e9c45144cf
* Persist managed IAM policies * Add IAM list/get policy integration test * Faster marker lookup and cleanup * Handle delete conflict and improve listing * Add delete-in-use policy integration test * Stabilize policy ID and guard path prefix * Tighten CreatePolicy guard and reload * Add ListPolicyNames to credential store
108 lines
2.6 KiB
Go
108 lines
2.6 KiB
Go
package memory
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/policy_engine"
|
|
)
|
|
|
|
// GetPolicies retrieves all IAM policies from memory
|
|
func (store *MemoryStore) GetPolicies(ctx context.Context) (map[string]policy_engine.PolicyDocument, error) {
|
|
store.mu.RLock()
|
|
defer store.mu.RUnlock()
|
|
|
|
if !store.initialized {
|
|
return nil, fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
// Create a copy of the policies map to avoid mutation issues
|
|
policies := make(map[string]policy_engine.PolicyDocument)
|
|
for name, doc := range store.policies {
|
|
policies[name] = doc
|
|
}
|
|
|
|
return policies, nil
|
|
}
|
|
|
|
// ListPolicyNames returns all stored policy names.
|
|
func (store *MemoryStore) ListPolicyNames(ctx context.Context) ([]string, error) {
|
|
store.mu.RLock()
|
|
defer store.mu.RUnlock()
|
|
|
|
if !store.initialized {
|
|
return nil, fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
names := make([]string, 0, len(store.policies))
|
|
for name := range store.policies {
|
|
names = append(names, name)
|
|
}
|
|
|
|
return names, nil
|
|
}
|
|
|
|
// GetPolicy retrieves a specific IAM policy by name from memory
|
|
func (store *MemoryStore) GetPolicy(ctx context.Context, name string) (*policy_engine.PolicyDocument, error) {
|
|
store.mu.RLock()
|
|
defer store.mu.RUnlock()
|
|
|
|
if policy, exists := store.policies[name]; exists {
|
|
return &policy, nil
|
|
}
|
|
|
|
return nil, nil // Policy not found
|
|
}
|
|
|
|
// CreatePolicy creates a new IAM policy in memory
|
|
func (store *MemoryStore) CreatePolicy(ctx context.Context, name string, document policy_engine.PolicyDocument) error {
|
|
store.mu.Lock()
|
|
defer store.mu.Unlock()
|
|
|
|
if !store.initialized {
|
|
return fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
store.policies[name] = document
|
|
return nil
|
|
}
|
|
|
|
// UpdatePolicy updates an existing IAM policy in memory
|
|
func (store *MemoryStore) UpdatePolicy(ctx context.Context, name string, document policy_engine.PolicyDocument) error {
|
|
store.mu.Lock()
|
|
defer store.mu.Unlock()
|
|
|
|
if !store.initialized {
|
|
return fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
store.policies[name] = document
|
|
return nil
|
|
}
|
|
|
|
// PutPolicy creates or updates an IAM policy in memory
|
|
func (store *MemoryStore) PutPolicy(ctx context.Context, name string, document policy_engine.PolicyDocument) error {
|
|
store.mu.Lock()
|
|
defer store.mu.Unlock()
|
|
|
|
if !store.initialized {
|
|
return fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
store.policies[name] = document
|
|
return nil
|
|
}
|
|
|
|
// DeletePolicy deletes an IAM policy from memory
|
|
func (store *MemoryStore) DeletePolicy(ctx context.Context, name string) error {
|
|
store.mu.Lock()
|
|
defer store.mu.Unlock()
|
|
|
|
if !store.initialized {
|
|
return fmt.Errorf("store not initialized")
|
|
}
|
|
|
|
delete(store.policies, name)
|
|
return nil
|
|
}
|