mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
Bring back listing LDAP users temporarly (#14760)
In previous releases, mc admin user list would return the list of users that have policies mapped in IAM database. However, this was removed but this commit will bring it back until we revamp this.
This commit is contained in:
parent
8318aa0113
commit
a5b3548ede
@ -130,6 +130,18 @@ func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
// Add ldap users which have mapped policies if in LDAP mode
|
||||
// FIXME(vadmeste): move this to policy info in the future
|
||||
ldapUsers, err := globalIAMSys.ListLDAPUsers()
|
||||
if err != nil && err != errIAMActionNotAllowed {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
return
|
||||
}
|
||||
for k, v := range ldapUsers {
|
||||
allCredentials[k] = v
|
||||
}
|
||||
|
||||
// Marshal the response
|
||||
data, err := json.Marshal(allCredentials)
|
||||
if err != nil {
|
||||
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
|
||||
|
@ -1184,6 +1184,18 @@ func (store *IAMStoreSys) GetUsers() map[string]madmin.UserInfo {
|
||||
return result
|
||||
}
|
||||
|
||||
// GetUsersWithMappedPolicies - safely returns the name of access keys with associated policies
|
||||
func (store *IAMStoreSys) GetUsersWithMappedPolicies() map[string]string {
|
||||
cache := store.rlock()
|
||||
defer store.runlock()
|
||||
|
||||
result := make(map[string]string)
|
||||
for k, v := range cache.iamUserPolicyMap {
|
||||
result[k] = v.Policies
|
||||
}
|
||||
return result
|
||||
}
|
||||
|
||||
// GetUserInfo - get info on a user.
|
||||
func (store *IAMStoreSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
|
||||
if name == "" {
|
||||
|
22
cmd/iam.go
22
cmd/iam.go
@ -694,6 +694,28 @@ func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
|
||||
return sys.store.GetUsers(), nil
|
||||
}
|
||||
|
||||
// ListLDAPUsers - list LDAP users which has
|
||||
func (sys *IAMSys) ListLDAPUsers() (map[string]madmin.UserInfo, error) {
|
||||
if !sys.Initialized() {
|
||||
return nil, errServerNotInitialized
|
||||
}
|
||||
|
||||
if sys.usersSysType != LDAPUsersSysType {
|
||||
return nil, errIAMActionNotAllowed
|
||||
}
|
||||
|
||||
<-sys.configLoaded
|
||||
|
||||
ldapUsers := make(map[string]madmin.UserInfo)
|
||||
for user, policy := range sys.store.GetUsersWithMappedPolicies() {
|
||||
ldapUsers[user] = madmin.UserInfo{
|
||||
PolicyName: policy,
|
||||
Status: madmin.AccountEnabled,
|
||||
}
|
||||
}
|
||||
return ldapUsers, nil
|
||||
}
|
||||
|
||||
// IsTempUser - returns if given key is a temporary user.
|
||||
func (sys *IAMSys) IsTempUser(name string) (bool, string, error) {
|
||||
if !sys.Initialized() {
|
||||
|
@ -476,8 +476,12 @@ func (s *TestSuiteIAM) TestLDAPSTS(c *check) {
|
||||
if err != nil {
|
||||
c.Fatalf("list users should not fail: %v", err)
|
||||
}
|
||||
if len(usersList) > 0 {
|
||||
c.Fatalf("expected listing to be empty: %v", usersList)
|
||||
if len(usersList) != 1 {
|
||||
c.Fatalf("expected user listing output: %v", usersList)
|
||||
}
|
||||
uinfo := usersList[userDN]
|
||||
if uinfo.PolicyName != policy || uinfo.Status != madmin.AccountEnabled {
|
||||
c.Fatalf("expected user listing content: %v", uinfo)
|
||||
}
|
||||
|
||||
// Validate that the client from sts creds can access the bucket.
|
||||
|
Loading…
Reference in New Issue
Block a user