Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MinioAdmin: add {attach,detach}_policy and get_policy_entities APIs #1471

Merged
merged 1 commit into from
Jan 6, 2025
Merged

MinioAdmin: add {attach,detach}_policy and get_policy_entities APIs #1471

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13.0"]
python-version: ["3.9", "3.10", "3.11", "3.12", "3.13"]
os: [ubuntu-latest, windows-latest, macos-latest]

steps:
Expand Down
79 changes: 50 additions & 29 deletions minio/minioadmin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ class _COMMAND(Enum):
SET_USER_OR_GROUP_POLICY = "set-user-or-group-policy"
LIST_CANNED_POLICIES = "list-canned-policies"
REMOVE_CANNED_POLICY = "remove-canned-policy"
UNSET_USER_OR_GROUP_POLICY = "idp/builtin/policy/detach"
CANNED_POLICY_INFO = "info-canned-policy"
SET_BUCKET_QUOTA = "set-bucket-quota"
GET_BUCKET_QUOTA = "get-bucket-quota"
Expand Down Expand Up @@ -98,6 +97,9 @@ class _COMMAND(Enum):
IDP_LDAP_POLICY_DETACH = "idp/ldap/policy/detach"
IDP_LDAP_LIST_ACCESS_KEYS = "idp/ldap/list-access-keys"
IDP_LDAP_LIST_ACCESS_KEYS_BULK = "idp/ldap/list-access-keys-bulk"
IDP_BUILTIN_POLICY_ATTACH = "idp/builtin/policy/attach"
IDP_BUILTIN_POLICY_DETACH = "idp/builtin/policy/detach"
IDP_BUILTIN_POLICY_ENTITIES = "idp/builtin/policy-entities"


def _safe_str(value: Any) -> str:
Expand Down Expand Up @@ -476,7 +478,7 @@ def policy_list(self) -> str:

def policy_set(
self,
policy_name: str | list[str],
policy_name: str,
user: str | None = None,
group: str | None = None,
) -> str:
Expand All @@ -499,29 +501,9 @@ def policy_unset(
group: str | None = None,
) -> str:
"""Unset an IAM policy for a user or group."""
if (user is not None) ^ (group is not None):
policies = (
policy_name if isinstance(policy_name, list) else [policy_name]
)
data: dict[str, str | list[str]] = {"policies": policies}
if user:
data["user"] = user
if group:
data["group"] = group
response = self._url_open(
"POST",
_COMMAND.UNSET_USER_OR_GROUP_POLICY,
body=encrypt(
json.dumps(data).encode(),
self._provider.retrieve().secret_key,
),
preload_content=False,
)
plain_data = decrypt(
response, self._provider.retrieve().secret_key,
)
return plain_data.decode()
raise ValueError("either user or group must be set")
return self.detach_policy(
policy_name if isinstance(policy_name, list) else [policy_name],
user, group)

def config_get(self, key: str | None = None) -> str:
"""Get configuration parameters."""
Expand Down Expand Up @@ -847,14 +829,14 @@ def delete_service_account(self, access_key: str) -> str:
)
return response.data.decode()

def _attach_detach_policy_ldap(
def _attach_detach_policy(
self,
command: _COMMAND,
policies: list[str],
user: str | None = None,
group: str | None = None,
) -> str:
"""Attach or detach policies for LDAP."""
"""Attach or detach policies for builtin or LDAP."""
if (user is not None) ^ (group is not None):
key = "user" if user else "group"
body = json.dumps(
Expand All @@ -876,7 +858,7 @@ def attach_policy_ldap(
group: str | None = None,
) -> str:
"""Attach policies for LDAP."""
return self._attach_detach_policy_ldap(
return self._attach_detach_policy(
_COMMAND.IDP_LDAP_POLICY_ATTACH, policies, user, group,
)

Expand All @@ -887,7 +869,7 @@ def detach_policy_ldap(
group: str | None = None,
) -> str:
"""Detach policies for LDAP."""
return self._attach_detach_policy_ldap(
return self._attach_detach_policy(
_COMMAND.IDP_LDAP_POLICY_DETACH, policies, user, group,
)

Expand Down Expand Up @@ -927,3 +909,42 @@ def list_access_keys_ldap_bulk(
response, self._provider.retrieve().secret_key,
)
return plain_data.decode()

def attach_policy(
self,
policies: list[str],
user: str | None = None,
group: str | None = None,
) -> str:
"""Attach builtin policies."""
return self._attach_detach_policy(
_COMMAND.IDP_BUILTIN_POLICY_ATTACH, policies, user, group,
)

def detach_policy(
self,
policies: list[str],
user: str | None = None,
group: str | None = None,
) -> str:
"""Detach builtin policies."""
return self._attach_detach_policy(
_COMMAND.IDP_BUILTIN_POLICY_DETACH, policies, user, group,
)

def get_policy_entities(
self,
users: list[str],
groups: list[str],
policies: list[str],
) -> str:
"""Get builtin policy entities."""
response = self._url_open(
"GET", _COMMAND.IDP_BUILTIN_POLICY_ENTITIES,
query_params={"user": users, "group": groups, "policy": policies},
preload_content=False,
)
plain_data = decrypt(
response, self._provider.retrieve().secret_key,
)
return plain_data.decode()
Loading