Add MinioStsSetup createbucket + accessbucket policy.

Author: chenkins

admin-cli/src/main/java/cloud/katta/cli/commands/storage/MinioStsSetup.java

@@ -51,33 +51,57 @@ public class MinioStsSetup implements Callable<Void> {
     @CommandLine.Option(names = {"--maxSessionDuration"}, description = "Bucket Prefix for STS vaults.", required = false)
     Integer maxSessionDuration;
 
+    @CommandLine.Option(names = {"--createbucketPolicyName"}, description = "Policy name for accessing Katta STS buckets. Defaults to {bucketPrefix}createbucketPolicy.")
+    String createbucketPolicyName;
+
+    @CommandLine.Option(names = {"--accessbucketPolicyName"}, description = "Policy name for accessing Katta STS buckets. Defaults to {bucketPrefix}accessbucketpolicy.")
+    String accessbucketPolicyName;
+
     @Override
     public Void call() throws Exception {
-        final String createbucketPolicyName = "cipherduckcreatebucket";
+        if(createbucketPolicyName == null) {
+            createbucketPolicyName = String.format("%screatebucketpolicy", bucketPrefix);
+        }
+        if(accessbucketPolicyName == null) {
+            accessbucketPolicyName = String.format("%saccessbucketpolicy", bucketPrefix);
+        }
 
-        final JSONObject miniocreatebucketpolicy = new JSONObject(IOUtils.toString(KattaSetupCli.class.getResourceAsStream("/setup/minio_sts/createbucketpolicy.json"), Charset.defaultCharset()));
         final MinioAdminClient minioAdminClient = new MinioAdminClient.Builder()
                 .credentials(accessKey, secretKey)
                 .endpoint(endpointUrl).build();
 
-        //        /mc admin policy create myminio cipherduckcreatebucket /setup/minio_sts/createbucketpolicy.json
-        final JSONArray statements = miniocreatebucketpolicy.getJSONArray("Statement");
-        for(int i = 0; i < statements.length(); i++) {
-            final List<String> list = statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.replace("katta", bucketPrefix)).toList();
-            statements.getJSONObject(i).put("Resource", list);
+        // /mc admin policy create myminio cipherduckcreatebucket /setup/minio_sts/createbucketpolicy.json
+        {
+            final JSONObject miniocreatebucketpolicy = new JSONObject(IOUtils.toString(KattaSetupCli.class.getResourceAsStream("/setup/minio_sts/createbucketpolicy.json"), Charset.defaultCharset()));
+            final JSONArray statements = miniocreatebucketpolicy.getJSONArray("Statement");
+            for(int i = 0; i < statements.length(); i++) {
+                final List<String> list = statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.replace("katta", bucketPrefix)).toList();
+                statements.getJSONObject(i).put("Resource", list);
+            }
+            minioAdminClient.addCannedPolicy(createbucketPolicyName, miniocreatebucketpolicy.toString());
+            System.out.println(minioAdminClient.listCannedPolicies().get(createbucketPolicyName));
+        }
+        // /mc admin policy create myminio cipherduckaccessbucket /setup/minio_sts/accessbucketpolicy.json
+        {
+            final JSONObject minioaccessbucketpolicy = new JSONObject(IOUtils.toString(KattaSetupCli.class.getResourceAsStream("/setup/minio_sts/accessbucketpolicy.json"), Charset.defaultCharset()));
+            final JSONArray statements = minioaccessbucketpolicy.getJSONArray("Statement");
+            for(int i = 0; i < statements.length(); i++) {
+                final List<String> list = statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.replace("katta", bucketPrefix)).toList();
+                statements.getJSONObject(i).put("Resource", list);
+            }
+            minioAdminClient.addCannedPolicy(accessbucketPolicyName, minioaccessbucketpolicy.toString());
+            System.out.println(minioAdminClient.listCannedPolicies().get(accessbucketPolicyName));
         }
-        minioAdminClient.addCannedPolicy(createbucketPolicyName, miniocreatebucketpolicy.toString());
-        System.out.println(minioAdminClient.listCannedPolicies().get(createbucketPolicyName));
 
 
-//                /mc admin policy create myminio cipherduckaccessbucket /setup/minio_sts/accessbucketpolicy.json
-//
-//
-//                /mc idp openid add myminio cryptomator \
-//        config_url="${HUB_KEYCLOAK_URL}${HUB_KEYCLOAK_BASEPATH}/realms/${HUB_KEYCLOAK_REALM}/.well-known/openid-configuration" \
-//        client_id="cryptomator" \
-//        client_secret="ignore-me" \
-//        role_policy="cipherduckcreatebucket"
+        //                /mc idp openid add myminio cryptomator \
+        //        config_url="${HUB_KEYCLOAK_URL}${HUB_KEYCLOAK_BASEPATH}/realms/${HUB_KEYCLOAK_REALM}/.well-known/openid-configuration" \
+        //        client_id="cryptomator" \
+        //        client_secret="ignore-me" \
+        //        role_policy="cipherduckcreatebucket"
+//        {
+//            minioClient.
+//        }
 //                /mc idp openid add myminio cryptomatorhub \
 //        config_url="${HUB_KEYCLOAK_URL}${HUB_KEYCLOAK_BASEPATH}/realms/${HUB_KEYCLOAK_REALM}/.well-known/openid-configuration" \
 //        client_id="cryptomatorhub" \

admin-cli/src/test/java/cloud/katta/cli/commands/storage/MinioStsSetupIT.java

@@ -4,18 +4,17 @@
 
 package cloud.katta.cli.commands.storage;
 
-import org.json.JSONArray;
-import org.json.JSONObject;
-import org.junit.jupiter.api.Test;
-
-import java.util.Objects;
-
 import cloud.katta.cli.KattaSetupCli;
 import cloud.katta.testcontainers.AbtractAdminCliIT;
 import io.minio.admin.MinioAdminClient;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import org.junit.jupiter.api.Test;
 import picocli.CommandLine;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
+import java.util.Map;
+import java.util.Objects;
 
 class MinioStsSetupIT extends AbtractAdminCliIT {
 
@@ -26,19 +25,32 @@ public void testStorageProfileAwsStsSetup() throws Exception {
                 "--endpointUrl", "http://localhost:9100",
                 "--accessKey", "minioadmin",
                 "--secretKey", "minioadmin",
-                "--bucketPrefix", "farfalle"
+                "--bucketPrefix", "fusilli"
         );
         assertEquals(0, rc);
 
         final MinioAdminClient minioAdminClient = new MinioAdminClient.Builder()
                 .credentials("minioadmin", "minioadmin")
                 .endpoint("http://localhost:9100").build();
-        final JSONObject miniocreatebucketpolicy = new JSONObject(minioAdminClient.listCannedPolicies().get("cipherduckcreatebucket"));
-        final JSONArray statements = miniocreatebucketpolicy.getJSONArray("Statement");
-        int count = 0;
-        for(int i = 0; i < statements.length(); i++) {
-            count += statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.contains("farfalle")).count();
+
+        final Map<String, String> cannedPolicies = minioAdminClient.listCannedPolicies();
+        {
+            final JSONObject miniocreatebucketpolicy = new JSONObject(cannedPolicies.get("fusillicreatebucketpolicy"));
+            final JSONArray statements = miniocreatebucketpolicy.getJSONArray("Statement");
+            int count = 0;
+            for (int i = 0; i < statements.length(); i++) {
+                count += statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.contains("fusilli")).count();
+            }
+            assertEquals(3, count);
+        }
+        {
+            final JSONObject minioaccessbucket = new JSONObject(cannedPolicies.get("fusilliaccessbucketpolicy"));
+            final JSONArray statements = minioaccessbucket.getJSONArray("Statement");
+            int count = 0;
+            for (int i = 0; i < statements.length(); i++) {
+                count += statements.getJSONObject(i).getJSONArray("Resource").toList().stream().map(Objects::toString).map(s -> s.contains("fusilli")).count();
+            }
+            assertEquals(2, count);
         }
-        assertEquals(3, count);
     }
 }

admin-cli/src/test/java/cloud/katta/testcontainers/AbtractAdminCliIT.java

@@ -23,7 +23,6 @@
 import cloud.katta.protocols.hub.HubSession;
 import cloud.katta.testsetup.AbstractHubTest;
 import cloud.katta.testsetup.HubTestConfig;
-import cloud.katta.testsetup.HubTestSetupDockerExtension;
 
 public class AbtractAdminCliIT extends AbstractHubTest {
     private static final Logger log = LogManager.getLogger(AbtractAdminCliIT.class.getName());
@@ -47,7 +46,7 @@ public static void setupDocker() throws URISyntaxException, IOException {
         env.put("HUB_ADMIN_PASSWORD", configuration.hubAdminPassword);
         env.put("HUB_KEYCLOAK_SYSTEM_CLIENT_SECRET", configuration.hubKeycloakSystemClientSecret);
         compose = new ComposeContainer(
-                new File(HubTestSetupDockerExtension.class.getResource(configuration.composeFile).toURI()))
+                new File(AbtractAdminCliIT.class.getResource(configuration.composeFile).toURI()))
                 .withLocalCompose(true)
                 .withPull(true)
                 .withEnv(env)