more complete admin API #298

Merged
lx merged 48 commits from admin-api into main 2022-05-24 10:16:40 +00:00
Showing only changes of commit d768f559da - Show all commits

View file

@ -1,21 +1,30 @@
# Access control
# Specification of Garage's administration API
**WARNING.** At this point, there is no comittement to stability of the APIs described in this document.
We will bump the version numbers prefixed to each API endpoint at each time the syntax
or semantics change, meaning that code that relies on these endpoint will break
when changes are introduced.
## Access control
The admin API uses two different tokens for acces control, that are specified in the config file's `[admin]` section:
- `metrics_token`: the token for accessing the Metrics endpoint (if this token is not set in the config file, the Metrics endpoint can be accessed without access control);
- `admin_token`: the token for accessing all of the other administration endpoints (if this token is not set in the config file, these endpoints can be accessed without access control).
# Administration API endpoints
## Administration API endpoints
## Metrics-related endpoints
### Metrics-related endpoints
### Metrics `GET /metrics`
#### Metrics `GET /metrics`
Returns internal Garage metrics in Prometheus format.
## Cluster operations
### Cluster operations
### GetClusterStatus `GET /v0/status`
#### GetClusterStatus `GET /v0/status`
Returns the cluster's current status in JSON, including:
@ -94,7 +103,7 @@ Example response body:
}
```
### ConnectClusterNodes `POST /v0/connect`
#### ConnectClusterNodes `POST /v0/connect`
Instructs this Garage node to connect to other Garage nodes at specified addresses.
@ -124,7 +133,7 @@ Example response:
]
```
### GetClusterLayout `GET /v0/layout`
#### GetClusterLayout `GET /v0/layout`
Returns the cluster's current layout in JSON, including:
@ -173,7 +182,7 @@ Example response body:
}
```
### UpdateClusterLayout `POST /v0/layout`
#### UpdateClusterLayout `POST /v0/layout`
Send modifications to the cluster layout. These modifications will
be included in the staged role changes, visible in subsequent calls
@ -204,7 +213,7 @@ Contrary to the CLI that may update only a subset of the fields
values must be specified.
### ApplyClusterLayout `POST /v0/layout/apply`
#### ApplyClusterLayout `POST /v0/layout/apply`
Applies to the cluster the layout changes currently registered as
staged layout changes.
@ -221,7 +230,7 @@ Similarly to the CLI, the body must include the version of the new layout
that will be created, which MUST be 1 + the value of the currently
existing layout in the cluster.
### RevertClusterLayout `POST /v0/layout/revert`
#### RevertClusterLayout `POST /v0/layout/revert`
Clears all of the staged layout changes.
@ -240,9 +249,9 @@ version number, which MUST be 1 + the value of the currently
existing layout in the cluster.
## Access key operations
### Access key operations
### ListKeys `GET /v0/key`
#### ListKeys `GET /v0/key`
Returns all API access keys in the cluster.
@ -261,7 +270,7 @@ Example response:
]
```
### CreateKey `POST /v0/key`
#### CreateKey `POST /v0/key`
Creates a new API access key.
@ -273,7 +282,7 @@ Request body format:
}
```
### ImportKey `POST /v0/key/import`
#### ImportKey `POST /v0/key/import`
Imports an existing API key.
@ -287,8 +296,8 @@ Request body format:
}
```
### GetKeyInfo `GET /v0/key?id=<acces key id>`
### GetKeyInfo `GET /v0/key?search=<pattern>`
#### GetKeyInfo `GET /v0/key?id=<acces key id>`
#### GetKeyInfo `GET /v0/key?search=<pattern>`
Returns information about the requested API access key.
@ -359,11 +368,11 @@ Example response:
}
```
### DeleteKey `DELETE /v0/key?id=<acces key id>`
#### DeleteKey `DELETE /v0/key?id=<acces key id>`
Deletes an API access key.
### UpdateKey `POST /v0/key?id=<acces key id>`
#### UpdateKey `POST /v0/key?id=<acces key id>`
Updates information about the specified API access key.
@ -384,9 +393,9 @@ If they are present, the corresponding modifications are applied to the key, oth
The possible flags in `allow` and `deny` are: `createBucket`.
## Bucket operations
### Bucket operations
### ListBuckets `GET /v0/bucket`
#### ListBuckets `GET /v0/bucket`
Returns all storage buckets in the cluster.
@ -428,8 +437,8 @@ Example response:
]
```
### GetBucketInfo `GET /v0/bucket?id=<bucket id>`
### GetBucketInfo `GET /v0/bucket?globalAlias=<alias>`
#### GetBucketInfo `GET /v0/bucket?id=<bucket id>`
#### GetBucketInfo `GET /v0/bucket?globalAlias=<alias>`
Returns information about the requested storage bucket.
@ -462,7 +471,7 @@ Example response:
}
```
### CreateBucket `POST /v0/bucket`
#### CreateBucket `POST /v0/bucket`
Creates a new storage bucket.
@ -495,13 +504,13 @@ OR
Creates a new bucket, either with a global alias, a local one,
or no alias at all.
### DeleteBucket `DELETE /v0/bucket?id=<bucket id>`
#### DeleteBucket `DELETE /v0/bucket?id=<bucket id>`
Deletes a storage bucket. A bucket cannot be deleted if it is not empty.
Warning: this will delete all aliases associated with the bucket!
### PutBucketWebsite `PUT /v0/bucket/website?id=<bucket id>`
#### PutBucketWebsite `PUT /v0/bucket/website?id=<bucket id>`
Sets the website configuration for a bucket (this also enables website access for this bucket).
@ -517,14 +526,14 @@ Request body format:
The field `errorDocument` is optional, if no error document is set a generic error message is displayed when errors happen.
### DeleteBucketWebsite `DELETE /v0/bucket/website?id=<bucket id>`
#### DeleteBucketWebsite `DELETE /v0/bucket/website?id=<bucket id>`
Deletes the website configuration for a bucket (disables website access for this bucket).
## Operations on permissions for keys on buckets
### Operations on permissions for keys on buckets
### BucketAllowKey `POST /v0/bucket/allow`
#### BucketAllowKey `POST /v0/bucket/allow`
Allows a key to do read/write/owner operations on a bucket.
@ -545,7 +554,7 @@ Request body format:
Flags in `permissions` which have the value `true` will be activated.
Other flags will remain unchanged.
### BucketDenyKey `POST /v0/bucket/deny`
#### BucketDenyKey `POST /v0/bucket/deny`
Denies a key from doing read/write/owner operations on a bucket.
@ -567,21 +576,21 @@ Flags in `permissions` which have the value `true` will be deactivated.
Other flags will remain unchanged.
## Operations on bucket aliases
### Operations on bucket aliases
### GlobalAliasBucket `PUT /v0/bucket/alias/global?id=<bucket id>&alias=<global alias>`
#### GlobalAliasBucket `PUT /v0/bucket/alias/global?id=<bucket id>&alias=<global alias>`
Empty body. Creates a global alias for a bucket.
### GlobalUnaliasBucket `DELETE /v0/bucket/alias/global?id=<bucket id>&alias=<global alias>`
#### GlobalUnaliasBucket `DELETE /v0/bucket/alias/global?id=<bucket id>&alias=<global alias>`
Removes a global alias for a bucket.
### LocalAliasBucket `PUT /v0/bucket/alias/local?id=<bucket id>&accessKeyId=<access key ID>&alias=<local alias>`
#### LocalAliasBucket `PUT /v0/bucket/alias/local?id=<bucket id>&accessKeyId=<access key ID>&alias=<local alias>`
Empty body. Creates a local alias for a bucket in the namespace of a specific access key.
### LocalUnaliasBucket `DELETE /v0/bucket/alias/local?id=<bucket id>&accessKeyId<access key ID>&alias=<local alias>`
#### LocalUnaliasBucket `DELETE /v0/bucket/alias/local?id=<bucket id>&accessKeyId<access key ID>&alias=<local alias>`
Removes a local alias for a bucket in the namespace of a specific access key.