mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding accesskey and secretkey for service accounts (#985)

Browse Source 
* adding accesskey and secretkey for service accounts

* simplifying functions

Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
Co-authored-by: Adam Stafford <adamstafford@Adams-MacBook-Pro.local>
This commit is contained in:
adfost
2021-09-01 09:54:13 -07:00
committed by GitHub
parent d23a7a4fba
commit 849132fa19
17 changed files with 1501 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
models/service_account_request_creds.go Normal file
View File

@@ -0,0 +1,73 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ServiceAccountRequestCreds service account request creds
//
// swagger:model serviceAccountRequestCreds
type ServiceAccountRequestCreds struct {
// access key
AccessKey string `json:"accessKey,omitempty"`
// policy to be applied to the Service Account if any
Policy string `json:"policy,omitempty"`
// secret key
SecretKey string `json:"secretKey,omitempty"`
}
// Validate validates this service account request creds
func (m *ServiceAccountRequestCreds) Validate(formats strfmt.Registry) error {
return nil
}
// ContextValidate validates this service account request creds based on context it is used
func (m *ServiceAccountRequestCreds) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *ServiceAccountRequestCreds) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ServiceAccountRequestCreds) UnmarshalBinary(b []byte) error {
var res ServiceAccountRequestCreds
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

83
portal-ui/src/screens/Console/Account/AddServiceAccount.tsx
View File

@@ -27,6 +27,7 @@ import ModalWrapper from "../Common/ModalWrapper/ModalWrapper";
import api from "../../../common/api";
import CodeMirrorWrapper from "../Common/FormComponents/CodeMirrorWrapper/CodeMirrorWrapper";
import FormSwitchWrapper from "../Common/FormComponents/FormSwitchWrapper/FormSwitchWrapper";
import InputBoxWrapper from "../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
const styles = (theme: Theme) =>
createStyles({
@@ -65,23 +66,43 @@ const AddServiceAccount = ({
}: IAddServiceAccountProps) => {
const [addSending, setAddSending] = useState<boolean>(false);
const [policyDefinition, setPolicyDefinition] = useState<string>("");
const [accessKey, setAccessKey] = useState<string>("");
const [secretKey, setSecretKey] = useState<string>("");
const [isRestrictedByPolicy, setIsRestrictedByPolicy] =
useState<boolean>(false);
const [addCredentials, setAddCredentials] = useState<boolean>(false);
useEffect(() => {
if (addSending) {
api
.invoke("POST", "/api/v1/service-accounts", {
policy: policyDefinition,
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
if (addCredentials) {
api
.invoke("POST", `/api/v1/service-account-credentials`, {
policy: policyDefinition,
accessKey: accessKey,
secretKey: secretKey
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
} else {
api
.invoke("POST", `/api/v1/service-accounts`, {
policy: policyDefinition,
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
}
}
}, [
addSending,
@@ -89,6 +110,9 @@ const AddServiceAccount = ({
setModalErrorSnackMessage,
policyDefinition,
closeModalAndRefresh,
addCredentials,
accessKey,
secretKey,
]);
const addServiceAccount = (e: React.FormEvent) => {
@@ -139,6 +163,17 @@ const AddServiceAccount = ({
label={"Restrict with policy"}
indicatorLabels={["On", "Off"]}
/>
<FormSwitchWrapper
value="locking"
id="locking"
name="locking"
checked={addCredentials}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
setAddCredentials(event.target.checked);
}}
label={"Customize Credentials"}
indicatorLabels={["On", "Off"]}
/>
</Grid>
{isRestrictedByPolicy && (
<Grid item xs={12}>
@@ -150,6 +185,30 @@ const AddServiceAccount = ({
/>
</Grid>
)}
{addCredentials && (
<Grid item xs={12}>
<InputBoxWrapper
value={accessKey}
label={"Access Key"}
id={"accessKey"}
name={"accessKey"}
placeholder={"Enter Access Key"}
onChange={(e) => {
setAccessKey(e.target.value);
}}
/>
<InputBoxWrapper
value={secretKey}
label={"Secret Key"}
id={"secretKey"}
name={"secretKey"}
placeholder={"Enter Secret Key"}
onChange={(e) => {
setSecretKey(e.target.value);
}}
/>
</Grid>
)}
</Grid>
<Grid container>
<Grid item xs={12} className={classes.buttonContainer}>

83
portal-ui/src/screens/Console/Users/AddUserServiceAccount.tsx
View File

@@ -27,6 +27,7 @@ import ModalWrapper from "../Common/ModalWrapper/ModalWrapper";
import api from "../../../common/api";
import CodeMirrorWrapper from "../Common/FormComponents/CodeMirrorWrapper/CodeMirrorWrapper";
import FormSwitchWrapper from "../Common/FormComponents/FormSwitchWrapper/FormSwitchWrapper";
import InputBoxWrapper from "../Common/FormComponents/InputBoxWrapper/InputBoxWrapper";
const styles = (theme: Theme) =>
createStyles({
@@ -67,23 +68,43 @@ const AddUserServiceAccount = ({
}: IAddUserServiceAccountProps) => {
const [addSending, setAddSending] = useState<boolean>(false);
const [policyDefinition, setPolicyDefinition] = useState<string>("");
const [accessKey, setAccessKey] = useState<string>("");
const [secretKey, setSecretKey] = useState<string>("");
const [isRestrictedByPolicy, setIsRestrictedByPolicy] =
useState<boolean>(false);
const [addCredentials, setAddCredentials] = useState<boolean>(false);
useEffect(() => {
if (addSending) {
api
.invoke("POST", `/api/v1/user/${user}/service-accounts`, {
policy: policyDefinition,
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
if (addCredentials) {
api
.invoke("POST", `/api/v1/user/${user}/service-account-credentials`, {
policy: policyDefinition,
accessKey: accessKey,
secretKey: secretKey
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
} else {
api
.invoke("POST", `/api/v1/user/${user}/service-accounts`, {
policy: policyDefinition,
})
.then((res) => {
setAddSending(false);
closeModalAndRefresh(res);
})
.catch((err: ErrorResponseHandler) => {
setAddSending(false);
setModalErrorSnackMessage(err);
});
}
}
}, [
addSending,
@@ -92,6 +113,9 @@ const AddUserServiceAccount = ({
policyDefinition,
closeModalAndRefresh,
user,
addCredentials,
accessKey,
secretKey,
]);
const addUserServiceAccount = (e: React.FormEvent) => {
@@ -142,6 +166,17 @@ const AddUserServiceAccount = ({
label={"Restrict with policy"}
indicatorLabels={["On", "Off"]}
/>
<FormSwitchWrapper
value="locking"
id="locking"
name="locking"
checked={addCredentials}
onChange={(event: React.ChangeEvent<HTMLInputElement>) => {
setAddCredentials(event.target.checked);
}}
label={"Customize Credentials"}
indicatorLabels={["On", "Off"]}
/>
</Grid>
{isRestrictedByPolicy && (
<Grid item xs={12}>
@@ -153,6 +188,30 @@ const AddUserServiceAccount = ({
/>
</Grid>
)}
{addCredentials && (
<Grid item xs={12}>
<InputBoxWrapper
value={accessKey}
label={"Access Key"}
id={"accessKey"}
name={"accessKey"}
placeholder={"Enter Access Key"}
onChange={(e) => {
setAccessKey(e.target.value);
}}
/>
<InputBoxWrapper
value={secretKey}
label={"Secret Key"}
id={"secretKey"}
name={"secretKey"}
placeholder={"Enter Secret Key"}
onChange={(e) => {
setSecretKey(e.target.value);
}}
/>
</Grid>
)}
</Grid>
<Grid container>
<Grid item xs={12} className={classes.buttonContainer}>

22
restapi/client-admin.go
View File

@@ -94,8 +94,7 @@ type MinioAdmin interface {
heal(ctx context.Context, bucket, prefix string, healOpts madmin.HealOpts, clientToken string,
forceStart, forceStop bool) (healStart madmin.HealStartSuccess, healTaskStatus madmin.HealTaskStatus, err error)
// Service Accounts
addServiceAccount(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error)
addServiceAccountWithUser(ctx context.Context, policy *iampolicy.Policy, user string) (madmin.Credentials, error)
addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
deleteServiceAccount(ctx context.Context, serviceAccount string) error
// Remote Buckets
@@ -274,20 +273,7 @@ func (ac AdminClient) getLogs(ctx context.Context, node string, lineCnt int, log
}
// implements madmin.AddServiceAccount()
func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error) {
buf, err := json.Marshal(policy)
if err != nil {
return madmin.Credentials{}, err
}
return ac.Client.AddServiceAccount(ctx, madmin.AddServiceAccountReq{
Policy: buf,
TargetUser: "",
AccessKey: "",
SecretKey: "",
})
}
func (ac AdminClient) addServiceAccountWithUser(ctx context.Context, policy *iampolicy.Policy, user string) (madmin.Credentials, error) {
func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
buf, err := json.Marshal(policy)
if err != nil {
return madmin.Credentials{}, err
@@ -295,8 +281,8 @@ func (ac AdminClient) addServiceAccountWithUser(ctx context.Context, policy *iam
return ac.Client.AddServiceAccount(ctx, madmin.AddServiceAccountReq{
Policy: buf,
TargetUser: user,
AccessKey: "",
SecretKey: "",
AccessKey: accessKey,
SecretKey: secretKey,
})
}

174
restapi/embedded_spec.go
View File

@@ -2813,6 +2813,39 @@ func init() {
}
}
},
"/service-account-credentials": {
"post": {
"tags": [
"AdminAPI"
],
"summary": "Create Service Account With Credentials",
"operationId": "CreateServiceAccountCreds",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/serviceAccountRequestCreds"
}
}
],
"responses": {
"201": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccountCreds"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/service-accounts": {
"get": {
"tags": [
@@ -3180,6 +3213,45 @@ func init() {
}
}
},
"/user/{name}/service-account-credentials": {
"post": {
"tags": [
"AdminAPI"
],
"summary": "Create Service Account for User With Credentials",
"operationId": "CreateServiceAccountCredentials",
"parameters": [
{
"type": "string",
"name": "name",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/serviceAccountRequestCreds"
}
}
],
"responses": {
"201": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccountCreds"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/user/{name}/service-accounts": {
"get": {
"tags": [
@@ -4935,6 +5007,21 @@ func init() {
}
}
},
"serviceAccountRequestCreds": {
"type": "object",
"properties": {
"accessKey": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
},
"secretKey": {
"type": "string"
}
}
},
"serviceAccounts": {
"type": "array",
"items": {
@@ -8237,6 +8324,39 @@ func init() {
}
}
},
"/service-account-credentials": {
"post": {
"tags": [
"AdminAPI"
],
"summary": "Create Service Account With Credentials",
"operationId": "CreateServiceAccountCreds",
"parameters": [
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/serviceAccountRequestCreds"
}
}
],
"responses": {
"201": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccountCreds"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/service-accounts": {
"get": {
"tags": [
@@ -8604,6 +8724,45 @@ func init() {
}
}
},
"/user/{name}/service-account-credentials": {
"post": {
"tags": [
"AdminAPI"
],
"summary": "Create Service Account for User With Credentials",
"operationId": "CreateServiceAccountCredentials",
"parameters": [
{
"type": "string",
"name": "name",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/serviceAccountRequestCreds"
}
}
],
"responses": {
"201": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccountCreds"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/user/{name}/service-accounts": {
"get": {
"tags": [
@@ -10413,6 +10572,21 @@ func init() {
}
}
},
"serviceAccountRequestCreds": {
"type": "object",
"properties": {
"accessKey": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
},
"secretKey": {
"type": "string"
}
}
},
"serviceAccounts": {
"type": "array",
"items": {

88
restapi/operations/admin_api/create_service_account_credentials.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// CreateServiceAccountCredentialsHandlerFunc turns a function with the right signature into a create service account credentials handler
type CreateServiceAccountCredentialsHandlerFunc func(CreateServiceAccountCredentialsParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn CreateServiceAccountCredentialsHandlerFunc) Handle(params CreateServiceAccountCredentialsParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// CreateServiceAccountCredentialsHandler interface for that can handle valid create service account credentials params
type CreateServiceAccountCredentialsHandler interface {
Handle(CreateServiceAccountCredentialsParams, *models.Principal) middleware.Responder
}
// NewCreateServiceAccountCredentials creates a new http.Handler for the create service account credentials operation
func NewCreateServiceAccountCredentials(ctx *middleware.Context, handler CreateServiceAccountCredentialsHandler) *CreateServiceAccountCredentials {
return &CreateServiceAccountCredentials{Context: ctx, Handler: handler}
}
/* CreateServiceAccountCredentials swagger:route POST /user/{name}/service-account-credentials AdminAPI createServiceAccountCredentials
Create Service Account for User With Credentials
*/
type CreateServiceAccountCredentials struct {
Context *middleware.Context
Handler CreateServiceAccountCredentialsHandler
}
func (o *CreateServiceAccountCredentials) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewCreateServiceAccountCredentialsParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

127
restapi/operations/admin_api/create_service_account_credentials_parameters.go Normal file
View File

@@ -0,0 +1,127 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"io"
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/validate"
"github.com/minio/console/models"
)
// NewCreateServiceAccountCredentialsParams creates a new CreateServiceAccountCredentialsParams object
//
// There are no default values defined in the spec.
func NewCreateServiceAccountCredentialsParams() CreateServiceAccountCredentialsParams {
return CreateServiceAccountCredentialsParams{}
}
// CreateServiceAccountCredentialsParams contains all the bound params for the create service account credentials operation
// typically these are obtained from a http.Request
//
// swagger:parameters CreateServiceAccountCredentials
type CreateServiceAccountCredentialsParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: body
*/
Body *models.ServiceAccountRequestCreds
/*
Required: true
In: path
*/
Name string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewCreateServiceAccountCredentialsParams() beforehand.
func (o *CreateServiceAccountCredentialsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.ServiceAccountRequestCreds
if err := route.Consumer.Consume(r.Body, &body); err != nil {
if err == io.EOF {
res = append(res, errors.Required("body", "body", ""))
} else {
res = append(res, errors.NewParseError("body", "body", "", err))
}
} else {
// validate body object
if err := body.Validate(route.Formats); err != nil {
res = append(res, err)
}
ctx := validate.WithOperationRequest(context.Background())
if err := body.ContextValidate(ctx, route.Formats); err != nil {
res = append(res, err)
}
if len(res) == 0 {
o.Body = &body
}
}
} else {
res = append(res, errors.Required("body", "body", ""))
}
rName, rhkName, _ := route.Params.GetOK("name")
if err := o.bindName(rName, rhkName, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindName binds and validates parameter Name from path.
func (o *CreateServiceAccountCredentialsParams) bindName(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// Parameter is provided by construction from the route
o.Name = raw
return nil
}

133
restapi/operations/admin_api/create_service_account_credentials_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// CreateServiceAccountCredentialsCreatedCode is the HTTP code returned for type CreateServiceAccountCredentialsCreated
const CreateServiceAccountCredentialsCreatedCode int = 201
/*CreateServiceAccountCredentialsCreated A successful response.
swagger:response createServiceAccountCredentialsCreated
*/
type CreateServiceAccountCredentialsCreated struct {
/*
In: Body
*/
Payload *models.ServiceAccountCreds `json:"body,omitempty"`
}
// NewCreateServiceAccountCredentialsCreated creates CreateServiceAccountCredentialsCreated with default headers values
func NewCreateServiceAccountCredentialsCreated() *CreateServiceAccountCredentialsCreated {
return &CreateServiceAccountCredentialsCreated{}
}
// WithPayload adds the payload to the create service account credentials created response
func (o *CreateServiceAccountCredentialsCreated) WithPayload(payload *models.ServiceAccountCreds) *CreateServiceAccountCredentialsCreated {
o.Payload = payload
return o
}
// SetPayload sets the payload to the create service account credentials created response
func (o *CreateServiceAccountCredentialsCreated) SetPayload(payload *models.ServiceAccountCreds) {
o.Payload = payload
}
// WriteResponse to the client
func (o *CreateServiceAccountCredentialsCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(201)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*CreateServiceAccountCredentialsDefault Generic error response.
swagger:response createServiceAccountCredentialsDefault
*/
type CreateServiceAccountCredentialsDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewCreateServiceAccountCredentialsDefault creates CreateServiceAccountCredentialsDefault with default headers values
func NewCreateServiceAccountCredentialsDefault(code int) *CreateServiceAccountCredentialsDefault {
if code <= 0 {
code = 500
}
return &CreateServiceAccountCredentialsDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the create service account credentials default response
func (o *CreateServiceAccountCredentialsDefault) WithStatusCode(code int) *CreateServiceAccountCredentialsDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the create service account credentials default response
func (o *CreateServiceAccountCredentialsDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the create service account credentials default response
func (o *CreateServiceAccountCredentialsDefault) WithPayload(payload *models.Error) *CreateServiceAccountCredentialsDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the create service account credentials default response
func (o *CreateServiceAccountCredentialsDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *CreateServiceAccountCredentialsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

116
restapi/operations/admin_api/create_service_account_credentials_urlbuilder.go Normal file
View File

@@ -0,0 +1,116 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"strings"
)
// CreateServiceAccountCredentialsURL generates an URL for the create service account credentials operation
type CreateServiceAccountCredentialsURL struct {
Name string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *CreateServiceAccountCredentialsURL) WithBasePath(bp string) *CreateServiceAccountCredentialsURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *CreateServiceAccountCredentialsURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *CreateServiceAccountCredentialsURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/user/{name}/service-account-credentials"
name := o.Name
if name != "" {
_path = strings.Replace(_path, "{name}", name, -1)
} else {
return nil, errors.New("name is required on CreateServiceAccountCredentialsURL")
}
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *CreateServiceAccountCredentialsURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *CreateServiceAccountCredentialsURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *CreateServiceAccountCredentialsURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on CreateServiceAccountCredentialsURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on CreateServiceAccountCredentialsURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *CreateServiceAccountCredentialsURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

88
restapi/operations/admin_api/create_service_account_creds.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// CreateServiceAccountCredsHandlerFunc turns a function with the right signature into a create service account creds handler
type CreateServiceAccountCredsHandlerFunc func(CreateServiceAccountCredsParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn CreateServiceAccountCredsHandlerFunc) Handle(params CreateServiceAccountCredsParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// CreateServiceAccountCredsHandler interface for that can handle valid create service account creds params
type CreateServiceAccountCredsHandler interface {
Handle(CreateServiceAccountCredsParams, *models.Principal) middleware.Responder
}
// NewCreateServiceAccountCreds creates a new http.Handler for the create service account creds operation
func NewCreateServiceAccountCreds(ctx *middleware.Context, handler CreateServiceAccountCredsHandler) *CreateServiceAccountCreds {
return &CreateServiceAccountCreds{Context: ctx, Handler: handler}
}
/* CreateServiceAccountCreds swagger:route POST /service-account-credentials AdminAPI createServiceAccountCreds
Create Service Account With Credentials
*/
type CreateServiceAccountCreds struct {
Context *middleware.Context
Handler CreateServiceAccountCredsHandler
}
func (o *CreateServiceAccountCreds) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewCreateServiceAccountCredsParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

102
restapi/operations/admin_api/create_service_account_creds_parameters.go Normal file
View File

@@ -0,0 +1,102 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"io"
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/validate"
"github.com/minio/console/models"
)
// NewCreateServiceAccountCredsParams creates a new CreateServiceAccountCredsParams object
//
// There are no default values defined in the spec.
func NewCreateServiceAccountCredsParams() CreateServiceAccountCredsParams {
return CreateServiceAccountCredsParams{}
}
// CreateServiceAccountCredsParams contains all the bound params for the create service account creds operation
// typically these are obtained from a http.Request
//
// swagger:parameters CreateServiceAccountCreds
type CreateServiceAccountCredsParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: body
*/
Body *models.ServiceAccountRequestCreds
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewCreateServiceAccountCredsParams() beforehand.
func (o *CreateServiceAccountCredsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.ServiceAccountRequestCreds
if err := route.Consumer.Consume(r.Body, &body); err != nil {
if err == io.EOF {
res = append(res, errors.Required("body", "body", ""))
} else {
res = append(res, errors.NewParseError("body", "body", "", err))
}
} else {
// validate body object
if err := body.Validate(route.Formats); err != nil {
res = append(res, err)
}
ctx := validate.WithOperationRequest(context.Background())
if err := body.ContextValidate(ctx, route.Formats); err != nil {
res = append(res, err)
}
if len(res) == 0 {
o.Body = &body
}
}
} else {
res = append(res, errors.Required("body", "body", ""))
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}

133
restapi/operations/admin_api/create_service_account_creds_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// CreateServiceAccountCredsCreatedCode is the HTTP code returned for type CreateServiceAccountCredsCreated
const CreateServiceAccountCredsCreatedCode int = 201
/*CreateServiceAccountCredsCreated A successful response.
swagger:response createServiceAccountCredsCreated
*/
type CreateServiceAccountCredsCreated struct {
/*
In: Body
*/
Payload *models.ServiceAccountCreds `json:"body,omitempty"`
}
// NewCreateServiceAccountCredsCreated creates CreateServiceAccountCredsCreated with default headers values
func NewCreateServiceAccountCredsCreated() *CreateServiceAccountCredsCreated {
return &CreateServiceAccountCredsCreated{}
}
// WithPayload adds the payload to the create service account creds created response
func (o *CreateServiceAccountCredsCreated) WithPayload(payload *models.ServiceAccountCreds) *CreateServiceAccountCredsCreated {
o.Payload = payload
return o
}
// SetPayload sets the payload to the create service account creds created response
func (o *CreateServiceAccountCredsCreated) SetPayload(payload *models.ServiceAccountCreds) {
o.Payload = payload
}
// WriteResponse to the client
func (o *CreateServiceAccountCredsCreated) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(201)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*CreateServiceAccountCredsDefault Generic error response.
swagger:response createServiceAccountCredsDefault
*/
type CreateServiceAccountCredsDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewCreateServiceAccountCredsDefault creates CreateServiceAccountCredsDefault with default headers values
func NewCreateServiceAccountCredsDefault(code int) *CreateServiceAccountCredsDefault {
if code <= 0 {
code = 500
}
return &CreateServiceAccountCredsDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the create service account creds default response
func (o *CreateServiceAccountCredsDefault) WithStatusCode(code int) *CreateServiceAccountCredsDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the create service account creds default response
func (o *CreateServiceAccountCredsDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the create service account creds default response
func (o *CreateServiceAccountCredsDefault) WithPayload(payload *models.Error) *CreateServiceAccountCredsDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the create service account creds default response
func (o *CreateServiceAccountCredsDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *CreateServiceAccountCredsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

104
restapi/operations/admin_api/create_service_account_creds_urlbuilder.go Normal file
View File

@@ -0,0 +1,104 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
)
// CreateServiceAccountCredsURL generates an URL for the create service account creds operation
type CreateServiceAccountCredsURL struct {
_basePath string
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *CreateServiceAccountCredsURL) WithBasePath(bp string) *CreateServiceAccountCredsURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *CreateServiceAccountCredsURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *CreateServiceAccountCredsURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/service-account-credentials"
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *CreateServiceAccountCredsURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *CreateServiceAccountCredsURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *CreateServiceAccountCredsURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on CreateServiceAccountCredsURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on CreateServiceAccountCredsURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *CreateServiceAccountCredsURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

24
restapi/operations/console_api.go
View File

@@ -119,6 +119,12 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
UserAPICreateServiceAccountHandler: user_api.CreateServiceAccountHandlerFunc(func(params user_api.CreateServiceAccountParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user_api.CreateServiceAccount has not yet been implemented")
}),
AdminAPICreateServiceAccountCredentialsHandler: admin_api.CreateServiceAccountCredentialsHandlerFunc(func(params admin_api.CreateServiceAccountCredentialsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.CreateServiceAccountCredentials has not yet been implemented")
}),
AdminAPICreateServiceAccountCredsHandler: admin_api.CreateServiceAccountCredsHandlerFunc(func(params admin_api.CreateServiceAccountCredsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.CreateServiceAccountCreds has not yet been implemented")
}),
AdminAPIDashboardWidgetDetailsHandler: admin_api.DashboardWidgetDetailsHandlerFunc(func(params admin_api.DashboardWidgetDetailsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.DashboardWidgetDetails has not yet been implemented")
}),
@@ -444,6 +450,10 @@ type ConsoleAPI struct {
UserAPICreateBucketEventHandler user_api.CreateBucketEventHandler
// UserAPICreateServiceAccountHandler sets the operation handler for the create service account operation
UserAPICreateServiceAccountHandler user_api.CreateServiceAccountHandler
// AdminAPICreateServiceAccountCredentialsHandler sets the operation handler for the create service account credentials operation
AdminAPICreateServiceAccountCredentialsHandler admin_api.CreateServiceAccountCredentialsHandler
// AdminAPICreateServiceAccountCredsHandler sets the operation handler for the create service account creds operation
AdminAPICreateServiceAccountCredsHandler admin_api.CreateServiceAccountCredsHandler
// AdminAPIDashboardWidgetDetailsHandler sets the operation handler for the dashboard widget details operation
AdminAPIDashboardWidgetDetailsHandler admin_api.DashboardWidgetDetailsHandler
// AdminAPIDeleteAccessRuleWithBucketHandler sets the operation handler for the delete access rule with bucket operation
@@ -741,6 +751,12 @@ func (o *ConsoleAPI) Validate() error {
if o.UserAPICreateServiceAccountHandler == nil {
unregistered = append(unregistered, "user_api.CreateServiceAccountHandler")
}
if o.AdminAPICreateServiceAccountCredentialsHandler == nil {
unregistered = append(unregistered, "admin_api.CreateServiceAccountCredentialsHandler")
}
if o.AdminAPICreateServiceAccountCredsHandler == nil {
unregistered = append(unregistered, "admin_api.CreateServiceAccountCredsHandler")
}
if o.AdminAPIDashboardWidgetDetailsHandler == nil {
unregistered = append(unregistered, "admin_api.DashboardWidgetDetailsHandler")
}
@@ -1149,6 +1165,14 @@ func (o *ConsoleAPI) initHandlerCache() {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/service-accounts"] = user_api.NewCreateServiceAccount(o.context, o.UserAPICreateServiceAccountHandler)
if o.handlers["POST"] == nil {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/user/{name}/service-account-credentials"] = admin_api.NewCreateServiceAccountCredentials(o.context, o.AdminAPICreateServiceAccountCredentialsHandler)
if o.handlers["POST"] == nil {
o.handlers["POST"] = make(map[string]http.Handler)
}
o.handlers["POST"]["/service-account-credentials"] = admin_api.NewCreateServiceAccountCreds(o.context, o.AdminAPICreateServiceAccountCredsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}

133
restapi/user_service_accounts.go
View File

@@ -19,6 +19,7 @@ package restapi
import (
"bytes"
"context"
"errors"
"strings"
"time"
@@ -48,6 +49,21 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
}
return admin_api.NewCreateAUserServiceAccountCreated().WithPayload(creds)
})
// Create User Service Account
api.AdminAPICreateServiceAccountCredentialsHandler = admin_api.CreateServiceAccountCredentialsHandlerFunc(func(params admin_api.CreateServiceAccountCredentialsParams, session *models.Principal) middleware.Responder {
creds, err := getCreateAUserServiceAccountCredsResponse(session, params.Body, params.Name)
if err != nil {
return user_api.NewCreateServiceAccountDefault(int(err.Code)).WithPayload(err)
}
return admin_api.NewCreateServiceAccountCredentialsCreated().WithPayload(creds)
})
api.AdminAPICreateServiceAccountCredsHandler = admin_api.CreateServiceAccountCredsHandlerFunc(func(params admin_api.CreateServiceAccountCredsParams, session *models.Principal) middleware.Responder {
creds, err := getCreateServiceAccountCredsResponse(session, params.Body)
if err != nil {
return user_api.NewCreateServiceAccountDefault(int(err.Code)).WithPayload(err)
}
return admin_api.NewCreateServiceAccountCredentialsCreated().WithPayload(creds)
})
// List Service Accounts for User
api.UserAPIListUserServiceAccountsHandler = user_api.ListUserServiceAccountsHandlerFunc(func(params user_api.ListUserServiceAccountsParams, session *models.Principal) middleware.Responder {
serviceAccounts, err := getUserServiceAccountsResponse(session, "")
@@ -89,7 +105,27 @@ func createServiceAccount(ctx context.Context, userClient MinioAdmin, policy str
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy)
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", "", "")
if err != nil {
return nil, err
}
return &models.ServiceAccountCreds{AccessKey: creds.AccessKey, SecretKey: creds.SecretKey}, nil
}
// createServiceAccount adds a service account with the given credentials to the userClient and assigns a policy to him if defined.
func createServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, accessKey string, secretKey string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
if strings.TrimSpace(policy) != "" {
iamp, err := iampolicy.ParseConfig(bytes.NewReader([]byte(policy)))
if err != nil {
return nil, err
}
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", accessKey, secretKey)
if err != nil {
return nil, err
}
@@ -118,7 +154,7 @@ func getCreateServiceAccountResponse(session *models.Principal, serviceAccount *
return saCreds, nil
}
// createServiceAccount adds a service account to the userClient and assigns a policy to him if defined.
// createServiceAccount adds a service account to a given user and assigns a policy to him if defined.
func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, policy string, user string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
@@ -131,7 +167,26 @@ func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, polic
iamPolicy = iamp
}
creds, err := userClient.addServiceAccountWithUser(ctx, iamPolicy, user)
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, "", "")
if err != nil {
return nil, err
}
return &models.ServiceAccountCreds{AccessKey: creds.AccessKey, SecretKey: creds.SecretKey}, nil
}
func createAUserServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, user string, accessKey string, secretKey string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
if strings.TrimSpace(policy) != "" {
iamp, err := iampolicy.ParseConfig(bytes.NewReader([]byte(policy)))
if err != nil {
return nil, err
}
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, accessKey, secretKey)
if err != nil {
return nil, err
}
@@ -139,7 +194,7 @@ func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, polic
}
// getCreateServiceAccountResponse creates a service account with the defined policy for the user that
// is requestingit ,it first gets the credentials of the user and creates a client which is going to
// is requesting it ,it first gets the credentials of the user and creates a client which is going to
// make the call to create the Service Account
func getCreateAUserServiceAccountResponse(session *models.Principal, serviceAccount *models.ServiceAccountRequest, user string) (*models.ServiceAccountCreds, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
@@ -160,6 +215,76 @@ func getCreateAUserServiceAccountResponse(session *models.Principal, serviceAcco
return saCreds, nil
}
// getCreateServiceAccountCredsResponse creates a service account with the defined policy for the user that
// is requesting it, and with the credentials provided
func getCreateAUserServiceAccountCredsResponse(session *models.Principal, serviceAccount *models.ServiceAccountRequestCreds, user string) (*models.ServiceAccountCreds, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
defer cancel()
userAdmin, err := NewMinioAdminClient(session)
if err != nil {
return nil, prepareError(err)
}
// create a MinIO user Admin Client interface implementation
// defining the client to be used
userAdminClient := AdminClient{Client: userAdmin}
if user == serviceAccount.AccessKey {
return nil, prepareError(errors.New("Access Key already in use"))
}
accounts, err := userAdminClient.listServiceAccounts(ctx, user)
if err != nil {
return nil, prepareError(err)
}
for i := 0; i < len(accounts.Accounts); i++ {
if accounts.Accounts[i] == serviceAccount.AccessKey {
return nil, prepareError(errors.New("Access Key already in use"))
}
}
saCreds, err := createAUserServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, user, serviceAccount.AccessKey, serviceAccount.SecretKey)
if err != nil {
return nil, prepareError(err)
}
return saCreds, nil
}
func getCreateServiceAccountCredsResponse(session *models.Principal, serviceAccount *models.ServiceAccountRequestCreds) (*models.ServiceAccountCreds, *models.Error) {
ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
defer cancel()
userAdmin, err := NewMinioAdminClient(session)
if err != nil {
return nil, prepareError(err)
}
// create a MinIO user Admin Client interface implementation
// defining the client to be used
userAdminClient := AdminClient{Client: userAdmin}
if session.AccountAccessKey == serviceAccount.AccessKey {
return nil, prepareError(errors.New("Access Key already in use"))
}
accounts, err := userAdminClient.listServiceAccounts(ctx, "")
if err != nil {
return nil, prepareError(err)
}
for i := 0; i < len(accounts.Accounts); i++ {
if accounts.Accounts[i] == serviceAccount.AccessKey {
return nil, prepareError(errors.New("Access Key already in use"))
}
}
saCreds, err := createServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, serviceAccount.AccessKey, serviceAccount.SecretKey)
if err != nil {
return nil, prepareError(err)
}
return saCreds, nil
}
// getUserServiceAccount gets list of the user's service accounts
func getUserServiceAccounts(ctx context.Context, userClient MinioAdmin, user string) (models.ServiceAccounts, error) {
listServAccs, err := userClient.listServiceAccounts(ctx, user)

17
restapi/user_service_accounts_test.go
View File

@@ -29,18 +29,13 @@ import (
)
// assigning mock at runtime instead of compile time
var minioAddServiceAccountMock func(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error)
var minioAddServiceAccountWithUserMock func(ctx context.Context, policy *iampolicy.Policy, user string) (madmin.Credentials, error)
var minioAddServiceAccountMock func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
var minioListServiceAccountsMock func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
var minioDeleteServiceAccountMock func(ctx context.Context, serviceAccount string) error
// mock function of AddServiceAccount()
func (ac adminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error) {
return minioAddServiceAccountMock(ctx, policy)
}
func (ac adminClientMock) addServiceAccountWithUser(ctx context.Context, policy *iampolicy.Policy, user string) (madmin.Credentials, error) {
return minioAddServiceAccountWithUserMock(ctx, policy, user)
func (ac adminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
return minioAddServiceAccountMock(ctx, policy, user, accessKey, secretKey)
}
// mock function of ListServiceAccounts()
@@ -65,7 +60,7 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
return mockResponse, nil
}
saCreds, err := createServiceAccount(ctx, client, policyDefinition)
@@ -81,7 +76,7 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
return mockResponse, nil
}
saCreds, err = createServiceAccount(ctx, client, policyDefinition)
@@ -93,7 +88,7 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
return madmin.Credentials{}, errors.New("error")
}
_, err = createServiceAccount(ctx, client, policyDefinition)

58
swagger-console.yml
View File

@@ -1123,6 +1123,28 @@ paths:
tags:
- UserAPI
/service-account-credentials:
post:
summary: Create Service Account With Credentials
operationId: CreateServiceAccountCreds
parameters:
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequestCreds"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/service-accounts/{access_key}:
delete:
summary: Delete Service Account
@@ -1344,6 +1366,32 @@ paths:
tags:
- AdminAPI
/user/{name}/service-account-credentials:
post:
summary: Create Service Account for User With Credentials
operationId: CreateServiceAccountCredentials
parameters:
- name: name
in: path
required: true
type: string
- name: body
in: body
required: true
schema:
$ref: "#/definitions/serviceAccountRequestCreds"
responses:
201:
description: A successful response.
schema:
$ref: "#/definitions/serviceAccountCreds"
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
/users-groups-bulk:
put:
summary: Bulk functionality to Add Users to Groups
@@ -3230,6 +3278,16 @@ definitions:
policy:
type: string
title: "policy to be applied to the Service Account if any"
serviceAccountRequestCreds:
type: object
properties:
policy:
type: string
title: "policy to be applied to the Service Account if any"
accessKey:
type: string
secretKey:
type: string
serviceAccountCreds:
type: object
properties: