krishnasrinivas

nkvtest.go:
```
package main

/*
#include <stdio.h>
#include <stdlib.h>
#include "nkv_api.h"
#include "nkv_result.h"

krishnasrinivas

minio@minio-c2:~$ sudo nvme list
Node             SN                   Model                                    Namespace Usage                      Format           FW Rev  
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1     S3VJNY0J600133       SAMSUNG MZQLB3T8HALS-000AZ               1           0.00   B /   3.84  TB    512   B +  0 B   EEA50K0Q
/dev/nvme1n1     S3VJNY0J600117       SAMSUNG MZQLB3T8HALS-000AZ               1           0.00   B /   3.84  TB    512   B +  0 B   EEA50K0Q
/dev/nvme2n1     S3VJNY0J600121       SAMSUNG MZQLB3T8HALS-000AZ               1           0.00   B /   3.84  TB    512   B +  0 B   EEA50K0Q
/dev/nvme3n1     S3VJNF0K722737       SAMSUNG MZQLB3T8HALS-000AZ               1           0.00   B /   3.84  TB    512   B +  0 B   EEA50K0Q
/dev/nvme4n1     S3VJNF0K722736       SAMSUNG MZQLB3T8HALS-000AZ               1           0.00   B /   3.84  TB    512   B +  0 B   EEA50K

krishnasrinivas

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include "nkv_api.h"
#include "nkv_result.h"

void main() {
    uint64_t instance_uuid, nkv_handle = 0;
    nkv_result result;
    printf("calling nkv_open\n");

krishnasrinivas

Service Side Encryption (SSE) in AWS S3:

Three types of SSE supported.

• SSE-C - client provides data encryption key for every get/put object calls. AWS S3 does not store client provided data encryption key. Client provided data encryption key may be generated by AWS KMS for every get/put object calls. It is user responsibility to securely save/map data encryption keys generated by KMS and AWS S3 does not store any data encryption key.
• SSE-S3 - client does not provide any encryption key for any get/put object calls. AWS S3 uses one single key (generated at first time) to encrypt/decrypt objects. Accordingly AWS docs, this key is stored along with object data.
• SSE-KMS - client provides Customer Master Key (CMK) for any get/put object calls. AWS S3 uses client's provided CMK to generate data keys using KMS to encrypt/decrypt objects. This data key is encrypted using KMS and is stored along with object data.

Below bucket policy prevents uploading unencrypted objects (even by owner/auth user).

• S

krishnasrinivas

package main

import (
	"fmt"
	"os"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/s3"

krishnasrinivas

Keybase proof

I hereby claim:

• I am krishnasrinivas on github.
• I am krishna (https://keybase.io/krishna) on keybase.
• I have a public key whose fingerprint is 87D6 113D 0E7F E5AD 3C64 3C44 B1A5 7C32 7DF8 7F6D

To claim this, I am signing this object:

krishnasrinivas

Bucket Policy

Bucket policy is an access policy available for you to grant anonymous permissions to your Minio resources. Bucket policy uses JSON-based access policy language.

This section presents a few examples of typical use cases for bucket policies. The policies use testbucket strings in the resource value. To test these policies, you need to replace these strings with your bucket name. For more information please read Amazon S3 access policy language

Granting Read-Only Permission to an Anonymous User

The following example policy grants the s3:GetObject permission to any public anonymous users. This permission allows anyone to read the object data under testbucket, which is useful for when you have publicly readable assets. A typical example is a website assets stored in testbucket.

krishnasrinivas

 mc admin heal --force --remove --recursive --advanced --fake ALIAS[/Bucket/Prefix]

format.json is always healed.

Healing of a bucket implies:

• if a "bucket" does not exist on any of the drives then it gets created there.
• all bucket meta files are healed (like policy.json)

krishnasrinivas

Took inspirtion from DigitalOcean REST APIs: https://developers.digitalocean.com/documentation/v2/

Convention:

• Use GET, POST, DELETE http verbs. No case for PUT.
• Use JSON request/responses.
• Auth happens using S3V4
• if a boolean query paramenter is passed without value then the value is assumed to be true. For ex ?recursive is same as ?recursive=true

API Categories

krishnasrinivas

Minio Management REST API

Management APIs implement remote administrative operations over HTTP/REST. This guide is intended for SDK developers of package like madmin. If you are an enduser please take a look at mc admin CLI interface.

Authentication

• All requests should be signed using AWS Signature Version V4

FEEDBACK: We can use simpler JSON webtoken for Auth just like how minio-browser does. Tokens are a standard way of auth for REST APIs.

• us-east-1 should be used in signing