From fd530576549fdcd061e64fca71977f00607e4e0e Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 26 Sep 2019 11:23:13 -0700
Subject: [PATCH] Add InfoCannedPolicy API to fetch only necessary policy
 (#8307)

This PR adds
- InfoCannedPolicy() API for efficiency in fetching policies
- Send group memberships for LDAPUser if available
---
 cmd/admin-handlers.go         | 19 +++++++++++++++++++
 cmd/admin-router.go           |  3 +++
 cmd/iam.go                    | 24 +++++++++++++++++++++---
 pkg/madmin/policy-commands.go | 25 +++++++++++++++++++++++++
 4 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go
index 97b341ed0..33b5fa936 100644
--- a/cmd/admin-handlers.go
+++ b/cmd/admin-handlers.go
@@ -1329,6 +1329,25 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// InfoCannedPolicy - GET /minio/admin/v1/info-canned-policy?name={policyName}
+func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Request) {
+	ctx := newContext(r, w, "InfoCannedPolicy")
+
+	objectAPI := validateAdminReq(ctx, w, r)
+	if objectAPI == nil {
+		return
+	}
+
+	data, err := globalIAMSys.InfoPolicy(mux.Vars(r)["name"])
+	if err != nil {
+		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
+		return
+	}
+
+	w.Write(data)
+	w.(http.Flusher).Flush()
+}
+
 // ListCannedPolicies - GET /minio/admin/v1/list-canned-policies
 func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Request) {
 	ctx := newContext(r, w, "ListCannedPolicies")
diff --git a/cmd/admin-router.go b/cmd/admin-router.go
index 716e15780..47f987c66 100644
--- a/cmd/admin-router.go
+++ b/cmd/admin-router.go
@@ -91,6 +91,9 @@ func registerAdminRouter(router *mux.Router, enableConfigOps, enableIAMOps bool)
 		adminV1Router.Methods(http.MethodPut).Path("/set-user-status").HandlerFunc(httpTraceHdrs(adminAPI.SetUserStatus)).
 			Queries("accessKey", "{accessKey:.*}").Queries("status", "{status:.*}")
 
+		// Info policy IAM
+		adminV1Router.Methods(http.MethodGet).Path("/info-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.InfoCannedPolicy)).Queries("name", "{name:.*}")
+
 		// Remove policy IAM
 		adminV1Router.Methods(http.MethodDelete).Path("/remove-canned-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveCannedPolicy)).Queries("name", "{name:.*}")
 
diff --git a/cmd/iam.go b/cmd/iam.go
index 0dcee8106..605fed052 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -429,6 +429,23 @@ func (sys *IAMSys) DeletePolicy(policyName string) error {
 	return err
 }
 
+// InfoPolicy - expands the canned policy into its JSON structure.
+func (sys *IAMSys) InfoPolicy(policyName string) ([]byte, error) {
+	objectAPI := newObjectLayerFn()
+	if objectAPI == nil {
+		return nil, errServerNotInitialized
+	}
+
+	sys.RLock()
+	defer sys.RUnlock()
+
+	v, ok := sys.iamPolicyDocsMap[policyName]
+	if !ok {
+		return nil, errNoSuchPolicy
+	}
+	return json.Marshal(v)
+}
+
 // ListPolicies - lists all canned policies.
 func (sys *IAMSys) ListPolicies() (map[string][]byte, error) {
 	objectAPI := newObjectLayerFn()
@@ -581,6 +598,7 @@ func (sys *IAMSys) GetUserInfo(name string) (u madmin.UserInfo, err error) {
 	if sys.usersSysType != MinIOUsersSysType {
 		return madmin.UserInfo{
 			PolicyName: sys.iamUserPolicyMap[name].Policy,
+			MemberOf:   sys.iamUserGroupMemberships[name].ToSlice(),
 		}, nil
 	}
 
@@ -892,9 +910,6 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
 		policy = ps[0]
 	}
 
-	sys.RLock()
-	defer sys.RUnlock()
-
 	if sys.usersSysType != MinIOUsersSysType {
 		return madmin.GroupDesc{
 			Name:   group,
@@ -902,6 +917,9 @@ func (sys *IAMSys) GetGroupDescription(group string) (gd madmin.GroupDesc, err e
 		}, nil
 	}
 
+	sys.RLock()
+	defer sys.RUnlock()
+
 	gi, ok := sys.iamGroupsMap[group]
 	if !ok {
 		return gd, errNoSuchGroup
diff --git a/pkg/madmin/policy-commands.go b/pkg/madmin/policy-commands.go
index 36e7e4c93..f2e523b9e 100644
--- a/pkg/madmin/policy-commands.go
+++ b/pkg/madmin/policy-commands.go
@@ -24,6 +24,31 @@ import (
 	"net/url"
 )
 
+// InfoCannedPolicy - expand canned policy into JSON structure.
+func (adm *AdminClient) InfoCannedPolicy(policyName string) ([]byte, error) {
+	queryValues := url.Values{}
+	queryValues.Set("name", policyName)
+
+	reqData := requestData{
+		relPath:     "/v1/info-canned-policy",
+		queryValues: queryValues,
+	}
+
+	// Execute GET on /minio/admin/v1/info-canned-policy
+	resp, err := adm.executeMethod("GET", reqData)
+
+	defer closeResponse(resp)
+	if err != nil {
+		return nil, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, httpRespToErrorResponse(resp)
+	}
+
+	return ioutil.ReadAll(resp.Body)
+}
+
 // ListCannedPolicies - list all configured canned policies.
 func (adm *AdminClient) ListCannedPolicies() (map[string][]byte, error) {
 	reqData := requestData{