1
0
mirror of https://github.com/minio/minio.git synced 2025-01-18 10:13:16 -05:00

37 Commits

Author SHA1 Message Date
Aditya Manthramurthy
5f78691fcf
ldap: Add user DN attributes list config param ()
This change uses the updated ldap library in minio/pkg (bumped
up to v3). A new config parameter is added for LDAP configuration to
specify extra user attributes to load from the LDAP server and to store
them as additional claims for the user.

A test is added in sts_handlers.go that shows how to access the LDAP
attributes as a claim.

This is in preparation for adding SSH pubkey authentication to MinIO's SFTP
integration.
2024-05-24 16:05:23 -07:00
Shubhendu
1c70e9ed1b
ILM expiry replication status only if enabled ()
Report ILM expiry replication status only if atleast one site has the
feature enabled.

Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
2024-04-15 02:40:39 -07:00
Anis Eleuch
95bf4a57b6
logging: Add subsystem to log API ()
Create new code paths for multiple subsystems in the code. This will
make maintaing this easier later.

Also introduce bugLogIf() for errors that should not happen in the first
place.
2024-04-04 05:04:40 -07:00
Shubhendu
dd6ea18901
fix: No shallow copy needed when looking at r.Form ()
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
2023-11-24 09:46:55 -08:00
Shubhendu
58306a9d34
Replicate Expiry ILM configs while site replication ()
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
2023-11-21 09:48:06 -08:00
Harshavardhana
754f7a8a39
replace io.Discard usage to fix some NUMA copy() latencies ()
replace io.Discard usage to fix NUMA copy() latencies

On NUMA systems copying from 8K buffer allocated via
io.Discard leads to large latency build-up for every

```
copy(new8kbuf, largebuf)
```

can in-cur upto 1ms worth of latencies on NUMA systems
due to memory sharding across NUMA nodes.
2023-11-06 14:26:08 -08:00
Aditya Manthramurthy
1c99fb106c
Update to minio/pkg/v2 () 2023-09-04 12:57:37 -07:00
Poorna
b48bbe08b2
Add additional info for replication metrics API ()
to track the replication transfer rate across different nodes,
number of active workers in use and in-queue stats to get
an idea of the current workload.

This PR also adds replication metrics to the site replication
status API. For site replication, prometheus metrics are
no longer at the bucket level - but at the cluster level.

Add prometheus metric to track credential errors since uptime
2023-08-30 01:00:59 -07:00
Anis Eleuch
0cde37be50
Reduce the number of calls to import bucket metadata ()
For each bucket, save the bucket metadata 
once, call the site replication hook once
2023-08-25 07:59:16 -07:00
Aditya Manthramurthy
bb6921bf9c
Send AuditLog via new middleware fn for admin APIs ()
A new middleware function is added for admin handlers, including options
for modifying certain behaviors. This admin middleware:

- sets the handler context via reflection in the request and sends AuditLog
- checks for object API availability (skipping it if a flag is passed)
- enables gzip compression (skipping it if a flag is passed)
- enables header tracing (adding body tracing if a flag is passed)

While the new function is a middleware, due to the flags used for
conditional behavior modification, which is used in each route registration
call.

To try to ensure that no regressions are introduced, the following
changes were done mechanically mostly with `sed` and regexp:

- Remove defer logger.AuditLog in admin handlers
- Replace newContext() calls with r.Context()
- Update admin routes registration calls

Bonus: remove unused NetSpeedtestHandler

Since the new adminMiddleware function checks for object layer presence
by default, we need to pass the `noObjLayerFlag` explicitly to admin
handlers that should work even when it is not available. The following
admin handlers do not require it:

- ServerInfoHandler
- StartProfilingHandler
- DownloadProfilingHandler
- ProfileHandler
- SiteReplicationDevNull
- SiteReplicationNetPerf
- TraceHandler

For these handlers adminMiddleware does not check for the object layer
presence (disabled by passing the `noObjLayerFlag`), and for all other
handlers, the pre-check ensures that the handler is not called when the
object layer is not available - the client would get a
ErrServerNotInitialized and can retry later.

This `noObjLayerFlag` is added based on existing behavior for these
handlers only.
2023-07-13 14:52:21 -07:00
Aditya Manthramurthy
85f5700e4e
fix: missing audit logger call for some admin APIs () 2023-07-10 16:59:44 -07:00
jiuker
2dbb1cff4a
feat: support perf site replication () 2023-07-05 22:28:26 -07:00
Aditya Manthramurthy
5a1612fe32
Bump up madmin-go and pkg deps () 2023-06-19 17:53:08 -07:00
Harshavardhana
31b0decd46
migrate to minio/mux from gorilla/mux () 2023-01-23 16:42:47 +05:30
Harshavardhana
f1bbb7fef5
vectorize cluster-wide calls such as bucket operations () 2023-01-03 08:16:39 -08:00
Harshavardhana
b882310e2b
avoid locks for internal and invalid buckets in MakeBucket() () 2022-12-23 07:46:00 -08:00
Aditya Manthramurthy
a30cfdd88f
Bump up madmin-go to v2 () 2022-12-06 13:46:50 -08:00
Poorna
d6bc141bd1
feat: Add support for site level resync () 2022-11-14 07:16:40 -08:00
Klaus Post
ff12080ff5
Remove deprecated io/ioutil () 2022-09-19 11:05:16 -07:00
Poorna
426c902b87
site replication: fix healing of bucket deletes. ()
This PR changes the handling of bucket deletes for site 
replicated setups to hold on to deleted bucket state until 
it syncs to all the clusters participating in site replication.
2022-07-25 17:51:32 -07:00
Poorna
0ea5c9d8e8
site healing: Skip stale iam asset updates from peer. ()
Allow healing to apply IAM change only when peer
gave the most recent update.
2022-07-01 13:19:13 -07:00
Poorna
7cc9286e0f
site healing: Skip stale bucket metadata updates from peer ()
Allow healing to apply bucket metadata change only when peer
gave the most recent update.
2022-06-28 18:09:20 -07:00
Harshavardhana
def75ffcfe
allow versioning config changes under site replication ()
PR  introduced prefix-level exclusion of versioning
and replication - however our site replication implementation
since it defaults versioning on all buckets did not allow
changing versioning configuration once the bucket was created.

This PR changes this and ensures that such changes are honored
and also propagated/healed across sites appropriately.
2022-05-07 18:39:40 -07:00
Harshavardhana
5a9a898ba2
allow forcibly creating metadata on buckets ()
introduce x-minio-force-create environment variable
to force create a bucket and its metadata as required,
it is useful in some situations when bucket metadata
needs recovery.
2022-04-27 04:44:07 -07:00
Poorna
a4e1de93a7
Add API for removing site(s) from site replication () 2022-02-01 17:26:09 -08:00
Poorna
0f88cdc80e
Return all stats in SiteReplicationStatus API if options unset () 2022-01-28 21:19:38 -08:00
Poorna
38e3c7a8f7
Added filters for SiteReplicationStatus API to support new UI changes () 2022-01-28 15:37:55 -08:00
Poorna
48da4aeee0
Add API for removing site(s) from site replication () 2022-01-21 08:48:21 -08:00
Harshavardhana
9d588319dd
support site replication to replicate IAM users,groups ()
- Site replication was missing replicating users,
  groups when an empty site was added.

- Add site replication for groups and users when they
  are disabled and enabled.

- Add support for replicating bucket quota config.
2022-01-19 20:02:24 -08:00
Aditya Manthramurthy
1981fe2072
Add internal IDP and OIDC users support for site-replication ()
- This allows site-replication to be configured when using OpenID or the
  internal IDentity Provider.

- Internal IDP IAM users and groups will now be replicated to all members of the
  set of replicated sites.

- When using OpenID as the external identity provider, STS and service accounts
  are replicated.

- Currently this change dis-allows root service accounts from being
  replicated (TODO: discuss security implications).
2022-01-06 15:52:43 -08:00
Poorna
4d39fd4165
Add API for cluster replication status visibility () 2022-01-05 02:44:08 -08:00
Harshavardhana
f527c708f2
run gofumpt cleanup across code-base () 2022-01-02 09:15:06 -08:00
Minio Trusted
bb97eafa82 madmin-go v1.1.23 and pkg v1.1.11 2021-12-26 23:23:18 -08:00
Harshavardhana
88ad742da0
fix: error handling cases in site-replication ()
- Allow proper SRError to be propagated to
  handlers and converted appropriately.

- Make sure to enable object locking on buckets
  when requested in MakeBucketHook.

- When DNSConfig is enabled attempt to delete it
  first before deleting buckets locally.
2021-12-14 14:09:57 -08:00
Harshavardhana
e82a5c5c54
fix: site replication issues and add tests ()
- deleting policies was deleting all LDAP
  user mapping, this was a regression introduced
  in 

- deleting of policies is properly sent across
  all sites.

- remove unexpected errors instead embed the real
  errors as part of the 500 error response.
2021-12-08 11:50:15 -08:00
Klaus Post
7bdf9005e5
Remove HTTP flushes for returning handlers ()
When handlers return they are automatically flushed. Manual flushing can force responsewriters to use suboptimal paths and generally just wastes CPU.
2021-10-28 07:36:34 -07:00
Aditya Manthramurthy
3a7c79e2c7
Add new site replication feature ()
This change allows a set of MinIO sites (clusters) to be configured 
for mutual replication of all buckets (including bucket policies, tags, 
object-lock configuration and bucket encryption), IAM policies, 
LDAP service accounts and LDAP STS accounts.
2021-10-06 16:36:31 -07:00