minio/pkg/madmin/policy-commands.go
Harshavardhana fd53057654 Add InfoCannedPolicy API to fetch only necessary policy (#8307)
This PR adds
- InfoCannedPolicy() API for efficiency in fetching policies
- Send group memberships for LDAPUser if available
2019-09-26 23:53:13 +05:30

162 lines
3.8 KiB
Go

/*
* MinIO Cloud Storage, (C) 2018 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package madmin
import (
"encoding/json"
"io/ioutil"
"net/http"
"net/url"
)
// InfoCannedPolicy - expand canned policy into JSON structure.
func (adm *AdminClient) InfoCannedPolicy(policyName string) ([]byte, error) {
queryValues := url.Values{}
queryValues.Set("name", policyName)
reqData := requestData{
relPath: "/v1/info-canned-policy",
queryValues: queryValues,
}
// Execute GET on /minio/admin/v1/info-canned-policy
resp, err := adm.executeMethod("GET", reqData)
defer closeResponse(resp)
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
return ioutil.ReadAll(resp.Body)
}
// ListCannedPolicies - list all configured canned policies.
func (adm *AdminClient) ListCannedPolicies() (map[string][]byte, error) {
reqData := requestData{
relPath: "/v1/list-canned-policies",
}
// Execute GET on /minio/admin/v1/list-canned-policies
resp, err := adm.executeMethod("GET", reqData)
defer closeResponse(resp)
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, httpRespToErrorResponse(resp)
}
respBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
var policies = make(map[string][]byte)
if err = json.Unmarshal(respBytes, &policies); err != nil {
return nil, err
}
return policies, nil
}
// RemoveCannedPolicy - remove a policy for a canned.
func (adm *AdminClient) RemoveCannedPolicy(policyName string) error {
queryValues := url.Values{}
queryValues.Set("name", policyName)
reqData := requestData{
relPath: "/v1/remove-canned-policy",
queryValues: queryValues,
}
// Execute DELETE on /minio/admin/v1/remove-canned-policy to remove policy.
resp, err := adm.executeMethod("DELETE", reqData)
defer closeResponse(resp)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return httpRespToErrorResponse(resp)
}
return nil
}
// AddCannedPolicy - adds a policy for a canned.
func (adm *AdminClient) AddCannedPolicy(policyName, policy string) error {
queryValues := url.Values{}
queryValues.Set("name", policyName)
reqData := requestData{
relPath: "/v1/add-canned-policy",
queryValues: queryValues,
content: []byte(policy),
}
// Execute PUT on /minio/admin/v1/add-canned-policy to set policy.
resp, err := adm.executeMethod("PUT", reqData)
defer closeResponse(resp)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return httpRespToErrorResponse(resp)
}
return nil
}
// SetPolicy - sets the policy for a user or a group.
func (adm *AdminClient) SetPolicy(policyName, entityName string, isGroup bool) error {
queryValues := url.Values{}
queryValues.Set("policyName", policyName)
queryValues.Set("userOrGroup", entityName)
groupStr := "false"
if isGroup {
groupStr = "true"
}
queryValues.Set("isGroup", groupStr)
reqData := requestData{
relPath: "/v1/set-user-or-group-policy",
queryValues: queryValues,
}
// Execute PUT on /minio/admin/v1/set-user-or-group-policy to set policy.
resp, err := adm.executeMethod("PUT", reqData)
defer closeResponse(resp)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return httpRespToErrorResponse(resp)
}
return nil
}