MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 13:39:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add "name" and "description" params to service acc (#17172)

Browse Source
This commit is contained in:
Aditya Manthramurthy
2023-05-17 17:05:36 -07:00
committed by GitHub
parent ad2ab6eb3e
commit 9d96b18df0
9 changed files with 79 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
cmd/admin-handlers-users.go
View File

@@ -665,6 +665,13 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
return
}
if err := createReq.Validate(); err != nil {
// Since this validation would happen client side as well, we only send
// a generic error message here.
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL)
return
}
var (
targetUser string
targetGroups []string
@@ -677,12 +684,17 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
targetUser = cred.AccessKey
}
description := createReq.Description
if description == "" {
description = createReq.Comment
}
opts := newServiceAccountOpts{
accessKey: createReq.AccessKey,
secretKey: createReq.SecretKey,
comment: createReq.Comment,
expiration: createReq.Expiration,
claims: make(map[string]interface{}),
accessKey: createReq.AccessKey,
secretKey: createReq.SecretKey,
name: createReq.Name,
description: description,
expiration: createReq.Expiration,
claims: make(map[string]interface{}),
}
// Find the user for the request sender (as it may be sent via a service
@@ -835,7 +847,8 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque
AccessKey: newCred.AccessKey,
SecretKey: newCred.SecretKey,
Groups: newCred.Groups,
Comment: newCred.Comment,
Name: newCred.Name,
Description: newCred.Description,
Claims: opts.claims,
SessionPolicy: createReq.Policy,
Status: auth.AccountOn,
@@ -910,6 +923,13 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re
return
}
if err := updateReq.Validate(); err != nil {
// Since this validation would happen client side as well, we only send
// a generic error message here.
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL)
return
}
var sp *iampolicy.Policy
if len(updateReq.NewPolicy) > 0 {
sp, err = iampolicy.ParseConfig(bytes.NewReader(updateReq.NewPolicy))
@@ -921,7 +941,8 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re
opts := updateServiceAccountOpts{
secretKey: updateReq.NewSecretKey,
status: updateReq.NewStatus,
comment: updateReq.NewComment,
name: updateReq.NewName,
description: updateReq.NewDescription,
expiration: updateReq.NewExpiration,
sessionPolicy: sp,
}
@@ -940,7 +961,8 @@ func (a adminAPIHandlers) UpdateServiceAccount(w http.ResponseWriter, r *http.Re
AccessKey: accessKey,
SecretKey: opts.secretKey,
Status: opts.status,
Comment: opts.comment,
Name: opts.name,
Description: opts.description,
SessionPolicy: updateReq.NewPolicy,
Expiration: updateReq.NewExpiration,
},
@@ -1028,7 +1050,8 @@ func (a adminAPIHandlers) InfoServiceAccount(w http.ResponseWriter, r *http.Requ
infoResp := madmin.InfoServiceAccountResp{
ParentUser: svcAccount.ParentUser,
Comment: svcAccount.Comment,
Name: svcAccount.Name,
Description: svcAccount.Description,
AccountStatus: svcAccount.Status,
ImpliedPolicy: policy == nil,
Policy: string(policyJSON),
@@ -2495,7 +2518,8 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {
opts := updateServiceAccountOpts{
secretKey: svcAcctReq.SecretKey,
status: svcAcctReq.Status,
comment: svcAcctReq.Comment,
name: svcAcctReq.Name,
description: svcAcctReq.Description,
expiration: svcAcctReq.Expiration,
sessionPolicy: sp,
}
@@ -2511,7 +2535,8 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {
secretKey: svcAcctReq.SecretKey,
sessionPolicy: sp,
claims: svcAcctReq.Claims,
comment: svcAcctReq.Comment,
name: svcAcctReq.Name,
description: svcAcctReq.Description,
expiration: svcAcctReq.Expiration,
allowSiteReplicatorAccount: false,
}

4
cmd/iam-etcd-store.go
View File

@@ -238,6 +238,10 @@ func (ies *IAMEtcdStore) addUser(ctx context.Context, user string, userType IAMU
}
u.Credentials.Claims = jwtClaims.Map()
}
if u.Credentials.Description == "" {
u.Credentials.Description = u.Credentials.Comment
}
m[user] = u
return nil
}

4
cmd/iam-object-store.go
View File

@@ -224,6 +224,10 @@ func (iamOS *IAMObjectStore) loadUser(ctx context.Context, user string, userType
u.Credentials.Claims = jwtClaims.Map()
}
if u.Credentials.Description == "" {
u.Credentials.Description = u.Credentials.Comment
}
m[user] = u
return nil
}

8
cmd/iam-store.go
View File

@@ -2184,8 +2184,12 @@ func (store *IAMStoreSys) UpdateServiceAccount(ctx context.Context, accessKey st
cr.SecretKey = opts.secretKey
}
if opts.comment != "" {
cr.Comment = opts.comment
if opts.name != "" {
cr.Name = opts.name
}
if opts.description != "" {
cr.Description = opts.description
}
if opts.expiration != nil {

15
cmd/iam.go
View File

@@ -916,7 +916,7 @@ type newServiceAccountOpts struct {
sessionPolicy *iampolicy.Policy
accessKey string
secretKey string
comment string
name, description string
expiration *time.Time
allowSiteReplicatorAccount bool // allow creating internal service account for site-replication.
@@ -991,7 +991,8 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
cred.ParentUser = parentUser
cred.Groups = groups
cred.Status = string(auth.AccountOn)
cred.Comment = opts.comment
cred.Name = opts.name
cred.Description = opts.description
if opts.expiration != nil {
expirationInUTC := opts.expiration.UTC()
@@ -1011,11 +1012,11 @@ func (sys *IAMSys) NewServiceAccount(ctx context.Context, parentUser string, gro
}
type updateServiceAccountOpts struct {
sessionPolicy *iampolicy.Policy
secretKey string
status string
comment string
expiration *time.Time
sessionPolicy *iampolicy.Policy
secretKey string
status string
name, description string
expiration *time.Time
}
// UpdateServiceAccount - edit a service account

12
cmd/site-replication.go
View File

@@ -1222,7 +1222,8 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
secretKey: change.Create.SecretKey,
sessionPolicy: sp,
claims: change.Create.Claims,
comment: change.Create.Comment,
name: change.Create.Name,
description: change.Create.Description,
expiration: change.Create.Expiration,
}
_, _, err = globalIAMSys.NewServiceAccount(ctx, change.Create.Parent, change.Create.Groups, opts)
@@ -1248,7 +1249,8 @@ func (c *SiteReplicationSys) PeerSvcAccChangeHandler(ctx context.Context, change
opts := updateServiceAccountOpts{
secretKey: change.Update.SecretKey,
status: change.Update.Status,
comment: change.Update.Comment,
name: change.Update.Name,
description: change.Update.Description,
sessionPolicy: sp,
expiration: change.Update.Expiration,
}
@@ -1852,7 +1854,8 @@ func (c *SiteReplicationSys) syncToAllPeers(ctx context.Context) error {
Claims: claims,
SessionPolicy: json.RawMessage(policyJSON),
Status: acc.Credentials.Status,
Comment: acc.Credentials.Comment,
Name: acc.Credentials.Name,
Description: acc.Credentials.Description,
Expiration: &acc.Credentials.Expiration,
},
},
@@ -4737,7 +4740,8 @@ func (c *SiteReplicationSys) healUsers(ctx context.Context, objAPI ObjectLayer,
Claims: claims,
SessionPolicy: json.RawMessage(policyJSON),
Status: creds.Status,
Comment: creds.Comment,
Name: creds.Name,
Description: creds.Description,
Expiration: &creds.Expiration,
},
},