mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

access keys ui details improvement and edit (#3116)

Browse Source
This commit is contained in:
Prakash Senthil Vel
2023-11-22 09:38:23 +05:30
committed by GitHub
parent 04e9cb0ac8
commit e4d5f9610e
28 changed files with 1361 additions and 728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
integration/service_account_test.go
View File

@@ -28,7 +28,6 @@ import (
"github.com/go-openapi/swag"
iampolicy "github.com/minio/pkg/v2/policy"
"github.com/stretchr/testify/assert"
)
@@ -52,6 +51,21 @@ func TestAddServiceAccount(t *testing.T) {
requestDataAddServiceAccount := map[string]interface{}{
"accessKey": "testuser1",
"secretKey": "password",
"policy": `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}`,
}
requestDataJSON, _ := json.Marshal(requestDataAddServiceAccount)
@@ -75,75 +89,6 @@ func TestAddServiceAccount(t *testing.T) {
assert.Equal(201, response.StatusCode, "Status Code is incorrect")
}
requestDataPolicy := map[string]interface{}{
"policy": `
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}`,
}
requestDataJSON, _ = json.Marshal(requestDataPolicy)
requestDataBody = bytes.NewReader(requestDataJSON)
request, err = http.NewRequest(
"PUT", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", requestDataBody)
if err != nil {
log.Println(err)
return
}
request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
request.Header.Add("Content-Type", "application/json")
response, err = client.Do(request)
if err != nil {
log.Println(err)
return
}
if response != nil {
fmt.Println("POST StatusCode:", response.StatusCode)
assert.Equal(200, response.StatusCode, "Status Code is incorrect")
}
// Test policy
request, err = http.NewRequest(
"GET", "http://localhost:9090/api/v1/service-accounts/"+base64.StdEncoding.EncodeToString([]byte("testuser1"))+"/policy", nil)
if err != nil {
log.Println(err)
return
}
request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
request.Header.Add("Content-Type", "application/json")
response, err = client.Do(request)
if err != nil {
log.Println(err)
return
}
if response != nil {
fmt.Println("POST StatusCode:", response.StatusCode)
assert.Equal(200, response.StatusCode, "Status Code is incorrect")
buf := new(bytes.Buffer)
buf.ReadFrom(response.Body)
var actual *iampolicy.Policy
var expected *iampolicy.Policy
json.Unmarshal(buf.Bytes(), actual)
policy, err := json.Marshal(requestDataAddServiceAccount["policy"])
if err != nil {
log.Println(err)
return
}
json.Unmarshal(policy, expected)
assert.Equal(expected, actual)
}
// {{baseUrl}}/user?name=proident velit
// Investiga como se borra en el browser.
request, err = http.NewRequest(

85
models/service_account.go Normal file
View File

@@ -0,0 +1,85 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// ServiceAccount service account
//
// swagger:model serviceAccount
type ServiceAccount struct {
// account status
AccountStatus string `json:"accountStatus,omitempty"`
// description
Description string `json:"description,omitempty"`
// expiration
Expiration string `json:"expiration,omitempty"`
// implied policy
ImpliedPolicy bool `json:"impliedPolicy,omitempty"`
// name
Name string `json:"name,omitempty"`
// parent user
ParentUser string `json:"parentUser,omitempty"`
// policy
Policy string `json:"policy,omitempty"`
}
// Validate validates this service account
func (m *ServiceAccount) Validate(formats strfmt.Registry) error {
return nil
}
// ContextValidate validates this service account based on context it is used
func (m *ServiceAccount) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *ServiceAccount) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *ServiceAccount) UnmarshalBinary(b []byte) error {
var res ServiceAccount
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}

12
models/service_account_request.go
View File

@@ -34,6 +34,18 @@ import (
// swagger:model serviceAccountRequest
type ServiceAccountRequest struct {
// comment
Comment string `json:"comment,omitempty"`
// description
Description string `json:"description,omitempty"`
// expiry
Expiry string `json:"expiry,omitempty"`
// name
Name string `json:"name,omitempty"`
// policy to be applied to the Service Account if any
Policy string `json:"policy,omitempty"`
}

12
models/service_account_request_creds.go
View File

@@ -37,6 +37,18 @@ type ServiceAccountRequestCreds struct {
// access key
AccessKey string `json:"accessKey,omitempty"`
// comment
Comment string `json:"comment,omitempty"`
// description
Description string `json:"description,omitempty"`
// expiry
Expiry string `json:"expiry,omitempty"`
// name
Name string `json:"name,omitempty"`
// policy to be applied to the Service Account if any
Policy string `json:"policy,omitempty"`

37
models/add_service_account_policy_request.go → models/update_service_account_request.go
View File

@@ -31,18 +31,33 @@ import (
"github.com/go-openapi/validate"
)
// AddServiceAccountPolicyRequest add service account policy request
// UpdateServiceAccountRequest update service account request
//
// swagger:model addServiceAccountPolicyRequest
type AddServiceAccountPolicyRequest struct {
// swagger:model updateServiceAccountRequest
type UpdateServiceAccountRequest struct {
// description
Description string `json:"description,omitempty"`
// expiry
Expiry string `json:"expiry,omitempty"`
// name
Name string `json:"name,omitempty"`
// policy
// Required: true
Policy *string `json:"policy"`
// secret key
SecretKey string `json:"secretKey,omitempty"`
// status
Status string `json:"status,omitempty"`
}
// Validate validates this add service account policy request
func (m *AddServiceAccountPolicyRequest) Validate(formats strfmt.Registry) error {
// Validate validates this update service account request
func (m *UpdateServiceAccountRequest) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validatePolicy(formats); err != nil {
@@ -55,7 +70,7 @@ func (m *AddServiceAccountPolicyRequest) Validate(formats strfmt.Registry) error
return nil
}
func (m *AddServiceAccountPolicyRequest) validatePolicy(formats strfmt.Registry) error {
func (m *UpdateServiceAccountRequest) validatePolicy(formats strfmt.Registry) error {
if err := validate.Required("policy", "body", m.Policy); err != nil {
return err
@@ -64,13 +79,13 @@ func (m *AddServiceAccountPolicyRequest) validatePolicy(formats strfmt.Registry)
return nil
}
// ContextValidate validates this add service account policy request based on context it is used
func (m *AddServiceAccountPolicyRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
// ContextValidate validates this update service account request based on context it is used
func (m *UpdateServiceAccountRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
return nil
}
// MarshalBinary interface implementation
func (m *AddServiceAccountPolicyRequest) MarshalBinary() ([]byte, error) {
func (m *UpdateServiceAccountRequest) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
@@ -78,8 +93,8 @@ func (m *AddServiceAccountPolicyRequest) MarshalBinary() ([]byte, error) {
}
// UnmarshalBinary interface implementation
func (m *AddServiceAccountPolicyRequest) UnmarshalBinary(b []byte) error {
var res AddServiceAccountPolicyRequest
func (m *UpdateServiceAccountRequest) UnmarshalBinary(b []byte) error {
var res UpdateServiceAccountRequest
if err := swag.ReadJSON(b, &res); err != nil {
return err
}

90
portal-ui/src/api/consoleApi.ts
View File

@@ -214,8 +214,13 @@ export interface AddPolicyRequest {
policy: string;
}
export interface AddServiceAccountPolicyRequest {
export interface UpdateServiceAccountRequest {
policy: string;
secretKey?: string;
name?: string;
description?: string;
expiry?: string;
status?: string;
}
export interface ListPoliciesResponse {
@@ -727,6 +732,16 @@ export interface BulkUserGroups {
groups: string[];
}
export interface ServiceAccount {
parentUser?: string;
accountStatus?: string;
impliedPolicy?: boolean;
policy?: string;
name?: string;
description?: string;
expiration?: string;
}
export type ServiceAccounts = {
accountStatus?: string;
name?: string;
@@ -738,6 +753,10 @@ export type ServiceAccounts = {
export interface ServiceAccountRequest {
/** policy to be applied to the Service Account if any */
policy?: string;
name?: string;
description?: string;
expiry?: string;
comment?: string;
}
export interface ServiceAccountRequestCreds {
@@ -745,6 +764,10 @@ export interface ServiceAccountRequestCreds {
policy?: string;
accessKey?: string;
secretKey?: string;
name?: string;
description?: string;
expiry?: string;
comment?: string;
}
export interface ServiceAccountCreds {
@@ -1720,9 +1743,10 @@ export class HttpClient<SecurityDataType = unknown> {
? { "Content-Type": type }
: {}),
},
signal: cancelToken
? this.createAbortSignal(cancelToken)
: requestParams.signal,
signal:
(cancelToken
? this.createAbortSignal(cancelToken)
: requestParams.signal) || null,
body:
typeof body === "undefined" || body === null
? null
@@ -3052,23 +3076,6 @@ export class Api<
...params,
}),
/**
* No description
*
* @tags ServiceAccount
* @name DeleteServiceAccount
* @summary Delete Service Account
* @request DELETE:/service-accounts/{access_key}
* @secure
*/
deleteServiceAccount: (accessKey: string, params: RequestParams = {}) =>
this.request<void, ApiError>({
path: `/service-accounts/${accessKey}`,
method: "DELETE",
secure: true,
...params,
}),
/**
* No description
*
@@ -3094,14 +3101,14 @@ export class Api<
* No description
*
* @tags ServiceAccount
* @name GetServiceAccountPolicy
* @summary Get Service Account Policy
* @request GET:/service-accounts/{access_key}/policy
* @name GetServiceAccount
* @summary Get Service Account
* @request GET:/service-accounts/{access_key}
* @secure
*/
getServiceAccountPolicy: (accessKey: string, params: RequestParams = {}) =>
this.request<IamEntity, ApiError>({
path: `/service-accounts/${accessKey}/policy`,
getServiceAccount: (accessKey: string, params: RequestParams = {}) =>
this.request<ServiceAccount, ApiError>({
path: `/service-accounts/${accessKey}`,
method: "GET",
secure: true,
format: "json",
@@ -3112,24 +3119,41 @@ export class Api<
* No description
*
* @tags ServiceAccount
* @name SetServiceAccountPolicy
* @name UpdateServiceAccount
* @summary Set Service Account Policy
* @request PUT:/service-accounts/{access_key}/policy
* @request PUT:/service-accounts/{access_key}
* @secure
*/
setServiceAccountPolicy: (
updateServiceAccount: (
accessKey: string,
policy: AddServiceAccountPolicyRequest,
body: UpdateServiceAccountRequest,
params: RequestParams = {},
) =>
this.request<void, ApiError>({
path: `/service-accounts/${accessKey}/policy`,
path: `/service-accounts/${accessKey}`,
method: "PUT",
body: policy,
body: body,
secure: true,
type: ContentType.Json,
...params,
}),
/**
* No description
*
* @tags ServiceAccount
* @name DeleteServiceAccount
* @summary Delete Service Account
* @request DELETE:/service-accounts/{access_key}
* @secure
*/
deleteServiceAccount: (accessKey: string, params: RequestParams = {}) =>
this.request<void, ApiError>({
path: `/service-accounts/${accessKey}`,
method: "DELETE",
secure: true,
...params,
}),
};
serviceAccountCredentials = {
/**

26
portal-ui/src/screens/Console/Account/Account.tsx
View File

@@ -37,7 +37,7 @@ import withSuspense from "../Common/Components/withSuspense";
import { selectSAs } from "../Configurations/utils";
import DeleteMultipleServiceAccounts from "../Users/DeleteMultipleServiceAccounts";
import ServiceAccountPolicy from "./ServiceAccountPolicy";
import EditServiceAccount from "./EditServiceAccount";
import { selFeatures } from "../consoleSlice";
import TooltipWrapper from "../Common/TooltipWrapper/TooltipWrapper";
@@ -82,7 +82,7 @@ const Account = () => {
useState<boolean>(false);
const [selectedSAs, setSelectedSAs] = useState<string[]>([]);
const [deleteMultipleOpen, setDeleteMultipleOpen] = useState<boolean>(false);
const [policyOpen, setPolicyOpen] = useState<boolean>(false);
const [isEditOpen, setIsEditOpen] = useState<boolean>(false);
const userIDP = (features && features.includes("external-idp")) || false;
@@ -137,13 +137,13 @@ const Account = () => {
}
};
const policyModalOpen = (selectedServiceAccount: string) => {
const editModalOpen = (selectedServiceAccount: string) => {
setSelectedServiceAccount(selectedServiceAccount);
setPolicyOpen(true);
setIsEditOpen(true);
};
const closePolicyModal = () => {
setPolicyOpen(false);
setIsEditOpen(false);
setLoading(true);
};
@@ -157,7 +157,7 @@ const Account = () => {
type: "view",
onClick: (value: any) => {
if (value) {
policyModalOpen(value.accessKey);
editModalOpen(value.accessKey);
}
},
},
@@ -169,6 +169,14 @@ const Account = () => {
}
},
},
{
type: "edit",
onClick: (value: any) => {
if (value) {
editModalOpen(value.accessKey);
}
},
},
];
const filteredRecords = records.filter(
@@ -195,9 +203,9 @@ const Account = () => {
/>
)}
{policyOpen && (
<ServiceAccountPolicy
open={policyOpen}
{isEditOpen && (
<EditServiceAccount
open={isEditOpen}
selectedAccessKey={selectedServiceAccount}
closeModalAndRefresh={closePolicyModal}
/>

91
portal-ui/src/screens/Console/Account/AddServiceAccountScreen.tsx
View File

@@ -29,6 +29,7 @@ import {
Switch,
ServiceAccountIcon,
HelpTip,
DateTimeInput,
} from "mds";
import { modalStyleUtils } from "../Common/FormComponents/common/styleLibrary";
import { NewServiceAccount } from "../Common/CredentialsPrompt/types";
@@ -59,6 +60,11 @@ const AddServiceAccount = () => {
useState<NewServiceAccount | null>(null);
const [policyJSON, setPolicyJSON] = useState<string>("");
const [name, setName] = useState<string>("");
const [description, setDescription] = useState<string>("");
const [comments, setComments] = useState<string>("");
const [expiry, setExpiry] = useState<any>();
useEffect(() => {
dispatch(setHelpName("add_service_account"));
// eslint-disable-next-line react-hooks/exhaustive-deps
@@ -66,12 +72,17 @@ const AddServiceAccount = () => {
useEffect(() => {
if (addSending) {
const expiryDt = expiry ? expiry.toJSDate().toISOString() : null;
api.serviceAccountCredentials
.createServiceAccountCreds(
{
policy: policyJSON,
accessKey: accessKey,
secretKey: secretKey,
description: description,
comment: comments,
name: name,
expiry: expiryDt,
},
{ type: ContentType.Json },
)
@@ -89,7 +100,18 @@ const AddServiceAccount = () => {
dispatch(setErrorSnackMessage(errorToHandler(res.error)));
});
}
}, [addSending, setAddSending, dispatch, policyJSON, accessKey, secretKey]);
}, [
addSending,
setAddSending,
dispatch,
policyJSON,
accessKey,
secretKey,
name,
description,
expiry,
comments,
]);
useEffect(() => {
if (isRestrictedByPolicy) {
@@ -221,6 +243,73 @@ const AddServiceAccount = () => {
</Grid>
</Grid>
)}
<Grid
xs={12}
sx={{
display: "flex",
alignItems: "center",
justifyContent: "start",
fontWeight: 600,
color: "rgb(7, 25, 62)",
gap: 2,
marginBottom: "15px",
marginTop: "15px",
}}
>
<Box
sx={{
marginTop: "15px",
width: "100%",
"& label": { width: "180px" },
}}
>
<DateTimeInput
noLabelMinWidth
value={expiry}
onChange={(e) => {
setExpiry(e);
}}
id="expiryTime"
label={"Expiry"}
timeFormat={"24h"}
secondsSelector={false}
/>
</Box>
</Grid>
<InputBox
value={name}
label={"Name"}
id={"name"}
name={"name"}
type={"text"}
placeholder={"Enter a name"}
onChange={(e) => {
setName(e.target.value);
}}
/>
<InputBox
value={description}
label={"Description"}
id={"description"}
name={"description"}
type={"text"}
placeholder={"Enter a description"}
onChange={(e) => {
setDescription(e.target.value);
}}
/>
<InputBox
value={comments}
label={"Comments"}
id={"comment"}
name={"comment"}
type={"text"}
placeholder={"Enter a comment"}
onChange={(e) => {
setComments(e.target.value);
}}
/>
<Grid item xs={12} sx={{ ...modalStyleUtils.modalButtonBar }}>
<Button
id={"clear"}

141
portal-ui/src/screens/Console/Account/ServiceAccountPolicy.tsx → portal-ui/src/screens/Console/Account/EditServiceAccount.tsx
View File

@@ -15,7 +15,15 @@
// along with this program. If not, see <http://www.gnu.org/licenses/>.
import React, { useEffect, useState, Fragment } from "react";
import { Button, ChangeAccessPolicyIcon, Grid } from "mds";
import {
Box,
Button,
ChangeAccessPolicyIcon,
DateTimeInput,
Grid,
InputBox,
Switch,
} from "mds";
import { api } from "api";
import { errorToHandler } from "api/errors";
import CodeMirrorWrapper from "../Common/FormComponents/CodeMirrorWrapper/CodeMirrorWrapper";
@@ -25,6 +33,7 @@ import { encodeURLString } from "common/utils";
import { setErrorSnackMessage, setModalErrorSnackMessage } from "systemSlice";
import ModalWrapper from "../Common/ModalWrapper/ModalWrapper";
import { modalStyleUtils } from "../Common/FormComponents/common/styleLibrary";
import { DateTime } from "luxon";
interface IServiceAccountPolicyProps {
open: boolean;
@@ -32,23 +41,40 @@ interface IServiceAccountPolicyProps {
closeModalAndRefresh: () => void;
}
const ServiceAccountPolicy = ({
const EditServiceAccount = ({
open,
selectedAccessKey,
closeModalAndRefresh,
}: IServiceAccountPolicyProps) => {
const dispatch = useAppDispatch();
const [loading, setLoading] = useState<boolean>(false);
const [policyDefinition, setPolicyDefinition] = useState<string>("");
const [policyDefinition, setPolicyDefinition] = useState<any>("");
const [name, setName] = useState<string>("");
const [description, setDescription] = useState<string>("");
const [expiry, setExpiry] = useState<any>();
const [status, setStatus] = useState<string | undefined>("enabled");
useEffect(() => {
if (!loading && selectedAccessKey !== "") {
const sourceAccKey = encodeURLString(selectedAccessKey);
setLoading(true);
api.serviceAccounts
.getServiceAccountPolicy(sourceAccKey)
.getServiceAccount(sourceAccKey)
.then((res) => {
setLoading(false);
setPolicyDefinition(res.data);
const saInfo = res.data;
setName(saInfo?.name || "");
if (saInfo?.expiration) {
setExpiry(DateTime.fromISO(saInfo?.expiration));
}
setDescription(saInfo?.description || "");
setStatus(saInfo.accountStatus);
setPolicyDefinition(saInfo.policy || "");
})
.catch((err) => {
setLoading(false);
@@ -61,8 +87,12 @@ const ServiceAccountPolicy = ({
const setPolicy = (event: React.FormEvent, newPolicy: string) => {
event.preventDefault();
api.serviceAccounts
.setServiceAccountPolicy(encodeURLString(selectedAccessKey), {
.updateServiceAccount(encodeURLString(selectedAccessKey), {
policy: newPolicy,
description: description,
expiry: expiry,
name: name,
status: status,
})
.then(() => {
closeModalAndRefresh();
@@ -75,7 +105,7 @@ const ServiceAccountPolicy = ({
return (
<ModalWrapper
title="Access Key Policy"
title={`Edit details of - ${selectedAccessKey}`}
modalOpen={open}
onClose={() => {
closeModalAndRefresh();
@@ -110,6 +140,99 @@ const ServiceAccountPolicy = ({
}
/>
</Grid>
<Box
sx={{
marginBottom: "15px",
marginTop: "15px",
display: "flex",
width: "100%",
"& label": { width: "195px" },
}}
>
<DateTimeInput
noLabelMinWidth
value={expiry}
onChange={(e) => {
setExpiry(e);
}}
id="expiryTime"
label={"Expiry"}
timeFormat={"24h"}
secondsSelector={false}
/>
</Box>
<Grid
xs={12}
sx={{
marginBottom: "15px",
}}
>
<InputBox
value={name}
size={120}
label={"Name"}
id={"name"}
name={"name"}
type={"text"}
placeholder={"Enter a name"}
onChange={(e) => {
setName(e.target.value);
}}
/>
</Grid>
<Grid
xs={12}
sx={{
marginBottom: "15px",
}}
>
<InputBox
size={120}
value={description}
label={"Description"}
id={"description"}
name={"description"}
type={"text"}
placeholder={"Enter a description"}
onChange={(e) => {
setDescription(e.target.value);
}}
/>
</Grid>
<Grid
xs={12}
sx={{
display: "flex",
alignItems: "center",
justifyContent: "start",
fontWeight: 600,
color: "rgb(7, 25, 62)",
gap: 2,
marginBottom: "15px",
}}
>
<label style={{ width: "150px" }}>Status</label>
<Box
sx={{
padding: "2px",
}}
>
<Switch
style={{
gap: "115px",
}}
indicatorLabels={["Enabled", "Disabled"]}
checked={status === "on"}
id="saStatus"
name="saStatus"
label=""
onChange={(e) => {
setStatus(e.target.checked ? "on" : "off");
}}
value="yes"
/>
</Box>
</Grid>
<Grid item xs={12} sx={modalStyleUtils.modalButtonBar}>
<Button
id={"cancel-sa-policy"}
@@ -127,7 +250,7 @@ const ServiceAccountPolicy = ({
variant="callAction"
color="primary"
disabled={loading}
label={"Set"}
label={"Update"}
/>
</Grid>
</Grid>
@@ -136,4 +259,4 @@ const ServiceAccountPolicy = ({
);
};
export default ServiceAccountPolicy;
export default EditServiceAccount;

71
portal-ui/src/screens/Console/Users/AddUserServiceAccountScreen.tsx
View File

@@ -29,6 +29,7 @@ import {
ServiceAccountIcon,
Switch,
HelpTip,
DateTimeInput,
} from "mds";
import { modalStyleUtils } from "../Common/FormComponents/common/styleLibrary";
import { NewServiceAccount } from "../Common/CredentialsPrompt/types";
@@ -65,8 +66,14 @@ const AddServiceAccount = () => {
const userName = decodeURLString(params.userName || "");
const [name, setName] = useState<string>("");
const [description, setDescription] = useState<string>("");
const [comments, setComments] = useState<string>("");
const [expiry, setExpiry] = useState<any>();
useEffect(() => {
if (addSending) {
const expiryDt = expiry ? expiry.toJSDate().toISOString() : null;
api
.invoke(
"POST",
@@ -77,6 +84,10 @@ const AddServiceAccount = () => {
policy: policyJSON,
accessKey: accessKey,
secretKey: secretKey,
description: description,
comment: comments,
name: name,
expiry: expiryDt,
},
)
.then((res) => {
@@ -100,6 +111,10 @@ const AddServiceAccount = () => {
userName,
accessKey,
secretKey,
name,
description,
expiry,
comments,
]);
useEffect(() => {
@@ -198,6 +213,7 @@ const AddServiceAccount = () => {
}}
startIcon={<PasswordKeyIcon />}
/>
<Switch
value="serviceAccountPolicy"
id="serviceAccountPolicy"
@@ -254,6 +270,61 @@ const AddServiceAccount = () => {
</Grid>
</Grid>
)}
<Box
sx={{
marginBottom: "15px",
marginTop: "15px",
width: "100%",
"& label": { width: "180px" },
}}
>
<DateTimeInput
noLabelMinWidth
value={expiry}
onChange={(e) => {
setExpiry(e);
}}
id="expiryTime"
label={"Expiry"}
timeFormat={"24h"}
secondsSelector={false}
/>
</Box>
<InputBox
value={name}
label={"Name"}
id={"name"}
name={"name"}
type={"text"}
placeholder={"Enter a name"}
onChange={(e) => {
setName(e.target.value);
}}
/>
<InputBox
value={description}
label={"Description"}
id={"description"}
name={"description"}
type={"text"}
placeholder={"Enter a description"}
onChange={(e) => {
setDescription(e.target.value);
}}
/>
<InputBox
value={comments}
label={"Comments"}
id={"comment"}
name={"comment"}
type={"text"}
placeholder={"Enter a comment"}
onChange={(e) => {
setComments(e.target.value);
}}
/>
<Grid item xs={12} sx={{ ...modalStyleUtils.modalButtonBar }}>
<Button
id={"clear"}

26
portal-ui/src/screens/Console/Users/UserServiceAccountsPanel.tsx
View File

@@ -25,7 +25,7 @@ import CredentialsPrompt from "../Common/CredentialsPrompt/CredentialsPrompt";
import DeleteMultipleServiceAccounts from "./DeleteMultipleServiceAccounts";
import { selectSAs } from "../Configurations/utils";
import ServiceAccountPolicy from "../Account/ServiceAccountPolicy";
import EditServiceAccount from "../Account/EditServiceAccount";
import {
CONSOLE_UI_RESOURCE,
IAM_SCOPES,
@@ -66,7 +66,7 @@ const UserServiceAccountsPanel = ({
useState<NewServiceAccount | null>(null);
const [selectedSAs, setSelectedSAs] = useState<string[]>([]);
const [deleteMultipleOpen, setDeleteMultipleOpen] = useState<boolean>(false);
const [policyOpen, setPolicyOpen] = useState<boolean>(false);
const [editOpen, setEditOpen] = useState<boolean>(false);
useEffect(() => {
fetchRecords();
@@ -114,9 +114,9 @@ const UserServiceAccountsPanel = ({
setNewServiceAccount(null);
};
const policyModalOpen = (selectedServiceAccount: string) => {
const editModalOpen = (selectedServiceAccount: string) => {
setSelectedServiceAccount(selectedServiceAccount);
setPolicyOpen(true);
setEditOpen(true);
};
const confirmDeleteServiceAccount = (selectedServiceAccount: string) => {
@@ -125,7 +125,7 @@ const UserServiceAccountsPanel = ({
};
const closePolicyModal = () => {
setPolicyOpen(false);
setEditOpen(false);
setLoading(true);
};
@@ -134,7 +134,7 @@ const UserServiceAccountsPanel = ({
type: "view",
onClick: (value: any) => {
if (value) {
policyModalOpen(value.accessKey);
editModalOpen(value.accessKey);
}
},
},
@@ -146,6 +146,14 @@ const UserServiceAccountsPanel = ({
}
},
},
{
type: "edit",
onClick: (value: any) => {
if (value) {
editModalOpen(value.accessKey);
}
},
},
];
useEffect(() => {
@@ -181,9 +189,9 @@ const UserServiceAccountsPanel = ({
entity="Access Key"
/>
)}
{policyOpen && (
<ServiceAccountPolicy
open={policyOpen}
{editOpen && (
<EditServiceAccount
open={editOpen}
selectedAccessKey={selectedServiceAccount}
closeModalAndRefresh={closePolicyModal}
/>

6
restapi/admin_client_mock.go
View File

@@ -80,7 +80,7 @@ var (
minioSetUserStatusMock func(accessKey string, status madmin.AccountStatus) error
minioAccountInfoMock func(ctx context.Context) (madmin.AccountInfo, error)
minioAddServiceAccountMock func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
minioAddServiceAccountMock func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, description string, name string, expiry *time.Time, status string) (madmin.Credentials, error)
minioListServiceAccountsMock func(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
minioDeleteServiceAccountMock func(ctx context.Context, serviceAccount string) error
minioInfoServiceAccountMock func(ctx context.Context, serviceAccount string) (madmin.InfoServiceAccountResp, error)
@@ -377,8 +377,8 @@ func (ac AdminClientMock) AccountInfo(ctx context.Context) (madmin.AccountInfo,
return minioAccountInfoMock(ctx)
}
func (ac AdminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
return minioAddServiceAccountMock(ctx, policy, user, accessKey, secretKey)
func (ac AdminClientMock) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, description string, name string, expiry *time.Time, status string) (madmin.Credentials, error) {
return minioAddServiceAccountMock(ctx, policy, user, accessKey, secretKey, description, name, expiry, status)
}
func (ac AdminClientMock) listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error) {

16
restapi/client-admin.go
View File

@@ -70,7 +70,7 @@ type MinioAdmin interface {
heal(ctx context.Context, bucket, prefix string, healOpts madmin.HealOpts, clientToken string,
forceStart, forceStop bool) (healStart madmin.HealStartSuccess, healTaskStatus madmin.HealTaskStatus, err error)
// Service Accounts
addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error)
addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error)
listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
deleteServiceAccount(ctx context.Context, serviceAccount string) error
infoServiceAccount(ctx context.Context, serviceAccount string) (madmin.InfoServiceAccountResp, error)
@@ -305,16 +305,20 @@ func (ac AdminClient) getLogs(ctx context.Context, node string, lineCnt int, log
}
// implements madmin.AddServiceAccount()
func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
func (ac AdminClient) addServiceAccount(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error) {
buf, err := json.Marshal(policy)
if err != nil {
return madmin.Credentials{}, err
}
return ac.Client.AddServiceAccount(ctx, madmin.AddServiceAccountReq{
Policy: buf,
TargetUser: user,
AccessKey: accessKey,
SecretKey: secretKey,
Policy: buf,
TargetUser: user,
AccessKey: accessKey,
SecretKey: secretKey,
Name: name,
Description: description,
Expiration: expiry,
Comment: comment,
})
}

430
restapi/embedded_spec.go
View File

@@ -4452,6 +4452,69 @@ func init() {
}
},
"/service-accounts/{access_key}": {
"get": {
"tags": [
"ServiceAccount"
],
"summary": "Get Service Account",
"operationId": "GetServiceAccount",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccount"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"put": {
"tags": [
"ServiceAccount"
],
"summary": "Set Service Account Policy",
"operationId": "UpdateServiceAccount",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/updateServiceAccountRequest"
}
}
],
"responses": {
"200": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"delete": {
"tags": [
"ServiceAccount"
@@ -4479,71 +4542,6 @@ func init() {
}
}
},
"/service-accounts/{access_key}/policy": {
"get": {
"tags": [
"ServiceAccount"
],
"summary": "Get Service Account Policy",
"operationId": "GetServiceAccountPolicy",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "string"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"put": {
"tags": [
"ServiceAccount"
],
"summary": "Set Service Account Policy",
"operationId": "SetServiceAccountPolicy",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
},
{
"name": "policy",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/addServiceAccountPolicyRequest"
}
}
],
"responses": {
"200": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
}
},
"/service/restart": {
"post": {
"tags": [
@@ -5546,17 +5544,6 @@ func init() {
}
}
},
"addServiceAccountPolicyRequest": {
"type": "object",
"required": [
"policy"
],
"properties": {
"policy": {
"type": "string"
}
}
},
"addUserRequest": {
"type": "object",
"required": [
@@ -8071,6 +8058,32 @@ func init() {
}
}
},
"serviceAccount": {
"type": "object",
"properties": {
"accountStatus": {
"type": "string"
},
"description": {
"type": "string"
},
"expiration": {
"type": "string"
},
"impliedPolicy": {
"type": "boolean"
},
"name": {
"type": "string"
},
"parentUser": {
"type": "string"
},
"policy": {
"type": "string"
}
}
},
"serviceAccountCreds": {
"type": "object",
"properties": {
@@ -8088,6 +8101,18 @@ func init() {
"serviceAccountRequest": {
"type": "object",
"properties": {
"comment": {
"type": "string"
},
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
@@ -8100,6 +8125,18 @@ func init() {
"accessKey": {
"type": "string"
},
"comment": {
"type": "string"
},
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
@@ -8861,6 +8898,32 @@ func init() {
}
}
},
"updateServiceAccountRequest": {
"type": "object",
"required": [
"policy"
],
"properties": {
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string"
},
"secretKey": {
"type": "string"
},
"status": {
"type": "string"
}
}
},
"updateUser": {
"type": "object",
"required": [
@@ -13571,6 +13634,69 @@ func init() {
}
},
"/service-accounts/{access_key}": {
"get": {
"tags": [
"ServiceAccount"
],
"summary": "Get Service Account",
"operationId": "GetServiceAccount",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"$ref": "#/definitions/serviceAccount"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"put": {
"tags": [
"ServiceAccount"
],
"summary": "Set Service Account Policy",
"operationId": "UpdateServiceAccount",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
},
{
"name": "body",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/updateServiceAccountRequest"
}
}
],
"responses": {
"200": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"delete": {
"tags": [
"ServiceAccount"
@@ -13598,71 +13724,6 @@ func init() {
}
}
},
"/service-accounts/{access_key}/policy": {
"get": {
"tags": [
"ServiceAccount"
],
"summary": "Get Service Account Policy",
"operationId": "GetServiceAccountPolicy",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"description": "A successful response.",
"schema": {
"type": "string"
}
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
},
"put": {
"tags": [
"ServiceAccount"
],
"summary": "Set Service Account Policy",
"operationId": "SetServiceAccountPolicy",
"parameters": [
{
"type": "string",
"name": "access_key",
"in": "path",
"required": true
},
{
"name": "policy",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/addServiceAccountPolicyRequest"
}
}
],
"responses": {
"200": {
"description": "A successful response."
},
"default": {
"description": "Generic error response.",
"schema": {
"$ref": "#/definitions/ApiError"
}
}
}
}
},
"/service/restart": {
"post": {
"tags": [
@@ -14827,17 +14888,6 @@ func init() {
}
}
},
"addServiceAccountPolicyRequest": {
"type": "object",
"required": [
"policy"
],
"properties": {
"policy": {
"type": "string"
}
}
},
"addUserRequest": {
"type": "object",
"required": [
@@ -17347,6 +17397,32 @@ func init() {
}
}
},
"serviceAccount": {
"type": "object",
"properties": {
"accountStatus": {
"type": "string"
},
"description": {
"type": "string"
},
"expiration": {
"type": "string"
},
"impliedPolicy": {
"type": "boolean"
},
"name": {
"type": "string"
},
"parentUser": {
"type": "string"
},
"policy": {
"type": "string"
}
}
},
"serviceAccountCreds": {
"type": "object",
"properties": {
@@ -17364,6 +17440,18 @@ func init() {
"serviceAccountRequest": {
"type": "object",
"properties": {
"comment": {
"type": "string"
},
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
@@ -17376,6 +17464,18 @@ func init() {
"accessKey": {
"type": "string"
},
"comment": {
"type": "string"
},
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string",
"title": "policy to be applied to the Service Account if any"
@@ -18120,6 +18220,32 @@ func init() {
}
}
},
"updateServiceAccountRequest": {
"type": "object",
"required": [
"policy"
],
"properties": {
"description": {
"type": "string"
},
"expiry": {
"type": "string"
},
"name": {
"type": "string"
},
"policy": {
"type": "string"
},
"secretKey": {
"type": "string"
},
"status": {
"type": "string"
}
}
},
"updateUser": {
"type": "object",
"required": [

38
restapi/operations/console_api.go
View File

@@ -265,8 +265,8 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
PolicyGetSAUserPolicyHandler: policy.GetSAUserPolicyHandlerFunc(func(params policy.GetSAUserPolicyParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation policy.GetSAUserPolicy has not yet been implemented")
}),
ServiceAccountGetServiceAccountPolicyHandler: service_account.GetServiceAccountPolicyHandlerFunc(func(params service_account.GetServiceAccountPolicyParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation service_account.GetServiceAccountPolicy has not yet been implemented")
ServiceAccountGetServiceAccountHandler: service_account.GetServiceAccountHandlerFunc(func(params service_account.GetServiceAccountParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation service_account.GetServiceAccount has not yet been implemented")
}),
SiteReplicationGetSiteReplicationInfoHandler: site_replication.GetSiteReplicationInfoHandlerFunc(func(params site_replication.GetSiteReplicationInfoParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation site_replication.GetSiteReplicationInfo has not yet been implemented")
@@ -502,9 +502,6 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
PolicySetPolicyMultipleHandler: policy.SetPolicyMultipleHandlerFunc(func(params policy.SetPolicyMultipleParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation policy.SetPolicyMultiple has not yet been implemented")
}),
ServiceAccountSetServiceAccountPolicyHandler: service_account.SetServiceAccountPolicyHandlerFunc(func(params service_account.SetServiceAccountPolicyParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation service_account.SetServiceAccountPolicy has not yet been implemented")
}),
ObjectShareObjectHandler: object.ShareObjectHandlerFunc(func(params object.ShareObjectParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation object.ShareObject has not yet been implemented")
}),
@@ -550,6 +547,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
BucketUpdateMultiBucketReplicationHandler: bucket.UpdateMultiBucketReplicationHandlerFunc(func(params bucket.UpdateMultiBucketReplicationParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation bucket.UpdateMultiBucketReplication has not yet been implemented")
}),
ServiceAccountUpdateServiceAccountHandler: service_account.UpdateServiceAccountHandlerFunc(func(params service_account.UpdateServiceAccountParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation service_account.UpdateServiceAccount has not yet been implemented")
}),
UserUpdateUserGroupsHandler: user.UpdateUserGroupsHandlerFunc(func(params user.UpdateUserGroupsParams, principal *models.Principal) middleware.Responder {
return middleware.NotImplemented("operation user.UpdateUserGroups has not yet been implemented")
}),
@@ -740,8 +740,8 @@ type ConsoleAPI struct {
ObjectGetObjectMetadataHandler object.GetObjectMetadataHandler
// PolicyGetSAUserPolicyHandler sets the operation handler for the get s a user policy operation
PolicyGetSAUserPolicyHandler policy.GetSAUserPolicyHandler
// ServiceAccountGetServiceAccountPolicyHandler sets the operation handler for the get service account policy operation
ServiceAccountGetServiceAccountPolicyHandler service_account.GetServiceAccountPolicyHandler
// ServiceAccountGetServiceAccountHandler sets the operation handler for the get service account operation
ServiceAccountGetServiceAccountHandler service_account.GetServiceAccountHandler
// SiteReplicationGetSiteReplicationInfoHandler sets the operation handler for the get site replication info operation
SiteReplicationGetSiteReplicationInfoHandler site_replication.GetSiteReplicationInfoHandler
// SiteReplicationGetSiteReplicationStatusHandler sets the operation handler for the get site replication status operation
@@ -898,8 +898,6 @@ type ConsoleAPI struct {
PolicySetPolicyHandler policy.SetPolicyHandler
// PolicySetPolicyMultipleHandler sets the operation handler for the set policy multiple operation
PolicySetPolicyMultipleHandler policy.SetPolicyMultipleHandler
// ServiceAccountSetServiceAccountPolicyHandler sets the operation handler for the set service account policy operation
ServiceAccountSetServiceAccountPolicyHandler service_account.SetServiceAccountPolicyHandler
// ObjectShareObjectHandler sets the operation handler for the share object operation
ObjectShareObjectHandler object.ShareObjectHandler
// SiteReplicationSiteReplicationEditHandler sets the operation handler for the site replication edit operation
@@ -930,6 +928,8 @@ type ConsoleAPI struct {
GroupUpdateGroupHandler group.UpdateGroupHandler
// BucketUpdateMultiBucketReplicationHandler sets the operation handler for the update multi bucket replication operation
BucketUpdateMultiBucketReplicationHandler bucket.UpdateMultiBucketReplicationHandler
// ServiceAccountUpdateServiceAccountHandler sets the operation handler for the update service account operation
ServiceAccountUpdateServiceAccountHandler service_account.UpdateServiceAccountHandler
// UserUpdateUserGroupsHandler sets the operation handler for the update user groups operation
UserUpdateUserGroupsHandler user.UpdateUserGroupsHandler
// UserUpdateUserInfoHandler sets the operation handler for the update user info operation
@@ -1204,8 +1204,8 @@ func (o *ConsoleAPI) Validate() error {
if o.PolicyGetSAUserPolicyHandler == nil {
unregistered = append(unregistered, "policy.GetSAUserPolicyHandler")
}
if o.ServiceAccountGetServiceAccountPolicyHandler == nil {
unregistered = append(unregistered, "service_account.GetServiceAccountPolicyHandler")
if o.ServiceAccountGetServiceAccountHandler == nil {
unregistered = append(unregistered, "service_account.GetServiceAccountHandler")
}
if o.SiteReplicationGetSiteReplicationInfoHandler == nil {
unregistered = append(unregistered, "site_replication.GetSiteReplicationInfoHandler")
@@ -1441,9 +1441,6 @@ func (o *ConsoleAPI) Validate() error {
if o.PolicySetPolicyMultipleHandler == nil {
unregistered = append(unregistered, "policy.SetPolicyMultipleHandler")
}
if o.ServiceAccountSetServiceAccountPolicyHandler == nil {
unregistered = append(unregistered, "service_account.SetServiceAccountPolicyHandler")
}
if o.ObjectShareObjectHandler == nil {
unregistered = append(unregistered, "object.ShareObjectHandler")
}
@@ -1489,6 +1486,9 @@ func (o *ConsoleAPI) Validate() error {
if o.BucketUpdateMultiBucketReplicationHandler == nil {
unregistered = append(unregistered, "bucket.UpdateMultiBucketReplicationHandler")
}
if o.ServiceAccountUpdateServiceAccountHandler == nil {
unregistered = append(unregistered, "service_account.UpdateServiceAccountHandler")
}
if o.UserUpdateUserGroupsHandler == nil {
unregistered = append(unregistered, "user.UpdateUserGroupsHandler")
}
@@ -1844,7 +1844,7 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
o.handlers["GET"]["/service-accounts/{access_key}/policy"] = service_account.NewGetServiceAccountPolicy(o.context, o.ServiceAccountGetServiceAccountPolicyHandler)
o.handlers["GET"]["/service-accounts/{access_key}"] = service_account.NewGetServiceAccount(o.context, o.ServiceAccountGetServiceAccountHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
@@ -2157,10 +2157,6 @@ func (o *ConsoleAPI) initHandlerCache() {
o.handlers["PUT"] = make(map[string]http.Handler)
}
o.handlers["PUT"]["/set-policy-multi"] = policy.NewSetPolicyMultiple(o.context, o.PolicySetPolicyMultipleHandler)
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)
}
o.handlers["PUT"]["/service-accounts/{access_key}/policy"] = service_account.NewSetServiceAccountPolicy(o.context, o.ServiceAccountSetServiceAccountPolicyHandler)
if o.handlers["GET"] == nil {
o.handlers["GET"] = make(map[string]http.Handler)
}
@@ -2224,6 +2220,10 @@ func (o *ConsoleAPI) initHandlerCache() {
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)
}
o.handlers["PUT"]["/service-accounts/{access_key}"] = service_account.NewUpdateServiceAccount(o.context, o.ServiceAccountUpdateServiceAccountHandler)
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)
}
o.handlers["PUT"]["/user/{name}/groups"] = user.NewUpdateUserGroups(o.context, o.UserUpdateUserGroupsHandler)
if o.handlers["PUT"] == nil {
o.handlers["PUT"] = make(map[string]http.Handler)

30
restapi/operations/service_account/get_service_account_policy.go → restapi/operations/service_account/get_service_account.go
View File

@@ -30,40 +30,40 @@ import (
"github.com/minio/console/models"
)
// GetServiceAccountPolicyHandlerFunc turns a function with the right signature into a get service account policy handler
type GetServiceAccountPolicyHandlerFunc func(GetServiceAccountPolicyParams, *models.Principal) middleware.Responder
// GetServiceAccountHandlerFunc turns a function with the right signature into a get service account handler
type GetServiceAccountHandlerFunc func(GetServiceAccountParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn GetServiceAccountPolicyHandlerFunc) Handle(params GetServiceAccountPolicyParams, principal *models.Principal) middleware.Responder {
func (fn GetServiceAccountHandlerFunc) Handle(params GetServiceAccountParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// GetServiceAccountPolicyHandler interface for that can handle valid get service account policy params
type GetServiceAccountPolicyHandler interface {
Handle(GetServiceAccountPolicyParams, *models.Principal) middleware.Responder
// GetServiceAccountHandler interface for that can handle valid get service account params
type GetServiceAccountHandler interface {
Handle(GetServiceAccountParams, *models.Principal) middleware.Responder
}
// NewGetServiceAccountPolicy creates a new http.Handler for the get service account policy operation
func NewGetServiceAccountPolicy(ctx *middleware.Context, handler GetServiceAccountPolicyHandler) *GetServiceAccountPolicy {
return &GetServiceAccountPolicy{Context: ctx, Handler: handler}
// NewGetServiceAccount creates a new http.Handler for the get service account operation
func NewGetServiceAccount(ctx *middleware.Context, handler GetServiceAccountHandler) *GetServiceAccount {
return &GetServiceAccount{Context: ctx, Handler: handler}
}
/*
GetServiceAccountPolicy swagger:route GET /service-accounts/{access_key}/policy ServiceAccount getServiceAccountPolicy
GetServiceAccount swagger:route GET /service-accounts/{access_key} ServiceAccount getServiceAccount
Get Service Account Policy
Get Service Account
*/
type GetServiceAccountPolicy struct {
type GetServiceAccount struct {
Context *middleware.Context
Handler GetServiceAccountPolicyHandler
Handler GetServiceAccountHandler
}
func (o *GetServiceAccountPolicy) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
func (o *GetServiceAccount) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewGetServiceAccountPolicyParams()
var Params = NewGetServiceAccountParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)

18
restapi/operations/service_account/get_service_account_policy_parameters.go → restapi/operations/service_account/get_service_account_parameters.go
View File

@@ -30,19 +30,19 @@ import (
"github.com/go-openapi/strfmt"
)
// NewGetServiceAccountPolicyParams creates a new GetServiceAccountPolicyParams object
// NewGetServiceAccountParams creates a new GetServiceAccountParams object
//
// There are no default values defined in the spec.
func NewGetServiceAccountPolicyParams() GetServiceAccountPolicyParams {
func NewGetServiceAccountParams() GetServiceAccountParams {
return GetServiceAccountPolicyParams{}
return GetServiceAccountParams{}
}
// GetServiceAccountPolicyParams contains all the bound params for the get service account policy operation
// GetServiceAccountParams contains all the bound params for the get service account operation
// typically these are obtained from a http.Request
//
// swagger:parameters GetServiceAccountPolicy
type GetServiceAccountPolicyParams struct {
// swagger:parameters GetServiceAccount
type GetServiceAccountParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
@@ -57,8 +57,8 @@ type GetServiceAccountPolicyParams struct {
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewGetServiceAccountPolicyParams() beforehand.
func (o *GetServiceAccountPolicyParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
// To ensure default values, the struct must have been initialized with NewGetServiceAccountParams() beforehand.
func (o *GetServiceAccountParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
@@ -74,7 +74,7 @@ func (o *GetServiceAccountPolicyParams) BindRequest(r *http.Request, route *midd
}
// bindAccessKey binds and validates parameter AccessKey from path.
func (o *GetServiceAccountPolicyParams) bindAccessKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
func (o *GetServiceAccountParams) bindAccessKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]

133
restapi/operations/service_account/get_service_account_policy_responses.go
View File

@@ -1,133 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package service_account
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// GetServiceAccountPolicyOKCode is the HTTP code returned for type GetServiceAccountPolicyOK
const GetServiceAccountPolicyOKCode int = 200
/*
GetServiceAccountPolicyOK A successful response.
swagger:response getServiceAccountPolicyOK
*/
type GetServiceAccountPolicyOK struct {
/*
In: Body
*/
Payload string `json:"body,omitempty"`
}
// NewGetServiceAccountPolicyOK creates GetServiceAccountPolicyOK with default headers values
func NewGetServiceAccountPolicyOK() *GetServiceAccountPolicyOK {
return &GetServiceAccountPolicyOK{}
}
// WithPayload adds the payload to the get service account policy o k response
func (o *GetServiceAccountPolicyOK) WithPayload(payload string) *GetServiceAccountPolicyOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get service account policy o k response
func (o *GetServiceAccountPolicyOK) SetPayload(payload string) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetServiceAccountPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
/*
GetServiceAccountPolicyDefault Generic error response.
swagger:response getServiceAccountPolicyDefault
*/
type GetServiceAccountPolicyDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.APIError `json:"body,omitempty"`
}
// NewGetServiceAccountPolicyDefault creates GetServiceAccountPolicyDefault with default headers values
func NewGetServiceAccountPolicyDefault(code int) *GetServiceAccountPolicyDefault {
if code <= 0 {
code = 500
}
return &GetServiceAccountPolicyDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the get service account policy default response
func (o *GetServiceAccountPolicyDefault) WithStatusCode(code int) *GetServiceAccountPolicyDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the get service account policy default response
func (o *GetServiceAccountPolicyDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the get service account policy default response
func (o *GetServiceAccountPolicyDefault) WithPayload(payload *models.APIError) *GetServiceAccountPolicyDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get service account policy default response
func (o *GetServiceAccountPolicyDefault) SetPayload(payload *models.APIError) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetServiceAccountPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

135
restapi/operations/service_account/get_service_account_responses.go Normal file
View File

@@ -0,0 +1,135 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package service_account
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// GetServiceAccountOKCode is the HTTP code returned for type GetServiceAccountOK
const GetServiceAccountOKCode int = 200
/*
GetServiceAccountOK A successful response.
swagger:response getServiceAccountOK
*/
type GetServiceAccountOK struct {
/*
In: Body
*/
Payload *models.ServiceAccount `json:"body,omitempty"`
}
// NewGetServiceAccountOK creates GetServiceAccountOK with default headers values
func NewGetServiceAccountOK() *GetServiceAccountOK {
return &GetServiceAccountOK{}
}
// WithPayload adds the payload to the get service account o k response
func (o *GetServiceAccountOK) WithPayload(payload *models.ServiceAccount) *GetServiceAccountOK {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get service account o k response
func (o *GetServiceAccountOK) SetPayload(payload *models.ServiceAccount) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetServiceAccountOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(200)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}
/*
GetServiceAccountDefault Generic error response.
swagger:response getServiceAccountDefault
*/
type GetServiceAccountDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.APIError `json:"body,omitempty"`
}
// NewGetServiceAccountDefault creates GetServiceAccountDefault with default headers values
func NewGetServiceAccountDefault(code int) *GetServiceAccountDefault {
if code <= 0 {
code = 500
}
return &GetServiceAccountDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the get service account default response
func (o *GetServiceAccountDefault) WithStatusCode(code int) *GetServiceAccountDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the get service account default response
func (o *GetServiceAccountDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the get service account default response
func (o *GetServiceAccountDefault) WithPayload(payload *models.APIError) *GetServiceAccountDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the get service account default response
func (o *GetServiceAccountDefault) SetPayload(payload *models.APIError) {
o.Payload = payload
}
// WriteResponse to the client
func (o *GetServiceAccountDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

26
restapi/operations/service_account/get_service_account_policy_urlbuilder.go → restapi/operations/service_account/get_service_account_urlbuilder.go
View File

@@ -29,8 +29,8 @@ import (
"strings"
)
// GetServiceAccountPolicyURL generates an URL for the get service account policy operation
type GetServiceAccountPolicyURL struct {
// GetServiceAccountURL generates an URL for the get service account operation
type GetServiceAccountURL struct {
AccessKey string
_basePath string
@@ -41,7 +41,7 @@ type GetServiceAccountPolicyURL struct {
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetServiceAccountPolicyURL) WithBasePath(bp string) *GetServiceAccountPolicyURL {
func (o *GetServiceAccountURL) WithBasePath(bp string) *GetServiceAccountURL {
o.SetBasePath(bp)
return o
}
@@ -49,21 +49,21 @@ func (o *GetServiceAccountPolicyURL) WithBasePath(bp string) *GetServiceAccountP
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *GetServiceAccountPolicyURL) SetBasePath(bp string) {
func (o *GetServiceAccountURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *GetServiceAccountPolicyURL) Build() (*url.URL, error) {
func (o *GetServiceAccountURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/service-accounts/{access_key}/policy"
var _path = "/service-accounts/{access_key}"
accessKey := o.AccessKey
if accessKey != "" {
_path = strings.Replace(_path, "{access_key}", accessKey, -1)
} else {
return nil, errors.New("accessKey is required on GetServiceAccountPolicyURL")
return nil, errors.New("accessKey is required on GetServiceAccountURL")
}
_basePath := o._basePath
@@ -76,7 +76,7 @@ func (o *GetServiceAccountPolicyURL) Build() (*url.URL, error) {
}
// Must is a helper function to panic when the url builder returns an error
func (o *GetServiceAccountPolicyURL) Must(u *url.URL, err error) *url.URL {
func (o *GetServiceAccountURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
@@ -87,17 +87,17 @@ func (o *GetServiceAccountPolicyURL) Must(u *url.URL, err error) *url.URL {
}
// String returns the string representation of the path with query string
func (o *GetServiceAccountPolicyURL) String() string {
func (o *GetServiceAccountURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *GetServiceAccountPolicyURL) BuildFull(scheme, host string) (*url.URL, error) {
func (o *GetServiceAccountURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on GetServiceAccountPolicyURL")
return nil, errors.New("scheme is required for a full url on GetServiceAccountURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on GetServiceAccountPolicyURL")
return nil, errors.New("host is required for a full url on GetServiceAccountURL")
}
base, err := o.Build()
@@ -111,6 +111,6 @@ func (o *GetServiceAccountPolicyURL) BuildFull(scheme, host string) (*url.URL, e
}
// StringFull returns the string representation of a complete url
func (o *GetServiceAccountPolicyURL) StringFull(scheme, host string) string {
func (o *GetServiceAccountURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

115
restapi/operations/service_account/set_service_account_policy_responses.go
View File

@@ -1,115 +0,0 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package service_account
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// SetServiceAccountPolicyOKCode is the HTTP code returned for type SetServiceAccountPolicyOK
const SetServiceAccountPolicyOKCode int = 200
/*
SetServiceAccountPolicyOK A successful response.
swagger:response setServiceAccountPolicyOK
*/
type SetServiceAccountPolicyOK struct {
}
// NewSetServiceAccountPolicyOK creates SetServiceAccountPolicyOK with default headers values
func NewSetServiceAccountPolicyOK() *SetServiceAccountPolicyOK {
return &SetServiceAccountPolicyOK{}
}
// WriteResponse to the client
func (o *SetServiceAccountPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
rw.WriteHeader(200)
}
/*
SetServiceAccountPolicyDefault Generic error response.
swagger:response setServiceAccountPolicyDefault
*/
type SetServiceAccountPolicyDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.APIError `json:"body,omitempty"`
}
// NewSetServiceAccountPolicyDefault creates SetServiceAccountPolicyDefault with default headers values
func NewSetServiceAccountPolicyDefault(code int) *SetServiceAccountPolicyDefault {
if code <= 0 {
code = 500
}
return &SetServiceAccountPolicyDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the set service account policy default response
func (o *SetServiceAccountPolicyDefault) WithStatusCode(code int) *SetServiceAccountPolicyDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the set service account policy default response
func (o *SetServiceAccountPolicyDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the set service account policy default response
func (o *SetServiceAccountPolicyDefault) WithPayload(payload *models.APIError) *SetServiceAccountPolicyDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the set service account policy default response
func (o *SetServiceAccountPolicyDefault) SetPayload(payload *models.APIError) {
o.Payload = payload
}
// WriteResponse to the client
func (o *SetServiceAccountPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

28
restapi/operations/service_account/set_service_account_policy.go → restapi/operations/service_account/update_service_account.go
View File

@@ -30,40 +30,40 @@ import (
"github.com/minio/console/models"
)
// SetServiceAccountPolicyHandlerFunc turns a function with the right signature into a set service account policy handler
type SetServiceAccountPolicyHandlerFunc func(SetServiceAccountPolicyParams, *models.Principal) middleware.Responder
// UpdateServiceAccountHandlerFunc turns a function with the right signature into a update service account handler
type UpdateServiceAccountHandlerFunc func(UpdateServiceAccountParams, *models.Principal) middleware.Responder
// Handle executing the request and returning a response
func (fn SetServiceAccountPolicyHandlerFunc) Handle(params SetServiceAccountPolicyParams, principal *models.Principal) middleware.Responder {
func (fn UpdateServiceAccountHandlerFunc) Handle(params UpdateServiceAccountParams, principal *models.Principal) middleware.Responder {
return fn(params, principal)
}
// SetServiceAccountPolicyHandler interface for that can handle valid set service account policy params
type SetServiceAccountPolicyHandler interface {
Handle(SetServiceAccountPolicyParams, *models.Principal) middleware.Responder
// UpdateServiceAccountHandler interface for that can handle valid update service account params
type UpdateServiceAccountHandler interface {
Handle(UpdateServiceAccountParams, *models.Principal) middleware.Responder
}
// NewSetServiceAccountPolicy creates a new http.Handler for the set service account policy operation
func NewSetServiceAccountPolicy(ctx *middleware.Context, handler SetServiceAccountPolicyHandler) *SetServiceAccountPolicy {
return &SetServiceAccountPolicy{Context: ctx, Handler: handler}
// NewUpdateServiceAccount creates a new http.Handler for the update service account operation
func NewUpdateServiceAccount(ctx *middleware.Context, handler UpdateServiceAccountHandler) *UpdateServiceAccount {
return &UpdateServiceAccount{Context: ctx, Handler: handler}
}
/*
SetServiceAccountPolicy swagger:route PUT /service-accounts/{access_key}/policy ServiceAccount setServiceAccountPolicy
UpdateServiceAccount swagger:route PUT /service-accounts/{access_key} ServiceAccount updateServiceAccount
Set Service Account Policy
*/
type SetServiceAccountPolicy struct {
type UpdateServiceAccount struct {
Context *middleware.Context
Handler SetServiceAccountPolicyHandler
Handler UpdateServiceAccountHandler
}
func (o *SetServiceAccountPolicy) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
func (o *UpdateServiceAccount) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
route, rCtx, _ := o.Context.RouteInfo(r)
if rCtx != nil {
*r = *rCtx
}
var Params = NewSetServiceAccountPolicyParams()
var Params = NewUpdateServiceAccountParams()
uprinc, aCtx, err := o.Context.Authorize(r, route)
if err != nil {
o.Context.Respond(rw, r, route.Produces, route, err)

30
restapi/operations/service_account/set_service_account_policy_parameters.go → restapi/operations/service_account/update_service_account_parameters.go
View File

@@ -35,19 +35,19 @@ import (
"github.com/minio/console/models"
)
// NewSetServiceAccountPolicyParams creates a new SetServiceAccountPolicyParams object
// NewUpdateServiceAccountParams creates a new UpdateServiceAccountParams object
//
// There are no default values defined in the spec.
func NewSetServiceAccountPolicyParams() SetServiceAccountPolicyParams {
func NewUpdateServiceAccountParams() UpdateServiceAccountParams {
return SetServiceAccountPolicyParams{}
return UpdateServiceAccountParams{}
}
// SetServiceAccountPolicyParams contains all the bound params for the set service account policy operation
// UpdateServiceAccountParams contains all the bound params for the update service account operation
// typically these are obtained from a http.Request
//
// swagger:parameters SetServiceAccountPolicy
type SetServiceAccountPolicyParams struct {
// swagger:parameters UpdateServiceAccount
type UpdateServiceAccountParams struct {
// HTTP Request Object
HTTPRequest *http.Request `json:"-"`
@@ -61,14 +61,14 @@ type SetServiceAccountPolicyParams struct {
Required: true
In: body
*/
Policy *models.AddServiceAccountPolicyRequest
Body *models.UpdateServiceAccountRequest
}
// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
// for simple values it will use straight method calls.
//
// To ensure default values, the struct must have been initialized with NewSetServiceAccountPolicyParams() beforehand.
func (o *SetServiceAccountPolicyParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
// To ensure default values, the struct must have been initialized with NewUpdateServiceAccountParams() beforehand.
func (o *UpdateServiceAccountParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
var res []error
o.HTTPRequest = r
@@ -80,12 +80,12 @@ func (o *SetServiceAccountPolicyParams) BindRequest(r *http.Request, route *midd
if runtime.HasBody(r) {
defer r.Body.Close()
var body models.AddServiceAccountPolicyRequest
var body models.UpdateServiceAccountRequest
if err := route.Consumer.Consume(r.Body, &body); err != nil {
if err == io.EOF {
res = append(res, errors.Required("policy", "body", ""))
res = append(res, errors.Required("body", "body", ""))
} else {
res = append(res, errors.NewParseError("policy", "body", "", err))
res = append(res, errors.NewParseError("body", "body", "", err))
}
} else {
// validate body object
@@ -99,11 +99,11 @@ func (o *SetServiceAccountPolicyParams) BindRequest(r *http.Request, route *midd
}
if len(res) == 0 {
o.Policy = &body
o.Body = &body
}
}
} else {
res = append(res, errors.Required("policy", "body", ""))
res = append(res, errors.Required("body", "body", ""))
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
@@ -112,7 +112,7 @@ func (o *SetServiceAccountPolicyParams) BindRequest(r *http.Request, route *midd
}
// bindAccessKey binds and validates parameter AccessKey from path.
func (o *SetServiceAccountPolicyParams) bindAccessKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
func (o *UpdateServiceAccountParams) bindAccessKey(rawData []string, hasKey bool, formats strfmt.Registry) error {
var raw string
if len(rawData) > 0 {
raw = rawData[len(rawData)-1]

115
restapi/operations/service_account/update_service_account_responses.go Normal file
View File

@@ -0,0 +1,115 @@
// Code generated by go-swagger; DO NOT EDIT.
// This file is part of MinIO Console Server
// Copyright (c) 2023 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//
package service_account
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"net/http"
"github.com/go-openapi/runtime"
"github.com/minio/console/models"
)
// UpdateServiceAccountOKCode is the HTTP code returned for type UpdateServiceAccountOK
const UpdateServiceAccountOKCode int = 200
/*
UpdateServiceAccountOK A successful response.
swagger:response updateServiceAccountOK
*/
type UpdateServiceAccountOK struct {
}
// NewUpdateServiceAccountOK creates UpdateServiceAccountOK with default headers values
func NewUpdateServiceAccountOK() *UpdateServiceAccountOK {
return &UpdateServiceAccountOK{}
}
// WriteResponse to the client
func (o *UpdateServiceAccountOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
rw.WriteHeader(200)
}
/*
UpdateServiceAccountDefault Generic error response.
swagger:response updateServiceAccountDefault
*/
type UpdateServiceAccountDefault struct {
_statusCode int
/*
In: Body
*/
Payload *models.APIError `json:"body,omitempty"`
}
// NewUpdateServiceAccountDefault creates UpdateServiceAccountDefault with default headers values
func NewUpdateServiceAccountDefault(code int) *UpdateServiceAccountDefault {
if code <= 0 {
code = 500
}
return &UpdateServiceAccountDefault{
_statusCode: code,
}
}
// WithStatusCode adds the status to the update service account default response
func (o *UpdateServiceAccountDefault) WithStatusCode(code int) *UpdateServiceAccountDefault {
o._statusCode = code
return o
}
// SetStatusCode sets the status to the update service account default response
func (o *UpdateServiceAccountDefault) SetStatusCode(code int) {
o._statusCode = code
}
// WithPayload adds the payload to the update service account default response
func (o *UpdateServiceAccountDefault) WithPayload(payload *models.APIError) *UpdateServiceAccountDefault {
o.Payload = payload
return o
}
// SetPayload sets the payload to the update service account default response
func (o *UpdateServiceAccountDefault) SetPayload(payload *models.APIError) {
o.Payload = payload
}
// WriteResponse to the client
func (o *UpdateServiceAccountDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
rw.WriteHeader(o._statusCode)
if o.Payload != nil {
payload := o.Payload
if err := producer.Produce(rw, payload); err != nil {
panic(err) // let the recovery middleware deal with this
}
}
}

26
restapi/operations/service_account/set_service_account_policy_urlbuilder.go → restapi/operations/service_account/update_service_account_urlbuilder.go
View File

@@ -29,8 +29,8 @@ import (
"strings"
)
// SetServiceAccountPolicyURL generates an URL for the set service account policy operation
type SetServiceAccountPolicyURL struct {
// UpdateServiceAccountURL generates an URL for the update service account operation
type UpdateServiceAccountURL struct {
AccessKey string
_basePath string
@@ -41,7 +41,7 @@ type SetServiceAccountPolicyURL struct {
// WithBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *SetServiceAccountPolicyURL) WithBasePath(bp string) *SetServiceAccountPolicyURL {
func (o *UpdateServiceAccountURL) WithBasePath(bp string) *UpdateServiceAccountURL {
o.SetBasePath(bp)
return o
}
@@ -49,21 +49,21 @@ func (o *SetServiceAccountPolicyURL) WithBasePath(bp string) *SetServiceAccountP
// SetBasePath sets the base path for this url builder, only required when it's different from the
// base path specified in the swagger spec.
// When the value of the base path is an empty string
func (o *SetServiceAccountPolicyURL) SetBasePath(bp string) {
func (o *UpdateServiceAccountURL) SetBasePath(bp string) {
o._basePath = bp
}
// Build a url path and query string
func (o *SetServiceAccountPolicyURL) Build() (*url.URL, error) {
func (o *UpdateServiceAccountURL) Build() (*url.URL, error) {
var _result url.URL
var _path = "/service-accounts/{access_key}/policy"
var _path = "/service-accounts/{access_key}"
accessKey := o.AccessKey
if accessKey != "" {
_path = strings.Replace(_path, "{access_key}", accessKey, -1)
} else {
return nil, errors.New("accessKey is required on SetServiceAccountPolicyURL")
return nil, errors.New("accessKey is required on UpdateServiceAccountURL")
}
_basePath := o._basePath
@@ -76,7 +76,7 @@ func (o *SetServiceAccountPolicyURL) Build() (*url.URL, error) {
}
// Must is a helper function to panic when the url builder returns an error
func (o *SetServiceAccountPolicyURL) Must(u *url.URL, err error) *url.URL {
func (o *UpdateServiceAccountURL) Must(u *url.URL, err error) *url.URL {
if err != nil {
panic(err)
}
@@ -87,17 +87,17 @@ func (o *SetServiceAccountPolicyURL) Must(u *url.URL, err error) *url.URL {
}
// String returns the string representation of the path with query string
func (o *SetServiceAccountPolicyURL) String() string {
func (o *UpdateServiceAccountURL) String() string {
return o.Must(o.Build()).String()
}
// BuildFull builds a full url with scheme, host, path and query string
func (o *SetServiceAccountPolicyURL) BuildFull(scheme, host string) (*url.URL, error) {
func (o *UpdateServiceAccountURL) BuildFull(scheme, host string) (*url.URL, error) {
if scheme == "" {
return nil, errors.New("scheme is required for a full url on SetServiceAccountPolicyURL")
return nil, errors.New("scheme is required for a full url on UpdateServiceAccountURL")
}
if host == "" {
return nil, errors.New("host is required for a full url on SetServiceAccountPolicyURL")
return nil, errors.New("host is required for a full url on UpdateServiceAccountURL")
}
base, err := o.Build()
@@ -111,6 +111,6 @@ func (o *SetServiceAccountPolicyURL) BuildFull(scheme, host string) (*url.URL, e
}
// StringFull returns the string representation of a complete url
func (o *SetServiceAccountPolicyURL) StringFull(scheme, host string) string {
func (o *UpdateServiceAccountURL) StringFull(scheme, host string) string {
return o.Must(o.BuildFull(scheme, host)).String()
}

149
restapi/service_accounts_handlers.go
View File

@@ -96,20 +96,20 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
return saApi.NewListUserServiceAccountsOK().WithPayload(serviceAccounts)
})
api.ServiceAccountGetServiceAccountPolicyHandler = saApi.GetServiceAccountPolicyHandlerFunc(func(params saApi.GetServiceAccountPolicyParams, session *models.Principal) middleware.Responder {
serviceAccounts, err := getServiceAccountPolicyResponse(session, params)
api.ServiceAccountGetServiceAccountHandler = saApi.GetServiceAccountHandlerFunc(func(params saApi.GetServiceAccountParams, session *models.Principal) middleware.Responder {
serviceAccounts, err := getServiceAccountInfo(session, params)
if err != nil {
return saApi.NewGetServiceAccountPolicyDefault(err.Code).WithPayload(err.APIError)
return saApi.NewGetServiceAccountDefault(err.Code).WithPayload(err.APIError)
}
return saApi.NewGetServiceAccountPolicyOK().WithPayload(serviceAccounts)
return saApi.NewGetServiceAccountOK().WithPayload(serviceAccounts)
})
api.ServiceAccountSetServiceAccountPolicyHandler = saApi.SetServiceAccountPolicyHandlerFunc(func(params saApi.SetServiceAccountPolicyParams, session *models.Principal) middleware.Responder {
err := getSetServiceAccountPolicyResponse(session, params)
api.ServiceAccountUpdateServiceAccountHandler = saApi.UpdateServiceAccountHandlerFunc(func(params saApi.UpdateServiceAccountParams, session *models.Principal) middleware.Responder {
err := updateSetServiceAccountResponse(session, params)
if err != nil {
return saApi.NewSetServiceAccountPolicyDefault(err.Code).WithPayload(err.APIError)
return saApi.NewUpdateServiceAccountDefault(err.Code).WithPayload(err.APIError)
}
return saApi.NewSetServiceAccountPolicyOK()
return saApi.NewUpdateServiceAccountOK()
})
// Delete multiple service accounts
@@ -122,7 +122,7 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
}
// createServiceAccount adds a service account to the userClient and assigns a policy to him if defined.
func createServiceAccount(ctx context.Context, userClient MinioAdmin, policy string) (*models.ServiceAccountCreds, error) {
func createServiceAccount(ctx context.Context, userClient MinioAdmin, policy string, name string, description string, expiry *time.Time, comment string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
@@ -133,7 +133,7 @@ func createServiceAccount(ctx context.Context, userClient MinioAdmin, policy str
}
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", "", "")
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", "", "", name, description, expiry, comment)
if err != nil {
return nil, err
}
@@ -141,7 +141,7 @@ func createServiceAccount(ctx context.Context, userClient MinioAdmin, policy str
}
// createServiceAccount adds a service account with the given credentials to the userClient and assigns a policy to him if defined.
func createServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, accessKey string, secretKey string) (*models.ServiceAccountCreds, error) {
func createServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
@@ -152,7 +152,7 @@ func createServiceAccountCreds(ctx context.Context, userClient MinioAdmin, polic
}
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", accessKey, secretKey)
creds, err := userClient.addServiceAccount(ctx, iamPolicy, "", accessKey, secretKey, name, description, expiry, comment)
if err != nil {
return nil, err
}
@@ -174,7 +174,14 @@ func getCreateServiceAccountResponse(session *models.Principal, params saApi.Cre
// defining the client to be used
userAdminClient := AdminClient{Client: userAdmin}
saCreds, err := createServiceAccount(ctx, userAdminClient, params.Body.Policy)
var parsedExpiry time.Time
if params.Body.Expiry != "" {
parsedExpiry, err = time.Parse(time.RFC3339, params.Body.Expiry)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
}
saCreds, err := createServiceAccount(ctx, userAdminClient, params.Body.Policy, params.Body.Name, params.Body.Description, &parsedExpiry, params.Body.Comment)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
@@ -182,7 +189,7 @@ func getCreateServiceAccountResponse(session *models.Principal, params saApi.Cre
}
// createServiceAccount adds a service account to a given user and assigns a policy to him if defined.
func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, policy string, user string) (*models.ServiceAccountCreds, error) {
func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, policy string, user string, name string, description string, expiry *time.Time, comment string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
@@ -194,14 +201,14 @@ func createAUserServiceAccount(ctx context.Context, userClient MinioAdmin, polic
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, "", "")
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, "", "", name, description, expiry, comment)
if err != nil {
return nil, err
}
return &models.ServiceAccountCreds{AccessKey: creds.AccessKey, SecretKey: creds.SecretKey, URL: getMinIOServer()}, nil
}
func createAUserServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, user string, accessKey string, secretKey string) (*models.ServiceAccountCreds, error) {
func createAUserServiceAccountCreds(ctx context.Context, userClient MinioAdmin, policy string, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (*models.ServiceAccountCreds, error) {
// By default a nil policy will be used so the service account inherit the parent account policy, otherwise
// we override with the user provided iam policy
var iamPolicy *iampolicy.Policy
@@ -213,7 +220,7 @@ func createAUserServiceAccountCreds(ctx context.Context, userClient MinioAdmin,
iamPolicy = iamp
}
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, accessKey, secretKey)
creds, err := userClient.addServiceAccount(ctx, iamPolicy, user, accessKey, secretKey, name, description, expiry, comment)
if err != nil {
return nil, err
}
@@ -238,7 +245,15 @@ func getCreateAUserServiceAccountResponse(session *models.Principal, params user
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
saCreds, err := createAUserServiceAccount(ctx, userAdminClient, params.Body.Policy, name)
var parsedExpiry time.Time
if params.Body.Expiry != "" {
parsedExpiry, err = time.Parse(time.RFC3339, params.Body.Expiry)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
}
saCreds, err := createAUserServiceAccount(ctx, userAdminClient, params.Body.Policy, name, params.Body.Name, params.Body.Description, &parsedExpiry, params.Body.Comment)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
@@ -275,7 +290,15 @@ func getCreateAUserServiceAccountCredsResponse(session *models.Principal, params
return nil, ErrorWithContext(ctx, errors.New("Access Key already in use"))
}
}
saCreds, err := createAUserServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, user, serviceAccount.AccessKey, serviceAccount.SecretKey)
var parsedExpiry time.Time
if serviceAccount.Expiry != "" {
parsedExpiry, err = time.Parse(time.RFC3339, serviceAccount.Expiry)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
}
saCreds, err := createAUserServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, user, serviceAccount.AccessKey, serviceAccount.SecretKey, serviceAccount.Name, serviceAccount.Description, &parsedExpiry, serviceAccount.Comment)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
@@ -309,7 +332,15 @@ func getCreateServiceAccountCredsResponse(session *models.Principal, params saAp
}
}
saCreds, err := createServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, serviceAccount.AccessKey, serviceAccount.SecretKey)
var parsedExpiry time.Time
if params.Body.Expiry != "" {
parsedExpiry, err = time.Parse(time.RFC3339, params.Body.Expiry)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
}
saCreds, err := createServiceAccountCreds(ctx, userAdminClient, serviceAccount.Policy, serviceAccount.AccessKey, serviceAccount.SecretKey, params.Body.Name, params.Body.Description, &parsedExpiry, params.Body.Comment)
if err != nil {
return nil, ErrorWithContext(ctx, err)
}
@@ -392,60 +423,89 @@ func getDeleteServiceAccountResponse(session *models.Principal, params saApi.Del
return nil
}
// getServiceAccountPolicy gets policy for a service account
func getServiceAccountPolicy(ctx context.Context, userClient MinioAdmin, accessKey string) (string, error) {
serviceAccountInfo, err := userClient.infoServiceAccount(ctx, accessKey)
// getServiceAccountDetails gets policy for a service account
func getServiceAccountDetails(ctx context.Context, userClient MinioAdmin, accessKey string) (*models.ServiceAccount, error) {
saInfo, err := userClient.infoServiceAccount(ctx, accessKey)
if err != nil {
return "", err
return nil, err
}
var policyJSON string
var policy iampolicy.Policy
json.Unmarshal([]byte(serviceAccountInfo.Policy), &policy)
json.Unmarshal([]byte(saInfo.Policy), &policy)
if policy.Statements == nil {
return "", nil
policyJSON = ""
} else {
policyJSON = saInfo.Policy
}
return serviceAccountInfo.Policy, nil
expiry := ""
if saInfo.Expiration != nil {
expiry = saInfo.Expiration.Format(time.RFC3339)
}
sa := models.ServiceAccount{
AccountStatus: saInfo.AccountStatus,
Description: saInfo.Description,
Expiration: expiry,
ImpliedPolicy: saInfo.ImpliedPolicy,
Name: saInfo.Name,
ParentUser: saInfo.ParentUser,
Policy: policyJSON,
}
return &sa, nil
}
// getServiceAccountPolicyResponse authenticates the user and calls
// getServiceAccountPolicy to get the policy for a service account
func getServiceAccountPolicyResponse(session *models.Principal, params saApi.GetServiceAccountPolicyParams) (string, *CodedAPIError) {
// getServiceAccountInfo authenticates the user and calls
// getServiceAccountInfo to get the policy for a service account
func getServiceAccountInfo(session *models.Principal, params saApi.GetServiceAccountParams) (*models.ServiceAccount, *CodedAPIError) {
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
defer cancel()
accessKey, err := utils.DecodeBase64(params.AccessKey)
if err != nil {
return "", ErrorWithContext(ctx, err)
return nil, ErrorWithContext(ctx, err)
}
userAdmin, err := NewMinioAdminClient(params.HTTPRequest.Context(), session)
if err != nil {
return "", ErrorWithContext(ctx, err)
return nil, ErrorWithContext(ctx, err)
}
// create a MinIO user Admin Client interface implementation
// defining the client to be used
userAdminClient := AdminClient{Client: userAdmin}
serviceAccounts, err := getServiceAccountPolicy(ctx, userAdminClient, accessKey)
serviceAccount, err := getServiceAccountDetails(ctx, userAdminClient, accessKey)
if err != nil {
return "", ErrorWithContext(ctx, err)
return nil, ErrorWithContext(ctx, err)
}
return serviceAccounts, nil
return serviceAccount, nil
}
// setServiceAccountPolicy sets policy for a service account
func setServiceAccountPolicy(ctx context.Context, userClient MinioAdmin, accessKey string, policy string) error {
err := userClient.updateServiceAccount(ctx, accessKey, madmin.UpdateServiceAccountReq{NewPolicy: json.RawMessage(policy)})
func updateServiceAccountDetails(ctx context.Context, userClient MinioAdmin, accessKey string, policy string, expiry time.Time, name string, description string, status string, secretKey string) error {
req := madmin.UpdateServiceAccountReq{
NewPolicy: json.RawMessage(policy),
NewSecretKey: secretKey,
NewStatus: status,
NewName: name,
NewDescription: description,
NewExpiration: &expiry,
}
err := userClient.updateServiceAccount(ctx, accessKey, req)
return err
}
// getSetServiceAccountPolicyResponse authenticates the user and calls
// updateSetServiceAccountResponse authenticates the user and calls
// getSetServiceAccountPolicy to set the policy for a service account
func getSetServiceAccountPolicyResponse(session *models.Principal, params saApi.SetServiceAccountPolicyParams) *CodedAPIError {
func updateSetServiceAccountResponse(session *models.Principal, params saApi.UpdateServiceAccountParams) *CodedAPIError {
ctx, cancel := context.WithCancel(params.HTTPRequest.Context())
defer cancel()
accessKey, err := utils.DecodeBase64(params.AccessKey)
if err != nil {
return ErrorWithContext(ctx, err)
}
policy := *params.Policy.Policy
policy := *params.Body.Policy
userAdmin, err := NewMinioAdminClient(params.HTTPRequest.Context(), session)
if err != nil {
return ErrorWithContext(ctx, err)
@@ -454,7 +514,14 @@ func getSetServiceAccountPolicyResponse(session *models.Principal, params saApi.
// defining the client to be used
userAdminClient := AdminClient{Client: userAdmin}
err = setServiceAccountPolicy(ctx, userAdminClient, accessKey, policy)
var parsedExpiry time.Time
if params.Body.Expiry != "" {
parsedExpiry, err = time.Parse(time.RFC3339, params.Body.Expiry)
if err != nil {
return ErrorWithContext(ctx, err)
}
}
err = updateServiceAccountDetails(ctx, userAdminClient, accessKey, policy, parsedExpiry, params.Body.Name, params.Body.Description, params.Body.Status, params.Body.SecretKey)
if err != nil {
return ErrorWithContext(ctx, err)
}

23
restapi/service_accounts_handlers_test.go
View File

@@ -21,6 +21,7 @@ import (
"errors"
"fmt"
"testing"
"time"
"github.com/minio/madmin-go/v3"
iampolicy "github.com/minio/pkg/v2/policy"
@@ -40,10 +41,10 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error) {
return mockResponse, nil
}
saCreds, err := createServiceAccount(ctx, client, policyDefinition)
saCreds, err := createServiceAccount(ctx, client, policyDefinition, "", "", nil, "")
if err != nil {
t.Errorf("Failed on %s:, error occurred: %s", function, err.Error())
}
@@ -56,10 +57,10 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error) {
return mockResponse, nil
}
_, err = createServiceAccount(ctx, client, policyDefinition)
_, err = createServiceAccount(ctx, client, policyDefinition, "", "", nil, "")
assert.Error(err)
// Test-3: if an error occurs on server while creating service account (valid policy), handle it
@@ -68,10 +69,10 @@ func TestAddServiceAccount(t *testing.T) {
AccessKey: "minio",
SecretKey: "minio123",
}
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string) (madmin.Credentials, error) {
minioAddServiceAccountMock = func(ctx context.Context, policy *iampolicy.Policy, user string, accessKey string, secretKey string, name string, description string, expiry *time.Time, comment string) (madmin.Credentials, error) {
return madmin.Credentials{}, errors.New("error")
}
_, err = createServiceAccount(ctx, client, policyDefinition)
_, err = createServiceAccount(ctx, client, policyDefinition, "", "", nil, "")
if assert.Error(err) {
assert.Equal("error", err.Error())
}
@@ -153,11 +154,11 @@ func TestDeleteServiceAccount(t *testing.T) {
}
}
func TestGetServiceAccountPolicy(t *testing.T) {
func TestGetServiceAccountDetails(t *testing.T) {
assert := assert.New(t)
// mock minIO client
client := AdminClientMock{}
function := "getServiceAccountPolicy()"
function := "getServiceAccountDetails()"
// Test-1: getServiceAccountPolicy list serviceaccounts for a user
ctx, cancel := context.WithCancel(context.Background())
@@ -183,17 +184,17 @@ func TestGetServiceAccountPolicy(t *testing.T) {
minioInfoServiceAccountMock = func(ctx context.Context, user string) (madmin.InfoServiceAccountResp, error) {
return mockResponse, nil
}
serviceAccount, err := getServiceAccountPolicy(ctx, client, "")
serviceAccount, err := getServiceAccountDetails(ctx, client, "")
if err != nil {
t.Errorf("Failed on %s:, error occurred: %s", function, err.Error())
}
assert.Equal(mockResponse.Policy, serviceAccount)
assert.Equal(mockResponse.Policy, serviceAccount.Policy)
// Test-2: getServiceAccountPolicy returns an error, handle it properly
minioInfoServiceAccountMock = func(ctx context.Context, user string) (madmin.InfoServiceAccountResp, error) {
return madmin.InfoServiceAccountResp{}, errors.New("error")
}
_, err = getServiceAccountPolicy(ctx, client, "")
_, err = getServiceAccountDetails(ctx, client, "")
if assert.Error(err) {
assert.Equal("error", err.Error())
}

95
swagger.yml
View File

@@ -1416,25 +1416,6 @@ paths:
tags:
- ServiceAccount
/service-accounts/{access_key}:
delete:
summary: Delete Service Account
operationId: DeleteServiceAccount
parameters:
- name: access_key
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/ApiError"
tags:
- ServiceAccount
/service-accounts/delete-multi:
delete:
summary: Delete Multiple Service Accounts
@@ -1457,10 +1438,10 @@ paths:
tags:
- ServiceAccount
/service-accounts/{access_key}/policy:
/service-accounts/{access_key}:
get:
summary: Get Service Account Policy
operationId: GetServiceAccountPolicy
summary: Get Service Account
operationId: GetServiceAccount
parameters:
- name: access_key
in: path
@@ -1470,7 +1451,7 @@ paths:
200:
description: A successful response.
schema:
type: string
$ref: "#/definitions/serviceAccount"
default:
description: Generic error response.
schema:
@@ -1479,17 +1460,17 @@ paths:
- ServiceAccount
put:
summary: Set Service Account Policy
operationId: SetServiceAccountPolicy
operationId: UpdateServiceAccount
parameters:
- name: access_key
in: path
required: true
type: string
- name: policy
- name: body
in: body
required: true
schema:
$ref: "#/definitions/addServiceAccountPolicyRequest"
$ref: "#/definitions/updateServiceAccountRequest"
responses:
200:
description: A successful response.
@@ -1499,6 +1480,23 @@ paths:
$ref: "#/definitions/ApiError"
tags:
- ServiceAccount
delete:
summary: Delete Service Account
operationId: DeleteServiceAccount
parameters:
- name: access_key
in: path
required: true
type: string
responses:
204:
description: A successful response.
default:
description: Generic error response.
schema:
$ref: "#/definitions/ApiError"
tags:
- ServiceAccount
/users:
get:
@@ -3896,13 +3894,23 @@ definitions:
policy:
type: string
addServiceAccountPolicyRequest:
updateServiceAccountRequest:
type: object
required:
- policy
properties:
policy:
type: string
secretKey:
type: string
name:
type: string
description:
type: string
expiry:
type: string
status:
type: string
listPoliciesResponse:
type: object
@@ -4804,6 +4812,23 @@ definitions:
type: array
items:
type: string
serviceAccount:
type: object
properties:
parentUser:
type: string
accountStatus:
type: string
impliedPolicy:
type: boolean
policy:
type: string
name:
type: string
description:
type: string
expiration:
type: string
serviceAccounts:
type: array
items:
@@ -4826,6 +4851,14 @@ definitions:
policy:
type: string
title: "policy to be applied to the Service Account if any"
name:
type: string
description:
type: string
expiry:
type: string
comment:
type: string
serviceAccountRequestCreds:
type: object
properties:
@@ -4836,6 +4869,14 @@ definitions:
type: string
secretKey:
type: string
name:
type: string
description:
type: string
expiry:
type: string
comment:
type: string
serviceAccountCreds:
type: object
properties: