mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-21 17:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
87fdea5330835adb2ee200096cfb4ce9511fa1dc
seaweedfs/weed/shell/command_s3_group_remove_user.go
Chris Lu 37e6263efe fix(shell): attach admin JWT for filer IAM gRPC calls (#9536) 
When jwt.filer_signing.key is set, the filer's IamGrpcServer requires
a Bearer token on every IAM RPC. The shell's s3.* IAM commands dialed
without that header and failed with Unauthenticated. Route them through
a small helper that mints a token from the same key viper-loaded from
security.toml and appends it as outgoing metadata, matching the credential
grpc_store pattern.
2026-05-18 13:42:32 -07:00

76 lines
1.9 KiB
Go
Raw Blame History

package shell
import (
"context"
"encoding/json"
"flag"
"fmt"
"io"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
)
func init() {
Commands = append(Commands, &commandS3GroupRemoveUser{})
}
type commandS3GroupRemoveUser struct {
}
func (c *commandS3GroupRemoveUser) Name() string {
return "s3.group.remove-user"
}
func (c *commandS3GroupRemoveUser) Help() string {
return `remove a user from an S3 IAM group
s3.group.remove-user -group <groupname> -user <username>
`
}
func (c *commandS3GroupRemoveUser) HasTag(CommandTag) bool {
return false
}
func (c *commandS3GroupRemoveUser) Do(args []string, commandEnv *CommandEnv, writer io.Writer) error {
f := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
group := f.String("group", "", "group name")
user := f.String("user", "", "user name")
if err := f.Parse(args); err != nil {
return err
}
if *group == "" {
return fmt.Errorf("-group is required")
}
if *user == "" {
return fmt.Errorf("-user is required")
}
return commandEnv.withIamClient(func(ctx context.Context, client iam_pb.SeaweedIdentityAccessManagementClient) error {
resp, err := client.GetConfiguration(ctx, &iam_pb.GetConfigurationRequest{})
if err != nil {
return err
}
cfg := resp.GetConfiguration()
if cfg == nil {
return fmt.Errorf("no IAM configuration found")
}
for _, g := range cfg.Groups {
if g.Name == *group {
for i, m := range g.Members {
if m == *user {
g.Members = append(g.Members[:i], g.Members[i+1:]...)
if _, err := client.PutConfiguration(ctx, &iam_pb.PutConfigurationRequest{Configuration: cfg}); err != nil {
return err
}
return json.NewEncoder(writer).Encode(map[string]string{"group": *group, "removed": *user})
}
}
return fmt.Errorf("user %s is not a member of group %s", *user, *group)
}
}
return fmt.Errorf("group %s not found", *group)
})
}
Reference in New Issue View Git Blame Copy Permalink