Api bucket policy (#674)

* Adding API for Users with Access to Bucket

* changing error logging

* Delete .yarn-integrity

Author: adfost

portal-ui/src/screens/Console/Buckets/ViewBucket/ViewBucket.tsx

@@ -58,6 +58,7 @@ import UsageIcon from "../../../../icons/UsageIcon";
 import AddPolicy from "../../Policies/AddPolicy";
 import SetAccessPolicy from "./SetAccessPolicy";
 import { Policy } from "../../Policies/types";
+import { User } from "../../Users/types";
 
 const styles = (theme: Theme) =>
   createStyles({
@@ -222,6 +223,8 @@ const ViewBucket = ({
   >([]);
   const [bucketPolicy, setBucketPolicy] = useState<Policy[]>([]);
   const [loadingPolicy, setLoadingPolicy] = useState<boolean>(true);
+  const [bucketUsers, setBucketUsers] = useState<User[]>([]);
+  const [loadingUsers, setLoadingUsers] = useState<boolean>(true);
   const [loadingBucket, setLoadingBucket] = useState<boolean>(true);
   const [loadingEvents, setLoadingEvents] = useState<boolean>(true);
   const [loadingVersioning, setLoadingVersioning] = useState<boolean>(true);
@@ -389,6 +392,21 @@ const ViewBucket = ({
     }
   }, [loadingPolicy, setErrorSnackMessage, bucketName]);
 
+  useEffect(() => {
+    if (loadingUsers) {
+      api
+        .invoke("GET", `/api/v1/bucket-users/${bucketName}`)
+        .then((res: any) => {
+          setBucketUsers(res);
+          setLoadingUsers(false);
+        })
+        .catch((err: any) => {
+          setErrorSnackMessage(err);
+          setLoadingUsers(false);
+        });
+    }
+  }, [loadingUsers, setErrorSnackMessage, bucketName]);
+
   useEffect(() => {
     if (loadingSize) {
       api
@@ -773,6 +791,7 @@ const ViewBucket = ({
                   <Tab label="Replication" {...a11yProps(1)} />
                 )}
                 <Tab label="Policies" {...a11yProps(2)} />
+                <Tab label="Users" {...a11yProps(3)} />
               </Tabs>
             </Grid>
             <Grid item xs={6} className={classes.actionsTray}>
@@ -867,6 +886,15 @@ const ViewBucket = ({
                 idField="name"
               />
             </TabPanel>
+            <TabPanel index={3} value={curTab}>
+              <TableWrapper
+                columns={[{ label: "User", elementKey: "accessKey" }]}
+                isLoading={loadingUsers}
+                records={bucketUsers}
+                entityName="Users"
+                idField="accessKey"
+              />
+            </TabPanel>
           </Grid>
         </Grid>
       </Grid>

portal-ui/src/screens/Console/Buckets/types.tsx

@@ -47,6 +47,11 @@ export interface BucketEventList {
   total: number;
 }
 
+export interface BucketPolicy {
+  name: string;
+  body: string;
+}
+
 export interface ArnList {
   arns: string[];
 }

restapi/admin_users.go

@@ -91,6 +91,13 @@ func registerUsersHandlers(api *operations.ConsoleAPI) {
 
 		return admin_api.NewBulkUpdateUsersGroupsOK()
 	})
+	api.AdminAPIListUsersWithAccessToBucketHandler = admin_api.ListUsersWithAccessToBucketHandlerFunc(func(params admin_api.ListUsersWithAccessToBucketParams, session *models.Principal) middleware.Responder {
+		response, err := getListUsersWithAccessToBucketResponse(session, params.Bucket)
+		if err != nil {
+			return admin_api.NewListUsersWithAccessToBucketDefault(int(err.Code)).WithPayload(err)
+		}
+		return admin_api.NewListUsersWithAccessToBucketOK().WithPayload(response)
+	})
 }
 
 func listUsers(ctx context.Context, client MinioAdmin) ([]*models.User, error) {
@@ -467,3 +474,66 @@ func getAddUsersListToGroupsResponse(session *models.Principal, params admin_api
 
 	return nil
 }
+
+func getListUsersWithAccessToBucketResponse(session *models.Principal, bucket string) ([]string, *models.Error) {
+	ctx := context.Background()
+	mAdmin, err := newMAdminClient(session)
+	if err != nil {
+		return nil, prepareError(err)
+	}
+	// create a minioClient interface implementation
+	// defining the client to be used
+	adminClient := adminClient{client: mAdmin}
+
+	users, err := listUsers(ctx, adminClient)
+	if err != nil {
+		return nil, prepareError(err)
+	}
+	var retval []string
+	seen := make(map[string]bool)
+	for i := 0; i < len(users); i++ {
+		policy, err := adminClient.getPolicy(ctx, users[i].Policy)
+		if err == nil {
+			parsedPolicy, err2 := parsePolicy(users[i].Policy, policy)
+			if err2 == nil && policyMatchesBucket(parsedPolicy, bucket) {
+				retval = append(retval, users[i].AccessKey)
+				seen[users[i].AccessKey] = true
+			}
+			if err2 != nil {
+				log.Println(err2)
+			}
+		} else {
+			log.Println(err)
+		}
+	}
+
+	groups, err := listGroups(ctx, adminClient)
+	if err != nil {
+		log.Println(err)
+		return retval, nil
+	}
+	for i := 0; i < len(*groups); i++ {
+		info, err := groupInfo(ctx, adminClient, (*groups)[i])
+		if err == nil {
+			policy, err2 := adminClient.getPolicy(ctx, info.Policy)
+			if err2 == nil {
+				parsedPolicy, err3 := parsePolicy(info.Policy, policy)
+				for j := 0; j < len(info.Members); j++ {
+					if err3 == nil && !seen[info.Members[j]] && policyMatchesBucket(parsedPolicy, bucket) {
+						retval = append(retval, info.Members[j])
+						seen[info.Members[j]] = true
+					}
+					if err3 != nil {
+						log.Println(err3)
+					}
+				}
+			} else {
+				log.Println(err2)
+			}
+		} else {
+			log.Println(err)
+		}
+	}
+	// serialize output
+	return retval, nil
+}