Skip to content

Commit

Permalink
Implement add service account
Browse files Browse the repository at this point in the history
  • Loading branch information
@Omico
Omico committed Oct 13, 2023
1 parent 16841e5 commit 1e94cc6
Show file tree
Hide file tree
Showing 5 changed files with 119 additions and 1 deletion.
30 changes: 29 additions & 1 deletion adminapi/src/main/java/io/minio/admin/MinioAdminClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@
import io.minio.S3Escaper;
import io.minio.Signer;
import io.minio.Time;
import io.minio.admin.messages.AddServiceAccountRequest;
import io.minio.admin.messages.AddServiceAccountResponse;
import io.minio.admin.messages.DataUsageInfo;
import io.minio.admin.messages.ServiceAccountCredentials;
import io.minio.admin.messages.info.Message;
import io.minio.credentials.Credentials;
import io.minio.credentials.Provider;
Expand Down Expand Up @@ -71,6 +74,7 @@ private enum Command {
USER_INFO("user-info"),
LIST_USERS("list-users"),
REMOVE_USER("remove-user"),
ADD_SERVICE_ACCOUNT("add-service-account"),
ADD_CANNED_POLICY("add-canned-policy"),
SET_USER_OR_GROUP_POLICY("set-user-or-group-policy"),
LIST_CANNED_POLICIES("list-canned-policies"),
Expand Down Expand Up @@ -307,6 +311,30 @@ public void deleteUser(@Nonnull String accessKey)
null)) {}
}

/**
* Add a service account for a given user.
*
* @param targetUser Target user.
* @throws NoSuchAlgorithmException thrown to indicate missing of MD5 or SHA-256 digest library.
* @throws InvalidKeyException thrown to indicate missing of HMAC SHA-256 library.
* @throws IOException thrown to indicate I/O error on MinIO REST operation.
* @throws InvalidCipherTextException thrown to indicate data cannot be encrypted/decrypted.
*/
public ServiceAccountCredentials addServiceAccount(String targetUser)
throws NoSuchAlgorithmException, InvalidKeyException, IOException,
InvalidCipherTextException {
Credentials creds = getCredentials();
AddServiceAccountRequest addServiceAccountRequest = new AddServiceAccountRequest(targetUser);
byte[] body =
Crypto.encrypt(
creds.secretKey(), OBJECT_MAPPER.writeValueAsBytes(addServiceAccountRequest));

try (Response response = execute(Method.PUT, Command.ADD_SERVICE_ACCOUNT, null, body)) {
byte[] jsonData = Crypto.decrypt(creds.secretKey(), response.body().bytes());
return OBJECT_MAPPER.readValue(jsonData, AddServiceAccountResponse.class).credentials();
}
}

/**
* Adds or updates a group.
*
Expand Down Expand Up @@ -674,8 +702,8 @@ public void traceOn(OutputStream traceStream) {
/**
* Disables HTTP call tracing previously enabled.
*
* @see #traceOn
* @throws IOException upon connection error
* @see #traceOn
*/
public void traceOff() throws IOException {
this.traceStream = null;
Expand Down
18 changes: 18 additions & 0 deletions adminapi/src/main/java/io/minio/admin/messages/AddServiceAccountRequest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package io.minio.admin.messages;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonIgnoreProperties(ignoreUnknown = true)
public class AddServiceAccountRequest {
@JsonProperty("targetUser")
private final String targetUser;

public AddServiceAccountRequest(String targetUser) {
this.targetUser = targetUser;
}

public String targetUser() {
return targetUser;
}
}
14 changes: 14 additions & 0 deletions adminapi/src/main/java/io/minio/admin/messages/AddServiceAccountResponse.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package io.minio.admin.messages;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonProperty;

@JsonIgnoreProperties(ignoreUnknown = true)
public class AddServiceAccountResponse {
@JsonProperty("credentials")
private ServiceAccountCredentials credentials;

public ServiceAccountCredentials credentials() {
return credentials;
}
}
34 changes: 34 additions & 0 deletions adminapi/src/main/java/io/minio/admin/messages/ServiceAccountCredentials.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package io.minio.admin.messages;

import com.fasterxml.jackson.annotation.JsonProperty;
import io.minio.messages.ResponseDate;

public class ServiceAccountCredentials {
@JsonProperty("accessKey")
private String accessKey;

@JsonProperty("secretKey")
private String secretKey;

@JsonProperty("sessionToken")
private String sessionToken;

@JsonProperty("expiration")
private ResponseDate expiration;

public String accessKey() {
return accessKey;
}

public String secretKey() {
return secretKey;
}

public String sessionToken() {
return sessionToken;
}

public ResponseDate expiration() {
return expiration;
}
}
24 changes: 24 additions & 0 deletions adminapi/src/test/java/io/minio/admin/AddServiceAccountTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package io.minio.admin;

import io.minio.admin.messages.ServiceAccountCredentials;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.junit.Test;

public class AddServiceAccountTest {
@Test
public void canObtainServiceAccount()
throws InvalidCipherTextException, NoSuchAlgorithmException, IOException,
InvalidKeyException {
MinioAdminClient adminClient =
MinioAdminClient.builder()
.endpoint("https://play.min.io")
.credentials("Q3AM3UQ867SPQQA43P2F", "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG")
.build();
ServiceAccountCredentials credentials = adminClient.addServiceAccount("Q3AM3UQ867SPQQA43P2F");
System.out.println(credentials.accessKey());
System.out.println(credentials.secretKey());
}
}

0 comments on commit 1e94cc6

Please sign in to comment.