mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

List Service Accounts for a User (#775)

Browse Source
This commit is contained in:
Daniel Valdivia
2021-05-28 17:46:36 -07:00
committed by GitHub
parent c95bc64dbe
commit 7db4e187ec
12 changed files with 776 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
portal-ui/src/screens/Console/Users/UserDetails.tsx
View File

@@ -41,6 +41,7 @@ import ChangeUserGroups from "./ChangeUserGroups";
import SetUserPolicies from "./SetUserPolicies";
import { Bookmark } from "@material-ui/icons";
import history from "../../../history";
import UserServiceAccountsPanel from "./UserServiceAccountsPanel";
const styles = (theme: Theme) =>
createStyles({
@@ -269,7 +270,8 @@ const UserDetails = ({ classes, match }: IUserDetailsProps) => {
scrollButtons="auto"
>
<Tab label="Groups" {...a11yProps(0)} />
<Tab label="Policies" {...a11yProps(0)} />
<Tab label="Service Accounts" {...a11yProps(2)} />
<Tab label="Policies" {...a11yProps(1)} />
</Tabs>
</Grid>
<Grid item xs={3} className={classes.actionsTray}>
@@ -286,7 +288,7 @@ const UserDetails = ({ classes, match }: IUserDetailsProps) => {
Add to Groups
</Button>
)}
{curTab === 1 && (
{curTab === 2 && (
<Fragment>
<Button
variant="contained"
@@ -314,8 +316,10 @@ const UserDetails = ({ classes, match }: IUserDetailsProps) => {
idField="group"
/>
</TabPanel>
<TabPanel index={1} value={curTab}>
<UserServiceAccountsPanel user={userName} />
</TabPanel>
<TabPanel index={2} value={curTab}>
<TableWrapper
itemActions={[
{

216
portal-ui/src/screens/Console/Users/UserServiceAccountsPanel.tsx Normal file
View File

@@ -0,0 +1,216 @@
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
import React, { useEffect, useState } from "react";
import { connect } from "react-redux";
import { createStyles, Theme, withStyles } from "@material-ui/core/styles";
import { TextField } from "@material-ui/core";
import Grid from "@material-ui/core/Grid";
import InputAdornment from "@material-ui/core/InputAdornment";
import SearchIcon from "@material-ui/icons/Search";
import {
actionsTray,
searchField,
} from "../Common/FormComponents/common/styleLibrary";
import api from "../../../common/api";
import TableWrapper from "../Common/TableWrapper/TableWrapper";
import { AppState } from "../../../store";
import { setErrorSnackMessage } from "../../../actions";
import { NewServiceAccount } from "../Common/CredentialsPrompt/types";
import { stringSort } from "../../../utils/sortFunctions";
import AddServiceAccount from "../Account/AddServiceAccount";
import DeleteServiceAccount from "../Account/DeleteServiceAccount";
import CredentialsPrompt from "../Common/CredentialsPrompt/CredentialsPrompt";
interface IUserServiceAccountsProps {
classes: any;
user: string;
setErrorSnackMessage: typeof setErrorSnackMessage;
}
const styles = (theme: Theme) =>
createStyles({
...searchField,
...actionsTray,
actionsTray: {
...actionsTray.actionsTray,
padding: "15px 0 0",
},
});
const UserServiceAccountsPanel = ({
classes,
user,
setErrorSnackMessage,
}: IUserServiceAccountsProps) => {
const [records, setRecords] = useState<string[]>([]);
const [loading, setLoading] = useState<boolean>(false);
const [filter, setFilter] = useState<string>("");
const [addScreenOpen, setAddScreenOpen] = useState<boolean>(false);
const [deleteOpen, setDeleteOpen] = useState<boolean>(false);
const [selectedServiceAccount, setSelectedServiceAccount] =
useState<string | null>(null);
const [showNewCredentials, setShowNewCredentials] = useState<boolean>(false);
const [newServiceAccount, setNewServiceAccount] =
useState<NewServiceAccount | null>(null);
const [changePasswordModalOpen, setChangePasswordModalOpen] =
useState<boolean>(false);
useEffect(() => {
fetchRecords();
}, []);
useEffect(() => {
if (loading) {
api
.invoke("GET", `/api/v1/users/${user}/service-accounts`)
.then((res: string[]) => {
const serviceAccounts = res.sort(stringSort);
setLoading(false);
setRecords(serviceAccounts);
})
.catch((err) => {
setErrorSnackMessage(err);
setLoading(false);
});
}
}, [loading, setLoading, setRecords, setErrorSnackMessage]);
const fetchRecords = () => {
setLoading(true);
};
const closeAddModalAndRefresh = (res: NewServiceAccount | null) => {
setAddScreenOpen(false);
fetchRecords();
if (res !== null) {
const nsa: NewServiceAccount = {
console: {
accessKey: `${res.accessKey}`,
secretKey: `${res.secretKey}`,
},
};
setNewServiceAccount(nsa);
setShowNewCredentials(true);
}
};
const closeDeleteModalAndRefresh = (refresh: boolean) => {
setDeleteOpen(false);
if (refresh) {
fetchRecords();
}
};
const closeCredentialsModal = () => {
setShowNewCredentials(false);
setNewServiceAccount(null);
};
const confirmDeleteServiceAccount = (selectedServiceAccount: string) => {
setSelectedServiceAccount(selectedServiceAccount);
setDeleteOpen(true);
};
const tableActions = [
{ type: "delete", onClick: confirmDeleteServiceAccount },
];
const filteredRecords = records.filter((elementItem) =>
elementItem.toLowerCase().includes(filter.toLowerCase())
);
return (
<React.Fragment>
{addScreenOpen && (
<AddServiceAccount
open={addScreenOpen}
closeModalAndRefresh={(res: NewServiceAccount | null) => {
closeAddModalAndRefresh(res);
}}
/>
)}
{deleteOpen && (
<DeleteServiceAccount
deleteOpen={deleteOpen}
selectedServiceAccount={selectedServiceAccount}
closeDeleteModalAndRefresh={(refresh: boolean) => {
closeDeleteModalAndRefresh(refresh);
}}
/>
)}
{showNewCredentials && (
<CredentialsPrompt
newServiceAccount={newServiceAccount}
open={showNewCredentials}
closeModal={() => {
closeCredentialsModal();
}}
entity="Service Account"
/>
)}
<Grid container>
<Grid item xs={12} className={classes.container}>
<Grid item xs={12} className={classes.actionsTray}>
<TextField
placeholder="Search Service Accounts"
className={classes.searchField}
id="search-resource"
label=""
InputProps={{
disableUnderline: true,
startAdornment: (
<InputAdornment position="start">
<SearchIcon />
</InputAdornment>
),
}}
onChange={(e) => {
setFilter(e.target.value);
}}
/>
</Grid>
<Grid item xs={12}>
<br />
</Grid>
<Grid item xs={12}>
<TableWrapper
isLoading={loading}
records={filteredRecords}
entityName={"Service Accounts"}
idField={""}
columns={[{ label: "Service Account", elementKey: "" }]}
itemActions={tableActions}
/>
</Grid>
</Grid>
</Grid>
</React.Fragment>
);
};
const mapState = (state: AppState) => ({
session: state.console.session,
});
const connector = connect(mapState, {
setErrorSnackMessage,
});
export default withStyles(styles)(connector(UserServiceAccountsPanel));

6
restapi/client-admin.go
View File

@@ -94,7 +94,7 @@ type MinioAdmin interface {
forceStart, forceStop bool) (healStart madmin.HealStartSuccess, healTaskStatus madmin.HealTaskStatus, err error)
// Service Accounts
addServiceAccount(ctx context.Context, policy *iampolicy.Policy) (mauth.Credentials, error)
listServiceAccounts(ctx context.Context) (madmin.ListServiceAccountsResp, error)
listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
deleteServiceAccount(ctx context.Context, serviceAccount string) error
// Remote Buckets
listRemoteBuckets(ctx context.Context, bucket, arnType string) (targets []madmin.BucketTarget, err error)
@@ -260,9 +260,9 @@ func (ac adminClient) addServiceAccount(ctx context.Context, policy *iampolicy.P
}
// implements madmin.ListServiceAccounts()
func (ac adminClient) listServiceAccounts(ctx context.Context) (madmin.ListServiceAccountsResp, error) {
func (ac adminClient) listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {
// TODO: Fix this
return ac.client.ListServiceAccounts(ctx, "")
return ac.client.ListServiceAccounts(ctx, user)
}
// implements madmin.DeleteServiceAccount()

62
restapi/embedded_spec.go
View File

@@ -3895,6 +3895,37 @@ func init() {
}
}
}
},
"/users/{name}/service-accounts": {
"get": {
"tags": [
"AdminAPI"
],
"summary": "returns a list of service accounts for a user",
"operationId": "ListAUserServiceAccounts",
"parameters": [
{
"type": "string",
"name": "name",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccounts"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
}
},
"definitions": {
@@ -11038,6 +11069,37 @@ func init() {
}
}
}
},
"/users/{name}/service-accounts": {
"get": {
"tags": [
"AdminAPI"
],
"summary": "returns a list of service accounts for a user",
"operationId": "ListAUserServiceAccounts",
"parameters": [
{
"type": "string",
"name": "name",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccounts"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
}
},
"definitions": {

90
restapi/operations/admin_api/list_a_user_service_accounts.go Normal file
View File

@@ -0,0 +1,90 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// ListAUserServiceAccountsHandlerFunc turns a function with the right signature into a list a user service accounts handler
type ListAUserServiceAccountsHandlerFunc func(ListAUserServiceAccountsParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn ListAUserServiceAccountsHandlerFunc) Handle(params ListAUserServiceAccountsParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// ListAUserServiceAccountsHandler interface for that can handle valid list a user service accounts params
type ListAUserServiceAccountsHandler interface {
Handle(ListAUserServiceAccountsParams, *models.Principal) middleware.Responder
}
// NewListAUserServiceAccounts creates a new http.Handler for the list a user service accounts operation
func NewListAUserServiceAccounts(ctx *middleware.Context, handler ListAUserServiceAccountsHandler) *ListAUserServiceAccounts {
return &ListAUserServiceAccounts{Context: ctx, Handler: handler}
}
/*ListAUserServiceAccounts swagger:route GET /users/{name}/service-accounts AdminAPI listAUserServiceAccounts
returns a list of service accounts for a user
*/
type ListAUserServiceAccounts struct {
Context *middleware.Context
Handler ListAUserServiceAccountsHandler
}
func (o *ListAUserServiceAccounts) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
r = rCtx
}
var Params = NewListAUserServiceAccountsParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
r = aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

89
restapi/operations/admin_api/list_a_user_service_accounts_parameters.go Normal file
View File

@@ -0,0 +1,89 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
)
// NewListAUserServiceAccountsParams creates a new ListAUserServiceAccountsParams object
// no default values defined in spec.
func NewListAUserServiceAccountsParams() ListAUserServiceAccountsParams {
return ListAUserServiceAccountsParams{}
}
// ListAUserServiceAccountsParams contains all the bound params for the list a user service accounts operation
// typically these are obtained from a http.Request
//
// swagger:parameters ListAUserServiceAccounts
type ListAUserServiceAccountsParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: path
*/
Name string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewListAUserServiceAccountsParams() beforehand.
func (o *ListAUserServiceAccountsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
rName, rhkName, _ := route.Params.GetOK("name")
if err := o.bindName(rName, rhkName, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindName binds and validates parameter Name from path.
func (o *ListAUserServiceAccountsParams) bindName(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Name = raw
return nil
}

136
restapi/operations/admin_api/list_a_user_service_accounts_responses.go Normal file
View File

@@ -0,0 +1,136 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// ListAUserServiceAccountsOKCode is the HTTP code returned for type ListAUserServiceAccountsOK
const ListAUserServiceAccountsOKCode int = 200
/*ListAUserServiceAccountsOK A successful response.
swagger:response listAUserServiceAccountsOK
*/
type ListAUserServiceAccountsOK struct {
/*
In: Body
*/
Payload models.ServiceAccounts `json:"body,omitempty"`
}
// NewListAUserServiceAccountsOK creates ListAUserServiceAccountsOK with default headers values
func NewListAUserServiceAccountsOK() *ListAUserServiceAccountsOK {
return &ListAUserServiceAccountsOK{}
}
// WithPayload adds the payload to the list a user service accounts o k response
func (o *ListAUserServiceAccountsOK) WithPayload(payload models.ServiceAccounts) *ListAUserServiceAccountsOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list a user service accounts o k response
func (o *ListAUserServiceAccountsOK) SetPayload(payload models.ServiceAccounts) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListAUserServiceAccountsOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if payload == nil {
// return empty array
payload = models.ServiceAccounts{}
}
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*ListAUserServiceAccountsDefault Generic error response.
swagger:response listAUserServiceAccountsDefault
*/
type ListAUserServiceAccountsDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewListAUserServiceAccountsDefault creates ListAUserServiceAccountsDefault with default headers values
func NewListAUserServiceAccountsDefault(code int) *ListAUserServiceAccountsDefault {
if code <= 0 {
code = 500
}
return &ListAUserServiceAccountsDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the list a user service accounts default response
func (o *ListAUserServiceAccountsDefault) WithStatusCode(code int) *ListAUserServiceAccountsDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the list a user service accounts default response
func (o *ListAUserServiceAccountsDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the list a user service accounts default response
func (o *ListAUserServiceAccountsDefault) WithPayload(payload *models.Error) *ListAUserServiceAccountsDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the list a user service accounts default response
func (o *ListAUserServiceAccountsDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *ListAUserServiceAccountsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

116
restapi/operations/admin_api/list_a_user_service_accounts_urlbuilder.go Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// ListAUserServiceAccountsURL generates an URL for the list a user service accounts operation
type ListAUserServiceAccountsURL struct {
Name string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListAUserServiceAccountsURL) WithBasePath(bp string) *ListAUserServiceAccountsURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *ListAUserServiceAccountsURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *ListAUserServiceAccountsURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/users/{name}/service-accounts"
name := o.Name
if name != "" {
_path = strings.Replace(_path, "{name}", name, -1)
} else {
return nil, errors.New("name is required on ListAUserServiceAccountsURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *ListAUserServiceAccountsURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *ListAUserServiceAccountsURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *ListAUserServiceAccountsURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on ListAUserServiceAccountsURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on ListAUserServiceAccountsURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *ListAUserServiceAccountsURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

12
restapi/operations/console_api.go
View File

@@ -214,6 +214,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
UserAPIHasPermissionToHandler: user_api.HasPermissionToHandlerFunc(func(params user_api.HasPermissionToParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user_api.HasPermissionTo has not yet been implemented")
}),
AdminAPIListAUserServiceAccountsHandler: admin_api.ListAUserServiceAccountsHandlerFunc(func(params admin_api.ListAUserServiceAccountsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListAUserServiceAccounts has not yet been implemented")
}),
AdminAPIListAllTenantsHandler: admin_api.ListAllTenantsHandlerFunc(func(params admin_api.ListAllTenantsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListAllTenants has not yet been implemented")
}),
@@ -549,6 +552,8 @@ type ConsoleAPI struct {
AdminAPIGroupInfoHandler admin_api.GroupInfoHandler
// UserAPIHasPermissionToHandler sets the operation handler for the has permission to operation
UserAPIHasPermissionToHandler user_api.HasPermissionToHandler
// AdminAPIListAUserServiceAccountsHandler sets the operation handler for the list a user service accounts operation
AdminAPIListAUserServiceAccountsHandler admin_api.ListAUserServiceAccountsHandler
// AdminAPIListAllTenantsHandler sets the operation handler for the list all tenants operation
AdminAPIListAllTenantsHandler admin_api.ListAllTenantsHandler
// UserAPIListBucketEventsHandler sets the operation handler for the list bucket events operation
@@ -897,6 +902,9 @@ func (o *ConsoleAPI) Validate() error {
if o.UserAPIHasPermissionToHandler == nil {
unregistered = append(unregistered, "user_api.HasPermissionToHandler")
}
if o.AdminAPIListAUserServiceAccountsHandler == nil {
unregistered = append(unregistered, "admin_api.ListAUserServiceAccountsHandler")
}
if o.AdminAPIListAllTenantsHandler == nil {
unregistered = append(unregistered, "admin_api.ListAllTenantsHandler")
}
@@ -1385,6 +1393,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/users/{name}/service-accounts"] = admin_api.NewListAUserServiceAccounts(o.context, o.AdminAPIListAUserServiceAccountsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/tenants"] = admin_api.NewListAllTenants(o.context, o.AdminAPIListAllTenantsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)

22
restapi/user_service_accounts.go
View File

@@ -22,6 +22,8 @@ import (
"strings"
"time"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
@@ -40,7 +42,7 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
})
// List Service Accounts for User
api.UserAPIListUserServiceAccountsHandler = user_api.ListUserServiceAccountsHandlerFunc(func(params user_api.ListUserServiceAccountsParams, session *models.Principal) middleware.Responder {
serviceAccounts, err := getUserServiceAccountsResponse(session)
serviceAccounts, err := getUserServiceAccountsResponse(session, "")
if err != nil {
return user_api.NewListUserServiceAccountsDefault(int(err.Code)).WithPayload(err)
}
@@ -54,6 +56,16 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
}
return user_api.NewDeleteServiceAccountNoContent()
})
// List Service Accounts for User
api.AdminAPIListAUserServiceAccountsHandler = admin_api.ListAUserServiceAccountsHandlerFunc(func(params admin_api.ListAUserServiceAccountsParams, session *models.Principal) middleware.Responder {
serviceAccounts, err := getUserServiceAccountsResponse(session, params.Name)
if err != nil {
return user_api.NewListUserServiceAccountsDefault(int(err.Code)).WithPayload(err)
}
return user_api.NewListUserServiceAccountsOK().WithPayload(serviceAccounts)
})
}
// createServiceAccount adds a service account to the userClient and assigns a policy to him if defined.
@@ -99,8 +111,8 @@ func getCreateServiceAccountResponse(session *models.Principal, serviceAccount *
}
// getUserServiceAccount gets list of the user's service accounts
func getUserServiceAccounts(ctx context.Context, userClient MinioAdmin) (models.ServiceAccounts, error) {
listServAccs, err := userClient.listServiceAccounts(ctx)
func getUserServiceAccounts(ctx context.Context, userClient MinioAdmin, user string) (models.ServiceAccounts, error) {
listServAccs, err := userClient.listServiceAccounts(ctx, user)
if err != nil {
return nil, err
}
@@ -113,7 +125,7 @@ func getUserServiceAccounts(ctx context.Context, userClient MinioAdmin) (models.
// getUserServiceAccountsResponse authenticates the user and calls
// getUserServiceAccounts to list the user's service accounts
func getUserServiceAccountsResponse(session *models.Principal) (models.ServiceAccounts, *models.Error) {
func getUserServiceAccountsResponse(session *models.Principal, user string) (models.ServiceAccounts, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
defer cancel()
@@ -125,7 +137,7 @@ func getUserServiceAccountsResponse(session *models.Principal) (models.ServiceAc
// defining the client to be used
userAdminClient := adminClient{client: userAdmin}
serviceAccounts, err := getUserServiceAccounts(ctx, userAdminClient)
serviceAccounts, err := getUserServiceAccounts(ctx, userAdminClient, user)
if err != nil {
return nil, prepareError(err)
}

14
restapi/user_service_accounts_test.go
View File

@@ -31,7 +31,7 @@ import (
// assigning mock at runtime instead of compile time
var minioAddServiceAccountMock func(ctx context.Context, policy *iampolicy.Policy) (auth.Credentials, error)
var minioListServiceAccountsMock func(ctx context.Context) (madmin.ListServiceAccountsResp, error)
var minioListServiceAccountsMock func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
var minioDeleteServiceAccountMock func(ctx context.Context, serviceAccount string) error
// mock function of AddServiceAccount()
@@ -40,8 +40,8 @@ func (ac adminClientMock) addServiceAccount(ctx context.Context, policy *iampoli
}
// mock function of ListServiceAccounts()
func (ac adminClientMock) listServiceAccounts(ctx context.Context) (madmin.ListServiceAccountsResp, error) {
return minioListServiceAccountsMock(ctx)
func (ac adminClientMock) listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {
return minioListServiceAccountsMock(ctx, user)
}
// mock function of DeleteServiceAccount()
@@ -109,10 +109,10 @@ func TestListServiceAccounts(t *testing.T) {
mockResponse := madmin.ListServiceAccountsResp{
Accounts: []string{"accesskey1", "accesskey2"},
}
minioListServiceAccountsMock = func(ctx context.Context) (madmin.ListServiceAccountsResp, error) {
minioListServiceAccountsMock = func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {
return mockResponse, nil
}
serviceAccounts, err := getUserServiceAccounts(ctx, client)
serviceAccounts, err := getUserServiceAccounts(ctx, client, "")
if err != nil {
t.Errorf("Failed on %s:, error occurred: %s", function, err.Error())
}
@@ -121,10 +121,10 @@ func TestListServiceAccounts(t *testing.T) {
}
// Test-2: getUserServiceAccounts returns an error, handle it properly
minioListServiceAccountsMock = func(ctx context.Context) (madmin.ListServiceAccountsResp, error) {
minioListServiceAccountsMock = func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {
return madmin.ListServiceAccountsResp{}, errors.New("error")
}
_, err = getUserServiceAccounts(ctx, client)
_, err = getUserServiceAccounts(ctx, client, "")
if assert.Error(err) {
assert.Equal("error", err.Error())
}

21
swagger.yml
View File

@@ -1220,6 +1220,27 @@ paths:
tags:
- AdminAPI
/users/{name}/service-accounts:
get:
summary: returns a list of service accounts for a user
operationId: ListAUserServiceAccounts
parameters:
- name: name
in: path
required: true
type: string
responses:
200:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccounts"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users-groups-bulk:
put:
summary: Bulk functionality to Add Users to Groups