mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Add ListUsers API to list all configured users in IAM (#6619)
This commit is contained in:
parent
28e25eac78
commit
3ef3fefd54
@ -769,6 +769,48 @@ func (a adminAPIHandlers) RemoveUserPolicy(w http.ResponseWriter, r *http.Reques
|
||||
}
|
||||
}
|
||||
|
||||
// ListUsers - GET /minio/admin/v1/list-users
|
||||
func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := newContext(r, w, "ListUsers")
|
||||
|
||||
// Get current object layer instance.
|
||||
objectAPI := newObjectLayerFn()
|
||||
if objectAPI == nil {
|
||||
writeErrorResponseJSON(w, ErrServerNotInitialized, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
// Validate request signature.
|
||||
adminAPIErr := checkAdminRequestAuthType(r, "")
|
||||
if adminAPIErr != ErrNone {
|
||||
writeErrorResponseJSON(w, adminAPIErr, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
allCredentials, err := globalIAMSys.ListUsers()
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(w, toAdminAPIErrCode(err), r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
data, err := json.Marshal(allCredentials)
|
||||
if err != nil {
|
||||
logger.LogIf(ctx, err)
|
||||
writeErrorResponseJSON(w, ErrInternalError, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
password := globalServerConfig.GetCredential().SecretKey
|
||||
econfigData, err := madmin.EncryptData(password, data)
|
||||
if err != nil {
|
||||
logger.LogIf(ctx, err)
|
||||
writeErrorResponseJSON(w, ErrInternalError, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
writeSuccessResponseJSON(w, econfigData)
|
||||
}
|
||||
|
||||
// AddUser - PUT /minio/admin/v1/add-user?accessKey=<access_key>
|
||||
func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
||||
ctx := newContext(r, w, "AddUser")
|
||||
@ -815,12 +857,14 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
|
||||
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
var uinfo madmin.UserInfo
|
||||
if err = json.Unmarshal(configBytes, &uinfo); err != nil {
|
||||
logger.LogIf(ctx, err)
|
||||
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
|
||||
return
|
||||
}
|
||||
|
||||
if err = globalIAMSys.SetUser(accessKey, uinfo); err != nil {
|
||||
logger.LogIf(ctx, err)
|
||||
writeErrorResponseJSON(w, ErrInternalError, r.URL)
|
||||
|
@ -79,6 +79,8 @@ func registerAdminRouter(router *mux.Router) {
|
||||
// Set config keys/values
|
||||
adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler))
|
||||
|
||||
// -- IAM APIs --
|
||||
|
||||
// Add user IAM
|
||||
adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}")
|
||||
adminV1Router.Methods(http.MethodPut).Path("/add-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddUserPolicy)).Queries("accessKey", "{accessKey:.*}")
|
||||
@ -87,4 +89,7 @@ func registerAdminRouter(router *mux.Router) {
|
||||
adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}")
|
||||
adminV1Router.Methods(http.MethodDelete).Path("/remove-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUserPolicy)).Queries("accessKey", "{accessKey:.*}")
|
||||
|
||||
// List users
|
||||
adminV1Router.Methods(http.MethodGet).Path("/list-users").HandlerFunc(httpTraceHdrs(adminAPI.ListUsers))
|
||||
|
||||
}
|
||||
|
21
cmd/iam.go
21
cmd/iam.go
@ -256,6 +256,27 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListUsers - list all users.
|
||||
func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
|
||||
objectAPI := newObjectLayerFn()
|
||||
if objectAPI == nil {
|
||||
return nil, errServerNotInitialized
|
||||
}
|
||||
|
||||
var users = make(map[string]madmin.UserInfo)
|
||||
|
||||
sys.RLock()
|
||||
defer sys.RUnlock()
|
||||
|
||||
for k, v := range sys.iamUsersMap {
|
||||
users[k] = madmin.UserInfo{
|
||||
Status: madmin.AccountStatus(v.Status),
|
||||
}
|
||||
}
|
||||
|
||||
return users, nil
|
||||
}
|
||||
|
||||
// SetUser - set user credentials.
|
||||
func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
|
||||
objectAPI := newObjectLayerFn()
|
||||
|
@ -48,6 +48,8 @@ func (statement Statement) IsAllowed(args Args) bool {
|
||||
}
|
||||
|
||||
resource += args.ObjectName
|
||||
} else {
|
||||
resource += "/"
|
||||
}
|
||||
|
||||
if !statement.Resources.Match(resource) {
|
||||
|
@ -40,7 +40,7 @@ func main() {
|
||||
|:----------------------------|:----------------------------|:--------------------------------------|:--------------------------|:------------------------------------|:------------------------------------|
|
||||
| [`ServiceStatus`](#ServiceStatus) | [`ServerInfo`](#ServerInfo) | [`Heal`](#Heal) | [`GetConfig`](#GetConfig) | [`AddUser()`](#AddUser) | [`SetAdminCredentials`](#SetAdminCredentials) |
|
||||
| [`ServiceSendAction`](#ServiceSendAction) | | | [`SetConfig`](#SetConfig) | [`AddUserPolicy`](#AddUserPolicy) | [`StartProfiling`](#StartProfiling) |
|
||||
| | | | [`GetConfigKeys`](#GetConfigKeys) | [`DownloadProfilingData`](#DownloadProfilingData) |
|
||||
| | | | [`GetConfigKeys`](#GetConfigKeys) | [`ListUsers`](#ListUsers) | [`DownloadProfilingData`](#DownloadProfilingData) |
|
||||
| | | | [`SetConfigKeys`](#SetConfigKeys) | |
|
||||
|
||||
|
||||
@ -375,6 +375,22 @@ __Example__
|
||||
}
|
||||
```
|
||||
|
||||
<a name="ListUsers"></a>
|
||||
### ListUsers() (map[string]UserInfo, error)
|
||||
Lists all users on Minio server.
|
||||
|
||||
__Example__
|
||||
|
||||
``` go
|
||||
users, err := madmClnt.ListUsers();
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
for k, v := range users {
|
||||
fmt.Printf("User %s Status %s\n", k, v.Status)
|
||||
}
|
||||
```
|
||||
|
||||
## 9. Misc operations
|
||||
|
||||
<a name="SetAdminCredentials"></a>
|
||||
|
@ -34,7 +34,7 @@ const (
|
||||
|
||||
// UserInfo carries information about long term users.
|
||||
type UserInfo struct {
|
||||
SecretKey string `json:"secretKey"`
|
||||
SecretKey string `json:"secretKey,omitempty"`
|
||||
Status AccountStatus `json:"status"`
|
||||
}
|
||||
|
||||
@ -63,6 +63,37 @@ func (adm *AdminClient) RemoveUser(accessKey string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// ListUsers - list all users.
|
||||
func (adm *AdminClient) ListUsers() (map[string]UserInfo, error) {
|
||||
reqData := requestData{
|
||||
relPath: "/v1/list-users",
|
||||
}
|
||||
|
||||
// Execute GET on /minio/admin/v1/list-users
|
||||
resp, err := adm.executeMethod("GET", reqData)
|
||||
|
||||
defer closeResponse(resp)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if resp.StatusCode != http.StatusOK {
|
||||
return nil, httpRespToErrorResponse(resp)
|
||||
}
|
||||
|
||||
data, err := DecryptData(adm.secretAccessKey, resp.Body)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var users = make(map[string]UserInfo)
|
||||
if err = json.Unmarshal(data, &users); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return users, nil
|
||||
}
|
||||
|
||||
// SetUser - sets a user info.
|
||||
func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error {
|
||||
data, err := json.Marshal(UserInfo{
|
||||
|
Loading…
Reference in New Issue
Block a user