diff --git a/portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx b/portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx index 23c0337f3..6907ed6ca 100644 --- a/portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx +++ b/portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx @@ -58,6 +58,7 @@ import UsageIcon from "../../../../icons/UsageIcon"; import AddPolicy from "../../Policies/AddPolicy"; import SetAccessPolicy from "./SetAccessPolicy"; import { Policy } from "../../Policies/types"; +import { User } from "../../Users/types"; const styles = (theme: Theme) => createStyles({ @@ -222,6 +223,8 @@ const ViewBucket = ({ >([]); const [bucketPolicy, setBucketPolicy] = useState([]); const [loadingPolicy, setLoadingPolicy] = useState(true); + const [bucketUsers, setBucketUsers] = useState([]); + const [loadingUsers, setLoadingUsers] = useState(true); const [loadingBucket, setLoadingBucket] = useState(true); const [loadingEvents, setLoadingEvents] = useState(true); const [loadingVersioning, setLoadingVersioning] = useState(true); @@ -389,6 +392,21 @@ const ViewBucket = ({ } }, [loadingPolicy, setErrorSnackMessage, bucketName]); + useEffect(() => { + if (loadingUsers) { + api + .invoke("GET", `/api/v1/bucket-users/${bucketName}`) + .then((res: any) => { + setBucketUsers(res); + setLoadingUsers(false); + }) + .catch((err: any) => { + setErrorSnackMessage(err); + setLoadingUsers(false); + }); + } + }, [loadingUsers, setErrorSnackMessage, bucketName]); + useEffect(() => { if (loadingSize) { api @@ -773,6 +791,7 @@ const ViewBucket = ({ )} + @@ -867,6 +886,15 @@ const ViewBucket = ({ idField="name" /> + + + diff --git a/portal-ui/src/screens/Console/Buckets/types.tsx b/portal-ui/src/screens/Console/Buckets/types.tsx index 6f0053bdc..a01499014 100644 --- a/portal-ui/src/screens/Console/Buckets/types.tsx +++ b/portal-ui/src/screens/Console/Buckets/types.tsx @@ -47,6 +47,11 @@ export interface BucketEventList { total: number; } +export interface BucketPolicy { + name: string; + body: string; +} + export interface ArnList { arns: string[]; } diff --git a/restapi/admin_users.go b/restapi/admin_users.go index bcc02a040..d87dbd19b 100644 --- a/restapi/admin_users.go +++ b/restapi/admin_users.go @@ -91,6 +91,13 @@ func registerUsersHandlers(api *operations.ConsoleAPI) { return admin_api.NewBulkUpdateUsersGroupsOK() }) + api.AdminAPIListUsersWithAccessToBucketHandler = admin_api.ListUsersWithAccessToBucketHandlerFunc(func(params admin_api.ListUsersWithAccessToBucketParams, session *models.Principal) middleware.Responder { + response, err := getListUsersWithAccessToBucketResponse(session, params.Bucket) + if err != nil { + return admin_api.NewListUsersWithAccessToBucketDefault(int(err.Code)).WithPayload(err) + } + return admin_api.NewListUsersWithAccessToBucketOK().WithPayload(response) + }) } func listUsers(ctx context.Context, client MinioAdmin) ([]*models.User, error) { @@ -467,3 +474,66 @@ func getAddUsersListToGroupsResponse(session *models.Principal, params admin_api return nil } + +func getListUsersWithAccessToBucketResponse(session *models.Principal, bucket string) ([]string, *models.Error) { + ctx := context.Background() + mAdmin, err := newMAdminClient(session) + if err != nil { + return nil, prepareError(err) + } + // create a minioClient interface implementation + // defining the client to be used + adminClient := adminClient{client: mAdmin} + + users, err := listUsers(ctx, adminClient) + if err != nil { + return nil, prepareError(err) + } + var retval []string + seen := make(map[string]bool) + for i := 0; i < len(users); i++ { + policy, err := adminClient.getPolicy(ctx, users[i].Policy) + if err == nil { + parsedPolicy, err2 := parsePolicy(users[i].Policy, policy) + if err2 == nil && policyMatchesBucket(parsedPolicy, bucket) { + retval = append(retval, users[i].AccessKey) + seen[users[i].AccessKey] = true + } + if err2 != nil { + log.Println(err2) + } + } else { + log.Println(err) + } + } + + groups, err := listGroups(ctx, adminClient) + if err != nil { + log.Println(err) + return retval, nil + } + for i := 0; i < len(*groups); i++ { + info, err := groupInfo(ctx, adminClient, (*groups)[i]) + if err == nil { + policy, err2 := adminClient.getPolicy(ctx, info.Policy) + if err2 == nil { + parsedPolicy, err3 := parsePolicy(info.Policy, policy) + for j := 0; j < len(info.Members); j++ { + if err3 == nil && !seen[info.Members[j]] && policyMatchesBucket(parsedPolicy, bucket) { + retval = append(retval, info.Members[j]) + seen[info.Members[j]] = true + } + if err3 != nil { + log.Println(err3) + } + } + } else { + log.Println(err2) + } + } else { + log.Println(err) + } + } + // serialize output + return retval, nil +} diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go index dde2c3275..03f314f1e 100644 --- a/restapi/embedded_spec.go +++ b/restapi/embedded_spec.go @@ -246,6 +246,52 @@ func init() { } } }, + "/bucket-users/{bucket}": { + "get": { + "tags": [ + "AdminAPI" + ], + "summary": "List Users With Access to a Given Bucket", + "operationId": "ListUsersWithAccessToBucket", + "parameters": [ + { + "type": "string", + "name": "bucket", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int32", + "name": "offset", + "in": "query" + }, + { + "type": "integer", + "format": "int32", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "default": { + "description": "Generic error response.", + "schema": { + "$ref": "#/definitions/error" + } + } + } + } + }, "/buckets": { "get": { "tags": [ @@ -6091,6 +6137,52 @@ func init() { } } }, + "/bucket-users/{bucket}": { + "get": { + "tags": [ + "AdminAPI" + ], + "summary": "List Users With Access to a Given Bucket", + "operationId": "ListUsersWithAccessToBucket", + "parameters": [ + { + "type": "string", + "name": "bucket", + "in": "path", + "required": true + }, + { + "type": "integer", + "format": "int32", + "name": "offset", + "in": "query" + }, + { + "type": "integer", + "format": "int32", + "name": "limit", + "in": "query" + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "default": { + "description": "Generic error response.", + "schema": { + "$ref": "#/definitions/error" + } + } + } + } + }, "/buckets": { "get": { "tags": [ diff --git a/restapi/operations/admin_api/list_users_with_access_to_bucket.go b/restapi/operations/admin_api/list_users_with_access_to_bucket.go new file mode 100644 index 000000000..dbe7d7b77 --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_access_to_bucket.go @@ -0,0 +1,90 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime/middleware" + + "github.com/minio/console/models" +) + +// ListUsersWithAccessToBucketHandlerFunc turns a function with the right signature into a list users with access to bucket handler +type ListUsersWithAccessToBucketHandlerFunc func(ListUsersWithAccessToBucketParams, *models.Principal) middleware.Responder + +// Handle executing the request and returning a response +func (fn ListUsersWithAccessToBucketHandlerFunc) Handle(params ListUsersWithAccessToBucketParams, principal *models.Principal) middleware.Responder { + return fn(params, principal) +} + +// ListUsersWithAccessToBucketHandler interface for that can handle valid list users with access to bucket params +type ListUsersWithAccessToBucketHandler interface { + Handle(ListUsersWithAccessToBucketParams, *models.Principal) middleware.Responder +} + +// NewListUsersWithAccessToBucket creates a new http.Handler for the list users with access to bucket operation +func NewListUsersWithAccessToBucket(ctx *middleware.Context, handler ListUsersWithAccessToBucketHandler) *ListUsersWithAccessToBucket { + return &ListUsersWithAccessToBucket{Context: ctx, Handler: handler} +} + +/*ListUsersWithAccessToBucket swagger:route GET /bucket-users/{bucket} AdminAPI listUsersWithAccessToBucket + +List Users With Access to a Given Bucket + +*/ +type ListUsersWithAccessToBucket struct { + Context *middleware.Context + Handler ListUsersWithAccessToBucketHandler +} + +func (o *ListUsersWithAccessToBucket) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + r = rCtx + } + var Params = NewListUsersWithAccessToBucketParams() + + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal *models.Principal + if uprinc != nil { + principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise + } + + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params, principal) // actually handle the request + + o.Context.Respond(rw, r, route.Produces, route, res) + +} diff --git a/restapi/operations/admin_api/list_users_with_access_to_bucket_parameters.go b/restapi/operations/admin_api/list_users_with_access_to_bucket_parameters.go new file mode 100644 index 000000000..a33395ced --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_access_to_bucket_parameters.go @@ -0,0 +1,155 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// NewListUsersWithAccessToBucketParams creates a new ListUsersWithAccessToBucketParams object +// no default values defined in spec. +func NewListUsersWithAccessToBucketParams() ListUsersWithAccessToBucketParams { + + return ListUsersWithAccessToBucketParams{} +} + +// ListUsersWithAccessToBucketParams contains all the bound params for the list users with access to bucket operation +// typically these are obtained from a http.Request +// +// swagger:parameters ListUsersWithAccessToBucket +type ListUsersWithAccessToBucketParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` + + /* + Required: true + In: path + */ + Bucket string + /* + In: query + */ + Limit *int32 + /* + In: query + */ + Offset *int32 +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewListUsersWithAccessToBucketParams() beforehand. +func (o *ListUsersWithAccessToBucketParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + qs := runtime.Values(r.URL.Query()) + + rBucket, rhkBucket, _ := route.Params.GetOK("bucket") + if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil { + res = append(res, err) + } + + qLimit, qhkLimit, _ := qs.GetOK("limit") + if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil { + res = append(res, err) + } + + qOffset, qhkOffset, _ := qs.GetOK("offset") + if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// bindBucket binds and validates parameter Bucket from path. +func (o *ListUsersWithAccessToBucketParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: true + // Parameter is provided by construction from the route + + o.Bucket = raw + + return nil +} + +// bindLimit binds and validates parameter Limit from query. +func (o *ListUsersWithAccessToBucketParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: false + // AllowEmptyValue: false + if raw == "" { // empty values pass all other validations + return nil + } + + value, err := swag.ConvertInt32(raw) + if err != nil { + return errors.InvalidType("limit", "query", "int32", raw) + } + o.Limit = &value + + return nil +} + +// bindOffset binds and validates parameter Offset from query. +func (o *ListUsersWithAccessToBucketParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: false + // AllowEmptyValue: false + if raw == "" { // empty values pass all other validations + return nil + } + + value, err := swag.ConvertInt32(raw) + if err != nil { + return errors.InvalidType("offset", "query", "int32", raw) + } + o.Offset = &value + + return nil +} diff --git a/restapi/operations/admin_api/list_users_with_access_to_bucket_responses.go b/restapi/operations/admin_api/list_users_with_access_to_bucket_responses.go new file mode 100644 index 000000000..34bb3e99b --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_access_to_bucket_responses.go @@ -0,0 +1,136 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" + + "github.com/minio/console/models" +) + +// ListUsersWithAccessToBucketOKCode is the HTTP code returned for type ListUsersWithAccessToBucketOK +const ListUsersWithAccessToBucketOKCode int = 200 + +/*ListUsersWithAccessToBucketOK A successful response. + +swagger:response listUsersWithAccessToBucketOK +*/ +type ListUsersWithAccessToBucketOK struct { + + /* + In: Body + */ + Payload []string `json:"body,omitempty"` +} + +// NewListUsersWithAccessToBucketOK creates ListUsersWithAccessToBucketOK with default headers values +func NewListUsersWithAccessToBucketOK() *ListUsersWithAccessToBucketOK { + + return &ListUsersWithAccessToBucketOK{} +} + +// WithPayload adds the payload to the list users with access to bucket o k response +func (o *ListUsersWithAccessToBucketOK) WithPayload(payload []string) *ListUsersWithAccessToBucketOK { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list users with access to bucket o k response +func (o *ListUsersWithAccessToBucketOK) SetPayload(payload []string) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListUsersWithAccessToBucketOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(200) + payload := o.Payload + if payload == nil { + // return empty array + payload = make([]string, 0, 50) + } + + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } +} + +/*ListUsersWithAccessToBucketDefault Generic error response. + +swagger:response listUsersWithAccessToBucketDefault +*/ +type ListUsersWithAccessToBucketDefault struct { + _statusCode int + + /* + In: Body + */ + Payload *models.Error `json:"body,omitempty"` +} + +// NewListUsersWithAccessToBucketDefault creates ListUsersWithAccessToBucketDefault with default headers values +func NewListUsersWithAccessToBucketDefault(code int) *ListUsersWithAccessToBucketDefault { + if code <= 0 { + code = 500 + } + + return &ListUsersWithAccessToBucketDefault{ + _statusCode: code, + } +} + +// WithStatusCode adds the status to the list users with access to bucket default response +func (o *ListUsersWithAccessToBucketDefault) WithStatusCode(code int) *ListUsersWithAccessToBucketDefault { + o._statusCode = code + return o +} + +// SetStatusCode sets the status to the list users with access to bucket default response +func (o *ListUsersWithAccessToBucketDefault) SetStatusCode(code int) { + o._statusCode = code +} + +// WithPayload adds the payload to the list users with access to bucket default response +func (o *ListUsersWithAccessToBucketDefault) WithPayload(payload *models.Error) *ListUsersWithAccessToBucketDefault { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list users with access to bucket default response +func (o *ListUsersWithAccessToBucketDefault) SetPayload(payload *models.Error) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListUsersWithAccessToBucketDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(o._statusCode) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} diff --git a/restapi/operations/admin_api/list_users_with_access_to_bucket_urlbuilder.go b/restapi/operations/admin_api/list_users_with_access_to_bucket_urlbuilder.go new file mode 100644 index 000000000..e9539cb9d --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_access_to_bucket_urlbuilder.go @@ -0,0 +1,141 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "errors" + "net/url" + golangswaggerpaths "path" + "strings" + + "github.com/go-openapi/swag" +) + +// ListUsersWithAccessToBucketURL generates an URL for the list users with access to bucket operation +type ListUsersWithAccessToBucketURL struct { + Bucket string + + Limit *int32 + Offset *int32 + + _basePath string + // avoid unkeyed usage + _ struct{} +} + +// WithBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListUsersWithAccessToBucketURL) WithBasePath(bp string) *ListUsersWithAccessToBucketURL { + o.SetBasePath(bp) + return o +} + +// SetBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListUsersWithAccessToBucketURL) SetBasePath(bp string) { + o._basePath = bp +} + +// Build a url path and query string +func (o *ListUsersWithAccessToBucketURL) Build() (*url.URL, error) { + var _result url.URL + + var _path = "/bucket-users/{bucket}" + + bucket := o.Bucket + if bucket != "" { + _path = strings.Replace(_path, "{bucket}", bucket, -1) + } else { + return nil, errors.New("bucket is required on ListUsersWithAccessToBucketURL") + } + + _basePath := o._basePath + if _basePath == "" { + _basePath = "/api/v1" + } + _result.Path = golangswaggerpaths.Join(_basePath, _path) + + qs := make(url.Values) + + var limitQ string + if o.Limit != nil { + limitQ = swag.FormatInt32(*o.Limit) + } + if limitQ != "" { + qs.Set("limit", limitQ) + } + + var offsetQ string + if o.Offset != nil { + offsetQ = swag.FormatInt32(*o.Offset) + } + if offsetQ != "" { + qs.Set("offset", offsetQ) + } + + _result.RawQuery = qs.Encode() + + return &_result, nil +} + +// Must is a helper function to panic when the url builder returns an error +func (o *ListUsersWithAccessToBucketURL) Must(u *url.URL, err error) *url.URL { + if err != nil { + panic(err) + } + if u == nil { + panic("url can't be nil") + } + return u +} + +// String returns the string representation of the path with query string +func (o *ListUsersWithAccessToBucketURL) String() string { + return o.Must(o.Build()).String() +} + +// BuildFull builds a full url with scheme, host, path and query string +func (o *ListUsersWithAccessToBucketURL) BuildFull(scheme, host string) (*url.URL, error) { + if scheme == "" { + return nil, errors.New("scheme is required for a full url on ListUsersWithAccessToBucketURL") + } + if host == "" { + return nil, errors.New("host is required for a full url on ListUsersWithAccessToBucketURL") + } + + base, err := o.Build() + if err != nil { + return nil, err + } + + base.Scheme = scheme + base.Host = host + return base, nil +} + +// StringFull returns the string representation of a complete url +func (o *ListUsersWithAccessToBucketURL) StringFull(scheme, host string) string { + return o.Must(o.BuildFull(scheme, host)).String() +} diff --git a/restapi/operations/admin_api/list_users_with_bucket_access.go b/restapi/operations/admin_api/list_users_with_bucket_access.go new file mode 100644 index 000000000..d6b0df232 --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_bucket_access.go @@ -0,0 +1,90 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime/middleware" + + "github.com/minio/console/models" +) + +// ListUsersWithBucketAccessHandlerFunc turns a function with the right signature into a list users with bucket access handler +type ListUsersWithBucketAccessHandlerFunc func(ListUsersWithBucketAccessParams, *models.Principal) middleware.Responder + +// Handle executing the request and returning a response +func (fn ListUsersWithBucketAccessHandlerFunc) Handle(params ListUsersWithBucketAccessParams, principal *models.Principal) middleware.Responder { + return fn(params, principal) +} + +// ListUsersWithBucketAccessHandler interface for that can handle valid list users with bucket access params +type ListUsersWithBucketAccessHandler interface { + Handle(ListUsersWithBucketAccessParams, *models.Principal) middleware.Responder +} + +// NewListUsersWithBucketAccess creates a new http.Handler for the list users with bucket access operation +func NewListUsersWithBucketAccess(ctx *middleware.Context, handler ListUsersWithBucketAccessHandler) *ListUsersWithBucketAccess { + return &ListUsersWithBucketAccess{Context: ctx, Handler: handler} +} + +/*ListUsersWithBucketAccess swagger:route GET /bucket-users/{bucket} AdminAPI listUsersWithBucketAccess + +List Users With Access to a Given Bucket + +*/ +type ListUsersWithBucketAccess struct { + Context *middleware.Context + Handler ListUsersWithBucketAccessHandler +} + +func (o *ListUsersWithBucketAccess) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + r = rCtx + } + var Params = NewListUsersWithBucketAccessParams() + + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + r = aCtx + } + var principal *models.Principal + if uprinc != nil { + principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise + } + + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params, principal) // actually handle the request + + o.Context.Respond(rw, r, route.Produces, route, res) + +} diff --git a/restapi/operations/admin_api/list_users_with_bucket_access_parameters.go b/restapi/operations/admin_api/list_users_with_bucket_access_parameters.go new file mode 100644 index 000000000..6a253d2b4 --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_bucket_access_parameters.go @@ -0,0 +1,155 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// NewListUsersWithBucketAccessParams creates a new ListUsersWithBucketAccessParams object +// no default values defined in spec. +func NewListUsersWithBucketAccessParams() ListUsersWithBucketAccessParams { + + return ListUsersWithBucketAccessParams{} +} + +// ListUsersWithBucketAccessParams contains all the bound params for the list users with bucket access operation +// typically these are obtained from a http.Request +// +// swagger:parameters ListUsersWithBucketAccess +type ListUsersWithBucketAccessParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` + + /* + Required: true + In: path + */ + Bucket string + /* + In: query + */ + Limit *int32 + /* + In: query + */ + Offset *int32 +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewListUsersWithBucketAccessParams() beforehand. +func (o *ListUsersWithBucketAccessParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + qs := runtime.Values(r.URL.Query()) + + rBucket, rhkBucket, _ := route.Params.GetOK("bucket") + if err := o.bindBucket(rBucket, rhkBucket, route.Formats); err != nil { + res = append(res, err) + } + + qLimit, qhkLimit, _ := qs.GetOK("limit") + if err := o.bindLimit(qLimit, qhkLimit, route.Formats); err != nil { + res = append(res, err) + } + + qOffset, qhkOffset, _ := qs.GetOK("offset") + if err := o.bindOffset(qOffset, qhkOffset, route.Formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// bindBucket binds and validates parameter Bucket from path. +func (o *ListUsersWithBucketAccessParams) bindBucket(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: true + // Parameter is provided by construction from the route + + o.Bucket = raw + + return nil +} + +// bindLimit binds and validates parameter Limit from query. +func (o *ListUsersWithBucketAccessParams) bindLimit(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: false + // AllowEmptyValue: false + if raw == "" { // empty values pass all other validations + return nil + } + + value, err := swag.ConvertInt32(raw) + if err != nil { + return errors.InvalidType("limit", "query", "int32", raw) + } + o.Limit = &value + + return nil +} + +// bindOffset binds and validates parameter Offset from query. +func (o *ListUsersWithBucketAccessParams) bindOffset(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: false + // AllowEmptyValue: false + if raw == "" { // empty values pass all other validations + return nil + } + + value, err := swag.ConvertInt32(raw) + if err != nil { + return errors.InvalidType("offset", "query", "int32", raw) + } + o.Offset = &value + + return nil +} diff --git a/restapi/operations/admin_api/list_users_with_bucket_access_responses.go b/restapi/operations/admin_api/list_users_with_bucket_access_responses.go new file mode 100644 index 000000000..10b316b59 --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_bucket_access_responses.go @@ -0,0 +1,133 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" + + "github.com/minio/console/models" +) + +// ListUsersWithBucketAccessOKCode is the HTTP code returned for type ListUsersWithBucketAccessOK +const ListUsersWithBucketAccessOKCode int = 200 + +/*ListUsersWithBucketAccessOK A successful response. + +swagger:response listUsersWithBucketAccessOK +*/ +type ListUsersWithBucketAccessOK struct { + + /* + In: Body + */ + Payload *models.User `json:"body,omitempty"` +} + +// NewListUsersWithBucketAccessOK creates ListUsersWithBucketAccessOK with default headers values +func NewListUsersWithBucketAccessOK() *ListUsersWithBucketAccessOK { + + return &ListUsersWithBucketAccessOK{} +} + +// WithPayload adds the payload to the list users with bucket access o k response +func (o *ListUsersWithBucketAccessOK) WithPayload(payload *models.User) *ListUsersWithBucketAccessOK { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list users with bucket access o k response +func (o *ListUsersWithBucketAccessOK) SetPayload(payload *models.User) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListUsersWithBucketAccessOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(200) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} + +/*ListUsersWithBucketAccessDefault Generic error response. + +swagger:response listUsersWithBucketAccessDefault +*/ +type ListUsersWithBucketAccessDefault struct { + _statusCode int + + /* + In: Body + */ + Payload *models.Error `json:"body,omitempty"` +} + +// NewListUsersWithBucketAccessDefault creates ListUsersWithBucketAccessDefault with default headers values +func NewListUsersWithBucketAccessDefault(code int) *ListUsersWithBucketAccessDefault { + if code <= 0 { + code = 500 + } + + return &ListUsersWithBucketAccessDefault{ + _statusCode: code, + } +} + +// WithStatusCode adds the status to the list users with bucket access default response +func (o *ListUsersWithBucketAccessDefault) WithStatusCode(code int) *ListUsersWithBucketAccessDefault { + o._statusCode = code + return o +} + +// SetStatusCode sets the status to the list users with bucket access default response +func (o *ListUsersWithBucketAccessDefault) SetStatusCode(code int) { + o._statusCode = code +} + +// WithPayload adds the payload to the list users with bucket access default response +func (o *ListUsersWithBucketAccessDefault) WithPayload(payload *models.Error) *ListUsersWithBucketAccessDefault { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list users with bucket access default response +func (o *ListUsersWithBucketAccessDefault) SetPayload(payload *models.Error) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListUsersWithBucketAccessDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(o._statusCode) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} diff --git a/restapi/operations/admin_api/list_users_with_bucket_access_urlbuilder.go b/restapi/operations/admin_api/list_users_with_bucket_access_urlbuilder.go new file mode 100644 index 000000000..95cfb77f5 --- /dev/null +++ b/restapi/operations/admin_api/list_users_with_bucket_access_urlbuilder.go @@ -0,0 +1,141 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "errors" + "net/url" + golangswaggerpaths "path" + "strings" + + "github.com/go-openapi/swag" +) + +// ListUsersWithBucketAccessURL generates an URL for the list users with bucket access operation +type ListUsersWithBucketAccessURL struct { + Bucket string + + Limit *int32 + Offset *int32 + + _basePath string + // avoid unkeyed usage + _ struct{} +} + +// WithBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListUsersWithBucketAccessURL) WithBasePath(bp string) *ListUsersWithBucketAccessURL { + o.SetBasePath(bp) + return o +} + +// SetBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListUsersWithBucketAccessURL) SetBasePath(bp string) { + o._basePath = bp +} + +// Build a url path and query string +func (o *ListUsersWithBucketAccessURL) Build() (*url.URL, error) { + var _result url.URL + + var _path = "/bucket-users/{bucket}" + + bucket := o.Bucket + if bucket != "" { + _path = strings.Replace(_path, "{bucket}", bucket, -1) + } else { + return nil, errors.New("bucket is required on ListUsersWithBucketAccessURL") + } + + _basePath := o._basePath + if _basePath == "" { + _basePath = "/api/v1" + } + _result.Path = golangswaggerpaths.Join(_basePath, _path) + + qs := make(url.Values) + + var limitQ string + if o.Limit != nil { + limitQ = swag.FormatInt32(*o.Limit) + } + if limitQ != "" { + qs.Set("limit", limitQ) + } + + var offsetQ string + if o.Offset != nil { + offsetQ = swag.FormatInt32(*o.Offset) + } + if offsetQ != "" { + qs.Set("offset", offsetQ) + } + + _result.RawQuery = qs.Encode() + + return &_result, nil +} + +// Must is a helper function to panic when the url builder returns an error +func (o *ListUsersWithBucketAccessURL) Must(u *url.URL, err error) *url.URL { + if err != nil { + panic(err) + } + if u == nil { + panic("url can't be nil") + } + return u +} + +// String returns the string representation of the path with query string +func (o *ListUsersWithBucketAccessURL) String() string { + return o.Must(o.Build()).String() +} + +// BuildFull builds a full url with scheme, host, path and query string +func (o *ListUsersWithBucketAccessURL) BuildFull(scheme, host string) (*url.URL, error) { + if scheme == "" { + return nil, errors.New("scheme is required for a full url on ListUsersWithBucketAccessURL") + } + if host == "" { + return nil, errors.New("host is required for a full url on ListUsersWithBucketAccessURL") + } + + base, err := o.Build() + if err != nil { + return nil, err + } + + base.Scheme = scheme + base.Host = host + return base, nil +} + +// StringFull returns the string representation of a complete url +func (o *ListUsersWithBucketAccessURL) StringFull(scheme, host string) string { + return o.Must(o.BuildFull(scheme, host)).String() +} diff --git a/restapi/operations/console_api.go b/restapi/operations/console_api.go index 2fc51bd0c..3a87e678a 100644 --- a/restapi/operations/console_api.go +++ b/restapi/operations/console_api.go @@ -223,6 +223,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI { AdminAPIListUsersHandler: admin_api.ListUsersHandlerFunc(func(params admin_api.ListUsersParams, principal *models.Principal) middleware.Responder { return middleware.NotImplemented("operation admin_api.ListUsers has not yet been implemented") }), + AdminAPIListUsersWithAccessToBucketHandler: admin_api.ListUsersWithAccessToBucketHandlerFunc(func(params admin_api.ListUsersWithAccessToBucketParams, principal *models.Principal) middleware.Responder { + return middleware.NotImplemented("operation admin_api.ListUsersWithAccessToBucket has not yet been implemented") + }), UserAPILogSearchHandler: user_api.LogSearchHandlerFunc(func(params user_api.LogSearchParams, principal *models.Principal) middleware.Responder { return middleware.NotImplemented("operation user_api.LogSearch has not yet been implemented") }), @@ -504,6 +507,8 @@ type ConsoleAPI struct { UserAPIListUserServiceAccountsHandler user_api.ListUserServiceAccountsHandler // AdminAPIListUsersHandler sets the operation handler for the list users operation AdminAPIListUsersHandler admin_api.ListUsersHandler + // AdminAPIListUsersWithAccessToBucketHandler sets the operation handler for the list users with access to bucket operation + AdminAPIListUsersWithAccessToBucketHandler admin_api.ListUsersWithAccessToBucketHandler // UserAPILogSearchHandler sets the operation handler for the log search operation UserAPILogSearchHandler user_api.LogSearchHandler // UserAPILoginHandler sets the operation handler for the login operation @@ -821,6 +826,9 @@ func (o *ConsoleAPI) Validate() error { if o.AdminAPIListUsersHandler == nil { unregistered = append(unregistered, "admin_api.ListUsersHandler") } + if o.AdminAPIListUsersWithAccessToBucketHandler == nil { + unregistered = append(unregistered, "admin_api.ListUsersWithAccessToBucketHandler") + } if o.UserAPILogSearchHandler == nil { unregistered = append(unregistered, "user_api.LogSearchHandler") } @@ -1261,6 +1269,10 @@ func (o *ConsoleAPI) initHandlerCache() { if o.handlers["GET"] == nil { o.handlers["GET"] = make(map[string]http.Handler) } + o.handlers["GET"]["/bucket-users/{bucket}"] = admin_api.NewListUsersWithAccessToBucket(o.context, o.AdminAPIListUsersWithAccessToBucketHandler) + if o.handlers["GET"] == nil { + o.handlers["GET"] = make(map[string]http.Handler) + } o.handlers["GET"]["/logs/search"] = user_api.NewLogSearch(o.context, o.UserAPILogSearchHandler) if o.handlers["POST"] == nil { o.handlers["POST"] = make(map[string]http.Handler) diff --git a/swagger.yml b/swagger.yml index 072449a1a..5cc71ef2e 100644 --- a/swagger.yml +++ b/swagger.yml @@ -1308,6 +1308,38 @@ paths: tags: - AdminAPI + /bucket-users/{bucket}: + get: + summary: List Users With Access to a Given Bucket + operationId: ListUsersWithAccessToBucket + parameters: + - name: bucket + in: path + required: true + type: string + - name: offset + in: query + required: false + type: integer + format: int32 + - name: limit + in: query + required: false + type: integer + format: int32 + responses: + 200: + description: A successful response. + schema: + type: array + items: + type: string + default: + description: Generic error response. + schema: + $ref: "#/definitions/error" + tags: + - AdminAPI /policy: get: