Add set policy to multiple user/groups #382
Conversation
restapi/admin_policies.go
Outdated
| // setPolicyMultipleEntities sets a policy to multiple users/groups | ||
| func setPolicyMultipleEntities(ctx context.Context, client MinioAdmin, policyName string, users, groups []string) error { | ||
| for _, user := range users { | ||
| if err := client.setPolicy(ctx, policyName, user, false); err != nil { |
There was a problem hiding this comment.
if there's an error because a single user is wrong we'll go into a bad state wouldn't we, we some users were applied the policy and the rest was not due to one incorrect user in the middle of the list, why dont we add a validation for users and groups before we apply the policies?
There was a problem hiding this comment.
yes, there's currently no way to make this 100% atomic. Name validation won't suffice, since it can still fail due to other circumstances.
There was a problem hiding this comment.
it's ok if it's not atomic, but we should at least make sure all the users and groups are valid before we start applying the policy
There was a problem hiding this comment.
I've updated to validate on request the user/group string based on a regex defined on aws restrictions.
User names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), underscore (_), and hyphen (-).
cesnietor
force-pushed
the
set-policy-multiple
branch
from
78d080c to
a279245
Compare
Added api that allow setting policy to multiple users and/or groups.
PUT api on
/api/v1/set-policy-multi/<policy_name>Request payload response e.g.:
users and groups can be empty.