diff --git a/portal-ui/src/screens/Console/Policies/PolicyDetails.tsx b/portal-ui/src/screens/Console/Policies/PolicyDetails.tsx index 13fff00d13..b986b2dbdf 100644 --- a/portal-ui/src/screens/Console/Policies/PolicyDetails.tsx +++ b/portal-ui/src/screens/Console/Policies/PolicyDetails.tsx @@ -166,6 +166,7 @@ const PolicyDetails = ({ const [selectedTab, setSelectedTab] = useState(0); const [policy, setPolicy] = useState(null); const [userList, setUserList] = useState([]); + const [groupList, setGroupList] = useState([]); const [addLoading, setAddLoading] = useState(false); const [policyName, setPolicyName] = useState( match.params["policyName"] @@ -174,6 +175,8 @@ const PolicyDetails = ({ const [loadingPolicy, setLoadingPolicy] = useState(true); const [filterUsers, setFilterUsers] = useState(""); const [loadingUsers, setLoadingUsers] = useState(true); + const [filterGroups, setFilterGroups] = useState(""); + const [loadingGroups, setLoadingGroups] = useState(true); const saveRecord = (event: React.FormEvent) => { event.preventDefault(); @@ -211,6 +214,20 @@ const PolicyDetails = ({ }); } }; + const loadGroupsForPolicy = () => { + if (loadingGroups) { + api + .invoke("GET", `/api/v1/policies/${policyName}/groups`) + .then((result: any) => { + setGroupList(result); + setLoadingGroups(false); + }) + .catch((err) => { + setErrorSnackMessage(err); + setLoadingGroups(false); + }); + } + }; const loadPolicyDetails = () => { if (loadingPolicy) { api @@ -234,16 +251,20 @@ const PolicyDetails = ({ if (loadingPolicy) { loadPolicyDetails(); loadUsersForPolicy(); + loadGroupsForPolicy(); } }, [ policyName, loadingPolicy, loadingUsers, + loadingGroups, setErrorSnackMessage, setUserList, + setGroupList, setPolicyDefinition, setPolicy, setLoadingUsers, + setLoadingGroups, ]); const resetForm = () => { @@ -262,6 +283,10 @@ const PolicyDetails = ({ elementItem.includes(filterUsers) ); + const filteredGroups = groupList.filter((elementItem) => + elementItem.includes(filterGroups) + ); + return ( + {selectedTab === 0 && ( @@ -374,6 +400,40 @@ const PolicyDetails = ({ /> )} + {selectedTab === 2 && ( + + + { + setFilterGroups(val.target.value); + }} + InputProps={{ + disableUnderline: true, + startAdornment: ( + + + + ), + }} + /> + + +
+ + + + )} ); diff --git a/restapi/admin_policies.go b/restapi/admin_policies.go index bf760a58cc..04cd8e4e0b 100644 --- a/restapi/admin_policies.go +++ b/restapi/admin_policies.go @@ -89,6 +89,13 @@ func registersPoliciesHandler(api *operations.ConsoleAPI) { } return admin_api.NewListUsersForPolicyOK().WithPayload(policyUsersResponse) }) + api.AdminAPIListGroupsForPolicyHandler = admin_api.ListGroupsForPolicyHandlerFunc(func(params admin_api.ListGroupsForPolicyParams, session *models.Principal) middleware.Responder { + policyGroupsResponse, err := getListGroupsForPolicyResponse(session, params.Policy) + if err != nil { + return admin_api.NewListGroupsForPolicyDefault(int(err.Code)).WithPayload(err) + } + return admin_api.NewListGroupsForPolicyOK().WithPayload(policyGroupsResponse) + }) } func getListPoliciesWithBucketResponse(session *models.Principal, bucket string) (*models.ListPoliciesResponse, *models.Error) { @@ -220,6 +227,35 @@ func getListUsersForPolicyResponse(session *models.Principal, policy string) ([] return filteredUsers, nil } +func getListGroupsForPolicyResponse(session *models.Principal, policy string) ([]string, *models.Error) { + ctx := context.Background() + mAdmin, err := newAdminClient(session) + if err != nil { + return nil, prepareError(err) + } + // create a minioClient interface implementation + // defining the client to be used + adminClient := adminClient{client: mAdmin} + + groups, err := adminClient.listGroups(ctx) + if err != nil { + return nil, prepareError(err) + } + + var filteredGroups []string + for _, group := range groups { + info, err := groupInfo(ctx, adminClient, group) + if err != nil { + LogError("unable to fetch group info %s: %v", group, err) + } + if info.Policy == policy { + filteredGroups = append(filteredGroups, group) + } + } + sort.Strings(filteredGroups) + return filteredGroups, nil +} + // removePolicy() calls MinIO server to remove a policy based on name. func removePolicy(ctx context.Context, client MinioAdmin, name string) error { err := client.removePolicy(ctx, name) diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go index 2263b03e72..6cc9616881 100644 --- a/restapi/embedded_spec.go +++ b/restapi/embedded_spec.go @@ -3387,6 +3387,40 @@ func init() { } } }, + "/policies/{policy}/groups": { + "get": { + "tags": [ + "AdminAPI" + ], + "summary": "List Groups for a Policy", + "operationId": "ListGroupsForPolicy", + "parameters": [ + { + "type": "string", + "name": "policy", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "default": { + "description": "Generic error response.", + "schema": { + "$ref": "#/definitions/error" + } + } + } + } + }, "/policies/{policy}/users": { "get": { "tags": [ @@ -11191,6 +11225,40 @@ func init() { } } }, + "/policies/{policy}/groups": { + "get": { + "tags": [ + "AdminAPI" + ], + "summary": "List Groups for a Policy", + "operationId": "ListGroupsForPolicy", + "parameters": [ + { + "type": "string", + "name": "policy", + "in": "path", + "required": true + } + ], + "responses": { + "200": { + "description": "A successful response.", + "schema": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "default": { + "description": "Generic error response.", + "schema": { + "$ref": "#/definitions/error" + } + } + } + } + }, "/policies/{policy}/users": { "get": { "tags": [ diff --git a/restapi/operations/admin_api/list_groups_for_policy.go b/restapi/operations/admin_api/list_groups_for_policy.go new file mode 100644 index 0000000000..e63ac876f0 --- /dev/null +++ b/restapi/operations/admin_api/list_groups_for_policy.go @@ -0,0 +1,88 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime/middleware" + + "github.com/minio/console/models" +) + +// ListGroupsForPolicyHandlerFunc turns a function with the right signature into a list groups for policy handler +type ListGroupsForPolicyHandlerFunc func(ListGroupsForPolicyParams, *models.Principal) middleware.Responder + +// Handle executing the request and returning a response +func (fn ListGroupsForPolicyHandlerFunc) Handle(params ListGroupsForPolicyParams, principal *models.Principal) middleware.Responder { + return fn(params, principal) +} + +// ListGroupsForPolicyHandler interface for that can handle valid list groups for policy params +type ListGroupsForPolicyHandler interface { + Handle(ListGroupsForPolicyParams, *models.Principal) middleware.Responder +} + +// NewListGroupsForPolicy creates a new http.Handler for the list groups for policy operation +func NewListGroupsForPolicy(ctx *middleware.Context, handler ListGroupsForPolicyHandler) *ListGroupsForPolicy { + return &ListGroupsForPolicy{Context: ctx, Handler: handler} +} + +/* ListGroupsForPolicy swagger:route GET /policies/{policy}/groups AdminAPI listGroupsForPolicy + +List Groups for a Policy + +*/ +type ListGroupsForPolicy struct { + Context *middleware.Context + Handler ListGroupsForPolicyHandler +} + +func (o *ListGroupsForPolicy) ServeHTTP(rw http.ResponseWriter, r *http.Request) { + route, rCtx, _ := o.Context.RouteInfo(r) + if rCtx != nil { + *r = *rCtx + } + var Params = NewListGroupsForPolicyParams() + uprinc, aCtx, err := o.Context.Authorize(r, route) + if err != nil { + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + if aCtx != nil { + *r = *aCtx + } + var principal *models.Principal + if uprinc != nil { + principal = uprinc.(*models.Principal) // this is really a models.Principal, I promise + } + + if err := o.Context.BindValidRequest(r, route, &Params); err != nil { // bind params + o.Context.Respond(rw, r, route.Produces, route, err) + return + } + + res := o.Handler.Handle(Params, principal) // actually handle the request + o.Context.Respond(rw, r, route.Produces, route, res) + +} diff --git a/restapi/operations/admin_api/list_groups_for_policy_parameters.go b/restapi/operations/admin_api/list_groups_for_policy_parameters.go new file mode 100644 index 0000000000..60091161cb --- /dev/null +++ b/restapi/operations/admin_api/list_groups_for_policy_parameters.go @@ -0,0 +1,88 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/errors" + "github.com/go-openapi/runtime/middleware" + "github.com/go-openapi/strfmt" +) + +// NewListGroupsForPolicyParams creates a new ListGroupsForPolicyParams object +// +// There are no default values defined in the spec. +func NewListGroupsForPolicyParams() ListGroupsForPolicyParams { + + return ListGroupsForPolicyParams{} +} + +// ListGroupsForPolicyParams contains all the bound params for the list groups for policy operation +// typically these are obtained from a http.Request +// +// swagger:parameters ListGroupsForPolicy +type ListGroupsForPolicyParams struct { + + // HTTP Request Object + HTTPRequest *http.Request `json:"-"` + + /* + Required: true + In: path + */ + Policy string +} + +// BindRequest both binds and validates a request, it assumes that complex things implement a Validatable(strfmt.Registry) error interface +// for simple values it will use straight method calls. +// +// To ensure default values, the struct must have been initialized with NewListGroupsForPolicyParams() beforehand. +func (o *ListGroupsForPolicyParams) BindRequest(r *http.Request, route *middleware.MatchedRoute) error { + var res []error + + o.HTTPRequest = r + + rPolicy, rhkPolicy, _ := route.Params.GetOK("policy") + if err := o.bindPolicy(rPolicy, rhkPolicy, route.Formats); err != nil { + res = append(res, err) + } + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +// bindPolicy binds and validates parameter Policy from path. +func (o *ListGroupsForPolicyParams) bindPolicy(rawData []string, hasKey bool, formats strfmt.Registry) error { + var raw string + if len(rawData) > 0 { + raw = rawData[len(rawData)-1] + } + + // Required: true + // Parameter is provided by construction from the route + o.Policy = raw + + return nil +} diff --git a/restapi/operations/admin_api/list_groups_for_policy_responses.go b/restapi/operations/admin_api/list_groups_for_policy_responses.go new file mode 100644 index 0000000000..6b8947262e --- /dev/null +++ b/restapi/operations/admin_api/list_groups_for_policy_responses.go @@ -0,0 +1,136 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "net/http" + + "github.com/go-openapi/runtime" + + "github.com/minio/console/models" +) + +// ListGroupsForPolicyOKCode is the HTTP code returned for type ListGroupsForPolicyOK +const ListGroupsForPolicyOKCode int = 200 + +/*ListGroupsForPolicyOK A successful response. + +swagger:response listGroupsForPolicyOK +*/ +type ListGroupsForPolicyOK struct { + + /* + In: Body + */ + Payload []string `json:"body,omitempty"` +} + +// NewListGroupsForPolicyOK creates ListGroupsForPolicyOK with default headers values +func NewListGroupsForPolicyOK() *ListGroupsForPolicyOK { + + return &ListGroupsForPolicyOK{} +} + +// WithPayload adds the payload to the list groups for policy o k response +func (o *ListGroupsForPolicyOK) WithPayload(payload []string) *ListGroupsForPolicyOK { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list groups for policy o k response +func (o *ListGroupsForPolicyOK) SetPayload(payload []string) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListGroupsForPolicyOK) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(200) + payload := o.Payload + if payload == nil { + // return empty array + payload = make([]string, 0, 50) + } + + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } +} + +/*ListGroupsForPolicyDefault Generic error response. + +swagger:response listGroupsForPolicyDefault +*/ +type ListGroupsForPolicyDefault struct { + _statusCode int + + /* + In: Body + */ + Payload *models.Error `json:"body,omitempty"` +} + +// NewListGroupsForPolicyDefault creates ListGroupsForPolicyDefault with default headers values +func NewListGroupsForPolicyDefault(code int) *ListGroupsForPolicyDefault { + if code <= 0 { + code = 500 + } + + return &ListGroupsForPolicyDefault{ + _statusCode: code, + } +} + +// WithStatusCode adds the status to the list groups for policy default response +func (o *ListGroupsForPolicyDefault) WithStatusCode(code int) *ListGroupsForPolicyDefault { + o._statusCode = code + return o +} + +// SetStatusCode sets the status to the list groups for policy default response +func (o *ListGroupsForPolicyDefault) SetStatusCode(code int) { + o._statusCode = code +} + +// WithPayload adds the payload to the list groups for policy default response +func (o *ListGroupsForPolicyDefault) WithPayload(payload *models.Error) *ListGroupsForPolicyDefault { + o.Payload = payload + return o +} + +// SetPayload sets the payload to the list groups for policy default response +func (o *ListGroupsForPolicyDefault) SetPayload(payload *models.Error) { + o.Payload = payload +} + +// WriteResponse to the client +func (o *ListGroupsForPolicyDefault) WriteResponse(rw http.ResponseWriter, producer runtime.Producer) { + + rw.WriteHeader(o._statusCode) + if o.Payload != nil { + payload := o.Payload + if err := producer.Produce(rw, payload); err != nil { + panic(err) // let the recovery middleware deal with this + } + } +} diff --git a/restapi/operations/admin_api/list_groups_for_policy_urlbuilder.go b/restapi/operations/admin_api/list_groups_for_policy_urlbuilder.go new file mode 100644 index 0000000000..d204744ae1 --- /dev/null +++ b/restapi/operations/admin_api/list_groups_for_policy_urlbuilder.go @@ -0,0 +1,116 @@ +// Code generated by go-swagger; DO NOT EDIT. + +// This file is part of MinIO Console Server +// Copyright (c) 2021 MinIO, Inc. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . +// + +package admin_api + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the generate command + +import ( + "errors" + "net/url" + golangswaggerpaths "path" + "strings" +) + +// ListGroupsForPolicyURL generates an URL for the list groups for policy operation +type ListGroupsForPolicyURL struct { + Policy string + + _basePath string + // avoid unkeyed usage + _ struct{} +} + +// WithBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListGroupsForPolicyURL) WithBasePath(bp string) *ListGroupsForPolicyURL { + o.SetBasePath(bp) + return o +} + +// SetBasePath sets the base path for this url builder, only required when it's different from the +// base path specified in the swagger spec. +// When the value of the base path is an empty string +func (o *ListGroupsForPolicyURL) SetBasePath(bp string) { + o._basePath = bp +} + +// Build a url path and query string +func (o *ListGroupsForPolicyURL) Build() (*url.URL, error) { + var _result url.URL + + var _path = "/policies/{policy}/groups" + + policy := o.Policy + if policy != "" { + _path = strings.Replace(_path, "{policy}", policy, -1) + } else { + return nil, errors.New("policy is required on ListGroupsForPolicyURL") + } + + _basePath := o._basePath + if _basePath == "" { + _basePath = "/api/v1" + } + _result.Path = golangswaggerpaths.Join(_basePath, _path) + + return &_result, nil +} + +// Must is a helper function to panic when the url builder returns an error +func (o *ListGroupsForPolicyURL) Must(u *url.URL, err error) *url.URL { + if err != nil { + panic(err) + } + if u == nil { + panic("url can't be nil") + } + return u +} + +// String returns the string representation of the path with query string +func (o *ListGroupsForPolicyURL) String() string { + return o.Must(o.Build()).String() +} + +// BuildFull builds a full url with scheme, host, path and query string +func (o *ListGroupsForPolicyURL) BuildFull(scheme, host string) (*url.URL, error) { + if scheme == "" { + return nil, errors.New("scheme is required for a full url on ListGroupsForPolicyURL") + } + if host == "" { + return nil, errors.New("host is required for a full url on ListGroupsForPolicyURL") + } + + base, err := o.Build() + if err != nil { + return nil, err + } + + base.Scheme = scheme + base.Host = host + return base, nil +} + +// StringFull returns the string representation of a complete url +func (o *ListGroupsForPolicyURL) StringFull(scheme, host string) string { + return o.Must(o.BuildFull(scheme, host)).String() +} diff --git a/restapi/operations/console_api.go b/restapi/operations/console_api.go index 35a41aa003..8cc4ce7693 100644 --- a/restapi/operations/console_api.go +++ b/restapi/operations/console_api.go @@ -252,6 +252,9 @@ func NewConsoleAPI(spec *loads.Document) *ConsoleAPI { AdminAPIListGroupsHandler: admin_api.ListGroupsHandlerFunc(func(params admin_api.ListGroupsParams, principal *models.Principal) middleware.Responder { return middleware.NotImplemented("operation admin_api.ListGroups has not yet been implemented") }), + AdminAPIListGroupsForPolicyHandler: admin_api.ListGroupsForPolicyHandlerFunc(func(params admin_api.ListGroupsForPolicyParams, principal *models.Principal) middleware.Responder { + return middleware.NotImplemented("operation admin_api.ListGroupsForPolicy has not yet been implemented") + }), OperatorAPIListNodeLabelsHandler: operator_api.ListNodeLabelsHandlerFunc(func(params operator_api.ListNodeLabelsParams, principal *models.Principal) middleware.Responder { return middleware.NotImplemented("operation operator_api.ListNodeLabels has not yet been implemented") }), @@ -611,6 +614,8 @@ type ConsoleAPI struct { UserAPIListExternalBucketsHandler user_api.ListExternalBucketsHandler // AdminAPIListGroupsHandler sets the operation handler for the list groups operation AdminAPIListGroupsHandler admin_api.ListGroupsHandler + // AdminAPIListGroupsForPolicyHandler sets the operation handler for the list groups for policy operation + AdminAPIListGroupsForPolicyHandler admin_api.ListGroupsForPolicyHandler // OperatorAPIListNodeLabelsHandler sets the operation handler for the list node labels operation OperatorAPIListNodeLabelsHandler operator_api.ListNodeLabelsHandler // UserAPIListObjectsHandler sets the operation handler for the list objects operation @@ -1004,6 +1009,9 @@ func (o *ConsoleAPI) Validate() error { if o.AdminAPIListGroupsHandler == nil { unregistered = append(unregistered, "admin_api.ListGroupsHandler") } + if o.AdminAPIListGroupsForPolicyHandler == nil { + unregistered = append(unregistered, "admin_api.ListGroupsForPolicyHandler") + } if o.OperatorAPIListNodeLabelsHandler == nil { unregistered = append(unregistered, "operator_api.ListNodeLabelsHandler") } @@ -1537,6 +1545,10 @@ func (o *ConsoleAPI) initHandlerCache() { if o.handlers["GET"] == nil { o.handlers["GET"] = make(map[string]http.Handler) } + o.handlers["GET"]["/policies/{policy}/groups"] = admin_api.NewListGroupsForPolicy(o.context, o.AdminAPIListGroupsForPolicyHandler) + if o.handlers["GET"] == nil { + o.handlers["GET"] = make(map[string]http.Handler) + } o.handlers["GET"]["/nodes/labels"] = operator_api.NewListNodeLabels(o.context, o.OperatorAPIListNodeLabelsHandler) if o.handlers["GET"] == nil { o.handlers["GET"] = make(map[string]http.Handler) diff --git a/swagger.yml b/swagger.yml index 6df035b6bd..eeda52e344 100644 --- a/swagger.yml +++ b/swagger.yml @@ -1487,6 +1487,29 @@ paths: tags: - AdminAPI + /policies/{policy}/groups: + get: + summary: List Groups for a Policy + operationId: ListGroupsForPolicy + parameters: + - name: policy + in: path + required: true + type: string + responses: + 200: + description: A successful response. + schema: + type: array + items: + type: string + default: + description: Generic error response. + schema: + $ref: "#/definitions/error" + tags: + - AdminAPI + /bucket-policy/{bucket}: get: summary: List Policies With Given Bucket