storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/madmin/policy-commands.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/madmin/policy-commands.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2018-2020 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   */
    17  
    18  package madmin
    19  
    20  import (
    21  	"context"
    22  	"encoding/json"
    23  	"io/ioutil"
    24  	"net/http"
    25  	"net/url"
    26  
    27  	iampolicy "storj.io/minio/pkg/iam/policy"
    28  )
    29  
    30  // InfoCannedPolicy - expand canned policy into JSON structure.
    31  func (adm *AdminClient) InfoCannedPolicy(ctx context.Context, policyName string) (*iampolicy.Policy, error) {
    32  	queryValues := url.Values{}
    33  	queryValues.Set("name", policyName)
    34  
    35  	reqData := requestData{
    36  		relPath:     adminAPIPrefix + "/info-canned-policy",
    37  		queryValues: queryValues,
    38  	}
    39  
    40  	// Execute GET on /minio/admin/v3/info-canned-policy
    41  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
    42  
    43  	defer closeResponse(resp)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  
    48  	if resp.StatusCode != http.StatusOK {
    49  		return nil, httpRespToErrorResponse(resp)
    50  	}
    51  
    52  	return iampolicy.ParseConfig(resp.Body)
    53  }
    54  
    55  // ListCannedPolicies - list all configured canned policies.
    56  func (adm *AdminClient) ListCannedPolicies(ctx context.Context) (map[string]*iampolicy.Policy, error) {
    57  	reqData := requestData{
    58  		relPath: adminAPIPrefix + "/list-canned-policies",
    59  	}
    60  
    61  	// Execute GET on /minio/admin/v3/list-canned-policies
    62  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
    63  
    64  	defer closeResponse(resp)
    65  	if err != nil {
    66  		return nil, err
    67  	}
    68  
    69  	if resp.StatusCode != http.StatusOK {
    70  		return nil, httpRespToErrorResponse(resp)
    71  	}
    72  
    73  	respBytes, err := ioutil.ReadAll(resp.Body)
    74  	if err != nil {
    75  		return nil, err
    76  	}
    77  
    78  	var policies = make(map[string]*iampolicy.Policy)
    79  	if err = json.Unmarshal(respBytes, &policies); err != nil {
    80  		return nil, err
    81  	}
    82  
    83  	return policies, nil
    84  }
    85  
    86  // RemoveCannedPolicy - remove a policy for a canned.
    87  func (adm *AdminClient) RemoveCannedPolicy(ctx context.Context, policyName string) error {
    88  	queryValues := url.Values{}
    89  	queryValues.Set("name", policyName)
    90  
    91  	reqData := requestData{
    92  		relPath:     adminAPIPrefix + "/remove-canned-policy",
    93  		queryValues: queryValues,
    94  	}
    95  
    96  	// Execute DELETE on /minio/admin/v3/remove-canned-policy to remove policy.
    97  	resp, err := adm.executeMethod(ctx, http.MethodDelete, reqData)
    98  
    99  	defer closeResponse(resp)
   100  	if err != nil {
   101  		return err
   102  	}
   103  
   104  	if resp.StatusCode != http.StatusOK {
   105  		return httpRespToErrorResponse(resp)
   106  	}
   107  
   108  	return nil
   109  }
   110  
   111  // AddCannedPolicy - adds a policy for a canned.
   112  func (adm *AdminClient) AddCannedPolicy(ctx context.Context, policyName string, policy *iampolicy.Policy) error {
   113  	if policy == nil {
   114  		return ErrInvalidArgument("policy input cannot be empty")
   115  	}
   116  
   117  	if err := policy.Validate(); err != nil {
   118  		return err
   119  	}
   120  
   121  	buf, err := json.Marshal(policy)
   122  	if err != nil {
   123  		return err
   124  	}
   125  
   126  	queryValues := url.Values{}
   127  	queryValues.Set("name", policyName)
   128  
   129  	reqData := requestData{
   130  		relPath:     adminAPIPrefix + "/add-canned-policy",
   131  		queryValues: queryValues,
   132  		content:     buf,
   133  	}
   134  
   135  	// Execute PUT on /minio/admin/v3/add-canned-policy to set policy.
   136  	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
   137  
   138  	defer closeResponse(resp)
   139  	if err != nil {
   140  		return err
   141  	}
   142  
   143  	if resp.StatusCode != http.StatusOK {
   144  		return httpRespToErrorResponse(resp)
   145  	}
   146  
   147  	return nil
   148  }
   149  
   150  // SetPolicy - sets the policy for a user or a group.
   151  func (adm *AdminClient) SetPolicy(ctx context.Context, policyName, entityName string, isGroup bool) error {
   152  	queryValues := url.Values{}
   153  	queryValues.Set("policyName", policyName)
   154  	queryValues.Set("userOrGroup", entityName)
   155  	groupStr := "false"
   156  	if isGroup {
   157  		groupStr = "true"
   158  	}
   159  	queryValues.Set("isGroup", groupStr)
   160  
   161  	reqData := requestData{
   162  		relPath:     adminAPIPrefix + "/set-user-or-group-policy",
   163  		queryValues: queryValues,
   164  	}
   165  
   166  	// Execute PUT on /minio/admin/v3/set-user-or-group-policy to set policy.
   167  	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
   168  	defer closeResponse(resp)
   169  	if err != nil {
   170  		return err
   171  	}
   172  
   173  	if resp.StatusCode != http.StatusOK {
   174  		return httpRespToErrorResponse(resp)
   175  	}
   176  	return nil
   177  }