Refactored updateGroups

grycap · May 16, 2024 · 4dc4114 · 4dc4114
1 parent 25d90de
commit 4dc4114
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 40 deletions.
diff --git a/pkg/handlers/create.go b/pkg/handlers/create.go
@@ -299,7 +299,7 @@ func createBuckets(service *types.Service, cfg *types.Config, minIOAdminClient *
 						return fmt.Errorf("error creating service group for bucket %s: %v", splitPath[0], err)
 					}
 
-					err = minIOAdminClient.AddUserToGroup(allowed_users, splitPath[0])
+					err = minIOAdminClient.UpdateUsersInGroup(allowed_users, splitPath[0], false)
 					if err != nil {
 						return err
 					}

diff --git a/pkg/handlers/delete.go b/pkg/handlers/delete.go
@@ -73,7 +73,8 @@ func MakeDeleteHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 			path := strings.Trim(in.Path, " /")
 			// Split buckets and folders from path
 			bucket := strings.SplitN(path, "/", 2)
-			minIOAdminClient.DeleteServiceGroup(bucket[0])
+			var users []string
+			minIOAdminClient.UpdateUsersInGroup(users, bucket[0], true)
 		}
 
 		// Disable input notifications

diff --git a/pkg/handlers/update.go b/pkg/handlers/update.go
@@ -130,7 +130,11 @@ func MakeUpdateHandler(cfg *types.Config, back types.ServerlessBackend) gin.Hand
 						} else {
 							// If allowed users list changed update policies on bucket
 							updateLogger.Printf("Updating service policies")
-							err = minIOAdminClient.AddUserToGroup(newService.AllowedUsers, splitPath[0])
+							if oldAllowedLength < newAllowedLength {
+								err = minIOAdminClient.UpdateUsersInGroup(newService.AllowedUsers, splitPath[0], false)
+							} else {
+								err = minIOAdminClient.UpdateUsersInGroup(newService.AllowedUsers, splitPath[0], true)
+							}
 							if err != nil {
 								c.String(http.StatusInternalServerError, err.Error())
 								return

diff --git a/pkg/utils/auth/auth.go b/pkg/utils/auth/auth.go
@@ -49,7 +49,7 @@ func CustomAuth(cfg *types.Config, kubeClientset *kubernetes.Clientset) gin.Hand
 	var oscarUser = []string{"console"}
 
 	minIOAdminClient.CreateAllUsersGroup()
-	minIOAdminClient.AddUserToGroup(oscarUser, "all_users_group")
+	minIOAdminClient.UpdateUsersInGroup(oscarUser, "all_users_group", false)
 
 	oidcHandler := getOIDCMiddleware(kubeClientset, minIOAdminClient, cfg.OIDCIssuer, cfg.OIDCSubject, cfg.OIDCGroups)
 	return func(c *gin.Context) {

diff --git a/pkg/utils/minio.go b/pkg/utils/minio.go
@@ -107,16 +107,17 @@ func (minIOAdminClient *MinIOAdminClient) CreateMinIOUser(ak string, sk string)
 	}
 
 	users = append(users, ak)
-	err2 := minIOAdminClient.AddUserToGroup(users, ALL_USERS_GROUP)
+	err2 := minIOAdminClient.UpdateUsersInGroup(users, ALL_USERS_GROUP, false)
 	if err2 != nil {
 		return err2
 	}
 	return nil
 }
 
 func (minIOAdminClient *MinIOAdminClient) PrivateToPublicBucket(bucketName string) error {
-	// Delete policy and group
-	err := minIOAdminClient.DeleteServiceGroup(bucketName)
+	// Delete policy and group""
+	var users []string
+	err := minIOAdminClient.UpdateUsersInGroup(users, bucketName, true)
 	if err != nil {
 		return err
 	}
@@ -173,7 +174,7 @@ func (minIOAdminClient *MinIOAdminClient) PublicToPrivateBucket(bucketName strin
 		return err
 	}
 	// Add bucket to all_users_group policy
-	err = minIOAdminClient.AddUserToGroup(allowedUsers, bucketName)
+	err = minIOAdminClient.UpdateUsersInGroup(allowedUsers, bucketName, false)
 	if err != nil {
 		return err
 	}
@@ -224,46 +225,29 @@ func (minIOAdminClient *MinIOAdminClient) RemovedServiceFromAllUsersGroup(bucket
 	return nil
 }
 
-// AddUserToGroup adds  user/users to a group
-func (minIOAdminClient *MinIOAdminClient) AddUserToGroup(users []string, groupName string) error {
-	group := madmin.GroupAddRemove{
-		Group:    groupName,
-		Members:  users,
-		Status:   "enable",
-		IsRemove: false,
-	}
-
-	err := minIOAdminClient.adminClient.UpdateGroupMembers(context.TODO(), group)
-	if err != nil {
-		return fmt.Errorf("error adding users to group: %v", err)
-	}
-
-	return nil
-}
-
-// DeleteServiceGroup empty the service group and policy
-func (minIOAdminClient *MinIOAdminClient) DeleteServiceGroup(groupName string) error {
-	description, err := minIOAdminClient.adminClient.GetGroupDescription(context.Background(), groupName)
-	if err != nil {
-		return err
+// UpdateUsersGroup
+func (minIOAdminClient *MinIOAdminClient) UpdateUsersInGroup(users []string, groupName string, remove bool) error {
+	var members []string
+	if len(users) < 1 {
+		description, err := minIOAdminClient.adminClient.GetGroupDescription(context.Background(), groupName)
+		if err != nil {
+			return err
+		}
+		members = description.Members
+	} else {
+		members = users
 	}
 	group := madmin.GroupAddRemove{
 		Group:    groupName,
-		Members:  description.Members,
+		Members:  members,
 		Status:   "enable",
-		IsRemove: true,
+		IsRemove: remove,
 	}
 
-	err = minIOAdminClient.adminClient.UpdateGroupMembers(context.Background(), group)
+	err := minIOAdminClient.adminClient.UpdateGroupMembers(context.TODO(), group)
 	if err != nil {
-		return fmt.Errorf("error emptying group: %v", err)
+		return fmt.Errorf("error updating users on group: %v", err)
 	}
-
-	// FIX Group updates but doesn't get deleted so delete policy doesn't work
-	// err = minIOAdminClient.adminClient.RemoveCannedPolicy(context.TODO(), groupName)
-	// if err != nil {
-	// 	return fmt.Errorf("error removing group's policy: %v", err)
-	// }
 	return nil
 }