Add API's for managing bucket quota (#9379)

This PR allows setting a "hard" or "fifo" quota restriction at the bucket level. Buckets that have reached the FIFO quota configured, will automatically be cleaned up in FIFO manner until bucket usage drops to configured quota. If a bucket is configured with a "hard" quota ceiling, all further writes are disallowed.
2025-11-10 05:59:43 -05:00 · 2020-04-30 15:55:54 -07:00
parent 27632ca6ec
commit 9a547dcbfb
23 changed files with 848 additions and 22 deletions
--- a/pkg/iam/policy/admin-action.go
+++ b/pkg/iam/policy/admin-action.go
@@ -101,6 +101,14 @@ const (
 	AttachPolicyAdminAction = "admin:AttachUserOrGroupPolicy"
 	// ListUserPoliciesAdminAction - allows listing user policies
 	ListUserPoliciesAdminAction = "admin:ListUserPolicies"
+
+	// Bucket quota Actions
+
+	// SetBucketQuotaAdminAction - allow setting bucket quota
+	SetBucketQuotaAdminAction = "admin:SetBucketQuota"
+	// GetBucketQuotaAdminAction - allow getting bucket quota
+	GetBucketQuotaAdminAction = "admin:GetBucketQuota"
+
 	// AllAdminActions - provides all admin permissions
 	AllAdminActions = "admin:*"
 )
@@ -135,6 +143,8 @@ var supportedAdminActions = map[AdminAction]struct{}{
 	DeletePolicyAdminAction:        {},
 	GetPolicyAdminAction:           {},
 	AttachPolicyAdminAction:        {},
+	SetBucketQuotaAdminAction:      {},
+	GetBucketQuotaAdminAction:      {},
 	ListUserPoliciesAdminAction:    {},
 }

@@ -184,4 +194,6 @@ var adminActionConditionKeyMap = map[Action]condition.KeySet{
 	GetPolicyAdminAction:           condition.NewKeySet(condition.AllSupportedAdminKeys...),
 	AttachPolicyAdminAction:        condition.NewKeySet(condition.AllSupportedAdminKeys...),
 	ListUserPoliciesAdminAction:    condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	SetBucketQuotaAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
+	GetBucketQuotaAdminAction:      condition.NewKeySet(condition.AllSupportedAdminKeys...),
 }
--- a/pkg/madmin/examples/bucket-quota.go
+++ b/pkg/madmin/examples/bucket-quota.go
@@ -0,0 +1,56 @@
+// +build ignore
+
+/*
+ * MinIO Cloud Storage, (C) 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/minio/minio/pkg/madmin"
+)
+
+func main() {
+	// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY and my-bucketname are
+	// dummy values, please replace them with original values.
+
+	// API requests are secure (HTTPS) if secure=true and insecure (HTTP) otherwise.
+	// New returns an MinIO Admin client object.
+	madmClnt, err := madmin.New("your-minio.example.com:9000", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	var kiB int64 = 1 << 10
+	ctx := context.Background()
+	// set bucket quota config
+	if err := madmClnt.SetBucketQuota(ctx, "bucket-name", 64*kiB, HardQuota); err != nil {
+		log.Fatalln(err)
+	}
+	// gets bucket quota config
+	quotaCfg, err := madmClnt.GetBucketQuota(ctx, "bucket-name")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	fmt.Println(quotaCfg)
+	// remove bucket quota config
+	if err := madmClnt.RemoveBucketQuota(ctx, "bucket-name"); err != nil {
+		log.Fatalln(err)
+	}
+}
--- a/pkg/madmin/quota-commands.go
+++ b/pkg/madmin/quota-commands.go
@@ -0,0 +1,140 @@
+/*
+ * MinIO Cloud Storage, (C) 2018 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package madmin
+
+import (
+	"context"
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+)
+
+// QuotaType represents bucket quota type
+type QuotaType string
+
+const (
+	// HardQuota specifies a hard quota of usage for bucket
+	HardQuota QuotaType = "hard"
+	// FIFOQuota specifies a quota limit beyond which older files are deleted from bucket
+	FIFOQuota QuotaType = "fifo"
+)
+
+// IsValid returns true if quota type is one of FIFO or Hard
+func (t QuotaType) IsValid() bool {
+	return t == HardQuota || t == FIFOQuota
+}
+
+// BucketQuota holds bucket quota restrictions
+type BucketQuota struct {
+	Quota uint64    `json:"quota"`
+	Type  QuotaType `json:"quotatype"`
+}
+
+// RemoveBucketQuota - removes quota config on a bucket.
+func (adm *AdminClient) RemoveBucketQuota(ctx context.Context, bucket string) error {
+
+	queryValues := url.Values{}
+	queryValues.Set("bucket", bucket)
+
+	reqData := requestData{
+		relPath:     adminAPIPrefix + "/remove-bucket-quota",
+		queryValues: queryValues,
+	}
+
+	// Execute DELETE on /minio/admin/v3/remove-bucket-quota to delete bucket quota.
+	resp, err := adm.executeMethod(ctx, http.MethodDelete, reqData)
+	defer closeResponse(resp)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusNoContent {
+		return httpRespToErrorResponse(resp)
+	}
+
+	return nil
+}
+
+// GetBucketQuota - get info on a user
+func (adm *AdminClient) GetBucketQuota(ctx context.Context, bucket string) (q BucketQuota, err error) {
+	queryValues := url.Values{}
+	queryValues.Set("bucket", bucket)
+
+	reqData := requestData{
+		relPath:     adminAPIPrefix + "/get-bucket-quota",
+		queryValues: queryValues,
+	}
+
+	// Execute GET on /minio/admin/v3/get-quota
+	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
+
+	defer closeResponse(resp)
+	if err != nil {
+		return q, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return q, httpRespToErrorResponse(resp)
+	}
+
+	b, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return q, err
+	}
+	if err = json.Unmarshal(b, &q); err != nil {
+		return q, err
+	}
+
+	return q, nil
+}
+
+// SetBucketQuota - sets a bucket's quota.
+func (adm *AdminClient) SetBucketQuota(ctx context.Context, bucket string, quota uint64, quotaType QuotaType) error {
+
+	data, err := json.Marshal(BucketQuota{
+		Quota: quota,
+		Type:  quotaType,
+	})
+	if err != nil {
+		return err
+	}
+
+	queryValues := url.Values{}
+	queryValues.Set("bucket", bucket)
+
+	reqData := requestData{
+		relPath:     adminAPIPrefix + "/set-bucket-quota",
+		queryValues: queryValues,
+		content:     data,
+	}
+
+	// Execute PUT on /minio/admin/v3/set-bucket-quota to set quota for a bucket.
+	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
+
+	defer closeResponse(resp)
+	if err != nil {
+		return err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return httpRespToErrorResponse(resp)
+	}
+
+	return nil
+}