mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Service Account Policy restriction improvement (#1921)

Browse Source
This commit is contained in:
jinapurapu
2022-05-03 11:03:57 -07:00
committed by GitHub
parent 6485718a97
commit ab835286b0
18 changed files with 1479 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
restapi/admin_policies.go
View File

@@ -31,6 +31,8 @@ import (
"github.com/minio/console/models"
"github.com/minio/console/restapi/operations"
iampolicy "github.com/minio/pkg/iam/policy"
policies "github.com/minio/console/restapi/policy"
)
func registersPoliciesHandler(api *operations.ConsoleAPI) {
@@ -121,6 +123,14 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) {
}
return policyApi.NewListGroupsForPolicyOK().WithPayload(policyGroupsResponse)
})
// Gets policies for currently logged in user
api.PolicyGetUserPolicyHandler = policyApi.GetUserPolicyHandlerFunc(func(params policyApi.GetUserPolicyParams, session *models.Principal) middleware.Responder {
userPolicyResponse, err := getUserPolicyResponse(session)
if err != nil {
return policyApi.NewGetUserPolicyDefault(int(err.Code)).WithPayload(err)
}
return policyApi.NewGetUserPolicyOK().WithPayload(userPolicyResponse)
})
}
func getListAccessRulesWithBucketResponse(session *models.Principal, params bucketApi.ListAccessRulesWithBucketParams) (*models.ListAccessRulesResponse, *models.Error) {
@@ -322,16 +332,47 @@ func getListUsersForPolicyResponse(session *models.Principal, params policyApi.L
return filteredUsers, nil
}
func getUserPolicyResponse(session *models.Principal) (string, *models.Error) {
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
// serialize output
if session == nil {
return "nil", ErrorWithContext(ctx, ErrPolicyNotFound)
}
tokenClaims, _ := getClaimsFromToken(session.STSSessionToken)
// initialize admin client
mAdminClient, err := NewMinioAdminClient(&models.Principal{
STSAccessKeyID: session.STSAccessKeyID,
STSSecretAccessKey: session.STSSecretAccessKey,
STSSessionToken: session.STSSessionToken,
})
if err != nil {
return "nil", ErrorWithContext(ctx, err)
}
userAdminClient := AdminClient{Client: mAdminClient}
// Obtain the current policy assigned to this user
// necessary for generating the list of allowed endpoints
accountInfo, err := getAccountInfo(ctx, userAdminClient)
if err != nil {
return "nil", ErrorWithContext(ctx, err)
}
rawPolicy := policies.ReplacePolicyVariables(tokenClaims, accountInfo)
return string(rawPolicy), nil
}
func getListGroupsForPolicyResponse(session *models.Principal, params policyApi.ListGroupsForPolicyParams) ([]string, *models.Error) {
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
defer cancel()
policy := params.Policy
mAdmin, err := NewMinioAdminClient(session)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
// create a minioClient interface implementation
// defining the client to be used
policy := params.Policy
adminClient := AdminClient{Client: mAdmin}
policies, err := listPolicies(ctx, adminClient)
if err != nil {

46
restapi/embedded_spec.go
View File

@@ -3976,6 +3976,29 @@ func init() {
}
}
},
"/user/policy": {
"get": {
"tags": [
"Policy"
],
"summary": "returns policies for logged in user",
"operationId": "GetUserPolicy",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "string"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/user/{name}/service-account-credentials": {
"post": {
"tags": [
@@ -10901,6 +10924,29 @@ func init() {
}
}
},
"/user/policy": {
"get": {
"tags": [
"Policy"
],
"summary": "returns policies for logged in user",
"operationId": "GetUserPolicy",
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "string"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/error"
}
}
}
}
},
"/user/{name}/service-account-credentials": {
"post": {
"tags": [

88
restapi/operations/admin_api/get_user_policy.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// GetUserPolicyHandlerFunc turns a function with the right signature into a get user policy handler
type GetUserPolicyHandlerFunc func(GetUserPolicyParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn GetUserPolicyHandlerFunc) Handle(params GetUserPolicyParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// GetUserPolicyHandler interface for that can handle valid get user policy params
type GetUserPolicyHandler interface {
Handle(GetUserPolicyParams, *models.Principal) middleware.Responder
}
// NewGetUserPolicy creates a new http.Handler for the get user policy operation
func NewGetUserPolicy(ctx *middleware.Context, handler GetUserPolicyHandler) *GetUserPolicy {
return &GetUserPolicy{Context: ctx, Handler: handler}
}
/* GetUserPolicy swagger:route GET /user/policy AdminAPI getUserPolicy
returns policies for logged in user
*/
type GetUserPolicy struct {
Context *middleware.Context
Handler GetUserPolicyHandler
}
func (o *GetUserPolicy) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewGetUserPolicyParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

63
restapi/operations/admin_api/get_user_policy_parameters.go Normal file
View File

@@ -0,0 +1,63 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
)
// NewGetUserPolicyParams creates a new GetUserPolicyParams object
//
// There are no default values defined in the spec.
func NewGetUserPolicyParams() GetUserPolicyParams {
return GetUserPolicyParams{}
}
// GetUserPolicyParams contains all the bound params for the get user policy operation
// typically these are obtained from a http.Request
//
// swagger:parameters GetUserPolicy
type GetUserPolicyParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewGetUserPolicyParams() beforehand.
func (o *GetUserPolicyParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}

131
restapi/operations/admin_api/get_user_policy_responses.go Normal file
View File

@@ -0,0 +1,131 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// GetUserPolicyOKCode is the HTTP code returned for type GetUserPolicyOK
const GetUserPolicyOKCode int = 200
/*GetUserPolicyOK A successful response.
swagger:response getUserPolicyOK
*/
type GetUserPolicyOK struct {
/*
In: Body
*/
Payload string `json:"body,omitempty"`
}
// NewGetUserPolicyOK creates GetUserPolicyOK with default headers values
func NewGetUserPolicyOK() *GetUserPolicyOK {
return &GetUserPolicyOK{}
}
// WithPayload adds the payload to the get user policy o k response
func (o *GetUserPolicyOK) WithPayload(payload string) *GetUserPolicyOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get user policy o k response
func (o *GetUserPolicyOK) SetPayload(payload string) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetUserPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*GetUserPolicyDefault Generic error response.
swagger:response getUserPolicyDefault
*/
type GetUserPolicyDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewGetUserPolicyDefault creates GetUserPolicyDefault with default headers values
func NewGetUserPolicyDefault(code int) *GetUserPolicyDefault {
if code <= 0 {
code = 500
}
return &GetUserPolicyDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the get user policy default response
func (o *GetUserPolicyDefault) WithStatusCode(code int) *GetUserPolicyDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the get user policy default response
func (o *GetUserPolicyDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the get user policy default response
func (o *GetUserPolicyDefault) WithPayload(payload *models.Error) *GetUserPolicyDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get user policy default response
func (o *GetUserPolicyDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetUserPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

104
restapi/operations/admin_api/get_user_policy_urlbuilder.go Normal file
View File

@@ -0,0 +1,104 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
)
// GetUserPolicyURL generates an URL for the get user policy operation
type GetUserPolicyURL struct {
_basePath string
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetUserPolicyURL) WithBasePath(bp string) *GetUserPolicyURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetUserPolicyURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *GetUserPolicyURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/user/policy"
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *GetUserPolicyURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *GetUserPolicyURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *GetUserPolicyURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on GetUserPolicyURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on GetUserPolicyURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *GetUserPolicyURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

88
restapi/operations/admin_api/update_user_groups.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// UpdateUserGroupsHandlerFunc turns a function with the right signature into a update user groups handler
type UpdateUserGroupsHandlerFunc func(UpdateUserGroupsParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn UpdateUserGroupsHandlerFunc) Handle(params UpdateUserGroupsParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// UpdateUserGroupsHandler interface for that can handle valid update user groups params
type UpdateUserGroupsHandler interface {
Handle(UpdateUserGroupsParams, *models.Principal) middleware.Responder
}
// NewUpdateUserGroups creates a new http.Handler for the update user groups operation
func NewUpdateUserGroups(ctx *middleware.Context, handler UpdateUserGroupsHandler) *UpdateUserGroups {
return &UpdateUserGroups{Context: ctx, Handler: handler}
}
/* UpdateUserGroups swagger:route PUT /user/groups AdminAPI updateUserGroups
Update Groups for a user
*/
type UpdateUserGroups struct {
Context *middleware.Context
Handler UpdateUserGroupsHandler
}
func (o *UpdateUserGroups) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewUpdateUserGroupsParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

136
restapi/operations/admin_api/update_user_groups_parameters.go Normal file
View File

@@ -0,0 +1,136 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"io"
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime"
"github.com/go-openapi/runtime/middleware"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/validate"
"github.com/minio/console/models"
)
// NewUpdateUserGroupsParams creates a new UpdateUserGroupsParams object
//
// There are no default values defined in the spec.
func NewUpdateUserGroupsParams() UpdateUserGroupsParams {
return UpdateUserGroupsParams{}
}
// UpdateUserGroupsParams contains all the bound params for the update user groups operation
// typically these are obtained from a http.Request
//
// swagger:parameters UpdateUserGroups
type UpdateUserGroupsParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
/*
Required: true
In: body
*/
Body *models.UpdateUserGroups
/*
Required: true
In: query
*/
Name string
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewUpdateUserGroupsParams() beforehand.
func (o *UpdateUserGroupsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
qs := runtime.Values(r.URL.Query())
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.UpdateUserGroups
if err := route.Consumer.Consume(r.Body, &body); err != nil {
if err == io.EOF {
res = append(res, errors.Required("body", "body", ""))
} else {
res = append(res, errors.NewParseError("body", "body", "", err))
}
} else {
// validate body object
if err := body.Validate(route.Formats); err != nil {
res = append(res, err)
}
ctx := validate.WithOperationRequest(context.Background())
if err := body.ContextValidate(ctx, route.Formats); err != nil {
res = append(res, err)
}
if len(res) == 0 {
o.Body = &body
}
}
} else {
res = append(res, errors.Required("body", "body", ""))
}
qName, qhkName, _ := qs.GetOK("name")
if err := o.bindName(qName, qhkName, route.Formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
// bindName binds and validates parameter Name from query.
func (o *UpdateUserGroupsParams) bindName(rawData []string, hasKey bool, formats strfmt.Registry) error {
if !hasKey {
return errors.Required("name", "query", rawData)
}
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]
}
// Required: true
// AllowEmptyValue: false
if err := validate.RequiredString("name", "query", raw); err != nil {
return err
}
o.Name = raw
return nil
}

133
restapi/operations/admin_api/update_user_groups_responses.go Normal file
View File

@@ -0,0 +1,133 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// UpdateUserGroupsOKCode is the HTTP code returned for type UpdateUserGroupsOK
const UpdateUserGroupsOKCode int = 200
/*UpdateUserGroupsOK A successful response.
swagger:response updateUserGroupsOK
*/
type UpdateUserGroupsOK struct {
/*
In: Body
*/
Payload *models.User `json:"body,omitempty"`
}
// NewUpdateUserGroupsOK creates UpdateUserGroupsOK with default headers values
func NewUpdateUserGroupsOK() *UpdateUserGroupsOK {
return &UpdateUserGroupsOK{}
}
// WithPayload adds the payload to the update user groups o k response
func (o *UpdateUserGroupsOK) WithPayload(payload *models.User) *UpdateUserGroupsOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the update user groups o k response
func (o *UpdateUserGroupsOK) SetPayload(payload *models.User) {
o.Payload = payload
}
// WriteResponse to the client
func (o *UpdateUserGroupsOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*UpdateUserGroupsDefault Generic error response.
swagger:response updateUserGroupsDefault
*/
type UpdateUserGroupsDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewUpdateUserGroupsDefault creates UpdateUserGroupsDefault with default headers values
func NewUpdateUserGroupsDefault(code int) *UpdateUserGroupsDefault {
if code <= 0 {
code = 500
}
return &UpdateUserGroupsDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the update user groups default response
func (o *UpdateUserGroupsDefault) WithStatusCode(code int) *UpdateUserGroupsDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the update user groups default response
func (o *UpdateUserGroupsDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the update user groups default response
func (o *UpdateUserGroupsDefault) WithPayload(payload *models.Error) *UpdateUserGroupsDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the update user groups default response
func (o *UpdateUserGroupsDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *UpdateUserGroupsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

117
restapi/operations/admin_api/update_user_groups_urlbuilder.go Normal file
View File

@@ -0,0 +1,117 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package admin_api
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
)
// UpdateUserGroupsURL generates an URL for the update user groups operation
type UpdateUserGroupsURL struct {
Name string
_basePath string
// avoid unkeyed usage
_ struct{}
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *UpdateUserGroupsURL) WithBasePath(bp string) *UpdateUserGroupsURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *UpdateUserGroupsURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *UpdateUserGroupsURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/user/groups"
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
qs := make(url.Values)
nameQ := o.Name
if nameQ != "" {
qs.Set("name", nameQ)
}
_result.RawQuery = qs.Encode()
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *UpdateUserGroupsURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *UpdateUserGroupsURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *UpdateUserGroupsURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on UpdateUserGroupsURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on UpdateUserGroupsURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *UpdateUserGroupsURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

12
restapi/operations/console_api.go
View File

@@ -249,6 +249,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
UserGetUserInfoHandler: user.GetUserInfoHandlerFunc(func(params user.GetUserInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user.GetUserInfo has not yet been implemented")
}),
PolicyGetUserPolicyHandler: policy.GetUserPolicyHandlerFunc(func(params policy.GetUserPolicyParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation policy.GetUserPolicy has not yet been implemented")
}),
GroupGroupInfoHandler: group.GroupInfoHandlerFunc(func(params group.GroupInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation group.GroupInfo has not yet been implemented")
}),
@@ -615,6 +618,8 @@ type ConsoleAPI struct {
TieringGetTierHandler tiering.GetTierHandler
// UserGetUserInfoHandler sets the operation handler for the get user info operation
UserGetUserInfoHandler user.GetUserInfoHandler
// PolicyGetUserPolicyHandler sets the operation handler for the get user policy operation
PolicyGetUserPolicyHandler policy.GetUserPolicyHandler
// GroupGroupInfoHandler sets the operation handler for the group info operation
GroupGroupInfoHandler group.GroupInfoHandler
// InspectInspectHandler sets the operation handler for the inspect operation
@@ -1002,6 +1007,9 @@ func (o *ConsoleAPI) Validate() error {
if o.UserGetUserInfoHandler == nil {
unregistered = append(unregistered, "user.GetUserInfoHandler")
}
if o.PolicyGetUserPolicyHandler == nil {
unregistered = append(unregistered, "policy.GetUserPolicyHandler")
}
if o.GroupGroupInfoHandler == nil {
unregistered = append(unregistered, "group.GroupInfoHandler")
}
@@ -1527,6 +1535,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/user/policy"] = policy.NewGetUserPolicy(o.context, o.PolicyGetUserPolicyHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/group"] = group.NewGroupInfo(o.context, o.GroupGroupInfoHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)

88
restapi/operations/policy/get_user_policy.go Normal file
View File

@@ -0,0 +1,88 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package policy
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/minio/console/models"
)
// GetUserPolicyHandlerFunc turns a function with the right signature into a get user policy handler
type GetUserPolicyHandlerFunc func(GetUserPolicyParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn GetUserPolicyHandlerFunc) Handle(params GetUserPolicyParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// GetUserPolicyHandler interface for that can handle valid get user policy params
type GetUserPolicyHandler interface {
Handle(GetUserPolicyParams, *models.Principal) middleware.Responder
}
// NewGetUserPolicy creates a new http.Handler for the get user policy operation
func NewGetUserPolicy(ctx *middleware.Context, handler GetUserPolicyHandler) *GetUserPolicy {
return &GetUserPolicy{Context: ctx, Handler: handler}
}
/* GetUserPolicy swagger:route GET /user/policy Policy getUserPolicy
returns policies for logged in user
*/
type GetUserPolicy struct {
Context *middleware.Context
Handler GetUserPolicyHandler
}
func (o *GetUserPolicy) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewGetUserPolicyParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
if aCtx != nil {
*r = *aCtx
}
var principal *models.Principal
if uprinc != nil {
principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
}
if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
o.Context.Respond(rw, r, route.Produces, route, err)
return
}
res := o.Handler.Handle(Params, principal) // actually handle the request
o.Context.Respond(rw, r, route.Produces, route, res)
}

63
restapi/operations/policy/get_user_policy_parameters.go Normal file
View File

@@ -0,0 +1,63 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package policy
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/errors"
"github.com/go-openapi/runtime/middleware"
)
// NewGetUserPolicyParams creates a new GetUserPolicyParams object
//
// There are no default values defined in the spec.
func NewGetUserPolicyParams() GetUserPolicyParams {
return GetUserPolicyParams{}
}
// GetUserPolicyParams contains all the bound params for the get user policy operation
// typically these are obtained from a http.Request
//
// swagger:parameters GetUserPolicy
type GetUserPolicyParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewGetUserPolicyParams() beforehand.
func (o *GetUserPolicyParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}

131
restapi/operations/policy/get_user_policy_responses.go Normal file
View File

@@ -0,0 +1,131 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package policy
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// GetUserPolicyOKCode is the HTTP code returned for type GetUserPolicyOK
const GetUserPolicyOKCode int = 200
/*GetUserPolicyOK A successful response.
swagger:response getUserPolicyOK
*/
type GetUserPolicyOK struct {
/*
In: Body
*/
Payload string `json:"body,omitempty"`
}
// NewGetUserPolicyOK creates GetUserPolicyOK with default headers values
func NewGetUserPolicyOK() *GetUserPolicyOK {
return &GetUserPolicyOK{}
}
// WithPayload adds the payload to the get user policy o k response
func (o *GetUserPolicyOK) WithPayload(payload string) *GetUserPolicyOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get user policy o k response
func (o *GetUserPolicyOK) SetPayload(payload string) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetUserPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*GetUserPolicyDefault Generic error response.
swagger:response getUserPolicyDefault
*/
type GetUserPolicyDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.Error `json:"body,omitempty"`
}
// NewGetUserPolicyDefault creates GetUserPolicyDefault with default headers values
func NewGetUserPolicyDefault(code int) *GetUserPolicyDefault {
if code <= 0 {
code = 500
}
return &GetUserPolicyDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the get user policy default response
func (o *GetUserPolicyDefault) WithStatusCode(code int) *GetUserPolicyDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the get user policy default response
func (o *GetUserPolicyDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the get user policy default response
func (o *GetUserPolicyDefault) WithPayload(payload *models.Error) *GetUserPolicyDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get user policy default response
func (o *GetUserPolicyDefault) SetPayload(payload *models.Error) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetUserPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

104
restapi/operations/policy/get_user_policy_urlbuilder.go Normal file
View File

@@ -0,0 +1,104 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2022 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package policy
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the generate command
import (
"errors"
"net/url"
golangswaggerpaths "path"
)
// GetUserPolicyURL generates an URL for the get user policy operation
type GetUserPolicyURL struct {
_basePath string
}
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetUserPolicyURL) WithBasePath(bp string) *GetUserPolicyURL {
o.SetBasePath(bp)
return o
}
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetUserPolicyURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *GetUserPolicyURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/user/policy"
_basePath := o._basePath
if _basePath == "" {
_basePath = "/api/v1"
}
_result.Path = golangswaggerpaths.Join(_basePath, _path)
return &_result, nil
}
// Must is a helper function to panic when the url builder returns an error
func (o *GetUserPolicyURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
if u == nil {
panic("url can't be nil")
}
return u
}
// String returns the string representation of the path with query string
func (o *GetUserPolicyURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *GetUserPolicyURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on GetUserPolicyURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on GetUserPolicyURL")
}
base, err := o.Build()
if err != nil {
return nil, err
}
base.Scheme = scheme
base.Host = host
return base, nil
}
// StringFull returns the string representation of a complete url
func (o *GetUserPolicyURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}