oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ListUsers API to list all configured users in IAM (#6619)

Browse Source
master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent 28e25eac78
commit 3ef3fefd54
6 changed files with 121 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 44
      cmd/admin-handlers.go
  2. 5
      cmd/admin-router.go
  3. 21
      cmd/iam.go
  4. 2
      pkg/iam/policy/statement.go
  5. 18
      pkg/madmin/API.md
  6. 33
      pkg/madmin/user-commands.go

44
cmd/admin-handlers.go
Unescape View File

@ -769,6 +769,48 @@ func (a adminAPIHandlers) RemoveUserPolicy(w http.ResponseWriter, r *http.Reques
}
}
// ListUsers - GET /minio/admin/v1/list-users
func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
ctx := newContext(r, w, "ListUsers")
// Get current object layer instance.
objectAPI := newObjectLayerFn()
if objectAPI == nil {
writeErrorResponseJSON(w, ErrServerNotInitialized, r.URL)
return
}
// Validate request signature.
adminAPIErr := checkAdminRequestAuthType(r, "")
if adminAPIErr != ErrNone {
writeErrorResponseJSON(w, adminAPIErr, r.URL)
return
}
allCredentials, err := globalIAMSys.ListUsers()
if err != nil {
writeErrorResponseJSON(w, toAdminAPIErrCode(err), r.URL)
return
}
data, err := json.Marshal(allCredentials)
if err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL)
return
}
password := globalServerConfig.GetCredential().SecretKey
econfigData, err := madmin.EncryptData(password, data)
if err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL)
return
}
writeSuccessResponseJSON(w, econfigData)
}
// AddUser - PUT /minio/admin/v1/add-user?accessKey=<access_key>
func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
ctx := newContext(r, w, "AddUser")
@ -815,12 +857,14 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
return
}
var uinfo madmin.UserInfo
if err = json.Unmarshal(configBytes, &uinfo); err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
return
}
if err = globalIAMSys.SetUser(accessKey, uinfo); err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL)

5
cmd/admin-router.go
Unescape View File

@ -79,6 +79,8 @@ func registerAdminRouter(router *mux.Router) {
// Set config keys/values
adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler))
// -- IAM APIs --
// Add user IAM
adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}")
adminV1Router.Methods(http.MethodPut).Path("/add-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddUserPolicy)).Queries("accessKey", "{accessKey:.*}")
@ -87,4 +89,7 @@ func registerAdminRouter(router *mux.Router) {
adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}")
adminV1Router.Methods(http.MethodDelete).Path("/remove-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUserPolicy)).Queries("accessKey", "{accessKey:.*}")
// List users
adminV1Router.Methods(http.MethodGet).Path("/list-users").HandlerFunc(httpTraceHdrs(adminAPI.ListUsers))
}

21
cmd/iam.go
Unescape View File

@ -256,6 +256,27 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials) error {
return nil
}
// ListUsers - list all users.
func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
objectAPI := newObjectLayerFn()
if objectAPI == nil {
return nil, errServerNotInitialized
}
var users = make(map[string]madmin.UserInfo)
sys.RLock()
defer sys.RUnlock()
for k, v := range sys.iamUsersMap {
users[k] = madmin.UserInfo{
Status: madmin.AccountStatus(v.Status),
}
}
return users, nil
}
// SetUser - set user credentials.
func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
objectAPI := newObjectLayerFn()

2
pkg/iam/policy/statement.go
Unescape View File

@ -48,6 +48,8 @@ func (statement Statement) IsAllowed(args Args) bool {
}
resource += args.ObjectName
} else {
resource += "/"
}
if !statement.Resources.Match(resource) {

18
pkg/madmin/API.md
Unescape View File

@ -40,7 +40,7 @@ func main() {
|:----------------------------|:----------------------------|:--------------------------------------|:--------------------------|:------------------------------------|:------------------------------------|
| [`ServiceStatus`](#ServiceStatus) | [`ServerInfo`](#ServerInfo) | [`Heal`](#Heal) | [`GetConfig`](#GetConfig) | [`AddUser()`](#AddUser) | [`SetAdminCredentials`](#SetAdminCredentials) |
| [`ServiceSendAction`](#ServiceSendAction) | | | [`SetConfig`](#SetConfig) | [`AddUserPolicy`](#AddUserPolicy) | [`StartProfiling`](#StartProfiling) |
| | | | [`GetConfigKeys`](#GetConfigKeys) | [`DownloadProfilingData`](#DownloadProfilingData) |
| | | | [`GetConfigKeys`](#GetConfigKeys) | [`ListUsers`](#ListUsers) | [`DownloadProfilingData`](#DownloadProfilingData) |
| | | | [`SetConfigKeys`](#SetConfigKeys) | |
@ -375,6 +375,22 @@ __Example__
}
```
<a name="ListUsers"></a>
### ListUsers() (map[string]UserInfo, error)
Lists all users on Minio server.
__Example__
``` go
users, err := madmClnt.ListUsers();
if err != nil {
log.Fatalln(err)
}
for k, v := range users {
fmt.Printf("User %s Status %s\n", k, v.Status)
}
```
## 9. Misc operations
<a name="SetAdminCredentials"></a>

33
pkg/madmin/user-commands.go
Unescape View File

@ -34,7 +34,7 @@ const (
// UserInfo carries information about long term users.
type UserInfo struct {
SecretKey string `json:"secretKey"`
SecretKey string `json:"secretKey,omitempty"`
Status AccountStatus `json:"status"`
}
@ -63,6 +63,37 @@ func (adm *AdminClient) RemoveUser(accessKey string) error {
return nil
}
// ListUsers - list all users.
func (adm *AdminClient) ListUsers() (map[string]UserInfo, error) {
reqData := requestData{
relPath: "/v1/list-users",
}
// Execute GET on /minio/admin/v1/list-users
resp, err := adm.executeMethod("GET", reqData)
defer closeResponse(resp)
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
data, err := DecryptData(adm.secretAccessKey, resp.Body)
if err != nil {
return nil, err
}
var users = make(map[string]UserInfo)
if err = json.Unmarshal(data, &users); err != nil {
return nil, err
}
return users, nil
}
// SetUser - sets a user info.
func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error {
data, err := json.Marshal(UserInfo{

Write Preview
Loading…
Cancel
Save