gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e67973dc5314ad56833849298cdb017bede58a57
seaweedFS/weed/iam/constants.go
Chris Lu f64ce759e0 feat(iam): add SetUserStatus and UpdateAccessKey actions (#7750) 
feat(iam): add SetUserStatus and UpdateAccessKey actions (#7745)

Add ability to enable/disable users and access keys without deleting them.

## Changes

### Protocol Buffer Updates
- Add `disabled` field (bool) to Identity message for user status
  - false (default) = enabled, true = disabled
  - No backward compatibility hack needed since zero value is correct
- Add `status` field (string: Active/Inactive) to Credential message

### New IAM Actions
- SetUserStatus: Enable or disable a user (requires admin)
- UpdateAccessKey: Change access key status (self-service or admin)

### Behavior
- Disabled users: All API requests return AccessDenied
- Inactive access keys: Signature validation fails
- Status check happens early in auth flow for performance
- Backward compatible: existing configs default to enabled (disabled=false)

### Use Cases
1. Temporary suspension: Disable user access during investigation
2. Key rotation: Deactivate old key before deletion
3. Offboarding: Disable rather than delete for audit purposes
4. Emergency response: Quickly disable compromised credentials

Fixes #7745
2025-12-14 18:48:39 -08:00

38 lines
945 B
Go
Raw Blame History

package iam
// Character sets for credential generation
const (
CharsetUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
Charset = CharsetUpper + "abcdefghijklmnopqrstuvwxyz/"
)
// Policy document version
const PolicyDocumentVersion = "2012-10-17"
// Error message templates
const UserDoesNotExist = "the user with name %s cannot be found."
// Statement action constants - these map to IAM policy actions
const (
StatementActionAdmin = "*"
StatementActionWrite = "Put*"
StatementActionWriteAcp = "PutBucketAcl"
StatementActionRead = "Get*"
StatementActionReadAcp = "GetBucketAcl"
StatementActionList = "List*"
StatementActionTagging = "Tagging*"
StatementActionDelete = "DeleteBucket*"
)
// Access key lengths
const (
AccessKeyIdLength = 21
SecretAccessKeyLength = 42
)
// Access key status values (AWS IAM compatible)
const (
AccessKeyStatusActive = "Active"
AccessKeyStatusInactive = "Inactive"
)
Reference in New Issue View Git Blame Copy Permalink