From da73668ae6b320ab25f44fa116d54ecc92969ee6 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 11:53:28 -0900 Subject: [PATCH 01/12] Add builtin acceskey ops --- cmd/admin-accesskey-create.go | 88 +++++++++++++++++++ cmd/admin-accesskey-info.go | 50 +++++++++++ cmd/admin-accesskey-list.go | 142 +++++++++++++++++++++++++++++++ cmd/admin-accesskey-remove.go | 49 +++++++++++ cmd/admin-accesskey.go | 45 ++++++++++ cmd/admin-main.go | 1 + cmd/idp-ldap-accesskey-create.go | 12 ++- cmd/idp-ldap-accesskey-info.go | 5 ++ cmd/idp-ldap-accesskey-list.go | 66 +++++++------- cmd/idp-ldap-accesskey-remove.go | 5 ++ 10 files changed, 431 insertions(+), 32 deletions(-) create mode 100644 cmd/admin-accesskey-create.go create mode 100644 cmd/admin-accesskey-info.go create mode 100644 cmd/admin-accesskey-list.go create mode 100644 cmd/admin-accesskey-remove.go create mode 100644 cmd/admin-accesskey.go diff --git a/cmd/admin-accesskey-create.go b/cmd/admin-accesskey-create.go new file mode 100644 index 0000000000..f0d06f30e5 --- /dev/null +++ b/cmd/admin-accesskey-create.go @@ -0,0 +1,88 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyCreateFlags = []cli.Flag{ + cli.StringFlag{ + Name: "access-key", + Usage: "set an access key for the account", + }, + cli.StringFlag{ + Name: "secret-key", + Usage: "set a secret key for the account", + }, + cli.StringFlag{ + Name: "policy", + Usage: "path to a JSON policy file", + }, + cli.StringFlag{ + Name: "name", + Usage: "friendly name for the account", + }, + cli.StringFlag{ + Name: "description", + Usage: "description for the account", + }, + cli.StringFlag{ + Name: "expiry-duration", + Usage: "duration before the access key expires", + }, + cli.StringFlag{ + Name: "expiry", + Usage: "expiry date for the access key", + }, +} + +var adminAccesskeyCreateCmd = cli.Command{ + Name: "create", + Usage: "create access key pairs for LDAP", + Action: mainAdminAccesskeyCreate, + Before: setGlobalsFromContext, + Flags: append(adminAccesskeyCreateFlags, globalFlags...), + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] [TARGET] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Create a new access key pair with the same policy as the authenticated user + {{.Prompt}} {{.HelpName}} myminio/ + + 2. Create a new access key pair with custom access key and secret key + {{.Prompt}} {{.HelpName}} myminio/ --access-key myaccesskey --secret-key mysecretkey + + 4. Create a new access key pair for user with username "james" that expires in 1 day + {{.Prompt}} {{.HelpName}} myminio/ james --expiry-duration 24h + + 5. Create a new access key pair for authenticated user that expires on 2021-01-01 + {{.Prompt}} {{.HelpName}} --expiry 2021-01-01 +`, +} + +func mainAdminAccesskeyCreate(ctx *cli.Context) error { + return commonAccesskeyCreate(ctx, false) +} diff --git a/cmd/admin-accesskey-info.go b/cmd/admin-accesskey-info.go new file mode 100644 index 0000000000..e3c4603afd --- /dev/null +++ b/cmd/admin-accesskey-info.go @@ -0,0 +1,50 @@ +// Copyright (c) 2015-2023 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyInfoCmd = cli.Command{ + Name: "info", + Usage: "info about given access key pairs for LDAP", + Action: mainAdminAccesskeyInfo, + Before: setGlobalsFromContext, + Flags: globalFlags, + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] TARGET ACCESSKEY [ACCESSKEY...] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Get info for the access key "testkey" + {{.Prompt}} {{.HelpName}} local/ testkey + 2. Get info for the access keys "testkey" and "testkey2" + {{.Prompt}} {{.HelpName}} local/ testkey testkey2 + `, +} + +func mainAdminAccesskeyInfo(ctx *cli.Context) error { + return commonAccesskeyInfo(ctx) +} diff --git a/cmd/admin-accesskey-list.go b/cmd/admin-accesskey-list.go new file mode 100644 index 0000000000..c9ed2bf8c2 --- /dev/null +++ b/cmd/admin-accesskey-list.go @@ -0,0 +1,142 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "strings" + + "github.com/charmbracelet/lipgloss" + humanize "github.com/dustin/go-humanize" + "github.com/minio/cli" + json "github.com/minio/colorjson" + "github.com/minio/madmin-go/v3" + "github.com/minio/mc/pkg/probe" +) + +var adminAccesskeyListFlags = []cli.Flag{ + cli.BoolFlag{ + Name: "users-only", + Usage: "only list user DNs", + }, + cli.BoolFlag{ + Name: "temp-only", + Usage: "only list temporary access keys", + }, + cli.BoolFlag{ + Name: "svcacc-only", + Usage: "only list service account access keys", + }, + cli.BoolFlag{ + Name: "self", + Usage: "list access keys for the authenticated user", + }, + cli.BoolFlag{ + Name: "all", + Usage: "list all access keys for all builtin users", + }, +} + +var adminAccesskeyListCmd = cli.Command{ + Name: "list", + ShortName: "ls", + Usage: "list access key pairs for builtin users", + Action: mainAdminAccesskeyList, + Before: setGlobalsFromContext, + Flags: append(adminAccesskeyListFlags, globalFlags...), + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] TARGET [DN...] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + TODO +`, +} + +type userAccesskeyList struct { + Status string `json:"status"` + User string `json:"user"` + STSKeys []madmin.ServiceAccountInfo `json:"stsKeys"` + ServiceAccounts []madmin.ServiceAccountInfo `json:"svcaccs"` +} + +func (m userAccesskeyList) String() string { + labelStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("#04B575")) + o := strings.Builder{} + + o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("User:"), m.User)) + if len(m.STSKeys) > 0 || len(m.ServiceAccounts) > 0 { + o.WriteString(iFmt(2, "%s\n", labelStyle.Render("Access Keys:"))) + } + for _, k := range m.STSKeys { + expiration := "never" + if k.Expiration != nil { + expiration = humanize.Time(*k.Expiration) + } + o.WriteString(iFmt(4, "%s, expires: %s, sts: true\n", k.AccessKey, expiration)) + } + for _, k := range m.ServiceAccounts { + expiration := "never" + if k.Expiration != nil { + expiration = humanize.Time(*k.Expiration) + } + o.WriteString(iFmt(4, "%s, expires: %s, sts: false\n", k.AccessKey, expiration)) + } + + return o.String() +} + +func (m userAccesskeyList) JSON() string { + jsonMessageBytes, e := json.MarshalIndent(m, "", " ") + fatalIf(probe.NewError(e), "Unable to marshal into JSON.") + + return string(jsonMessageBytes) +} + +func mainAdminAccesskeyList(ctx *cli.Context) error { + aliasedURL, tentativeAll, users, listType, allFlag := commonAccesskeyList(ctx) + + // Create a new MinIO Admin Client + client, err := newAdminClient(aliasedURL) + fatalIf(err, "Unable to initialize admin connection.") + + accessKeysMap, e := client.ListAccessKeysBulk(globalContext, users, listType, allFlag) + if e != nil { + if e.Error() == "Access Denied." && tentativeAll { + // retry with self + accessKeysMap, e = client.ListAccessKeysBulk(globalContext, users, listType, false) + } + fatalIf(probe.NewError(e), "Unable to list access keys.") + } + + for user, accessKeys := range accessKeysMap { + m := userAccesskeyList{ + Status: "success", + User: user, + ServiceAccounts: accessKeys.ServiceAccounts, + STSKeys: accessKeys.STSKeys, + } + printMsg(m) + } + return nil +} diff --git a/cmd/admin-accesskey-remove.go b/cmd/admin-accesskey-remove.go new file mode 100644 index 0000000000..4a641c3da9 --- /dev/null +++ b/cmd/admin-accesskey-remove.go @@ -0,0 +1,49 @@ +// Copyright (c) 2015-2023 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyRemoveCmd = cli.Command{ + Name: "remove", + ShortName: "rm", + Usage: "delete access key pairs for builtin users", + Action: mainAdminAccesskeyRemove, + Before: setGlobalsFromContext, + Flags: globalFlags, + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] TARGET ACCESSKEY + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Remove the access key "testkey" from local server + {{.Prompt}} {{.HelpName}} local/ testkey + `, +} + +func mainAdminAccesskeyRemove(ctx *cli.Context) error { + return commonAccesskeyRemove(ctx) +} diff --git a/cmd/admin-accesskey.go b/cmd/admin-accesskey.go new file mode 100644 index 0000000000..37b85e7c30 --- /dev/null +++ b/cmd/admin-accesskey.go @@ -0,0 +1,45 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import "github.com/minio/cli" + +var adminAccesskeySubcommands = []cli.Command{ + adminAccesskeyListCmd, + adminAccesskeyCreateCmd, + adminAccesskeyRemoveCmd, + adminAccesskeyInfoCmd, +} + +var adminAccesskeyCmd = cli.Command{ + Name: "accesskey", + Usage: "manage accesskeys defined in the MinIO server", + Action: mainAdminAccesskey, + Before: setGlobalsFromContext, + Flags: globalFlags, + Subcommands: adminAccesskeySubcommands, + HideHelpCommand: true, + Hidden: true, +} + +// mainAdminBucket is the handle for "mc admin bucket" command. +func mainAdminAccesskey(ctx *cli.Context) error { + commandNotFound(ctx, adminAccesskeySubcommands) + return nil + // Sub-commands like "quota", "remote" have their own main. +} diff --git a/cmd/admin-main.go b/cmd/admin-main.go index ecb98f6fca..af237b5374 100644 --- a/cmd/admin-main.go +++ b/cmd/admin-main.go @@ -56,6 +56,7 @@ var adminCmdSubcommands = []cli.Command{ adminClusterCmd, adminRebalanceCmd, adminLogsCmd, + adminAccesskeyCmd, } var adminCmd = cli.Command{ diff --git a/cmd/idp-ldap-accesskey-create.go b/cmd/idp-ldap-accesskey-create.go index dcb690fe94..f86724de32 100644 --- a/cmd/idp-ldap-accesskey-create.go +++ b/cmd/idp-ldap-accesskey-create.go @@ -98,6 +98,10 @@ EXAMPLES: } func mainIDPLdapAccesskeyCreate(ctx *cli.Context) error { + return commonAccesskeyCreate(ctx, true) +} + +func commonAccesskeyCreate(ctx *cli.Context, ldap bool) error { if len(ctx.Args()) == 0 || len(ctx.Args()) > 2 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } @@ -114,7 +118,13 @@ func mainIDPLdapAccesskeyCreate(ctx *cli.Context) error { client, err := newAdminClient(aliasedURL) fatalIf(err, "Unable to initialize admin connection.") - res, e := client.AddServiceAccountLDAP(globalContext, opts) + var res madmin.Credentials + var e error + if ldap { + res, e = client.AddServiceAccountLDAP(globalContext, opts) + } else { + res, e = client.AddServiceAccount(globalContext, opts) + } fatalIf(probe.NewError(e), "Unable to add service account.") m := ldapAccesskeyMessage{ diff --git a/cmd/idp-ldap-accesskey-info.go b/cmd/idp-ldap-accesskey-info.go index ae0b3146fe..258f71dc3a 100644 --- a/cmd/idp-ldap-accesskey-info.go +++ b/cmd/idp-ldap-accesskey-info.go @@ -121,6 +121,11 @@ func (m ldapAccesskeyMessage) JSON() string { } func mainIDPLdapAccesskeyInfo(ctx *cli.Context) error { + return commonAccesskeyInfo(ctx) +} + +// currently no difference between ldap and builtin accesskey info +func commonAccesskeyInfo(ctx *cli.Context) error { if len(ctx.Args()) < 2 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index 0a6224216d..2c7a21f41c 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -93,14 +93,14 @@ EXAMPLES: `, } -type ldapUsersList struct { +type ldapUserAccesskeyList struct { Status string `json:"status"` DN string `json:"dn"` STSKeys []madmin.ServiceAccountInfo `json:"stsKeys"` ServiceAccounts []madmin.ServiceAccountInfo `json:"svcaccs"` } -func (m ldapUsersList) String() string { +func (m ldapUserAccesskeyList) String() string { labelStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("#04B575")) o := strings.Builder{} @@ -126,7 +126,7 @@ func (m ldapUsersList) String() string { return o.String() } -func (m ldapUsersList) JSON() string { +func (m ldapUserAccesskeyList) JSON() string { jsonMessageBytes, e := json.MarshalIndent(m, "", " ") fatalIf(probe.NewError(e), "Unable to marshal into JSON.") @@ -134,6 +134,34 @@ func (m ldapUsersList) JSON() string { } func mainIDPLdapAccesskeyList(ctx *cli.Context) error { + aliasedURL, tentativeAll, users, listType, allFlag := commonAccesskeyList(ctx) + + // Create a new MinIO Admin Client + client, err := newAdminClient(aliasedURL) + fatalIf(err, "Unable to initialize admin connection.") + + accessKeysMap, e := client.ListAccessKeysLDAPBulk(globalContext, users, listType, allFlag) + if e != nil { + if e.Error() == "Access Denied." && tentativeAll { + // retry with self + accessKeysMap, e = client.ListAccessKeysLDAPBulk(globalContext, users, listType, false) + } + fatalIf(probe.NewError(e), "Unable to list access keys.") + } + + for dn, accessKeys := range accessKeysMap { + m := ldapUserAccesskeyList{ + Status: "success", + DN: dn, + ServiceAccounts: accessKeys.ServiceAccounts, + STSKeys: accessKeys.STSKeys, + } + printMsg(m) + } + return nil +} + +func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool, users []string, listType string, allFlag bool) { if len(ctx.Args()) == 0 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } @@ -142,11 +170,11 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { stsOnly := ctx.Bool("temp-only") svcaccOnly := ctx.Bool("svcacc-only") selfFlag := ctx.Bool("self") - allFlag := ctx.Bool("all") + allFlag = ctx.Bool("all") args := ctx.Args() - aliasedURL := args.Get(0) - users := args.Tail() + aliasedURL = args.Get(0) + users = args.Tail() var e error if (usersOnly && svcaccOnly) || (usersOnly && stsOnly) || (svcaccOnly && stsOnly) { @@ -161,13 +189,11 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { // If no users/self/all flags are specified, tentatively assume --all // If access is denied on tentativeAll, retry with self // This is to maintain compatibility with the previous behavior - tentativeAll := false if !selfFlag && !allFlag && len(users) == 0 { tentativeAll = true allFlag = true } - var listType string switch { case usersOnly: listType = madmin.AccessKeyListUsersOnly @@ -179,27 +205,5 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { listType = madmin.AccessKeyListAll } - // Create a new MinIO Admin Client - client, err := newAdminClient(aliasedURL) - fatalIf(err, "Unable to initialize admin connection.") - - accessKeysMap, e := client.ListAccessKeysLDAPBulk(globalContext, users, listType, allFlag) - if e != nil { - if e.Error() == "Access Denied." && tentativeAll { - // retry with self - accessKeysMap, e = client.ListAccessKeysLDAPBulk(globalContext, users, listType, false) - } - fatalIf(probe.NewError(e), "Unable to list access keys.") - } - - for dn, accessKeys := range accessKeysMap { - m := ldapUsersList{ - Status: "success", - DN: dn, - ServiceAccounts: accessKeys.ServiceAccounts, - STSKeys: accessKeys.STSKeys, - } - printMsg(m) - } - return nil + return aliasedURL, tentativeAll, users, listType, allFlag } diff --git a/cmd/idp-ldap-accesskey-remove.go b/cmd/idp-ldap-accesskey-remove.go index d2069625a1..291bf0af42 100644 --- a/cmd/idp-ldap-accesskey-remove.go +++ b/cmd/idp-ldap-accesskey-remove.go @@ -48,6 +48,11 @@ EXAMPLES: } func mainIDPLdapAccesskeyRemove(ctx *cli.Context) error { + return commonAccesskeyRemove(ctx) +} + +// No difference between ldap and builtin accesskey remove for now +func commonAccesskeyRemove(ctx *cli.Context) error { if len(ctx.Args()) != 2 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } From bae9a8806eab070d9ace19715655910035edcb3c Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 12:04:19 -0900 Subject: [PATCH 02/12] Temp go.mod --- go.mod | 2 ++ go.sum | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 0c7fc242c9..49b91ccebd 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/minio/mc go 1.22 +replace github.com/minio/madmin-go/v3 => github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b + require ( github.com/charmbracelet/bubbles v0.19.0 github.com/charmbracelet/bubbletea v0.27.1 diff --git a/go.sum b/go.sum index 4d42f8f7b7..ff66cb2b38 100644 --- a/go.sum +++ b/go.sum @@ -138,8 +138,6 @@ github.com/minio/colorjson v1.0.8 h1:AS6gEQ1dTRYHmC4xuoodPDRILHP/9Wz5wYUGDQfPLpg github.com/minio/colorjson v1.0.8/go.mod h1:wrs39G/4kqNlGjwqHvPlAnXuc2tlPszo6JKdSBCLN8w= github.com/minio/filepath v1.0.0 h1:fvkJu1+6X+ECRA6G3+JJETj4QeAYO9sV43I79H8ubDY= github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEXx9T/Bw= -github.com/minio/madmin-go/v3 v3.0.66 h1:O4w7L3vTxhORqTeyegFdbuO4kKVbAUarJfcmsDXQMTs= -github.com/minio/madmin-go/v3 v3.0.66/go.mod h1:IFAwr0XMrdsLovxAdCcuq/eoL4nRuMVQQv0iubJANQw= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.76 h1:9nxHH2XDai61cT/EFhyIw/wW4vJfpPNvl7lSFpRt+Ng= @@ -217,6 +215,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b h1:0DMOpAbhE67pRjkNz2PXBIG1zPEoBpq5g1pmefewmP4= +github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b/go.mod h1:IFAwr0XMrdsLovxAdCcuq/eoL4nRuMVQQv0iubJANQw= github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= From 2ef88e093456bbbd4ae97d2546ab846a03dbcf64 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 12:07:58 -0900 Subject: [PATCH 03/12] update to new madmin format --- cmd/admin-accesskey-list.go | 7 ++++--- cmd/idp-ldap-accesskey-list.go | 29 +++++++++++++++-------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/cmd/admin-accesskey-list.go b/cmd/admin-accesskey-list.go index c9ed2bf8c2..5a89f98011 100644 --- a/cmd/admin-accesskey-list.go +++ b/cmd/admin-accesskey-list.go @@ -114,17 +114,18 @@ func (m userAccesskeyList) JSON() string { } func mainAdminAccesskeyList(ctx *cli.Context) error { - aliasedURL, tentativeAll, users, listType, allFlag := commonAccesskeyList(ctx) + aliasedURL, tentativeAll, users, opts := commonAccesskeyList(ctx) // Create a new MinIO Admin Client client, err := newAdminClient(aliasedURL) fatalIf(err, "Unable to initialize admin connection.") - accessKeysMap, e := client.ListAccessKeysBulk(globalContext, users, listType, allFlag) + accessKeysMap, e := client.ListAccessKeysBulk(globalContext, users, opts) if e != nil { if e.Error() == "Access Denied." && tentativeAll { // retry with self - accessKeysMap, e = client.ListAccessKeysBulk(globalContext, users, listType, false) + opts.All = false + accessKeysMap, e = client.ListAccessKeysBulk(globalContext, users, opts) } fatalIf(probe.NewError(e), "Unable to list access keys.") } diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index 2c7a21f41c..9064f3f534 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -134,17 +134,18 @@ func (m ldapUserAccesskeyList) JSON() string { } func mainIDPLdapAccesskeyList(ctx *cli.Context) error { - aliasedURL, tentativeAll, users, listType, allFlag := commonAccesskeyList(ctx) + aliasedURL, tentativeAll, users, opts := commonAccesskeyList(ctx) // Create a new MinIO Admin Client client, err := newAdminClient(aliasedURL) fatalIf(err, "Unable to initialize admin connection.") - accessKeysMap, e := client.ListAccessKeysLDAPBulk(globalContext, users, listType, allFlag) + accessKeysMap, e := client.ListAccessKeysLDAPBulk(globalContext, users, opts) if e != nil { if e.Error() == "Access Denied." && tentativeAll { // retry with self - accessKeysMap, e = client.ListAccessKeysLDAPBulk(globalContext, users, listType, false) + opts.All = false + accessKeysMap, e = client.ListAccessKeysLDAPBulk(globalContext, users, opts) } fatalIf(probe.NewError(e), "Unable to list access keys.") } @@ -161,7 +162,7 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { return nil } -func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool, users []string, listType string, allFlag bool) { +func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool, users []string, opts madmin.ListAccessKeysOpts) { if len(ctx.Args()) == 0 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } @@ -170,7 +171,7 @@ func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool stsOnly := ctx.Bool("temp-only") svcaccOnly := ctx.Bool("svcacc-only") selfFlag := ctx.Bool("self") - allFlag = ctx.Bool("all") + opts.All = ctx.Bool("all") args := ctx.Args() aliasedURL = args.Get(0) @@ -179,9 +180,9 @@ func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool var e error if (usersOnly && svcaccOnly) || (usersOnly && stsOnly) || (svcaccOnly && stsOnly) { e = errors.New("only one of --users-only, --temp-only, or --permanent-only can be specified") - } else if selfFlag && allFlag { + } else if selfFlag && opts.All { e = errors.New("only one of --self or --all can be specified") - } else if (selfFlag || allFlag) && len(users) > 0 { + } else if (selfFlag || opts.All) && len(users) > 0 { e = errors.New("user DNs cannot be specified with --self or --all") } fatalIf(probe.NewError(e), "Invalid flags.") @@ -189,21 +190,21 @@ func commonAccesskeyList(ctx *cli.Context) (aliasedURL string, tentativeAll bool // If no users/self/all flags are specified, tentatively assume --all // If access is denied on tentativeAll, retry with self // This is to maintain compatibility with the previous behavior - if !selfFlag && !allFlag && len(users) == 0 { + if !selfFlag && !opts.All && len(users) == 0 { tentativeAll = true - allFlag = true + opts.All = true } switch { case usersOnly: - listType = madmin.AccessKeyListUsersOnly + opts.ListType = madmin.AccessKeyListUsersOnly case stsOnly: - listType = madmin.AccessKeyListSTSOnly + opts.ListType = madmin.AccessKeyListSTSOnly case svcaccOnly: - listType = madmin.AccessKeyListSvcaccOnly + opts.ListType = madmin.AccessKeyListSvcaccOnly default: - listType = madmin.AccessKeyListAll + opts.ListType = madmin.AccessKeyListAll } - return aliasedURL, tentativeAll, users, listType, allFlag + return aliasedURL, tentativeAll, users, opts } From 7b7003076dcb7c1368467771c4b4bea5d524140d Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 12:20:49 -0900 Subject: [PATCH 04/12] Add nilExpiry to check for times equivalent to nil --- cmd/idp-ldap-accesskey-info.go | 13 +++++++++---- cmd/idp-ldap-accesskey-list.go | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/cmd/idp-ldap-accesskey-info.go b/cmd/idp-ldap-accesskey-info.go index fc5222fddb..1910c41771 100644 --- a/cmd/idp-ldap-accesskey-info.go +++ b/cmd/idp-ldap-accesskey-info.go @@ -156,9 +156,8 @@ func commonAccesskeyInfo(ctx *cli.Context) error { Policy: json.RawMessage(tempRes.Policy), Name: tempRes.Name, Description: tempRes.Description, - Expiration: tempRes.Expiration, + Expiration: nilExpiry(tempRes.Expiration), } - printMsg(m) } } else { @@ -172,12 +171,18 @@ func commonAccesskeyInfo(ctx *cli.Context) error { Policy: json.RawMessage(res.Policy), Name: res.Name, Description: res.Description, - Expiration: res.Expiration, + Expiration: nilExpiry(res.Expiration), } - printMsg(m) } } return nil } + +func nilExpiry(expiry *time.Time) *time.Time { + if expiry.Equal(timeSentinel) { + return nil + } + return expiry +} diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index 9064f3f534..e3f0427c1e 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -110,14 +110,14 @@ func (m ldapUserAccesskeyList) String() string { } for _, k := range m.STSKeys { expiration := "never" - if k.Expiration != nil { + if nilExpiry(k.Expiration) != nil { expiration = humanize.Time(*k.Expiration) } o.WriteString(iFmt(4, "%s, expires: %s, sts: true\n", k.AccessKey, expiration)) } for _, k := range m.ServiceAccounts { expiration := "never" - if k.Expiration != nil { + if nilExpiry(k.Expiration) != nil { expiration = humanize.Time(*k.Expiration) } o.WriteString(iFmt(4, "%s, expires: %s, sts: false\n", k.AccessKey, expiration)) From 65178b23f66364367e93aa188a5cd38ada63b5d7 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 12:32:22 -0900 Subject: [PATCH 05/12] Add other commands --- cmd/admin-accesskey-disable.go | 48 +++++++++++++++++++++ cmd/admin-accesskey-edit.go | 77 ++++++++++++++++++++++++++++++++++ cmd/admin-accesskey-enable.go | 48 +++++++++++++++++++++ cmd/idp-ldap-accesskey-edit.go | 4 ++ 4 files changed, 177 insertions(+) create mode 100644 cmd/admin-accesskey-disable.go create mode 100644 cmd/admin-accesskey-edit.go create mode 100644 cmd/admin-accesskey-enable.go diff --git a/cmd/admin-accesskey-disable.go b/cmd/admin-accesskey-disable.go new file mode 100644 index 0000000000..715f09e827 --- /dev/null +++ b/cmd/admin-accesskey-disable.go @@ -0,0 +1,48 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyDisableCmd = cli.Command{ + Name: "disable", + Usage: "disable an access key", + Action: mainAdminAccesskeyDisable, + Before: setGlobalsFromContext, + Flags: globalFlags, + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] [TARGET] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Disable access key + {{.Prompt}} {{.HelpName}} myminio myaccesskey +`, +} + +func mainAdminAccesskeyDisable(ctx *cli.Context) error { + return enableDisableAccesskey(ctx, false) +} diff --git a/cmd/admin-accesskey-edit.go b/cmd/admin-accesskey-edit.go new file mode 100644 index 0000000000..e36df3c186 --- /dev/null +++ b/cmd/admin-accesskey-edit.go @@ -0,0 +1,77 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyEditFlags = []cli.Flag{ + cli.StringFlag{ + Name: "secret-key", + Usage: "set a secret key for the account", + }, + cli.StringFlag{ + Name: "policy", + Usage: "path to a JSON policy file", + }, + cli.StringFlag{ + Name: "name", + Usage: "friendly name for the account", + }, + cli.StringFlag{ + Name: "description", + Usage: "description for the account", + }, + cli.StringFlag{ + Name: "expiry-duration", + Usage: "duration before the access key expires", + }, + cli.StringFlag{ + Name: "expiry", + Usage: "expiry date for the access key", + }, +} + +var adminAccesskeyEditCmd = cli.Command{ + Name: "edit", + Usage: "edit existing access keys", + Action: mainAdminAccesskeyEdit, + Before: setGlobalsFromContext, + Flags: append(adminAccesskeyEditFlags, globalFlags...), + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] [TARGET] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Change the secret key for the access key "testkey" + {{.Prompt}} {{.HelpName}} myminio/ testkey --secret-key 'xxxxxxx' + 2. Change the expiry duration for the access key "testkey" + {{.Prompt}} {{.HelpName}} myminio/ testkey ---expiry-duration 24h +`, +} + +func mainAdminAccesskeyEdit(ctx *cli.Context) error { + return commonAccesskeyEdit(ctx) +} diff --git a/cmd/admin-accesskey-enable.go b/cmd/admin-accesskey-enable.go new file mode 100644 index 0000000000..6a1eb2b281 --- /dev/null +++ b/cmd/admin-accesskey-enable.go @@ -0,0 +1,48 @@ +// Copyright (c) 2015-2024 MinIO, Inc. +// +// This file is part of MinIO Object Storage stack +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package cmd + +import ( + "github.com/minio/cli" +) + +var adminAccesskeyEnableCmd = cli.Command{ + Name: "enable", + Usage: "enable an access key", + Action: mainAdminAccesskeyEnable, + Before: setGlobalsFromContext, + Flags: globalFlags, + OnUsageError: onUsageError, + CustomHelpTemplate: `NAME: + {{.HelpName}} - {{.Usage}} + +USAGE: + {{.HelpName}} [FLAGS] [TARGET] + +FLAGS: + {{range .VisibleFlags}}{{.}} + {{end}} +EXAMPLES: + 1. Enable access key + {{.Prompt}} {{.HelpName}} myminio myaccesskey +`, +} + +func mainAdminAccesskeyEnable(ctx *cli.Context) error { + return enableDisableAccesskey(ctx, true) +} diff --git a/cmd/idp-ldap-accesskey-edit.go b/cmd/idp-ldap-accesskey-edit.go index 2a8680a3e5..0a584ee778 100644 --- a/cmd/idp-ldap-accesskey-edit.go +++ b/cmd/idp-ldap-accesskey-edit.go @@ -82,6 +82,10 @@ EXAMPLES: } func mainIDPLdapAccesskeyEdit(ctx *cli.Context) error { + return commonAccesskeyEdit(ctx) +} + +func commonAccesskeyEdit(ctx *cli.Context) error { if len(ctx.Args()) == 0 || len(ctx.Args()) > 2 { showCommandHelpAndExit(ctx, 1) // last argument is exit code } From 30b1038479da25c4a5f501ac52609ce8a4f8aa64 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 14:44:41 -0900 Subject: [PATCH 06/12] fixes --- cmd/admin-accesskey-create.go | 2 +- cmd/admin-accesskey.go | 9 +++++---- cmd/auto-complete.go | 10 ++++++++++ 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/cmd/admin-accesskey-create.go b/cmd/admin-accesskey-create.go index f0d06f30e5..fdff0015a4 100644 --- a/cmd/admin-accesskey-create.go +++ b/cmd/admin-accesskey-create.go @@ -54,7 +54,7 @@ var adminAccesskeyCreateFlags = []cli.Flag{ var adminAccesskeyCreateCmd = cli.Command{ Name: "create", - Usage: "create access key pairs for LDAP", + Usage: "create access key pairs for users", Action: mainAdminAccesskeyCreate, Before: setGlobalsFromContext, Flags: append(adminAccesskeyCreateFlags, globalFlags...), diff --git a/cmd/admin-accesskey.go b/cmd/admin-accesskey.go index 37b85e7c30..678f408384 100644 --- a/cmd/admin-accesskey.go +++ b/cmd/admin-accesskey.go @@ -21,9 +21,12 @@ import "github.com/minio/cli" var adminAccesskeySubcommands = []cli.Command{ adminAccesskeyListCmd, - adminAccesskeyCreateCmd, adminAccesskeyRemoveCmd, adminAccesskeyInfoCmd, + adminAccesskeyCreateCmd, + adminAccesskeyEditCmd, + adminAccesskeyEnableCmd, + adminAccesskeyDisableCmd, } var adminAccesskeyCmd = cli.Command{ @@ -34,12 +37,10 @@ var adminAccesskeyCmd = cli.Command{ Flags: globalFlags, Subcommands: adminAccesskeySubcommands, HideHelpCommand: true, - Hidden: true, } -// mainAdminBucket is the handle for "mc admin bucket" command. func mainAdminAccesskey(ctx *cli.Context) error { commandNotFound(ctx, adminAccesskeySubcommands) return nil - // Sub-commands like "quota", "remote" have their own main. + } diff --git a/cmd/auto-complete.go b/cmd/auto-complete.go index 3d54a01f73..5c633fb975 100644 --- a/cmd/auto-complete.go +++ b/cmd/auto-complete.go @@ -392,6 +392,16 @@ var completeCmds = map[string]complete.Predictor{ "/idp/ldap/accesskey/enable": aliasCompleter, "/idp/ldap/accesskey/disable": aliasCompleter, + "/admin/accesskey/create": aliasCompleter, + "/admin/accesskey/list": aliasCompleter, + "/admin/accesskey/ls": aliasCompleter, + "/admin/accesskey/remove": aliasCompleter, + "/admin/accesskey/rm": aliasCompleter, + "/admin/accesskey/info": aliasCompleter, + "/admin/accesskey/edit": aliasCompleter, + "/admin/accesskey/enable": aliasCompleter, + "/admin/accesskey/disable": aliasCompleter, + "/admin/policy/info": aliasCompleter, "/admin/policy/update": aliasCompleter, "/admin/policy/add": aliasCompleter, From 2ebb4eb4d77ad11aa4c3db7b53d101fab29a7bf7 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 5 Sep 2024 15:29:12 -0900 Subject: [PATCH 07/12] Update help messages --- cmd/admin-accesskey-create.go | 14 ++++++++++---- cmd/admin-accesskey-list.go | 21 ++++++++++++++++++++- cmd/admin-accesskey.go | 2 +- 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/cmd/admin-accesskey-create.go b/cmd/admin-accesskey-create.go index fdff0015a4..42629c841d 100644 --- a/cmd/admin-accesskey-create.go +++ b/cmd/admin-accesskey-create.go @@ -75,11 +75,17 @@ EXAMPLES: 2. Create a new access key pair with custom access key and secret key {{.Prompt}} {{.HelpName}} myminio/ --access-key myaccesskey --secret-key mysecretkey - 4. Create a new access key pair for user with username "james" that expires in 1 day - {{.Prompt}} {{.HelpName}} myminio/ james --expiry-duration 24h + 3. Create a new access key pair for user 'tester' that expires in 1 day + {{.Prompt}} {{.HelpName}} myminio/ tester --expiry-duration 24h - 5. Create a new access key pair for authenticated user that expires on 2021-01-01 - {{.Prompt}} {{.HelpName}} --expiry 2021-01-01 + 4. Create a new access key pair for authenticated user that expires on 2025-01-01 + {{.Prompt}} {{.HelpName}} --expiry 2025-01-01 + + 5. Create a new access key pair for user 'tester' with a custom policy + {{.Prompt}} {{.HelpName}} myminio/ tester --policy /path/to/policy.json + + 6. Create a new access key pair for user 'tester' with a custom name and description + {{.Prompt}} {{.HelpName}} myminio/ tester --name "Tester's Access Key" --description "Access key for tester" `, } diff --git a/cmd/admin-accesskey-list.go b/cmd/admin-accesskey-list.go index 5a89f98011..eea01b4501 100644 --- a/cmd/admin-accesskey-list.go +++ b/cmd/admin-accesskey-list.go @@ -69,7 +69,26 @@ FLAGS: {{range .VisibleFlags}}{{.}} {{end}} EXAMPLES: - TODO + 1. Get list of all builtin users and associated access keys in local server + {{.Prompt}} {{.HelpName}} local/ --all + + 2. Get list of access keys for the authenticated user in local server + {{.Prompt}} {{.HelpName}} local/ --self + + 3. Get list of builtin users in local server + {{.Prompt}} {{.HelpName}} local/ --all --users-only + + 4. Get list of all builtin users and associated temporary access keys in play server (if admin) + {{.Prompt}} {{.HelpName}} play/ --temp-only + + 5. Get list of access keys associated with user 'foobar' + {{.Prompt}} {{.HelpName}} play/ foobar + + 6. Get list of access keys associated with users 'foobar' and 'tester' + {{.Prompt}} {{.HelpName}} play/ foobar tester + + 7. Get all users and access keys if admin, else get authenticated user and associated access keys + {{.Prompt}} {{.HelpName}} local/ `, } diff --git a/cmd/admin-accesskey.go b/cmd/admin-accesskey.go index 678f408384..7381973b20 100644 --- a/cmd/admin-accesskey.go +++ b/cmd/admin-accesskey.go @@ -31,7 +31,7 @@ var adminAccesskeySubcommands = []cli.Command{ var adminAccesskeyCmd = cli.Command{ Name: "accesskey", - Usage: "manage accesskeys defined in the MinIO server", + Usage: "manage access keys defined in the MinIO server", Action: mainAdminAccesskey, Before: setGlobalsFromContext, Flags: globalFlags, From 8c087f984431a80d78a38cac2773db39674ece7c Mon Sep 17 00:00:00 2001 From: Taran Date: Mon, 16 Sep 2024 05:50:55 -0900 Subject: [PATCH 08/12] Fix some documentation --- cmd/admin-accesskey-info.go | 2 +- cmd/idp-ldap-accesskey-list.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/admin-accesskey-info.go b/cmd/admin-accesskey-info.go index e3c4603afd..d0eb8d195c 100644 --- a/cmd/admin-accesskey-info.go +++ b/cmd/admin-accesskey-info.go @@ -23,7 +23,7 @@ import ( var adminAccesskeyInfoCmd = cli.Command{ Name: "info", - Usage: "info about given access key pairs for LDAP", + Usage: "info about given access key pairs", Action: mainAdminAccesskeyInfo, Before: setGlobalsFromContext, Flags: globalFlags, diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index e3f0427c1e..9a6277792f 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -70,10 +70,10 @@ FLAGS: {{range .VisibleFlags}}{{.}} {{end}} EXAMPLES: - 1. Get list of all users and associated access keys in local server (if admin) + 1. Get list of all LDAP users and associated access keys in local server (if admin) {{.Prompt}} {{.HelpName}} local/ - 2. Get list of users in local server (if admin) + 2. Get list of LDAP users in local server (if admin) {{.Prompt}} {{.HelpName}} local/ --users-only 3. Get list of all users and associated temporary access keys in play server (if admin) From 307b71fd0133a2cbdf2a03273f44d306bd6e1b77 Mon Sep 17 00:00:00 2001 From: Taran Date: Mon, 16 Sep 2024 05:53:57 -0900 Subject: [PATCH 09/12] add madmin changes --- cmd/idp-ldap-accesskey-list.go | 4 ++-- go.mod | 22 +++++++++---------- go.sum | 40 +++++++++++++++++----------------- 3 files changed, 32 insertions(+), 34 deletions(-) diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index 9a6277792f..96acc12407 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -140,12 +140,12 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { client, err := newAdminClient(aliasedURL) fatalIf(err, "Unable to initialize admin connection.") - accessKeysMap, e := client.ListAccessKeysLDAPBulk(globalContext, users, opts) + accessKeysMap, e := client.ListAccessKeysLDAPBulkWithOpts(globalContext, users, opts) if e != nil { if e.Error() == "Access Denied." && tentativeAll { // retry with self opts.All = false - accessKeysMap, e = client.ListAccessKeysLDAPBulk(globalContext, users, opts) + accessKeysMap, e = client.ListAccessKeysLDAPBulkWithOpts(globalContext, users, opts) } fatalIf(probe.NewError(e), "Unable to list access keys.") } diff --git a/go.mod b/go.mod index 49b91ccebd..4d85e309d2 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,6 @@ module github.com/minio/mc go 1.22 -replace github.com/minio/madmin-go/v3 => github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b - require ( github.com/charmbracelet/bubbles v0.19.0 github.com/charmbracelet/bubbletea v0.27.1 @@ -23,7 +21,7 @@ require ( github.com/minio/cli v1.24.2 github.com/minio/colorjson v1.0.8 github.com/minio/filepath v1.0.0 - github.com/minio/madmin-go/v3 v3.0.66 + github.com/minio/madmin-go/v3 v3.0.68 github.com/minio/minio-go/v7 v7.0.76 github.com/minio/pkg/v3 v3.0.13 github.com/minio/selfupdate v0.6.0 @@ -40,10 +38,10 @@ require ( github.com/shirou/gopsutil/v3 v3.24.5 github.com/tidwall/gjson v1.17.3 github.com/vbauerster/mpb/v8 v8.8.2 - golang.org/x/net v0.28.0 - golang.org/x/sys v0.24.0 - golang.org/x/term v0.23.0 - golang.org/x/text v0.17.0 + golang.org/x/net v0.29.0 + golang.org/x/sys v0.25.0 + golang.org/x/term v0.24.0 + golang.org/x/text v0.18.0 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c gopkg.in/yaml.v2 v2.4.0 ) @@ -79,7 +77,7 @@ require ( github.com/lestrrat-go/jwx v1.2.30 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect - github.com/lufia/plan9stats v0.0.0-20240819163618-b1d8f4d146e7 // indirect + github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect @@ -93,9 +91,9 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.59.1 // indirect github.com/prometheus/prom2json v1.4.0 // indirect - github.com/prometheus/prometheus v0.54.0 // indirect + github.com/prometheus/prometheus v0.54.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.10.0 // indirect github.com/safchain/ethtool v0.4.1 // indirect @@ -103,7 +101,7 @@ require ( github.com/shoenig/go-m1cpu v0.1.6 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect - github.com/tinylib/msgp v1.2.0 // indirect + github.com/tinylib/msgp v1.2.1 // indirect github.com/tklauser/go-sysconf v0.3.14 // indirect github.com/tklauser/numcpus v0.8.0 // indirect github.com/yusufpapurcu/wmi v1.2.4 // indirect @@ -112,7 +110,7 @@ require ( go.etcd.io/etcd/client/v3 v3.5.15 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.26.0 // indirect + golang.org/x/crypto v0.27.0 // indirect golang.org/x/sync v0.8.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect diff --git a/go.sum b/go.sum index ff66cb2b38..b5f907c909 100644 --- a/go.sum +++ b/go.sum @@ -111,8 +111,8 @@ github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNB github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= -github.com/lufia/plan9stats v0.0.0-20240819163618-b1d8f4d146e7 h1:5RK988zAqB3/AN3opGfRpoQgAVqr6/A5+qRTi67VUZY= -github.com/lufia/plan9stats v0.0.0-20240819163618-b1d8f4d146e7/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k= +github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683 h1:7UMa6KCCMjZEMDtTVdcGu0B1GmmC7QJKiCCjyTAWQy0= +github.com/lufia/plan9stats v0.0.0-20240909124753-873cd0166683/go.mod h1:ilwx/Dta8jXAgpFYFvSWEMwxmbWXyiUHkd5FwyKhb5k= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= @@ -138,6 +138,8 @@ github.com/minio/colorjson v1.0.8 h1:AS6gEQ1dTRYHmC4xuoodPDRILHP/9Wz5wYUGDQfPLpg github.com/minio/colorjson v1.0.8/go.mod h1:wrs39G/4kqNlGjwqHvPlAnXuc2tlPszo6JKdSBCLN8w= github.com/minio/filepath v1.0.0 h1:fvkJu1+6X+ECRA6G3+JJETj4QeAYO9sV43I79H8ubDY= github.com/minio/filepath v1.0.0/go.mod h1:/nRZA2ldl5z6jT9/KQuvZcQlxZIMQoFFQPvEXx9T/Bw= +github.com/minio/madmin-go/v3 v3.0.68 h1:YiWSboJiFylXkRIwQTCSYbPMI2iiZ1GpWzw/E6T91GA= +github.com/minio/madmin-go/v3 v3.0.68/go.mod h1:TOTc96ZkMknNhl+ReO/V68bQfgRGfH+8iy7YaDzHdXA= github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.76 h1:9nxHH2XDai61cT/EFhyIw/wW4vJfpPNvl7lSFpRt+Ng= @@ -180,14 +182,14 @@ github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjs github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= +github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/prometheus/prom2json v1.4.0 h1:2AEOsd1ebqql/p9u0IWgCpUAteAAf9Lnf/SVyieqer4= github.com/prometheus/prom2json v1.4.0/go.mod h1:DmcIMPspQD/fMyFCYti5qJJbuEnqDh3DGoooO0sgr4w= -github.com/prometheus/prometheus v0.54.0 h1:6+VmEkohHcofl3W5LyRlhw1Lfm575w/aX6ZFyVAmzM0= -github.com/prometheus/prometheus v0.54.0/go.mod h1:xlLByHhk2g3ycakQGrMaU8K7OySZx98BzeCR99991NY= +github.com/prometheus/prometheus v0.54.1 h1:vKuwQNjnYN2/mDoWfHXDhAsz/68q/dQDb+YbcEqU7MQ= +github.com/prometheus/prometheus v0.54.1/go.mod h1:xlLByHhk2g3ycakQGrMaU8K7OySZx98BzeCR99991NY= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= @@ -215,8 +217,6 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b h1:0DMOpAbhE67pRjkNz2PXBIG1zPEoBpq5g1pmefewmP4= -github.com/taran-p/madmin-go/v3 v3.0.55-0.20240905164010-c4a2bdaedb0b/go.mod h1:IFAwr0XMrdsLovxAdCcuq/eoL4nRuMVQQv0iubJANQw= github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= @@ -224,8 +224,8 @@ github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JT github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4= github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= -github.com/tinylib/msgp v1.2.0 h1:0uKB/662twsVBpYUPbokj4sTSKhWFKB7LopO2kWK8lY= -github.com/tinylib/msgp v1.2.0/go.mod h1:2vIGs3lcUo8izAATNobrCHevYZC/LMsJtw4JPiYPHro= +github.com/tinylib/msgp v1.2.1 h1:6ypy2qcCznxpP4hpORzhtXyTqrBs7cfM9MCCWY8zsmU= +github.com/tinylib/msgp v1.2.1/go.mod h1:2vIGs3lcUo8izAATNobrCHevYZC/LMsJtw4JPiYPHro= github.com/tklauser/go-sysconf v0.3.14 h1:g5vzr9iPFFz24v2KZXs/pvpvh8/V9Fw6vQK5ZZb78yU= github.com/tklauser/go-sysconf v0.3.14/go.mod h1:1ym4lWMLUOhuBOPGtRcJm7tEGX4SCYNEEEtghGG/8uY= github.com/tklauser/numcpus v0.8.0 h1:Mx4Wwe/FjZLeQsK/6kt2EOepwwSl7SmJrK5bV/dXYgY= @@ -254,8 +254,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20211209193657-4570a0811e8b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -263,8 +263,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -291,17 +291,17 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= From d7f31881e38f390d5ddc553df391ec5bae8c0b57 Mon Sep 17 00:00:00 2001 From: Taran Date: Wed, 18 Sep 2024 12:06:43 -0900 Subject: [PATCH 10/12] lint --- cmd/admin-accesskey.go | 1 - 1 file changed, 1 deletion(-) diff --git a/cmd/admin-accesskey.go b/cmd/admin-accesskey.go index 7381973b20..b5f0a0e189 100644 --- a/cmd/admin-accesskey.go +++ b/cmd/admin-accesskey.go @@ -42,5 +42,4 @@ var adminAccesskeyCmd = cli.Command{ func mainAdminAccesskey(ctx *cli.Context) error { commandNotFound(ctx, adminAccesskeySubcommands) return nil - } From 6243b10fad1586e9c2c5a9c7ffd1cc44b993efbc Mon Sep 17 00:00:00 2001 From: Taran Date: Wed, 2 Oct 2024 23:50:39 -0900 Subject: [PATCH 11/12] fixes --- cmd/admin-accesskey-list.go | 12 ++++++--- cmd/idp-ldap-accesskey-info.go | 2 +- cmd/idp-ldap-accesskey-list.go | 49 +++------------------------------- 3 files changed, 13 insertions(+), 50 deletions(-) diff --git a/cmd/admin-accesskey-list.go b/cmd/admin-accesskey-list.go index eea01b4501..4bcc7efdcb 100644 --- a/cmd/admin-accesskey-list.go +++ b/cmd/admin-accesskey-list.go @@ -97,26 +97,31 @@ type userAccesskeyList struct { User string `json:"user"` STSKeys []madmin.ServiceAccountInfo `json:"stsKeys"` ServiceAccounts []madmin.ServiceAccountInfo `json:"svcaccs"` + LDAP bool `json:"ldap,omitempty"` } func (m userAccesskeyList) String() string { labelStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("#04B575")) o := strings.Builder{} - o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("User:"), m.User)) + userStr := "User" + if m.LDAP { + userStr = "DN" + } + o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render(userStr+":"), m.User)) if len(m.STSKeys) > 0 || len(m.ServiceAccounts) > 0 { o.WriteString(iFmt(2, "%s\n", labelStyle.Render("Access Keys:"))) } for _, k := range m.STSKeys { expiration := "never" - if k.Expiration != nil { + if nilExpiry(k.Expiration) != nil { expiration = humanize.Time(*k.Expiration) } o.WriteString(iFmt(4, "%s, expires: %s, sts: true\n", k.AccessKey, expiration)) } for _, k := range m.ServiceAccounts { expiration := "never" - if k.Expiration != nil { + if nilExpiry(k.Expiration) != nil { expiration = humanize.Time(*k.Expiration) } o.WriteString(iFmt(4, "%s, expires: %s, sts: false\n", k.AccessKey, expiration)) @@ -155,6 +160,7 @@ func mainAdminAccesskeyList(ctx *cli.Context) error { User: user, ServiceAccounts: accessKeys.ServiceAccounts, STSKeys: accessKeys.STSKeys, + LDAP: false, } printMsg(m) } diff --git a/cmd/idp-ldap-accesskey-info.go b/cmd/idp-ldap-accesskey-info.go index 1910c41771..02f99721eb 100644 --- a/cmd/idp-ldap-accesskey-info.go +++ b/cmd/idp-ldap-accesskey-info.go @@ -181,7 +181,7 @@ func commonAccesskeyInfo(ctx *cli.Context) error { } func nilExpiry(expiry *time.Time) *time.Time { - if expiry.Equal(timeSentinel) { + if expiry != nil && expiry.Equal(timeSentinel) { return nil } return expiry diff --git a/cmd/idp-ldap-accesskey-list.go b/cmd/idp-ldap-accesskey-list.go index 96acc12407..aa6b20af21 100644 --- a/cmd/idp-ldap-accesskey-list.go +++ b/cmd/idp-ldap-accesskey-list.go @@ -19,12 +19,8 @@ package cmd import ( "errors" - "strings" - "github.com/charmbracelet/lipgloss" - "github.com/dustin/go-humanize" "github.com/minio/cli" - json "github.com/minio/colorjson" "github.com/minio/madmin-go/v3" "github.com/minio/mc/pkg/probe" ) @@ -93,46 +89,6 @@ EXAMPLES: `, } -type ldapUserAccesskeyList struct { - Status string `json:"status"` - DN string `json:"dn"` - STSKeys []madmin.ServiceAccountInfo `json:"stsKeys"` - ServiceAccounts []madmin.ServiceAccountInfo `json:"svcaccs"` -} - -func (m ldapUserAccesskeyList) String() string { - labelStyle := lipgloss.NewStyle().Foreground(lipgloss.Color("#04B575")) - o := strings.Builder{} - - o.WriteString(iFmt(0, "%s %s\n", labelStyle.Render("DN:"), m.DN)) - if len(m.STSKeys) > 0 || len(m.ServiceAccounts) > 0 { - o.WriteString(iFmt(2, "%s\n", labelStyle.Render("Access Keys:"))) - } - for _, k := range m.STSKeys { - expiration := "never" - if nilExpiry(k.Expiration) != nil { - expiration = humanize.Time(*k.Expiration) - } - o.WriteString(iFmt(4, "%s, expires: %s, sts: true\n", k.AccessKey, expiration)) - } - for _, k := range m.ServiceAccounts { - expiration := "never" - if nilExpiry(k.Expiration) != nil { - expiration = humanize.Time(*k.Expiration) - } - o.WriteString(iFmt(4, "%s, expires: %s, sts: false\n", k.AccessKey, expiration)) - } - - return o.String() -} - -func (m ldapUserAccesskeyList) JSON() string { - jsonMessageBytes, e := json.MarshalIndent(m, "", " ") - fatalIf(probe.NewError(e), "Unable to marshal into JSON.") - - return string(jsonMessageBytes) -} - func mainIDPLdapAccesskeyList(ctx *cli.Context) error { aliasedURL, tentativeAll, users, opts := commonAccesskeyList(ctx) @@ -151,11 +107,12 @@ func mainIDPLdapAccesskeyList(ctx *cli.Context) error { } for dn, accessKeys := range accessKeysMap { - m := ldapUserAccesskeyList{ + m := userAccesskeyList{ Status: "success", - DN: dn, + User: dn, ServiceAccounts: accessKeys.ServiceAccounts, STSKeys: accessKeys.STSKeys, + LDAP: true, } printMsg(m) } From 7bab87188069127be589f757b76f28dfc42ac370 Mon Sep 17 00:00:00 2001 From: Taran Date: Thu, 3 Oct 2024 13:22:22 -0900 Subject: [PATCH 12/12] Add error --- cmd/admin-accesskey-remove.go | 2 +- cmd/idp-ldap-accesskey-edit.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/cmd/admin-accesskey-remove.go b/cmd/admin-accesskey-remove.go index 4a641c3da9..38ca1323bb 100644 --- a/cmd/admin-accesskey-remove.go +++ b/cmd/admin-accesskey-remove.go @@ -1,4 +1,4 @@ -// Copyright (c) 2015-2023 MinIO, Inc. +// Copyright (c) 2015-2024 MinIO, Inc. // // This file is part of MinIO Object Storage stack // diff --git a/cmd/idp-ldap-accesskey-edit.go b/cmd/idp-ldap-accesskey-edit.go index 0a584ee778..9b3fb3785b 100644 --- a/cmd/idp-ldap-accesskey-edit.go +++ b/cmd/idp-ldap-accesskey-edit.go @@ -119,6 +119,10 @@ func accessKeyEditOpts(ctx *cli.Context) madmin.UpdateServiceAccountReq { description := ctx.String("description") expDurVal := ctx.Duration("expiry-duration") + if name == "" && expVal == "" && expDurVal == 0 && policyPath == "" && secretKey == "" && description == "" { + fatalIf(probe.NewError(errors.New("At least one property must be edited")), "invalid flags") + } + if expVal != "" && expDurVal != 0 { fatalIf(probe.NewError(errors.New("Only one of --expiry or --expiry-duration can be specified")), "invalid flags") }