mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Api bucket policy (#674)

Browse Source 
* Adding API for Users with Access to Bucket

* changing error logging

* Delete .yarn-integrity
This commit is contained in:
adfost
2021-04-02 16:13:29 -07:00
committed by GitHub
parent 94747acab2
commit 4f29f8457f
14 changed files with 1280 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx
View File

@@ -58,6 +58,7 @@ import UsageIcon from "../../../../icons/UsageIcon";
import AddPolicy from "../../Policies/AddPolicy";
import SetAccessPolicy from "./SetAccessPolicy";
import { Policy } from "../../Policies/types";
import { User } from "../../Users/types";
const styles = (theme: Theme) =>
createStyles({
@@ -222,6 +223,8 @@ const ViewBucket = ({
>([]);
const [bucketPolicy, setBucketPolicy] = useState<Policy[]>([]);
const [loadingPolicy, setLoadingPolicy] = useState<boolean>(true);
const [bucketUsers, setBucketUsers] = useState<User[]>([]);
const [loadingUsers, setLoadingUsers] = useState<boolean>(true);
const [loadingBucket, setLoadingBucket] = useState<boolean>(true);
const [loadingEvents, setLoadingEvents] = useState<boolean>(true);
const [loadingVersioning, setLoadingVersioning] = useState<boolean>(true);
@@ -389,6 +392,21 @@ const ViewBucket = ({
}
}, [loadingPolicy, setErrorSnackMessage, bucketName]);
useEffect(() => {
if (loadingUsers) {
api
.invoke("GET", `/api/v1/bucket-users/${bucketName}`)
.then((res: any) => {
setBucketUsers(res);
setLoadingUsers(false);
})
.catch((err: any) => {
setErrorSnackMessage(err);
setLoadingUsers(false);
});
}
}, [loadingUsers, setErrorSnackMessage, bucketName]);
useEffect(() => {
if (loadingSize) {
api
@@ -773,6 +791,7 @@ const ViewBucket = ({
<Tab label="Replication" {...a11yProps(1)} />
)}
<Tab label="Policies" {...a11yProps(2)} />
<Tab label="Users" {...a11yProps(3)} />
</Tabs>
</Grid>
<Grid item xs={6} className={classes.actionsTray}>
@@ -867,6 +886,15 @@ const ViewBucket = ({
idField="name"
/>
</TabPanel>
<TabPanel index={3} value={curTab}>
<TableWrapper
columns={[{ label: "User", elementKey: "accessKey" }]}
isLoading={loadingUsers}
records={bucketUsers}
entityName="Users"
idField="accessKey"
/>
</TabPanel>
</Grid>
</Grid>
</Grid>

5
portal-ui/src/screens/Console/Buckets/types.tsx
View File

@@ -47,6 +47,11 @@ export interface BucketEventList {
total: number;
}
export interface BucketPolicy {
name: string;
body: string;
}
export interface ArnList {
arns: string[];
}

70
restapi/admin_users.go
View File

@@ -91,6 +91,13 @@ func registerUsersHandlers(api *operations.ConsoleAPI) {
return admin_api.NewBulkUpdateUsersGroupsOK()
})
api.AdminAPIListUsersWithAccessToBucketHandler = admin_api.ListUsersWithAccessToBucketHandlerFunc(func(params admin_api.ListUsersWithAccessToBucketParams, session *models.Principal) middleware.Responder {
response, err := getListUsersWithAccessToBucketResponse(session, params.Bucket)
if err != nil {
return admin_api.NewListUsersWithAccessToBucketDefault(int(err.Code)).WithPayload(err)
}
return admin_api.NewListUsersWithAccessToBucketOK().WithPayload(response)
})
}
func listUsers(ctx context.Context, client MinioAdmin) ([]*models.User, error) {
@@ -467,3 +474,66 @@ func getAddUsersListToGroupsResponse(session *models.Principal, params admin_api
return nil
}
func getListUsersWithAccessToBucketResponse(session *models.Principal, bucket string) ([]string, *models.Error) {
ctx := context.Background()
mAdmin, err := newMAdminClient(session)
if err != nil {
return nil, prepareError(err)
}
// create a minioClient interface implementation
// defining the client to be used
adminClient := adminClient{client: mAdmin}
users, err := listUsers(ctx, adminClient)
if err != nil {
return nil, prepareError(err)
}
var retval []string
seen := make(map[string]bool)
for i := 0; i < len(users); i++ {
policy, err := adminClient.getPolicy(ctx, users[i].Policy)
if err == nil {
parsedPolicy, err2 := parsePolicy(users[i].Policy, policy)
if err2 == nil && policyMatchesBucket(parsedPolicy, bucket) {
retval = append(retval, users[i].AccessKey)
seen[users[i].AccessKey] = true
}
if err2 != nil {
log.Println(err2)
}
} else {
log.Println(err)
}
}
groups, err := listGroups(ctx, adminClient)
if err != nil {
log.Println(err)
return retval, nil
}
for i := 0; i < len(*groups); i++ {
info, err := groupInfo(ctx, adminClient, (*groups)[i])
if err == nil {
policy, err2 := adminClient.getPolicy(ctx, info.Policy)
if err2 == nil {
parsedPolicy, err3 := parsePolicy(info.Policy, policy)
for j := 0; j < len(info.Members); j++ {
if err3 == nil && !seen[info.Members[j]] && policyMatchesBucket(parsedPolicy, bucket) {
retval = append(retval, info.Members[j])
seen[info.Members[j]] = true
}
if err3 != nil {
log.Println(err3)
}
}
} else {
log.Println(err2)
}
} else {
log.Println(err)
}
}
// serialize output
return retval, nil
}

92
restapi/embedded_spec.go
View File

@@ -246,6 +246,52 @@ func init() {
}
}
},
"/bucket-users/{bucket}": {
"get": {
"tags": [
"AdminAPI"
],
"summary": "List Users With Access to a Given Bucket",
"operationId": "ListUsersWithAccessToBucket",
"parameters": [
{
"type": "string",
"name": "bucket",
"in": "path",
"required": true
},
{
"type": "integer",
"format": "int32",
"name": "offset",
"in": "query"
},
{
"type": "integer",
"format": "int32",
"name": "limit",
"in": "query"
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "array",
"items": {
"type": "string"
}
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/buckets": {
"get": {
"tags": [
@@ -6091,6 +6137,52 @@ func init() {
}
}
},
"/bucket-users/{bucket}": {
"get": {
"tags": [
"AdminAPI"
],
"summary": "List Users With Access to a Given Bucket",
"operationId": "ListUsersWithAccessToBucket",
"parameters": [
{
"type": "string",
"name": "bucket",
"in": "path",
"required": true
},
{
"type": "integer",
"format": "int32",
"name": "offset",
"in": "query"
},
{
"type": "integer",
"format": "int32",
"name": "limit",
"in": "query"
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "array",
"items": {
"type": "string"
}
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/buckets": {
"get": {
"tags": [

90
restapi/operations/admin_api/list_users_with_access_to_bucket.go Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// ListUsersWithAccessToBucketHandlerFunc turns a function with the right signature into a list users with access to bucket handler
type ListUsersWithAccessToBucketHandlerFunc func(ListUsersWithAccessToBucketParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn ListUsersWithAccessToBucketHandlerFunc) Handle(params ListUsersWithAccessToBucketParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// ListUsersWithAccessToBucketHandler interface for that can handle valid list users with access to bucket params
type ListUsersWithAccessToBucketHandler interface {
Handle(ListUsersWithAccessToBucketParams, *models.Principal) middleware.Responder
}
// NewListUsersWithAccessToBucket creates a new http.Handler for the list users with access to bucket operation
func NewListUsersWithAccessToBucket(ctx *middleware.Context, handler ListUsersWithAccessToBucketHandler) *ListUsersWithAccessToBucket {
return &ListUsersWithAccessToBucket{Context: ctx, Handler: handler}
}
/*ListUsersWithAccessToBucket swagger:route GET /bucket-users/{bucket} AdminAPI listUsersWithAccessToBucket
List Users With Access to a Given Bucket
*/
type ListUsersWithAccessToBucket struct {
Context *middleware.Context
Handler ListUsersWithAccessToBucketHandler
}
func (o *ListUsersWithAccessToBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
r = rCtx
}
var Params = NewListUsersWithAccessToBucketParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
r = aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

155
restapi/operations/admin_api/list_users_with_access_to_bucket_parameters.go Normal file
View File

@@ -0,0 +1,155 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// NewListUsersWithAccessToBucketParams creates a new ListUsersWithAccessToBucketParams object
// no default values defined in spec.
func NewListUsersWithAccessToBucketParams() ListUsersWithAccessToBucketParams {
return ListUsersWithAccessToBucketParams{}
}
// ListUsersWithAccessToBucketParams contains all the bound params for the list users with access to bucket operation
// typically these are obtained from a http.Request
//
// swagger:parameters ListUsersWithAccessToBucket
type ListUsersWithAccessToBucketParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Bucket string
/*
In: query
*/
Limit *int32
/*
In: query
*/
Offset *int32
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewListUsersWithAccessToBucketParams() beforehand.
func (o *ListUsersWithAccessToBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
qs := runtime.Values(r.URL.Query())
rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
res = append(res, err)
}
qLimit, qhkLimit, _ := qs.GetOK("limit")
if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
res = append(res, err)
}
qOffset, qhkOffset, _ := qs.GetOK("offset")
if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindBucket binds and validates parameter Bucket from path.
func (o *ListUsersWithAccessToBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Bucket = raw
return nil
}
// bindLimit binds and validates parameter Limit from query.
func (o *ListUsersWithAccessToBucketParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
return nil
}
value, err := swag.ConvertInt32(raw)
if err != nil {
return errors.InvalidType("limit", "query", "int32", raw)
}
o.Limit = &value
return nil
}
// bindOffset binds and validates parameter Offset from query.
func (o *ListUsersWithAccessToBucketParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
return nil
}
value, err := swag.ConvertInt32(raw)
if err != nil {
return errors.InvalidType("offset", "query", "int32", raw)
}
o.Offset = &value
return nil
}

136
restapi/operations/admin_api/list_users_with_access_to_bucket_responses.go Normal file
View File

@@ -0,0 +1,136 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// ListUsersWithAccessToBucketOKCode is the HTTP code returned for type ListUsersWithAccessToBucketOK
const ListUsersWithAccessToBucketOKCode int = 200
/*ListUsersWithAccessToBucketOK A successful response.
swagger:response listUsersWithAccessToBucketOK
*/
type ListUsersWithAccessToBucketOK struct {
/*
In: Body
*/
Payload []string `json:"body,omitempty"`
}
// NewListUsersWithAccessToBucketOK creates ListUsersWithAccessToBucketOK with default headers values
func NewListUsersWithAccessToBucketOK() *ListUsersWithAccessToBucketOK {
return &ListUsersWithAccessToBucketOK{}
}
// WithPayload adds the payload to the list users with access to bucket o k response
func (o *ListUsersWithAccessToBucketOK) WithPayload(payload []string) *ListUsersWithAccessToBucketOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list users with access to bucket o k response
func (o *ListUsersWithAccessToBucketOK) SetPayload(payload []string) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListUsersWithAccessToBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if payload == nil {
// return empty array
payload = make([]string, 0, 50)
}
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*ListUsersWithAccessToBucketDefault Generic error response.
swagger:response listUsersWithAccessToBucketDefault
*/
type ListUsersWithAccessToBucketDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewListUsersWithAccessToBucketDefault creates ListUsersWithAccessToBucketDefault with default headers values
func NewListUsersWithAccessToBucketDefault(code int) *ListUsersWithAccessToBucketDefault {
if code <= 0 {
code = 500
}
return &ListUsersWithAccessToBucketDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the list users with access to bucket default response
func (o *ListUsersWithAccessToBucketDefault) WithStatusCode(code int) *ListUsersWithAccessToBucketDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the list users with access to bucket default response
func (o *ListUsersWithAccessToBucketDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the list users with access to bucket default response
func (o *ListUsersWithAccessToBucketDefault) WithPayload(payload *models.Error) *ListUsersWithAccessToBucketDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list users with access to bucket default response
func (o *ListUsersWithAccessToBucketDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListUsersWithAccessToBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

141
restapi/operations/admin_api/list_users_with_access_to_bucket_urlbuilder.go Normal file
View File

@@ -0,0 +1,141 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
"github.com/go-openapi/swag"
)
// ListUsersWithAccessToBucketURL generates an URL for the list users with access to bucket operation
type ListUsersWithAccessToBucketURL struct {
Bucket string
Limit *int32
Offset *int32
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListUsersWithAccessToBucketURL) WithBasePath(bp string) *ListUsersWithAccessToBucketURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListUsersWithAccessToBucketURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *ListUsersWithAccessToBucketURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/bucket-users/{bucket}"
bucket := o.Bucket
if bucket != "" {
_path = strings.Replace(_path, "{bucket}", bucket, -1)
} else {
return nil, errors.New("bucket is required on ListUsersWithAccessToBucketURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
qs := make(url.Values)
var limitQ string
if o.Limit != nil {
limitQ = swag.FormatInt32(*o.Limit)
}
if limitQ != "" {
qs.Set("limit", limitQ)
}
var offsetQ string
if o.Offset != nil {
offsetQ = swag.FormatInt32(*o.Offset)
}
if offsetQ != "" {
qs.Set("offset", offsetQ)
}
_result.RawQuery = qs.Encode()
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *ListUsersWithAccessToBucketURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *ListUsersWithAccessToBucketURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *ListUsersWithAccessToBucketURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on ListUsersWithAccessToBucketURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on ListUsersWithAccessToBucketURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *ListUsersWithAccessToBucketURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

90
restapi/operations/admin_api/list_users_with_bucket_access.go Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// ListUsersWithBucketAccessHandlerFunc turns a function with the right signature into a list users with bucket access handler
type ListUsersWithBucketAccessHandlerFunc func(ListUsersWithBucketAccessParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn ListUsersWithBucketAccessHandlerFunc) Handle(params ListUsersWithBucketAccessParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// ListUsersWithBucketAccessHandler interface for that can handle valid list users with bucket access params
type ListUsersWithBucketAccessHandler interface {
Handle(ListUsersWithBucketAccessParams, *models.Principal) middleware.Responder
}
// NewListUsersWithBucketAccess creates a new http.Handler for the list users with bucket access operation
func NewListUsersWithBucketAccess(ctx *middleware.Context, handler ListUsersWithBucketAccessHandler) *ListUsersWithBucketAccess {
return &ListUsersWithBucketAccess{Context: ctx, Handler: handler}
}
/*ListUsersWithBucketAccess swagger:route GET /bucket-users/{bucket} AdminAPI listUsersWithBucketAccess
List Users With Access to a Given Bucket
*/
type ListUsersWithBucketAccess struct {
Context *middleware.Context
Handler ListUsersWithBucketAccessHandler
}
func (o *ListUsersWithBucketAccess) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
r = rCtx
}
var Params = NewListUsersWithBucketAccessParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
r = aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

155
restapi/operations/admin_api/list_users_with_bucket_access_parameters.go Normal file
View File

@@ -0,0 +1,155 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// NewListUsersWithBucketAccessParams creates a new ListUsersWithBucketAccessParams object
// no default values defined in spec.
func NewListUsersWithBucketAccessParams() ListUsersWithBucketAccessParams {
return ListUsersWithBucketAccessParams{}
}
// ListUsersWithBucketAccessParams contains all the bound params for the list users with bucket access operation
// typically these are obtained from a http.Request
//
// swagger:parameters ListUsersWithBucketAccess
type ListUsersWithBucketAccessParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Bucket string
/*
In: query
*/
Limit *int32
/*
In: query
*/
Offset *int32
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewListUsersWithBucketAccessParams() beforehand.
func (o *ListUsersWithBucketAccessParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
qs := runtime.Values(r.URL.Query())
rBucket, rhkBucket, _ := route.Params.GetOK("bucket")
if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil {
res = append(res, err)
}
qLimit, qhkLimit, _ := qs.GetOK("limit")
if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil {
res = append(res, err)
}
qOffset, qhkOffset, _ := qs.GetOK("offset")
if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindBucket binds and validates parameter Bucket from path.
func (o *ListUsersWithBucketAccessParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Bucket = raw
return nil
}
// bindLimit binds and validates parameter Limit from query.
func (o *ListUsersWithBucketAccessParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
return nil
}
value, err := swag.ConvertInt32(raw)
if err != nil {
return errors.InvalidType("limit", "query", "int32", raw)
}
o.Limit = &value
return nil
}
// bindOffset binds and validates parameter Offset from query.
func (o *ListUsersWithBucketAccessParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
return nil
}
value, err := swag.ConvertInt32(raw)
if err != nil {
return errors.InvalidType("offset", "query", "int32", raw)
}
o.Offset = &value
return nil
}

133
restapi/operations/admin_api/list_users_with_bucket_access_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// ListUsersWithBucketAccessOKCode is the HTTP code returned for type ListUsersWithBucketAccessOK
const ListUsersWithBucketAccessOKCode int = 200
/*ListUsersWithBucketAccessOK A successful response.
swagger:response listUsersWithBucketAccessOK
*/
type ListUsersWithBucketAccessOK struct {
/*
In: Body
*/
Payload *models.User `json:"body,omitempty"`
}
// NewListUsersWithBucketAccessOK creates ListUsersWithBucketAccessOK with default headers values
func NewListUsersWithBucketAccessOK() *ListUsersWithBucketAccessOK {
return &ListUsersWithBucketAccessOK{}
}
// WithPayload adds the payload to the list users with bucket access o k response
func (o *ListUsersWithBucketAccessOK) WithPayload(payload *models.User) *ListUsersWithBucketAccessOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list users with bucket access o k response
func (o *ListUsersWithBucketAccessOK) SetPayload(payload *models.User) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListUsersWithBucketAccessOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*ListUsersWithBucketAccessDefault Generic error response.
swagger:response listUsersWithBucketAccessDefault
*/
type ListUsersWithBucketAccessDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewListUsersWithBucketAccessDefault creates ListUsersWithBucketAccessDefault with default headers values
func NewListUsersWithBucketAccessDefault(code int) *ListUsersWithBucketAccessDefault {
if code <= 0 {
code = 500
}
return &ListUsersWithBucketAccessDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the list users with bucket access default response
func (o *ListUsersWithBucketAccessDefault) WithStatusCode(code int) *ListUsersWithBucketAccessDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the list users with bucket access default response
func (o *ListUsersWithBucketAccessDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the list users with bucket access default response
func (o *ListUsersWithBucketAccessDefault) WithPayload(payload *models.Error) *ListUsersWithBucketAccessDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list users with bucket access default response
func (o *ListUsersWithBucketAccessDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListUsersWithBucketAccessDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

141
restapi/operations/admin_api/list_users_with_bucket_access_urlbuilder.go Normal file
View File

@@ -0,0 +1,141 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
"github.com/go-openapi/swag"
)
// ListUsersWithBucketAccessURL generates an URL for the list users with bucket access operation
type ListUsersWithBucketAccessURL struct {
Bucket string
Limit *int32
Offset *int32
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListUsersWithBucketAccessURL) WithBasePath(bp string) *ListUsersWithBucketAccessURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListUsersWithBucketAccessURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *ListUsersWithBucketAccessURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/bucket-users/{bucket}"
bucket := o.Bucket
if bucket != "" {
_path = strings.Replace(_path, "{bucket}", bucket, -1)
} else {
return nil, errors.New("bucket is required on ListUsersWithBucketAccessURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
qs := make(url.Values)
var limitQ string
if o.Limit != nil {
limitQ = swag.FormatInt32(*o.Limit)
}
if limitQ != "" {
qs.Set("limit", limitQ)
}
var offsetQ string
if o.Offset != nil {
offsetQ = swag.FormatInt32(*o.Offset)
}
if offsetQ != "" {
qs.Set("offset", offsetQ)
}
_result.RawQuery = qs.Encode()
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *ListUsersWithBucketAccessURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *ListUsersWithBucketAccessURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *ListUsersWithBucketAccessURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on ListUsersWithBucketAccessURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on ListUsersWithBucketAccessURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *ListUsersWithBucketAccessURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

12
restapi/operations/console_api.go
View File

@@ -223,6 +223,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
AdminAPIListUsersHandler: admin_api.ListUsersHandlerFunc(func(params admin_api.ListUsersParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListUsers has not yet been implemented")
}),
AdminAPIListUsersWithAccessToBucketHandler: admin_api.ListUsersWithAccessToBucketHandlerFunc(func(params admin_api.ListUsersWithAccessToBucketParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListUsersWithAccessToBucket has not yet been implemented")
}),
UserAPILogSearchHandler: user_api.LogSearchHandlerFunc(func(params user_api.LogSearchParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user_api.LogSearch has not yet been implemented")
}),
@@ -504,6 +507,8 @@ type ConsoleAPI struct {
UserAPIListUserServiceAccountsHandler user_api.ListUserServiceAccountsHandler
// AdminAPIListUsersHandler sets the operation handler for the list users operation
AdminAPIListUsersHandler admin_api.ListUsersHandler
// AdminAPIListUsersWithAccessToBucketHandler sets the operation handler for the list users with access to bucket operation
AdminAPIListUsersWithAccessToBucketHandler admin_api.ListUsersWithAccessToBucketHandler
// UserAPILogSearchHandler sets the operation handler for the log search operation
UserAPILogSearchHandler user_api.LogSearchHandler
// UserAPILoginHandler sets the operation handler for the login operation
@@ -821,6 +826,9 @@ func (o *ConsoleAPI) Validate() error {
if o.AdminAPIListUsersHandler == nil {
unregistered = append(unregistered, "admin_api.ListUsersHandler")
}
if o.AdminAPIListUsersWithAccessToBucketHandler == nil {
unregistered = append(unregistered, "admin_api.ListUsersWithAccessToBucketHandler")
}
if o.UserAPILogSearchHandler == nil {
unregistered = append(unregistered, "user_api.LogSearchHandler")
}
@@ -1261,6 +1269,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/bucket-users/{bucket}"] = admin_api.NewListUsersWithAccessToBucket(o.context, o.AdminAPIListUsersWithAccessToBucketHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/logs/search"] = user_api.NewLogSearch(o.context, o.UserAPILogSearchHandler)
if o.handlers["POST"] == nil {
o.handlers["POST"] = make(map[string]http.Handler)

32
swagger.yml
View File

@@ -1308,6 +1308,38 @@ paths:
tags:
- AdminAPI
/bucket-users/{bucket}:
get:
summary: List Users With Access to a Given Bucket
operationId: ListUsersWithAccessToBucket
parameters:
- name: bucket
in: path
required: true
type: string
- name: offset
in: query
required: false
type: integer
format: int32
- name: limit
in: query
required: false
type: integer
format: int32
responses:
200:
description: A successful response.
schema:
type: array
items:
type: string
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/policy:
get: