rzrbld / adminio-api Goto Github PK

View Code? Open in Web Editor NEW

23.0 3.0 8.0 35.14 MB

simple admin API for min.io (minio) s3 server

License: MIT License

Go 98.48% Dockerfile 1.52%

minio-ui web-ui minio-api minio-rest minio minio-server adminio-api prometheus openapi

adminio-api's Introduction

Adminio-api

This is a simple admin "REST" API for minio s3 server. Here is a Web UI for this API - adminio-ui

OpenAPI v3

see OpenAPI v3 specs at openAPI/openapi_v3.yaml or html version

Run full stack demo

obtain docker-compose.yml from adminio-ui repository. And run it: docker-compose -f docker-compose.yml up

it will bring up:

minio server on 9000 port
adminio API on 8080 port
adminio UI on 80 port

after that you can go to http://localhost and try out

Run with docker

docker run -d \
      -p 8080:8080 \
      -e ADMINIO_HOST_PORT=":8080" \
      -e MINIO_HOST_PORT="localhost:9000" \
      -e MINIO_ACCESS="test" \
      -e MINIO_SECRET="testtest123" \
      rzrbld/adminio-api:latest

Run with Kubernetes/OpenShift/OKD/OCP

go to Helm charts repo

Run manually

start minio server
set env variables
go to src folder and compile with go build main.go, then run ./main binary

Monitoring

Adminio-API expose metrics for Prometheus at /metrics if ADMINIO_METRICS_ENABLE is set to true.

Config Env variables

Variable	Description	Default
`ADMINIO_HOST_PORT`	which host and port API should listening. This is Iris based API, so you will need to provide 0.0.0.0:8080 for listening on all interfaces	localhost:8080
`MINIO_HOST_PORT`	provide a minio server host and port	localhost:9000
`MINIO_SSL`	enable or disable ssl	false
`MINIO_SSL_INSECURE`	skip SSL verify	false
`MINIO_SSL_CACERT`	path to CA certificate	""
`MINIO_REGION`	set minio region	us-east-1
`MINIO_ACCESS`	set minio Access Key	test
`MINIO_SECRET`	set minio Secret Key	testtest123
`MINIO_DEFAULT_LOCK_OBLECT_ENABLE`	set minio default make bucket behaviour with locking object	false
`ADMINIO_CORS_DOMAIN`	set adminio-api CORS policy domain	*
`ADMINIO_OAUTH_ENABLE`	enable oauth over supported providers	false
`ADMINIO_OAUTH_PROVIDER`	oauth provider, for more information see the full list of supported providers	github
`ADMINIO_OAUTH_CLIENT_ID`	oauth app client id	my-github-oauth-app-client-id
`ADMINIO_OAUTH_CLIENT_SECRET`	oauth app secret	my-github-oauth-app-secret
`ADMINIO_OAUTH_CALLBACK`	oauth callback, default listener on /auth/callback	http://"+ADMINIO_HOST_PORT+"/auth/callback
`ADMINIO_OAUTH_CUSTOM_DOMAIN`	oauth custom domain, for supported providers (auth0\wso2)	-
`ADMINIO_COOKIE_HASH_KEY`	hash key for session cookies. AES only supports key sizes of 16, 24 or 32 bytes	NRUeuq6AdskNPa7ewZuxG9TrDZC4xFat
`ADMINIO_COOKIE_BLOCK_KEY`	block key for session cookies. AES only supports key sizes of 16, 24 or 32 bytes	bnfYuphzxPhJMR823YNezH83fuHuddFC
`ADMINIO_COOKIE_NAME`	name for the session cookie	adminiosessionid
`ADMINIO_AUDIT_LOG_ENABLE`	enable audit log, mae sense if oauth is enabled, othervise set to false	false
`ADMINIO_METRICS_ENABLE`	enable default iris/golang metrics and bucket sizes metric on `/metrics/` uri path	false
`ADMINIO_PROBES_ENABLE`	enable liveness and readiness probes for k8s at `/ready/` and `/live/` uri path installations	false

List of supported oauth providers

amazon
auth0
bitbucket
box
digitalocean
dropbox
github
gitlab
heroku
onedrive
salesforce
slack
wso2

Example config

prometheus config for adminio metrics: examples/prometheus.yml
bucket lifecycle: examples/lifecycle.xml

adminio-api's People

Contributors

Stargazers

Watchers

Forkers

binlabnet 0x003e energenious-de yagoodza binlab ljcoopz aland-zhang synyx

adminio-api's Issues

Rolling blue green upgrades ?

Wondering if the api can manage minio upgrades ?

Blue green style upgrades for example of a cluster of 3 minio servers.

the mc admin cli can do this but not sure this api can do it ?

Self signed certificates

Hello,

would it be possible to add a switch to ignore SSL/TLS verification for MinIO server or a folder where the root CA can be placed, like in the MinIO docker containers?

If this is already possible, can you please add this in documentation?

Edit: I‘m using the latest docker container

The Access Key Id you provided does not exist

I try to use your app but this is what I get when deploy in the api log and the ui complain of backend reacheability.

2020/12/15 02:34:31 The Access Key Id you provided does not exist in our records.
2020/12/15 02:34:31 The Access Key Id you provided does not exist in our records.
2020/12/15 02:34:31 The Access Key Id you provided does not exist in our records.

Failed to parse server response: invalid character 'C' looking for beginning of value.

Hello,

I have an instalation of minio on 443 with a bucket.subdomain.domain.tld and when I am trying to start the adminio-api, I get the error:

{"error":"Failed to parse server response: invalid character 'C' looking for beginning of value."}

Can you please help me investigate what is the problem?

Thank you,
F

Session error

Hello All,

I would like to implement the new provider OpenId (auto discovery) into adminio but I'm litte stuck

After a good build, when I launched the Oauth authentification proceess I got the error:

session value for openid-connect not found

Someone has a idea of what this error come from ?

Redirection looks like:

https://adminio-api.domain.com/auth/callback?state=https%3A%2F%2Fadminnio.domain.com%2F&session_state=4ba51004-eee1-44eb-a639-c3f686929437&code=9bde45d8-161d-408c-8e25-be37bfbd979f.4ba51004-eee1-44eb-a639-c9f686929437.4aeq8c64-6f50-414f-abdb-6549b2976f4b

Thanks

Switching to https://github.com/minio/madmin-go?

http panic serving

Hello, I've tried your AdminIO setup in Kubernetes and getting some problems. Here is my setup:

MinIO:

Version
2020-10-03T02:19:42Z
Platform
Host: minio-0 | OS: linux | Arch: amd64
Runtime
Version: go1.14.9 | CPUs: 4

AdminIO-API: latest
Config:

- name: ADMINIO_HOST_PORT
  value: 0.0.0.0:8080
- name: MINIO_HOST
  valueFrom:
    secretKeyRef:
      name: s3-secret
      key: host
- name: MINIO_HOST_PORT
  value: $(MINIO_HOST)
- name: MINIO_ACCESS
  valueFrom:
    secretKeyRef:
       name: s3-secret
       key: testu
- name: MINIO_SECRET
  valueFrom:
     secretKeyRef:
        name: s3-secret
        key: testp
- name: ADMINIO_PROBES_ENABLE
  value: "true"
- name: ADMINIO_METRIC_ENABLE
  value: "false"
- name: MINIO_SSL
  value: "false"

Whenever I call the UI (or curl the API on my MINIO_HOST) I'm getting errors in the API logs which always look like this:

[HTTP Server] http: panic serving xxx.xxx.xxx.xxx:xxxxx: runtime error: invalid memory address or nil pointer dereference
goroutine 58 [running]:
net/http.(*conn).serve.func1(0xc00021e640)
	/usr/local/go/src/net/http/server.go:1801 +0x147
panic(0xe40f40, 0x16b71e0)
	/usr/local/go/src/runtime/panic.go:975 +0x3e9
github.com/minio/minio/pkg/madmin.(*AdminClient).DataUsageInfo(0x0, 0x10aa6c0, 0xc0000b8020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/go/pkg/mod/github.com/minio/[email protected]/pkg/madmin/info-commands.go:137 +0x78
github.com/rzrbld/adminio-api/handlers.glob..func32(0xc00011cea0)
	/go/adminio-api/src/handlers/server.go:16 +0x7a
github.com/kataras/iris/v12/context.(*Context).Next(0xc00011cea0)
	/go/pkg/mod/github.com/kataras/iris/[email protected]/context/context.go:510 +0x5c
github.com/iris-contrib/middleware/cors.(*Cors).Serve(0xc000510000, 0xc00011cea0)
	/go/pkg/mod/github.com/iris-contrib/middleware/[email protected]/cors.go:189 +0x165
github.com/kataras/iris/v12/context.(*Context).Do(...)
	/go/pkg/mod/github.com/kataras/iris/[email protected]/context/context.go:392
github.com/kataras/iris/v12/core/router.(*routerHandler).HandleRequest(0xc000505950, 0xc00011cea0)
	/go/pkg/mod/github.com/kataras/iris/[email protected]/core/router/handler.go:406 +0x21a
github.com/kataras/iris/v12/core/router.(*Router).BuildRouter.func3(0x10a7080, 0xc000574380, 0xc000136800)
	/go/pkg/mod/github.com/kataras/iris/[email protected]/core/router/router.go:171 +0x82
github.com/kataras/iris/v12/core/router.(*Router).ServeHTTP(0xc0000bc660, 0x10a7080, 0xc000574380, 0xc000136800)
	/go/pkg/mod/github.com/kataras/iris/[email protected]/core/router/router.go:237 +0x48
net/http.serverHandler.ServeHTTP(0xc00014a000, 0x10a7080, 0xc000574380, 0xc000136800)
	/usr/local/go/src/net/http/server.go:2843 +0xa3
net/http.(*conn).serve(0xc00021e640, 0x10aa680, 0xc000166880)
	/usr/local/go/src/net/http/server.go:1925 +0x8ad
created by net/http.(*Server).Serve
	/usr/local/go/src/net/http/server.go:2969 +0x36c

Do you know any fixes for this problem? Thank you in advance!

Great work, but could be more flexible

I have implemented my own OAuth provider server on a custom domain.

I am able to go through the whole session creation procedure using the auth0 provider and a custom domain, pointing to my own oauth server.

However when the "callback" endpoint is called, i get a 404 error message from the auth0 server saying:

"auth0 responded with a 404 trying to fetch user information"

is it possible to have a custom provider using the goth package??

i find this being a huge limitation which makes the whole API extremely hard to use in production otherwise.

error with minio ssl

Hello

i try to plus adminio with a minio/ssl but i have this error

x509: certificate signed by unknown authority

can i bypass verify ssl or how i can add a CA in the container