPostfix ( DisplayName ) ,
Optional : true ,
Type : "string" ,
} ,
2019-11-19 13:48:13 -08:00
config . HelpKV {
Key : ConfigURL ,
2022-04-27 08:41:37 +05:30
Description : ` openid discovery document e.g. "https://accounts.google.com/.well-known/openid-configuration" ` + defaultHelpPostfix ( ConfigURL ) ,
2019-11-19 13:48:13 -08:00
Type : "url" ,
} ,
2019-11-29 21:37:42 -08:00
config . HelpKV {
Key : ClientID ,
2022-04-27 08:41:37 +05:30
Description : ` unique public identifier for apps e.g. "292085223830.apps.googleusercontent.com" ` + defaultHelpPostfix ( ClientID ) ,
2019-11-29 21:37:42 -08:00
Type : "string" ,
2021-06-17 20:27:04 -07:00
} ,
config . HelpKV {
Key : ClientSecret ,
2022-04-27 08:41:37 +05:30
Description : ` secret for the unique public identifier for apps ` + defaultHelpPostfix ( ClientSecret ) ,
2022-07-05 18:18:04 -07:00
Sensitive : true ,
2021-06-17 20:27:04 -07:00
Type : "string" ,
2019-11-29 21:37:42 -08:00
} ,
2020-01-08 17:21:58 -08:00
config . HelpKV {
2022-04-28 18:27:09 -07:00
Key : RolePolicy ,
Description : ` Set the IAM access policies applicable to this client application and IDP e.g. "app-bucket-write,app-bucket-list" ` + defaultHelpPostfix ( RolePolicy ) ,
2020-01-08 17:21:58 -08:00
Optional : true ,
Type : "string" ,
} ,
2021-09-13 16:22:14 -07:00
config . HelpKV {
2022-04-28 18:27:09 -07:00
Key : ClaimName ,
Description : ` JWT canned policy claim name ` + defaultHelpPostfix ( ClaimName ) ,
2021-11-26 19:22:40 -08:00
Optional : true ,
Type : "string" ,
} ,
2020-06-22 12:08:50 -07:00
config . HelpKV {
Key : Scopes ,
2022-04-27 08:41:37 +05:30
Description : ` Comma separated list of OpenID scopes for server, defaults to advertised scopes from discovery document e.g. "email,admin" ` + defaultHelpPostfix ( Scopes ) ,
2020-06-22 12:08:50 -07:00
Optional : true ,
Type : "csv" ,
} ,
2021-07-09 11:17:21 -07:00
config . HelpKV {
Key : Vendor ,
2022-04-27 08:41:37 +05:30
Description : ` Specify vendor type for vendor specific behavior to checking validity of temporary credentials and service accounts on MinIO ` + defaultHelpPostfix ( Vendor ) ,
2021-07-09 11:17:21 -07:00
Optional : true ,
Type : "string" ,
} ,
2022-04-28 18:27:09 -07:00
config . HelpKV {
Key : ClaimUserinfo ,
Description : ` Enable fetching claims from UserInfo Endpoint for authenticated user ` + defaultHelpPostfix ( ClaimUserinfo ) ,
Optional : true ,
Type : "on|off" ,
} ,
2021-07-09 11:17:21 -07:00
config . HelpKV {
Key : KeyCloakRealm ,
2022-04-27 08:41:37 +05:30
Description : ` Specify Keycloak 'realm' name, only honored if vendor was set to 'keycloak' as value, if no realm is specified 'master' is default ` + defaultHelpPostfix ( KeyCloakRealm ) ,
2021-07-09 11:17:21 -07:00
Optional : true ,
Type : "string" ,
} ,
config . HelpKV {
Key : KeyCloakAdminURL ,
2022-04-27 08:41:37 +05:30
Description : ` Specify Keycloak 'admin' REST API endpoint e.g. http://localhost:8080/auth/admin/ ` + defaultHelpPostfix ( KeyCloakAdminURL ) ,
2021-07-09 11:17:21 -07:00
Optional : true ,
Type : "string" ,
} ,
2021-11-16 18:40:39 -08:00
config . HelpKV {
Key : RedirectURIDynamic ,
2022-04-27 08:41:37 +05:30
Description : ` Enable 'Host' header based dynamic redirect URI ` + defaultHelpPostfix ( RedirectURIDynamic ) ,
2021-11-16 18:40:39 -08:00
Optional : true ,
Type : "on|off" ,
} ,
config . HelpKV {
Key : ClaimPrefix ,
2022-04-27 08:41:37 +05:30
Description : ` [DEPRECATED use 'claim_name'] JWT claim namespace prefix e.g. "customer1/" ` + defaultHelpPostfix ( ClaimPrefix ) ,
2021-11-16 18:40:39 -08:00
Optional : true ,
Type : "string" ,
} ,
config . HelpKV {
Key : RedirectURI ,
2022-04-27 08:41:37 +05:30
Description : ` [DEPRECATED use env 'MINIO_BROWSER_REDIRECT_URL'] Configure custom redirect_uri for OpenID login flow callback ` + defaultHelpPostfix ( RedirectURI ) ,
2021-11-16 18:40:39 -08:00
Optional : true ,
Type : "string" ,
} ,
2019-11-19 13:48:13 -08:00
config . HelpKV {
Key : config . Comment ,
2019-12-04 15:32:37 -08:00
Description : config . DefaultComment ,
2019-11-19 13:48:13 -08:00
Optional : true ,
Type : "sentence" ,
} ,
2019-10-22 22:59:13 -07:00
}
)