Add set policy to multiple user/groups (#382)

2020-11-30 15:23:14 -08:00
parent 94c3ade7fc
commit 829833f242
11 changed files with 878 additions and 0 deletions
--- a/models/iam_entity.go
+++ b/models/iam_entity.go
@@ -0,0 +1,48 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// IamEntity iam entity
+//
+// swagger:model iamEntity
+type IamEntity string
+
+// Validate validates this iam entity
+func (m IamEntity) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := validate.Pattern("", "body", string(m), `^[\w+=,.@-]{1,64}$`); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
--- a/models/set_policy_multiple_request.go
+++ b/models/set_policy_multiple_request.go
@@ -0,0 +1,119 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// SetPolicyMultipleRequest set policy multiple request
+//
+// swagger:model setPolicyMultipleRequest
+type SetPolicyMultipleRequest struct {
+
+	// groups
+	Groups []IamEntity `json:"groups"`
+
+	// users
+	Users []IamEntity `json:"users"`
+}
+
+// Validate validates this set policy multiple request
+func (m *SetPolicyMultipleRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateGroups(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateUsers(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *SetPolicyMultipleRequest) validateGroups(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Groups) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Groups); i++ {
+
+		if err := m.Groups[i].Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("groups" + "." + strconv.Itoa(i))
+			}
+			return err
+		}
+
+	}
+
+	return nil
+}
+
+func (m *SetPolicyMultipleRequest) validateUsers(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Users) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Users); i++ {
+
+		if err := m.Users[i].Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("users" + "." + strconv.Itoa(i))
+			}
+			return err
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *SetPolicyMultipleRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *SetPolicyMultipleRequest) UnmarshalBinary(b []byte) error {
+	var res SetPolicyMultipleRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/restapi/admin_policies.go
+++ b/restapi/admin_policies.go
@@ -68,6 +68,13 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) {
 		}
 		return admin_api.NewSetPolicyNoContent()
 	})
+	// Set Policy Multiple User/Groups
+	api.AdminAPISetPolicyMultipleHandler = admin_api.SetPolicyMultipleHandlerFunc(func(params admin_api.SetPolicyMultipleParams, session *models.Principal) middleware.Responder {
+		if err := getSetPolicyMultipleResponse(session, params.Name, params.Body); err != nil {
+			return admin_api.NewSetPolicyMultipleDefault(int(err.Code)).WithPayload(err)
+		}
+		return admin_api.NewSetPolicyMultipleNoContent()
+	})
 }

 // listPolicies calls MinIO server to list all policy names present on the server.
@@ -248,6 +255,37 @@ func getSetPolicyResponse(session *models.Principal, name string, params *models
 	return nil
 }

+func getSetPolicyMultipleResponse(session *models.Principal, name string, params *models.SetPolicyMultipleRequest) *models.Error {
+	ctx := context.Background()
+	mAdmin, err := newMAdminClient(session)
+	if err != nil {
+		return prepareError(err)
+	}
+	// create a MinIO Admin Client interface implementation
+	// defining the client to be used
+	adminClient := adminClient{client: mAdmin}
+
+	if err := setPolicyMultipleEntities(ctx, adminClient, name, params.Users, params.Groups); err != nil {
+		return prepareError(err)
+	}
+	return nil
+}
+
+// setPolicyMultipleEntities sets a policy to multiple users/groups
+func setPolicyMultipleEntities(ctx context.Context, client MinioAdmin, policyName string, users, groups []models.IamEntity) error {
+	for _, user := range users {
+		if err := client.setPolicy(ctx, policyName, string(user), false); err != nil {
+			return err
+		}
+	}
+	for _, group := range groups {
+		if err := client.setPolicy(ctx, policyName, string(group), true); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // parsePolicy() converts from *rawPolicy to *models.Policy
 func parsePolicy(name string, rawPolicy *iampolicy.Policy) (*models.Policy, error) {
 	stringPolicy, err := json.Marshal(rawPolicy)
--- a/restapi/admin_policies_test.go
+++ b/restapi/admin_policies_test.go
@@ -21,6 +21,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"testing"

 	"errors"
@@ -209,3 +210,69 @@ func TestSetPolicy(t *testing.T) {
 		funcAssert.Equal("error", err.Error())
 	}
 }
+
+func Test_SetPolicyMultiple(t *testing.T) {
+	ctx := context.Background()
+	adminClient := adminClientMock{}
+
+	type args struct {
+		policyName    string
+		users         []models.IamEntity
+		groups        []models.IamEntity
+		setPolicyFunc func(policyName, entityName string, isGroup bool) error
+	}
+	tests := []struct {
+		name          string
+		args          args
+		errorExpected error
+	}{
+		{
+			name: "Set policy to multiple users and groups",
+			args: args{
+				policyName: "readonly",
+				users:      []models.IamEntity{"user1", "user2"},
+				groups:     []models.IamEntity{"group1", "group2"},
+				setPolicyFunc: func(policyName, entityName string, isGroup bool) error {
+					return nil
+				},
+			},
+			errorExpected: nil,
+		},
+		{
+			name: "Return error on set policy function",
+			args: args{
+				policyName: "readonly",
+				users:      []models.IamEntity{"user1", "user2"},
+				groups:     []models.IamEntity{"group1", "group2"},
+				setPolicyFunc: func(policyName, entityName string, isGroup bool) error {
+					return errors.New("error set")
+				},
+			},
+			errorExpected: errors.New("error set"),
+		},
+		{
+			// Description: Empty lists of users and groups are acceptable
+			name: "Empty lists of users and groups",
+			args: args{
+				policyName: "readonly",
+				users:      []models.IamEntity{},
+				groups:     []models.IamEntity{},
+				setPolicyFunc: func(policyName, entityName string, isGroup bool) error {
+					return nil
+				},
+			},
+			errorExpected: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			minioSetPolicyMock = tt.args.setPolicyFunc
+			got := setPolicyMultipleEntities(ctx, adminClient, tt.args.policyName, tt.args.users, tt.args.groups)
+			if !reflect.DeepEqual(got, tt.errorExpected) {
+				ji, _ := json.Marshal(got)
+				vi, _ := json.Marshal(tt.errorExpected)
+				t.Errorf("got %s want %s", ji, vi)
+			}
+		})
+	}
+}
--- a/restapi/embedded_spec.go
+++ b/restapi/embedded_spec.go
@@ -2458,6 +2458,42 @@ func init() {
        }
      }
    },
+    "/set-policy-multi/{name}": {
+      "put": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Set policy to multiple users/groups",
+        "operationId": "SetPolicyMultiple",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "name",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/setPolicyMultipleRequest"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/set-policy/{name}": {
      "put": {
        "tags": [
@@ -3463,6 +3499,10 @@ func init() {
        }
      }
    },
+    "iamEntity": {
+      "type": "string",
+      "pattern": "^[\\w+=,.@-]{1,64}$"
+    },
    "idpConfiguration": {
      "type": "object",
      "properties": {
@@ -4358,6 +4398,23 @@ func init() {
        }
      }
    },
+    "setPolicyMultipleRequest": {
+      "type": "object",
+      "properties": {
+        "groups": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/iamEntity"
+          }
+        },
+        "users": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/iamEntity"
+          }
+        }
+      }
+    },
    "setPolicyRequest": {
      "type": "object",
      "required": [
@@ -7361,6 +7418,42 @@ func init() {
        }
      }
    },
+    "/set-policy-multi/{name}": {
+      "put": {
+        "tags": [
+          "AdminAPI"
+        ],
+        "summary": "Set policy to multiple users/groups",
+        "operationId": "SetPolicyMultiple",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "name",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "$ref": "#/definitions/setPolicyMultipleRequest"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
    "/set-policy/{name}": {
      "put": {
        "tags": [
@@ -8889,6 +8982,10 @@ func init() {
        }
      }
    },
+    "iamEntity": {
+      "type": "string",
+      "pattern": "^[\\w+=,.@-]{1,64}$"
+    },
    "idpConfiguration": {
      "type": "object",
      "properties": {
@@ -9718,6 +9815,23 @@ func init() {
        }
      }
    },
+    "setPolicyMultipleRequest": {
+      "type": "object",
+      "properties": {
+        "groups": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/iamEntity"
+          }
+        },
+        "users": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/iamEntity"
+          }
+        }
+      }
+    },
    "setPolicyRequest": {
      "type": "object",
      "required": [
--- a/restapi/operations/admin_api/set_policy_multiple.go
+++ b/restapi/operations/admin_api/set_policy_multiple.go
@@ -0,0 +1,90 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// SetPolicyMultipleHandlerFunc turns a function with the right signature into a set policy multiple handler
+type SetPolicyMultipleHandlerFunc func(SetPolicyMultipleParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn SetPolicyMultipleHandlerFunc) Handle(params SetPolicyMultipleParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// SetPolicyMultipleHandler interface for that can handle valid set policy multiple params
+type SetPolicyMultipleHandler interface {
+	Handle(SetPolicyMultipleParams, *models.Principal) middleware.Responder
+}
+
+// NewSetPolicyMultiple creates a new http.Handler for the set policy multiple operation
+func NewSetPolicyMultiple(ctx *middleware.Context, handler SetPolicyMultipleHandler) *SetPolicyMultiple {
+	return &SetPolicyMultiple{Context: ctx, Handler: handler}
+}
+
+/*SetPolicyMultiple swagger:route PUT /set-policy-multi/{name} AdminAPI setPolicyMultiple
+
+Set policy to multiple users/groups
+
+*/
+type SetPolicyMultiple struct {
+	Context *middleware.Context
+	Handler SetPolicyMultipleHandler
+}
+
+func (o *SetPolicyMultiple) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		r = rCtx
+	}
+	var Params = NewSetPolicyMultipleParams()
+
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		r = aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}
--- a/restapi/operations/admin_api/set_policy_multiple_parameters.go
+++ b/restapi/operations/admin_api/set_policy_multiple_parameters.go
@@ -0,0 +1,120 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+
+	"github.com/minio/console/models"
+)
+
+// NewSetPolicyMultipleParams creates a new SetPolicyMultipleParams object
+// no default values defined in spec.
+func NewSetPolicyMultipleParams() SetPolicyMultipleParams {
+
+	return SetPolicyMultipleParams{}
+}
+
+// SetPolicyMultipleParams contains all the bound params for the set policy multiple operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters SetPolicyMultiple
+type SetPolicyMultipleParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: body
+	*/
+	Body *models.SetPolicyMultipleRequest
+	/*
+	  Required: true
+	  In: path
+	*/
+	Name string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewSetPolicyMultipleParams() beforehand.
+func (o *SetPolicyMultipleParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body models.SetPolicyMultipleRequest
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			if err == io.EOF {
+				res = append(res, errors.Required("body", "body", ""))
+			} else {
+				res = append(res, errors.NewParseError("body", "body", "", err))
+			}
+		} else {
+			// validate body object
+			if err := body.Validate(route.Formats); err != nil {
+				res = append(res, err)
+			}
+
+			if len(res) == 0 {
+				o.Body = &body
+			}
+		}
+	} else {
+		res = append(res, errors.Required("body", "body", ""))
+	}
+	rName, rhkName, _ := route.Params.GetOK("name")
+	if err := o.bindName(rName, rhkName, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// bindName binds and validates parameter Name from path.
+func (o *SetPolicyMultipleParams) bindName(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: true
+	// Parameter is provided by construction from the route
+
+	o.Name = raw
+
+	return nil
+}
--- a/restapi/operations/admin_api/set_policy_multiple_responses.go
+++ b/restapi/operations/admin_api/set_policy_multiple_responses.go
@@ -0,0 +1,113 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// SetPolicyMultipleNoContentCode is the HTTP code returned for type SetPolicyMultipleNoContent
+const SetPolicyMultipleNoContentCode int = 204
+
+/*SetPolicyMultipleNoContent A successful response.
+
+swagger:response setPolicyMultipleNoContent
+*/
+type SetPolicyMultipleNoContent struct {
+}
+
+// NewSetPolicyMultipleNoContent creates SetPolicyMultipleNoContent with default headers values
+func NewSetPolicyMultipleNoContent() *SetPolicyMultipleNoContent {
+
+	return &SetPolicyMultipleNoContent{}
+}
+
+// WriteResponse to the client
+func (o *SetPolicyMultipleNoContent) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(204)
+}
+
+/*SetPolicyMultipleDefault Generic error response.
+
+swagger:response setPolicyMultipleDefault
+*/
+type SetPolicyMultipleDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewSetPolicyMultipleDefault creates SetPolicyMultipleDefault with default headers values
+func NewSetPolicyMultipleDefault(code int) *SetPolicyMultipleDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &SetPolicyMultipleDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the set policy multiple default response
+func (o *SetPolicyMultipleDefault) WithStatusCode(code int) *SetPolicyMultipleDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the set policy multiple default response
+func (o *SetPolicyMultipleDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the set policy multiple default response
+func (o *SetPolicyMultipleDefault) WithPayload(payload *models.Error) *SetPolicyMultipleDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the set policy multiple default response
+func (o *SetPolicyMultipleDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *SetPolicyMultipleDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}
--- a/restapi/operations/admin_api/set_policy_multiple_urlbuilder.go
+++ b/restapi/operations/admin_api/set_policy_multiple_urlbuilder.go
@@ -0,0 +1,116 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2020 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package admin_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+	"strings"
+)
+
+// SetPolicyMultipleURL generates an URL for the set policy multiple operation
+type SetPolicyMultipleURL struct {
+	Name string
+
+	_basePath string
+	// avoid unkeyed usage
+	_ struct{}
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *SetPolicyMultipleURL) WithBasePath(bp string) *SetPolicyMultipleURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *SetPolicyMultipleURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *SetPolicyMultipleURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/set-policy-multi/{name}"
+
+	name := o.Name
+	if name != "" {
+		_path = strings.Replace(_path, "{name}", name, -1)
+	} else {
+		return nil, errors.New("name is required on SetPolicyMultipleURL")
+	}
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *SetPolicyMultipleURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *SetPolicyMultipleURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *SetPolicyMultipleURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on SetPolicyMultipleURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on SetPolicyMultipleURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *SetPolicyMultipleURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}
--- a/restapi/operations/console_api.go
+++ b/restapi/operations/console_api.go
@@ -275,6 +275,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
 		AdminAPISetPolicyHandler: admin_api.SetPolicyHandlerFunc(func(params admin_api.SetPolicyParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation admin_api.SetPolicy has not yet been implemented")
 		}),
+		AdminAPISetPolicyMultipleHandler: admin_api.SetPolicyMultipleHandlerFunc(func(params admin_api.SetPolicyMultipleParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation admin_api.SetPolicyMultiple has not yet been implemented")
+		}),
 		UserAPIShareObjectHandler: user_api.ShareObjectHandlerFunc(func(params user_api.ShareObjectParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.ShareObject has not yet been implemented")
 		}),
@@ -497,6 +500,8 @@ type ConsoleAPI struct {
 	AdminAPISetConfigHandler admin_api.SetConfigHandler
 	// AdminAPISetPolicyHandler sets the operation handler for the set policy operation
 	AdminAPISetPolicyHandler admin_api.SetPolicyHandler
+	// AdminAPISetPolicyMultipleHandler sets the operation handler for the set policy multiple operation
+	AdminAPISetPolicyMultipleHandler admin_api.SetPolicyMultipleHandler
 	// UserAPIShareObjectHandler sets the operation handler for the share object operation
 	UserAPIShareObjectHandler user_api.ShareObjectHandler
 	// AdminAPITenantAddZoneHandler sets the operation handler for the tenant add zone operation
@@ -803,6 +808,9 @@ func (o *ConsoleAPI) Validate() error {
 	if o.AdminAPISetPolicyHandler == nil {
 		unregistered = append(unregistered, "admin_api.SetPolicyHandler")
 	}
+	if o.AdminAPISetPolicyMultipleHandler == nil {
+		unregistered = append(unregistered, "admin_api.SetPolicyMultipleHandler")
+	}
 	if o.UserAPIShareObjectHandler == nil {
 		unregistered = append(unregistered, "user_api.ShareObjectHandler")
 	}
@@ -1215,6 +1223,10 @@ func (o *ConsoleAPI) initHandlerCache() {
 		o.handlers["PUT"] = make(map[string]http.Handler)
 	}
 	o.handlers["PUT"]["/set-policy/{name}"] = admin_api.NewSetPolicy(o.context, o.AdminAPISetPolicyHandler)
+	if o.handlers["PUT"] == nil {
+		o.handlers["PUT"] = make(map[string]http.Handler)
+	}
+	o.handlers["PUT"]["/set-policy-multi/{name}"] = admin_api.NewSetPolicyMultiple(o.context, o.AdminAPISetPolicyMultipleHandler)
 	if o.handlers["GET"] == nil {
 		o.handlers["GET"] = make(map[string]http.Handler)
 	}
--- a/swagger.yml
+++ b/swagger.yml
@@ -1238,6 +1238,30 @@ paths:
      tags:
        - AdminAPI

+  /set-policy-multi/{name}:
+    put:
+      summary: Set policy to multiple users/groups
+      operationId: SetPolicyMultiple
+      parameters:
+        - name: name
+          in: path
+          required: true
+          type: string
+        - name: body
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/setPolicyMultipleRequest"
+      responses:
+        204:
+          description: A successful response.
+        default:
+          description: Generic error response.
+          schema:
+            $ref: "#/definitions/error"
+      tags:
+        - AdminAPI
+
  /configs/{name}:
    get:
      summary: Configuration info
@@ -2107,6 +2131,23 @@ definitions:
        $ref: "#/definitions/policyEntity"
      entityName:
        type: string
+
+  setPolicyMultipleRequest:
+    type: object
+    properties:
+      users:
+        type: array
+        items:
+          $ref: "#/definitions/iamEntity"
+      groups:
+        type: array
+        items:
+          $ref: "#/definitions/iamEntity"
+  
+  iamEntity:
+    type: string
+    pattern: '^[\w+=,.@-]{1,64}$'
+
  addPolicyRequest:
    type: object
    required: