Implement '--expiry' flag for 'mc admin user svcacct add & edit' (#4570)

minio · May 30, 2023 · ca1d007 · ca1d007
1 parent c6d4b63
commit ca1d007
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 5 deletions.
diff --git a/cmd/admin-user-svcacct-add.go b/cmd/admin-user-svcacct-add.go
@@ -62,6 +62,10 @@ var adminUserSvcAcctAddFlags = []cli.Flag{
 		Hidden: true,
 		Usage:  "description for the service account (DEPRECATED: use --description instead)",
 	},
+	cli.StringFlag{
+		Name:  "expiry",
+		Usage: "time of expiration for the service account",
+	},
 }
 
 var adminUserSvcAcctAddCmd = cli.Command{
@@ -86,12 +90,18 @@ FLAGS:
 EXAMPLES:
   1. Add a new service account for user 'foobar' to MinIO server with a name and description.
      {{.Prompt}} {{.HelpName}} myminio foobar --name uploaderKey --description "foobar uploader scripts"
-  2. Add a new service account to MinIO server with specified access key and secret key for user'foobar'.
+  2. Add a new service account to MinIO server with specified access key and secret key for user 'foobar'.
      {{.Prompt}} {{.HelpName}} myminio foobar --access-key "myaccesskey" --secret-key "mysecretkey"
-  3. Add a new service account to MinIO server with specified access key and random secret key for user'foobar'.
+  3. Add a new service account to MinIO server with specified access key and random secret key for user 'foobar'.
      {{.Prompt}} {{.HelpName}} myminio foobar --access-key "myaccesskey"
-  4. Add a new service account to MinIO server with specified secret key and random access key for user'foobar'.
+  4. Add a new service account to MinIO server with specified secret key and random access key for user 'foobar'.
      {{.Prompt}} {{.HelpName}} myminio foobar --secret-key "mysecretkey"
+	5. Add a new service account to MinIO server with specified expiry date in the future for user 'foobar'.
+     {{.Prompt}} {{.HelpName}} myminio foobar --expiry 2023-06-24
+		 {{.Prompt}} {{.HelpName}} myminio foobar --expiry 2023-06-24T10:00
+		 {{.Prompt}} {{.HelpName}} myminio foobar --expiry 2023-06-24T10:00:00
+		 {{.Prompt}} {{.HelpName}} myminio foobar --expiry 2023-06-24T10:00:00Z
+		 {{.Prompt}} {{.HelpName}} myminio foobar --expiry 2023-06-24T10:00:00-07:00
 `,
 }
 
@@ -154,6 +164,13 @@ const (
 	secretKeyMaxLen = 40
 )
 
+var supportedTimeFormats = []string{
+	"2006-01-02",
+	"2006-01-02T15:04",
+	"2006-01-02T15:04:05",
+	time.RFC3339,
+}
+
 func (u acctMessage) String() string {
 	switch u.op {
 	case svcAccOpList:
@@ -196,8 +213,12 @@ func (u acctMessage) String() string {
 	case svcAccOpEnable:
 		return console.Colorize("AccMessage", "Enabled service account `"+u.AccessKey+"` successfully.")
 	case svcAccOpAdd:
+		if u.Expiration != nil && !u.Expiration.IsZero() && !u.Expiration.Equal(timeSentinel) {
+			return console.Colorize("AccMessage",
+				fmt.Sprintf("Access Key: %s\nSecret Key: %s\nExpiration: %s", u.AccessKey, u.SecretKey, *u.Expiration))
+		}
 		return console.Colorize("AccMessage",
-			fmt.Sprintf("Access Key: %s\nSecret Key: %s", u.AccessKey, u.SecretKey))
+			fmt.Sprintf("Access Key: %s\nSecret Key: %s\nExpiration: no-expiry", u.AccessKey, u.SecretKey))
 	case svcAccOpSet:
 		return console.Colorize("AccMessage", "Edited service account `"+u.AccessKey+"` successfully.")
 	}
@@ -267,6 +288,7 @@ func mainAdminUserSvcAcctAdd(ctx *cli.Context) error {
 	if description == "" {
 		description = ctx.String("comment")
 	}
+	expiry := ctx.String("expiry")
 
 	// generate access key and secret key
 	if len(accessKey) <= 0 || len(secretKey) <= 0 {
@@ -299,22 +321,49 @@ func mainAdminUserSvcAcctAdd(ctx *cli.Context) error {
 		}
 	}
 
+	var expiryTime time.Time
+	var expiryPointer *time.Time
+
+	if expiry != "" {
+		location, e := time.LoadLocation("Local")
+		if e != nil {
+			fatalIf(probe.NewError(e), "Unable to parse the expiry argument.")
+		}
+
+		patternMatched := false
+		for _, format := range supportedTimeFormats {
+			t, e := time.ParseInLocation(format, expiry, location)
+			if e == nil {
+				patternMatched = true
+				expiryTime = t
+				expiryPointer = &expiryTime
+				break
+			}
+		}
+
+		if !patternMatched {
+			fatalIf(probe.NewError(fmt.Errorf("expiry argument is not matching any of the supported patterns")), "unable to parse the expiry argument.")
+		}
+	}
+
 	opts := madmin.AddServiceAccountReq{
 		Policy:      policyBytes,
 		AccessKey:   accessKey,
 		SecretKey:   secretKey,
 		Name:        name,
 		Description: description,
 		TargetUser:  user,
+		Expiration:  expiryPointer,
 	}
 
 	creds, e := client.AddServiceAccount(globalContext, opts)
-	fatalIf(probe.NewError(e).Trace(args...), "Unable to add a new service account")
+	fatalIf(probe.NewError(e).Trace(args...), "Unable to add a new service account.")
 
 	printMsg(acctMessage{
 		op:            svcAccOpAdd,
 		AccessKey:     creds.AccessKey,
 		SecretKey:     creds.SecretKey,
+		Expiration:    &creds.Expiration,
 		AccountStatus: "enabled",
 	})
 

diff --git a/cmd/admin-user-svcacct-set.go b/cmd/admin-user-svcacct-set.go
@@ -18,7 +18,9 @@
 package cmd
 
 import (
+	"fmt"
 	"os"
+	"time"
 
 	"github.com/minio/cli"
 	"github.com/minio/madmin-go/v2"
@@ -42,6 +44,10 @@ var adminUserSvcAcctSetFlags = []cli.Flag{
 		Name:  "description",
 		Usage: "description for the service account",
 	},
+	cli.StringFlag{
+		Name:  "expiry",
+		Usage: "time of expiration for the service account",
+	},
 }
 
 var adminUserSvcAcctSetCmd = cli.Command{
@@ -64,6 +70,12 @@ FLAGS:
 EXAMPLES:
   1. Change the secret key of the service account 'J123C4ZXEQN8RK6ND35I' in MinIO server.
      {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --secret-key 'xxxxxxx'
+	2. Change the expiry of the service account 'J123C4ZXEQN8RK6ND35I' in MinIO server.
+     {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24
+     {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24T10:00
+     {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24T10:00:00
+     {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24T10:00:00Z
+     {{.Prompt}} {{.HelpName}} myminio/ 'J123C4ZXEQN8RK6ND35I' --expiry 2023-06-24T10:00:00-07:00
 `,
 }
 
@@ -87,6 +99,7 @@ func mainAdminUserSvcAcctSet(ctx *cli.Context) error {
 	policyPath := ctx.String("policy")
 	name := ctx.String("name")
 	description := ctx.String("description")
+	expiry := ctx.String("expiry")
 
 	// Create a new MinIO Admin Client
 	client, err := newAdminClient(aliasedURL)
@@ -99,11 +112,37 @@ func mainAdminUserSvcAcctSet(ctx *cli.Context) error {
 		fatalIf(probe.NewError(e), "Unable to open the policy document.")
 	}
 
+	var expiryTime time.Time
+	var expiryPointer *time.Time
+
+	if expiry != "" {
+		location, e := time.LoadLocation("Local")
+		if e != nil {
+			fatalIf(probe.NewError(e), "Unable to parse the expiry argument.")
+		}
+
+		patternMatched := false
+		for _, format := range supportedTimeFormats {
+			t, e := time.ParseInLocation(format, expiry, location)
+			if e == nil {
+				patternMatched = true
+				expiryTime = t
+				expiryPointer = &expiryTime
+				break
+			}
+		}
+
+		if !patternMatched {
+			fatalIf(probe.NewError(fmt.Errorf("expiry argument is not matching any of the supported patterns")), "unable to parse the expiry argument.")
+		}
+	}
+
 	opts := madmin.UpdateServiceAccountReq{
 		NewPolicy:      buf,
 		NewSecretKey:   secretKey,
 		NewName:        name,
 		NewDescription: description,
+		NewExpiration:  expiryPointer,
 	}
 
 	e := client.UpdateServiceAccount(globalContext, svcAccount, opts)