Added multidelete function for Service Accounts (#1501)

Added multidelete function for Service Accounts

restapi/embedded_spec.go

@@ -3062,6 +3062,39 @@ func init() {
         }
       }
     },
+    "/service-accounts/delete-multi": {
+      "post": {
+        "tags": [
+          "UserAPI"
+        ],
+        "summary": "Delete Multiple Service Accounts",
+        "operationId": "DeleteMultipleServiceAccounts",
+        "parameters": [
+          {
+            "name": "selectedSA",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
     "/service-accounts/{access_key}": {
       "delete": {
         "tags": [
@@ -9147,6 +9180,39 @@ func init() {
         }
       }
     },
+    "/service-accounts/delete-multi": {
+      "post": {
+        "tags": [
+          "UserAPI"
+        ],
+        "summary": "Delete Multiple Service Accounts",
+        "operationId": "DeleteMultipleServiceAccounts",
+        "parameters": [
+          {
+            "name": "selectedSA",
+            "in": "body",
+            "required": true,
+            "schema": {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response."
+          },
+          "default": {
+            "description": "Generic error response.",
+            "schema": {
+              "$ref": "#/definitions/error"
+            }
+          }
+        }
+      }
+    },
     "/service-accounts/{access_key}": {
       "delete": {
         "tags": [

restapi/operations/console_api.go

@@ -143,6 +143,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI {
 		UserAPIDeleteMultipleObjectsHandler: user_api.DeleteMultipleObjectsHandlerFunc(func(params user_api.DeleteMultipleObjectsParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.DeleteMultipleObjects has not yet been implemented")
 		}),
+		UserAPIDeleteMultipleServiceAccountsHandler: user_api.DeleteMultipleServiceAccountsHandlerFunc(func(params user_api.DeleteMultipleServiceAccountsParams, principal *models.Principal) middleware.Responder {
+			return middleware.NotImplemented("operation user_api.DeleteMultipleServiceAccounts has not yet been implemented")
+		}),
 		UserAPIDeleteObjectHandler: user_api.DeleteObjectHandlerFunc(func(params user_api.DeleteObjectParams, principal *models.Principal) middleware.Responder {
 			return middleware.NotImplemented("operation user_api.DeleteObject has not yet been implemented")
 		}),
@@ -493,6 +496,8 @@ type ConsoleAPI struct {
 	UserAPIDeleteBucketReplicationRuleHandler user_api.DeleteBucketReplicationRuleHandler
 	// UserAPIDeleteMultipleObjectsHandler sets the operation handler for the delete multiple objects operation
 	UserAPIDeleteMultipleObjectsHandler user_api.DeleteMultipleObjectsHandler
+	// UserAPIDeleteMultipleServiceAccountsHandler sets the operation handler for the delete multiple service accounts operation
+	UserAPIDeleteMultipleServiceAccountsHandler user_api.DeleteMultipleServiceAccountsHandler
 	// UserAPIDeleteObjectHandler sets the operation handler for the delete object operation
 	UserAPIDeleteObjectHandler user_api.DeleteObjectHandler
 	// UserAPIDeleteObjectRetentionHandler sets the operation handler for the delete object retention operation
@@ -820,6 +825,9 @@ func (o *ConsoleAPI) Validate() error {
 	if o.UserAPIDeleteMultipleObjectsHandler == nil {
 		unregistered = append(unregistered, "user_api.DeleteMultipleObjectsHandler")
 	}
+	if o.UserAPIDeleteMultipleServiceAccountsHandler == nil {
+		unregistered = append(unregistered, "user_api.DeleteMultipleServiceAccountsHandler")
+	}
 	if o.UserAPIDeleteObjectHandler == nil {
 		unregistered = append(unregistered, "user_api.DeleteObjectHandler")
 	}
@@ -1269,6 +1277,10 @@ func (o *ConsoleAPI) initHandlerCache() {
 		o.handlers["POST"] = make(map[string]http.Handler)
 	}
 	o.handlers["POST"]["/buckets/{bucket_name}/delete-objects"] = user_api.NewDeleteMultipleObjects(o.context, o.UserAPIDeleteMultipleObjectsHandler)
+	if o.handlers["POST"] == nil {
+		o.handlers["POST"] = make(map[string]http.Handler)
+	}
+	o.handlers["POST"]["/service-accounts/delete-multi"] = user_api.NewDeleteMultipleServiceAccounts(o.context, o.UserAPIDeleteMultipleServiceAccountsHandler)
 	if o.handlers["DELETE"] == nil {
 		o.handlers["DELETE"] = make(map[string]http.Handler)
 	}

restapi/operations/user_api/delete_multiple_service_accounts.go

@@ -0,0 +1,88 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package user_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime/middleware"
+
+	"github.com/minio/console/models"
+)
+
+// DeleteMultipleServiceAccountsHandlerFunc turns a function with the right signature into a delete multiple service accounts handler
+type DeleteMultipleServiceAccountsHandlerFunc func(DeleteMultipleServiceAccountsParams, *models.Principal) middleware.Responder
+
+// Handle executing the request and returning a response
+func (fn DeleteMultipleServiceAccountsHandlerFunc) Handle(params DeleteMultipleServiceAccountsParams, principal *models.Principal) middleware.Responder {
+	return fn(params, principal)
+}
+
+// DeleteMultipleServiceAccountsHandler interface for that can handle valid delete multiple service accounts params
+type DeleteMultipleServiceAccountsHandler interface {
+	Handle(DeleteMultipleServiceAccountsParams, *models.Principal) middleware.Responder
+}
+
+// NewDeleteMultipleServiceAccounts creates a new http.Handler for the delete multiple service accounts operation
+func NewDeleteMultipleServiceAccounts(ctx *middleware.Context, handler DeleteMultipleServiceAccountsHandler) *DeleteMultipleServiceAccounts {
+	return &DeleteMultipleServiceAccounts{Context: ctx, Handler: handler}
+}
+
+/* DeleteMultipleServiceAccounts swagger:route POST /service-accounts/delete-multi UserAPI deleteMultipleServiceAccounts
+
+Delete Multiple Service Accounts
+
+*/
+type DeleteMultipleServiceAccounts struct {
+	Context *middleware.Context
+	Handler DeleteMultipleServiceAccountsHandler
+}
+
+func (o *DeleteMultipleServiceAccounts) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	route, rCtx, _ := o.Context.RouteInfo(r)
+	if rCtx != nil {
+		*r = *rCtx
+	}
+	var Params = NewDeleteMultipleServiceAccountsParams()
+	uprinc, aCtx, err := o.Context.Authorize(r, route)
+	if err != nil {
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+	if aCtx != nil {
+		*r = *aCtx
+	}
+	var principal *models.Principal
+	if uprinc != nil {
+		principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise
+	}
+
+	if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params
+		o.Context.Respond(rw, r, route.Produces, route, err)
+		return
+	}
+
+	res := o.Handler.Handle(Params, principal) // actually handle the request
+	o.Context.Respond(rw, r, route.Produces, route, res)
+
+}

restapi/operations/user_api/delete_multiple_service_accounts_parameters.go

@@ -0,0 +1,87 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package user_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"io"
+	"net/http"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/runtime"
+	"github.com/go-openapi/runtime/middleware"
+)
+
+// NewDeleteMultipleServiceAccountsParams creates a new DeleteMultipleServiceAccountsParams object
+//
+// There are no default values defined in the spec.
+func NewDeleteMultipleServiceAccountsParams() DeleteMultipleServiceAccountsParams {
+
+	return DeleteMultipleServiceAccountsParams{}
+}
+
+// DeleteMultipleServiceAccountsParams contains all the bound params for the delete multiple service accounts operation
+// typically these are obtained from a http.Request
+//
+// swagger:parameters DeleteMultipleServiceAccounts
+type DeleteMultipleServiceAccountsParams struct {
+
+	// HTTP Request Object
+	HTTPRequest *http.Request `json:"-"`
+
+	/*
+	  Required: true
+	  In: body
+	*/
+	SelectedSA []string
+}
+
+// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface
+// for simple values it will use straight method calls.
+//
+// To ensure default values, the struct must have been initialized with NewDeleteMultipleServiceAccountsParams() beforehand.
+func (o *DeleteMultipleServiceAccountsParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error {
+	var res []error
+
+	o.HTTPRequest = r
+
+	if runtime.HasBody(r) {
+		defer r.Body.Close()
+		var body []string
+		if err := route.Consumer.Consume(r.Body, &body); err != nil {
+			if err == io.EOF {
+				res = append(res, errors.Required("selectedSA", "body", ""))
+			} else {
+				res = append(res, errors.NewParseError("selectedSA", "body", "", err))
+			}
+		} else {
+			// no validation required on inline body
+			o.SelectedSA = body
+		}
+	} else {
+		res = append(res, errors.Required("selectedSA", "body", ""))
+	}
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}

restapi/operations/user_api/delete_multiple_service_accounts_responses.go

@@ -0,0 +1,113 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package user_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"net/http"
+
+	"github.com/go-openapi/runtime"
+
+	"github.com/minio/console/models"
+)
+
+// DeleteMultipleServiceAccountsOKCode is the HTTP code returned for type DeleteMultipleServiceAccountsOK
+const DeleteMultipleServiceAccountsOKCode int = 200
+
+/*DeleteMultipleServiceAccountsOK A successful response.
+
+swagger:response deleteMultipleServiceAccountsOK
+*/
+type DeleteMultipleServiceAccountsOK struct {
+}
+
+// NewDeleteMultipleServiceAccountsOK creates DeleteMultipleServiceAccountsOK with default headers values
+func NewDeleteMultipleServiceAccountsOK() *DeleteMultipleServiceAccountsOK {
+
+	return &DeleteMultipleServiceAccountsOK{}
+}
+
+// WriteResponse to the client
+func (o *DeleteMultipleServiceAccountsOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.Header().Del(runtime.HeaderContentType) //Remove Content-Type on empty responses
+
+	rw.WriteHeader(200)
+}
+
+/*DeleteMultipleServiceAccountsDefault Generic error response.
+
+swagger:response deleteMultipleServiceAccountsDefault
+*/
+type DeleteMultipleServiceAccountsDefault struct {
+	_statusCode int
+
+	/*
+	  In: Body
+	*/
+	Payload *models.Error `json:"body,omitempty"`
+}
+
+// NewDeleteMultipleServiceAccountsDefault creates DeleteMultipleServiceAccountsDefault with default headers values
+func NewDeleteMultipleServiceAccountsDefault(code int) *DeleteMultipleServiceAccountsDefault {
+	if code <= 0 {
+		code = 500
+	}
+
+	return &DeleteMultipleServiceAccountsDefault{
+		_statusCode: code,
+	}
+}
+
+// WithStatusCode adds the status to the delete multiple service accounts default response
+func (o *DeleteMultipleServiceAccountsDefault) WithStatusCode(code int) *DeleteMultipleServiceAccountsDefault {
+	o._statusCode = code
+	return o
+}
+
+// SetStatusCode sets the status to the delete multiple service accounts default response
+func (o *DeleteMultipleServiceAccountsDefault) SetStatusCode(code int) {
+	o._statusCode = code
+}
+
+// WithPayload adds the payload to the delete multiple service accounts default response
+func (o *DeleteMultipleServiceAccountsDefault) WithPayload(payload *models.Error) *DeleteMultipleServiceAccountsDefault {
+	o.Payload = payload
+	return o
+}
+
+// SetPayload sets the payload to the delete multiple service accounts default response
+func (o *DeleteMultipleServiceAccountsDefault) SetPayload(payload *models.Error) {
+	o.Payload = payload
+}
+
+// WriteResponse to the client
+func (o *DeleteMultipleServiceAccountsDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) {
+
+	rw.WriteHeader(o._statusCode)
+	if o.Payload != nil {
+		payload := o.Payload
+		if err := producer.Produce(rw, payload); err != nil {
+			panic(err) // let the recovery middleware deal with this
+		}
+	}
+}

restapi/operations/user_api/delete_multiple_service_accounts_urlbuilder.go

@@ -0,0 +1,104 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package user_api
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the generate command
+
+import (
+	"errors"
+	"net/url"
+	golangswaggerpaths "path"
+)
+
+// DeleteMultipleServiceAccountsURL generates an URL for the delete multiple service accounts operation
+type DeleteMultipleServiceAccountsURL struct {
+	_basePath string
+}
+
+// WithBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteMultipleServiceAccountsURL) WithBasePath(bp string) *DeleteMultipleServiceAccountsURL {
+	o.SetBasePath(bp)
+	return o
+}
+
+// SetBasePath sets the base path for this url builder, only required when it's different from the
+// base path specified in the swagger spec.
+// When the value of the base path is an empty string
+func (o *DeleteMultipleServiceAccountsURL) SetBasePath(bp string) {
+	o._basePath = bp
+}
+
+// Build a url path and query string
+func (o *DeleteMultipleServiceAccountsURL) Build() (*url.URL, error) {
+	var _result url.URL
+
+	var _path = "/service-accounts/delete-multi"
+
+	_basePath := o._basePath
+	if _basePath == "" {
+		_basePath = "/api/v1"
+	}
+	_result.Path = golangswaggerpaths.Join(_basePath, _path)
+
+	return &_result, nil
+}
+
+// Must is a helper function to panic when the url builder returns an error
+func (o *DeleteMultipleServiceAccountsURL) Must(u *url.URL, err error) *url.URL {
+	if err != nil {
+		panic(err)
+	}
+	if u == nil {
+		panic("url can't be nil")
+	}
+	return u
+}
+
+// String returns the string representation of the path with query string
+func (o *DeleteMultipleServiceAccountsURL) String() string {
+	return o.Must(o.Build()).String()
+}
+
+// BuildFull builds a full url with scheme, host, path and query string
+func (o *DeleteMultipleServiceAccountsURL) BuildFull(scheme, host string) (*url.URL, error) {
+	if scheme == "" {
+		return nil, errors.New("scheme is required for a full url on DeleteMultipleServiceAccountsURL")
+	}
+	if host == "" {
+		return nil, errors.New("host is required for a full url on DeleteMultipleServiceAccountsURL")
+	}
+
+	base, err := o.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	base.Scheme = scheme
+	base.Host = host
+	return base, nil
+}
+
+// StringFull returns the string representation of a complete url
+func (o *DeleteMultipleServiceAccountsURL) StringFull(scheme, host string) string {
+	return o.Must(o.BuildFull(scheme, host)).String()
+}

restapi/user_service_accounts.go

@@ -99,6 +99,13 @@ func registerServiceAccountsHandlers(api *operations.ConsoleAPI) {
 		return user_api.NewGetServiceAccountPolicyOK().WithPayload(serviceAccounts)
 	})
 
+	// Delete multiple service accounts
+	api.UserAPIDeleteMultipleServiceAccountsHandler = user_api.DeleteMultipleServiceAccountsHandlerFunc(func(params user_api.DeleteMultipleServiceAccountsParams, session *models.Principal) middleware.Responder {
+		if err := getDeleteMultipleServiceAccountsResponse(session, params.SelectedSA); err != nil {
+			return user_api.NewDeleteMultipleServiceAccountsDefault(int(err.Code)).WithPayload(err)
+		}
+		return user_api.NewDeleteMultipleServiceAccountsOK()
+	})
 }
 
 // createServiceAccount adds a service account to the userClient and assigns a policy to him if defined.
@@ -382,3 +389,22 @@ func getServiceAccountPolicyResponse(session *models.Principal, accessKey string
 	}
 	return serviceAccounts, nil
 }
+
+// getDeleteMultipleServiceAccountsResponse authenticates the user and calls deleteServiceAccount for each account listed in selectedSAs
+func getDeleteMultipleServiceAccountsResponse(session *models.Principal, selectedSAs []string) *models.Error {
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
+	defer cancel()
+	userAdmin, err := NewMinioAdminClient(session)
+	if err != nil {
+		return prepareError(err)
+	}
+	// create a MinIO user Admin Client interface implementation
+	// defining the client to be used
+	userAdminClient := AdminClient{Client: userAdmin}
+	for _, sa := range selectedSAs {
+		if err := deleteServiceAccount(ctx, userAdminClient, sa); err != nil {
+			return prepareError(err)
+		}
+	}
+	return nil
+}