search

minio / mc

Unix like utilities for object store
https://min.io/download
GNU Affero General Public License v3.0
2.86k stars 548 forks source link

Support multiple policies in 'mc admin user policy' command #4685

Closed r-scheele closed 1 year ago

r-scheele commented 1 year ago

Description

mc admin user policy command to handle users with multiple attached policies. With this update, the command can now handle multiple policies, displaying each policy's details sequentially.

Motivation and Context

The command would fail with an error when a user had more than one policy attached, as it expected a single policy name

How to test this PR?

~/mc admin user add myminio minio1 minio123

Added user `minio1` successfully.

~/mc admin policy attach myminio consoleAdmin --user minio1

Attached Policies: [consoleAdmin]
To User: minio1

~/mc admin user info myminio minio1

AccessKey: minio1
Status: enabled
PolicyName: consoleAdmin
MemberOf: []

~/mc admin user policy myminio minio1

{
  "Version": "2012-10-17",
  "Statement": [
   {
    "Effect": "Allow",
    "Action": [
     "admin:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "kms:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "s3:*"
    ],
    "Resource": [
     "arn:aws:s3:::*"
    ]
   }
  ]
 }

~/mc admin policy attach myminio diagnostics --user minio1

Attached Policies: [diagnostics]
To User: minio1

~/mc admin user info myminio minio1

AccessKey: minio1
Status: enabled
PolicyName: consoleAdmin,diagnostics
MemberOf: []

~/mc admin user policy myminio minio1

{
  "Version": "2012-10-17",
  "Statement": [
   {
    "Effect": "Allow",
    "Action": [
     "admin:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "kms:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "s3:*"
    ],
    "Resource": [
     "arn:aws:s3:::*"
    ]
   }
  ]
 }
{
  "Version": "2012-10-17",
  "Statement": [
   {
    "Effect": "Allow",
    "Action": [
     "admin:Profiling",
     "admin:ServerTrace",
     "admin:ConsoleLog",
     "admin:ServerInfo",
     "admin:TopLocksInfo",
     "admin:OBDInfo",
     "admin:BandwidthMonitor",
     "admin:Prometheus"
    ],
    "Resource": [
     "arn:aws:s3:::*"
    ]
   }
  ]
 }

Types of changes