diff --git a/test/s3/iam/test_config.json b/test/s3/iam/test_config.json index 8063c4059..05d4b5504 100644 --- a/test/s3/iam/test_config.json +++ b/test/s3/iam/test_config.json @@ -37,274 +37,6 @@ ] } ], - "iam": { - "enabled": true, - "sts": { - "tokenDuration": "15m", - "issuer": "seaweedfs-sts", - "signingKey": "dGVzdC1zaWduaW5nLWtleS0zMi1jaGFyYWN0ZXJzLWxvbmc=" - }, - "policy": { - "defaultEffect": "Deny" - }, - "providers": { - "oidc": { - "test-oidc": { - "issuer": "http://localhost:8080/.well-known/openid_configuration", - "clientId": "test-client-id", - "jwksUri": "http://localhost:8080/jwks", - "userInfoUri": "http://localhost:8080/userinfo", - "roleMapping": { - "rules": [ - { - "claim": "groups", - "claimValue": "admins", - "roleName": "S3AdminRole" - }, - { - "claim": "groups", - "claimValue": "users", - "roleName": "S3ReadOnlyRole" - }, - { - "claim": "groups", - "claimValue": "writers", - "roleName": "S3WriteOnlyRole" - } - ] - }, - "claimsMapping": { - "email": "email", - "displayName": "name", - "groups": "groups" - } - } - }, - "ldap": { - "test-ldap": { - "server": "ldap://localhost:389", - "baseDN": "dc=example,dc=com", - "bindDN": "cn=admin,dc=example,dc=com", - "bindPassword": "admin-password", - "userFilter": "(uid=%s)", - "groupFilter": "(memberUid=%s)", - "attributes": { - "email": "mail", - "displayName": "cn", - "groups": "memberOf" - }, - "roleMapping": { - "rules": [ - { - "claim": "groups", - "claimValue": "cn=admins,ou=groups,dc=example,dc=com", - "roleName": "S3AdminRole" - }, - { - "claim": "groups", - "claimValue": "cn=users,ou=groups,dc=example,dc=com", - "roleName": "S3ReadOnlyRole" - } - ] - } - } - } - }, - "policyStore": {} - }, - "roles": { - "S3AdminRole": { - "trustPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": [ - "test-oidc", - "test-ldap" - ] - }, - "Action": "sts:AssumeRoleWithWebIdentity" - } - ] - }, - "attachedPolicies": [ - "S3AdminPolicy" - ], - "description": "Full administrative access to S3 resources" - }, - "S3ReadOnlyRole": { - "trustPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": [ - "test-oidc", - "test-ldap" - ] - }, - "Action": "sts:AssumeRoleWithWebIdentity" - } - ] - }, - "attachedPolicies": [ - "S3ReadOnlyPolicy" - ], - "description": "Read-only access to S3 resources" - }, - "S3WriteOnlyRole": { - "trustPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "Federated": [ - "test-oidc", - "test-ldap" - ] - }, - "Action": "sts:AssumeRoleWithWebIdentity" - } - ] - }, - "attachedPolicies": [ - "S3WriteOnlyPolicy" - ], - "description": "Write-only access to S3 resources" - } - }, - "policies": { - "S3AdminPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:*", - "iam:*" - ], - "Resource": [ - "arn:aws:s3:::*", - "arn:aws:s3:::*/*", - "arn:aws:iam:::*" - ] - } - ] - }, - "S3ReadOnlyPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:GetBucketLocation", - "s3:GetBucketVersioning" - ], - "Resource": [ - "arn:aws:s3:::*", - "arn:aws:s3:::*/*" - ] - } - ] - }, - "S3WriteOnlyPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:InitiateMultipartUpload", - "s3:UploadPart", - "s3:CompleteMultipartUpload", - "s3:AbortMultipartUpload", - "s3:ListMultipartUploadParts" - ], - "Resource": [ - "arn:aws:s3:::*/*" - ] - } - ] - }, - "S3BucketManagementPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy", - "s3:DeleteBucketPolicy", - "s3:GetBucketVersioning", - "s3:PutBucketVersioning" - ], - "Resource": [ - "arn:aws:s3:::*" - ] - } - ] - }, - "S3IPRestrictedPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:*" - ], - "Resource": [ - "arn:aws:s3:::*", - "arn:aws:s3:::*/*" - ], - "Condition": { - "IpAddress": { - "aws:SourceIp": [ - "192.168.1.0/24", - "10.0.0.0/8" - ] - } - } - } - ] - }, - "S3TimeBasedPolicy": { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Resource": [ - "arn:aws:s3:::*", - "arn:aws:s3:::*/*" - ], - "Condition": { - "DateGreaterThan": { - "aws:CurrentTime": "2023-01-01T00:00:00Z" - }, - "DateLessThan": { - "aws:CurrentTime": "2025-12-31T23:59:59Z" - } - } - } - ] - } - }, "bucketPolicyExamples": { "PublicReadPolicy": { "Version": "2012-10-17", diff --git a/weed/pb/iam.proto b/weed/pb/iam.proto index dd6163597..4827262b2 100644 --- a/weed/pb/iam.proto +++ b/weed/pb/iam.proto @@ -124,6 +124,43 @@ message GetUserByAccessKeyResponse { Identity identity = 1; } +message ListAccessKeysRequest { + string username = 1; +} + +message ListAccessKeysResponse { + repeated Credential access_keys = 1; +} + +// User Policy Management Messages +message PutUserPolicyRequest { + string username = 1; + string policy_name = 2; + string policy_document = 3; +} + +message PutUserPolicyResponse { +} + +message GetUserPolicyRequest { + string username = 1; + string policy_name = 2; +} + +message GetUserPolicyResponse { + string username = 1; + string policy_name = 2; + string policy_document = 3; +} + +message DeleteUserPolicyRequest { + string username = 1; + string policy_name = 2; +} + +message DeleteUserPolicyResponse { +} + ////////////////////////////////////////////////// message S3ApiConfiguration { @@ -252,3 +289,4 @@ message GetServiceAccountByAccessKeyRequest { message GetServiceAccountByAccessKeyResponse { ServiceAccount service_account = 1; } + diff --git a/weed/pb/iam_pb/iam.pb.go b/weed/pb/iam_pb/iam.pb.go index 719f56082..514d46660 100644 --- a/weed/pb/iam_pb/iam.pb.go +++ b/weed/pb/iam_pb/iam.pb.go @@ -861,6 +861,391 @@ func (x *GetUserByAccessKeyResponse) GetIdentity() *Identity { return nil } +type ListAccessKeysRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListAccessKeysRequest) Reset() { + *x = ListAccessKeysRequest{} + mi := &file_iam_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListAccessKeysRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListAccessKeysRequest) ProtoMessage() {} + +func (x *ListAccessKeysRequest) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[20] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListAccessKeysRequest.ProtoReflect.Descriptor instead. +func (*ListAccessKeysRequest) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{20} +} + +func (x *ListAccessKeysRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +type ListAccessKeysResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + AccessKeys []*Credential `protobuf:"bytes,1,rep,name=access_keys,json=accessKeys,proto3" json:"access_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListAccessKeysResponse) Reset() { + *x = ListAccessKeysResponse{} + mi := &file_iam_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListAccessKeysResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListAccessKeysResponse) ProtoMessage() {} + +func (x *ListAccessKeysResponse) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[21] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListAccessKeysResponse.ProtoReflect.Descriptor instead. +func (*ListAccessKeysResponse) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{21} +} + +func (x *ListAccessKeysResponse) GetAccessKeys() []*Credential { + if x != nil { + return x.AccessKeys + } + return nil +} + +// User Policy Management Messages +type PutUserPolicyRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + PolicyName string `protobuf:"bytes,2,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` + PolicyDocument string `protobuf:"bytes,3,opt,name=policy_document,json=policyDocument,proto3" json:"policy_document,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *PutUserPolicyRequest) Reset() { + *x = PutUserPolicyRequest{} + mi := &file_iam_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PutUserPolicyRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PutUserPolicyRequest) ProtoMessage() {} + +func (x *PutUserPolicyRequest) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[22] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PutUserPolicyRequest.ProtoReflect.Descriptor instead. +func (*PutUserPolicyRequest) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{22} +} + +func (x *PutUserPolicyRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *PutUserPolicyRequest) GetPolicyName() string { + if x != nil { + return x.PolicyName + } + return "" +} + +func (x *PutUserPolicyRequest) GetPolicyDocument() string { + if x != nil { + return x.PolicyDocument + } + return "" +} + +type PutUserPolicyResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *PutUserPolicyResponse) Reset() { + *x = PutUserPolicyResponse{} + mi := &file_iam_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PutUserPolicyResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PutUserPolicyResponse) ProtoMessage() {} + +func (x *PutUserPolicyResponse) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[23] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PutUserPolicyResponse.ProtoReflect.Descriptor instead. +func (*PutUserPolicyResponse) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{23} +} + +type GetUserPolicyRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + PolicyName string `protobuf:"bytes,2,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *GetUserPolicyRequest) Reset() { + *x = GetUserPolicyRequest{} + mi := &file_iam_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GetUserPolicyRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetUserPolicyRequest) ProtoMessage() {} + +func (x *GetUserPolicyRequest) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[24] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetUserPolicyRequest.ProtoReflect.Descriptor instead. +func (*GetUserPolicyRequest) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{24} +} + +func (x *GetUserPolicyRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *GetUserPolicyRequest) GetPolicyName() string { + if x != nil { + return x.PolicyName + } + return "" +} + +type GetUserPolicyResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + PolicyName string `protobuf:"bytes,2,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` + PolicyDocument string `protobuf:"bytes,3,opt,name=policy_document,json=policyDocument,proto3" json:"policy_document,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *GetUserPolicyResponse) Reset() { + *x = GetUserPolicyResponse{} + mi := &file_iam_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GetUserPolicyResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GetUserPolicyResponse) ProtoMessage() {} + +func (x *GetUserPolicyResponse) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[25] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GetUserPolicyResponse.ProtoReflect.Descriptor instead. +func (*GetUserPolicyResponse) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{25} +} + +func (x *GetUserPolicyResponse) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *GetUserPolicyResponse) GetPolicyName() string { + if x != nil { + return x.PolicyName + } + return "" +} + +func (x *GetUserPolicyResponse) GetPolicyDocument() string { + if x != nil { + return x.PolicyDocument + } + return "" +} + +type DeleteUserPolicyRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + PolicyName string `protobuf:"bytes,2,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteUserPolicyRequest) Reset() { + *x = DeleteUserPolicyRequest{} + mi := &file_iam_proto_msgTypes[26] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteUserPolicyRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteUserPolicyRequest) ProtoMessage() {} + +func (x *DeleteUserPolicyRequest) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[26] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteUserPolicyRequest.ProtoReflect.Descriptor instead. +func (*DeleteUserPolicyRequest) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{26} +} + +func (x *DeleteUserPolicyRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *DeleteUserPolicyRequest) GetPolicyName() string { + if x != nil { + return x.PolicyName + } + return "" +} + +type DeleteUserPolicyResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteUserPolicyResponse) Reset() { + *x = DeleteUserPolicyResponse{} + mi := &file_iam_proto_msgTypes[27] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteUserPolicyResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteUserPolicyResponse) ProtoMessage() {} + +func (x *DeleteUserPolicyResponse) ProtoReflect() protoreflect.Message { + mi := &file_iam_proto_msgTypes[27] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteUserPolicyResponse.ProtoReflect.Descriptor instead. +func (*DeleteUserPolicyResponse) Descriptor() ([]byte, []int) { + return file_iam_proto_rawDescGZIP(), []int{27} +} + type S3ApiConfiguration struct { state protoimpl.MessageState `protogen:"open.v1"` Identities []*Identity `protobuf:"bytes,1,rep,name=identities,proto3" json:"identities,omitempty"` @@ -873,7 +1258,7 @@ type S3ApiConfiguration struct { func (x *S3ApiConfiguration) Reset() { *x = S3ApiConfiguration{} - mi := &file_iam_proto_msgTypes[20] + mi := &file_iam_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -885,7 +1270,7 @@ func (x *S3ApiConfiguration) String() string { func (*S3ApiConfiguration) ProtoMessage() {} func (x *S3ApiConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[20] + mi := &file_iam_proto_msgTypes[28] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -898,7 +1283,7 @@ func (x *S3ApiConfiguration) ProtoReflect() protoreflect.Message { // Deprecated: Use S3ApiConfiguration.ProtoReflect.Descriptor instead. func (*S3ApiConfiguration) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{20} + return file_iam_proto_rawDescGZIP(), []int{28} } func (x *S3ApiConfiguration) GetIdentities() []*Identity { @@ -944,7 +1329,7 @@ type Identity struct { func (x *Identity) Reset() { *x = Identity{} - mi := &file_iam_proto_msgTypes[21] + mi := &file_iam_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -956,7 +1341,7 @@ func (x *Identity) String() string { func (*Identity) ProtoMessage() {} func (x *Identity) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[21] + mi := &file_iam_proto_msgTypes[29] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -969,7 +1354,7 @@ func (x *Identity) ProtoReflect() protoreflect.Message { // Deprecated: Use Identity.ProtoReflect.Descriptor instead. func (*Identity) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{21} + return file_iam_proto_rawDescGZIP(), []int{29} } func (x *Identity) GetName() string { @@ -1032,7 +1417,7 @@ type Credential struct { func (x *Credential) Reset() { *x = Credential{} - mi := &file_iam_proto_msgTypes[22] + mi := &file_iam_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1044,7 +1429,7 @@ func (x *Credential) String() string { func (*Credential) ProtoMessage() {} func (x *Credential) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[22] + mi := &file_iam_proto_msgTypes[30] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1057,7 +1442,7 @@ func (x *Credential) ProtoReflect() protoreflect.Message { // Deprecated: Use Credential.ProtoReflect.Descriptor instead. func (*Credential) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{22} + return file_iam_proto_rawDescGZIP(), []int{30} } func (x *Credential) GetAccessKey() string { @@ -1092,7 +1477,7 @@ type Account struct { func (x *Account) Reset() { *x = Account{} - mi := &file_iam_proto_msgTypes[23] + mi := &file_iam_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1104,7 +1489,7 @@ func (x *Account) String() string { func (*Account) ProtoMessage() {} func (x *Account) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[23] + mi := &file_iam_proto_msgTypes[31] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1117,7 +1502,7 @@ func (x *Account) ProtoReflect() protoreflect.Message { // Deprecated: Use Account.ProtoReflect.Descriptor instead. func (*Account) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{23} + return file_iam_proto_rawDescGZIP(), []int{31} } func (x *Account) GetId() string { @@ -1160,7 +1545,7 @@ type ServiceAccount struct { func (x *ServiceAccount) Reset() { *x = ServiceAccount{} - mi := &file_iam_proto_msgTypes[24] + mi := &file_iam_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1172,7 +1557,7 @@ func (x *ServiceAccount) String() string { func (*ServiceAccount) ProtoMessage() {} func (x *ServiceAccount) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[24] + mi := &file_iam_proto_msgTypes[32] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1185,7 +1570,7 @@ func (x *ServiceAccount) ProtoReflect() protoreflect.Message { // Deprecated: Use ServiceAccount.ProtoReflect.Descriptor instead. func (*ServiceAccount) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{24} + return file_iam_proto_rawDescGZIP(), []int{32} } func (x *ServiceAccount) GetId() string { @@ -1261,7 +1646,7 @@ type PutPolicyRequest struct { func (x *PutPolicyRequest) Reset() { *x = PutPolicyRequest{} - mi := &file_iam_proto_msgTypes[25] + mi := &file_iam_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1273,7 +1658,7 @@ func (x *PutPolicyRequest) String() string { func (*PutPolicyRequest) ProtoMessage() {} func (x *PutPolicyRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[25] + mi := &file_iam_proto_msgTypes[33] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1286,7 +1671,7 @@ func (x *PutPolicyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use PutPolicyRequest.ProtoReflect.Descriptor instead. func (*PutPolicyRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{25} + return file_iam_proto_rawDescGZIP(), []int{33} } func (x *PutPolicyRequest) GetName() string { @@ -1311,7 +1696,7 @@ type PutPolicyResponse struct { func (x *PutPolicyResponse) Reset() { *x = PutPolicyResponse{} - mi := &file_iam_proto_msgTypes[26] + mi := &file_iam_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1323,7 +1708,7 @@ func (x *PutPolicyResponse) String() string { func (*PutPolicyResponse) ProtoMessage() {} func (x *PutPolicyResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[26] + mi := &file_iam_proto_msgTypes[34] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1336,7 +1721,7 @@ func (x *PutPolicyResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use PutPolicyResponse.ProtoReflect.Descriptor instead. func (*PutPolicyResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{26} + return file_iam_proto_rawDescGZIP(), []int{34} } type GetPolicyRequest struct { @@ -1348,7 +1733,7 @@ type GetPolicyRequest struct { func (x *GetPolicyRequest) Reset() { *x = GetPolicyRequest{} - mi := &file_iam_proto_msgTypes[27] + mi := &file_iam_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1360,7 +1745,7 @@ func (x *GetPolicyRequest) String() string { func (*GetPolicyRequest) ProtoMessage() {} func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[27] + mi := &file_iam_proto_msgTypes[35] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1373,7 +1758,7 @@ func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead. func (*GetPolicyRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{27} + return file_iam_proto_rawDescGZIP(), []int{35} } func (x *GetPolicyRequest) GetName() string { @@ -1393,7 +1778,7 @@ type GetPolicyResponse struct { func (x *GetPolicyResponse) Reset() { *x = GetPolicyResponse{} - mi := &file_iam_proto_msgTypes[28] + mi := &file_iam_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1405,7 +1790,7 @@ func (x *GetPolicyResponse) String() string { func (*GetPolicyResponse) ProtoMessage() {} func (x *GetPolicyResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[28] + mi := &file_iam_proto_msgTypes[36] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1418,7 +1803,7 @@ func (x *GetPolicyResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetPolicyResponse.ProtoReflect.Descriptor instead. func (*GetPolicyResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{28} + return file_iam_proto_rawDescGZIP(), []int{36} } func (x *GetPolicyResponse) GetName() string { @@ -1443,7 +1828,7 @@ type ListPoliciesRequest struct { func (x *ListPoliciesRequest) Reset() { *x = ListPoliciesRequest{} - mi := &file_iam_proto_msgTypes[29] + mi := &file_iam_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1455,7 +1840,7 @@ func (x *ListPoliciesRequest) String() string { func (*ListPoliciesRequest) ProtoMessage() {} func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[29] + mi := &file_iam_proto_msgTypes[37] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1468,7 +1853,7 @@ func (x *ListPoliciesRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ListPoliciesRequest.ProtoReflect.Descriptor instead. func (*ListPoliciesRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{29} + return file_iam_proto_rawDescGZIP(), []int{37} } type ListPoliciesResponse struct { @@ -1480,7 +1865,7 @@ type ListPoliciesResponse struct { func (x *ListPoliciesResponse) Reset() { *x = ListPoliciesResponse{} - mi := &file_iam_proto_msgTypes[30] + mi := &file_iam_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1492,7 +1877,7 @@ func (x *ListPoliciesResponse) String() string { func (*ListPoliciesResponse) ProtoMessage() {} func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[30] + mi := &file_iam_proto_msgTypes[38] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1505,7 +1890,7 @@ func (x *ListPoliciesResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ListPoliciesResponse.ProtoReflect.Descriptor instead. func (*ListPoliciesResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{30} + return file_iam_proto_rawDescGZIP(), []int{38} } func (x *ListPoliciesResponse) GetPolicies() []*Policy { @@ -1524,7 +1909,7 @@ type DeletePolicyRequest struct { func (x *DeletePolicyRequest) Reset() { *x = DeletePolicyRequest{} - mi := &file_iam_proto_msgTypes[31] + mi := &file_iam_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1536,7 +1921,7 @@ func (x *DeletePolicyRequest) String() string { func (*DeletePolicyRequest) ProtoMessage() {} func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[31] + mi := &file_iam_proto_msgTypes[39] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1549,7 +1934,7 @@ func (x *DeletePolicyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeletePolicyRequest.ProtoReflect.Descriptor instead. func (*DeletePolicyRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{31} + return file_iam_proto_rawDescGZIP(), []int{39} } func (x *DeletePolicyRequest) GetName() string { @@ -1567,7 +1952,7 @@ type DeletePolicyResponse struct { func (x *DeletePolicyResponse) Reset() { *x = DeletePolicyResponse{} - mi := &file_iam_proto_msgTypes[32] + mi := &file_iam_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1579,7 +1964,7 @@ func (x *DeletePolicyResponse) String() string { func (*DeletePolicyResponse) ProtoMessage() {} func (x *DeletePolicyResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[32] + mi := &file_iam_proto_msgTypes[40] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1592,7 +1977,7 @@ func (x *DeletePolicyResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use DeletePolicyResponse.ProtoReflect.Descriptor instead. func (*DeletePolicyResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{32} + return file_iam_proto_rawDescGZIP(), []int{40} } type Policy struct { @@ -1605,7 +1990,7 @@ type Policy struct { func (x *Policy) Reset() { *x = Policy{} - mi := &file_iam_proto_msgTypes[33] + mi := &file_iam_proto_msgTypes[41] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1617,7 +2002,7 @@ func (x *Policy) String() string { func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[33] + mi := &file_iam_proto_msgTypes[41] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1630,7 +2015,7 @@ func (x *Policy) ProtoReflect() protoreflect.Message { // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{33} + return file_iam_proto_rawDescGZIP(), []int{41} } func (x *Policy) GetName() string { @@ -1656,7 +2041,7 @@ type CreateServiceAccountRequest struct { func (x *CreateServiceAccountRequest) Reset() { *x = CreateServiceAccountRequest{} - mi := &file_iam_proto_msgTypes[34] + mi := &file_iam_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1668,7 +2053,7 @@ func (x *CreateServiceAccountRequest) String() string { func (*CreateServiceAccountRequest) ProtoMessage() {} func (x *CreateServiceAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[34] + mi := &file_iam_proto_msgTypes[42] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1681,7 +2066,7 @@ func (x *CreateServiceAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateServiceAccountRequest.ProtoReflect.Descriptor instead. func (*CreateServiceAccountRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{34} + return file_iam_proto_rawDescGZIP(), []int{42} } func (x *CreateServiceAccountRequest) GetServiceAccount() *ServiceAccount { @@ -1699,7 +2084,7 @@ type CreateServiceAccountResponse struct { func (x *CreateServiceAccountResponse) Reset() { *x = CreateServiceAccountResponse{} - mi := &file_iam_proto_msgTypes[35] + mi := &file_iam_proto_msgTypes[43] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1711,7 +2096,7 @@ func (x *CreateServiceAccountResponse) String() string { func (*CreateServiceAccountResponse) ProtoMessage() {} func (x *CreateServiceAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[35] + mi := &file_iam_proto_msgTypes[43] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1724,7 +2109,7 @@ func (x *CreateServiceAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateServiceAccountResponse.ProtoReflect.Descriptor instead. func (*CreateServiceAccountResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{35} + return file_iam_proto_rawDescGZIP(), []int{43} } type UpdateServiceAccountRequest struct { @@ -1737,7 +2122,7 @@ type UpdateServiceAccountRequest struct { func (x *UpdateServiceAccountRequest) Reset() { *x = UpdateServiceAccountRequest{} - mi := &file_iam_proto_msgTypes[36] + mi := &file_iam_proto_msgTypes[44] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1749,7 +2134,7 @@ func (x *UpdateServiceAccountRequest) String() string { func (*UpdateServiceAccountRequest) ProtoMessage() {} func (x *UpdateServiceAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[36] + mi := &file_iam_proto_msgTypes[44] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1762,7 +2147,7 @@ func (x *UpdateServiceAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateServiceAccountRequest.ProtoReflect.Descriptor instead. func (*UpdateServiceAccountRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{36} + return file_iam_proto_rawDescGZIP(), []int{44} } func (x *UpdateServiceAccountRequest) GetId() string { @@ -1787,7 +2172,7 @@ type UpdateServiceAccountResponse struct { func (x *UpdateServiceAccountResponse) Reset() { *x = UpdateServiceAccountResponse{} - mi := &file_iam_proto_msgTypes[37] + mi := &file_iam_proto_msgTypes[45] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1799,7 +2184,7 @@ func (x *UpdateServiceAccountResponse) String() string { func (*UpdateServiceAccountResponse) ProtoMessage() {} func (x *UpdateServiceAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[37] + mi := &file_iam_proto_msgTypes[45] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1812,7 +2197,7 @@ func (x *UpdateServiceAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UpdateServiceAccountResponse.ProtoReflect.Descriptor instead. func (*UpdateServiceAccountResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{37} + return file_iam_proto_rawDescGZIP(), []int{45} } type DeleteServiceAccountRequest struct { @@ -1824,7 +2209,7 @@ type DeleteServiceAccountRequest struct { func (x *DeleteServiceAccountRequest) Reset() { *x = DeleteServiceAccountRequest{} - mi := &file_iam_proto_msgTypes[38] + mi := &file_iam_proto_msgTypes[46] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1836,7 +2221,7 @@ func (x *DeleteServiceAccountRequest) String() string { func (*DeleteServiceAccountRequest) ProtoMessage() {} func (x *DeleteServiceAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[38] + mi := &file_iam_proto_msgTypes[46] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1849,7 +2234,7 @@ func (x *DeleteServiceAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteServiceAccountRequest.ProtoReflect.Descriptor instead. func (*DeleteServiceAccountRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{38} + return file_iam_proto_rawDescGZIP(), []int{46} } func (x *DeleteServiceAccountRequest) GetId() string { @@ -1867,7 +2252,7 @@ type DeleteServiceAccountResponse struct { func (x *DeleteServiceAccountResponse) Reset() { *x = DeleteServiceAccountResponse{} - mi := &file_iam_proto_msgTypes[39] + mi := &file_iam_proto_msgTypes[47] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1879,7 +2264,7 @@ func (x *DeleteServiceAccountResponse) String() string { func (*DeleteServiceAccountResponse) ProtoMessage() {} func (x *DeleteServiceAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[39] + mi := &file_iam_proto_msgTypes[47] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1892,7 +2277,7 @@ func (x *DeleteServiceAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteServiceAccountResponse.ProtoReflect.Descriptor instead. func (*DeleteServiceAccountResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{39} + return file_iam_proto_rawDescGZIP(), []int{47} } type GetServiceAccountRequest struct { @@ -1904,7 +2289,7 @@ type GetServiceAccountRequest struct { func (x *GetServiceAccountRequest) Reset() { *x = GetServiceAccountRequest{} - mi := &file_iam_proto_msgTypes[40] + mi := &file_iam_proto_msgTypes[48] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1916,7 +2301,7 @@ func (x *GetServiceAccountRequest) String() string { func (*GetServiceAccountRequest) ProtoMessage() {} func (x *GetServiceAccountRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[40] + mi := &file_iam_proto_msgTypes[48] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1929,7 +2314,7 @@ func (x *GetServiceAccountRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GetServiceAccountRequest.ProtoReflect.Descriptor instead. func (*GetServiceAccountRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{40} + return file_iam_proto_rawDescGZIP(), []int{48} } func (x *GetServiceAccountRequest) GetId() string { @@ -1948,7 +2333,7 @@ type GetServiceAccountResponse struct { func (x *GetServiceAccountResponse) Reset() { *x = GetServiceAccountResponse{} - mi := &file_iam_proto_msgTypes[41] + mi := &file_iam_proto_msgTypes[49] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1960,7 +2345,7 @@ func (x *GetServiceAccountResponse) String() string { func (*GetServiceAccountResponse) ProtoMessage() {} func (x *GetServiceAccountResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[41] + mi := &file_iam_proto_msgTypes[49] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1973,7 +2358,7 @@ func (x *GetServiceAccountResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GetServiceAccountResponse.ProtoReflect.Descriptor instead. func (*GetServiceAccountResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{41} + return file_iam_proto_rawDescGZIP(), []int{49} } func (x *GetServiceAccountResponse) GetServiceAccount() *ServiceAccount { @@ -1991,7 +2376,7 @@ type ListServiceAccountsRequest struct { func (x *ListServiceAccountsRequest) Reset() { *x = ListServiceAccountsRequest{} - mi := &file_iam_proto_msgTypes[42] + mi := &file_iam_proto_msgTypes[50] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2003,7 +2388,7 @@ func (x *ListServiceAccountsRequest) String() string { func (*ListServiceAccountsRequest) ProtoMessage() {} func (x *ListServiceAccountsRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[42] + mi := &file_iam_proto_msgTypes[50] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2016,7 +2401,7 @@ func (x *ListServiceAccountsRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ListServiceAccountsRequest.ProtoReflect.Descriptor instead. func (*ListServiceAccountsRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{42} + return file_iam_proto_rawDescGZIP(), []int{50} } type ListServiceAccountsResponse struct { @@ -2028,7 +2413,7 @@ type ListServiceAccountsResponse struct { func (x *ListServiceAccountsResponse) Reset() { *x = ListServiceAccountsResponse{} - mi := &file_iam_proto_msgTypes[43] + mi := &file_iam_proto_msgTypes[51] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2040,7 +2425,7 @@ func (x *ListServiceAccountsResponse) String() string { func (*ListServiceAccountsResponse) ProtoMessage() {} func (x *ListServiceAccountsResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[43] + mi := &file_iam_proto_msgTypes[51] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2053,7 +2438,7 @@ func (x *ListServiceAccountsResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use ListServiceAccountsResponse.ProtoReflect.Descriptor instead. func (*ListServiceAccountsResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{43} + return file_iam_proto_rawDescGZIP(), []int{51} } func (x *ListServiceAccountsResponse) GetServiceAccounts() []*ServiceAccount { @@ -2072,7 +2457,7 @@ type GetServiceAccountByAccessKeyRequest struct { func (x *GetServiceAccountByAccessKeyRequest) Reset() { *x = GetServiceAccountByAccessKeyRequest{} - mi := &file_iam_proto_msgTypes[44] + mi := &file_iam_proto_msgTypes[52] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2084,7 +2469,7 @@ func (x *GetServiceAccountByAccessKeyRequest) String() string { func (*GetServiceAccountByAccessKeyRequest) ProtoMessage() {} func (x *GetServiceAccountByAccessKeyRequest) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[44] + mi := &file_iam_proto_msgTypes[52] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2097,7 +2482,7 @@ func (x *GetServiceAccountByAccessKeyRequest) ProtoReflect() protoreflect.Messag // Deprecated: Use GetServiceAccountByAccessKeyRequest.ProtoReflect.Descriptor instead. func (*GetServiceAccountByAccessKeyRequest) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{44} + return file_iam_proto_rawDescGZIP(), []int{52} } func (x *GetServiceAccountByAccessKeyRequest) GetAccessKey() string { @@ -2116,7 +2501,7 @@ type GetServiceAccountByAccessKeyResponse struct { func (x *GetServiceAccountByAccessKeyResponse) Reset() { *x = GetServiceAccountByAccessKeyResponse{} - mi := &file_iam_proto_msgTypes[45] + mi := &file_iam_proto_msgTypes[53] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2128,7 +2513,7 @@ func (x *GetServiceAccountByAccessKeyResponse) String() string { func (*GetServiceAccountByAccessKeyResponse) ProtoMessage() {} func (x *GetServiceAccountByAccessKeyResponse) ProtoReflect() protoreflect.Message { - mi := &file_iam_proto_msgTypes[45] + mi := &file_iam_proto_msgTypes[53] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2141,7 +2526,7 @@ func (x *GetServiceAccountByAccessKeyResponse) ProtoReflect() protoreflect.Messa // Deprecated: Use GetServiceAccountByAccessKeyResponse.ProtoReflect.Descriptor instead. func (*GetServiceAccountByAccessKeyResponse) Descriptor() ([]byte, []int) { - return file_iam_proto_rawDescGZIP(), []int{45} + return file_iam_proto_rawDescGZIP(), []int{53} } func (x *GetServiceAccountByAccessKeyResponse) GetServiceAccount() *ServiceAccount { @@ -2194,7 +2579,32 @@ const file_iam_proto_rawDesc = "" + "\n" + "access_key\x18\x01 \x01(\tR\taccessKey\"J\n" + "\x1aGetUserByAccessKeyResponse\x12,\n" + - "\bidentity\x18\x01 \x01(\v2\x10.iam_pb.IdentityR\bidentity\"\xe2\x01\n" + + "\bidentity\x18\x01 \x01(\v2\x10.iam_pb.IdentityR\bidentity\"3\n" + + "\x15ListAccessKeysRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\"M\n" + + "\x16ListAccessKeysResponse\x123\n" + + "\vaccess_keys\x18\x01 \x03(\v2\x12.iam_pb.CredentialR\n" + + "accessKeys\"|\n" + + "\x14PutUserPolicyRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1f\n" + + "\vpolicy_name\x18\x02 \x01(\tR\n" + + "policyName\x12'\n" + + "\x0fpolicy_document\x18\x03 \x01(\tR\x0epolicyDocument\"\x17\n" + + "\x15PutUserPolicyResponse\"S\n" + + "\x14GetUserPolicyRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1f\n" + + "\vpolicy_name\x18\x02 \x01(\tR\n" + + "policyName\"}\n" + + "\x15GetUserPolicyResponse\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1f\n" + + "\vpolicy_name\x18\x02 \x01(\tR\n" + + "policyName\x12'\n" + + "\x0fpolicy_document\x18\x03 \x01(\tR\x0epolicyDocument\"V\n" + + "\x17DeleteUserPolicyRequest\x12\x1a\n" + + "\busername\x18\x01 \x01(\tR\busername\x12\x1f\n" + + "\vpolicy_name\x18\x02 \x01(\tR\n" + + "policyName\"\x1a\n" + + "\x18DeleteUserPolicyResponse\"\xe2\x01\n" + "\x12S3ApiConfiguration\x120\n" + "\n" + "identities\x18\x01 \x03(\v2\x10.iam_pb.IdentityR\n" + @@ -2316,7 +2726,7 @@ func file_iam_proto_rawDescGZIP() []byte { return file_iam_proto_rawDescData } -var file_iam_proto_msgTypes = make([]protoimpl.MessageInfo, 46) +var file_iam_proto_msgTypes = make([]protoimpl.MessageInfo, 54) var file_iam_proto_goTypes = []any{ (*GetConfigurationRequest)(nil), // 0: iam_pb.GetConfigurationRequest (*GetConfigurationResponse)(nil), // 1: iam_pb.GetConfigurationResponse @@ -2338,99 +2748,108 @@ var file_iam_proto_goTypes = []any{ (*DeleteAccessKeyResponse)(nil), // 17: iam_pb.DeleteAccessKeyResponse (*GetUserByAccessKeyRequest)(nil), // 18: iam_pb.GetUserByAccessKeyRequest (*GetUserByAccessKeyResponse)(nil), // 19: iam_pb.GetUserByAccessKeyResponse - (*S3ApiConfiguration)(nil), // 20: iam_pb.S3ApiConfiguration - (*Identity)(nil), // 21: iam_pb.Identity - (*Credential)(nil), // 22: iam_pb.Credential - (*Account)(nil), // 23: iam_pb.Account - (*ServiceAccount)(nil), // 24: iam_pb.ServiceAccount - (*PutPolicyRequest)(nil), // 25: iam_pb.PutPolicyRequest - (*PutPolicyResponse)(nil), // 26: iam_pb.PutPolicyResponse - (*GetPolicyRequest)(nil), // 27: iam_pb.GetPolicyRequest - (*GetPolicyResponse)(nil), // 28: iam_pb.GetPolicyResponse - (*ListPoliciesRequest)(nil), // 29: iam_pb.ListPoliciesRequest - (*ListPoliciesResponse)(nil), // 30: iam_pb.ListPoliciesResponse - (*DeletePolicyRequest)(nil), // 31: iam_pb.DeletePolicyRequest - (*DeletePolicyResponse)(nil), // 32: iam_pb.DeletePolicyResponse - (*Policy)(nil), // 33: iam_pb.Policy - (*CreateServiceAccountRequest)(nil), // 34: iam_pb.CreateServiceAccountRequest - (*CreateServiceAccountResponse)(nil), // 35: iam_pb.CreateServiceAccountResponse - (*UpdateServiceAccountRequest)(nil), // 36: iam_pb.UpdateServiceAccountRequest - (*UpdateServiceAccountResponse)(nil), // 37: iam_pb.UpdateServiceAccountResponse - (*DeleteServiceAccountRequest)(nil), // 38: iam_pb.DeleteServiceAccountRequest - (*DeleteServiceAccountResponse)(nil), // 39: iam_pb.DeleteServiceAccountResponse - (*GetServiceAccountRequest)(nil), // 40: iam_pb.GetServiceAccountRequest - (*GetServiceAccountResponse)(nil), // 41: iam_pb.GetServiceAccountResponse - (*ListServiceAccountsRequest)(nil), // 42: iam_pb.ListServiceAccountsRequest - (*ListServiceAccountsResponse)(nil), // 43: iam_pb.ListServiceAccountsResponse - (*GetServiceAccountByAccessKeyRequest)(nil), // 44: iam_pb.GetServiceAccountByAccessKeyRequest - (*GetServiceAccountByAccessKeyResponse)(nil), // 45: iam_pb.GetServiceAccountByAccessKeyResponse + (*ListAccessKeysRequest)(nil), // 20: iam_pb.ListAccessKeysRequest + (*ListAccessKeysResponse)(nil), // 21: iam_pb.ListAccessKeysResponse + (*PutUserPolicyRequest)(nil), // 22: iam_pb.PutUserPolicyRequest + (*PutUserPolicyResponse)(nil), // 23: iam_pb.PutUserPolicyResponse + (*GetUserPolicyRequest)(nil), // 24: iam_pb.GetUserPolicyRequest + (*GetUserPolicyResponse)(nil), // 25: iam_pb.GetUserPolicyResponse + (*DeleteUserPolicyRequest)(nil), // 26: iam_pb.DeleteUserPolicyRequest + (*DeleteUserPolicyResponse)(nil), // 27: iam_pb.DeleteUserPolicyResponse + (*S3ApiConfiguration)(nil), // 28: iam_pb.S3ApiConfiguration + (*Identity)(nil), // 29: iam_pb.Identity + (*Credential)(nil), // 30: iam_pb.Credential + (*Account)(nil), // 31: iam_pb.Account + (*ServiceAccount)(nil), // 32: iam_pb.ServiceAccount + (*PutPolicyRequest)(nil), // 33: iam_pb.PutPolicyRequest + (*PutPolicyResponse)(nil), // 34: iam_pb.PutPolicyResponse + (*GetPolicyRequest)(nil), // 35: iam_pb.GetPolicyRequest + (*GetPolicyResponse)(nil), // 36: iam_pb.GetPolicyResponse + (*ListPoliciesRequest)(nil), // 37: iam_pb.ListPoliciesRequest + (*ListPoliciesResponse)(nil), // 38: iam_pb.ListPoliciesResponse + (*DeletePolicyRequest)(nil), // 39: iam_pb.DeletePolicyRequest + (*DeletePolicyResponse)(nil), // 40: iam_pb.DeletePolicyResponse + (*Policy)(nil), // 41: iam_pb.Policy + (*CreateServiceAccountRequest)(nil), // 42: iam_pb.CreateServiceAccountRequest + (*CreateServiceAccountResponse)(nil), // 43: iam_pb.CreateServiceAccountResponse + (*UpdateServiceAccountRequest)(nil), // 44: iam_pb.UpdateServiceAccountRequest + (*UpdateServiceAccountResponse)(nil), // 45: iam_pb.UpdateServiceAccountResponse + (*DeleteServiceAccountRequest)(nil), // 46: iam_pb.DeleteServiceAccountRequest + (*DeleteServiceAccountResponse)(nil), // 47: iam_pb.DeleteServiceAccountResponse + (*GetServiceAccountRequest)(nil), // 48: iam_pb.GetServiceAccountRequest + (*GetServiceAccountResponse)(nil), // 49: iam_pb.GetServiceAccountResponse + (*ListServiceAccountsRequest)(nil), // 50: iam_pb.ListServiceAccountsRequest + (*ListServiceAccountsResponse)(nil), // 51: iam_pb.ListServiceAccountsResponse + (*GetServiceAccountByAccessKeyRequest)(nil), // 52: iam_pb.GetServiceAccountByAccessKeyRequest + (*GetServiceAccountByAccessKeyResponse)(nil), // 53: iam_pb.GetServiceAccountByAccessKeyResponse } var file_iam_proto_depIdxs = []int32{ - 20, // 0: iam_pb.GetConfigurationResponse.configuration:type_name -> iam_pb.S3ApiConfiguration - 20, // 1: iam_pb.PutConfigurationRequest.configuration:type_name -> iam_pb.S3ApiConfiguration - 21, // 2: iam_pb.CreateUserRequest.identity:type_name -> iam_pb.Identity - 21, // 3: iam_pb.GetUserResponse.identity:type_name -> iam_pb.Identity - 21, // 4: iam_pb.UpdateUserRequest.identity:type_name -> iam_pb.Identity - 22, // 5: iam_pb.CreateAccessKeyRequest.credential:type_name -> iam_pb.Credential - 21, // 6: iam_pb.GetUserByAccessKeyResponse.identity:type_name -> iam_pb.Identity - 21, // 7: iam_pb.S3ApiConfiguration.identities:type_name -> iam_pb.Identity - 23, // 8: iam_pb.S3ApiConfiguration.accounts:type_name -> iam_pb.Account - 24, // 9: iam_pb.S3ApiConfiguration.service_accounts:type_name -> iam_pb.ServiceAccount - 33, // 10: iam_pb.S3ApiConfiguration.policies:type_name -> iam_pb.Policy - 22, // 11: iam_pb.Identity.credentials:type_name -> iam_pb.Credential - 23, // 12: iam_pb.Identity.account:type_name -> iam_pb.Account - 22, // 13: iam_pb.ServiceAccount.credential:type_name -> iam_pb.Credential - 33, // 14: iam_pb.ListPoliciesResponse.policies:type_name -> iam_pb.Policy - 24, // 15: iam_pb.CreateServiceAccountRequest.service_account:type_name -> iam_pb.ServiceAccount - 24, // 16: iam_pb.UpdateServiceAccountRequest.service_account:type_name -> iam_pb.ServiceAccount - 24, // 17: iam_pb.GetServiceAccountResponse.service_account:type_name -> iam_pb.ServiceAccount - 24, // 18: iam_pb.ListServiceAccountsResponse.service_accounts:type_name -> iam_pb.ServiceAccount - 24, // 19: iam_pb.GetServiceAccountByAccessKeyResponse.service_account:type_name -> iam_pb.ServiceAccount - 0, // 20: iam_pb.SeaweedIdentityAccessManagement.GetConfiguration:input_type -> iam_pb.GetConfigurationRequest - 2, // 21: iam_pb.SeaweedIdentityAccessManagement.PutConfiguration:input_type -> iam_pb.PutConfigurationRequest - 4, // 22: iam_pb.SeaweedIdentityAccessManagement.CreateUser:input_type -> iam_pb.CreateUserRequest - 6, // 23: iam_pb.SeaweedIdentityAccessManagement.GetUser:input_type -> iam_pb.GetUserRequest - 8, // 24: iam_pb.SeaweedIdentityAccessManagement.UpdateUser:input_type -> iam_pb.UpdateUserRequest - 10, // 25: iam_pb.SeaweedIdentityAccessManagement.DeleteUser:input_type -> iam_pb.DeleteUserRequest - 12, // 26: iam_pb.SeaweedIdentityAccessManagement.ListUsers:input_type -> iam_pb.ListUsersRequest - 14, // 27: iam_pb.SeaweedIdentityAccessManagement.CreateAccessKey:input_type -> iam_pb.CreateAccessKeyRequest - 16, // 28: iam_pb.SeaweedIdentityAccessManagement.DeleteAccessKey:input_type -> iam_pb.DeleteAccessKeyRequest - 18, // 29: iam_pb.SeaweedIdentityAccessManagement.GetUserByAccessKey:input_type -> iam_pb.GetUserByAccessKeyRequest - 25, // 30: iam_pb.SeaweedIdentityAccessManagement.PutPolicy:input_type -> iam_pb.PutPolicyRequest - 27, // 31: iam_pb.SeaweedIdentityAccessManagement.GetPolicy:input_type -> iam_pb.GetPolicyRequest - 29, // 32: iam_pb.SeaweedIdentityAccessManagement.ListPolicies:input_type -> iam_pb.ListPoliciesRequest - 31, // 33: iam_pb.SeaweedIdentityAccessManagement.DeletePolicy:input_type -> iam_pb.DeletePolicyRequest - 34, // 34: iam_pb.SeaweedIdentityAccessManagement.CreateServiceAccount:input_type -> iam_pb.CreateServiceAccountRequest - 36, // 35: iam_pb.SeaweedIdentityAccessManagement.UpdateServiceAccount:input_type -> iam_pb.UpdateServiceAccountRequest - 38, // 36: iam_pb.SeaweedIdentityAccessManagement.DeleteServiceAccount:input_type -> iam_pb.DeleteServiceAccountRequest - 40, // 37: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccount:input_type -> iam_pb.GetServiceAccountRequest - 42, // 38: iam_pb.SeaweedIdentityAccessManagement.ListServiceAccounts:input_type -> iam_pb.ListServiceAccountsRequest - 44, // 39: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccountByAccessKey:input_type -> iam_pb.GetServiceAccountByAccessKeyRequest - 1, // 40: iam_pb.SeaweedIdentityAccessManagement.GetConfiguration:output_type -> iam_pb.GetConfigurationResponse - 3, // 41: iam_pb.SeaweedIdentityAccessManagement.PutConfiguration:output_type -> iam_pb.PutConfigurationResponse - 5, // 42: iam_pb.SeaweedIdentityAccessManagement.CreateUser:output_type -> iam_pb.CreateUserResponse - 7, // 43: iam_pb.SeaweedIdentityAccessManagement.GetUser:output_type -> iam_pb.GetUserResponse - 9, // 44: iam_pb.SeaweedIdentityAccessManagement.UpdateUser:output_type -> iam_pb.UpdateUserResponse - 11, // 45: iam_pb.SeaweedIdentityAccessManagement.DeleteUser:output_type -> iam_pb.DeleteUserResponse - 13, // 46: iam_pb.SeaweedIdentityAccessManagement.ListUsers:output_type -> iam_pb.ListUsersResponse - 15, // 47: iam_pb.SeaweedIdentityAccessManagement.CreateAccessKey:output_type -> iam_pb.CreateAccessKeyResponse - 17, // 48: iam_pb.SeaweedIdentityAccessManagement.DeleteAccessKey:output_type -> iam_pb.DeleteAccessKeyResponse - 19, // 49: iam_pb.SeaweedIdentityAccessManagement.GetUserByAccessKey:output_type -> iam_pb.GetUserByAccessKeyResponse - 26, // 50: iam_pb.SeaweedIdentityAccessManagement.PutPolicy:output_type -> iam_pb.PutPolicyResponse - 28, // 51: iam_pb.SeaweedIdentityAccessManagement.GetPolicy:output_type -> iam_pb.GetPolicyResponse - 30, // 52: iam_pb.SeaweedIdentityAccessManagement.ListPolicies:output_type -> iam_pb.ListPoliciesResponse - 32, // 53: iam_pb.SeaweedIdentityAccessManagement.DeletePolicy:output_type -> iam_pb.DeletePolicyResponse - 35, // 54: iam_pb.SeaweedIdentityAccessManagement.CreateServiceAccount:output_type -> iam_pb.CreateServiceAccountResponse - 37, // 55: iam_pb.SeaweedIdentityAccessManagement.UpdateServiceAccount:output_type -> iam_pb.UpdateServiceAccountResponse - 39, // 56: iam_pb.SeaweedIdentityAccessManagement.DeleteServiceAccount:output_type -> iam_pb.DeleteServiceAccountResponse - 41, // 57: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccount:output_type -> iam_pb.GetServiceAccountResponse - 43, // 58: iam_pb.SeaweedIdentityAccessManagement.ListServiceAccounts:output_type -> iam_pb.ListServiceAccountsResponse - 45, // 59: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccountByAccessKey:output_type -> iam_pb.GetServiceAccountByAccessKeyResponse - 40, // [40:60] is the sub-list for method output_type - 20, // [20:40] is the sub-list for method input_type - 20, // [20:20] is the sub-list for extension type_name - 20, // [20:20] is the sub-list for extension extendee - 0, // [0:20] is the sub-list for field type_name + 28, // 0: iam_pb.GetConfigurationResponse.configuration:type_name -> iam_pb.S3ApiConfiguration + 28, // 1: iam_pb.PutConfigurationRequest.configuration:type_name -> iam_pb.S3ApiConfiguration + 29, // 2: iam_pb.CreateUserRequest.identity:type_name -> iam_pb.Identity + 29, // 3: iam_pb.GetUserResponse.identity:type_name -> iam_pb.Identity + 29, // 4: iam_pb.UpdateUserRequest.identity:type_name -> iam_pb.Identity + 30, // 5: iam_pb.CreateAccessKeyRequest.credential:type_name -> iam_pb.Credential + 29, // 6: iam_pb.GetUserByAccessKeyResponse.identity:type_name -> iam_pb.Identity + 30, // 7: iam_pb.ListAccessKeysResponse.access_keys:type_name -> iam_pb.Credential + 29, // 8: iam_pb.S3ApiConfiguration.identities:type_name -> iam_pb.Identity + 31, // 9: iam_pb.S3ApiConfiguration.accounts:type_name -> iam_pb.Account + 32, // 10: iam_pb.S3ApiConfiguration.service_accounts:type_name -> iam_pb.ServiceAccount + 41, // 11: iam_pb.S3ApiConfiguration.policies:type_name -> iam_pb.Policy + 30, // 12: iam_pb.Identity.credentials:type_name -> iam_pb.Credential + 31, // 13: iam_pb.Identity.account:type_name -> iam_pb.Account + 30, // 14: iam_pb.ServiceAccount.credential:type_name -> iam_pb.Credential + 41, // 15: iam_pb.ListPoliciesResponse.policies:type_name -> iam_pb.Policy + 32, // 16: iam_pb.CreateServiceAccountRequest.service_account:type_name -> iam_pb.ServiceAccount + 32, // 17: iam_pb.UpdateServiceAccountRequest.service_account:type_name -> iam_pb.ServiceAccount + 32, // 18: iam_pb.GetServiceAccountResponse.service_account:type_name -> iam_pb.ServiceAccount + 32, // 19: iam_pb.ListServiceAccountsResponse.service_accounts:type_name -> iam_pb.ServiceAccount + 32, // 20: iam_pb.GetServiceAccountByAccessKeyResponse.service_account:type_name -> iam_pb.ServiceAccount + 0, // 21: iam_pb.SeaweedIdentityAccessManagement.GetConfiguration:input_type -> iam_pb.GetConfigurationRequest + 2, // 22: iam_pb.SeaweedIdentityAccessManagement.PutConfiguration:input_type -> iam_pb.PutConfigurationRequest + 4, // 23: iam_pb.SeaweedIdentityAccessManagement.CreateUser:input_type -> iam_pb.CreateUserRequest + 6, // 24: iam_pb.SeaweedIdentityAccessManagement.GetUser:input_type -> iam_pb.GetUserRequest + 8, // 25: iam_pb.SeaweedIdentityAccessManagement.UpdateUser:input_type -> iam_pb.UpdateUserRequest + 10, // 26: iam_pb.SeaweedIdentityAccessManagement.DeleteUser:input_type -> iam_pb.DeleteUserRequest + 12, // 27: iam_pb.SeaweedIdentityAccessManagement.ListUsers:input_type -> iam_pb.ListUsersRequest + 14, // 28: iam_pb.SeaweedIdentityAccessManagement.CreateAccessKey:input_type -> iam_pb.CreateAccessKeyRequest + 16, // 29: iam_pb.SeaweedIdentityAccessManagement.DeleteAccessKey:input_type -> iam_pb.DeleteAccessKeyRequest + 18, // 30: iam_pb.SeaweedIdentityAccessManagement.GetUserByAccessKey:input_type -> iam_pb.GetUserByAccessKeyRequest + 33, // 31: iam_pb.SeaweedIdentityAccessManagement.PutPolicy:input_type -> iam_pb.PutPolicyRequest + 35, // 32: iam_pb.SeaweedIdentityAccessManagement.GetPolicy:input_type -> iam_pb.GetPolicyRequest + 37, // 33: iam_pb.SeaweedIdentityAccessManagement.ListPolicies:input_type -> iam_pb.ListPoliciesRequest + 39, // 34: iam_pb.SeaweedIdentityAccessManagement.DeletePolicy:input_type -> iam_pb.DeletePolicyRequest + 42, // 35: iam_pb.SeaweedIdentityAccessManagement.CreateServiceAccount:input_type -> iam_pb.CreateServiceAccountRequest + 44, // 36: iam_pb.SeaweedIdentityAccessManagement.UpdateServiceAccount:input_type -> iam_pb.UpdateServiceAccountRequest + 46, // 37: iam_pb.SeaweedIdentityAccessManagement.DeleteServiceAccount:input_type -> iam_pb.DeleteServiceAccountRequest + 48, // 38: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccount:input_type -> iam_pb.GetServiceAccountRequest + 50, // 39: iam_pb.SeaweedIdentityAccessManagement.ListServiceAccounts:input_type -> iam_pb.ListServiceAccountsRequest + 52, // 40: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccountByAccessKey:input_type -> iam_pb.GetServiceAccountByAccessKeyRequest + 1, // 41: iam_pb.SeaweedIdentityAccessManagement.GetConfiguration:output_type -> iam_pb.GetConfigurationResponse + 3, // 42: iam_pb.SeaweedIdentityAccessManagement.PutConfiguration:output_type -> iam_pb.PutConfigurationResponse + 5, // 43: iam_pb.SeaweedIdentityAccessManagement.CreateUser:output_type -> iam_pb.CreateUserResponse + 7, // 44: iam_pb.SeaweedIdentityAccessManagement.GetUser:output_type -> iam_pb.GetUserResponse + 9, // 45: iam_pb.SeaweedIdentityAccessManagement.UpdateUser:output_type -> iam_pb.UpdateUserResponse + 11, // 46: iam_pb.SeaweedIdentityAccessManagement.DeleteUser:output_type -> iam_pb.DeleteUserResponse + 13, // 47: iam_pb.SeaweedIdentityAccessManagement.ListUsers:output_type -> iam_pb.ListUsersResponse + 15, // 48: iam_pb.SeaweedIdentityAccessManagement.CreateAccessKey:output_type -> iam_pb.CreateAccessKeyResponse + 17, // 49: iam_pb.SeaweedIdentityAccessManagement.DeleteAccessKey:output_type -> iam_pb.DeleteAccessKeyResponse + 19, // 50: iam_pb.SeaweedIdentityAccessManagement.GetUserByAccessKey:output_type -> iam_pb.GetUserByAccessKeyResponse + 34, // 51: iam_pb.SeaweedIdentityAccessManagement.PutPolicy:output_type -> iam_pb.PutPolicyResponse + 36, // 52: iam_pb.SeaweedIdentityAccessManagement.GetPolicy:output_type -> iam_pb.GetPolicyResponse + 38, // 53: iam_pb.SeaweedIdentityAccessManagement.ListPolicies:output_type -> iam_pb.ListPoliciesResponse + 40, // 54: iam_pb.SeaweedIdentityAccessManagement.DeletePolicy:output_type -> iam_pb.DeletePolicyResponse + 43, // 55: iam_pb.SeaweedIdentityAccessManagement.CreateServiceAccount:output_type -> iam_pb.CreateServiceAccountResponse + 45, // 56: iam_pb.SeaweedIdentityAccessManagement.UpdateServiceAccount:output_type -> iam_pb.UpdateServiceAccountResponse + 47, // 57: iam_pb.SeaweedIdentityAccessManagement.DeleteServiceAccount:output_type -> iam_pb.DeleteServiceAccountResponse + 49, // 58: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccount:output_type -> iam_pb.GetServiceAccountResponse + 51, // 59: iam_pb.SeaweedIdentityAccessManagement.ListServiceAccounts:output_type -> iam_pb.ListServiceAccountsResponse + 53, // 60: iam_pb.SeaweedIdentityAccessManagement.GetServiceAccountByAccessKey:output_type -> iam_pb.GetServiceAccountByAccessKeyResponse + 41, // [41:61] is the sub-list for method output_type + 21, // [21:41] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name } func init() { file_iam_proto_init() } @@ -2444,7 +2863,7 @@ func file_iam_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_iam_proto_rawDesc), len(file_iam_proto_rawDesc)), NumEnums: 0, - NumMessages: 46, + NumMessages: 54, NumExtensions: 0, NumServices: 1, }, diff --git a/weed/pb/s3.proto b/weed/pb/s3.proto index 12f2dc356..097c7ba26 100644 --- a/weed/pb/s3.proto +++ b/weed/pb/s3.proto @@ -8,22 +8,35 @@ option java_outer_classname = "S3Proto"; ////////////////////////////////////////////////// +import "iam.proto"; + service SeaweedS3 { - rpc Configure (S3ConfigureRequest) returns (S3ConfigureResponse) { - } + // Explicit IAM APIs mirroring SeaweedIdentityAccessManagement + rpc ListUsers (iam_pb.ListUsersRequest) returns (iam_pb.ListUsersResponse) {} + rpc CreateUser (iam_pb.CreateUserRequest) returns (iam_pb.CreateUserResponse) {} + rpc GetUser (iam_pb.GetUserRequest) returns (iam_pb.GetUserResponse) {} + rpc UpdateUser (iam_pb.UpdateUserRequest) returns (iam_pb.UpdateUserResponse) {} + rpc DeleteUser (iam_pb.DeleteUserRequest) returns (iam_pb.DeleteUserResponse) {} + + rpc ListAccessKeys (iam_pb.ListAccessKeysRequest) returns (iam_pb.ListAccessKeysResponse) {} + rpc CreateAccessKey (iam_pb.CreateAccessKeyRequest) returns (iam_pb.CreateAccessKeyResponse) {} + rpc DeleteAccessKey (iam_pb.DeleteAccessKeyRequest) returns (iam_pb.DeleteAccessKeyResponse) {} + + rpc PutUserPolicy (iam_pb.PutUserPolicyRequest) returns (iam_pb.PutUserPolicyResponse) {} + rpc GetUserPolicy (iam_pb.GetUserPolicyRequest) returns (iam_pb.GetUserPolicyResponse) {} + rpc DeleteUserPolicy (iam_pb.DeleteUserPolicyRequest) returns (iam_pb.DeleteUserPolicyResponse) {} + + rpc ListServiceAccounts (iam_pb.ListServiceAccountsRequest) returns (iam_pb.ListServiceAccountsResponse) {} + rpc CreateServiceAccount (iam_pb.CreateServiceAccountRequest) returns (iam_pb.CreateServiceAccountResponse) {} + rpc UpdateServiceAccount (iam_pb.UpdateServiceAccountRequest) returns (iam_pb.UpdateServiceAccountResponse) {} + rpc DeleteServiceAccount (iam_pb.DeleteServiceAccountRequest) returns (iam_pb.DeleteServiceAccountResponse) {} + rpc GetServiceAccount (iam_pb.GetServiceAccountRequest) returns (iam_pb.GetServiceAccountResponse) {} } ////////////////////////////////////////////////// -message S3ConfigureRequest { - bytes s3_configuration_file_content = 1; -} - -message S3ConfigureResponse { -} - message S3CircuitBreakerConfig { S3CircuitBreakerOptions global=1; map buckets= 2; diff --git a/weed/pb/s3_pb/s3.pb.go b/weed/pb/s3_pb/s3.pb.go index 312210f84..daf6fe912 100644 --- a/weed/pb/s3_pb/s3.pb.go +++ b/weed/pb/s3_pb/s3.pb.go @@ -7,6 +7,7 @@ package s3_pb import ( + iam_pb "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -21,86 +22,6 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -type S3ConfigureRequest struct { - state protoimpl.MessageState `protogen:"open.v1"` - S3ConfigurationFileContent []byte `protobuf:"bytes,1,opt,name=s3_configuration_file_content,json=s3ConfigurationFileContent,proto3" json:"s3_configuration_file_content,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *S3ConfigureRequest) Reset() { - *x = S3ConfigureRequest{} - mi := &file_s3_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *S3ConfigureRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*S3ConfigureRequest) ProtoMessage() {} - -func (x *S3ConfigureRequest) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[0] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use S3ConfigureRequest.ProtoReflect.Descriptor instead. -func (*S3ConfigureRequest) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{0} -} - -func (x *S3ConfigureRequest) GetS3ConfigurationFileContent() []byte { - if x != nil { - return x.S3ConfigurationFileContent - } - return nil -} - -type S3ConfigureResponse struct { - state protoimpl.MessageState `protogen:"open.v1"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache -} - -func (x *S3ConfigureResponse) Reset() { - *x = S3ConfigureResponse{} - mi := &file_s3_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) -} - -func (x *S3ConfigureResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*S3ConfigureResponse) ProtoMessage() {} - -func (x *S3ConfigureResponse) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[1] - if x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use S3ConfigureResponse.ProtoReflect.Descriptor instead. -func (*S3ConfigureResponse) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{1} -} - type S3CircuitBreakerConfig struct { state protoimpl.MessageState `protogen:"open.v1"` Global *S3CircuitBreakerOptions `protobuf:"bytes,1,opt,name=global,proto3" json:"global,omitempty"` @@ -111,7 +32,7 @@ type S3CircuitBreakerConfig struct { func (x *S3CircuitBreakerConfig) Reset() { *x = S3CircuitBreakerConfig{} - mi := &file_s3_proto_msgTypes[2] + mi := &file_s3_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -123,7 +44,7 @@ func (x *S3CircuitBreakerConfig) String() string { func (*S3CircuitBreakerConfig) ProtoMessage() {} func (x *S3CircuitBreakerConfig) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[2] + mi := &file_s3_proto_msgTypes[0] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -136,7 +57,7 @@ func (x *S3CircuitBreakerConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use S3CircuitBreakerConfig.ProtoReflect.Descriptor instead. func (*S3CircuitBreakerConfig) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{2} + return file_s3_proto_rawDescGZIP(), []int{0} } func (x *S3CircuitBreakerConfig) GetGlobal() *S3CircuitBreakerOptions { @@ -163,7 +84,7 @@ type S3CircuitBreakerOptions struct { func (x *S3CircuitBreakerOptions) Reset() { *x = S3CircuitBreakerOptions{} - mi := &file_s3_proto_msgTypes[3] + mi := &file_s3_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -175,7 +96,7 @@ func (x *S3CircuitBreakerOptions) String() string { func (*S3CircuitBreakerOptions) ProtoMessage() {} func (x *S3CircuitBreakerOptions) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[3] + mi := &file_s3_proto_msgTypes[1] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -188,7 +109,7 @@ func (x *S3CircuitBreakerOptions) ProtoReflect() protoreflect.Message { // Deprecated: Use S3CircuitBreakerOptions.ProtoReflect.Descriptor instead. func (*S3CircuitBreakerOptions) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{3} + return file_s3_proto_rawDescGZIP(), []int{1} } func (x *S3CircuitBreakerOptions) GetEnabled() bool { @@ -219,7 +140,7 @@ type CORSRule struct { func (x *CORSRule) Reset() { *x = CORSRule{} - mi := &file_s3_proto_msgTypes[4] + mi := &file_s3_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -231,7 +152,7 @@ func (x *CORSRule) String() string { func (*CORSRule) ProtoMessage() {} func (x *CORSRule) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[4] + mi := &file_s3_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -244,7 +165,7 @@ func (x *CORSRule) ProtoReflect() protoreflect.Message { // Deprecated: Use CORSRule.ProtoReflect.Descriptor instead. func (*CORSRule) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{4} + return file_s3_proto_rawDescGZIP(), []int{2} } func (x *CORSRule) GetAllowedHeaders() []string { @@ -298,7 +219,7 @@ type CORSConfiguration struct { func (x *CORSConfiguration) Reset() { *x = CORSConfiguration{} - mi := &file_s3_proto_msgTypes[5] + mi := &file_s3_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -310,7 +231,7 @@ func (x *CORSConfiguration) String() string { func (*CORSConfiguration) ProtoMessage() {} func (x *CORSConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[5] + mi := &file_s3_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -323,7 +244,7 @@ func (x *CORSConfiguration) ProtoReflect() protoreflect.Message { // Deprecated: Use CORSConfiguration.ProtoReflect.Descriptor instead. func (*CORSConfiguration) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{5} + return file_s3_proto_rawDescGZIP(), []int{3} } func (x *CORSConfiguration) GetCorsRules() []*CORSRule { @@ -344,7 +265,7 @@ type BucketMetadata struct { func (x *BucketMetadata) Reset() { *x = BucketMetadata{} - mi := &file_s3_proto_msgTypes[6] + mi := &file_s3_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -356,7 +277,7 @@ func (x *BucketMetadata) String() string { func (*BucketMetadata) ProtoMessage() {} func (x *BucketMetadata) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[6] + mi := &file_s3_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -369,7 +290,7 @@ func (x *BucketMetadata) ProtoReflect() protoreflect.Message { // Deprecated: Use BucketMetadata.ProtoReflect.Descriptor instead. func (*BucketMetadata) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{6} + return file_s3_proto_rawDescGZIP(), []int{4} } func (x *BucketMetadata) GetTags() map[string]string { @@ -404,7 +325,7 @@ type EncryptionConfiguration struct { func (x *EncryptionConfiguration) Reset() { *x = EncryptionConfiguration{} - mi := &file_s3_proto_msgTypes[7] + mi := &file_s3_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -416,7 +337,7 @@ func (x *EncryptionConfiguration) String() string { func (*EncryptionConfiguration) ProtoMessage() {} func (x *EncryptionConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_s3_proto_msgTypes[7] + mi := &file_s3_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -429,7 +350,7 @@ func (x *EncryptionConfiguration) ProtoReflect() protoreflect.Message { // Deprecated: Use EncryptionConfiguration.ProtoReflect.Descriptor instead. func (*EncryptionConfiguration) Descriptor() ([]byte, []int) { - return file_s3_proto_rawDescGZIP(), []int{7} + return file_s3_proto_rawDescGZIP(), []int{5} } func (x *EncryptionConfiguration) GetSseAlgorithm() string { @@ -457,10 +378,7 @@ var File_s3_proto protoreflect.FileDescriptor const file_s3_proto_rawDesc = "" + "\n" + - "\bs3.proto\x12\fmessaging_pb\"W\n" + - "\x12S3ConfigureRequest\x12A\n" + - "\x1ds3_configuration_file_content\x18\x01 \x01(\fR\x1as3ConfigurationFileContent\"\x15\n" + - "\x13S3ConfigureResponse\"\x87\x02\n" + + "\bs3.proto\x12\fmessaging_pb\x1a\tiam.proto\"\x87\x02\n" + "\x16S3CircuitBreakerConfig\x12=\n" + "\x06global\x18\x01 \x01(\v2%.messaging_pb.S3CircuitBreakerOptionsR\x06global\x12K\n" + "\abuckets\x18\x02 \x03(\v21.messaging_pb.S3CircuitBreakerConfig.BucketsEntryR\abuckets\x1aa\n" + @@ -496,9 +414,28 @@ const file_s3_proto_rawDesc = "" + "\rsse_algorithm\x18\x01 \x01(\tR\fsseAlgorithm\x12\x1c\n" + "\n" + "kms_key_id\x18\x02 \x01(\tR\bkmsKeyId\x12,\n" + - "\x12bucket_key_enabled\x18\x03 \x01(\bR\x10bucketKeyEnabled2_\n" + - "\tSeaweedS3\x12R\n" + - "\tConfigure\x12 .messaging_pb.S3ConfigureRequest\x1a!.messaging_pb.S3ConfigureResponse\"\x00BI\n" + + "\x12bucket_key_enabled\x18\x03 \x01(\bR\x10bucketKeyEnabled2\xc7\n" + + "\n" + + "\tSeaweedS3\x12B\n" + + "\tListUsers\x12\x18.iam_pb.ListUsersRequest\x1a\x19.iam_pb.ListUsersResponse\"\x00\x12E\n" + + "\n" + + "CreateUser\x12\x19.iam_pb.CreateUserRequest\x1a\x1a.iam_pb.CreateUserResponse\"\x00\x12<\n" + + "\aGetUser\x12\x16.iam_pb.GetUserRequest\x1a\x17.iam_pb.GetUserResponse\"\x00\x12E\n" + + "\n" + + "UpdateUser\x12\x19.iam_pb.UpdateUserRequest\x1a\x1a.iam_pb.UpdateUserResponse\"\x00\x12E\n" + + "\n" + + "DeleteUser\x12\x19.iam_pb.DeleteUserRequest\x1a\x1a.iam_pb.DeleteUserResponse\"\x00\x12Q\n" + + "\x0eListAccessKeys\x12\x1d.iam_pb.ListAccessKeysRequest\x1a\x1e.iam_pb.ListAccessKeysResponse\"\x00\x12T\n" + + "\x0fCreateAccessKey\x12\x1e.iam_pb.CreateAccessKeyRequest\x1a\x1f.iam_pb.CreateAccessKeyResponse\"\x00\x12T\n" + + "\x0fDeleteAccessKey\x12\x1e.iam_pb.DeleteAccessKeyRequest\x1a\x1f.iam_pb.DeleteAccessKeyResponse\"\x00\x12N\n" + + "\rPutUserPolicy\x12\x1c.iam_pb.PutUserPolicyRequest\x1a\x1d.iam_pb.PutUserPolicyResponse\"\x00\x12N\n" + + "\rGetUserPolicy\x12\x1c.iam_pb.GetUserPolicyRequest\x1a\x1d.iam_pb.GetUserPolicyResponse\"\x00\x12W\n" + + "\x10DeleteUserPolicy\x12\x1f.iam_pb.DeleteUserPolicyRequest\x1a .iam_pb.DeleteUserPolicyResponse\"\x00\x12`\n" + + "\x13ListServiceAccounts\x12\".iam_pb.ListServiceAccountsRequest\x1a#.iam_pb.ListServiceAccountsResponse\"\x00\x12c\n" + + "\x14CreateServiceAccount\x12#.iam_pb.CreateServiceAccountRequest\x1a$.iam_pb.CreateServiceAccountResponse\"\x00\x12c\n" + + "\x14UpdateServiceAccount\x12#.iam_pb.UpdateServiceAccountRequest\x1a$.iam_pb.UpdateServiceAccountResponse\"\x00\x12c\n" + + "\x14DeleteServiceAccount\x12#.iam_pb.DeleteServiceAccountRequest\x1a$.iam_pb.DeleteServiceAccountResponse\"\x00\x12Z\n" + + "\x11GetServiceAccount\x12 .iam_pb.GetServiceAccountRequest\x1a!.iam_pb.GetServiceAccountResponse\"\x00BI\n" + "\x10seaweedfs.clientB\aS3ProtoZ,github.com/seaweedfs/seaweedfs/weed/pb/s3_pbb\x06proto3" var ( @@ -513,33 +450,93 @@ func file_s3_proto_rawDescGZIP() []byte { return file_s3_proto_rawDescData } -var file_s3_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_s3_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_s3_proto_goTypes = []any{ - (*S3ConfigureRequest)(nil), // 0: messaging_pb.S3ConfigureRequest - (*S3ConfigureResponse)(nil), // 1: messaging_pb.S3ConfigureResponse - (*S3CircuitBreakerConfig)(nil), // 2: messaging_pb.S3CircuitBreakerConfig - (*S3CircuitBreakerOptions)(nil), // 3: messaging_pb.S3CircuitBreakerOptions - (*CORSRule)(nil), // 4: messaging_pb.CORSRule - (*CORSConfiguration)(nil), // 5: messaging_pb.CORSConfiguration - (*BucketMetadata)(nil), // 6: messaging_pb.BucketMetadata - (*EncryptionConfiguration)(nil), // 7: messaging_pb.EncryptionConfiguration - nil, // 8: messaging_pb.S3CircuitBreakerConfig.BucketsEntry - nil, // 9: messaging_pb.S3CircuitBreakerOptions.ActionsEntry - nil, // 10: messaging_pb.BucketMetadata.TagsEntry + (*S3CircuitBreakerConfig)(nil), // 0: messaging_pb.S3CircuitBreakerConfig + (*S3CircuitBreakerOptions)(nil), // 1: messaging_pb.S3CircuitBreakerOptions + (*CORSRule)(nil), // 2: messaging_pb.CORSRule + (*CORSConfiguration)(nil), // 3: messaging_pb.CORSConfiguration + (*BucketMetadata)(nil), // 4: messaging_pb.BucketMetadata + (*EncryptionConfiguration)(nil), // 5: messaging_pb.EncryptionConfiguration + nil, // 6: messaging_pb.S3CircuitBreakerConfig.BucketsEntry + nil, // 7: messaging_pb.S3CircuitBreakerOptions.ActionsEntry + nil, // 8: messaging_pb.BucketMetadata.TagsEntry + (*iam_pb.ListUsersRequest)(nil), // 9: iam_pb.ListUsersRequest + (*iam_pb.CreateUserRequest)(nil), // 10: iam_pb.CreateUserRequest + (*iam_pb.GetUserRequest)(nil), // 11: iam_pb.GetUserRequest + (*iam_pb.UpdateUserRequest)(nil), // 12: iam_pb.UpdateUserRequest + (*iam_pb.DeleteUserRequest)(nil), // 13: iam_pb.DeleteUserRequest + (*iam_pb.ListAccessKeysRequest)(nil), // 14: iam_pb.ListAccessKeysRequest + (*iam_pb.CreateAccessKeyRequest)(nil), // 15: iam_pb.CreateAccessKeyRequest + (*iam_pb.DeleteAccessKeyRequest)(nil), // 16: iam_pb.DeleteAccessKeyRequest + (*iam_pb.PutUserPolicyRequest)(nil), // 17: iam_pb.PutUserPolicyRequest + (*iam_pb.GetUserPolicyRequest)(nil), // 18: iam_pb.GetUserPolicyRequest + (*iam_pb.DeleteUserPolicyRequest)(nil), // 19: iam_pb.DeleteUserPolicyRequest + (*iam_pb.ListServiceAccountsRequest)(nil), // 20: iam_pb.ListServiceAccountsRequest + (*iam_pb.CreateServiceAccountRequest)(nil), // 21: iam_pb.CreateServiceAccountRequest + (*iam_pb.UpdateServiceAccountRequest)(nil), // 22: iam_pb.UpdateServiceAccountRequest + (*iam_pb.DeleteServiceAccountRequest)(nil), // 23: iam_pb.DeleteServiceAccountRequest + (*iam_pb.GetServiceAccountRequest)(nil), // 24: iam_pb.GetServiceAccountRequest + (*iam_pb.ListUsersResponse)(nil), // 25: iam_pb.ListUsersResponse + (*iam_pb.CreateUserResponse)(nil), // 26: iam_pb.CreateUserResponse + (*iam_pb.GetUserResponse)(nil), // 27: iam_pb.GetUserResponse + (*iam_pb.UpdateUserResponse)(nil), // 28: iam_pb.UpdateUserResponse + (*iam_pb.DeleteUserResponse)(nil), // 29: iam_pb.DeleteUserResponse + (*iam_pb.ListAccessKeysResponse)(nil), // 30: iam_pb.ListAccessKeysResponse + (*iam_pb.CreateAccessKeyResponse)(nil), // 31: iam_pb.CreateAccessKeyResponse + (*iam_pb.DeleteAccessKeyResponse)(nil), // 32: iam_pb.DeleteAccessKeyResponse + (*iam_pb.PutUserPolicyResponse)(nil), // 33: iam_pb.PutUserPolicyResponse + (*iam_pb.GetUserPolicyResponse)(nil), // 34: iam_pb.GetUserPolicyResponse + (*iam_pb.DeleteUserPolicyResponse)(nil), // 35: iam_pb.DeleteUserPolicyResponse + (*iam_pb.ListServiceAccountsResponse)(nil), // 36: iam_pb.ListServiceAccountsResponse + (*iam_pb.CreateServiceAccountResponse)(nil), // 37: iam_pb.CreateServiceAccountResponse + (*iam_pb.UpdateServiceAccountResponse)(nil), // 38: iam_pb.UpdateServiceAccountResponse + (*iam_pb.DeleteServiceAccountResponse)(nil), // 39: iam_pb.DeleteServiceAccountResponse + (*iam_pb.GetServiceAccountResponse)(nil), // 40: iam_pb.GetServiceAccountResponse } var file_s3_proto_depIdxs = []int32{ - 3, // 0: messaging_pb.S3CircuitBreakerConfig.global:type_name -> messaging_pb.S3CircuitBreakerOptions - 8, // 1: messaging_pb.S3CircuitBreakerConfig.buckets:type_name -> messaging_pb.S3CircuitBreakerConfig.BucketsEntry - 9, // 2: messaging_pb.S3CircuitBreakerOptions.actions:type_name -> messaging_pb.S3CircuitBreakerOptions.ActionsEntry - 4, // 3: messaging_pb.CORSConfiguration.cors_rules:type_name -> messaging_pb.CORSRule - 10, // 4: messaging_pb.BucketMetadata.tags:type_name -> messaging_pb.BucketMetadata.TagsEntry - 5, // 5: messaging_pb.BucketMetadata.cors:type_name -> messaging_pb.CORSConfiguration - 7, // 6: messaging_pb.BucketMetadata.encryption:type_name -> messaging_pb.EncryptionConfiguration - 3, // 7: messaging_pb.S3CircuitBreakerConfig.BucketsEntry.value:type_name -> messaging_pb.S3CircuitBreakerOptions - 0, // 8: messaging_pb.SeaweedS3.Configure:input_type -> messaging_pb.S3ConfigureRequest - 1, // 9: messaging_pb.SeaweedS3.Configure:output_type -> messaging_pb.S3ConfigureResponse - 9, // [9:10] is the sub-list for method output_type - 8, // [8:9] is the sub-list for method input_type + 1, // 0: messaging_pb.S3CircuitBreakerConfig.global:type_name -> messaging_pb.S3CircuitBreakerOptions + 6, // 1: messaging_pb.S3CircuitBreakerConfig.buckets:type_name -> messaging_pb.S3CircuitBreakerConfig.BucketsEntry + 7, // 2: messaging_pb.S3CircuitBreakerOptions.actions:type_name -> messaging_pb.S3CircuitBreakerOptions.ActionsEntry + 2, // 3: messaging_pb.CORSConfiguration.cors_rules:type_name -> messaging_pb.CORSRule + 8, // 4: messaging_pb.BucketMetadata.tags:type_name -> messaging_pb.BucketMetadata.TagsEntry + 3, // 5: messaging_pb.BucketMetadata.cors:type_name -> messaging_pb.CORSConfiguration + 5, // 6: messaging_pb.BucketMetadata.encryption:type_name -> messaging_pb.EncryptionConfiguration + 1, // 7: messaging_pb.S3CircuitBreakerConfig.BucketsEntry.value:type_name -> messaging_pb.S3CircuitBreakerOptions + 9, // 8: messaging_pb.SeaweedS3.ListUsers:input_type -> iam_pb.ListUsersRequest + 10, // 9: messaging_pb.SeaweedS3.CreateUser:input_type -> iam_pb.CreateUserRequest + 11, // 10: messaging_pb.SeaweedS3.GetUser:input_type -> iam_pb.GetUserRequest + 12, // 11: messaging_pb.SeaweedS3.UpdateUser:input_type -> iam_pb.UpdateUserRequest + 13, // 12: messaging_pb.SeaweedS3.DeleteUser:input_type -> iam_pb.DeleteUserRequest + 14, // 13: messaging_pb.SeaweedS3.ListAccessKeys:input_type -> iam_pb.ListAccessKeysRequest + 15, // 14: messaging_pb.SeaweedS3.CreateAccessKey:input_type -> iam_pb.CreateAccessKeyRequest + 16, // 15: messaging_pb.SeaweedS3.DeleteAccessKey:input_type -> iam_pb.DeleteAccessKeyRequest + 17, // 16: messaging_pb.SeaweedS3.PutUserPolicy:input_type -> iam_pb.PutUserPolicyRequest + 18, // 17: messaging_pb.SeaweedS3.GetUserPolicy:input_type -> iam_pb.GetUserPolicyRequest + 19, // 18: messaging_pb.SeaweedS3.DeleteUserPolicy:input_type -> iam_pb.DeleteUserPolicyRequest + 20, // 19: messaging_pb.SeaweedS3.ListServiceAccounts:input_type -> iam_pb.ListServiceAccountsRequest + 21, // 20: messaging_pb.SeaweedS3.CreateServiceAccount:input_type -> iam_pb.CreateServiceAccountRequest + 22, // 21: messaging_pb.SeaweedS3.UpdateServiceAccount:input_type -> iam_pb.UpdateServiceAccountRequest + 23, // 22: messaging_pb.SeaweedS3.DeleteServiceAccount:input_type -> iam_pb.DeleteServiceAccountRequest + 24, // 23: messaging_pb.SeaweedS3.GetServiceAccount:input_type -> iam_pb.GetServiceAccountRequest + 25, // 24: messaging_pb.SeaweedS3.ListUsers:output_type -> iam_pb.ListUsersResponse + 26, // 25: messaging_pb.SeaweedS3.CreateUser:output_type -> iam_pb.CreateUserResponse + 27, // 26: messaging_pb.SeaweedS3.GetUser:output_type -> iam_pb.GetUserResponse + 28, // 27: messaging_pb.SeaweedS3.UpdateUser:output_type -> iam_pb.UpdateUserResponse + 29, // 28: messaging_pb.SeaweedS3.DeleteUser:output_type -> iam_pb.DeleteUserResponse + 30, // 29: messaging_pb.SeaweedS3.ListAccessKeys:output_type -> iam_pb.ListAccessKeysResponse + 31, // 30: messaging_pb.SeaweedS3.CreateAccessKey:output_type -> iam_pb.CreateAccessKeyResponse + 32, // 31: messaging_pb.SeaweedS3.DeleteAccessKey:output_type -> iam_pb.DeleteAccessKeyResponse + 33, // 32: messaging_pb.SeaweedS3.PutUserPolicy:output_type -> iam_pb.PutUserPolicyResponse + 34, // 33: messaging_pb.SeaweedS3.GetUserPolicy:output_type -> iam_pb.GetUserPolicyResponse + 35, // 34: messaging_pb.SeaweedS3.DeleteUserPolicy:output_type -> iam_pb.DeleteUserPolicyResponse + 36, // 35: messaging_pb.SeaweedS3.ListServiceAccounts:output_type -> iam_pb.ListServiceAccountsResponse + 37, // 36: messaging_pb.SeaweedS3.CreateServiceAccount:output_type -> iam_pb.CreateServiceAccountResponse + 38, // 37: messaging_pb.SeaweedS3.UpdateServiceAccount:output_type -> iam_pb.UpdateServiceAccountResponse + 39, // 38: messaging_pb.SeaweedS3.DeleteServiceAccount:output_type -> iam_pb.DeleteServiceAccountResponse + 40, // 39: messaging_pb.SeaweedS3.GetServiceAccount:output_type -> iam_pb.GetServiceAccountResponse + 24, // [24:40] is the sub-list for method output_type + 8, // [8:24] is the sub-list for method input_type 8, // [8:8] is the sub-list for extension type_name 8, // [8:8] is the sub-list for extension extendee 0, // [0:8] is the sub-list for field type_name @@ -556,7 +553,7 @@ func file_s3_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_s3_proto_rawDesc), len(file_s3_proto_rawDesc)), NumEnums: 0, - NumMessages: 11, + NumMessages: 9, NumExtensions: 0, NumServices: 1, }, diff --git a/weed/pb/s3_pb/s3_grpc.pb.go b/weed/pb/s3_pb/s3_grpc.pb.go index 7d76b004a..7a5bbbfcf 100644 --- a/weed/pb/s3_pb/s3_grpc.pb.go +++ b/weed/pb/s3_pb/s3_grpc.pb.go @@ -8,6 +8,7 @@ package s3_pb import ( context "context" + iam_pb "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -19,14 +20,45 @@ import ( const _ = grpc.SupportPackageIsVersion9 const ( - SeaweedS3_Configure_FullMethodName = "/messaging_pb.SeaweedS3/Configure" + SeaweedS3_ListUsers_FullMethodName = "/messaging_pb.SeaweedS3/ListUsers" + SeaweedS3_CreateUser_FullMethodName = "/messaging_pb.SeaweedS3/CreateUser" + SeaweedS3_GetUser_FullMethodName = "/messaging_pb.SeaweedS3/GetUser" + SeaweedS3_UpdateUser_FullMethodName = "/messaging_pb.SeaweedS3/UpdateUser" + SeaweedS3_DeleteUser_FullMethodName = "/messaging_pb.SeaweedS3/DeleteUser" + SeaweedS3_ListAccessKeys_FullMethodName = "/messaging_pb.SeaweedS3/ListAccessKeys" + SeaweedS3_CreateAccessKey_FullMethodName = "/messaging_pb.SeaweedS3/CreateAccessKey" + SeaweedS3_DeleteAccessKey_FullMethodName = "/messaging_pb.SeaweedS3/DeleteAccessKey" + SeaweedS3_PutUserPolicy_FullMethodName = "/messaging_pb.SeaweedS3/PutUserPolicy" + SeaweedS3_GetUserPolicy_FullMethodName = "/messaging_pb.SeaweedS3/GetUserPolicy" + SeaweedS3_DeleteUserPolicy_FullMethodName = "/messaging_pb.SeaweedS3/DeleteUserPolicy" + SeaweedS3_ListServiceAccounts_FullMethodName = "/messaging_pb.SeaweedS3/ListServiceAccounts" + SeaweedS3_CreateServiceAccount_FullMethodName = "/messaging_pb.SeaweedS3/CreateServiceAccount" + SeaweedS3_UpdateServiceAccount_FullMethodName = "/messaging_pb.SeaweedS3/UpdateServiceAccount" + SeaweedS3_DeleteServiceAccount_FullMethodName = "/messaging_pb.SeaweedS3/DeleteServiceAccount" + SeaweedS3_GetServiceAccount_FullMethodName = "/messaging_pb.SeaweedS3/GetServiceAccount" ) // SeaweedS3Client is the client API for SeaweedS3 service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type SeaweedS3Client interface { - Configure(ctx context.Context, in *S3ConfigureRequest, opts ...grpc.CallOption) (*S3ConfigureResponse, error) + // Explicit IAM APIs mirroring SeaweedIdentityAccessManagement + ListUsers(ctx context.Context, in *iam_pb.ListUsersRequest, opts ...grpc.CallOption) (*iam_pb.ListUsersResponse, error) + CreateUser(ctx context.Context, in *iam_pb.CreateUserRequest, opts ...grpc.CallOption) (*iam_pb.CreateUserResponse, error) + GetUser(ctx context.Context, in *iam_pb.GetUserRequest, opts ...grpc.CallOption) (*iam_pb.GetUserResponse, error) + UpdateUser(ctx context.Context, in *iam_pb.UpdateUserRequest, opts ...grpc.CallOption) (*iam_pb.UpdateUserResponse, error) + DeleteUser(ctx context.Context, in *iam_pb.DeleteUserRequest, opts ...grpc.CallOption) (*iam_pb.DeleteUserResponse, error) + ListAccessKeys(ctx context.Context, in *iam_pb.ListAccessKeysRequest, opts ...grpc.CallOption) (*iam_pb.ListAccessKeysResponse, error) + CreateAccessKey(ctx context.Context, in *iam_pb.CreateAccessKeyRequest, opts ...grpc.CallOption) (*iam_pb.CreateAccessKeyResponse, error) + DeleteAccessKey(ctx context.Context, in *iam_pb.DeleteAccessKeyRequest, opts ...grpc.CallOption) (*iam_pb.DeleteAccessKeyResponse, error) + PutUserPolicy(ctx context.Context, in *iam_pb.PutUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.PutUserPolicyResponse, error) + GetUserPolicy(ctx context.Context, in *iam_pb.GetUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.GetUserPolicyResponse, error) + DeleteUserPolicy(ctx context.Context, in *iam_pb.DeleteUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.DeleteUserPolicyResponse, error) + ListServiceAccounts(ctx context.Context, in *iam_pb.ListServiceAccountsRequest, opts ...grpc.CallOption) (*iam_pb.ListServiceAccountsResponse, error) + CreateServiceAccount(ctx context.Context, in *iam_pb.CreateServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.CreateServiceAccountResponse, error) + UpdateServiceAccount(ctx context.Context, in *iam_pb.UpdateServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.UpdateServiceAccountResponse, error) + DeleteServiceAccount(ctx context.Context, in *iam_pb.DeleteServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.DeleteServiceAccountResponse, error) + GetServiceAccount(ctx context.Context, in *iam_pb.GetServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.GetServiceAccountResponse, error) } type seaweedS3Client struct { @@ -37,10 +69,160 @@ func NewSeaweedS3Client(cc grpc.ClientConnInterface) SeaweedS3Client { return &seaweedS3Client{cc} } -func (c *seaweedS3Client) Configure(ctx context.Context, in *S3ConfigureRequest, opts ...grpc.CallOption) (*S3ConfigureResponse, error) { +func (c *seaweedS3Client) ListUsers(ctx context.Context, in *iam_pb.ListUsersRequest, opts ...grpc.CallOption) (*iam_pb.ListUsersResponse, error) { cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) - out := new(S3ConfigureResponse) - err := c.cc.Invoke(ctx, SeaweedS3_Configure_FullMethodName, in, out, cOpts...) + out := new(iam_pb.ListUsersResponse) + err := c.cc.Invoke(ctx, SeaweedS3_ListUsers_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) CreateUser(ctx context.Context, in *iam_pb.CreateUserRequest, opts ...grpc.CallOption) (*iam_pb.CreateUserResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.CreateUserResponse) + err := c.cc.Invoke(ctx, SeaweedS3_CreateUser_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) GetUser(ctx context.Context, in *iam_pb.GetUserRequest, opts ...grpc.CallOption) (*iam_pb.GetUserResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.GetUserResponse) + err := c.cc.Invoke(ctx, SeaweedS3_GetUser_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) UpdateUser(ctx context.Context, in *iam_pb.UpdateUserRequest, opts ...grpc.CallOption) (*iam_pb.UpdateUserResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.UpdateUserResponse) + err := c.cc.Invoke(ctx, SeaweedS3_UpdateUser_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) DeleteUser(ctx context.Context, in *iam_pb.DeleteUserRequest, opts ...grpc.CallOption) (*iam_pb.DeleteUserResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.DeleteUserResponse) + err := c.cc.Invoke(ctx, SeaweedS3_DeleteUser_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) ListAccessKeys(ctx context.Context, in *iam_pb.ListAccessKeysRequest, opts ...grpc.CallOption) (*iam_pb.ListAccessKeysResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.ListAccessKeysResponse) + err := c.cc.Invoke(ctx, SeaweedS3_ListAccessKeys_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) CreateAccessKey(ctx context.Context, in *iam_pb.CreateAccessKeyRequest, opts ...grpc.CallOption) (*iam_pb.CreateAccessKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.CreateAccessKeyResponse) + err := c.cc.Invoke(ctx, SeaweedS3_CreateAccessKey_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) DeleteAccessKey(ctx context.Context, in *iam_pb.DeleteAccessKeyRequest, opts ...grpc.CallOption) (*iam_pb.DeleteAccessKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.DeleteAccessKeyResponse) + err := c.cc.Invoke(ctx, SeaweedS3_DeleteAccessKey_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) PutUserPolicy(ctx context.Context, in *iam_pb.PutUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.PutUserPolicyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.PutUserPolicyResponse) + err := c.cc.Invoke(ctx, SeaweedS3_PutUserPolicy_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) GetUserPolicy(ctx context.Context, in *iam_pb.GetUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.GetUserPolicyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.GetUserPolicyResponse) + err := c.cc.Invoke(ctx, SeaweedS3_GetUserPolicy_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) DeleteUserPolicy(ctx context.Context, in *iam_pb.DeleteUserPolicyRequest, opts ...grpc.CallOption) (*iam_pb.DeleteUserPolicyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.DeleteUserPolicyResponse) + err := c.cc.Invoke(ctx, SeaweedS3_DeleteUserPolicy_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) ListServiceAccounts(ctx context.Context, in *iam_pb.ListServiceAccountsRequest, opts ...grpc.CallOption) (*iam_pb.ListServiceAccountsResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.ListServiceAccountsResponse) + err := c.cc.Invoke(ctx, SeaweedS3_ListServiceAccounts_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) CreateServiceAccount(ctx context.Context, in *iam_pb.CreateServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.CreateServiceAccountResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.CreateServiceAccountResponse) + err := c.cc.Invoke(ctx, SeaweedS3_CreateServiceAccount_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) UpdateServiceAccount(ctx context.Context, in *iam_pb.UpdateServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.UpdateServiceAccountResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.UpdateServiceAccountResponse) + err := c.cc.Invoke(ctx, SeaweedS3_UpdateServiceAccount_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) DeleteServiceAccount(ctx context.Context, in *iam_pb.DeleteServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.DeleteServiceAccountResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.DeleteServiceAccountResponse) + err := c.cc.Invoke(ctx, SeaweedS3_DeleteServiceAccount_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *seaweedS3Client) GetServiceAccount(ctx context.Context, in *iam_pb.GetServiceAccountRequest, opts ...grpc.CallOption) (*iam_pb.GetServiceAccountResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(iam_pb.GetServiceAccountResponse) + err := c.cc.Invoke(ctx, SeaweedS3_GetServiceAccount_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -51,7 +233,23 @@ func (c *seaweedS3Client) Configure(ctx context.Context, in *S3ConfigureRequest, // All implementations must embed UnimplementedSeaweedS3Server // for forward compatibility. type SeaweedS3Server interface { - Configure(context.Context, *S3ConfigureRequest) (*S3ConfigureResponse, error) + // Explicit IAM APIs mirroring SeaweedIdentityAccessManagement + ListUsers(context.Context, *iam_pb.ListUsersRequest) (*iam_pb.ListUsersResponse, error) + CreateUser(context.Context, *iam_pb.CreateUserRequest) (*iam_pb.CreateUserResponse, error) + GetUser(context.Context, *iam_pb.GetUserRequest) (*iam_pb.GetUserResponse, error) + UpdateUser(context.Context, *iam_pb.UpdateUserRequest) (*iam_pb.UpdateUserResponse, error) + DeleteUser(context.Context, *iam_pb.DeleteUserRequest) (*iam_pb.DeleteUserResponse, error) + ListAccessKeys(context.Context, *iam_pb.ListAccessKeysRequest) (*iam_pb.ListAccessKeysResponse, error) + CreateAccessKey(context.Context, *iam_pb.CreateAccessKeyRequest) (*iam_pb.CreateAccessKeyResponse, error) + DeleteAccessKey(context.Context, *iam_pb.DeleteAccessKeyRequest) (*iam_pb.DeleteAccessKeyResponse, error) + PutUserPolicy(context.Context, *iam_pb.PutUserPolicyRequest) (*iam_pb.PutUserPolicyResponse, error) + GetUserPolicy(context.Context, *iam_pb.GetUserPolicyRequest) (*iam_pb.GetUserPolicyResponse, error) + DeleteUserPolicy(context.Context, *iam_pb.DeleteUserPolicyRequest) (*iam_pb.DeleteUserPolicyResponse, error) + ListServiceAccounts(context.Context, *iam_pb.ListServiceAccountsRequest) (*iam_pb.ListServiceAccountsResponse, error) + CreateServiceAccount(context.Context, *iam_pb.CreateServiceAccountRequest) (*iam_pb.CreateServiceAccountResponse, error) + UpdateServiceAccount(context.Context, *iam_pb.UpdateServiceAccountRequest) (*iam_pb.UpdateServiceAccountResponse, error) + DeleteServiceAccount(context.Context, *iam_pb.DeleteServiceAccountRequest) (*iam_pb.DeleteServiceAccountResponse, error) + GetServiceAccount(context.Context, *iam_pb.GetServiceAccountRequest) (*iam_pb.GetServiceAccountResponse, error) mustEmbedUnimplementedSeaweedS3Server() } @@ -62,8 +260,53 @@ type SeaweedS3Server interface { // pointer dereference when methods are called. type UnimplementedSeaweedS3Server struct{} -func (UnimplementedSeaweedS3Server) Configure(context.Context, *S3ConfigureRequest) (*S3ConfigureResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Configure not implemented") +func (UnimplementedSeaweedS3Server) ListUsers(context.Context, *iam_pb.ListUsersRequest) (*iam_pb.ListUsersResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListUsers not implemented") +} +func (UnimplementedSeaweedS3Server) CreateUser(context.Context, *iam_pb.CreateUserRequest) (*iam_pb.CreateUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") +} +func (UnimplementedSeaweedS3Server) GetUser(context.Context, *iam_pb.GetUserRequest) (*iam_pb.GetUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetUser not implemented") +} +func (UnimplementedSeaweedS3Server) UpdateUser(context.Context, *iam_pb.UpdateUserRequest) (*iam_pb.UpdateUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateUser not implemented") +} +func (UnimplementedSeaweedS3Server) DeleteUser(context.Context, *iam_pb.DeleteUserRequest) (*iam_pb.DeleteUserResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteUser not implemented") +} +func (UnimplementedSeaweedS3Server) ListAccessKeys(context.Context, *iam_pb.ListAccessKeysRequest) (*iam_pb.ListAccessKeysResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListAccessKeys not implemented") +} +func (UnimplementedSeaweedS3Server) CreateAccessKey(context.Context, *iam_pb.CreateAccessKeyRequest) (*iam_pb.CreateAccessKeyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateAccessKey not implemented") +} +func (UnimplementedSeaweedS3Server) DeleteAccessKey(context.Context, *iam_pb.DeleteAccessKeyRequest) (*iam_pb.DeleteAccessKeyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAccessKey not implemented") +} +func (UnimplementedSeaweedS3Server) PutUserPolicy(context.Context, *iam_pb.PutUserPolicyRequest) (*iam_pb.PutUserPolicyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method PutUserPolicy not implemented") +} +func (UnimplementedSeaweedS3Server) GetUserPolicy(context.Context, *iam_pb.GetUserPolicyRequest) (*iam_pb.GetUserPolicyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetUserPolicy not implemented") +} +func (UnimplementedSeaweedS3Server) DeleteUserPolicy(context.Context, *iam_pb.DeleteUserPolicyRequest) (*iam_pb.DeleteUserPolicyResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteUserPolicy not implemented") +} +func (UnimplementedSeaweedS3Server) ListServiceAccounts(context.Context, *iam_pb.ListServiceAccountsRequest) (*iam_pb.ListServiceAccountsResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ListServiceAccounts not implemented") +} +func (UnimplementedSeaweedS3Server) CreateServiceAccount(context.Context, *iam_pb.CreateServiceAccountRequest) (*iam_pb.CreateServiceAccountResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method CreateServiceAccount not implemented") +} +func (UnimplementedSeaweedS3Server) UpdateServiceAccount(context.Context, *iam_pb.UpdateServiceAccountRequest) (*iam_pb.UpdateServiceAccountResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method UpdateServiceAccount not implemented") +} +func (UnimplementedSeaweedS3Server) DeleteServiceAccount(context.Context, *iam_pb.DeleteServiceAccountRequest) (*iam_pb.DeleteServiceAccountResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteServiceAccount not implemented") +} +func (UnimplementedSeaweedS3Server) GetServiceAccount(context.Context, *iam_pb.GetServiceAccountRequest) (*iam_pb.GetServiceAccountResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method GetServiceAccount not implemented") } func (UnimplementedSeaweedS3Server) mustEmbedUnimplementedSeaweedS3Server() {} func (UnimplementedSeaweedS3Server) testEmbeddedByValue() {} @@ -86,20 +329,290 @@ func RegisterSeaweedS3Server(s grpc.ServiceRegistrar, srv SeaweedS3Server) { s.RegisterService(&SeaweedS3_ServiceDesc, srv) } -func _SeaweedS3_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(S3ConfigureRequest) +func _SeaweedS3_ListUsers_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.ListUsersRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).ListUsers(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_ListUsers_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).ListUsers(ctx, req.(*iam_pb.ListUsersRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.CreateUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).CreateUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_CreateUser_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).CreateUser(ctx, req.(*iam_pb.CreateUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_GetUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.GetUserRequest) if err := dec(in); err != nil { return nil, err } if interceptor == nil { - return srv.(SeaweedS3Server).Configure(ctx, in) + return srv.(SeaweedS3Server).GetUser(ctx, in) } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: SeaweedS3_Configure_FullMethodName, + FullMethod: SeaweedS3_GetUser_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(SeaweedS3Server).Configure(ctx, req.(*S3ConfigureRequest)) + return srv.(SeaweedS3Server).GetUser(ctx, req.(*iam_pb.GetUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_UpdateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.UpdateUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).UpdateUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_UpdateUser_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).UpdateUser(ctx, req.(*iam_pb.UpdateUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_DeleteUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.DeleteUserRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).DeleteUser(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_DeleteUser_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).DeleteUser(ctx, req.(*iam_pb.DeleteUserRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_ListAccessKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.ListAccessKeysRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).ListAccessKeys(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_ListAccessKeys_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).ListAccessKeys(ctx, req.(*iam_pb.ListAccessKeysRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_CreateAccessKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.CreateAccessKeyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).CreateAccessKey(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_CreateAccessKey_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).CreateAccessKey(ctx, req.(*iam_pb.CreateAccessKeyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_DeleteAccessKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.DeleteAccessKeyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).DeleteAccessKey(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_DeleteAccessKey_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).DeleteAccessKey(ctx, req.(*iam_pb.DeleteAccessKeyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_PutUserPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.PutUserPolicyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).PutUserPolicy(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_PutUserPolicy_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).PutUserPolicy(ctx, req.(*iam_pb.PutUserPolicyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_GetUserPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.GetUserPolicyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).GetUserPolicy(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_GetUserPolicy_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).GetUserPolicy(ctx, req.(*iam_pb.GetUserPolicyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_DeleteUserPolicy_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.DeleteUserPolicyRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).DeleteUserPolicy(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_DeleteUserPolicy_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).DeleteUserPolicy(ctx, req.(*iam_pb.DeleteUserPolicyRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_ListServiceAccounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.ListServiceAccountsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).ListServiceAccounts(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_ListServiceAccounts_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).ListServiceAccounts(ctx, req.(*iam_pb.ListServiceAccountsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_CreateServiceAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.CreateServiceAccountRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).CreateServiceAccount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_CreateServiceAccount_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).CreateServiceAccount(ctx, req.(*iam_pb.CreateServiceAccountRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_UpdateServiceAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.UpdateServiceAccountRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).UpdateServiceAccount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_UpdateServiceAccount_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).UpdateServiceAccount(ctx, req.(*iam_pb.UpdateServiceAccountRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_DeleteServiceAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.DeleteServiceAccountRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).DeleteServiceAccount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_DeleteServiceAccount_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).DeleteServiceAccount(ctx, req.(*iam_pb.DeleteServiceAccountRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _SeaweedS3_GetServiceAccount_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(iam_pb.GetServiceAccountRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(SeaweedS3Server).GetServiceAccount(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: SeaweedS3_GetServiceAccount_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(SeaweedS3Server).GetServiceAccount(ctx, req.(*iam_pb.GetServiceAccountRequest)) } return interceptor(ctx, in, info, handler) } @@ -112,8 +625,68 @@ var SeaweedS3_ServiceDesc = grpc.ServiceDesc{ HandlerType: (*SeaweedS3Server)(nil), Methods: []grpc.MethodDesc{ { - MethodName: "Configure", - Handler: _SeaweedS3_Configure_Handler, + MethodName: "ListUsers", + Handler: _SeaweedS3_ListUsers_Handler, + }, + { + MethodName: "CreateUser", + Handler: _SeaweedS3_CreateUser_Handler, + }, + { + MethodName: "GetUser", + Handler: _SeaweedS3_GetUser_Handler, + }, + { + MethodName: "UpdateUser", + Handler: _SeaweedS3_UpdateUser_Handler, + }, + { + MethodName: "DeleteUser", + Handler: _SeaweedS3_DeleteUser_Handler, + }, + { + MethodName: "ListAccessKeys", + Handler: _SeaweedS3_ListAccessKeys_Handler, + }, + { + MethodName: "CreateAccessKey", + Handler: _SeaweedS3_CreateAccessKey_Handler, + }, + { + MethodName: "DeleteAccessKey", + Handler: _SeaweedS3_DeleteAccessKey_Handler, + }, + { + MethodName: "PutUserPolicy", + Handler: _SeaweedS3_PutUserPolicy_Handler, + }, + { + MethodName: "GetUserPolicy", + Handler: _SeaweedS3_GetUserPolicy_Handler, + }, + { + MethodName: "DeleteUserPolicy", + Handler: _SeaweedS3_DeleteUserPolicy_Handler, + }, + { + MethodName: "ListServiceAccounts", + Handler: _SeaweedS3_ListServiceAccounts_Handler, + }, + { + MethodName: "CreateServiceAccount", + Handler: _SeaweedS3_CreateServiceAccount_Handler, + }, + { + MethodName: "UpdateServiceAccount", + Handler: _SeaweedS3_UpdateServiceAccount_Handler, + }, + { + MethodName: "DeleteServiceAccount", + Handler: _SeaweedS3_DeleteServiceAccount_Handler, + }, + { + MethodName: "GetServiceAccount", + Handler: _SeaweedS3_GetServiceAccount_Handler, }, }, Streams: []grpc.StreamDesc{}, diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index b3c060e17..97a7a8a37 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -3,6 +3,7 @@ package s3api import ( "context" "encoding/json" + "errors" "fmt" "net/http" "os" @@ -346,7 +347,23 @@ func (iam *IdentityAccessManagement) loadEnvironmentVariableCredentials() { } } -func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFiler(option *S3ApiServerOption) error { +func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFiler(option *S3ApiServerOption) (err error) { + // Try to load configuration with retries to handle transient connectivity issues during startup + for i := 0; i < 10; i++ { + err = iam.doLoadS3ApiConfigurationFromFiler(option) + if err == nil { + return nil + } + if errors.Is(err, filer_pb.ErrNotFound) { + return err + } + glog.Warningf("fail to load config from filer (attempt %d/10): %v", i+1, err) + time.Sleep(2 * time.Second) + } + return err +} + +func (iam *IdentityAccessManagement) doLoadS3ApiConfigurationFromFiler(option *S3ApiServerOption) error { return iam.LoadS3ApiConfigurationFromCredentialManager() } diff --git a/weed/s3api/s3_sse_s3.go b/weed/s3api/s3_sse_s3.go index f7cbfa991..8b949dbc7 100644 --- a/weed/s3api/s3_sse_s3.go +++ b/weed/s3api/s3_sse_s3.go @@ -16,6 +16,7 @@ import ( "os" "strings" "sync" + "time" "github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" @@ -278,26 +279,27 @@ func (km *SSES3KeyManager) InitializeWithFiler(filerClient filer_pb.FilerClient) km.filerClient = filerClient - // Try to load existing KEK from filer - if err := km.loadSuperKeyFromFiler(); err != nil { - // Only generate a new key if it does not exist. - // For other errors (e.g. connectivity), we should fail fast to prevent creating a new key - // and making existing data undecryptable. + // Try to load existing KEK from filer with retries to handle transient connectivity issues during startup + var err error + for i := 0; i < 10; i++ { + err = km.loadSuperKeyFromFiler() + if err == nil { + glog.V(1).Infof("SSE-S3 KeyManager: Loaded KEK from filer %s", km.kekPath) + return nil + } if errors.Is(err, filer_pb.ErrNotFound) { glog.V(1).Infof("SSE-S3 KeyManager: KEK not found, generating new KEK (load from filer %s: %v)", km.kekPath, err) if genErr := km.generateAndSaveSuperKeyToFiler(); genErr != nil { return fmt.Errorf("failed to generate and save SSE-S3 super key: %w", genErr) } - } else { - // A different error occurred (e.g., network issue, permission denied). - // Return the error to prevent starting with a broken state. - return fmt.Errorf("failed to load SSE-S3 super key from %s: %w", km.kekPath, err) + return nil } - } else { - glog.V(1).Infof("SSE-S3 KeyManager: Loaded KEK from filer %s", km.kekPath) + glog.Warningf("SSE-S3 KeyManager: failed to load KEK (attempt %d/10): %v", i+1, err) + time.Sleep(2 * time.Second) } - return nil + // If we're here, all retries failed + return fmt.Errorf("failed to load SSE-S3 super key from %s after 10 attempts: %w", km.kekPath, err) } // loadSuperKeyFromFiler loads the KEK from the filer diff --git a/weed/s3api/s3api_embedded_iam.go b/weed/s3api/s3api_embedded_iam.go index ebdd54c72..8d775e0c7 100644 --- a/weed/s3api/s3api_embedded_iam.go +++ b/weed/s3api/s3api_embedded_iam.go @@ -34,6 +34,10 @@ type EmbeddedIamApi struct { credentialManager *credential.CredentialManager iam *IdentityAccessManagement policyLock sync.RWMutex + // Test hook + getS3ApiConfigurationFunc func(*iam_pb.S3ApiConfiguration) error + putS3ApiConfigurationFunc func(*iam_pb.S3ApiConfiguration) error + reloadConfigurationFunc func() error } // NewEmbeddedIamApi creates a new embedded IAM API handler. @@ -165,6 +169,9 @@ func (e *EmbeddedIamApi) writeIamErrorResponse(w http.ResponseWriter, r *http.Re // GetS3ApiConfiguration loads the S3 API configuration from the credential manager. func (e *EmbeddedIamApi) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) error { + if e.getS3ApiConfigurationFunc != nil { + return e.getS3ApiConfigurationFunc(s3cfg) + } config, err := e.credentialManager.LoadConfiguration(context.Background()) if err != nil { return fmt.Errorf("failed to load configuration: %w", err) @@ -175,9 +182,20 @@ func (e *EmbeddedIamApi) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) // PutS3ApiConfiguration saves the S3 API configuration to the credential manager. func (e *EmbeddedIamApi) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) error { + if e.putS3ApiConfigurationFunc != nil { + return e.putS3ApiConfigurationFunc(s3cfg) + } return e.credentialManager.SaveConfiguration(context.Background(), s3cfg) } +// ReloadConfiguration reloads the IAM configuration from the credential manager. +func (e *EmbeddedIamApi) ReloadConfiguration() error { + if e.reloadConfigurationFunc != nil { + return e.reloadConfigurationFunc() + } + return e.iam.LoadS3ApiConfigurationFromCredentialManager() +} + // ListUsers lists all IAM users. func (e *EmbeddedIamApi) ListUsers(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) iamListUsersResponse { var resp iamListUsersResponse @@ -1024,79 +1042,66 @@ func (e *EmbeddedIamApi) AuthIam(f http.HandlerFunc, _ Action) http.HandlerFunc } } -// DoActions handles IAM API actions. -func (e *EmbeddedIamApi) DoActions(w http.ResponseWriter, r *http.Request) { +// ExecuteAction executes an IAM action with the given values. +func (e *EmbeddedIamApi) ExecuteAction(values url.Values) (interface{}, *iamError) { // Lock to prevent concurrent read-modify-write race conditions e.policyLock.Lock() defer e.policyLock.Unlock() - if err := r.ParseForm(); err != nil { - s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) - return - } - values := r.PostForm s3cfg := &iam_pb.S3ApiConfiguration{} if err := e.GetS3ApiConfiguration(s3cfg); err != nil && !errors.Is(err, filer_pb.ErrNotFound) { - s3err.WriteErrorResponse(w, r, s3err.ErrInternalError) - return + return nil, &iamError{Code: s3err.GetAPIError(s3err.ErrInternalError).Code, Error: fmt.Errorf("failed to get s3 api configuration: %v", err)} } - glog.V(4).Infof("IAM DoActions: %+v", values) + glog.V(4).Infof("IAM ExecuteAction: %+v", values) var response interface{} var iamErr *iamError changed := true - switch r.Form.Get("Action") { + switch values.Get("Action") { case "ListUsers": response = e.ListUsers(s3cfg, values) changed = false case "ListAccessKeys": - e.handleImplicitUsername(r, values) + // Note: handleImplicitUsername requires request context which we don't have here for gRPC + // gRPC callers must provide UserName explicitly response = e.ListAccessKeys(s3cfg, values) changed = false case "CreateUser": response, iamErr = e.CreateUser(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "GetUser": userName := values.Get("UserName") response, iamErr = e.GetUser(s3cfg, userName) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } changed = false case "UpdateUser": response, iamErr = e.UpdateUser(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "DeleteUser": userName := values.Get("UserName") response, iamErr = e.DeleteUser(s3cfg, userName) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "CreateAccessKey": - e.handleImplicitUsername(r, values) response, iamErr = e.CreateAccessKey(s3cfg, values) if iamErr != nil { glog.Errorf("CreateAccessKey: %+v", iamErr.Error) - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "DeleteAccessKey": - e.handleImplicitUsername(r, values) response = e.DeleteAccessKey(s3cfg, values) case "CreatePolicy": response, iamErr = e.CreatePolicy(s3cfg, values) if iamErr != nil { glog.Errorf("CreatePolicy: %+v", iamErr.Error) - s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) - return + return nil, iamErr } case "DeletePolicy": // Managed policies are not stored separately, so deletion is a no-op. @@ -1107,48 +1112,40 @@ func (e *EmbeddedIamApi) DoActions(w http.ResponseWriter, r *http.Request) { response, iamErr = e.PutUserPolicy(s3cfg, values) if iamErr != nil { glog.Errorf("PutUserPolicy: %+v", iamErr.Error) - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "GetUserPolicy": response, iamErr = e.GetUserPolicy(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } changed = false case "DeleteUserPolicy": response, iamErr = e.DeleteUserPolicy(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "SetUserStatus": response, iamErr = e.SetUserStatus(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "UpdateAccessKey": - e.handleImplicitUsername(r, values) response, iamErr = e.UpdateAccessKey(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } // Service Account actions case "CreateServiceAccount": - createdBy := s3_constants.GetIdentityNameFromContext(r) + createdBy := values.Get("CreatedBy") response, iamErr = e.CreateServiceAccount(s3cfg, values, createdBy) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "DeleteServiceAccount": response, iamErr = e.DeleteServiceAccount(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } case "ListServiceAccounts": response = e.ListServiceAccounts(s3cfg, values) @@ -1156,37 +1153,55 @@ func (e *EmbeddedIamApi) DoActions(w http.ResponseWriter, r *http.Request) { case "GetServiceAccount": response, iamErr = e.GetServiceAccount(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } changed = false case "UpdateServiceAccount": response, iamErr = e.UpdateServiceAccount(s3cfg, values) if iamErr != nil { - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } default: - errNotImplemented := s3err.GetAPIError(s3err.ErrNotImplemented) - errorResponse := iamErrorResponse{} - errorResponse.Error.Code = &errNotImplemented.Code - errorResponse.Error.Message = &errNotImplemented.Description - s3err.WriteXMLResponse(w, r, errNotImplemented.HTTPStatusCode, errorResponse) - return + return nil, &iamError{Code: s3err.GetAPIError(s3err.ErrNotImplemented).Code, Error: errors.New(s3err.GetAPIError(s3err.ErrNotImplemented).Description)} } if changed { if err := e.PutS3ApiConfiguration(s3cfg); err != nil { iamErr = &iamError{Code: iam.ErrCodeServiceFailureException, Error: err} - e.writeIamErrorResponse(w, r, iamErr) - return + return nil, iamErr } // Reload in-memory identity maps so subsequent LookupByAccessKey calls // can see newly created or deleted keys immediately - if err := e.iam.LoadS3ApiConfigurationFromCredentialManager(); err != nil { - glog.Warningf("Failed to reload IAM configuration after mutation: %v", err) + if err := e.ReloadConfiguration(); err != nil { + glog.Errorf("Failed to reload IAM configuration after mutation: %v", err) // Don't fail the request since the persistent save succeeded } } + return response, nil +} + +// DoActions handles IAM API actions. +func (e *EmbeddedIamApi) DoActions(w http.ResponseWriter, r *http.Request) { + if err := r.ParseForm(); err != nil { + s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) + return + } + values := r.PostForm + + // Handle implicit username for HTTP requests + switch r.Form.Get("Action") { + case "ListAccessKeys", "CreateAccessKey", "DeleteAccessKey", "UpdateAccessKey": + e.handleImplicitUsername(r, values) + case "CreateServiceAccount": + createdBy := s3_constants.GetIdentityNameFromContext(r) + values.Set("CreatedBy", createdBy) + } + + response, iamErr := e.ExecuteAction(values) + if iamErr != nil { + e.writeIamErrorResponse(w, r, iamErr) + return + } + // Set RequestId for AWS compatibility if r, ok := response.(interface{ SetRequestId() }); ok { r.SetRequestId() diff --git a/weed/s3api/s3api_embedded_iam_test.go b/weed/s3api/s3api_embedded_iam_test.go index fa731f488..c5dc5d949 100644 --- a/weed/s3api/s3api_embedded_iam_test.go +++ b/weed/s3api/s3api_embedded_iam_test.go @@ -36,6 +36,20 @@ func NewEmbeddedIamApiForTest() *EmbeddedIamApiForTest { }, mockConfig: &iam_pb.S3ApiConfiguration{}, } + e.getS3ApiConfigurationFunc = func(s3cfg *iam_pb.S3ApiConfiguration) error { + if e.mockConfig != nil { + cloned := proto.Clone(e.mockConfig).(*iam_pb.S3ApiConfiguration) + proto.Merge(s3cfg, cloned) + } + return nil + } + e.putS3ApiConfigurationFunc = func(s3cfg *iam_pb.S3ApiConfiguration) error { + e.mockConfig = proto.Clone(s3cfg).(*iam_pb.S3ApiConfiguration) + return nil + } + e.reloadConfigurationFunc = func() error { + return nil + } return e } @@ -1661,3 +1675,31 @@ func TestOldCodeOrderWouldFail(t *testing.T) { t.Log("This demonstrates the bug: ParseForm before auth causes SignatureDoesNotMatch") } + +// TestEmbeddedIamExecuteAction tests calling ExecuteAction directly +func TestEmbeddedIamExecuteAction(t *testing.T) { + api := NewEmbeddedIamApiForTest() + api.mockConfig = &iam_pb.S3ApiConfiguration{} + + // Explicitly set hook to debug panic + api.EmbeddedIamApi.reloadConfigurationFunc = func() error { + return nil + } + + // Test case: CreateUser via ExecuteAction + vals := url.Values{} + vals.Set("Action", "CreateUser") + vals.Set("UserName", "ExecuteActionUser") + + resp, iamErr := api.ExecuteAction(vals) + assert.Nil(t, iamErr) + + // Verify response type + createResp, ok := resp.(iamCreateUserResponse) + assert.True(t, ok) + assert.Equal(t, "ExecuteActionUser", *createResp.CreateUserResult.User.UserName) + + // Verify persistence + assert.Len(t, api.mockConfig.Identities, 1) + assert.Equal(t, "ExecuteActionUser", api.mockConfig.Identities[0].Name) +} diff --git a/weed/s3api/s3api_server_grpc.go b/weed/s3api/s3api_server_grpc.go index b421b0574..2f6976b56 100644 --- a/weed/s3api/s3api_server_grpc.go +++ b/weed/s3api/s3api_server_grpc.go @@ -3,15 +3,342 @@ package s3api import ( "context" - "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb" + "fmt" + "net/url" + + "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" ) -func (s3a *S3ApiServer) Configure(ctx context.Context, request *s3_pb.S3ConfigureRequest) (*s3_pb.S3ConfigureResponse, error) { +func (s3a *S3ApiServer) executeAction(values url.Values) (interface{}, error) { + if s3a.embeddedIam == nil { + return nil, fmt.Errorf("embedded iam is disabled") + } + response, iamErr := s3a.embeddedIam.ExecuteAction(values) + if iamErr != nil { + return nil, fmt.Errorf("IAM error: %s - %v", iamErr.Code, iamErr.Error) + } + return response, nil +} - if err := s3a.iam.LoadS3ApiConfigurationFromBytes(request.S3ConfigurationFileContent); err != nil { +func (s3a *S3ApiServer) ListUsers(ctx context.Context, req *iam_pb.ListUsersRequest) (*iam_pb.ListUsersResponse, error) { + values := url.Values{} + values.Set("Action", "ListUsers") + resp, err := s3a.executeAction(values) + if err != nil { return nil, err } + iamResp, ok := resp.(iamListUsersResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM ListUsers response type %T", resp) + } + var usernames []string + for _, user := range iamResp.ListUsersResult.Users { + if user != nil && user.UserName != nil { + usernames = append(usernames, *user.UserName) + } + } + return &iam_pb.ListUsersResponse{Usernames: usernames}, nil +} - return &s3_pb.S3ConfigureResponse{}, nil +func (s3a *S3ApiServer) CreateUser(ctx context.Context, req *iam_pb.CreateUserRequest) (*iam_pb.CreateUserResponse, error) { + if req.Identity == nil || req.Identity.Name == "" { + return nil, fmt.Errorf("username name is required") + } + values := url.Values{} + values.Set("Action", "CreateUser") + values.Set("UserName", req.Identity.Name) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.CreateUserResponse{}, nil +} + +func (s3a *S3ApiServer) GetUser(ctx context.Context, req *iam_pb.GetUserRequest) (*iam_pb.GetUserResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + values := url.Values{} + values.Set("Action", "GetUser") + values.Set("UserName", req.Username) + resp, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + iamResp, ok := resp.(iamGetUserResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM GetUser response type %T", resp) + } + + var username string + if iamResp.GetUserResult.User.UserName != nil { + username = *iamResp.GetUserResult.User.UserName + } + + return &iam_pb.GetUserResponse{ + Identity: &iam_pb.Identity{ + Name: username, + }, + }, nil +} + +func (s3a *S3ApiServer) UpdateUser(ctx context.Context, req *iam_pb.UpdateUserRequest) (*iam_pb.UpdateUserResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + values := url.Values{} + values.Set("Action", "UpdateUser") + values.Set("UserName", req.Username) + // UpdateUser in DoActions expects "NewUserName" if renaming, but CreateUser just takes UserName. + // Looking at s3api_embedded_iam.go, UpdateUser uses "NewUserName" to change name. + if req.Identity != nil && req.Identity.Name != "" { + values.Set("NewUserName", req.Identity.Name) + } + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.UpdateUserResponse{}, nil +} + +func (s3a *S3ApiServer) DeleteUser(ctx context.Context, req *iam_pb.DeleteUserRequest) (*iam_pb.DeleteUserResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + values := url.Values{} + values.Set("Action", "DeleteUser") + values.Set("UserName", req.Username) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.DeleteUserResponse{}, nil +} + +func (s3a *S3ApiServer) ListAccessKeys(ctx context.Context, req *iam_pb.ListAccessKeysRequest) (*iam_pb.ListAccessKeysResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + values := url.Values{} + values.Set("Action", "ListAccessKeys") + values.Set("UserName", req.Username) + resp, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + iamResp, ok := resp.(iamListAccessKeysResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM ListAccessKeys response type %T", resp) + } + var accessKeys []*iam_pb.Credential + for _, meta := range iamResp.ListAccessKeysResult.AccessKeyMetadata { + if meta != nil && meta.AccessKeyId != nil && meta.Status != nil { + accessKeys = append(accessKeys, &iam_pb.Credential{ + AccessKey: *meta.AccessKeyId, + Status: *meta.Status, + }) + } + } + return &iam_pb.ListAccessKeysResponse{AccessKeys: accessKeys}, nil +} + +func (s3a *S3ApiServer) CreateAccessKey(ctx context.Context, req *iam_pb.CreateAccessKeyRequest) (*iam_pb.CreateAccessKeyResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + values := url.Values{} + values.Set("Action", "CreateAccessKey") + values.Set("UserName", req.Username) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.CreateAccessKeyResponse{}, nil +} + +func (s3a *S3ApiServer) DeleteAccessKey(ctx context.Context, req *iam_pb.DeleteAccessKeyRequest) (*iam_pb.DeleteAccessKeyResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + if req.AccessKey == "" { + return nil, fmt.Errorf("access key is required") + } + values := url.Values{} + values.Set("Action", "DeleteAccessKey") + values.Set("UserName", req.Username) + values.Set("AccessKeyId", req.AccessKey) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.DeleteAccessKeyResponse{}, nil +} + +func (s3a *S3ApiServer) PutUserPolicy(ctx context.Context, req *iam_pb.PutUserPolicyRequest) (*iam_pb.PutUserPolicyResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + if req.PolicyName == "" { + return nil, fmt.Errorf("policy name is required") + } + values := url.Values{} + values.Set("Action", "PutUserPolicy") + values.Set("UserName", req.Username) + values.Set("PolicyName", req.PolicyName) + values.Set("PolicyDocument", req.PolicyDocument) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.PutUserPolicyResponse{}, nil +} + +func (s3a *S3ApiServer) GetUserPolicy(ctx context.Context, req *iam_pb.GetUserPolicyRequest) (*iam_pb.GetUserPolicyResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + if req.PolicyName == "" { + return nil, fmt.Errorf("policy name is required") + } + values := url.Values{} + values.Set("Action", "GetUserPolicy") + values.Set("UserName", req.Username) + values.Set("PolicyName", req.PolicyName) + resp, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + iamResp, ok := resp.(iamGetUserPolicyResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM GetUserPolicy response type %T", resp) + } + return &iam_pb.GetUserPolicyResponse{ + Username: iamResp.GetUserPolicyResult.UserName, + PolicyName: iamResp.GetUserPolicyResult.PolicyName, + PolicyDocument: iamResp.GetUserPolicyResult.PolicyDocument, + }, nil +} + +func (s3a *S3ApiServer) DeleteUserPolicy(ctx context.Context, req *iam_pb.DeleteUserPolicyRequest) (*iam_pb.DeleteUserPolicyResponse, error) { + if req.Username == "" { + return nil, fmt.Errorf("username is required") + } + if req.PolicyName == "" { + return nil, fmt.Errorf("policy name is required") + } + values := url.Values{} + values.Set("Action", "DeleteUserPolicy") + values.Set("UserName", req.Username) + values.Set("PolicyName", req.PolicyName) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.DeleteUserPolicyResponse{}, nil +} + +func (s3a *S3ApiServer) ListServiceAccounts(ctx context.Context, req *iam_pb.ListServiceAccountsRequest) (*iam_pb.ListServiceAccountsResponse, error) { + values := url.Values{} + values.Set("Action", "ListServiceAccounts") + resp, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + iamResp, ok := resp.(iamListServiceAccountsResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM ListServiceAccounts response type %T", resp) + } + var serviceAccounts []*iam_pb.ServiceAccount + for _, sa := range iamResp.ListServiceAccountsResult.ServiceAccounts { + if sa != nil { + serviceAccounts = append(serviceAccounts, &iam_pb.ServiceAccount{ + Id: sa.ServiceAccountId, + ParentUser: sa.ParentUser, + Description: sa.Description, + Credential: &iam_pb.Credential{ + AccessKey: sa.AccessKeyId, + Status: sa.Status, + }, + }) + } + } + return &iam_pb.ListServiceAccountsResponse{ServiceAccounts: serviceAccounts}, nil +} + +func (s3a *S3ApiServer) CreateServiceAccount(ctx context.Context, req *iam_pb.CreateServiceAccountRequest) (*iam_pb.CreateServiceAccountResponse, error) { + if req.ServiceAccount == nil || req.ServiceAccount.CreatedBy == "" { + return nil, fmt.Errorf("service account owner is required") + } + values := url.Values{} + values.Set("Action", "CreateServiceAccount") + values.Set("CreatedBy", req.ServiceAccount.CreatedBy) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.CreateServiceAccountResponse{}, nil +} + +func (s3a *S3ApiServer) UpdateServiceAccount(ctx context.Context, req *iam_pb.UpdateServiceAccountRequest) (*iam_pb.UpdateServiceAccountResponse, error) { + if req.Id == "" { + return nil, fmt.Errorf("service account id is required") + } + values := url.Values{} + values.Set("Action", "UpdateServiceAccount") + values.Set("ServiceAccountId", req.Id) + if req.ServiceAccount != nil && req.ServiceAccount.Disabled { + values.Set("Status", "Inactive") + } + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.UpdateServiceAccountResponse{}, nil +} + +func (s3a *S3ApiServer) DeleteServiceAccount(ctx context.Context, req *iam_pb.DeleteServiceAccountRequest) (*iam_pb.DeleteServiceAccountResponse, error) { + if req.Id == "" { + return nil, fmt.Errorf("service account id is required") + } + values := url.Values{} + values.Set("Action", "DeleteServiceAccount") + values.Set("ServiceAccountId", req.Id) + _, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + return &iam_pb.DeleteServiceAccountResponse{}, nil +} + +func (s3a *S3ApiServer) GetServiceAccount(ctx context.Context, req *iam_pb.GetServiceAccountRequest) (*iam_pb.GetServiceAccountResponse, error) { + if req.Id == "" { + return nil, fmt.Errorf("service account id is required") + } + values := url.Values{} + values.Set("Action", "GetServiceAccount") + values.Set("ServiceAccountId", req.Id) + resp, err := s3a.executeAction(values) + if err != nil { + return nil, err + } + iamResp, ok := resp.(iamGetServiceAccountResponse) + if !ok { + return nil, fmt.Errorf("unexpected IAM GetServiceAccount response type %T", resp) + } + + var serviceAccount *iam_pb.ServiceAccount + sa := iamResp.GetServiceAccountResult.ServiceAccount + serviceAccount = &iam_pb.ServiceAccount{ + Id: sa.ServiceAccountId, + ParentUser: sa.ParentUser, + Description: sa.Description, + Credential: &iam_pb.Credential{ + AccessKey: sa.AccessKeyId, + Status: sa.Status, + }, + } + return &iam_pb.GetServiceAccountResponse{ + ServiceAccount: serviceAccount, + }, nil }