mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
add thread context in surrounding function into IAM functions (#13658)
This commit is contained in:
parent
7752cdbfaf
commit
07c5e72cdb
@ -58,7 +58,7 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.DeleteUser(accessKey); err != nil {
|
||||
if err := globalIAMSys.DeleteUser(ctx, accessKey); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
@ -191,7 +191,7 @@ func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
}
|
||||
|
||||
userInfo, err := globalIAMSys.GetUserInfo(name)
|
||||
userInfo, err := globalIAMSys.GetUserInfo(ctx, name)
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
@ -231,9 +231,9 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ
|
||||
}
|
||||
|
||||
if updReq.IsRemove {
|
||||
err = globalIAMSys.RemoveUsersFromGroup(updReq.Group, updReq.Members)
|
||||
err = globalIAMSys.RemoveUsersFromGroup(ctx, updReq.Group, updReq.Members)
|
||||
} else {
|
||||
err = globalIAMSys.AddUsersToGroup(updReq.Group, updReq.Members)
|
||||
err = globalIAMSys.AddUsersToGroup(ctx, updReq.Group, updReq.Members)
|
||||
}
|
||||
|
||||
if err != nil {
|
||||
@ -292,7 +292,7 @@ func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
groups, err := globalIAMSys.ListGroups()
|
||||
groups, err := globalIAMSys.ListGroups(ctx)
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
@ -324,9 +324,9 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request)
|
||||
|
||||
var err error
|
||||
if status == statusEnabled {
|
||||
err = globalIAMSys.SetGroupStatus(group, true)
|
||||
err = globalIAMSys.SetGroupStatus(ctx, group, true)
|
||||
} else if status == statusDisabled {
|
||||
err = globalIAMSys.SetGroupStatus(group, false)
|
||||
err = globalIAMSys.SetGroupStatus(ctx, group, false)
|
||||
} else {
|
||||
err = errInvalidArgument
|
||||
}
|
||||
@ -367,7 +367,7 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request)
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.SetUserStatus(accessKey, madmin.AccountStatus(status)); err != nil {
|
||||
if err := globalIAMSys.SetUserStatus(ctx, accessKey, madmin.AccountStatus(status)); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
@ -477,7 +477,7 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if err = globalIAMSys.CreateUser(accessKey, uinfo); err != nil {
|
||||
if err = globalIAMSys.CreateUser(ctx, accessKey, uinfo); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
@ -1304,7 +1304,7 @@ func (a adminAPIHandlers) ListBucketPolicies(w http.ResponseWriter, r *http.Requ
|
||||
}
|
||||
|
||||
bucket := mux.Vars(r)["bucket"]
|
||||
policies, err := globalIAMSys.ListPolicies(bucket)
|
||||
policies, err := globalIAMSys.ListPolicies(ctx, bucket)
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
@ -1336,7 +1336,7 @@ func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Requ
|
||||
return
|
||||
}
|
||||
|
||||
policies, err := globalIAMSys.ListPolicies("")
|
||||
policies, err := globalIAMSys.ListPolicies(ctx, "")
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
@ -1371,7 +1371,7 @@ func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Requ
|
||||
vars := mux.Vars(r)
|
||||
policyName := vars["name"]
|
||||
|
||||
if err := globalIAMSys.DeletePolicy(policyName); err != nil {
|
||||
if err := globalIAMSys.DeletePolicy(ctx, policyName); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
@ -1439,7 +1439,7 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request
|
||||
return
|
||||
}
|
||||
|
||||
if err = globalIAMSys.SetPolicy(policyName, *iamPolicy); err != nil {
|
||||
if err = globalIAMSys.SetPolicy(ctx, policyName, *iamPolicy); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
@ -1494,7 +1494,7 @@ func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http
|
||||
}
|
||||
}
|
||||
|
||||
if err := globalIAMSys.PolicyDBSet(entityName, policyName, isGroup); err != nil {
|
||||
if err := globalIAMSys.PolicyDBSet(ctx, entityName, policyName, isGroup); err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
|
@ -1353,7 +1353,7 @@ func (store *IAMStoreSys) SetTempUser(ctx context.Context, accessKey string, cre
|
||||
}
|
||||
|
||||
u := newUserIdentity(cred)
|
||||
err := store.saveUserIdentity(context.Background(), accessKey, stsUser, u, options{ttl: ttl})
|
||||
err := store.saveUserIdentity(ctx, accessKey, stsUser, u, options{ttl: ttl})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
90
cmd/iam.go
90
cmd/iam.go
@ -87,26 +87,26 @@ const (
|
||||
// storage, it is removed from in-memory maps as well - this
|
||||
// simplifies the implementation for group removal. This is called
|
||||
// only via IAM notifications.
|
||||
func (sys *IAMSys) LoadGroup(objAPI ObjectLayer, group string) error {
|
||||
func (sys *IAMSys) LoadGroup(ctx context.Context, objAPI ObjectLayer, group string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.GroupNotificationHandler(context.Background(), group)
|
||||
return sys.store.GroupNotificationHandler(ctx, group)
|
||||
}
|
||||
|
||||
// LoadPolicy - reloads a specific canned policy from backend disks or etcd.
|
||||
func (sys *IAMSys) LoadPolicy(objAPI ObjectLayer, policyName string) error {
|
||||
func (sys *IAMSys) LoadPolicy(ctx context.Context, objAPI ObjectLayer, policyName string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.PolicyNotificationHandler(context.Background(), policyName)
|
||||
return sys.store.PolicyNotificationHandler(ctx, policyName)
|
||||
}
|
||||
|
||||
// LoadPolicyMapping - loads the mapped policy for a user or group
|
||||
// from storage into server memory.
|
||||
func (sys *IAMSys) LoadPolicyMapping(objAPI ObjectLayer, userOrGroup string, isGroup bool) error {
|
||||
func (sys *IAMSys) LoadPolicyMapping(ctx context.Context, objAPI ObjectLayer, userOrGroup string, isGroup bool) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -117,25 +117,25 @@ func (sys *IAMSys) LoadPolicyMapping(objAPI ObjectLayer, userOrGroup string, isG
|
||||
userType = stsUser
|
||||
}
|
||||
|
||||
return sys.store.PolicyMappingNotificationHandler(context.Background(), userOrGroup, isGroup, userType)
|
||||
return sys.store.PolicyMappingNotificationHandler(ctx, userOrGroup, isGroup, userType)
|
||||
}
|
||||
|
||||
// LoadUser - reloads a specific user from backend disks or etcd.
|
||||
func (sys *IAMSys) LoadUser(objAPI ObjectLayer, accessKey string, userType IAMUserType) error {
|
||||
func (sys *IAMSys) LoadUser(ctx context.Context, objAPI ObjectLayer, accessKey string, userType IAMUserType) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.UserNotificationHandler(context.Background(), accessKey, userType)
|
||||
return sys.store.UserNotificationHandler(ctx, accessKey, userType)
|
||||
}
|
||||
|
||||
// LoadServiceAccount - reloads a specific service account from backend disks or etcd.
|
||||
func (sys *IAMSys) LoadServiceAccount(accessKey string) error {
|
||||
func (sys *IAMSys) LoadServiceAccount(ctx context.Context, accessKey string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.UserNotificationHandler(context.Background(), accessKey, svcUser)
|
||||
return sys.store.UserNotificationHandler(ctx, accessKey, svcUser)
|
||||
}
|
||||
|
||||
// Perform IAM configuration migration.
|
||||
@ -338,7 +338,7 @@ func (sys *IAMSys) watch(ctx context.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEvent) (err error) {
|
||||
func (sys *IAMSys) loadWatchedEvent(ctx context.Context, event iamWatchEvent) (err error) {
|
||||
usersPrefix := strings.HasPrefix(event.keyPath, iamConfigUsersPrefix)
|
||||
groupsPrefix := strings.HasPrefix(event.keyPath, iamConfigGroupsPrefix)
|
||||
stsPrefix := strings.HasPrefix(event.keyPath, iamConfigSTSPrefix)
|
||||
@ -348,7 +348,7 @@ func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEven
|
||||
policyDBSTSUsersPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBSTSUsersPrefix)
|
||||
policyDBGroupsPrefix := strings.HasPrefix(event.keyPath, iamConfigPolicyDBGroupsPrefix)
|
||||
|
||||
ctx, cancel := context.WithTimeout(context.Background(), defaultContextTimeout)
|
||||
ctx, cancel := context.WithTimeout(ctx, defaultContextTimeout)
|
||||
defer cancel()
|
||||
|
||||
if event.isCreated {
|
||||
@ -417,12 +417,12 @@ func (sys *IAMSys) loadWatchedEvent(outerCtx context.Context, event iamWatchEven
|
||||
}
|
||||
|
||||
// DeletePolicy - deletes a canned policy from backend or etcd.
|
||||
func (sys *IAMSys) DeletePolicy(policyName string) error {
|
||||
func (sys *IAMSys) DeletePolicy(ctx context.Context, policyName string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.DeletePolicy(context.Background(), policyName)
|
||||
return sys.store.DeletePolicy(ctx, policyName)
|
||||
}
|
||||
|
||||
// InfoPolicy - expands the canned policy into its JSON structure.
|
||||
@ -435,32 +435,32 @@ func (sys *IAMSys) InfoPolicy(policyName string) (iampolicy.Policy, error) {
|
||||
}
|
||||
|
||||
// ListPolicies - lists all canned policies.
|
||||
func (sys *IAMSys) ListPolicies(bucketName string) (map[string]iampolicy.Policy, error) {
|
||||
func (sys *IAMSys) ListPolicies(ctx context.Context, bucketName string) (map[string]iampolicy.Policy, error) {
|
||||
if !sys.Initialized() {
|
||||
return nil, errServerNotInitialized
|
||||
}
|
||||
|
||||
<-sys.configLoaded
|
||||
|
||||
return sys.store.ListPolicies(context.Background(), bucketName)
|
||||
return sys.store.ListPolicies(ctx, bucketName)
|
||||
}
|
||||
|
||||
// SetPolicy - sets a new named policy.
|
||||
func (sys *IAMSys) SetPolicy(policyName string, p iampolicy.Policy) error {
|
||||
func (sys *IAMSys) SetPolicy(ctx context.Context, policyName string, p iampolicy.Policy) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.SetPolicy(context.Background(), policyName, p)
|
||||
return sys.store.SetPolicy(ctx, policyName, p)
|
||||
}
|
||||
|
||||
// DeleteUser - delete user (only for long-term users not STS users).
|
||||
func (sys *IAMSys) DeleteUser(accessKey string) error {
|
||||
func (sys *IAMSys) DeleteUser(ctx context.Context, accessKey string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
|
||||
return sys.store.DeleteUser(context.Background(), accessKey, regUser)
|
||||
return sys.store.DeleteUser(ctx, accessKey, regUser)
|
||||
}
|
||||
|
||||
// CurrentPolicies - returns comma separated policy string, from
|
||||
@ -476,7 +476,7 @@ func (sys *IAMSys) CurrentPolicies(policyName string) string {
|
||||
}
|
||||
|
||||
// SetTempUser - set temporary user credentials, these credentials have an expiry.
|
||||
func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyName string) error {
|
||||
func (sys *IAMSys) SetTempUser(ctx context.Context, accessKey string, cred auth.Credentials, policyName string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -486,7 +486,7 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials, policyNa
|
||||
policyName = ""
|
||||
}
|
||||
|
||||
return sys.store.SetTempUser(context.Background(), accessKey, cred, policyName)
|
||||
return sys.store.SetTempUser(ctx, accessKey, cred, policyName)
|
||||
}
|
||||
|
||||
// ListBucketUsers - list all users who can access this 'bucket'
|
||||
@ -548,7 +548,7 @@ func (sys *IAMSys) IsServiceAccount(name string) (bool, string, error) {
|
||||
}
|
||||
|
||||
// GetUserInfo - get info on a user.
|
||||
func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
|
||||
func (sys *IAMSys) GetUserInfo(ctx context.Context, name string) (u madmin.UserInfo, err error) {
|
||||
if !sys.Initialized() {
|
||||
return u, errServerNotInitialized
|
||||
}
|
||||
@ -556,14 +556,14 @@ func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
|
||||
select {
|
||||
case <-sys.configLoaded:
|
||||
default:
|
||||
sys.store.LoadUser(context.Background(), name)
|
||||
sys.store.LoadUser(ctx, name)
|
||||
}
|
||||
|
||||
return sys.store.GetUserInfo(name)
|
||||
}
|
||||
|
||||
// SetUserStatus - sets current user status, supports disabled or enabled.
|
||||
func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus) error {
|
||||
func (sys *IAMSys) SetUserStatus(ctx context.Context, accessKey string, status madmin.AccountStatus) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -572,7 +572,7 @@ func (sys *IAMSys) SetUserStatus(accessKey string, status madmin.AccountStatus)
|
||||
return errIAMActionNotAllowed
|
||||
}
|
||||
|
||||
return sys.store.SetUserStatus(context.Background(), accessKey, status)
|
||||
return sys.store.SetUserStatus(ctx, accessKey, status)
|
||||
}
|
||||
|
||||
type newServiceAccountOpts struct {
|
||||
@ -756,7 +756,7 @@ func (sys *IAMSys) DeleteServiceAccount(ctx context.Context, accessKey string) e
|
||||
|
||||
// CreateUser - create new user credentials and policy, if user already exists
|
||||
// they shall be rewritten with new inputs.
|
||||
func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
|
||||
func (sys *IAMSys) CreateUser(ctx context.Context, accessKey string, uinfo madmin.UserInfo) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -773,11 +773,11 @@ func (sys *IAMSys) CreateUser(accessKey string, uinfo madmin.UserInfo) error {
|
||||
return auth.ErrInvalidSecretKeyLength
|
||||
}
|
||||
|
||||
return sys.store.AddUser(context.Background(), accessKey, uinfo)
|
||||
return sys.store.AddUser(ctx, accessKey, uinfo)
|
||||
}
|
||||
|
||||
// SetUserSecretKey - sets user secret key
|
||||
func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
|
||||
func (sys *IAMSys) SetUserSecretKey(ctx context.Context, accessKey string, secretKey string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -794,7 +794,7 @@ func (sys *IAMSys) SetUserSecretKey(accessKey string, secretKey string) error {
|
||||
return auth.ErrInvalidSecretKeyLength
|
||||
}
|
||||
|
||||
return sys.store.UpdateUserSecretKey(context.Background(), accessKey, secretKey)
|
||||
return sys.store.UpdateUserSecretKey(ctx, accessKey, secretKey)
|
||||
}
|
||||
|
||||
// purgeExpiredCredentialsForExternalSSO - validates if local credentials are still valid
|
||||
@ -919,7 +919,7 @@ func (sys *IAMSys) updateGroupMembershipsForLDAP(ctx context.Context) {
|
||||
}
|
||||
|
||||
// GetUser - get user credentials
|
||||
func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
func (sys *IAMSys) GetUser(ctx context.Context, accessKey string) (cred auth.Credentials, ok bool) {
|
||||
if !sys.Initialized() {
|
||||
return cred, false
|
||||
}
|
||||
@ -928,7 +928,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
select {
|
||||
case <-sys.configLoaded:
|
||||
default:
|
||||
sys.store.LoadUser(context.Background(), accessKey)
|
||||
sys.store.LoadUser(ctx, accessKey)
|
||||
fallback = true
|
||||
}
|
||||
|
||||
@ -940,7 +940,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
// the IAM store and see if credential
|
||||
// exists now. If it doesn't proceed to
|
||||
// fail.
|
||||
sys.store.LoadUser(context.Background(), accessKey)
|
||||
sys.store.LoadUser(ctx, accessKey)
|
||||
cred, ok = sys.store.GetUser(accessKey)
|
||||
}
|
||||
|
||||
@ -949,14 +949,14 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
policies, err := sys.store.PolicyDBGet(cred.AccessKey, false)
|
||||
if err != nil {
|
||||
// Reject if the policy map for user doesn't exist anymore.
|
||||
logger.LogIf(context.Background(), fmt.Errorf("'%s' user does not have a policy present", cred.ParentUser))
|
||||
logger.LogIf(ctx, fmt.Errorf("'%s' user does not have a policy present", cred.ParentUser))
|
||||
return auth.Credentials{}, false
|
||||
}
|
||||
for _, group := range cred.Groups {
|
||||
ps, err := sys.store.PolicyDBGet(group, true)
|
||||
if err != nil {
|
||||
// Reject if the policy map for group doesn't exist anymore.
|
||||
logger.LogIf(context.Background(), fmt.Errorf("'%s' group does not have a policy present", group))
|
||||
logger.LogIf(ctx, fmt.Errorf("'%s' group does not have a policy present", group))
|
||||
return auth.Credentials{}, false
|
||||
}
|
||||
policies = append(policies, ps...)
|
||||
@ -969,7 +969,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
|
||||
// AddUsersToGroup - adds users to a group, creating the group if
|
||||
// needed. No error if user(s) already are in the group.
|
||||
func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
|
||||
func (sys *IAMSys) AddUsersToGroup(ctx context.Context, group string, members []string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -978,12 +978,12 @@ func (sys *IAMSys) AddUsersToGroup(group string, members []string) error {
|
||||
return errIAMActionNotAllowed
|
||||
}
|
||||
|
||||
return sys.store.AddUsersToGroup(context.Background(), group, members)
|
||||
return sys.store.AddUsersToGroup(ctx, group, members)
|
||||
}
|
||||
|
||||
// RemoveUsersFromGroup - remove users from group. If no users are
|
||||
// given, and the group is empty, deletes the group as well.
|
||||
func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
|
||||
func (sys *IAMSys) RemoveUsersFromGroup(ctx context.Context, group string, members []string) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -992,11 +992,11 @@ func (sys *IAMSys) RemoveUsersFromGroup(group string, members []string) error {
|
||||
return errIAMActionNotAllowed
|
||||
}
|
||||
|
||||
return sys.store.RemoveUsersFromGroup(context.Background(), group, members)
|
||||
return sys.store.RemoveUsersFromGroup(ctx, group, members)
|
||||
}
|
||||
|
||||
// SetGroupStatus - enable/disabled a group
|
||||
func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
|
||||
func (sys *IAMSys) SetGroupStatus(ctx context.Context, group string, enabled bool) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -1005,7 +1005,7 @@ func (sys *IAMSys) SetGroupStatus(group string, enabled bool) error {
|
||||
return errIAMActionNotAllowed
|
||||
}
|
||||
|
||||
return sys.store.SetGroupStatus(context.Background(), group, enabled)
|
||||
return sys.store.SetGroupStatus(ctx, group, enabled)
|
||||
}
|
||||
|
||||
// GetGroupDescription - builds up group description
|
||||
@ -1018,18 +1018,18 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
|
||||
}
|
||||
|
||||
// ListGroups - lists groups.
|
||||
func (sys *IAMSys) ListGroups() (r []string, err error) {
|
||||
func (sys *IAMSys) ListGroups(ctx context.Context) (r []string, err error) {
|
||||
if !sys.Initialized() {
|
||||
return r, errServerNotInitialized
|
||||
}
|
||||
|
||||
<-sys.configLoaded
|
||||
|
||||
return sys.store.ListGroups(context.Background())
|
||||
return sys.store.ListGroups(ctx)
|
||||
}
|
||||
|
||||
// PolicyDBSet - sets a policy for a user or group in the PolicyDB.
|
||||
func (sys *IAMSys) PolicyDBSet(name, policy string, isGroup bool) error {
|
||||
func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, isGroup bool) error {
|
||||
if !sys.Initialized() {
|
||||
return errServerNotInitialized
|
||||
}
|
||||
@ -1040,7 +1040,7 @@ func (sys *IAMSys) PolicyDBSet(name, policy string, isGroup bool) error {
|
||||
userType = stsUser
|
||||
}
|
||||
|
||||
return sys.store.PolicyDBSet(context.Background(), name, policy, userType, isGroup)
|
||||
return sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup)
|
||||
}
|
||||
|
||||
// PolicyDBGet - gets policy set on a user or group. If a list of groups is
|
||||
|
@ -18,6 +18,7 @@
|
||||
package cmd
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"net/http"
|
||||
"time"
|
||||
@ -62,7 +63,7 @@ func authenticateJWTUsersWithCredentials(credentials auth.Credentials, expiresAt
|
||||
serverCred := globalActiveCred
|
||||
if serverCred.AccessKey != credentials.AccessKey {
|
||||
var ok bool
|
||||
serverCred, ok = globalIAMSys.GetUser(credentials.AccessKey)
|
||||
serverCred, ok = globalIAMSys.GetUser(context.TODO(), credentials.AccessKey)
|
||||
if !ok {
|
||||
return "", errInvalidAccessKeyID
|
||||
}
|
||||
@ -114,7 +115,7 @@ func webRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, bool, error) {
|
||||
if claims.AccessKey == globalActiveCred.AccessKey {
|
||||
return []byte(globalActiveCred.SecretKey), nil
|
||||
}
|
||||
cred, ok := globalIAMSys.GetUser(claims.AccessKey)
|
||||
cred, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
|
||||
if !ok {
|
||||
return nil, errInvalidAccessKeyID
|
||||
}
|
||||
@ -125,7 +126,7 @@ func webRequestAuthenticate(req *http.Request) (*xjwt.MapClaims, bool, error) {
|
||||
owner := true
|
||||
if globalActiveCred.AccessKey != claims.AccessKey {
|
||||
// Check if the access key is part of users credentials.
|
||||
ucred, ok := globalIAMSys.GetUser(claims.AccessKey)
|
||||
ucred, ok := globalIAMSys.GetUser(req.Context(), claims.AccessKey)
|
||||
if !ok {
|
||||
return nil, false, errInvalidAccessKeyID
|
||||
}
|
||||
|
@ -77,7 +77,7 @@ func (s *peerRESTServer) DeletePolicyHandler(w http.ResponseWriter, r *http.Requ
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.DeletePolicy(policyName); err != nil {
|
||||
if err := globalIAMSys.DeletePolicy(r.Context(), policyName); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -103,7 +103,7 @@ func (s *peerRESTServer) LoadPolicyHandler(w http.ResponseWriter, r *http.Reques
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.LoadPolicy(objAPI, policyName); err != nil {
|
||||
if err := globalIAMSys.LoadPolicy(r.Context(), objAPI, policyName); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -130,7 +130,7 @@ func (s *peerRESTServer) LoadPolicyMappingHandler(w http.ResponseWriter, r *http
|
||||
}
|
||||
|
||||
_, isGroup := r.Form[peerRESTIsGroup]
|
||||
if err := globalIAMSys.LoadPolicyMapping(objAPI, userOrGroup, isGroup); err != nil {
|
||||
if err := globalIAMSys.LoadPolicyMapping(r.Context(), objAPI, userOrGroup, isGroup); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -182,7 +182,7 @@ func (s *peerRESTServer) LoadServiceAccountHandler(w http.ResponseWriter, r *htt
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.LoadServiceAccount(accessKey); err != nil {
|
||||
if err := globalIAMSys.LoadServiceAccount(r.Context(), accessKey); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -208,7 +208,7 @@ func (s *peerRESTServer) DeleteUserHandler(w http.ResponseWriter, r *http.Reques
|
||||
return
|
||||
}
|
||||
|
||||
if err := globalIAMSys.DeleteUser(accessKey); err != nil {
|
||||
if err := globalIAMSys.DeleteUser(r.Context(), accessKey); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -245,7 +245,7 @@ func (s *peerRESTServer) LoadUserHandler(w http.ResponseWriter, r *http.Request)
|
||||
userType = stsUser
|
||||
}
|
||||
|
||||
if err = globalIAMSys.LoadUser(objAPI, accessKey, userType); err != nil {
|
||||
if err = globalIAMSys.LoadUser(r.Context(), objAPI, accessKey, userType); err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
}
|
||||
@ -266,7 +266,7 @@ func (s *peerRESTServer) LoadGroupHandler(w http.ResponseWriter, r *http.Request
|
||||
|
||||
vars := mux.Vars(r)
|
||||
group := vars[peerRESTGroup]
|
||||
err := globalIAMSys.LoadGroup(objAPI, group)
|
||||
err := globalIAMSys.LoadGroup(r.Context(), objAPI, group)
|
||||
if err != nil {
|
||||
s.writeErrorResponse(w, err)
|
||||
return
|
||||
|
@ -152,7 +152,7 @@ func checkKeyValid(r *http.Request, accessKey string) (auth.Credentials, bool, A
|
||||
cred := globalActiveCred
|
||||
if cred.AccessKey != accessKey {
|
||||
// Check if the access key is part of users credentials.
|
||||
ucred, ok := globalIAMSys.GetUser(accessKey)
|
||||
ucred, ok := globalIAMSys.GetUser(r.Context(), accessKey)
|
||||
if !ok {
|
||||
return cred, false, ErrInvalidAccessKeyID
|
||||
}
|
||||
|
@ -76,7 +76,7 @@ func TestCheckValid(t *testing.T) {
|
||||
t.Fatalf("unable create credential, %s", err)
|
||||
}
|
||||
|
||||
globalIAMSys.CreateUser(ucreds.AccessKey, madmin.UserInfo{
|
||||
globalIAMSys.CreateUser(ctx, ucreds.AccessKey, madmin.UserInfo{
|
||||
SecretKey: ucreds.SecretKey,
|
||||
Status: madmin.AccountEnabled,
|
||||
})
|
||||
|
@ -947,9 +947,9 @@ func (c *SiteReplicationSys) IAMChangeHook(ctx context.Context, item madmin.SRIA
|
||||
func (c *SiteReplicationSys) PeerAddPolicyHandler(ctx context.Context, policyName string, p *iampolicy.Policy) error {
|
||||
var err error
|
||||
if p == nil {
|
||||
err = globalIAMSys.DeletePolicy(policyName)
|
||||
err = globalIAMSys.DeletePolicy(ctx, policyName)
|
||||
} else {
|
||||
err = globalIAMSys.SetPolicy(policyName, *p)
|
||||
err = globalIAMSys.SetPolicy(ctx, policyName, *p)
|
||||
}
|
||||
if err != nil {
|
||||
return wrapSRErr(err)
|
||||
@ -1061,7 +1061,7 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
|
||||
|
||||
// PeerPolicyMappingHandler - copies policy mapping to local.
|
||||
func (c *SiteReplicationSys) PeerPolicyMappingHandler(ctx context.Context, mapping madmin.SRPolicyMapping) error {
|
||||
err := globalIAMSys.PolicyDBSet(mapping.UserOrGroup, mapping.Policy, mapping.IsGroup)
|
||||
err := globalIAMSys.PolicyDBSet(ctx, mapping.UserOrGroup, mapping.Policy, mapping.IsGroup)
|
||||
if err != nil {
|
||||
return wrapSRErr(err)
|
||||
}
|
||||
@ -1116,7 +1116,7 @@ func (c *SiteReplicationSys) PeerSTSAccHandler(ctx context.Context, stsCred madm
|
||||
}
|
||||
|
||||
// Set these credentials to IAM.
|
||||
if err := globalIAMSys.SetTempUser(cred.AccessKey, cred, ""); err != nil {
|
||||
if err := globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, ""); err != nil {
|
||||
return fmt.Errorf("unable to save STS credential: %v", err)
|
||||
}
|
||||
|
||||
@ -1404,7 +1404,7 @@ func (c *SiteReplicationSys) syncLocalToPeers(ctx context.Context) SRError {
|
||||
|
||||
{
|
||||
// Replicate IAM policies on local to all peers.
|
||||
allPolicies, err := globalIAMSys.ListPolicies("")
|
||||
allPolicies, err := globalIAMSys.ListPolicies(ctx, "")
|
||||
if err != nil {
|
||||
return errSRBackendIssue(err)
|
||||
}
|
||||
|
@ -273,7 +273,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
|
||||
cred.ParentUser = user.AccessKey
|
||||
|
||||
// Set the newly generated credentials.
|
||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, policyName); err != nil {
|
||||
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, policyName); err != nil {
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||
return
|
||||
}
|
||||
@ -479,7 +479,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithSSO(w http.ResponseWriter, r *http.Requ
|
||||
cred.ParentUser = "openid:" + subFromToken + ":" + issFromToken
|
||||
|
||||
// Set the newly generated credentials.
|
||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, policyName); err != nil {
|
||||
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, policyName); err != nil {
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||
return
|
||||
}
|
||||
@ -645,7 +645,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
|
||||
// Set the newly generated credentials, policyName is empty on purpose
|
||||
// LDAP policies are applied automatically using their ldapUser, ldapGroups
|
||||
// mapping.
|
||||
if err = globalIAMSys.SetTempUser(cred.AccessKey, cred, ""); err != nil {
|
||||
if err = globalIAMSys.SetTempUser(ctx, cred.AccessKey, cred, ""); err != nil {
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||
return
|
||||
}
|
||||
@ -813,7 +813,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithCertificate(w http.ResponseWriter, r *h
|
||||
}
|
||||
|
||||
tmpCredentials.ParentUser = parentUser
|
||||
err = globalIAMSys.SetTempUser(tmpCredentials.AccessKey, tmpCredentials, certificate.Subject.CommonName)
|
||||
err = globalIAMSys.SetTempUser(ctx, tmpCredentials.AccessKey, tmpCredentials, certificate.Subject.CommonName)
|
||||
if err != nil {
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInternalError, err)
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user