objectscale_client/client.rs
1//
2// Copyright (c) Dell Inc., or its subsidiaries. All Rights Reserved.
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10
11//! Applications should use create ManagementClient and ObjectstoreClient to manage ObjectScale resources.
12//!
13
14use crate::bucket::Bucket;
15use crate::iam::{
16 AccessKey, Account, AccountAccessKey, EntitiesForPolicy, Group, GroupPolicyAttachment,
17 LoginProfile, Policy, Role, RolePolicyAttachment, User, UserGroupMembership,
18 UserPolicyAttachment,
19};
20use crate::response::get_content_text;
21use crate::tenant::Tenant;
22use anyhow::{anyhow, Context as _, Result};
23use reqwest::blocking::{Client, ClientBuilder};
24use reqwest::header::{ACCEPT, CONTENT_TYPE};
25use reqwest::Url;
26use serde::{Deserialize, Serialize};
27use std::time::{Duration, SystemTime, UNIX_EPOCH};
28
29/// ManagementClient manages ObjectScale resources with the ObjectScale management REST APIs.
30///
31/// # Examples
32/// ```no_run
33/// use objectscale_client::client::ManagementClient;
34/// use objectscale_client::iam::AccountBuilder;
35///
36/// fn main() {
37/// let endpoint = "https://192.168.1.1:443";
38/// let username = "admin";
39/// let password = "pass";
40/// let insecure = false;
41/// let account_alias = "test";
42/// let mut client = ManagementClient::new(endpoint, username, password, insecure).expect("management client");
43/// let account = AccountBuilder::default().alias(account_alias).build().expect("build account");
44/// let account = client.create_account(account).expect("create account");
45/// println!("Created account: {:?}", account);
46/// }
47/// ```
48#[derive(Clone, Debug)]
49pub struct ManagementClient {
50 pub(crate) http_client: Client,
51 pub(crate) endpoint: Url,
52 username: String,
53 password: String,
54
55 pub(crate) access_token: Option<String>,
56 expires_in: Option<u64>,
57 refresh_token: Option<String>,
58 refresh_expires_in: Option<u64>,
59}
60
61/// ObjectstoreClient manages ObjectScale resources on ObjectStore with the ObjectScale ObjectStore REST APIs.
62///
63/// # Examples
64/// ```no_run
65/// use objectscale_client::client::ManagementClient;
66/// use objectscale_client::iam::AccountBuilder;
67/// use objectscale_client::tenant::TenantBuilder;
68///
69/// fn main() {
70/// let endpoint = "https://192.168.1.1:443";
71/// let username = "admin";
72/// let password = "pass";
73/// let insecure = false;
74/// let objectstore_endpoint = "https://192.168.1.2:4443";
75/// let account_alias = "test";
76/// let mut management_client = ManagementClient::new(endpoint, username, password, insecure).expect("management client");
77/// let mut objectstore_client = management_client.new_objectstore_client(objectstore_endpoint).expect("objectstore client");
78/// let account = AccountBuilder::default().alias(account_alias).build().expect("build account");
79/// let account = management_client.create_account(account).expect("create account");
80/// let tenant_alias = "test";
81/// let tenant = TenantBuilder::default().alias(tenant_alias).id(&account.account_id).build().expect("build tenant");
82/// let tenant = objectstore_client.create_tenant(tenant).expect("create tenant");
83/// println!("Created tenant: {:?}", tenant);
84/// }
85/// ```
86pub struct ObjectstoreClient {
87 pub(crate) endpoint: Url,
88 pub(crate) management_client: ManagementClient,
89}
90
91#[derive(Debug, Serialize)]
92struct BasicAuth {
93 pub username: String,
94 pub password: String,
95}
96
97#[derive(Debug, Deserialize)]
98struct AuthLoginResponse {
99 pub access_token: String,
100 pub expires_in: u64,
101 pub refresh_token: String,
102 pub refresh_expires_in: u64,
103}
104
105#[derive(Debug, Deserialize)]
106struct RefreshTokenResponse {
107 pub access_token: String,
108 pub expires_in: u64,
109 pub refresh_token: String,
110 pub refresh_expires_in: u64,
111 pub token_type: String,
112}
113
114impl ManagementClient {
115 /// Build a new ManagementClient.
116 ///
117 pub fn new(endpoint: &str, username: &str, password: &str, insecure: bool) -> Result<Self> {
118 let timeout = Duration::new(5, 0);
119 let http_client = ClientBuilder::new()
120 .timeout(timeout)
121 .danger_accept_invalid_certs(insecure)
122 .use_rustls_tls()
123 .build()
124 .expect("build client");
125 Ok(Self {
126 http_client,
127 endpoint: Url::parse(endpoint)?,
128 username: username.to_string(),
129 password: password.to_string(),
130
131 access_token: None,
132 expires_in: None,
133 refresh_token: None,
134 refresh_expires_in: None,
135 })
136 }
137
138 pub fn new_objectstore_client(&self, endpoint: &str) -> Result<ObjectstoreClient> {
139 Ok(ObjectstoreClient {
140 endpoint: Url::parse(endpoint)?,
141 management_client: self.clone(),
142 })
143 }
144
145 fn obtain_auth_token(&mut self) -> Result<()> {
146 let params = BasicAuth {
147 username: self.username.clone(),
148 password: self.password.clone(),
149 };
150 let request_url = format!("{}mgmt/auth/login", self.endpoint);
151 let resp = self
152 .http_client
153 .post(request_url)
154 .header(ACCEPT, "application/json")
155 .header(CONTENT_TYPE, "application/json")
156 .json(¶ms)
157 .send()?;
158
159 let text = get_content_text(resp)?;
160 let resp: AuthLoginResponse = serde_json::from_str(&text).with_context(|| {
161 format!(
162 "Unable to deserialise AuthLoginResponse. Body was: \"{}\"",
163 text
164 )
165 })?;
166 let obtain_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs();
167 self.access_token = Some(resp.access_token);
168 self.refresh_token = Some(resp.refresh_token);
169 self.expires_in = Some(resp.expires_in + obtain_time);
170 self.refresh_expires_in = Some(resp.refresh_expires_in + obtain_time);
171 Ok(())
172 }
173
174 fn refresh_auth_token(&mut self) -> Result<()> {
175 let request_url = format!(
176 "{}mgmt/auth/token?grant_type=refresh_token&refresh_token={}",
177 self.endpoint,
178 self.refresh_token.clone().unwrap()
179 );
180 let resp = self
181 .http_client
182 .post(request_url)
183 .header(ACCEPT, "application/json")
184 .header(CONTENT_TYPE, "application/json")
185 .send()?;
186
187 let text = get_content_text(resp)?;
188 let resp: RefreshTokenResponse = serde_json::from_str(&text).with_context(|| {
189 format!(
190 "Unable to deserialise RefreshTokenResponse. Body was: \"{}\"",
191 text
192 )
193 })?;
194 self.access_token = Some(resp.access_token);
195 self.refresh_token = Some(resp.refresh_token);
196 self.expires_in = Some(resp.expires_in);
197 self.refresh_expires_in = Some(resp.refresh_expires_in);
198 Ok(())
199 }
200
201 fn auth(&mut self) -> Result<()> {
202 if self.access_token.is_none() {
203 self.obtain_auth_token()?;
204 } else {
205 let now = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs();
206 if self.expires_in.unwrap() > now {
207 } else if self.refresh_expires_in.unwrap() > now {
208 self.refresh_auth_token()?;
209 } else {
210 self.obtain_auth_token()?;
211 }
212 }
213 Ok(())
214 }
215
216 /// Create an IAM account.
217 ///
218 /// account: Iam Account to create
219 ///
220 pub fn create_account(&mut self, account: Account) -> Result<Account> {
221 self.auth()?;
222 if account.tags.is_empty() {
223 Account::create_account(self, account)
224 } else {
225 let tags = account.tags.clone();
226 let account = Account::create_account(self, account)?;
227 Account::tag_account(self, account.account_id.as_str(), tags)?;
228 Account::get_account(self, account.account_id.as_str())
229 }
230 }
231
232 /// Get an IAM account.
233 ///
234 /// account_id: Id of the account
235 ///
236 pub fn get_account(&mut self, account_id: &str) -> Result<Account> {
237 self.auth()?;
238 Account::get_account(self, account_id)
239 }
240
241 /// Update an IAM account.
242 ///
243 /// account: Iam Account to update
244 ///
245 pub fn update_account(&mut self, account: Account) -> Result<Account> {
246 self.auth()?;
247 Account::update_account(self, account)
248 }
249
250 /// Delete an IAM account.
251 ///
252 /// account_id: Id of the account
253 ///
254 pub fn delete_account(&mut self, account_id: &str) -> Result<()> {
255 self.auth()?;
256 let account = Account::get_account(self, account_id)?;
257 if !account.account_disabled {
258 Account::disable_account(self, account_id)?;
259 }
260 Account::delete_account(self, account_id)
261 }
262
263 /// List all IAM accounts.
264 ///
265 pub fn list_accounts(&mut self) -> Result<Vec<Account>> {
266 self.auth()?;
267 Account::list_accounts(self)
268 }
269
270 /// Creates a new IAM User.
271 ///
272 /// user: IAM User to create
273 ///
274 pub fn create_user(&mut self, user: User) -> Result<User> {
275 self.auth()?;
276 let user = User::create(self, user)?;
277 // create user request would accept tags, but the response does not contain them
278 // TODO: report a bug
279 User::get(self, user.user_name.as_str(), user.namespace.as_str())
280 }
281
282 /// Returns the information about the specified IAM User.
283 ///
284 /// user_name: The name of the user to retrieve. Cannot be empty.
285 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
286 ///
287 pub fn get_user(&mut self, user_name: &str, namespace: &str) -> Result<User> {
288 self.auth()?;
289 User::get(self, user_name, namespace)
290 }
291
292 /// Delete specified IAM User.
293 ///
294 /// user_name: The name of the user to delete. Cannot be empty.
295 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
296 ///
297 pub fn delete_user(&mut self, user_name: &str, namespace: &str) -> Result<()> {
298 self.auth()?;
299 User::delete(self, user_name, namespace)
300 }
301
302 /// Lists the IAM users.
303 ///
304 /// namespace: Namespace of users(id of the account the user belongs to). Cannot be empty.
305 ///
306 /// TODO:
307 /// list_user won't show tags, or permissions boundary if any
308 /// fix it or report bug
309 ///
310 pub fn list_users(&mut self, namespace: &str) -> Result<Vec<User>> {
311 self.auth()?;
312 User::list(self, namespace)
313 }
314
315 /// Attaches the specified managed policy to the specified user.
316 ///
317 /// user_policy_attachment: UserPolicyAttachment to create
318 ///
319 /// PS: attach the same policy would throw error
320 ///
321 pub fn create_user_policy_attachment(
322 &mut self,
323 user_policy_attachment: UserPolicyAttachment,
324 ) -> Result<UserPolicyAttachment> {
325 self.auth()?;
326 UserPolicyAttachment::create(self, user_policy_attachment)
327 }
328
329 /// Remove the specified managed policy attached to the specified user.
330 ///
331 /// user_policy_attachment: UserPolicyAttachment to delete.
332 ///
333 pub fn delete_user_policy_attachment(
334 &mut self,
335 user_policy_attachment: UserPolicyAttachment,
336 ) -> Result<()> {
337 self.auth()?;
338 UserPolicyAttachment::delete(self, user_policy_attachment)
339 }
340
341 /// Lists all managed policies that are attached to the specified IAM user.
342 ///
343 /// user_name: The name of the user to list attached policies for. Cannot be empty.
344 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
345 ///
346 pub fn list_user_policy_attachments(
347 &mut self,
348 user_name: &str,
349 namespace: &str,
350 ) -> Result<Vec<UserPolicyAttachment>> {
351 self.auth()?;
352 UserPolicyAttachment::list(self, user_name, namespace)
353 }
354
355 /// Creates a password for the specified IAM user.
356 ///
357 /// login_profile: LoginProfile to create
358 ///
359 pub fn create_login_profile(&mut self, login_profile: LoginProfile) -> Result<LoginProfile> {
360 self.auth()?;
361 LoginProfile::create(self, login_profile)
362 }
363
364 /// Retrieves the password for the specified IAM user
365 ///
366 /// user_name: Name of the user to delete password. Cannot be empty.
367 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
368 ///
369 pub fn get_login_profile(&mut self, user_name: &str, namespace: &str) -> Result<LoginProfile> {
370 self.auth()?;
371 LoginProfile::get(self, user_name, namespace)
372 }
373
374 /// Deletes the password for the specified IAM user
375 ///
376 /// user_name: Name of the user to delete password. Cannot be empty.
377 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
378 ///
379 pub fn delete_login_profile(&mut self, user_name: &str, namespace: &str) -> Result<()> {
380 self.auth()?;
381 LoginProfile::delete(self, user_name, namespace)
382 }
383
384 /// Creates AccessKey for user.
385 ///
386 /// access_key: AccessKey to create
387 ///
388 pub fn create_access_key(&mut self, access_key: AccessKey) -> Result<AccessKey> {
389 self.auth()?;
390 AccessKey::create(self, access_key)
391 }
392
393 /// Updates AccessKey for user.
394 ///
395 /// access_key: AccessKey to update
396 ///
397 pub fn update_access_key(&mut self, access_key: AccessKey) -> Result<AccessKey> {
398 self.auth()?;
399 AccessKey::update(self, access_key.clone())?;
400 let access_keys = self.list_access_keys(&access_key.user_name, &access_key.namespace)?;
401 let access_key = access_keys
402 .iter()
403 .find(|key| key.access_key_id == access_key.access_key_id);
404 access_key
405 .map(|key| key.to_owned())
406 .ok_or(anyhow!("AccessKey not found"))
407 }
408
409 /// Deletes the access key pair associated with the specified IAM user.
410 ///
411 /// access_key_id: The ID of the access key you want to delete. Cannot be empty.
412 /// user_name: Name of the user to delete accesskeys. Cannot be empty.
413 /// namespace: Namespace of the access key(id of the account the access key belongs to). Cannot be empty.
414 ///
415 pub fn delete_access_key(
416 &mut self,
417 access_key_id: &str,
418 user_name: &str,
419 namespace: &str,
420 ) -> Result<()> {
421 self.auth()?;
422 AccessKey::delete(self, access_key_id, user_name, namespace)
423 }
424
425 /// Returns information about the access key IDs associated with the specified IAM user.
426 ///
427 /// user_name: Name of the user to list accesskeys. Cannot be empty.
428 /// namespace: Namespace of the access key(id of the account the access key belongs to). Cannot be empty.
429 ///
430 pub fn list_access_keys(&mut self, user_name: &str, namespace: &str) -> Result<Vec<AccessKey>> {
431 self.auth()?;
432 AccessKey::list(self, user_name, namespace)
433 }
434
435 /// Creates account AccessKey.
436 ///
437 /// account_access_key: Account Access Key to create
438 ///
439 pub fn create_account_access_key(
440 &mut self,
441 account_access_key: AccountAccessKey,
442 ) -> Result<AccountAccessKey> {
443 self.auth()?;
444 AccountAccessKey::create(self, account_access_key)
445 }
446
447 /// Updates account AccessKey.
448 ///
449 /// account_access_key: Account Access Key to update
450 ///
451 pub fn update_account_access_key(
452 &mut self,
453 account_access_key: AccountAccessKey,
454 ) -> Result<AccountAccessKey> {
455 self.auth()?;
456 AccountAccessKey::update(self, account_access_key.clone())?;
457 let account_access_keys = self.list_account_access_keys(&account_access_key.account_id)?;
458 let account_access_key = account_access_keys
459 .iter()
460 .find(|key| key.access_key_id == account_access_key.access_key_id);
461 account_access_key
462 .map(|key| key.to_owned())
463 .ok_or(anyhow!("AccountAccessKey not found"))
464 }
465
466 /// Deletes the access key pair associated with the specified IAM account.
467 ///
468 /// access_key_id: The ID of the access key. Cannot be empty.
469 /// account_id: The id of the account. Cannot be empty.
470 ///
471 pub fn delete_account_access_key(
472 &mut self,
473 access_key_id: &str,
474 account_id: &str,
475 ) -> Result<()> {
476 self.auth()?;
477 AccountAccessKey::delete(self, access_key_id, account_id)
478 }
479
480 /// Returns information about the access key IDs associated with the specified IAM account.
481 ///
482 /// account_id: The id of the account. Cannot be empty.
483 ///
484 pub fn list_account_access_keys(&mut self, account_id: &str) -> Result<Vec<AccountAccessKey>> {
485 self.auth()?;
486 AccountAccessKey::list(self, account_id)
487 }
488
489 /// Create a new Managed Policy.
490 ///
491 /// policy: IAM Policy to create
492 ///
493 pub fn create_policy(&mut self, policy: Policy) -> Result<Policy> {
494 self.auth()?;
495 Policy::create(self, policy)
496 }
497
498 /// Retrieve information about the specified Managed Policy.
499 ///
500 /// policy_arn: Arn of the policy to retrieve. Cannot be empty.
501 /// namespace: Namespace of the policy(id of the account the policy belongs to). Cannot be empty.
502 ///
503 pub fn get_policy(&mut self, policy_arn: &str, namespace: &str) -> Result<Policy> {
504 self.auth()?;
505 Policy::get(self, policy_arn, namespace)
506 }
507
508 /// Delete the specified Managed Policy.
509 ///
510 /// policy_arn: Arn of the policy to delete. Cannot be empty.
511 /// namespace: Namespace of the policy(id of the account the policy belongs to). Cannot be empty.
512 ///
513 pub fn delete_policy(&mut self, policy_arn: &str, namespace: &str) -> Result<()> {
514 self.auth()?;
515 Policy::delete(self, policy_arn, namespace)
516 }
517
518 /// Lists IAM Managed Policies.
519 ///
520 /// namespace: Namespace of the policies(id of the account policies belongs to). Cannot be empty.
521 ///
522 pub fn list_policies(&mut self, namespace: &str) -> Result<Vec<Policy>> {
523 self.auth()?;
524 Policy::list(self, namespace)
525 }
526
527 /// Creates a new IAM Group.
528 ///
529 /// group: IAM Group to create
530 ///
531 pub fn create_group(&mut self, group: Group) -> Result<Group> {
532 self.auth()?;
533 Group::create(self, group)
534 }
535
536 /// Returns the information about the specified IAM Group.
537 ///
538 /// group_name: The name of the group to retrieve. Cannot be empty.
539 /// namespace: Namespace of the group(id of the account the group belongs to). Cannot be empty.
540 ///
541 pub fn get_group(&mut self, group_name: &str, namespace: &str) -> Result<Group> {
542 self.auth()?;
543 Group::get(self, group_name, namespace)
544 }
545
546 /// Delete specified IAM User.
547 ///
548 /// group_name: The name of the group to delete. Cannot be empty.
549 /// namespace: Namespace of the group(id of the account the group belongs to). Cannot be empty.
550 ///
551 pub fn delete_group(&mut self, group_name: &str, namespace: &str) -> Result<()> {
552 self.auth()?;
553 Group::delete(self, group_name, namespace)
554 }
555
556 /// Lists the IAM groups.
557 ///
558 /// namespace: Namespace of groups(id of the account groups belongs to). Cannot be empty.
559 ///
560 pub fn list_groups(&mut self, namespace: &str) -> Result<Vec<Group>> {
561 self.auth()?;
562 Group::list(self, namespace)
563 }
564
565 /// Attaches the specified managed policy to the specified group.
566 ///
567 /// group_policy_attachment: GroupPolicyAttachment to create
568 ///
569 pub fn create_group_policy_attachment(
570 &mut self,
571 group_policy_attachment: GroupPolicyAttachment,
572 ) -> Result<GroupPolicyAttachment> {
573 self.auth()?;
574 GroupPolicyAttachment::create(self, group_policy_attachment)
575 }
576
577 /// Remove the specified managed policy attached to the specified group.
578 ///
579 /// group_policy_attachment: GroupPolicyAttachment to delete.
580 ///
581 pub fn delete_group_policy_attachment(
582 &mut self,
583 group_policy_attachment: GroupPolicyAttachment,
584 ) -> Result<()> {
585 self.auth()?;
586 GroupPolicyAttachment::delete(self, group_policy_attachment)
587 }
588
589 /// Lists all managed policies that are attached to the specified IAM Group.
590 ///
591 /// group_name: The name of the group to list attached policies for. Cannot be empty.
592 /// namespace: Namespace of the group(id of the account the group belongs to). Cannot be empty.
593 ///
594 pub fn list_group_policy_attachments(
595 &mut self,
596 group_name: &str,
597 namespace: &str,
598 ) -> Result<Vec<GroupPolicyAttachment>> {
599 self.auth()?;
600 GroupPolicyAttachment::list(self, group_name, namespace)
601 }
602
603 /// Creates a new IAM Role.
604 ///
605 /// role: IAM Role to create
606 ///
607 pub fn create_role(&mut self, role: Role) -> Result<Role> {
608 self.auth()?;
609 Role::create(self, role)
610 }
611
612 /// Returns the information about the specified IAM Role.
613 ///
614 /// role_name: The name of the role to retrieve. Cannot be empty.
615 /// namespace: Namespace of the role(id of the account the role belongs to). Cannot be empty.
616 ///
617 pub fn get_role(&mut self, role_name: &str, namespace: &str) -> Result<Role> {
618 self.auth()?;
619 Role::get(self, role_name, namespace)
620 }
621
622 /// Updates a new IAM Role.
623 ///
624 /// role: IAM Role to update
625 ///
626 pub fn update_role(&mut self, role: Role) -> Result<Role> {
627 self.auth()?;
628 Role::update(self, role)
629 }
630
631 /// Delete specified IAM Role.
632 ///
633 /// role_name: The name of the role to delete. Cannot be empty.
634 /// namespace: Namespace of the role(id of the account the role belongs to). Cannot be empty.
635 ///
636 pub fn delete_role(&mut self, role_name: &str, namespace: &str) -> Result<()> {
637 self.auth()?;
638 Role::delete(self, role_name, namespace)
639 }
640
641 /// Lists the IAM roles.
642 ///
643 /// namespace: Namespace of roles(id of the account roles belongs to). Cannot be empty.
644 ///
645 pub fn list_roles(&mut self, namespace: &str) -> Result<Vec<Role>> {
646 self.auth()?;
647 Role::list(self, namespace)
648 }
649
650 /// Attaches the specified managed policy to the specified role.
651 ///
652 /// role_policy_attachment: RolePolicyAttachment to create
653 ///
654 pub fn create_role_policy_attachment(
655 &mut self,
656 role_policy_attachment: RolePolicyAttachment,
657 ) -> Result<RolePolicyAttachment> {
658 self.auth()?;
659 RolePolicyAttachment::create(self, role_policy_attachment)
660 }
661
662 /// Remove the specified managed policy attached to the specified role.
663 ///
664 /// role_policy_attachment: RolePolicyAttachment to delete.
665 ///
666 pub fn delete_role_policy_attachment(
667 &mut self,
668 role_policy_attachment: RolePolicyAttachment,
669 ) -> Result<()> {
670 self.auth()?;
671 RolePolicyAttachment::delete(self, role_policy_attachment)
672 }
673
674 /// Lists all managed policies that are attached to the specified IAM Role.
675 ///
676 /// role_name: The name of the role to list attached policies for. Cannot be empty.
677 /// namespace: Namespace of the role(id of the account the role belongs to). Cannot be empty.
678 ///
679 pub fn list_role_policy_attachments(
680 &mut self,
681 role_name: &str,
682 namespace: &str,
683 ) -> Result<Vec<RolePolicyAttachment>> {
684 self.auth()?;
685 RolePolicyAttachment::list(self, role_name, namespace)
686 }
687
688 /// Lists all IAM users, groups, and roles that the specified managed policy is attached to.
689 ///
690 /// policy_arn: Arn of the policy to list entities for. Cannot be empty.
691 /// namespace: Namespace of the policy(id of the account the policy belongs to). Cannot be empty.
692 /// entity_filter: The entity type to use for filtering the results. Valid values: User, Role, Group.
693 /// usage_filter: The policy usage method to use for filtering the results. Valid values: PermissionsPolicy, PermissionsBoundary.
694 ///
695 pub fn get_entities_for_policy(
696 &mut self,
697 policy_arn: &str,
698 namespace: &str,
699 entity_filter: &str,
700 usage_filter: &str,
701 ) -> Result<EntitiesForPolicy> {
702 self.auth()?;
703 EntitiesForPolicy::get(self, policy_arn, namespace, entity_filter, usage_filter)
704 }
705
706 /// Adds the specified user to the specified group.
707 ///
708 /// user_group_membership: UserGroupMembership to create.
709 ///
710 pub fn create_user_group_membership(
711 &mut self,
712 user_group_membership: UserGroupMembership,
713 ) -> Result<UserGroupMembership> {
714 self.auth()?;
715 UserGroupMembership::create(self, user_group_membership)
716 }
717
718 /// Removes the specified user from the specified group.
719 ///
720 /// user_group_membership: GroupPolicyAttachment to delete.
721 ///
722 pub fn delete_user_group_membership(
723 &mut self,
724 user_group_membership: UserGroupMembership,
725 ) -> Result<()> {
726 self.auth()?;
727 UserGroupMembership::delete(self, user_group_membership)
728 }
729
730 /// Lists the IAM groups that the specified IAM user belongs to.
731 ///
732 /// user_name: The name of the user to list group membership for. Cannot be empty.
733 /// namespace: Namespace of the user(id of the account the user belongs to). Cannot be empty.
734 ///
735 pub fn list_user_group_memberships_by_user(
736 &mut self,
737 user_name: &str,
738 namespace: &str,
739 ) -> Result<Vec<UserGroupMembership>> {
740 self.auth()?;
741 UserGroupMembership::list_by_user(self, user_name, namespace)
742 }
743
744 /// Lists the IAM users that the specified IAM group contains.
745 ///
746 /// group_name: The name of the group to list contained users for. Cannot be empty.
747 /// namespace: Namespace of the group(id of the account the group belongs to). Cannot be empty.
748 ///
749 pub fn list_user_group_memberships_by_group(
750 &mut self,
751 group_name: &str,
752 namespace: &str,
753 ) -> Result<Vec<UserGroupMembership>> {
754 self.auth()?;
755 UserGroupMembership::list_by_group(self, group_name, namespace)
756 }
757}
758
759impl ObjectstoreClient {
760 /// Create an bucket.
761 ///
762 /// bucket: Bucket to create.
763 ///
764 pub fn create_bucket(&mut self, bucket: Bucket) -> Result<Bucket> {
765 self.management_client.auth()?;
766 let namespace = bucket.namespace.clone();
767 let tags = bucket.tags.clone();
768 let name = Bucket::create(self, bucket)?;
769 if !tags.is_empty() {
770 Bucket::tag(self, &name, &namespace, tags)?;
771 }
772 Bucket::get(self, &name, &namespace)
773 }
774
775 /// Gets bucket information for the specified bucket.
776 ///
777 /// name: Bucket name for which information will be retrieved. Cannot be empty.
778 /// namespace: Namespace associated. Cannot be empty.
779 ///
780 pub fn get_bucket(&mut self, name: &str, namespace: &str) -> Result<Bucket> {
781 self.management_client.auth()?;
782 Bucket::get(self, name, namespace)
783 }
784
785 /// Deletes the specified bucket.
786 ///
787 /// name: Bucket name to be deleted. Cannot be empty.
788 /// namespace: Namespace associated. Cannot be empty.
789 /// emptyBucket: If true, the contents of the bucket will be emptied as part of the delete, otherwise it will fail if the bucket is not empty.
790 ///
791 pub fn delete_bucket(&mut self, name: &str, namespace: &str, empty_bucket: bool) -> Result<()> {
792 self.management_client.auth()?;
793 Bucket::delete(self, name, namespace, empty_bucket)
794 }
795
796 /// Update an bucket.
797 ///
798 /// bucket: Bucket to update.
799 ///
800 pub fn update_bucket(&mut self, bucket: Bucket) -> Result<Bucket> {
801 self.management_client.auth()?;
802 let name = bucket.name.clone();
803 let namespace = bucket.namespace.clone();
804 Bucket::update(self, bucket)?;
805 Bucket::get(self, &name, &namespace)
806 }
807
808 /// Gets the list of buckets for the specified namespace.
809 ///
810 /// namespace: Namespace for which buckets should be listed. Cannot be empty.
811 /// name_prefix: Case sensitive prefix of the Bucket name with a wild card(*). Can be empty or any_prefix_string*.
812 ///
813 pub fn list_buckets(&mut self, namespace: &str, name_prefix: &str) -> Result<Vec<Bucket>> {
814 self.management_client.auth()?;
815 Bucket::list(self, namespace, name_prefix)
816 }
817
818 /// Creates the tenant which will associate an IAM Account within an objectstore.
819 ///
820 /// tenant: Tenant to create
821 ///
822 pub fn create_tenant(&mut self, tenant: Tenant) -> Result<Tenant> {
823 self.management_client.auth()?;
824 Tenant::create(self, tenant)
825 }
826
827 /// Get the tenant.
828 ///
829 /// name: The associated account id. Cannot be empty.
830 ///
831 pub fn get_tenant(&mut self, name: &str) -> Result<Tenant> {
832 self.management_client.auth()?;
833 Tenant::get(self, name)
834 }
835
836 /// Updates Tenant details like default_bucket_size and alias.
837 ///
838 /// tenant: Tenant to update
839 ///
840 pub fn update_tenant(&mut self, tenant: Tenant) -> Result<Tenant> {
841 self.management_client.auth()?;
842 let tenant_id = tenant.id.clone();
843 Tenant::update(self, tenant)?;
844 Tenant::get(self, &tenant_id)
845 }
846
847 /// Delete the tenant from an object store. Tenant must not own any buckets.
848 ///
849 /// name: The associated account id. Cannot be empty.
850 ///
851 pub fn delete_tenant(&mut self, name: &str) -> Result<()> {
852 self.management_client.auth()?;
853 Tenant::delete(self, name)
854 }
855
856 /// Get the list of tenants.
857 ///
858 /// name_prefix: Case sensitive prefix of the tenant name with a wild card(*). Can be empty or any_prefix_string*.
859 ///
860 pub fn list_tenants(&mut self, name_prefix: &str) -> Result<Vec<Tenant>> {
861 self.management_client.auth()?;
862 Tenant::list(self, name_prefix)
863 }
864}