|
|
@ -55,6 +55,8 @@ func validateAdminUsersReq(ctx context.Context, w http.ResponseWriter, r *http.R |
|
|
|
func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "RemoveUser") |
|
|
|
ctx := newContext(r, w, "RemoveUser") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "RemoveUser", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.DeleteUserAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.DeleteUserAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -91,6 +93,8 @@ func (a adminAPIHandlers) RemoveUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "ListUsers") |
|
|
|
ctx := newContext(r, w, "ListUsers") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "ListUsers", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, cred := validateAdminUsersReq(ctx, w, r, iampolicy.ListUsersAdminAction) |
|
|
|
objectAPI, cred := validateAdminUsersReq(ctx, w, r, iampolicy.ListUsersAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -123,6 +127,8 @@ func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "GetUserInfo") |
|
|
|
ctx := newContext(r, w, "GetUserInfo") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "GetUserInfo", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetUserAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetUserAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -150,6 +156,8 @@ func (a adminAPIHandlers) GetUserInfo(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "UpdateGroupMembers") |
|
|
|
ctx := newContext(r, w, "UpdateGroupMembers") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "UpdateGroupMembers", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.AddUserToGroupAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.AddUserToGroupAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -193,6 +201,8 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ |
|
|
|
func (a adminAPIHandlers) GetGroup(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) GetGroup(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "GetGroup") |
|
|
|
ctx := newContext(r, w, "GetGroup") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "GetGroup", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetGroupAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetGroupAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -220,6 +230,8 @@ func (a adminAPIHandlers) GetGroup(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "ListGroups") |
|
|
|
ctx := newContext(r, w, "ListGroups") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "ListGroups", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListGroupsAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListGroupsAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -244,6 +256,8 @@ func (a adminAPIHandlers) ListGroups(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "SetGroupStatus") |
|
|
|
ctx := newContext(r, w, "SetGroupStatus") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "SetGroupStatus", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.EnableGroupAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.EnableGroupAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -279,6 +293,8 @@ func (a adminAPIHandlers) SetGroupStatus(w http.ResponseWriter, r *http.Request) |
|
|
|
func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "SetUserStatus") |
|
|
|
ctx := newContext(r, w, "SetUserStatus") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "SetUserStatus", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.EnableUserAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.EnableUserAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -312,6 +328,8 @@ func (a adminAPIHandlers) SetUserStatus(w http.ResponseWriter, r *http.Request) |
|
|
|
func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "AddUser") |
|
|
|
ctx := newContext(r, w, "AddUser") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "AddUser", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, cred := validateAdminUsersReq(ctx, w, r, iampolicy.CreateUserAdminAction) |
|
|
|
objectAPI, cred := validateAdminUsersReq(ctx, w, r, iampolicy.CreateUserAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -365,6 +383,8 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "AddServiceAccount") |
|
|
|
ctx := newContext(r, w, "AddServiceAccount") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "AddServiceAccount", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
// Get current object layer instance.
|
|
|
|
// Get current object layer instance.
|
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
@ -442,6 +462,8 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque |
|
|
|
func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "ListServiceAccounts") |
|
|
|
ctx := newContext(r, w, "ListServiceAccounts") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "ListServiceAccounts", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
// Get current object layer instance.
|
|
|
|
// Get current object layer instance.
|
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
@ -495,6 +517,8 @@ func (a adminAPIHandlers) ListServiceAccounts(w http.ResponseWriter, r *http.Req |
|
|
|
func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "DeleteServiceAccount") |
|
|
|
ctx := newContext(r, w, "DeleteServiceAccount") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "DeleteServiceAccount", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
// Get current object layer instance.
|
|
|
|
// Get current object layer instance.
|
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
objectAPI := newObjectLayerWithoutSafeModeFn() |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
|
if objectAPI == nil || globalNotificationSys == nil || globalIAMSys == nil { |
|
|
@ -552,6 +576,8 @@ func (a adminAPIHandlers) DeleteServiceAccount(w http.ResponseWriter, r *http.Re |
|
|
|
func (a adminAPIHandlers) InfoCannedPolicyV2(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) InfoCannedPolicyV2(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "InfoCannedPolicyV2") |
|
|
|
ctx := newContext(r, w, "InfoCannedPolicyV2") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "InfoCannedPolicyV2", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetPolicyAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetPolicyAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -577,6 +603,8 @@ func (a adminAPIHandlers) InfoCannedPolicyV2(w http.ResponseWriter, r *http.Requ |
|
|
|
func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "InfoCannedPolicy") |
|
|
|
ctx := newContext(r, w, "InfoCannedPolicy") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "InfoCannedPolicy", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetPolicyAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.GetPolicyAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -596,6 +624,8 @@ func (a adminAPIHandlers) InfoCannedPolicy(w http.ResponseWriter, r *http.Reques |
|
|
|
func (a adminAPIHandlers) ListCannedPoliciesV2(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListCannedPoliciesV2(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "ListCannedPoliciesV2") |
|
|
|
ctx := newContext(r, w, "ListCannedPoliciesV2") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "ListCannedPoliciesV2", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -628,6 +658,8 @@ func (a adminAPIHandlers) ListCannedPoliciesV2(w http.ResponseWriter, r *http.Re |
|
|
|
func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "ListCannedPolicies") |
|
|
|
ctx := newContext(r, w, "ListCannedPolicies") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "ListCannedPolicies", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.ListUserPoliciesAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -660,6 +692,8 @@ func (a adminAPIHandlers) ListCannedPolicies(w http.ResponseWriter, r *http.Requ |
|
|
|
func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "RemoveCannedPolicy") |
|
|
|
ctx := newContext(r, w, "RemoveCannedPolicy") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "RemoveCannedPolicy", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.DeletePolicyAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.DeletePolicyAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -686,6 +720,8 @@ func (a adminAPIHandlers) RemoveCannedPolicy(w http.ResponseWriter, r *http.Requ |
|
|
|
func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "AddCannedPolicy") |
|
|
|
ctx := newContext(r, w, "AddCannedPolicy") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "AddCannedPolicy", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.CreatePolicyAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.CreatePolicyAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
@ -736,6 +772,8 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request |
|
|
|
func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http.Request) { |
|
|
|
func (a adminAPIHandlers) SetPolicyForUserOrGroup(w http.ResponseWriter, r *http.Request) { |
|
|
|
ctx := newContext(r, w, "SetPolicyForUserOrGroup") |
|
|
|
ctx := newContext(r, w, "SetPolicyForUserOrGroup") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
defer logger.AuditLog(w, r, "SetPolicyForUserOrGroup", mustGetClaimsFromToken(r)) |
|
|
|
|
|
|
|
|
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.AttachPolicyAdminAction) |
|
|
|
objectAPI, _ := validateAdminUsersReq(ctx, w, r, iampolicy.AttachPolicyAdminAction) |
|
|
|
if objectAPI == nil { |
|
|
|
if objectAPI == nil { |
|
|
|
return |
|
|
|
return |
|
|
|