From e70b24a63c503f7ff71fb8c6e1894bc6fff63b3e Mon Sep 17 00:00:00 2001 From: Ryan Syracuse Date: Tue, 1 Sep 2020 20:44:26 -0400 Subject: [PATCH 01/11] limited access keys update for obj --- openapi.yaml | 46 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/openapi.yaml b/openapi.yaml index 61390d6bc..17d400b4f 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10692,6 +10692,22 @@ paths: type: string description: The label for this keypair, for display purposes only. example: my-key + bucket_access: + type: object + description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. + properties: + cluster: + type: string + description: The datacenter where a bucket with limited access is hosted. + example: ap-south-1 + bucket_name: + type: string + description: The unique label of the bucket with limited access. + example: example-bucket + permissions: + type: string + description: The permissions for the selected key. Can be `read_write` or `read_only`. + example: read_only responses: '200': description: The new keypair. **This is the only time** the secret key is returned. @@ -10712,7 +10728,15 @@ paths: curl -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -X POST -d '{ - "label": "my-object-storage-key" + "label": "my-object-storage-key", + "bucket_access": [{ + "cluster": "ap-south-1", + "bucket_name": "bucket-test1", + "permissions": "read_write"}, + { + "cluster": "us-east-1", + "bucket_name": "bucket-test2", + "permissions": "read_only"}] }' \ https://api.linode.com/v4/object-storage/keys - lang: CLI @@ -17697,6 +17721,26 @@ components: description: This keypair's secret key. **Only returned on key creation**. example: '[REDACTED]' readOnly: true + limited: + type: boolean + description: Whether or not this key is a limited access key. Will return `false` if this key grants full access to all buckets on the user's account. + example: true + bucket_access: + type: object + description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. + properties: + cluster: + type: string + description: The datacenter where a bucket with limited access is hosted. + example: ap-south-1 + bucket_name: + type: string + description: The unique label of the bucket with limited access. + example: example-bucket + permissions: + type: string + description: The permissions for the selected key. Can be `read_write` or `read_only`. + example: read_only PaginationEnvelope: type: object description: > From 84cdf6c9ce18c310a34054de8381a86a3be0b47e Mon Sep 17 00:00:00 2001 From: Ryan Syracuse Date: Wed, 2 Sep 2020 12:30:57 -0400 Subject: [PATCH 02/11] Update Key fix --- openapi.yaml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 17d400b4f..e12f8e8b9 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10729,14 +10729,18 @@ paths: -H "Authorization: Bearer $TOKEN" \ -X POST -d '{ "label": "my-object-storage-key", - "bucket_access": [{ + "bucket_access": [ + { "cluster": "ap-south-1", "bucket_name": "bucket-test1", - "permissions": "read_write"}, + "permissions": "read_write" + }, { "cluster": "us-east-1", "bucket_name": "bucket-test2", - "permissions": "read_only"}] + "permissions": "read_only" + } + ] }' \ https://api.linode.com/v4/object-storage/keys - lang: CLI @@ -10803,7 +10807,12 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/ObjectStorageKey' + type: object + properties: + label: + type: string + description: The label for this keypair, for display purposes only. + example: my-key responses: '200': description: Update Successful From dd876fa658c6a70a7306b40a07e7947c7e69732d Mon Sep 17 00:00:00 2001 From: Ryan Syracuse Date: Thu, 3 Sep 2020 12:37:06 -0400 Subject: [PATCH 03/11] tech/copy fixes --- openapi.yaml | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index e12f8e8b9..7e7c20425 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10693,20 +10693,22 @@ paths: description: The label for this keypair, for display purposes only. example: my-key bucket_access: - type: object + type: array + items: + type: object description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. properties: cluster: type: string - description: The datacenter where a bucket with limited access is hosted. + description: The Object Storage cluster where a bucket to which the key is granting access is hosted. example: ap-south-1 bucket_name: type: string - description: The unique label of the bucket with limited access. + description: The unique label of the bucket to which the key will grant access. example: example-bucket permissions: type: string - description: The permissions for the selected key. Can be `read_write` or `read_only`. + description: The permissions of the key for the selected bucket. Can be `read_write` or `read_only`. example: read_only responses: '200': @@ -10827,7 +10829,7 @@ paths: source: > curl -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ - -x PUT -d '{ + -X PUT -d '{ "label": "my-object-storage-key" }' \ https://api.linode.com/v4/object-storage/keys/12345 @@ -10863,7 +10865,7 @@ paths: - lang: Shell source: > curl -H "Authorization: Bearer $TOKEN" \ - -x DELETE \ + -X DELETE \ https://api.linode.com/v4/object-storage/keys/12345 - lang: CLI source: > @@ -17735,20 +17737,22 @@ components: description: Whether or not this key is a limited access key. Will return `false` if this key grants full access to all buckets on the user's account. example: true bucket_access: - type: object + type: array + items: + type: object description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. properties: cluster: type: string - description: The datacenter where a bucket with limited access is hosted. + description: The Object Storage cluster where a bucket to which the key is granting access is hosted. example: ap-south-1 bucket_name: type: string - description: The unique label of the bucket with limited access. + description: The unique label of the bucket to which the key will grant limited access. example: example-bucket permissions: type: string - description: The permissions for the selected key. Can be `read_write` or `read_only`. + description: The permissions of the key for the selected bucket. Can be `read_write` or `read_only`. example: read_only PaginationEnvelope: type: object From e7bd7de52359a0f7bd2f07339bb624ec0d9aaaa7 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 11:33:48 -0400 Subject: [PATCH 04/11] Update oauth scope --- openapi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openapi.yaml b/openapi.yaml index 7e7c20425..1f8a89792 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10679,7 +10679,7 @@ paths: security: - personalAccessToken: [] - oauth: - - object_storage:read_only + - object_storage:read_write requestBody: description: > The label of the key to create. This is used to identify the created key. From cc1fc424b3ad447305403fc993ce77eff3e9a686 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 11:46:57 -0400 Subject: [PATCH 05/11] Fix shell example indentation --- openapi.yaml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 1f8a89792..59805b17d 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10730,21 +10730,21 @@ paths: curl -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -X POST -d '{ - "label": "my-object-storage-key", - "bucket_access": [ - { - "cluster": "ap-south-1", - "bucket_name": "bucket-test1", - "permissions": "read_write" - }, - { - "cluster": "us-east-1", - "bucket_name": "bucket-test2", - "permissions": "read_only" - } - ] - }' \ - https://api.linode.com/v4/object-storage/keys + "label": "my-object-storage-key", + "bucket_access": [ + { + "cluster": "ap-south-1", + "bucket_name": "bucket-test1", + "permissions": "read_write" + }, + { + "cluster": "us-east-1", + "bucket_name": "bucket-test2", + "permissions": "read_only" + } + ] + }' \ + https://api.linode.com/v4/object-storage/keys - lang: CLI source: > linode-cli object-storage keys-create \ From 22498d02117f20e5ceff004d4d9a9922bcb92143 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 11:53:07 -0400 Subject: [PATCH 06/11] Add bucket_access to CLI example --- openapi.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 59805b17d..abddda0cb 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10734,12 +10734,12 @@ paths: "bucket_access": [ { "cluster": "ap-south-1", - "bucket_name": "bucket-test1", + "bucket_name": "bucket-example-1", "permissions": "read_write" }, { "cluster": "us-east-1", - "bucket_name": "bucket-test2", + "bucket_name": "bucket-example-2", "permissions": "read_only" } ] @@ -10748,7 +10748,8 @@ paths: - lang: CLI source: > linode-cli object-storage keys-create \ - --label "my-object-storage-key" + --label "my-object-storage-key" \ + --bucket_access '[{"cluster": "ap-south-1", "bucket_name": "bucket-example-1", "permissions": "read_write" }]' /object-storage/keys/{keyId}: x-linode-cli-command: object-storage parameters: From 0c54302e8dfea07175eecd0dec934eba0b87079b Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 15:06:07 -0400 Subject: [PATCH 07/11] Use reference to ObjectStorageKey schema object in POST request update limited field to be readOnly --- openapi.yaml | 43 +++++++++---------------------------------- 1 file changed, 9 insertions(+), 34 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index abddda0cb..9d685a007 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -10686,30 +10686,7 @@ paths: content: application/json: schema: - type: object - properties: - label: - type: string - description: The label for this keypair, for display purposes only. - example: my-key - bucket_access: - type: array - items: - type: object - description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. - properties: - cluster: - type: string - description: The Object Storage cluster where a bucket to which the key is granting access is hosted. - example: ap-south-1 - bucket_name: - type: string - description: The unique label of the bucket to which the key will grant access. - example: example-bucket - permissions: - type: string - description: The permissions of the key for the selected bucket. Can be `read_write` or `read_only`. - example: read_only + $ref: '#/components/schemas/ObjectStorageKey' responses: '200': description: The new keypair. **This is the only time** the secret key is returned. @@ -10717,11 +10694,13 @@ paths: application/json: schema: allOf: - - $ref: '#/components/schemas/ObjectStorageKey' - - type: object - properties: - secret_key: - example: OiA6F5r0niLs3QA2stbyq7mY5VCV7KqOzcmitmHw + - $ref: '#/components/schemas/ObjectStorageKey' + - type: object + properties: + secret_key: + type: string + description: This keypair’s secret key. **Only returned on key creation**. + example: OiA6F5r0niLs3QA2stbyq7mY5VCV7KqOzcmitmHw default: $ref: '#/components/responses/ErrorResponse' x-code-samples: @@ -17728,15 +17707,11 @@ components: description: This keypair's access key. This is not secret. example: KVAKUTGBA4WTR2NSJQ81 readOnly: true - secret_key: - type: string - description: This keypair's secret key. **Only returned on key creation**. - example: '[REDACTED]' - readOnly: true limited: type: boolean description: Whether or not this key is a limited access key. Will return `false` if this key grants full access to all buckets on the user's account. example: true + readOnly: true bucket_access: type: array items: From 2514025f79c1e5cd13aefcd2a52faf7bc2bfb9bb Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 15:31:13 -0400 Subject: [PATCH 08/11] Update descriptions Add enum for permissions field --- openapi.yaml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 9d685a007..7355960e5 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17716,7 +17716,15 @@ components: type: array items: type: object - description: Defines this key as a limited access key, and contains values pertaining to permissions. Limited Access Keys block access to all buckets except for those specified within the object. + description: > + Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. + + + Limited Access Keys can: + + * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. + + * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets created, unless explicitly given access to it. properties: cluster: type: string @@ -17728,7 +17736,10 @@ components: example: example-bucket permissions: type: string - description: The permissions of the key for the selected bucket. Can be `read_write` or `read_only`. + enum: + - read_write + - read_only + description: This Limited Access Key's permissions for the selected bucket. example: read_only PaginationEnvelope: type: object From 486649ee54a524e6da0f88f73a983142f350fa59 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Fri, 4 Sep 2020 15:33:56 -0400 Subject: [PATCH 09/11] minor copy edits --- openapi.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 7355960e5..094490f61 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17717,14 +17717,14 @@ components: items: type: object description: > - Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. + Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. Limited Access Keys can: * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. - * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets created, unless explicitly given access to it. + * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets it creates, unless explicitly given access to them. properties: cluster: type: string From 8cc20ece574937b4dec3fde2c0d1323f0c845e53 Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Mon, 7 Sep 2020 18:04:17 -0400 Subject: [PATCH 10/11] Fix indentation --- openapi.yaml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 094490f61..2ae10b05a 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17716,31 +17716,31 @@ components: type: array items: type: object - description: > - Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. + description: > + Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. - Limited Access Keys can: + Limited Access Keys can: - * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. + * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. - * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets it creates, unless explicitly given access to them. - properties: - cluster: - type: string - description: The Object Storage cluster where a bucket to which the key is granting access is hosted. - example: ap-south-1 - bucket_name: - type: string - description: The unique label of the bucket to which the key will grant limited access. - example: example-bucket - permissions: - type: string - enum: - - read_write - - read_only - description: This Limited Access Key's permissions for the selected bucket. - example: read_only + * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets it creates, unless explicitly given access to them. + properties: + cluster: + type: string + description: The Object Storage cluster where a bucket to which the key is granting access is hosted. + example: ap-south-1 + bucket_name: + type: string + description: The unique label of the bucket to which the key will grant limited access. + example: example-bucket + permissions: + type: string + enum: + - read_write + - read_only + description: This Limited Access Key's permissions for the selected bucket. + example: read_only PaginationEnvelope: type: object description: > From 9d4a433545fca4096ff62b7d75ccac54d99ed3fe Mon Sep 17 00:00:00 2001 From: leslitagordita Date: Mon, 7 Sep 2020 19:11:26 -0400 Subject: [PATCH 11/11] move description to the array --- openapi.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/openapi.yaml b/openapi.yaml index 2ae10b05a..f01745f1d 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -17714,17 +17714,17 @@ components: readOnly: true bucket_access: type: array - items: - type: object - description: > - Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. + description: > + Defines this key as a Limited Access Key. Limited Access Keys restrict this Object Storage key's access to only the bucket(s) declared in this array and define their bucket-level permissions. - Limited Access Keys can: + Limited Access Keys can: - * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. + * [list all buckets](/api/v4/object-storage-buckets/) available on this Account, but cannot perform any actions on a bucket unless it has access to the bucket. - * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets it creates, unless explicitly given access to them. + * [create new buckets](/api/v4/object-storage-buckets/#post), but do not have any access to the buckets it creates, unless explicitly given access to them. + items: + type: object properties: cluster: type: string