Add new LDAP focused commands (#246)

* add AddServiceAccountLDAP * Add API * Fixes * . * Chnage routing
minio · Nov 6, 2023 · f8360b1 · f8360b1
1 parent 59a7fea
commit f8360b1
Showing 1 changed file with 81 additions and 0 deletions.
diff --git a/user-commands.go b/user-commands.go
@@ -433,6 +433,47 @@ func (adm *AdminClient) AddServiceAccount(ctx context.Context, opts AddServiceAc
 	return serviceAccountResp.Credentials, nil
 }
 
+// AddServiceAccountLDAP - AddServiceAccount with extra features, restricted to LDAP users.
+func (adm *AdminClient) AddServiceAccountLDAP(ctx context.Context, opts AddServiceAccountReq) (Credentials, error) {
+	if err := opts.Validate(); err != nil {
+		return Credentials{}, err
+	}
+	data, err := json.Marshal(opts)
+	if err != nil {
+		return Credentials{}, err
+	}
+
+	econfigBytes, err := EncryptData(adm.getSecretKey(), data)
+	if err != nil {
+		return Credentials{}, err
+	}
+
+	reqData := requestData{
+		relPath: adminAPIPrefix + "/idp/ldap/add-service-account",
+		content: econfigBytes,
+	}
+	resp, err := adm.executeMethod(ctx, http.MethodPut, reqData)
+	defer closeResponse(resp)
+	if err != nil {
+		return Credentials{}, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return Credentials{}, httpRespToErrorResponse(resp)
+	}
+
+	data, err = DecryptData(adm.getSecretKey(), resp.Body)
+	if err != nil {
+		return Credentials{}, err
+	}
+
+	var serviceAccountResp AddServiceAccountResp
+	if err = json.Unmarshal(data, &serviceAccountResp); err != nil {
+		return Credentials{}, err
+	}
+	return serviceAccountResp.Credentials, nil
+}
+
 // UpdateServiceAccountReq is the request options of the edit service account admin call
 type UpdateServiceAccountReq struct {
 	NewPolicy      json.RawMessage `json:"newPolicy,omitempty"` // Parsed policy from iam/policy.Parse
@@ -531,6 +572,46 @@ func (adm *AdminClient) ListServiceAccounts(ctx context.Context, user string) (L
 	return listResp, nil
 }
 
+// ListAccessKeysLDAPResp is the response body of the list service accounts call
+type ListAccessKeysLDAPResp struct {
+	ServiceAccounts []ServiceAccountInfo `json:"serviceAccounts"`
+	STSKeys         []ServiceAccountInfo `json:"stsKeys"`
+}
+
+// ListAccessKeysLDAP - list service accounts belonging to the specified user
+func (adm *AdminClient) ListAccessKeysLDAP(ctx context.Context, userDN string, listType string) (ListAccessKeysLDAPResp, error) {
+	queryValues := url.Values{}
+	queryValues.Set("listType", listType)
+	queryValues.Set("userDN", userDN)
+
+	reqData := requestData{
+		relPath:     adminAPIPrefix + "/idp/ldap/list-access-keys",
+		queryValues: queryValues,
+	}
+
+	// Execute GET on /minio/admin/v3/list-service-accounts
+	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
+	defer closeResponse(resp)
+	if err != nil {
+		return ListAccessKeysLDAPResp{}, err
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return ListAccessKeysLDAPResp{}, httpRespToErrorResponse(resp)
+	}
+
+	data, err := DecryptData(adm.getSecretKey(), resp.Body)
+	if err != nil {
+		return ListAccessKeysLDAPResp{}, err
+	}
+
+	var listResp ListAccessKeysLDAPResp
+	if err = json.Unmarshal(data, &listResp); err != nil {
+		return ListAccessKeysLDAPResp{}, err
+	}
+	return listResp, nil
+}
+
 // InfoServiceAccountResp is the response body of the info service account call
 type InfoServiceAccountResp struct {
 	ParentUser    string     `json:"parentUser"`