Implement managed policy storage (#8385)

* Persist managed IAM policies * Add IAM list/get policy integration test * Faster marker lookup and cleanup * Handle delete conflict and improve listing * Add delete-in-use policy integration test * Stabilize policy ID and guard path prefix * Tighten CreatePolicy guard and reload * Add ListPolicyNames to credential store
2026-02-19 14:21:19 -08:00
parent 5ecee9e64d
commit e9c45144cf
11 changed files with 464 additions and 14 deletions
--- a/weed/credential/filer_etc/filer_etc_policy.go
+++ b/weed/credential/filer_etc/filer_etc_policy.go
@@ -235,3 +235,45 @@ func (store *FilerEtcStore) GetPolicy(ctx context.Context, name string) (*policy

 	return nil, nil // Policy not found
 }
+
+// ListPolicyNames returns all managed policy names stored in the filer.
+func (store *FilerEtcStore) ListPolicyNames(ctx context.Context) ([]string, error) {
+	names := make([]string, 0)
+
+	store.mu.RLock()
+	configured := store.filerAddressFunc != nil
+	store.mu.RUnlock()
+
+	if !configured {
+		return names, nil
+	}
+
+	err := store.withFilerClient(func(client filer_pb.SeaweedFilerClient) error {
+		dir := filer.IamConfigDirectory + "/" + IamPoliciesDirectory
+		entries, err := listEntries(ctx, client, dir)
+		if err != nil {
+			if err == filer_pb.ErrNotFound {
+				return nil
+			}
+			return err
+		}
+
+		for _, entry := range entries {
+			if entry.IsDirectory {
+				continue
+			}
+			name := entry.Name
+			if strings.HasSuffix(name, ".json") {
+				name = name[:len(name)-5]
+			}
+			names = append(names, name)
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+	return names, nil
+}