mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-05-31 05:56:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba9e74d8a7604ebb215230c00a0eee7dbbb3139e
seaweedfs/weed/shell/command_s3_group_list.go
Chris Lu 37e6263efe fix(shell): attach admin JWT for filer IAM gRPC calls (#9536) 
When jwt.filer_signing.key is set, the filer's IamGrpcServer requires
a Bearer token on every IAM RPC. The shell's s3.* IAM commands dialed
without that header and failed with Unauthenticated. Route them through
a small helper that mints a token from the same key viper-loaded from
security.toml and appends it as outgoing metadata, matching the credential
grpc_store pattern.
2026-05-18 13:42:32 -07:00

72 lines
1.5 KiB
Go
Raw Blame History

package shell
import (
"context"
"encoding/json"
"io"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
)
func init() {
Commands = append(Commands, &commandS3GroupList{})
}
type commandS3GroupList struct {
}
func (c *commandS3GroupList) Name() string {
return "s3.group.list"
}
func (c *commandS3GroupList) Help() string {
return `list S3 IAM groups
s3.group.list
Output: JSON array of groups with members and policies.
`
}
func (c *commandS3GroupList) HasTag(CommandTag) bool {
return false
}
type s3GroupListEntry struct {
Name string `json:"name"`
Status string `json:"status"`
Members int `json:"members"`
Policies []string `json:"policies"`
}
func (c *commandS3GroupList) Do(args []string, commandEnv *CommandEnv, writer io.Writer) error {
return commandEnv.withIamClient(func(ctx context.Context, client iam_pb.SeaweedIdentityAccessManagementClient) error {
resp, err := client.GetConfiguration(ctx, &iam_pb.GetConfigurationRequest{})
if err != nil {
return err
}
var result []s3GroupListEntry
for _, g := range resp.Configuration.GetGroups() {
status := "enabled"
if g.Disabled {
status = "disabled"
}
policies := g.PolicyNames
if policies == nil {
policies = []string{}
}
result = append(result, s3GroupListEntry{
Name: g.Name,
Status: status,
Members: len(g.Members),
Policies: policies,
})
}
if result == nil {
result = []s3GroupListEntry{}
}
return json.NewEncoder(writer).Encode(result)
})
}
Reference in New Issue View Git Blame Copy Permalink