mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-14 05:41:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
seaweedfs/weed/shell/command_s3_policy_attach.go
Chris Lu 74905c4b5d shell: s3.* commands always output JSON, connection messages to stderr (#8976) 
* shell: s3.* commands output JSON, connection messages to stderr

All s3.user.* and s3.policy.attach|detach commands now output structured
JSON to stdout instead of human-readable text:

- s3.user.create: {"name","access_key"} (secret key to stderr only)
- s3.user.list: [{name,status,policies,keys}]
- s3.user.show: {name,status,source,account,policies,credentials,...}
- s3.user.delete: {"name"}
- s3.user.enable/disable: {"name","status"}
- s3.policy.attach/detach: {"policy","user"}

Connection startup messages (master/filer) moved to stderr so they
don't pollute structured output when piping.

Closes #8962 (partial — covers merged s3.user/policy commands).

* shell: fix secret leak, duplicate JSON output, and non-interactive prompt

- s3.user.create: only echo secret key to stderr when auto-generated,
  never echo caller-supplied secrets
- s3.user.enable/disable: fix duplicate JSON output — remove inner
  write in early-return path, keep single write site after gRPC call
- shell_liner: use bufio.Scanner when stdin is not a terminal instead
  of liner.Prompt, suppressing the "> " prompt in piped mode

* shell: check scanner error, idempotent enable output, history errors to stderr

- Check scanner.Err() after non-interactive input loop to surface read errors
- s3.user.enable: always emit JSON regardless of current state (idempotent)
- saveHistory: write error messages to stderr instead of stdout
2026-04-07 16:27:21 -07:00

94 lines
2.4 KiB
Go
Raw Permalink Blame History

package shell
import (
"context"
"encoding/json"
"flag"
"fmt"
"io"
"time"
"github.com/seaweedfs/seaweedfs/weed/pb"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
"google.golang.org/grpc"
)
func init() {
Commands = append(Commands, &commandS3PolicyAttach{})
}
type commandS3PolicyAttach struct {
}
func (c *commandS3PolicyAttach) Name() string {
return "s3.policy.attach"
}
func (c *commandS3PolicyAttach) Help() string {
return `attach a policy to an S3 IAM user
s3.policy.attach -policy <policy_name> -user <username>
The policy must already exist (create it with s3.policy -put).
`
}
func (c *commandS3PolicyAttach) HasTag(CommandTag) bool {
return false
}
func (c *commandS3PolicyAttach) Do(args []string, commandEnv *CommandEnv, writer io.Writer) error {
f := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
policy := f.String("policy", "", "policy name")
user := f.String("user", "", "user name")
if err := f.Parse(args); err != nil {
return err
}
if *policy == "" {
return fmt.Errorf("-policy is required")
}
if *user == "" {
return fmt.Errorf("-user is required")
}
return pb.WithGrpcClient(false, 0, func(conn *grpc.ClientConn) error {
client := iam_pb.NewSeaweedIdentityAccessManagementClient(conn)
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
// Verify the policy exists
_, err := client.GetPolicy(ctx, &iam_pb.GetPolicyRequest{Name: *policy})
if err != nil {
return fmt.Errorf("get policy %q: %w", *policy, err)
}
// Get the user
resp, err := client.GetUser(ctx, &iam_pb.GetUserRequest{Username: *user})
if err != nil {
return fmt.Errorf("get user %q: %w", *user, err)
}
if resp.Identity == nil {
return fmt.Errorf("user %q returned empty identity", *user)
}
// Check if already attached
for _, p := range resp.Identity.PolicyNames {
if p == *policy {
return json.NewEncoder(writer).Encode(map[string]string{"policy": *policy, "user": *user})
}
}
resp.Identity.PolicyNames = append(resp.Identity.PolicyNames, *policy)
_, err = client.UpdateUser(ctx, &iam_pb.UpdateUserRequest{
Username: *user,
Identity: resp.Identity,
})
if err != nil {
return err
}
return json.NewEncoder(writer).Encode(map[string]string{"policy": *policy, "user": *user})
}, commandEnv.option.FilerAddress.ToGrpcAddress(), false, commandEnv.option.GrpcDialOption)
}
Reference in New Issue View Git Blame Copy Permalink