Implement managed policy storage (#8385)

* Persist managed IAM policies * Add IAM list/get policy integration test * Faster marker lookup and cleanup * Handle delete conflict and improve listing * Add delete-in-use policy integration test * Stabilize policy ID and guard path prefix * Tighten CreatePolicy guard and reload * Add ListPolicyNames to credential store
2026-02-19 14:21:19 -08:00
parent 5ecee9e64d
commit e9c45144cf
11 changed files with 464 additions and 14 deletions
--- a/weed/credential/postgres/postgres_policy.go
+++ b/weed/credential/postgres/postgres_policy.go
@@ -41,6 +41,30 @@ func (store *PostgresStore) GetPolicies(ctx context.Context) (map[string]policy_
 	return policies, nil
 }

+// ListPolicyNames returns all managed policy names from PostgreSQL.
+func (store *PostgresStore) ListPolicyNames(ctx context.Context) ([]string, error) {
+	if !store.configured {
+		return nil, fmt.Errorf("store not configured")
+	}
+
+	var names []string
+	rows, err := store.db.QueryContext(ctx, "SELECT name FROM policies")
+	if err != nil {
+		return nil, fmt.Errorf("failed to query policy names: %w", err)
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var name string
+		if err := rows.Scan(&name); err != nil {
+			return nil, fmt.Errorf("failed to scan policy name: %w", err)
+		}
+		names = append(names, name)
+	}
+
+	return names, nil
+}
+
 // CreatePolicy creates a new IAM policy in PostgreSQL
 func (store *PostgresStore) CreatePolicy(ctx context.Context, name string, document policy_engine.PolicyDocument) error {
 	if !store.configured {