admin: Add service Set Credentials API (#3580)

2025-11-10 22:10:12 -05:00 · 2017-01-17 23:25:59 +01:00
parent 20a65981bd
commit f803bb4b3d
13 changed files with 317 additions and 27 deletions
--- a/pkg/madmin/README.md
+++ b/pkg/madmin/README.md
@@ -106,6 +106,7 @@ go run service-status.go

 * [`ServiceStatus`](./API.md#ServiceStatus)
 * [`ServiceRestart`](./API.md#ServiceRestart)
+* [`ServiceSetCredentials`](./API.md#ServiceSetCredentials)

 ## Full Examples

@@ -113,6 +114,7 @@ go run service-status.go

 * [service-status.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-status.go)
 * [service-restart.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-restart.go)
+* [service-set-credentials.go](https://github.com/minio/minio/blob/master/pkg/madmin/examples/service-set-credentials.go)

 ## Contribute

--- a/pkg/madmin/api-error-response.go
+++ b/pkg/madmin/api-error-response.go
@@ -16,7 +16,10 @@

 package madmin

-import "encoding/xml"
+import (
+	"encoding/xml"
+	"net/http"
+)

 /* **** SAMPLE ERROR RESPONSE ****
 <?xml version="1.0" encoding="UTF-8"?>
@@ -50,6 +53,29 @@ func (e ErrorResponse) Error() string {
 	return e.Message
 }

+const (
+	reportIssue = "Please report this issue at https://github.com/minio/minio-go/issues."
+)
+
+// httpRespToErrorResponse returns a new encoded ErrorResponse
+// structure as error.
+func httpRespToErrorResponse(resp *http.Response) error {
+	if resp == nil {
+		msg := "Response is empty. " + reportIssue
+		return ErrInvalidArgument(msg)
+	}
+	var errResp ErrorResponse
+	// Decode the xml error
+	err := xmlDecoder(resp.Body, &errResp)
+	if err != nil {
+		return ErrorResponse{
+			Code:    resp.Status,
+			Message: "Failed to parse server response.",
+		}
+	}
+	return errResp
+}
+
 // ErrInvalidArgument - Invalid argument response.
 func ErrInvalidArgument(message string) error {
 	return ErrorResponse{
--- a/pkg/madmin/examples/service-set-credentials.go
+++ b/pkg/madmin/examples/service-set-credentials.go
@@ -0,0 +1,44 @@
+// +build ignore
+
+/*
+ * Minio Cloud Storage, (C) 2016 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package main
+
+import (
+	"log"
+
+	"github.com/minio/minio/pkg/madmin"
+)
+
+func main() {
+	// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY and my-bucketname are
+	// dummy values, please replace them with original values.
+
+	// API requests are secure (HTTPS) if secure=true and insecure (HTTPS) otherwise.
+	// New returns an Minio Admin client object.
+	madmClnt, err := madmin.New("your-minio.example.com:9000", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	err = madmClnt.ServiceSetCredentials("YOUR-NEW-ACCESSKEY", "YOUR-NEW-SECRETKEY")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	log.Println("New credentials successfully set.")
+}
--- a/pkg/madmin/service.go
+++ b/pkg/madmin/service.go
@@ -18,7 +18,9 @@
 package madmin

 import (
+	"bytes"
 	"encoding/json"
+	"encoding/xml"
 	"errors"
 	"io/ioutil"
 	"net/http"
@@ -117,3 +119,49 @@ func (adm *AdminClient) ServiceRestart() error {
 	}
 	return nil
 }
+
+// setCredsReq - xml to send to the server to set new credentials
+type setCredsReq struct {
+	Username string `xml:"username"`
+	Password string `xml:"password"`
+}
+
+// ServiceSetCredentials - Call Service Set Credentials API to set new access and secret keys in the specified Minio server
+func (adm *AdminClient) ServiceSetCredentials(access, secret string) error {
+
+	// Disallow sending with the server if the connection is not secure
+	if !adm.secure {
+		return errors.New("setting new credentials requires HTTPS connection to the server")
+	}
+
+	// Setup new request
+	reqData := requestData{}
+	reqData.queryValues = make(url.Values)
+	reqData.queryValues.Set("service", "")
+	reqData.customHeaders = make(http.Header)
+	reqData.customHeaders.Set(minioAdminOpHeader, "set-credentials")
+
+	// Setup request's body
+	body, err := xml.Marshal(setCredsReq{Username: access, Password: secret})
+	if err != nil {
+		return err
+	}
+	reqData.contentBody = bytes.NewReader(body)
+	reqData.contentLength = int64(len(body))
+	reqData.contentMD5Bytes = sumMD5(body)
+	reqData.contentSHA256Bytes = sum256(body)
+
+	// Execute GET on bucket to list objects.
+	resp, err := adm.executeMethod("POST", reqData)
+
+	defer closeResponse(resp)
+	if err != nil {
+		return err
+	}
+
+	// Return error to the caller if http response code is different from 200
+	if resp.StatusCode != http.StatusOK {
+		return httpRespToErrorResponse(resp)
+	}
+	return nil
+}
--- a/pkg/madmin/utils.go
+++ b/pkg/madmin/utils.go
@@ -17,7 +17,9 @@
 package madmin

 import (
+	"crypto/md5"
 	"crypto/sha256"
+	"encoding/xml"
 	"io"
 	"io/ioutil"
 	"net"
@@ -35,6 +37,19 @@ func sum256(data []byte) []byte {
 	return hash.Sum(nil)
 }

+// sumMD5 calculate sumMD5 sum for an input byte array.
+func sumMD5(data []byte) []byte {
+	hash := md5.New()
+	hash.Write(data)
+	return hash.Sum(nil)
+}
+
+// xmlDecoder provide decoded value in xml.
+func xmlDecoder(body io.Reader, v interface{}) error {
+	d := xml.NewDecoder(body)
+	return d.Decode(v)
+}
+
 // getEndpointURL - construct a new endpoint.
 func getEndpointURL(endpoint string, secure bool) (*url.URL, error) {
 	if strings.Contains(endpoint, ":") {