github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/admin-user-svcacct-set.go

github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/admin-user-svcacct-set.go (about)

     1  // Copyright (c) 2015-2022 MinIO, Inc.
     2  //
     3  // This file is part of MinIO Object Storage stack
     4  //
     5  // This program is free software: you can redistribute it and/or modify
     6  // it under the terms of the GNU Affero General Public License as published by
     7  // the Free Software Foundation, either version 3 of the License, or
     8  // (at your option) any later version.
     9  //
    10  // This program is distributed in the hope that it will be useful
    11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13  // GNU Affero General Public License for more details.
    14  //
    15  // You should have received a copy of the GNU Affero General Public License
    16  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17  
    18  package cmd
    19  
    20  import (
    21  	"fmt"
    22  	"os"
    23  	"time"
    24  
    25  	"github.com/fatih/color"
    26  	"github.com/minio/cli"
    27  	"github.com/minio/madmin-go/v3"
    28  	"github.com/minio/mc/pkg/probe"
    29  	"github.com/minio/pkg/v2/console"
    30  )
    31  
    32  var adminUserSvcAcctSetFlags = []cli.Flag{
    33  	cli.StringFlag{
    34  		Name:  "secret-key",
    35  		Usage: "set a secret key for the service account",
    36  	},
    37  	cli.StringFlag{
    38  		Name:  "policy",
    39  		Usage: "path to a JSON policy file",
    40  	},
    41  	cli.StringFlag{
    42  		Name:  "name",
    43  		Usage: "name for the service account",
    44  	},
    45  	cli.StringFlag{
    46  		Name:  "description",
    47  		Usage: "description for the service account",
    48  	},
    49  	cli.StringFlag{
    50  		Name:  "expiry",
    51  		Usage: "time of expiration for the service account",
    52  	},
    53  }
    54  
    55  var adminUserSvcAcctSetCmd = cli.Command{
    56  	Name:         "edit",
    57  	Aliases:      []string{"set"},
    58  	Usage:        "edit an existing service account",
    59  	Action:       mainAdminUserSvcAcctSet,
    60  	OnUsageError: onUsageError,
    61  	Before:       setGlobalsFromContext,
    62  	Flags:        append(adminUserSvcAcctSetFlags, globalFlags...),
    63  	CustomHelpTemplate: `NAME:
    64    {{.HelpName}} - {{.Usage}}
    65  
    66  USAGE:
    67    {{.HelpName}} ALIAS SERVICE-ACCOUNT
    68  
    69  FLAGS:
    70    {{range .VisibleFlags}}{{.}}
    71    {{end}}
    72  EXAMPLES:
    73    1. Change the secret key of the service account 'J123C4ZXEQN8RK6ND35I' in MinIO server.
    74       {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --secret-key 'xxxxxxx'
    75  
    76    2. Change the expiry of the service account 'J123C4ZXEQN8RK6ND35I' in MinIO server.
    77       {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24T10:00:00-07:00
    78  `,
    79  }
    80  
    81  // checkAdminUserSvcAcctSetSyntax - validate all the passed arguments
    82  func checkAdminUserSvcAcctSetSyntax(ctx *cli.Context) {
    83  	if len(ctx.Args()) != 2 {
    84  		showCommandHelpAndExit(ctx, 1)
    85  	}
    86  }
    87  
    88  // mainAdminUserSvcAcctSet is the handle for "mc admin user svcacct set" command.
    89  func mainAdminUserSvcAcctSet(ctx *cli.Context) error {
    90  	checkAdminUserSvcAcctSetSyntax(ctx)
    91  
    92  	console.SetColor("AccMessage", color.New(color.FgGreen))
    93  
    94  	// Get the alias parameter from cli
    95  	args := ctx.Args()
    96  	aliasedURL := args.Get(0)
    97  	svcAccount := args.Get(1)
    98  
    99  	secretKey := ctx.String("secret-key")
   100  	policyPath := ctx.String("policy")
   101  	name := ctx.String("name")
   102  	description := ctx.String("description")
   103  	expiry := ctx.String("expiry")
   104  
   105  	// Create a new MinIO Admin Client
   106  	client, err := newAdminClient(aliasedURL)
   107  	fatalIf(err, "Unable to initialize admin connection.")
   108  
   109  	var buf []byte
   110  	if policyPath != "" {
   111  		var e error
   112  		buf, e = os.ReadFile(policyPath)
   113  		fatalIf(probe.NewError(e), "Unable to open the policy document.")
   114  	}
   115  
   116  	var expiryTime time.Time
   117  	var expiryPointer *time.Time
   118  
   119  	if expiry != "" {
   120  		location, e := time.LoadLocation("Local")
   121  		if e != nil {
   122  			fatalIf(probe.NewError(e), "Unable to parse the expiry argument.")
   123  		}
   124  
   125  		patternMatched := false
   126  		for _, format := range supportedTimeFormats {
   127  			t, e := time.ParseInLocation(format, expiry, location)
   128  			if e == nil {
   129  				patternMatched = true
   130  				expiryTime = t
   131  				expiryPointer = &expiryTime
   132  				break
   133  			}
   134  		}
   135  
   136  		if !patternMatched {
   137  			fatalIf(probe.NewError(fmt.Errorf("expiry argument is not matching any of the supported patterns")), "unable to parse the expiry argument.")
   138  		}
   139  	}
   140  
   141  	opts := madmin.UpdateServiceAccountReq{
   142  		NewPolicy:      buf,
   143  		NewSecretKey:   secretKey,
   144  		NewName:        name,
   145  		NewDescription: description,
   146  		NewExpiration:  expiryPointer,
   147  	}
   148  
   149  	e := client.UpdateServiceAccount(globalContext, svcAccount, opts)
   150  	fatalIf(probe.NewError(e).Trace(args...), "Unable to edit the specified service account")
   151  
   152  	printMsg(acctMessage{
   153  		op:        svcAccOpSet,
   154  		AccessKey: svcAccount,
   155  	})
   156  
   157  	return nil
   158  }