mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-17 07:11:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
seaweedfs/weed/iamapi/iamapi_response.go
Chris Lu e21d7602c3 feat(iam): implement group inline policy actions (#8992) 
* feat(iam): implement group inline policy actions

Add PutGroupPolicy, GetGroupPolicy, DeleteGroupPolicy, and
ListGroupPolicies to both embedded and standalone IAM servers.

The standalone IAM stores group inline policies in a new
GroupInlinePolicies field in the Policies JSON, mirroring the
existing user inline policy pattern. DeleteGroup now also checks
for inline policies before allowing deletion.

* fix: address review feedback for group inline policies

- Embedded IAM: return NotImplemented for group inline policies
  instead of silently succeeding as no-ops (Gemini + CodeRabbit)
- Standalone IAM: recompute member actions after PutGroupPolicy
  and DeleteGroupPolicy (Gemini)
- Add parameter validation for GroupName/PolicyName/PolicyDocument
  on PutGroupPolicy, DeleteGroupPolicy, ListGroupPolicies (Gemini)
- Add UserName validation for ListUserPolicies in standalone IAM
- Call cleanupGroupInlinePolicies from DeleteGroup (Gemini)
- Migrate GroupInlinePolicies on group rename in UpdateGroup (CodeRabbit)
- Fix integration test cleanup order (CodeRabbit)

* fix: persist recomputed actions and improve error handling

- Set changed=true for PutGroupPolicy/DeleteGroupPolicy in standalone
  IAM DoActions so recomputed member actions are persisted (Gemini critical)
- Make cleanupGroupInlinePolicies accept policies parameter to avoid
  redundant I/O, return error (Gemini)
- Make migrateGroupInlinePolicies return error, handle in caller (Gemini)

* fix: include group policies in action recomputation

Extend computeAllActionsForUser to also aggregate group inline
policies and group managed policies when s3cfg is provided.
Previously, group inline policies were stored but never reflected
in member Identity.Actions. (CodeRabbit critical)

* perf: use identity index in recomputeActionsForGroupMembers for O(N+M)

* fix: skip group inline policy integration test on embedded IAM

The embedded IAM returns NotImplemented for group inline policies.
Skip TestIAMGroupInlinePolicy when running against embedded mode
to avoid CI failures in the group integration test matrix.
2026-04-08 15:57:04 -07:00

57 lines
3.1 KiB
Go
Raw Permalink Blame History

package iamapi
// This file re-exports IAM response types from the shared weed/iam package
// for backwards compatibility with existing code.
import (
iamlib "github.com/seaweedfs/seaweedfs/weed/iam"
)
// Type aliases for IAM response types from shared package
type (
CommonResponse = iamlib.CommonResponse
ListUsersResponse = iamlib.ListUsersResponse
ListAccessKeysResponse = iamlib.ListAccessKeysResponse
DeleteAccessKeyResponse = iamlib.DeleteAccessKeyResponse
CreatePolicyResponse = iamlib.CreatePolicyResponse
CreateUserResponse = iamlib.CreateUserResponse
DeleteUserResponse = iamlib.DeleteUserResponse
GetUserResponse = iamlib.GetUserResponse
UpdateUserResponse = iamlib.UpdateUserResponse
CreateAccessKeyResponse = iamlib.CreateAccessKeyResponse
UpdateAccessKeyResponse = iamlib.UpdateAccessKeyResponse
PutUserPolicyResponse = iamlib.PutUserPolicyResponse
DeleteUserPolicyResponse = iamlib.DeleteUserPolicyResponse
GetUserPolicyResponse = iamlib.GetUserPolicyResponse
ListUserPoliciesResponse = iamlib.ListUserPoliciesResponse
GetPolicyResponse = iamlib.GetPolicyResponse
DeletePolicyResponse = iamlib.DeletePolicyResponse
ListPoliciesResponse = iamlib.ListPoliciesResponse
AttachUserPolicyResponse = iamlib.AttachUserPolicyResponse
DetachUserPolicyResponse = iamlib.DetachUserPolicyResponse
ListAttachedUserPoliciesResponse = iamlib.ListAttachedUserPoliciesResponse
ErrorResponse = iamlib.ErrorResponse
ServiceAccountInfo = iamlib.ServiceAccountInfo
CreateServiceAccountResponse = iamlib.CreateServiceAccountResponse
DeleteServiceAccountResponse = iamlib.DeleteServiceAccountResponse
ListServiceAccountsResponse = iamlib.ListServiceAccountsResponse
GetServiceAccountResponse = iamlib.GetServiceAccountResponse
UpdateServiceAccountResponse = iamlib.UpdateServiceAccountResponse
// Group response types
CreateGroupResponse = iamlib.CreateGroupResponse
DeleteGroupResponse = iamlib.DeleteGroupResponse
UpdateGroupResponse = iamlib.UpdateGroupResponse
GetGroupResponse = iamlib.GetGroupResponse
ListGroupsResponse = iamlib.ListGroupsResponse
AddUserToGroupResponse = iamlib.AddUserToGroupResponse
RemoveUserFromGroupResponse = iamlib.RemoveUserFromGroupResponse
AttachGroupPolicyResponse = iamlib.AttachGroupPolicyResponse
DetachGroupPolicyResponse = iamlib.DetachGroupPolicyResponse
ListAttachedGroupPoliciesResponse = iamlib.ListAttachedGroupPoliciesResponse
PutGroupPolicyResponse = iamlib.PutGroupPolicyResponse
GetGroupPolicyResponse = iamlib.GetGroupPolicyResponse
DeleteGroupPolicyResponse = iamlib.DeleteGroupPolicyResponse
ListGroupPoliciesResponse = iamlib.ListGroupPoliciesResponse
ListGroupsForUserResponse = iamlib.ListGroupsForUserResponse
)
Reference in New Issue View Git Blame Copy Permalink