mirror of
https://github.com/minio/minio.git
synced 2025-11-09 13:39:46 -05:00
add list/delete API service accounts admin API (#9402)
This commit is contained in:
Anis Elleuch
GitHub
@@ -46,7 +46,7 @@ func main() {
|
||||
|
||||
p := iampolicy.Policy{
|
||||
Version: iampolicy.DefaultVersion,
|
||||
Statements: []Statement{
|
||||
Statements: []iampolicy.Statement{
|
||||
iampolicy.NewStatement(
|
||||
policy.Allow,
|
||||
iampolicy.NewActionSet(iampolicy.GetObjectAction),
|
||||
@@ -55,10 +55,23 @@ func main() {
|
||||
)},
|
||||
}
|
||||
|
||||
creds, err := madmClnt.AddServiceAccount(context.Background(), "parentuser", &p)
|
||||
// Create a new service account
|
||||
creds, err := madmClnt.AddServiceAccount(context.Background(), &p)
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
fmt.Println(creds)
|
||||
|
||||
// List all services accounts
|
||||
list, err := madmClnt.ListServiceAccounts(context.Background())
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
fmt.Println(list)
|
||||
|
||||
// Delete a service account
|
||||
err = madmClnt.DeleteServiceAccount(context.Background(), list.Accounts[0])
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
}
|
||||
@@ -215,7 +215,6 @@ func (adm *AdminClient) SetUserStatus(ctx context.Context, accessKey string, sta
|
||||
|
||||
// AddServiceAccountReq is the request body of the add service account admin call
|
||||
type AddServiceAccountReq struct {
|
||||
Parent string `json:"parent"`
|
||||
Policy *iampolicy.Policy `json:"policy,omitempty"`
|
||||
}
|
||||
|
||||
@@ -224,13 +223,9 @@ type AddServiceAccountResp struct {
|
||||
Credentials auth.Credentials `json:"credentials"`
|
||||
}
|
||||
|
||||
// AddServiceAccount - creates a new service account belonging to the given parent user
|
||||
// while restricting the service account permission by the given policy document.
|
||||
func (adm *AdminClient) AddServiceAccount(ctx context.Context, parentUser string, policy *iampolicy.Policy) (auth.Credentials, error) {
|
||||
if !auth.IsAccessKeyValid(parentUser) {
|
||||
return auth.Credentials{}, auth.ErrInvalidAccessKeyLength
|
||||
}
|
||||
|
||||
// AddServiceAccount - creates a new service account belonging to the user sending
|
||||
// the request while restricting the service account permission by the given policy document.
|
||||
func (adm *AdminClient) AddServiceAccount(ctx context.Context, policy *iampolicy.Policy) (auth.Credentials, error) {
|
||||
if policy != nil {
|
||||
if err := policy.Validate(); err != nil {
|
||||
return auth.Credentials{}, err
|
||||
@@ -238,7 +233,6 @@ func (adm *AdminClient) AddServiceAccount(ctx context.Context, parentUser string
|
||||
}
|
||||
|
||||
data, err := json.Marshal(AddServiceAccountReq{
|
||||
Parent: parentUser,
|
||||
Policy: policy,
|
||||
})
|
||||
if err != nil {
|
||||
@@ -277,3 +271,66 @@ func (adm *AdminClient) AddServiceAccount(ctx context.Context, parentUser string
|
||||
}
|
||||
return serviceAccountResp.Credentials, nil
|
||||
}
|
||||
|
||||
// ListServiceAccountsResp is the response body of the list service accounts call
|
||||
type ListServiceAccountsResp struct {
|
||||
Accounts []string `json:"accounts"`
|
||||
}
|
||||
|
||||
// ListServiceAccounts - list service accounts belonging to the specified user
|
||||
func (adm *AdminClient) ListServiceAccounts(ctx context.Context) (ListServiceAccountsResp, error) {
|
||||
reqData := requestData{
|
||||
relPath: adminAPIPrefix + "/list-service-accounts",
|
||||
}
|
||||
|
||||
// Execute GET on /minio/admin/v3/list-service-accounts
|
||||
resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
|
||||
defer closeResponse(resp)
|
||||
if err != nil {
|
||||
return ListServiceAccountsResp{}, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return ListServiceAccountsResp{}, httpRespToErrorResponse(resp)
|
||||
}
|
||||
|
||||
data, err := DecryptData(adm.getSecretKey(), resp.Body)
|
||||
if err != nil {
|
||||
return ListServiceAccountsResp{}, err
|
||||
}
|
||||
|
||||
var listResp ListServiceAccountsResp
|
||||
if err = json.Unmarshal(data, &listResp); err != nil {
|
||||
return ListServiceAccountsResp{}, err
|
||||
}
|
||||
return listResp, nil
|
||||
}
|
||||
|
||||
// DeleteServiceAccount - delete a specified service account. The server will reject
|
||||
// the request if the service account does not belong to the user initiating the request
|
||||
func (adm *AdminClient) DeleteServiceAccount(ctx context.Context, serviceAccount string) error {
|
||||
if !auth.IsAccessKeyValid(serviceAccount) {
|
||||
return auth.ErrInvalidAccessKeyLength
|
||||
}
|
||||
|
||||
queryValues := url.Values{}
|
||||
queryValues.Set("accessKey", serviceAccount)
|
||||
|
||||
reqData := requestData{
|
||||
relPath: adminAPIPrefix + "/delete-service-account",
|
||||
queryValues: queryValues,
|
||||
}
|
||||
|
||||
// Execute DELETE on /minio/admin/v3/delete-service-account
|
||||
resp, err := adm.executeMethod(ctx, http.MethodDelete, reqData)
|
||||
defer closeResponse(resp)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusNoContent {
|
||||
return httpRespToErrorResponse(resp)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user