mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-14 05:41:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
seaweedfs/weed/shell/command_s3_group_add_user.go
Chris Lu b1265de78f feat(shell): add group management commands (#8993) 
* feat(shell): add group management commands

Add weed shell commands for IAM group management:
- s3.group.create -name <group>
- s3.group.delete -name <group>
- s3.group.list
- s3.group.show -name <group>
- s3.group.add-user -group <group> -user <user>
- s3.group.remove-user -group <group> -user <user>

All commands use GetConfiguration/PutConfiguration gRPC pattern,
consistent with existing shell commands like s3.user.list.

* fix: add nil check for Configuration in group shell commands

Guard against nil Configuration response from GetConfiguration
gRPC call to prevent potential panics. (Gemini review)
2026-04-08 14:03:26 -07:00

96 lines
2.3 KiB
Go
Raw Permalink Blame History

package shell
import (
"context"
"encoding/json"
"flag"
"fmt"
"io"
"time"
"github.com/seaweedfs/seaweedfs/weed/pb"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
"google.golang.org/grpc"
)
func init() {
Commands = append(Commands, &commandS3GroupAddUser{})
}
type commandS3GroupAddUser struct {
}
func (c *commandS3GroupAddUser) Name() string {
return "s3.group.add-user"
}
func (c *commandS3GroupAddUser) Help() string {
return `add a user to an S3 IAM group
s3.group.add-user -group <groupname> -user <username>
`
}
func (c *commandS3GroupAddUser) HasTag(CommandTag) bool {
return false
}
func (c *commandS3GroupAddUser) Do(args []string, commandEnv *CommandEnv, writer io.Writer) error {
f := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
group := f.String("group", "", "group name")
user := f.String("user", "", "user name")
if err := f.Parse(args); err != nil {
return err
}
if *group == "" {
return fmt.Errorf("-group is required")
}
if *user == "" {
return fmt.Errorf("-user is required")
}
return pb.WithGrpcClient(false, 0, func(conn *grpc.ClientConn) error {
client := iam_pb.NewSeaweedIdentityAccessManagementClient(conn)
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
resp, err := client.GetConfiguration(ctx, &iam_pb.GetConfigurationRequest{})
if err != nil {
return err
}
cfg := resp.GetConfiguration()
if cfg == nil {
return fmt.Errorf("no IAM configuration found")
}
// Verify user exists
userFound := false
for _, id := range cfg.Identities {
if id.Name == *user {
userFound = true
break
}
}
if !userFound {
return fmt.Errorf("user %s not found", *user)
}
for _, g := range cfg.Groups {
if g.Name == *group {
// Check if already a member
for _, m := range g.Members {
if m == *user {
return fmt.Errorf("user %s is already a member of group %s", *user, *group)
}
}
g.Members = append(g.Members, *user)
if _, err := client.PutConfiguration(ctx, &iam_pb.PutConfigurationRequest{Configuration: cfg}); err != nil {
return err
}
return json.NewEncoder(writer).Encode(map[string]string{"group": *group, "user": *user})
}
}
return fmt.Errorf("group %s not found", *group)
}, commandEnv.option.FilerAddress.ToGrpcAddress(), false, commandEnv.option.GrpcDialOption)
}
Reference in New Issue View Git Blame Copy Permalink