From fbafc6b34cad19d79882ef9a1e6ef635fd1d1c38 Mon Sep 17 00:00:00 2001 From: jonaustin09 Date: Thu, 6 Jul 2023 21:21:20 +0400 Subject: [PATCH] feat: Changed admin api http methods, some cleanup in admin cli commands, bug fix in delete user IAM service --- auth/iam_internal.go | 4 +++- cmd/versitygw/admin.go | 16 ++++++++-------- integration/tests.go | 2 +- s3api/controllers/admin.go | 6 +++--- s3api/controllers/admin_test.go | 18 +++++++++--------- s3api/router.go | 5 ++--- 6 files changed, 26 insertions(+), 25 deletions(-) diff --git a/auth/iam_internal.go b/auth/iam_internal.go index 25d2302..5a770d3 100644 --- a/auth/iam_internal.go +++ b/auth/iam_internal.go @@ -169,11 +169,13 @@ func (s *IAMServiceInternal) DeleteUserAccount(access string) error { delete(conf.AccessAccounts, access) - b, err := json.Marshal(s.accts) + b, err := json.Marshal(conf) if err != nil { return nil, fmt.Errorf("failed to serialize iam: %w", err) } + s.accts = conf + return b, nil }) } diff --git a/cmd/versitygw/admin.go b/cmd/versitygw/admin.go index a8946fc..057957f 100644 --- a/cmd/versitygw/admin.go +++ b/cmd/versitygw/admin.go @@ -84,25 +84,25 @@ func adminCommand() *cli.Command { Flags: []cli.Flag{ // TODO: create a configuration file for this &cli.StringFlag{ - Name: "adminAccess", + Name: "access", Usage: "admin access account", EnvVars: []string{"ADMIN_ACCESS_KEY_ID", "ADMIN_ACCESS_KEY"}, - Aliases: []string{"aa"}, + Aliases: []string{"a"}, Destination: &adminAccess, }, &cli.StringFlag{ - Name: "adminSecret", + Name: "secret", Usage: "admin secret access key", EnvVars: []string{"ADMIN_SECRET_ACCESS_KEY", "ADMIN_SECRET_KEY"}, - Aliases: []string{"as"}, + Aliases: []string{"s"}, Destination: &adminSecret, }, &cli.StringFlag{ - Name: "adminRegion", + Name: "region", Usage: "s3 region string", Value: "us-east-1", Destination: &adminRegion, - Aliases: []string{"ar"}, + Aliases: []string{"r"}, }, }, } @@ -117,7 +117,7 @@ func createUser(ctx *cli.Context) error { return fmt.Errorf("invalid input parameter for role") } - req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("http://localhost:7070/create-user?access=%v&secret=%v&role=%v", access, secret, role), nil) + req, err := http.NewRequest(http.MethodPatch, fmt.Sprintf("http://localhost:7070/create-user?access=%v&secret=%v&role=%v", access, secret, role), nil) if err != nil { return fmt.Errorf("failed to send the request: %w", err) } @@ -157,7 +157,7 @@ func deleteUser(ctx *cli.Context) error { return fmt.Errorf("invalid input parameter for the new user") } - req, err := http.NewRequest(http.MethodDelete, fmt.Sprintf("http://localhost:7070/delete-user?access=%v", access), nil) + req, err := http.NewRequest(http.MethodPatch, fmt.Sprintf("http://localhost:7070/delete-user?access=%v", access), nil) if err != nil { return fmt.Errorf("failed to send the request: %w", err) } diff --git a/integration/tests.go b/integration/tests.go index 0788c9f..2602345 100644 --- a/integration/tests.go +++ b/integration/tests.go @@ -1373,7 +1373,7 @@ func TestAclActions(s *S3Conf) { succUsrCrt := "The user has been created successfully" failUsrCrt := "failed to create a user: update iam data: account already exists" - out, err := execCommand("admin", "-aa", s.awsID, "-as", s.awsSecret, "create-user", "--access", grt1, "--secret", "grt1secret", "--role", "user") + out, err := execCommand("admin", "-a", s.awsID, "-s", s.awsSecret, "create-user", "-a", grt1, "-s", "grt1secret", "-r", "user") if err != nil { failF("%v: %v", err) return diff --git a/s3api/controllers/admin.go b/s3api/controllers/admin.go index d887f88..a6b5740 100644 --- a/s3api/controllers/admin.go +++ b/s3api/controllers/admin.go @@ -27,7 +27,7 @@ type AdminController struct { func (c AdminController) CreateUser(ctx *fiber.Ctx) error { access, secret, role := ctx.Query("access"), ctx.Query("secret"), ctx.Query("role") - requesterRole := ctx.Locals("role") + requesterRole := ctx.Locals("role").(string) if requesterRole != "admin" { return fmt.Errorf("access denied: only admin users have access to this resource") @@ -48,7 +48,7 @@ func (c AdminController) CreateUser(ctx *fiber.Ctx) error { func (c AdminController) DeleteUser(ctx *fiber.Ctx) error { access := ctx.Query("access") - requesterRole := ctx.Locals("role") + requesterRole := ctx.Locals("role").(string) if requesterRole != "admin" { return fmt.Errorf("access denied: only admin users have access to this resource") } @@ -58,5 +58,5 @@ func (c AdminController) DeleteUser(ctx *fiber.Ctx) error { return err } - return ctx.SendString("The user has been created successfully") + return ctx.SendString("The user has been deleted successfully") } diff --git a/s3api/controllers/admin_test.go b/s3api/controllers/admin_test.go index 8150e82..086ac01 100644 --- a/s3api/controllers/admin_test.go +++ b/s3api/controllers/admin_test.go @@ -43,7 +43,7 @@ func TestAdminController_CreateUser(t *testing.T) { return ctx.Next() }) - app.Post("/create-user", adminController.CreateUser) + app.Patch("/create-user", adminController.CreateUser) appErr := fiber.New() @@ -52,7 +52,7 @@ func TestAdminController_CreateUser(t *testing.T) { return ctx.Next() }) - appErr.Post("/create-user", adminController.CreateUser) + appErr.Patch("/create-user", adminController.CreateUser) tests := []struct { name string @@ -65,7 +65,7 @@ func TestAdminController_CreateUser(t *testing.T) { name: "Admin-create-user-success", app: app, args: args{ - req: httptest.NewRequest(http.MethodPost, "/create-user?access=test&secret=test&role=user", nil), + req: httptest.NewRequest(http.MethodPatch, "/create-user?access=test&secret=test&role=user", nil), }, wantErr: false, statusCode: 200, @@ -74,7 +74,7 @@ func TestAdminController_CreateUser(t *testing.T) { name: "Admin-create-user-invalid-user-role", app: app, args: args{ - req: httptest.NewRequest(http.MethodPost, "/create-user?access=test&secret=test&role=invalid", nil), + req: httptest.NewRequest(http.MethodPatch, "/create-user?access=test&secret=test&role=invalid", nil), }, wantErr: false, statusCode: 500, @@ -83,7 +83,7 @@ func TestAdminController_CreateUser(t *testing.T) { name: "Admin-create-user-invalid-requester-role", app: appErr, args: args{ - req: httptest.NewRequest(http.MethodPost, "/create-user?access=test&secret=test&role=admin", nil), + req: httptest.NewRequest(http.MethodPatch, "/create-user?access=test&secret=test&role=admin", nil), }, wantErr: false, statusCode: 500, @@ -122,7 +122,7 @@ func TestAdminController_DeleteUser(t *testing.T) { return ctx.Next() }) - app.Delete("/delete-user", adminController.DeleteUser) + app.Patch("/delete-user", adminController.DeleteUser) appErr := fiber.New() @@ -131,7 +131,7 @@ func TestAdminController_DeleteUser(t *testing.T) { return ctx.Next() }) - appErr.Delete("/delete-user", adminController.DeleteUser) + appErr.Patch("/delete-user", adminController.DeleteUser) tests := []struct { name string @@ -144,7 +144,7 @@ func TestAdminController_DeleteUser(t *testing.T) { name: "Admin-delete-user-success", app: app, args: args{ - req: httptest.NewRequest(http.MethodDelete, "/delete-user?access=test", nil), + req: httptest.NewRequest(http.MethodPatch, "/delete-user?access=test", nil), }, wantErr: false, statusCode: 200, @@ -153,7 +153,7 @@ func TestAdminController_DeleteUser(t *testing.T) { name: "Admin-delete-user-invalid-requester-role", app: appErr, args: args{ - req: httptest.NewRequest(http.MethodDelete, "/delete-user?access=test", nil), + req: httptest.NewRequest(http.MethodPatch, "/delete-user?access=test", nil), }, wantErr: false, statusCode: 500, diff --git a/s3api/router.go b/s3api/router.go index 3588fe7..5e20e4b 100644 --- a/s3api/router.go +++ b/s3api/router.go @@ -27,11 +27,10 @@ func (sa *S3ApiRouter) Init(app *fiber.App, be backend.Backend, iam auth.IAMServ s3ApiController := controllers.New(be, iam) adminController := controllers.AdminController{IAMService: iam} - // TODO: think of better routing system - app.Post("/create-user", adminController.CreateUser) + app.Patch("/create-user", adminController.CreateUser) // Admin Delete api - app.Delete("/delete-user", adminController.DeleteUser) + app.Patch("/delete-user", adminController.DeleteUser) // ListBuckets action app.Get("/", s3ApiController.ListBuckets)