From 1a5af9d1fc4ab4727f9747b0947d1a0c7e0002e7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 17 Mar 2021 22:06:37 +0100 Subject: WIP getting started --- doc/book/src/getting_started/bucket.md | 57 +++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 25 deletions(-) (limited to 'doc/book/src/getting_started/bucket.md') diff --git a/doc/book/src/getting_started/bucket.md b/doc/book/src/getting_started/bucket.md index 8b05ee23..b22ce788 100644 --- a/doc/book/src/getting_started/bucket.md +++ b/doc/book/src/getting_started/bucket.md @@ -1,71 +1,78 @@ # Create buckets and keys -First, chances are that your garage deployment is secured by TLS. -All your commands must be prefixed with their certificates. -I will define an alias once and for all to ease future commands. -Please adapt the path of the binary and certificates to your installation! +*We use a command named `garagectl` which is in fact an alias you must define as explained in the [Control the daemon](./daemon.md) section.* -``` -alias grg="/garage/garage --ca-cert /secrets/garage-ca.crt --client-cert /secrets/garage.crt --client-key /secrets/garage.key" -``` - -Now we can check that everything is going well by checking our cluster status: - -``` -grg status -``` +In this section, we will suppose that we want to create a bucket named `nextcloud-bucket` +that will be accessed through a key named `nextcloud-app-key`. Don't forget that `help` command and `--help` subcommands can help you anywhere, the CLI tool is self-documented! Two examples: ``` -grg help -grg bucket allow --help +garagectl help +garagectl bucket allow --help ``` +## Create a bucket + Fine, now let's create a bucket (we imagine that you want to deploy nextcloud): ``` -grg bucket create nextcloud-bucket +garagectl bucket create nextcloud-bucket ``` Check that everything went well: ``` -grg bucket list -grg bucket info nextcloud-bucket +garagectl bucket list +garagectl bucket info nextcloud-bucket ``` +## Create an API key + Now we will generate an API key to access this bucket. Note that API keys are independent of buckets: one key can access multiple buckets, multiple keys can access one bucket. Now, let's start by creating a key only for our PHP application: ``` -grg key new --name nextcloud-app-key +garagectl key new --name nextcloud-app-key ``` You will have the following output (this one is fake, `key_id` and `secret_key` were generated with the openssl CLI tool): -``` -Key { key_id: "GK3515373e4c851ebaad366558", secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", name: "nextcloud-app-key", name_timestamp: 1603280506694, deleted: false, authorized_buckets: [] } +```javascript +Key { + key_id: "GK3515373e4c851ebaad366558", + secret_key: "7d37d093435a41f2aab8f13c19ba067d9776c90215f56614adad6ece597dbb34", + name: "nextcloud-app-key", + name_timestamp: 1603280506694, + deleted: false, + authorized_buckets: [] +} ``` Check that everything works as intended (be careful, info works only with your key identifier and not with its friendly name!): ``` -grg key list -grg key info GK3515373e4c851ebaad366558 +garagectl key list +garagectl key info GK3515373e4c851ebaad366558 ``` +## Allow a key to access a bucket + Now that we have a bucket and a key, we need to give permissions to the key on the bucket! ``` -grg bucket allow --read --write nextcloud-bucket --key GK3515373e4c851ebaad366558 +garagectl bucket allow \ + --read \ + --write + nextcloud-bucket \ + --key GK3515373e4c851ebaad366558 ``` You can check at any times allowed keys on your bucket with: ``` -grg bucket info nextcloud-bucket +garagectl bucket info nextcloud-bucket ``` -- cgit v1.2.3