diff --git a/restapi/admin_policies.go b/restapi/admin_policies.go
index 86866d30b..159b53f24 100644
--- a/restapi/admin_policies.go
+++ b/restapi/admin_policies.go
@@ -75,6 +75,70 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) {
}
return admin_api.NewSetPolicyMultipleNoContent()
})
+ api.AdminAPIListPoliciesWithBucketHandler = admin_api.ListPoliciesWithBucketHandlerFunc(func(params admin_api.ListPoliciesWithBucketParams, session *models.Principal) middleware.Responder {
+ policyResponse, err := getListPoliciesWithBucketResponse(session, params.Bucket)
+ if err != nil {
+ return admin_api.NewListPoliciesWithBucketDefault(int(err.Code)).WithPayload(err)
+ }
+ return admin_api.NewListPoliciesWithBucketOK().WithPayload(policyResponse)
+ })
+}
+
+func getListPoliciesWithBucketResponse(session *models.Principal, bucket string) (*models.ListPoliciesResponse, *models.Error) {
+ ctx := context.Background()
+ mAdmin, err := newMAdminClient(session)
+ if err != nil {
+ return nil, prepareError(err)
+ }
+ // create a MinIO Admin Client interface implementation
+ // defining the client to be used
+ adminClient := adminClient{client: mAdmin}
+
+ policies, err := listPoliciesWithBucket(ctx, bucket, adminClient)
+ if err != nil {
+ return nil, prepareError(err)
+ }
+ // serialize output
+ listPoliciesResponse := &models.ListPoliciesResponse{
+ Policies: policies,
+ Total: int64(len(policies)),
+ }
+ return listPoliciesResponse, nil
+}
+
+// listPoliciesWithBucket calls MinIO server to list all policy names present on the server that apply to a particular bucket.
+// listPoliciesWithBucket() converts the map[string][]byte returned by client.listPolicies()
+// to []*models.Policy by iterating over each key in policyRawMap and
+// then using Unmarshal on the raw bytes to create a *models.Policy
+func listPoliciesWithBucket(ctx context.Context, bucket string, client MinioAdmin) ([]*models.Policy, error) {
+ policyMap, err := client.listPolicies(ctx)
+ var policies []*models.Policy
+ if err != nil {
+ return nil, err
+ }
+ for name, policy := range policyMap {
+ policy, err := parsePolicy(name, policy)
+ if err != nil {
+ return nil, err
+ }
+ if policyMatchesBucket(policy, bucket) {
+ policies = append(policies, policy)
+ }
+ }
+ return policies, nil
+}
+
+func policyMatchesBucket(policy *models.Policy, bucket string) bool {
+ policyData := &iampolicy.Policy{}
+ json.Unmarshal([]byte(policy.Policy), policyData)
+ policyStatements := policyData.Statements
+ for i := 0; i < len(policyStatements); i++ {
+ resources := policyStatements[i].Resources
+ if resources.Match(bucket, map[string][]string{}) {
+ return true
+ }
+ }
+ return false
}
// listPolicies calls MinIO server to list all policy names present on the server.
diff --git a/restapi/admin_policies_test.go b/restapi/admin_policies_test.go
index 0f336ebc2..89c2f2588 100644
--- a/restapi/admin_policies_test.go
+++ b/restapi/admin_policies_test.go
@@ -276,3 +276,119 @@ func Test_SetPolicyMultiple(t *testing.T) {
})
}
}
+
+func Test_policyMatchesBucket(t *testing.T) {
+ type args struct {
+ policy *models.Policy
+ bucket string
+ }
+ tests := []struct {
+ name string
+ args args
+ want bool
+ }{
+ {
+ name: "Test1",
+ args: args{policy: &models.Policy{Name: "consoleAdmin", Policy: `{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "admin:*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:*"
+ ],
+ "Resource": [
+ "arn:aws:s3:::*"
+ ]
+ }
+ ]
+}`}, bucket: "test1"},
+ want: true,
+ },
+ {
+ name: "Test2",
+ args: args{policy: &models.Policy{Name: "consoleAdmin", Policy: `{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:*"
+ ],
+ "Resource": [
+ "arn:aws:s3:::bucket1"
+ ]
+ }
+ ]
+ }`}, bucket: "test1"},
+ want: false,
+ },
+ {
+ name: "Test3",
+ args: args{policy: &models.Policy{Name: "consoleAdmin", Policy: `{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Sid": "VisualEditor0",
+ "Effect": "Allow",
+ "Action": [
+ "s3:ListStorageLensConfigurations",
+ "s3:GetAccessPoint",
+ "s3:PutAccountPublicAccessBlock",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:ListAllMyBuckets",
+ "s3:ListAccessPoints",
+ "s3:ListJobs",
+ "s3:PutStorageLensConfiguration",
+ "s3:CreateJob"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Sid": "VisualEditor1",
+ "Effect": "Allow",
+ "Action": "s3:*",
+ "Resource": [
+ "arn:aws:s3:::test",
+ "arn:aws:s3:::test/*",
+ "arn:aws:s3:::lkasdkljasd090901",
+ "arn:aws:s3:::lkasdkljasd090901/*"
+ ]
+ }
+ ]
+ }`}, bucket: "test1"},
+ want: false,
+ },
+ {
+ name: "Test4",
+ args: args{policy: &models.Policy{Name: "consoleAdmin", Policy: `{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "s3:*"
+ ],
+ "Resource": [
+ "arn:aws:s3:::bucket1"
+ ]
+ }
+ ]
+ }`}, bucket: "bucket1"},
+ want: true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ if got := policyMatchesBucket(tt.args.policy, tt.args.bucket); got != tt.want {
+ t.Errorf("policyMatchesBucket() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go
index 02cca7e10..ea8198401 100644
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -203,6 +203,49 @@ func init() {
}
}
},
+ "/bucket-policy/{bucket}": {
+ "get": {
+ "tags": [
+ "AdminAPI"
+ ],
+ "summary": "List Policies With Given Bucket",
+ "operationId": "ListPoliciesWithBucket",
+ "parameters": [
+ {
+ "type": "string",
+ "name": "bucket",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "integer",
+ "format": "int32",
+ "name": "offset",
+ "in": "query"
+ },
+ {
+ "type": "integer",
+ "format": "int32",
+ "name": "limit",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "A successful response.",
+ "schema": {
+ "$ref": "#/definitions/listPoliciesResponse"
+ }
+ },
+ "default": {
+ "description": "Generic error response.",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
+ }
+ }
+ }
+ },
"/buckets": {
"get": {
"tags": [
@@ -5854,6 +5897,49 @@ func init() {
}
}
},
+ "/bucket-policy/{bucket}": {
+ "get": {
+ "tags": [
+ "AdminAPI"
+ ],
+ "summary": "List Policies With Given Bucket",
+ "operationId": "ListPoliciesWithBucket",
+ "parameters": [
+ {
+ "type": "string",
+ "name": "bucket",
+ "in": "path",
+ "required": true
+ },
+ {
+ "type": "integer",
+ "format": "int32",
+ "name": "offset",
+ "in": "query"
+ },
+ {
+ "type": "integer",
+ "format": "int32",
+ "name": "limit",
+ "in": "query"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "A successful response.",
+ "schema": {
+ "$ref": "#/definitions/listPoliciesResponse"
+ }
+ },
+ "default": {
+ "description": "Generic error response.",
+ "schema": {
+ "$ref": "#/definitions/error"
+ }
+ }
+ }
+ }
+ },
"/buckets": {
"get": {
"tags": [
diff --git a/restapi/operations/admin_api/list_policies_with_bucket.go b/restapi/operations/admin_api/list_policies_with_bucket.go
new file mode 100644
index 000000000..21eb74dc6
--- /dev/null
+++ b/restapi/operations/admin_api/list_policies_with_bucket.go
@@ -0,0 +1,90 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime/middleware"
+
+ "github.com/minio/console/models"
+)
+
+// ListPoliciesWithBucketHandlerFunc turns a function with the right signature into a list policies with bucket handler
+type ListPoliciesWithBucketHandlerFunc func(ListPoliciesWithBucketParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn ListPoliciesWithBucketHandlerFunc) Handle(params ListPoliciesWithBucketParams, principal *models.Principal) middleware.Responder {
+ return fn(params, principal)
+}
+
+// ListPoliciesWithBucketHandler interface for that can handle valid list policies with bucket params
+type ListPoliciesWithBucketHandler interface {
+ Handle(ListPoliciesWithBucketParams, *models.Principal) middleware.Responder
+}
+
+// NewListPoliciesWithBucket creates a new http.Handler for the list policies with bucket operation
+func NewListPoliciesWithBucket(ctx *middleware.Context, handler ListPoliciesWithBucketHandler) *ListPoliciesWithBucket {
+ return &ListPoliciesWithBucket{Context: ctx, Handler: handler}
+}
+
+/*ListPoliciesWithBucket swagger:route GET /bucket-policy/{bucket} AdminAPI listPoliciesWithBucket
+
+List Policies With Given Bucket
+
+*/
+type ListPoliciesWithBucket struct {
+ Context *middleware.Context
+ Handler ListPoliciesWithBucketHandler
+}
+
+func (o *ListPoliciesWithBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+ route, rCtx, _ := o.Context.RouteInfo(r)
+ if rCtx != nil {
+ r = rCtx
+ }
+ var Params = NewListPoliciesWithBucketParams()
+
+ uprinc, aCtx, err := o.Context.Authorize(r, route)
+ if err != nil {
+ o.Context.Respond(rw, r, route.Produces, route, err)
+ return
+ }
+ if aCtx != nil {
+ r = aCtx
+ }
+ var principal *models.Principal
+ if uprinc != nil {
+ principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+ }
+
+ if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+ o.Context.Respond(rw, r, route.Produces, route, err)
+ return
+ }
+
+ res := o.Handler.Handle(Params, principal) // actually handle the request
+
+ o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
diff --git a/restapi/operations/admin_api/list_policies_with_bucket_parameters.go b/restapi/operations/admin_api/list_policies_with_bucket_parameters.go
new file mode 100644
index 000000000..7b94a244c
--- /dev/null
+++ b/restapi/operations/admin_api/list_policies_with_bucket_parameters.go
@@ -0,0 +1,155 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/errors"
+ "github.com/go-openapi/runtime"
+ "github.com/go-openapi/runtime/middleware"
+ "github.com/go-openapi/strfmt"
+ "github.com/go-openapi/swag"
+)
+
+// NewListPoliciesWithBucketParams creates a new ListPoliciesWithBucketParams object
+// no default values defined in spec.
+func NewListPoliciesWithBucketParams() ListPoliciesWithBucketParams {
+
+ return ListPoliciesWithBucketParams{}
+}
+
+// ListPoliciesWithBucketParams contains all the bound params for the list policies with bucket operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters ListPoliciesWithBucket
+type ListPoliciesWithBucketParams struct {
+
+ // HTTP Request Object
+ HTTPRequest *http.Request `json:"-"`
+
+ /*
+ Required: true
+ In: path
+ */
+ Bucket string
+ /*
+ In: query
+ */
+ Limit *int32
+ /*
+ In: query
+ */
+ Offset *int32
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewListPoliciesWithBucketParams() beforehand.
+func (o *ListPoliciesWithBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+ var res []error
+
+ o.HTTPRequest = r
+
+ qs := runtime.Values(r.URL.Query())
+
+ rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
+ if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ qLimit, qhkLimit, _ := qs.GetOK("limit")
+ if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ qOffset, qhkOffset, _ := qs.GetOK("offset")
+ if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil {
+ res = append(res, err)
+ }
+
+ if len(res) > 0 {
+ return errors.CompositeValidationError(res...)
+ }
+ return nil
+}
+
+// bindBucket binds and validates parameter Bucket from path.
+func (o *ListPoliciesWithBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: true
+ // Parameter is provided by construction from the route
+
+ o.Bucket = raw
+
+ return nil
+}
+
+// bindLimit binds and validates parameter Limit from query.
+func (o *ListPoliciesWithBucketParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: false
+ // AllowEmptyValue: false
+ if raw == "" { // empty values pass all other validations
+ return nil
+ }
+
+ value, err := swag.ConvertInt32(raw)
+ if err != nil {
+ return errors.InvalidType("limit", "query", "int32", raw)
+ }
+ o.Limit = &value
+
+ return nil
+}
+
+// bindOffset binds and validates parameter Offset from query.
+func (o *ListPoliciesWithBucketParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error {
+ var raw string
+ if len(rawData) > 0 {
+ raw = rawData[len(rawData)-1]
+ }
+
+ // Required: false
+ // AllowEmptyValue: false
+ if raw == "" { // empty values pass all other validations
+ return nil
+ }
+
+ value, err := swag.ConvertInt32(raw)
+ if err != nil {
+ return errors.InvalidType("offset", "query", "int32", raw)
+ }
+ o.Offset = &value
+
+ return nil
+}
diff --git a/restapi/operations/admin_api/list_policies_with_bucket_responses.go b/restapi/operations/admin_api/list_policies_with_bucket_responses.go
new file mode 100644
index 000000000..ad0a32a9f
--- /dev/null
+++ b/restapi/operations/admin_api/list_policies_with_bucket_responses.go
@@ -0,0 +1,133 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+ "net/http"
+
+ "github.com/go-openapi/runtime"
+
+ "github.com/minio/console/models"
+)
+
+// ListPoliciesWithBucketOKCode is the HTTP code returned for type ListPoliciesWithBucketOK
+const ListPoliciesWithBucketOKCode int = 200
+
+/*ListPoliciesWithBucketOK A successful response.
+
+swagger:response listPoliciesWithBucketOK
+*/
+type ListPoliciesWithBucketOK struct {
+
+ /*
+ In: Body
+ */
+ Payload *models.ListPoliciesResponse `json:"body,omitempty"`
+}
+
+// NewListPoliciesWithBucketOK creates ListPoliciesWithBucketOK with default headers values
+func NewListPoliciesWithBucketOK() *ListPoliciesWithBucketOK {
+
+ return &ListPoliciesWithBucketOK{}
+}
+
+// WithPayload adds the payload to the list policies with bucket o k response
+func (o *ListPoliciesWithBucketOK) WithPayload(payload *models.ListPoliciesResponse) *ListPoliciesWithBucketOK {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the list policies with bucket o k response
+func (o *ListPoliciesWithBucketOK) SetPayload(payload *models.ListPoliciesResponse) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListPoliciesWithBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(200)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
+
+/*ListPoliciesWithBucketDefault Generic error response.
+
+swagger:response listPoliciesWithBucketDefault
+*/
+type ListPoliciesWithBucketDefault struct {
+ _statusCode int
+
+ /*
+ In: Body
+ */
+ Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewListPoliciesWithBucketDefault creates ListPoliciesWithBucketDefault with default headers values
+func NewListPoliciesWithBucketDefault(code int) *ListPoliciesWithBucketDefault {
+ if code <= 0 {
+ code = 500
+ }
+
+ return &ListPoliciesWithBucketDefault{
+ _statusCode: code,
+ }
+}
+
+// WithStatusCode adds the status to the list policies with bucket default response
+func (o *ListPoliciesWithBucketDefault) WithStatusCode(code int) *ListPoliciesWithBucketDefault {
+ o._statusCode = code
+ return o
+}
+
+// SetStatusCode sets the status to the list policies with bucket default response
+func (o *ListPoliciesWithBucketDefault) SetStatusCode(code int) {
+ o._statusCode = code
+}
+
+// WithPayload adds the payload to the list policies with bucket default response
+func (o *ListPoliciesWithBucketDefault) WithPayload(payload *models.Error) *ListPoliciesWithBucketDefault {
+ o.Payload = payload
+ return o
+}
+
+// SetPayload sets the payload to the list policies with bucket default response
+func (o *ListPoliciesWithBucketDefault) SetPayload(payload *models.Error) {
+ o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *ListPoliciesWithBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+ rw.WriteHeader(o._statusCode)
+ if o.Payload != nil {
+ payload := o.Payload
+ if err := producer.Produce(rw, payload); err != nil {
+ panic(err) // let the recovery middleware deal with this
+ }
+ }
+}
diff --git a/restapi/operations/admin_api/list_policies_with_bucket_urlbuilder.go b/restapi/operations/admin_api/list_policies_with_bucket_urlbuilder.go
new file mode 100644
index 000000000..dba86983a
--- /dev/null
+++ b/restapi/operations/admin_api/list_policies_with_bucket_urlbuilder.go
@@ -0,0 +1,141 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+ "errors"
+ "net/url"
+ golangswaggerpaths "path"
+ "strings"
+
+ "github.com/go-openapi/swag"
+)
+
+// ListPoliciesWithBucketURL generates an URL for the list policies with bucket operation
+type ListPoliciesWithBucketURL struct {
+ Bucket string
+
+ Limit *int32
+ Offset *int32
+
+ _basePath string
+ // avoid unkeyed usage
+ _ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListPoliciesWithBucketURL) WithBasePath(bp string) *ListPoliciesWithBucketURL {
+ o.SetBasePath(bp)
+ return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *ListPoliciesWithBucketURL) SetBasePath(bp string) {
+ o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *ListPoliciesWithBucketURL) Build() (*url.URL, error) {
+ var _result url.URL
+
+ var _path = "/bucket-policy/{bucket}"
+
+ bucket := o.Bucket
+ if bucket != "" {
+ _path = strings.Replace(_path, "{bucket}", bucket, -1)
+ } else {
+ return nil, errors.New("bucket is required on ListPoliciesWithBucketURL")
+ }
+
+ _basePath := o._basePath
+ if _basePath == "" {
+ _basePath = "/api/v1"
+ }
+ _result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+ qs := make(url.Values)
+
+ var limitQ string
+ if o.Limit != nil {
+ limitQ = swag.FormatInt32(*o.Limit)
+ }
+ if limitQ != "" {
+ qs.Set("limit", limitQ)
+ }
+
+ var offsetQ string
+ if o.Offset != nil {
+ offsetQ = swag.FormatInt32(*o.Offset)
+ }
+ if offsetQ != "" {
+ qs.Set("offset", offsetQ)
+ }
+
+ _result.RawQuery = qs.Encode()
+
+ return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *ListPoliciesWithBucketURL) Must(u *url.URL, err error) *url.URL {
+ if err != nil {
+ panic(err)
+ }
+ if u == nil {
+ panic("url can't be nil")
+ }
+ return u
+}
+
+// String returns the string representation of the path with query string
+func (o *ListPoliciesWithBucketURL) String() string {
+ return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *ListPoliciesWithBucketURL) BuildFull(scheme, host string) (*url.URL, error) {
+ if scheme == "" {
+ return nil, errors.New("scheme is required for a full url on ListPoliciesWithBucketURL")
+ }
+ if host == "" {
+ return nil, errors.New("host is required for a full url on ListPoliciesWithBucketURL")
+ }
+
+ base, err := o.Build()
+ if err != nil {
+ return nil, err
+ }
+
+ base.Scheme = scheme
+ base.Host = host
+ return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *ListPoliciesWithBucketURL) StringFull(scheme, host string) string {
+ return o.Must(o.BuildFull(scheme, host)).String()
+}
diff --git a/restapi/operations/console_api.go b/restapi/operations/console_api.go
index 598e2e5c4..378f25320 100644
--- a/restapi/operations/console_api.go
+++ b/restapi/operations/console_api.go
@@ -202,6 +202,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
AdminAPIListPoliciesHandler: admin_api.ListPoliciesHandlerFunc(func(params admin_api.ListPoliciesParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListPolicies has not yet been implemented")
}),
+ AdminAPIListPoliciesWithBucketHandler: admin_api.ListPoliciesWithBucketHandlerFunc(func(params admin_api.ListPoliciesWithBucketParams, principal *models.Principal) middleware.Responder {
+ return middleware.NotImplemented("operation admin_api.ListPoliciesWithBucket has not yet been implemented")
+ }),
UserAPIListRemoteBucketsHandler: user_api.ListRemoteBucketsHandlerFunc(func(params user_api.ListRemoteBucketsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user_api.ListRemoteBuckets has not yet been implemented")
}),
@@ -478,6 +481,8 @@ type ConsoleAPI struct {
UserAPIListObjectsHandler user_api.ListObjectsHandler
// AdminAPIListPoliciesHandler sets the operation handler for the list policies operation
AdminAPIListPoliciesHandler admin_api.ListPoliciesHandler
+ // AdminAPIListPoliciesWithBucketHandler sets the operation handler for the list policies with bucket operation
+ AdminAPIListPoliciesWithBucketHandler admin_api.ListPoliciesWithBucketHandler
// UserAPIListRemoteBucketsHandler sets the operation handler for the list remote buckets operation
UserAPIListRemoteBucketsHandler user_api.ListRemoteBucketsHandler
// AdminAPIListTenantsHandler sets the operation handler for the list tenants operation
@@ -780,6 +785,9 @@ func (o *ConsoleAPI) Validate() error {
if o.AdminAPIListPoliciesHandler == nil {
unregistered = append(unregistered, "admin_api.ListPoliciesHandler")
}
+ if o.AdminAPIListPoliciesWithBucketHandler == nil {
+ unregistered = append(unregistered, "admin_api.ListPoliciesWithBucketHandler")
+ }
if o.UserAPIListRemoteBucketsHandler == nil {
unregistered = append(unregistered, "user_api.ListRemoteBucketsHandler")
}
@@ -1201,6 +1209,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
+ o.handlers["GET"]["/bucket-policy/{bucket}"] = admin_api.NewListPoliciesWithBucket(o.context, o.AdminAPIListPoliciesWithBucketHandler)
+ if o.handlers["GET"] == nil {
+ o.handlers["GET"] = make(map[string]http.Handler)
+ }
o.handlers["GET"]["/remote-buckets"] = user_api.NewListRemoteBuckets(o.context, o.UserAPIListRemoteBucketsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
diff --git a/swagger.yml b/swagger.yml
index 9226796e0..b63f2092f 100644
--- a/swagger.yml
+++ b/swagger.yml
@@ -1234,6 +1234,38 @@ paths:
tags:
- AdminAPI
+ /bucket-policy/{bucket}:
+ get:
+ summary: List Policies With Given Bucket
+ operationId: ListPoliciesWithBucket
+ parameters:
+ - name: bucket
+ in: path
+ required: true
+ type: string
+ - name: offset
+ in: query
+ required: false
+ type: integer
+ format: int32
+ - name: limit
+ in: query
+ required: false
+ type: integer
+ format: int32
+ responses:
+ 200:
+ description: A successful response.
+ schema:
+ $ref: "#/definitions/listPoliciesResponse"
+ default:
+ description: Generic error response.
+ schema:
+ $ref: "#/definitions/error"
+ tags:
+ - AdminAPI
+
+
/policy:
get:
summary: Policy info