MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-01 10:13:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add comment field to service accounts (#16380)

Browse Source
This commit is contained in:
Anis Elleuch 2023-01-10 18:57:52 +01:00 committed by GitHub
parent 2146ed4033
commit 1ece3d1dfe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/admin-handlers-users.go
View File

@ -665,6 +665,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
opts := newServiceAccountOpts{ opts := newServiceAccountOpts{
accessKey: createReq.AccessKey, accessKey: createReq.AccessKey,
secretKey: createReq.SecretKey, secretKey: createReq.SecretKey,
comment: createReq.Comment,
claims: make(map[string]interface{}), claims: make(map[string]interface{}),
} }
@ -805,6 +806,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
AccessKey: newCred.AccessKey, AccessKey: newCred.AccessKey,
SecretKey: newCred.SecretKey, SecretKey: newCred.SecretKey,
Groups: newCred.Groups, Groups: newCred.Groups,
Comment: newCred.Comment,
Claims: opts.claims, Claims: opts.claims,
SessionPolicy: createReq.Policy, SessionPolicy: createReq.Policy,
Status: auth.AccountOn, Status: auth.AccountOn,
@ -892,6 +894,7 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re
opts := updateServiceAccountOpts{ opts := updateServiceAccountOpts{
secretKey: updateReq.NewSecretKey, secretKey: updateReq.NewSecretKey,
status: updateReq.NewStatus, status: updateReq.NewStatus,
comment: updateReq.NewComment,
sessionPolicy: sp, sessionPolicy: sp,
} }
updatedAt, err := globalIAMSys.UpdateServiceAccount(ctx, accessKey, opts) updatedAt, err := globalIAMSys.UpdateServiceAccount(ctx, accessKey, opts)
@ -909,6 +912,7 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re
AccessKey: accessKey, AccessKey: accessKey,
SecretKey: opts.secretKey, SecretKey: opts.secretKey,
Status: opts.status, Status: opts.status,
Comment: opts.comment,
SessionPolicy: updateReq.NewPolicy, SessionPolicy: updateReq.NewPolicy,
}, },
}, },
@ -993,6 +997,7 @@ func (a adminAPIHandlers) InfoServiceAccount(w http.ResponseWriter, r *http.Requ
infoResp := madmin.InfoServiceAccountResp{ infoResp := madmin.InfoServiceAccountResp{
ParentUser: svcAccount.ParentUser, ParentUser: svcAccount.ParentUser,
Comment: svcAccount.Comment,
AccountStatus: svcAccount.Status, AccountStatus: svcAccount.Status,
ImpliedPolicy: policy == nil, ImpliedPolicy: policy == nil,
Policy: string(policyJSON), Policy: string(policyJSON),
@ -2467,6 +2472,7 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {
opts := updateServiceAccountOpts{ opts := updateServiceAccountOpts{
secretKey: svcAcctReq.SecretKey, secretKey: svcAcctReq.SecretKey,
status: svcAcctReq.Status, status: svcAcctReq.Status,
comment: svcAcctReq.Comment,
sessionPolicy: sp, sessionPolicy: sp,
} }
_, err = globalIAMSys.UpdateServiceAccount(ctx, svcAcctReq.AccessKey, opts) _, err = globalIAMSys.UpdateServiceAccount(ctx, svcAcctReq.AccessKey, opts)
@ -2481,6 +2487,7 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {
secretKey: svcAcctReq.SecretKey, secretKey: svcAcctReq.SecretKey,
sessionPolicy: sp, sessionPolicy: sp,
claims: svcAcctReq.Claims, claims: svcAcctReq.Claims,
comment: svcAcctReq.Comment,
} }
// In case of LDAP we need to resolve the targetUser to a DN and // In case of LDAP we need to resolve the targetUser to a DN and

4
cmd/iam-store.go
View File

@ -2133,6 +2133,10 @@ func (store *IAMStoreSys) UpdateServiceAccount(ctx context.Context, accessKey st
cr.SecretKey = opts.secretKey cr.SecretKey = opts.secretKey
} }
if opts.comment != "" {
cr.Comment = opts.comment
}
switch opts.status { switch opts.status {
// The caller did not ask to update status account, do nothing // The caller did not ask to update status account, do nothing
case "": case "":

3
cmd/iam.go
View File

@ -919,6 +919,7 @@ type newServiceAccountOpts struct {
sessionPolicy *iampolicy.Policy sessionPolicy *iampolicy.Policy
accessKey string accessKey string
secretKey string secretKey string
comment string
claims map[string]interface{} claims map[string]interface{}
} }
@ -989,6 +990,7 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
cred.ParentUser = parentUser cred.ParentUser = parentUser
cred.Groups = groups cred.Groups = groups
cred.Status = string(auth.AccountOn) cred.Status = string(auth.AccountOn)
cred.Comment = opts.comment
updatedAt, err := sys.store.AddServiceAccount(ctx, cred) updatedAt, err := sys.store.AddServiceAccount(ctx, cred)
if err != nil { if err != nil {
@ -1003,6 +1005,7 @@ type updateServiceAccountOpts struct {
sessionPolicy *iampolicy.Policy sessionPolicy *iampolicy.Policy
secretKey string secretKey string
status string status string
comment string
} }
// UpdateServiceAccount - edit a service account // UpdateServiceAccount - edit a service account

4
cmd/site-replication.go
View File

@ -1185,6 +1185,7 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
secretKey: change.Create.SecretKey, secretKey: change.Create.SecretKey,
sessionPolicy: sp, sessionPolicy: sp,
claims: change.Create.Claims, claims: change.Create.Claims,
comment: change.Create.Comment,
} }
_, _, err = globalIAMSys.NewServiceAccount(ctx, change.Create.Parent, change.Create.Groups, opts) _, _, err = globalIAMSys.NewServiceAccount(ctx, change.Create.Parent, change.Create.Groups, opts)
if err != nil { if err != nil {
@ -1209,6 +1210,7 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
opts := updateServiceAccountOpts{ opts := updateServiceAccountOpts{
secretKey: change.Update.SecretKey, secretKey: change.Update.SecretKey,
status: change.Update.Status, status: change.Update.Status,
comment: change.Update.Comment,
sessionPolicy: sp, sessionPolicy: sp,
} }
@ -1870,6 +1872,7 @@ func (c *SiteReplicationSys) syncToAllPeers(ctx context.Context) error {
Claims: claims, Claims: claims,
SessionPolicy: json.RawMessage(policyJSON), SessionPolicy: json.RawMessage(policyJSON),
Status: acc.Credentials.Status, Status: acc.Credentials.Status,
Comment: acc.Credentials.Comment,
}, },
}, },
UpdatedAt: acc.UpdatedAt, UpdatedAt: acc.UpdatedAt,
@ -4706,6 +4709,7 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
Claims: claims, Claims: claims,
SessionPolicy: json.RawMessage(policyJSON), SessionPolicy: json.RawMessage(policyJSON),
Status: creds.Status, Status: creds.Status,
Comment: creds.Comment,
}, },
}, },
UpdatedAt: lastUpdate, UpdatedAt: lastUpdate,

2
go.mod
View File

@ -49,7 +49,7 @@ require (
github.com/minio/dperf v0.4.2 github.com/minio/dperf v0.4.2
github.com/minio/highwayhash v1.0.2 github.com/minio/highwayhash v1.0.2
github.com/minio/kes v0.22.2 github.com/minio/kes v0.22.2
github.com/minio/madmin-go/v2 v2.0.5 github.com/minio/madmin-go/v2 v2.0.6
github.com/minio/minio-go/v7 v7.0.45 github.com/minio/minio-go/v7 v7.0.45
github.com/minio/pkg v1.5.8 github.com/minio/pkg v1.5.8
github.com/minio/selfupdate v0.5.0 github.com/minio/selfupdate v0.5.0

4
go.sum
View File

@ -770,8 +770,8 @@ github.com/minio/highwayhash v1.0.2/go.mod h1:BQskDq+xkJ12lmlUUi7U0M5Swg3EWR+dLT
github.com/minio/kes v0.22.2 h1:9NdgTx+TFJco0Pqdrq8WZbrTZVv0ichg+sbPRQiJ2HU= github.com/minio/kes v0.22.2 h1:9NdgTx+TFJco0Pqdrq8WZbrTZVv0ichg+sbPRQiJ2HU=
github.com/minio/kes v0.22.2/go.mod h1:J9sD6Pe8obPt7+JXFcznkWaYaj9pBWCfN9U9j//NsNw= github.com/minio/kes v0.22.2/go.mod h1:J9sD6Pe8obPt7+JXFcznkWaYaj9pBWCfN9U9j//NsNw=
github.com/minio/madmin-go v1.6.6/go.mod h1:ATvkBOLiP3av4D++2v1UEHC/QzsGtgXD5kYvvRYzdKs= github.com/minio/madmin-go v1.6.6/go.mod h1:ATvkBOLiP3av4D++2v1UEHC/QzsGtgXD5kYvvRYzdKs=
github.com/minio/madmin-go/v2 v2.0.5 h1:W0dY4enDYdIegTcIQSkdtzvvyQpZtEn6bft5JMb/wYA= github.com/minio/madmin-go/v2 v2.0.6 h1:d0cfiH5SkC8vZHgRtcki8j37fb3FF65cTdjUdfBR8ks=
github.com/minio/madmin-go/v2 v2.0.5/go.mod h1:5aFi/VLWBHC2DEFfGIlUmAeJhaF4ZAjuYpEWZFU14Zw= github.com/minio/madmin-go/v2 v2.0.6/go.mod h1:5aFi/VLWBHC2DEFfGIlUmAeJhaF4ZAjuYpEWZFU14Zw=
github.com/minio/mc v0.0.0-20221224152138-176072dee43d h1:etzZIWQ3NFrxzwnvjczETWMcgoja9ZKLFLIfQzvpqP8= github.com/minio/mc v0.0.0-20221224152138-176072dee43d h1:etzZIWQ3NFrxzwnvjczETWMcgoja9ZKLFLIfQzvpqP8=
github.com/minio/mc v0.0.0-20221224152138-176072dee43d/go.mod h1:af4hDQUHwu8az+6TyEKXa2Yd+lvMDVgnc9/kstHPZY8= github.com/minio/mc v0.0.0-20221224152138-176072dee43d/go.mod h1:af4hDQUHwu8az+6TyEKXa2Yd+lvMDVgnc9/kstHPZY8=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=

1
internal/auth/credentials.go
View File

@ -102,6 +102,7 @@ type Credentials struct {
ParentUser string `xml:"-" json:"parentUser,omitempty"` ParentUser string `xml:"-" json:"parentUser,omitempty"`
Groups []string `xml:"-" json:"groups,omitempty"` Groups []string `xml:"-" json:"groups,omitempty"`
Claims map[string]interface{} `xml:"-" json:"claims,omitempty"` Claims map[string]interface{} `xml:"-" json:"claims,omitempty"`
Comment string `xml:"-" json:"comment,omitempty"`
} }
func (cred Credentials) String() string { func (cred Credentials) String() string {