Add ListUsers API to list all configured users in IAM (#6619)

master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent 28e25eac78
commit 3ef3fefd54
  1. 44
      cmd/admin-handlers.go
  2. 5
      cmd/admin-router.go
  3. 21
      cmd/iam.go
  4. 2
      pkg/iam/policy/statement.go
  5. 18
      pkg/madmin/API.md
  6. 33
      pkg/madmin/user-commands.go

@ -769,6 +769,48 @@ func (a adminAPIHandlers) RemoveUserPolicy(w http.ResponseWriter, r *http.Reques
} }
} }
// ListUsers - GET /minio/admin/v1/list-users
func (a adminAPIHandlers) ListUsers(w http.ResponseWriter, r *http.Request) {
ctx := newContext(r, w, "ListUsers")
// Get current object layer instance.
objectAPI := newObjectLayerFn()
if objectAPI == nil {
writeErrorResponseJSON(w, ErrServerNotInitialized, r.URL)
return
}
// Validate request signature.
adminAPIErr := checkAdminRequestAuthType(r, "")
if adminAPIErr != ErrNone {
writeErrorResponseJSON(w, adminAPIErr, r.URL)
return
}
allCredentials, err := globalIAMSys.ListUsers()
if err != nil {
writeErrorResponseJSON(w, toAdminAPIErrCode(err), r.URL)
return
}
data, err := json.Marshal(allCredentials)
if err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL)
return
}
password := globalServerConfig.GetCredential().SecretKey
econfigData, err := madmin.EncryptData(password, data)
if err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL)
return
}
writeSuccessResponseJSON(w, econfigData)
}
// AddUser - PUT /minio/admin/v1/add-user?accessKey=<access_key> // AddUser - PUT /minio/admin/v1/add-user?accessKey=<access_key>
func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
ctx := newContext(r, w, "AddUser") ctx := newContext(r, w, "AddUser")
@ -815,12 +857,14 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) {
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL) writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
return return
} }
var uinfo madmin.UserInfo var uinfo madmin.UserInfo
if err = json.Unmarshal(configBytes, &uinfo); err != nil { if err = json.Unmarshal(configBytes, &uinfo); err != nil {
logger.LogIf(ctx, err) logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL) writeErrorResponseJSON(w, ErrAdminConfigBadJSON, r.URL)
return return
} }
if err = globalIAMSys.SetUser(accessKey, uinfo); err != nil { if err = globalIAMSys.SetUser(accessKey, uinfo); err != nil {
logger.LogIf(ctx, err) logger.LogIf(ctx, err)
writeErrorResponseJSON(w, ErrInternalError, r.URL) writeErrorResponseJSON(w, ErrInternalError, r.URL)

@ -79,6 +79,8 @@ func registerAdminRouter(router *mux.Router) {
// Set config keys/values // Set config keys/values
adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler)) adminV1Router.Methods(http.MethodPut).Path("/config-keys").HandlerFunc(httpTraceHdrs(adminAPI.SetConfigKeysHandler))
// -- IAM APIs --
// Add user IAM // Add user IAM
adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}") adminV1Router.Methods(http.MethodPut).Path("/add-user").HandlerFunc(httpTraceHdrs(adminAPI.AddUser)).Queries("accessKey", "{accessKey:.*}")
adminV1Router.Methods(http.MethodPut).Path("/add-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddUserPolicy)).Queries("accessKey", "{accessKey:.*}") adminV1Router.Methods(http.MethodPut).Path("/add-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.AddUserPolicy)).Queries("accessKey", "{accessKey:.*}")
@ -87,4 +89,7 @@ func registerAdminRouter(router *mux.Router) {
adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}") adminV1Router.Methods(http.MethodDelete).Path("/remove-user").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUser)).Queries("accessKey", "{accessKey:.*}")
adminV1Router.Methods(http.MethodDelete).Path("/remove-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUserPolicy)).Queries("accessKey", "{accessKey:.*}") adminV1Router.Methods(http.MethodDelete).Path("/remove-user-policy").HandlerFunc(httpTraceHdrs(adminAPI.RemoveUserPolicy)).Queries("accessKey", "{accessKey:.*}")
// List users
adminV1Router.Methods(http.MethodGet).Path("/list-users").HandlerFunc(httpTraceHdrs(adminAPI.ListUsers))
} }

@ -256,6 +256,27 @@ func (sys *IAMSys) SetTempUser(accessKey string, cred auth.Credentials) error {
return nil return nil
} }
// ListUsers - list all users.
func (sys *IAMSys) ListUsers() (map[string]madmin.UserInfo, error) {
objectAPI := newObjectLayerFn()
if objectAPI == nil {
return nil, errServerNotInitialized
}
var users = make(map[string]madmin.UserInfo)
sys.RLock()
defer sys.RUnlock()
for k, v := range sys.iamUsersMap {
users[k] = madmin.UserInfo{
Status: madmin.AccountStatus(v.Status),
}
}
return users, nil
}
// SetUser - set user credentials. // SetUser - set user credentials.
func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error { func (sys *IAMSys) SetUser(accessKey string, uinfo madmin.UserInfo) error {
objectAPI := newObjectLayerFn() objectAPI := newObjectLayerFn()

@ -48,6 +48,8 @@ func (statement Statement) IsAllowed(args Args) bool {
} }
resource += args.ObjectName resource += args.ObjectName
} else {
resource += "/"
} }
if !statement.Resources.Match(resource) { if !statement.Resources.Match(resource) {

@ -40,7 +40,7 @@ func main() {
|:----------------------------|:----------------------------|:--------------------------------------|:--------------------------|:------------------------------------|:------------------------------------| |:----------------------------|:----------------------------|:--------------------------------------|:--------------------------|:------------------------------------|:------------------------------------|
| [`ServiceStatus`](#ServiceStatus) | [`ServerInfo`](#ServerInfo) | [`Heal`](#Heal) | [`GetConfig`](#GetConfig) | [`AddUser()`](#AddUser) | [`SetAdminCredentials`](#SetAdminCredentials) | | [`ServiceStatus`](#ServiceStatus) | [`ServerInfo`](#ServerInfo) | [`Heal`](#Heal) | [`GetConfig`](#GetConfig) | [`AddUser()`](#AddUser) | [`SetAdminCredentials`](#SetAdminCredentials) |
| [`ServiceSendAction`](#ServiceSendAction) | | | [`SetConfig`](#SetConfig) | [`AddUserPolicy`](#AddUserPolicy) | [`StartProfiling`](#StartProfiling) | | [`ServiceSendAction`](#ServiceSendAction) | | | [`SetConfig`](#SetConfig) | [`AddUserPolicy`](#AddUserPolicy) | [`StartProfiling`](#StartProfiling) |
| | | | [`GetConfigKeys`](#GetConfigKeys) | [`DownloadProfilingData`](#DownloadProfilingData) | | | | | [`GetConfigKeys`](#GetConfigKeys) | [`ListUsers`](#ListUsers) | [`DownloadProfilingData`](#DownloadProfilingData) |
| | | | [`SetConfigKeys`](#SetConfigKeys) | | | | | | [`SetConfigKeys`](#SetConfigKeys) | |
@ -375,6 +375,22 @@ __Example__
} }
``` ```
<a name="ListUsers"></a>
### ListUsers() (map[string]UserInfo, error)
Lists all users on Minio server.
__Example__
``` go
users, err := madmClnt.ListUsers();
if err != nil {
log.Fatalln(err)
}
for k, v := range users {
fmt.Printf("User %s Status %s\n", k, v.Status)
}
```
## 9. Misc operations ## 9. Misc operations
<a name="SetAdminCredentials"></a> <a name="SetAdminCredentials"></a>

@ -34,7 +34,7 @@ const (
// UserInfo carries information about long term users. // UserInfo carries information about long term users.
type UserInfo struct { type UserInfo struct {
SecretKey string `json:"secretKey"` SecretKey string `json:"secretKey,omitempty"`
Status AccountStatus `json:"status"` Status AccountStatus `json:"status"`
} }
@ -63,6 +63,37 @@ func (adm *AdminClient) RemoveUser(accessKey string) error {
return nil return nil
} }
// ListUsers - list all users.
func (adm *AdminClient) ListUsers() (map[string]UserInfo, error) {
reqData := requestData{
relPath: "/v1/list-users",
}
// Execute GET on /minio/admin/v1/list-users
resp, err := adm.executeMethod("GET", reqData)
defer closeResponse(resp)
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
data, err := DecryptData(adm.secretAccessKey, resp.Body)
if err != nil {
return nil, err
}
var users = make(map[string]UserInfo)
if err = json.Unmarshal(data, &users); err != nil {
return nil, err
}
return users, nil
}
// SetUser - sets a user info. // SetUser - sets a user info.
func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error { func (adm *AdminClient) SetUser(accessKey, secretKey string, status AccountStatus) error {
data, err := json.Marshal(UserInfo{ data, err := json.Marshal(UserInfo{

Loading…
Cancel
Save