1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
package dash
import (
"context"
"fmt"
"time"
"github.com/seaweedfs/seaweedfs/weed/credential"
"github.com/seaweedfs/seaweedfs/weed/glog"
)
type IAMPolicy struct {
Name string `json:"name"`
Document credential.PolicyDocument `json:"document"`
DocumentJSON string `json:"document_json"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
type PoliciesCollection struct {
Policies map[string]credential.PolicyDocument `json:"policies"`
}
type PoliciesData struct {
Username string `json:"username"`
Policies []IAMPolicy `json:"policies"`
TotalPolicies int `json:"total_policies"`
LastUpdated time.Time `json:"last_updated"`
}
// Policy management request structures
type CreatePolicyRequest struct {
Name string `json:"name" binding:"required"`
Document credential.PolicyDocument `json:"document" binding:"required"`
DocumentJSON string `json:"document_json"`
}
type UpdatePolicyRequest struct {
Document credential.PolicyDocument `json:"document" binding:"required"`
DocumentJSON string `json:"document_json"`
}
// PolicyManager interface is now in the credential package
// CredentialStorePolicyManager implements credential.PolicyManager by delegating to the credential store
type CredentialStorePolicyManager struct {
credentialManager *credential.CredentialManager
}
// NewCredentialStorePolicyManager creates a new CredentialStorePolicyManager
func NewCredentialStorePolicyManager(credentialManager *credential.CredentialManager) *CredentialStorePolicyManager {
return &CredentialStorePolicyManager{
credentialManager: credentialManager,
}
}
// GetPolicies retrieves all IAM policies via credential store
func (cspm *CredentialStorePolicyManager) GetPolicies(ctx context.Context) (map[string]credential.PolicyDocument, error) {
// Get policies from credential store
// We'll use the credential store to access the filer indirectly
// Since policies are stored separately, we need to access the underlying store
store := cspm.credentialManager.GetStore()
glog.V(1).Infof("Getting policies from credential store: %T", store)
// Check if the store supports policy management
if policyStore, ok := store.(credential.PolicyManager); ok {
glog.V(1).Infof("Store supports policy management, calling GetPolicies")
policies, err := policyStore.GetPolicies(ctx)
if err != nil {
glog.Errorf("Error getting policies from store: %v", err)
return nil, err
}
glog.V(1).Infof("Got %d policies from store", len(policies))
return policies, nil
} else {
// Fallback: use empty policies for stores that don't support policies
glog.V(1).Infof("Credential store doesn't support policy management, returning empty policies")
return make(map[string]credential.PolicyDocument), nil
}
}
// CreatePolicy creates a new IAM policy via credential store
func (cspm *CredentialStorePolicyManager) CreatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error {
store := cspm.credentialManager.GetStore()
if policyStore, ok := store.(credential.PolicyManager); ok {
return policyStore.CreatePolicy(ctx, name, document)
}
return fmt.Errorf("credential store doesn't support policy creation")
}
// UpdatePolicy updates an existing IAM policy via credential store
func (cspm *CredentialStorePolicyManager) UpdatePolicy(ctx context.Context, name string, document credential.PolicyDocument) error {
store := cspm.credentialManager.GetStore()
if policyStore, ok := store.(credential.PolicyManager); ok {
return policyStore.UpdatePolicy(ctx, name, document)
}
return fmt.Errorf("credential store doesn't support policy updates")
}
// DeletePolicy deletes an IAM policy via credential store
func (cspm *CredentialStorePolicyManager) DeletePolicy(ctx context.Context, name string) error {
store := cspm.credentialManager.GetStore()
if policyStore, ok := store.(credential.PolicyManager); ok {
return policyStore.DeletePolicy(ctx, name)
}
return fmt.Errorf("credential store doesn't support policy deletion")
}
// GetPolicy retrieves a specific IAM policy via credential store
func (cspm *CredentialStorePolicyManager) GetPolicy(ctx context.Context, name string) (*credential.PolicyDocument, error) {
store := cspm.credentialManager.GetStore()
if policyStore, ok := store.(credential.PolicyManager); ok {
return policyStore.GetPolicy(ctx, name)
}
return nil, fmt.Errorf("credential store doesn't support policy retrieval")
}
// AdminServer policy management methods using credential.PolicyManager
func (s *AdminServer) GetPolicyManager() credential.PolicyManager {
if s.credentialManager == nil {
glog.V(1).Infof("Credential manager is nil, policy management not available")
return nil
}
glog.V(1).Infof("Credential manager available, creating CredentialStorePolicyManager")
return NewCredentialStorePolicyManager(s.credentialManager)
}
// GetPolicies retrieves all IAM policies
func (s *AdminServer) GetPolicies() ([]IAMPolicy, error) {
policyManager := s.GetPolicyManager()
if policyManager == nil {
return nil, fmt.Errorf("policy manager not available")
}
ctx := context.Background()
policyMap, err := policyManager.GetPolicies(ctx)
if err != nil {
return nil, err
}
// Convert map[string]PolicyDocument to []IAMPolicy
var policies []IAMPolicy
for name, doc := range policyMap {
policy := IAMPolicy{
Name: name,
Document: doc,
DocumentJSON: "", // Will be populated if needed
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
}
policies = append(policies, policy)
}
return policies, nil
}
// CreatePolicy creates a new IAM policy
func (s *AdminServer) CreatePolicy(name string, document credential.PolicyDocument) error {
policyManager := s.GetPolicyManager()
if policyManager == nil {
return fmt.Errorf("policy manager not available")
}
ctx := context.Background()
return policyManager.CreatePolicy(ctx, name, document)
}
// UpdatePolicy updates an existing IAM policy
func (s *AdminServer) UpdatePolicy(name string, document credential.PolicyDocument) error {
policyManager := s.GetPolicyManager()
if policyManager == nil {
return fmt.Errorf("policy manager not available")
}
ctx := context.Background()
return policyManager.UpdatePolicy(ctx, name, document)
}
// DeletePolicy deletes an IAM policy
func (s *AdminServer) DeletePolicy(name string) error {
policyManager := s.GetPolicyManager()
if policyManager == nil {
return fmt.Errorf("policy manager not available")
}
ctx := context.Background()
return policyManager.DeletePolicy(ctx, name)
}
// GetPolicy retrieves a specific IAM policy
func (s *AdminServer) GetPolicy(name string) (*IAMPolicy, error) {
policyManager := s.GetPolicyManager()
if policyManager == nil {
return nil, fmt.Errorf("policy manager not available")
}
ctx := context.Background()
policyDoc, err := policyManager.GetPolicy(ctx, name)
if err != nil {
return nil, err
}
if policyDoc == nil {
return nil, nil
}
// Convert PolicyDocument to IAMPolicy
policy := &IAMPolicy{
Name: name,
Document: *policyDoc,
DocumentJSON: "", // Will be populated if needed
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
}
return policy, nil
}
|
