diff options
Diffstat (limited to 'weed/credential/postgres/postgres_policy.go')
| -rw-r--r-- | weed/credential/postgres/postgres_policy.go | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/weed/credential/postgres/postgres_policy.go b/weed/credential/postgres/postgres_policy.go new file mode 100644 index 000000000..8be2b108c --- /dev/null +++ b/weed/credential/postgres/postgres_policy.go @@ -0,0 +1,130 @@ +package postgres + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/seaweedfs/seaweedfs/weed/credential" +) + +// GetPolicies retrieves all IAM policies from PostgreSQL +func (store *PostgresStore) GetPolicies(ctx context.Context) (map[string]credential.PolicyDocument, error) { + if !store.configured { + return nil, fmt.Errorf("store not configured") + } + + policies := make(map[string]credential.PolicyDocument) + + rows, err := store.db.QueryContext(ctx, "SELECT name, document FROM policies") + if err != nil { + return nil, fmt.Errorf("failed to query policies: %v", err) + } + defer rows.Close() + + for rows.Next() { + var name string + var documentJSON []byte + + if err := rows.Scan(&name, &documentJSON); err != nil { + return nil, fmt.Errorf("failed to scan policy row: %v", err) + } + + var document credential.PolicyDocument + if err := json.Unmarshal(documentJSON, &document); err != nil { + return nil, fmt.Errorf("failed to unmarshal policy document for %s: %v", name, err) + } + + policies[name] = document + } + + return policies, nil +} + +// CreatePolicy creates a new IAM policy in PostgreSQL +func (store *PostgresStore) CreatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error { + if !store.configured { + return fmt.Errorf("store not configured") + } + + documentJSON, err := json.Marshal(document) + if err != nil { + return fmt.Errorf("failed to marshal policy document: %v", err) + } + + _, err = store.db.ExecContext(ctx, + "INSERT INTO policies (name, document) VALUES ($1, $2) ON CONFLICT (name) DO UPDATE SET document = $2, updated_at = CURRENT_TIMESTAMP", + name, documentJSON) + if err != nil { + return fmt.Errorf("failed to insert policy: %v", err) + } + + return nil +} + +// UpdatePolicy updates an existing IAM policy in PostgreSQL +func (store *PostgresStore) UpdatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error { + if !store.configured { + return fmt.Errorf("store not configured") + } + + documentJSON, err := json.Marshal(document) + if err != nil { + return fmt.Errorf("failed to marshal policy document: %v", err) + } + + result, err := store.db.ExecContext(ctx, + "UPDATE policies SET document = $2, updated_at = CURRENT_TIMESTAMP WHERE name = $1", + name, documentJSON) + if err != nil { + return fmt.Errorf("failed to update policy: %v", err) + } + + rowsAffected, err := result.RowsAffected() + if err != nil { + return fmt.Errorf("failed to get rows affected: %v", err) + } + + if rowsAffected == 0 { + return fmt.Errorf("policy %s not found", name) + } + + return nil +} + +// DeletePolicy deletes an IAM policy from PostgreSQL +func (store *PostgresStore) DeletePolicy(ctx context.Context, name string) error { + if !store.configured { + return fmt.Errorf("store not configured") + } + + result, err := store.db.ExecContext(ctx, "DELETE FROM policies WHERE name = $1", name) + if err != nil { + return fmt.Errorf("failed to delete policy: %v", err) + } + + rowsAffected, err := result.RowsAffected() + if err != nil { + return fmt.Errorf("failed to get rows affected: %v", err) + } + + if rowsAffected == 0 { + return fmt.Errorf("policy %s not found", name) + } + + return nil +} + +// GetPolicy retrieves a specific IAM policy by name from PostgreSQL +func (store *PostgresStore) GetPolicy(ctx context.Context, name string) (*credential.PolicyDocument, error) { + policies, err := store.GetPolicies(ctx) + if err != nil { + return nil, err + } + + if policy, exists := policies[name]; exists { + return &policy, nil + } + + return nil, nil // Policy not found +} |