mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Inspect API (#1540)

Browse Source 
* Inspect API

* Address review comments

Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
Co-authored-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
This commit is contained in:
Prakash Senthil Vel
2022-02-16 00:14:51 +00:00
committed by GitHub
parent 3ae8e14156
commit 951d3bf6dc
10 changed files with 777 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
restapi/admin_inspect.go Normal file
View File

@@ -0,0 +1,119 @@
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package restapi
import (
"context"
"encoding/binary"
"encoding/hex"
"fmt"
"hash/crc32"
"io"
"io/ioutil"
"net/http"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
"github.com/minio/console/restapi/operations/admin_api"
"github.com/minio/madmin-go"
"github.com/secure-io/sio-go"
)
func registerInspectHandler(api *operations.ConsoleAPI) {
api.AdminAPIInspectHandler = admin_api.InspectHandlerFunc(func(params admin_api.InspectParams, principal *models.Principal) middleware.Responder {
k, r, err := getInspectResult(principal, &params)
isEncryptOn := params.Encrypt != nil && *params.Encrypt
if err != nil {
return admin_api.NewInspectDefault(int(err.Code)).WithPayload(err)
}
return middleware.ResponderFunc(processInspectResponse(isEncryptOn, k, r))
})
}
func getInspectResult(session *models.Principal, params *admin_api.InspectParams) (*[32]byte, io.ReadCloser, *models.Error) {
ctx := context.Background()
mAdmin, err := NewMinioAdminClient(session)
if err != nil {
return nil, nil, prepareError(err)
}
var cfg madmin.InspectOptions
cfg.File = params.File
cfg.Volume = params.Volume
// create a MinIO Admin Client interface implementation
// defining the client to be used
adminClient := AdminClient{Client: mAdmin}
k, r, err := adminClient.inspect(ctx, cfg)
if err != nil {
return nil, nil, prepareError(err)
}
return &k, r, nil
}
//borrowed from mc cli
func decryptInspect(key [32]byte, r io.Reader) io.ReadCloser {
stream, err := sio.AES_256_GCM.Stream(key[:])
if err != nil {
return nil
}
nonce := make([]byte, stream.NonceSize())
return ioutil.NopCloser(stream.DecryptReader(r, nonce, nil))
}
func processInspectResponse(isEnc bool, k *[32]byte, r io.ReadCloser) func(w http.ResponseWriter, _ runtime.Producer) {
return func(w http.ResponseWriter, _ runtime.Producer) {
var id [4]byte
binary.LittleEndian.PutUint32(id[:], crc32.ChecksumIEEE(k[:]))
defer r.Close()
ext := "enc"
if !isEnc {
ext = "zip"
r = decryptInspect(*k, r)
}
fileName := fmt.Sprintf("inspect.%s.%s", hex.EncodeToString(id[:]), ext)
if isEnc {
// use cookie to transmit the Decryption Key.
hexKey := hex.EncodeToString(id[:]) + hex.EncodeToString(k[:])
cookie := http.Cookie{
Name: fileName,
Value: hexKey,
Path: "/",
MaxAge: 3000,
}
http.SetCookie(w, &cookie)
}
w.Header().Set("Content-Type", "application/octet-stream")
w.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=\"%s\"", fileName))
_, err := io.Copy(w, r)
if err != nil {
LogError("Unable to write all the data: %v", err)
}
}
}

5
restapi/client-admin.go
View File

@@ -416,6 +416,11 @@ func (ac AdminClient) addTier(ctx context.Context, cfg *madmin.TierConfig) error
return ac.Client.AddTier(ctx, cfg)
}
// implements madmin.Inspect()
func (ac AdminClient) inspect(ctx context.Context, insOpts madmin.InspectOptions) ([32]byte, io.ReadCloser, error) {
return ac.Client.Inspect(ctx, insOpts)
}
// implements madmin.EditTier()
func (ac AdminClient) editTierCreds(ctx context.Context, tierName string, creds madmin.TierCreds) error {
return ac.Client.EditTier(ctx, tierName, creds)

2
restapi/configure_console.go
View File

@@ -122,6 +122,8 @@ func configureAPI(api *operations.ConsoleAPI) http.Handler {
registerSubnetHandlers(api)
// Register Account handlers
registerAdminTiersHandlers(api)
//Register Inspect Handler
registerInspectHandler(api)
// Operator Console

90
restapi/embedded_spec.go
View File

@@ -214,6 +214,51 @@ func init() {
}
}
},
"/admin/inspect": {
"get": {
"produces": [
"application/octet-stream"
],
"tags": [
"AdminAPI"
],
"summary": "Inspect Files on Drive",
"operationId": "Inspect",
"parameters": [
{
"type": "string",
"name": "file",
"in": "query",
"required": true
},
{
"type": "string",
"name": "volume",
"in": "query",
"required": true
},
{
"type": "boolean",
"name": "encrypt",
"in": "query"
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "file"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/admin/notification_endpoints": {
"get": {
"tags": [
@@ -6585,6 +6630,51 @@ func init() {
}
}
},
"/admin/inspect": {
"get": {
"produces": [
"application/octet-stream"
],
"tags": [
"AdminAPI"
],
"summary": "Inspect Files on Drive",
"operationId": "Inspect",
"parameters": [
{
"type": "string",
"name": "file",
"in": "query",
"required": true
},
{
"type": "string",
"name": "volume",
"in": "query",
"required": true
},
{
"type": "boolean",
"name": "encrypt",
"in": "query"
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "file"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/admin/notification_endpoints": {
"get": {
"tags": [

88
restapi/operations/admin_api/inspect.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// InspectHandlerFunc turns a function with the right signature into a inspect handler
type InspectHandlerFunc func(InspectParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn InspectHandlerFunc) Handle(params InspectParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// InspectHandler interface for that can handle valid inspect params
type InspectHandler interface {
Handle(InspectParams, *models.Principal) middleware.Responder
}
// NewInspect creates a new http.Handler for the inspect operation
func NewInspect(ctx *middleware.Context, handler InspectHandler) *Inspect {
return &Inspect{Context: ctx, Handler: handler}
}
/* Inspect swagger:route GET /admin/inspect AdminAPI inspect
Inspect Files on Drive
*/
type Inspect struct {
Context *middleware.Context
Handler InspectHandler
}
func (o *Inspect) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewInspectParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

163
restapi/operations/admin_api/inspect_parameters.go Normal file
View File

@@ -0,0 +1,163 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
"github.com/go-openapi/validate"
)
// NewInspectParams creates a new InspectParams object
//
// There are no default values defined in the spec.
func NewInspectParams() InspectParams {
return InspectParams{}
}
// InspectParams contains all the bound params for the inspect operation
// typically these are obtained from a http.Request
//
// swagger:parameters Inspect
type InspectParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
In: query
*/
Encrypt *bool
/*
Required: true
In: query
*/
File string
/*
Required: true
In: query
*/
Volume string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewInspectParams() beforehand.
func (o *InspectParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
qs := runtime.Values(r.URL.Query())
qEncrypt, qhkEncrypt, _ := qs.GetOK("encrypt")
if err := o.bindEncrypt(qEncrypt, qhkEncrypt, route.Formats); err != nil {
res = append(res, err)
}
qFile, qhkFile, _ := qs.GetOK("file")
if err := o.bindFile(qFile, qhkFile, route.Formats); err != nil {
res = append(res, err)
}
qVolume, qhkVolume, _ := qs.GetOK("volume")
if err := o.bindVolume(qVolume, qhkVolume, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindEncrypt binds and validates parameter Encrypt from query.
func (o *InspectParams) bindEncrypt(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: false
// AllowEmptyValue: false
if raw == "" { // empty values pass all other validations
return nil
}
value, err := swag.ConvertBool(raw)
if err != nil {
return errors.InvalidType("encrypt", "query", "bool", raw)
}
o.Encrypt = &value
return nil
}
// bindFile binds and validates parameter File from query.
func (o *InspectParams) bindFile(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("file", "query", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// AllowEmptyValue: false
if err := validate.RequiredString("file", "query", raw); err != nil {
return err
}
o.File = raw
return nil
}
// bindVolume binds and validates parameter Volume from query.
func (o *InspectParams) bindVolume(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("volume", "query", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// AllowEmptyValue: false
if err := validate.RequiredString("volume", "query", raw); err != nil {
return err
}
o.Volume = raw
return nil
}

132
restapi/operations/admin_api/inspect_responses.go Normal file
View File

@@ -0,0 +1,132 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"io"
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// InspectOKCode is the HTTP code returned for type InspectOK
const InspectOKCode int = 200
/*InspectOK A successful response.
swagger:response inspectOK
*/
type InspectOK struct {
/*
In: Body
*/
Payload io.ReadCloser `json:"body,omitempty"`
}
// NewInspectOK creates InspectOK with default headers values
func NewInspectOK() *InspectOK {
return &InspectOK{}
}
// WithPayload adds the payload to the inspect o k response
func (o *InspectOK) WithPayload(payload io.ReadCloser) *InspectOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the inspect o k response
func (o *InspectOK) SetPayload(payload io.ReadCloser) {
o.Payload = payload
}
// WriteResponse to the client
func (o *InspectOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*InspectDefault Generic error response.
swagger:response inspectDefault
*/
type InspectDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewInspectDefault creates InspectDefault with default headers values
func NewInspectDefault(code int) *InspectDefault {
if code <= 0 {
code = 500
}
return &InspectDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the inspect default response
func (o *InspectDefault) WithStatusCode(code int) *InspectDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the inspect default response
func (o *InspectDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the inspect default response
func (o *InspectDefault) WithPayload(payload *models.Error) *InspectDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the inspect default response
func (o *InspectDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *InspectDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

134
restapi/operations/admin_api/inspect_urlbuilder.go Normal file
View File

@@ -0,0 +1,134 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
"github.com/go-openapi/swag"
)
// InspectURL generates an URL for the inspect operation
type InspectURL struct {
Encrypt *bool
File string
Volume string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *InspectURL) WithBasePath(bp string) *InspectURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *InspectURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *InspectURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/admin/inspect"
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
qs := make(url.Values)
var encryptQ string
if o.Encrypt != nil {
encryptQ = swag.FormatBool(*o.Encrypt)
}
if encryptQ != "" {
qs.Set("encrypt", encryptQ)
}
fileQ := o.File
if fileQ != "" {
qs.Set("file", fileQ)
}
volumeQ := o.Volume
if volumeQ != "" {
qs.Set("volume", volumeQ)
}
_result.RawQuery = qs.Encode()
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *InspectURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *InspectURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *InspectURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on InspectURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on InspectURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *InspectURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

12
restapi/operations/console_api.go
View File

@@ -218,6 +218,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
AdminAPIGroupInfoHandler: admin_api.GroupInfoHandlerFunc(func(params admin_api.GroupInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.GroupInfo has not yet been implemented")
}),
AdminAPIInspectHandler: admin_api.InspectHandlerFunc(func(params admin_api.InspectParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.Inspect has not yet been implemented")
}),
AdminAPIListAUserServiceAccountsHandler: admin_api.ListAUserServiceAccountsHandlerFunc(func(params admin_api.ListAUserServiceAccountsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation admin_api.ListAUserServiceAccounts has not yet been implemented")
}),
@@ -555,6 +558,8 @@ type ConsoleAPI struct {
AdminAPIGetUserInfoHandler admin_api.GetUserInfoHandler
// AdminAPIGroupInfoHandler sets the operation handler for the group info operation
AdminAPIGroupInfoHandler admin_api.GroupInfoHandler
// AdminAPIInspectHandler sets the operation handler for the inspect operation
AdminAPIInspectHandler admin_api.InspectHandler
// AdminAPIListAUserServiceAccountsHandler sets the operation handler for the list a user service accounts operation
AdminAPIListAUserServiceAccountsHandler admin_api.ListAUserServiceAccountsHandler
// AdminAPIListAccessRulesWithBucketHandler sets the operation handler for the list access rules with bucket operation
@@ -915,6 +920,9 @@ func (o *ConsoleAPI) Validate() error {
if o.AdminAPIGroupInfoHandler == nil {
unregistered = append(unregistered, "admin_api.GroupInfoHandler")
}
if o.AdminAPIInspectHandler == nil {
unregistered = append(unregistered, "admin_api.InspectHandler")
}
if o.AdminAPIListAUserServiceAccountsHandler == nil {
unregistered = append(unregistered, "admin_api.ListAUserServiceAccountsHandler")
}
@@ -1404,6 +1412,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/admin/inspect"] = admin_api.NewInspect(o.context, o.AdminAPIInspectHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/user/{name}/service-accounts"] = admin_api.NewListAUserServiceAccounts(o.context, o.AdminAPIListAUserServiceAccountsHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)

32
swagger-console.yml
View File

@@ -2576,6 +2576,38 @@ paths:
tags:
- UserAPI
/admin/inspect:
get:
summary: Inspect Files on Drive
operationId: Inspect
produces:
- application/octet-stream
parameters:
- name: file
in: query
required: true
type: string
- name: volume
in: query
required: true
type: string
- name: encrypt
in: query
required: false
type: boolean
responses:
200:
description: A successful response.
schema:
type: file
default:
description: Generic error response.
schema:
$ref: "#/definitions/error"
tags:
- AdminAPI
definitions:
accountChangePasswordRequest:
type: object