github.com/minio/madmin-go@v1.7.5/policy-commands.go

github.com/minio/madmin-go@v1.7.5/policy-commands.go (about)

     1  //
     2  // MinIO Object Storage (c) 2021 MinIO, Inc.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //      http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  //
    16  
    17  package madmin
    18  
    19  import (
    20  	"context"
    21  	"encoding/json"
    22  	"io/ioutil"
    23  	"net/http"
    24  	"net/url"
    25  	"time"
    26  )
    27  
    28  // InfoCannedPolicy - expand canned policy into JSON structure.
    29  //
    30  // To be DEPRECATED in favor of the implementation in InfoCannedPolicyV2
    31  func (adm *AdminClient) InfoCannedPolicy(ctx context.Context, policyName string) ([]byte, error) {
    32  	queryValues := url.Values{}
    33  	queryValues.Set("name", policyName)
    34  
    35  	reqData := requestData{
    36  		relPath:     adminAPIPrefix + "/info-canned-policy",
    37  		queryValues: queryValues,
    38  	}
    39  
    40  	// Execute GET on /minio/admin/v3/info-canned-policy
    41  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
    42  
    43  	defer closeResponse(resp)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  
    48  	if resp.StatusCode != http.StatusOK {
    49  		return nil, httpRespToErrorResponse(resp)
    50  	}
    51  
    52  	return ioutil.ReadAll(resp.Body)
    53  }
    54  
    55  // PolicyInfo contains information on a policy.
    56  type PolicyInfo struct {
    57  	PolicyName string
    58  	Policy     json.RawMessage
    59  	CreateDate time.Time `json:",omitempty"`
    60  	UpdateDate time.Time `json:",omitempty"`
    61  }
    62  
    63  // MarshalJSON marshaller for JSON
    64  func (pi PolicyInfo) MarshalJSON() ([]byte, error) {
    65  	type aliasPolicyInfo PolicyInfo // needed to avoid recursive marshal
    66  	if pi.CreateDate.IsZero() && pi.UpdateDate.IsZero() {
    67  		return json.Marshal(&struct {
    68  			PolicyName string
    69  			Policy     json.RawMessage
    70  		}{
    71  			PolicyName: pi.PolicyName,
    72  			Policy:     pi.Policy,
    73  		})
    74  	}
    75  	return json.Marshal(aliasPolicyInfo(pi))
    76  }
    77  
    78  // InfoCannedPolicyV2 - get info on a policy including timestamps and policy json.
    79  func (adm *AdminClient) InfoCannedPolicyV2(ctx context.Context, policyName string) (*PolicyInfo, error) {
    80  	queryValues := url.Values{}
    81  	queryValues.Set("name", policyName)
    82  	queryValues.Set("v", "2")
    83  
    84  	reqData := requestData{
    85  		relPath:     adminAPIPrefix + "/info-canned-policy",
    86  		queryValues: queryValues,
    87  	}
    88  
    89  	// Execute GET on /minio/admin/v3/info-canned-policy
    90  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
    91  
    92  	defer closeResponse(resp)
    93  	if err != nil {
    94  		return nil, err
    95  	}
    96  
    97  	if resp.StatusCode != http.StatusOK {
    98  		return nil, httpRespToErrorResponse(resp)
    99  	}
   100  
   101  	data, err := ioutil.ReadAll(resp.Body)
   102  	if err != nil {
   103  		return nil, err
   104  	}
   105  
   106  	var p PolicyInfo
   107  	err = json.Unmarshal(data, &p)
   108  	return &p, err
   109  }
   110  
   111  // ListCannedPolicies - list all configured canned policies.
   112  func (adm *AdminClient) ListCannedPolicies(ctx context.Context) (map[string]json.RawMessage, error) {
   113  	reqData := requestData{
   114  		relPath: adminAPIPrefix + "/list-canned-policies",
   115  	}
   116  
   117  	// Execute GET on /minio/admin/v3/list-canned-policies
   118  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
   119  
   120  	defer closeResponse(resp)
   121  	if err != nil {
   122  		return nil, err
   123  	}
   124  
   125  	if resp.StatusCode != http.StatusOK {
   126  		return nil, httpRespToErrorResponse(resp)
   127  	}
   128  
   129  	respBytes, err := ioutil.ReadAll(resp.Body)
   130  	if err != nil {
   131  		return nil, err
   132  	}
   133  
   134  	policies := make(map[string]json.RawMessage)
   135  	if err = json.Unmarshal(respBytes, &policies); err != nil {
   136  		return nil, err
   137  	}
   138  
   139  	return policies, nil
   140  }
   141  
   142  // RemoveCannedPolicy - remove a policy for a canned.
   143  func (adm *AdminClient) RemoveCannedPolicy(ctx context.Context, policyName string) error {
   144  	queryValues := url.Values{}
   145  	queryValues.Set("name", policyName)
   146  
   147  	reqData := requestData{
   148  		relPath:     adminAPIPrefix + "/remove-canned-policy",
   149  		queryValues: queryValues,
   150  	}
   151  
   152  	// Execute DELETE on /minio/admin/v3/remove-canned-policy to remove policy.
   153  	resp, err := adm.executeMethod(ctx, http.MethodDelete, reqData)
   154  
   155  	defer closeResponse(resp)
   156  	if err != nil {
   157  		return err
   158  	}
   159  
   160  	if resp.StatusCode != http.StatusOK {
   161  		return httpRespToErrorResponse(resp)
   162  	}
   163  
   164  	return nil
   165  }
   166  
   167  // AddCannedPolicy - adds a policy for a canned.
   168  func (adm *AdminClient) AddCannedPolicy(ctx context.Context, policyName string, policy []byte) error {
   169  	if policy == nil {
   170  		return ErrInvalidArgument("policy input cannot be empty")
   171  	}
   172  
   173  	queryValues := url.Values{}
   174  	queryValues.Set("name", policyName)
   175  
   176  	reqData := requestData{
   177  		relPath:     adminAPIPrefix + "/add-canned-policy",
   178  		queryValues: queryValues,
   179  		content:     policy,
   180  	}
   181  
   182  	// Execute PUT on /minio/admin/v3/add-canned-policy to set policy.
   183  	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
   184  
   185  	defer closeResponse(resp)
   186  	if err != nil {
   187  		return err
   188  	}
   189  
   190  	if resp.StatusCode != http.StatusOK {
   191  		return httpRespToErrorResponse(resp)
   192  	}
   193  
   194  	return nil
   195  }
   196  
   197  // SetPolicy - sets the policy for a user or a group.
   198  func (adm *AdminClient) SetPolicy(ctx context.Context, policyName, entityName string, isGroup bool) error {
   199  	queryValues := url.Values{}
   200  	queryValues.Set("policyName", policyName)
   201  	queryValues.Set("userOrGroup", entityName)
   202  	groupStr := "false"
   203  	if isGroup {
   204  		groupStr = "true"
   205  	}
   206  	queryValues.Set("isGroup", groupStr)
   207  
   208  	reqData := requestData{
   209  		relPath:     adminAPIPrefix + "/set-user-or-group-policy",
   210  		queryValues: queryValues,
   211  	}
   212  
   213  	// Execute PUT on /minio/admin/v3/set-user-or-group-policy to set policy.
   214  	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
   215  	defer closeResponse(resp)
   216  	if err != nil {
   217  		return err
   218  	}
   219  
   220  	if resp.StatusCode != http.StatusOK {
   221  		return httpRespToErrorResponse(resp)
   222  	}
   223  	return nil
   224  }