Skip to main content

rc_core/admin/
mod.rs

1//! Admin API module
2//!
3//! This module provides the AdminApi trait and types for managing
4//! IAM users, policies, groups, service accounts, and cluster operations.
5
6mod cluster;
7pub mod tier;
8mod types;
9
10pub use cluster::{
11    BackendInfo, BackendType, BucketsInfo, ClusterInfo, DecommissionPoolStatus, DecommissionStatus,
12    DiskInfo, HealDriveInfo, HealDriveInfos, HealResultItem, HealScanMode, HealStartRequest,
13    HealStatus, HealingDiskInfo, MemStats, ObjectsInfo, PoolDecommissionInfo, PoolErasureSetInfo,
14    PoolStatus, PoolTarget, RebalanceCleanupWarnings, RebalancePoolProgress, RebalancePoolStatus,
15    RebalanceStartResult, RebalanceStatus, ServerInfo, UsageInfo,
16};
17pub use tier::{
18    TierAliyun, TierAzure, TierConfig, TierCreds, TierGCS, TierHuaweicloud, TierMinIO, TierR2,
19    TierRustFS, TierS3, TierTencent, TierType,
20};
21pub use types::{
22    AccessKeyDetails, AccessKeyInfo, BucketQuota, CreateServiceAccountRequest, Group, GroupStatus,
23    LdapAccessKeyInfo, OpenIdAccessKeyInfo, Policy, PolicyEntity, PolicyInfo, ServiceAccount,
24    ServiceAccountCreateResponse, ServiceAccountCredentials, SetPolicyRequest,
25    UpdateGroupMembersRequest, User, UserStatus,
26};
27
28use async_trait::async_trait;
29
30use crate::error::Result;
31
32/// Admin API trait for IAM and cluster management operations
33///
34/// This trait defines the interface for managing users, policies, groups,
35/// service accounts, and cluster operations on S3-compatible storage systems
36/// that support the RustFS/MinIO Admin API.
37#[async_trait]
38pub trait AdminApi: Send + Sync {
39    // ==================== Cluster Operations ====================
40
41    /// Get cluster information including servers, disks, and usage
42    async fn cluster_info(&self) -> Result<ClusterInfo>;
43
44    /// Get current heal status
45    async fn heal_status(&self) -> Result<HealStatus>;
46
47    /// Start a heal operation
48    async fn heal_start(&self, request: HealStartRequest) -> Result<HealStatus>;
49
50    /// Stop a running heal operation
51    async fn heal_stop(&self) -> Result<()>;
52
53    /// List storage pools
54    async fn list_pools(&self) -> Result<Vec<PoolStatus>>;
55
56    /// Get storage pool status
57    async fn pool_status(&self, target: PoolTarget) -> Result<PoolStatus>;
58
59    /// Start decommissioning one or more storage pools
60    async fn decommission_start(&self, target: PoolTarget) -> Result<()>;
61
62    /// Cancel decommissioning a storage pool
63    async fn decommission_cancel(&self, target: PoolTarget) -> Result<()>;
64
65    /// Clear failed or canceled decommissioning metadata for a storage pool
66    async fn decommission_clear(&self, target: PoolTarget) -> Result<()>;
67
68    /// Get decommissioning status
69    async fn decommission_status(&self, target: Option<PoolTarget>) -> Result<DecommissionStatus>;
70
71    /// Start a rebalance operation
72    async fn rebalance_start(&self) -> Result<RebalanceStartResult>;
73
74    /// Get rebalance status
75    async fn rebalance_status(&self) -> Result<RebalanceStatus>;
76
77    /// Stop a running rebalance operation
78    async fn rebalance_stop(&self) -> Result<()>;
79
80    // ==================== User Operations ====================
81
82    /// List all users
83    async fn list_users(&self) -> Result<Vec<User>>;
84
85    /// Get user information
86    async fn get_user(&self, access_key: &str) -> Result<User>;
87
88    /// Create a new user
89    async fn create_user(&self, access_key: &str, secret_key: &str) -> Result<User>;
90
91    /// Delete a user
92    async fn delete_user(&self, access_key: &str) -> Result<()>;
93
94    /// Set user status (enable/disable)
95    async fn set_user_status(&self, access_key: &str, status: UserStatus) -> Result<()>;
96
97    // ==================== Policy Operations ====================
98
99    /// List all policies
100    async fn list_policies(&self) -> Result<Vec<PolicyInfo>>;
101
102    /// Get policy information
103    async fn get_policy(&self, name: &str) -> Result<Policy>;
104
105    /// Create a new policy
106    async fn create_policy(&self, name: &str, policy_document: &str) -> Result<()>;
107
108    /// Delete a policy
109    async fn delete_policy(&self, name: &str) -> Result<()>;
110
111    /// Attach policy to a user or group
112    async fn attach_policy(
113        &self,
114        policy_names: &[String],
115        entity_type: PolicyEntity,
116        entity_name: &str,
117    ) -> Result<()>;
118
119    /// Detach policy from a user or group
120    async fn detach_policy(
121        &self,
122        policy_names: &[String],
123        entity_type: PolicyEntity,
124        entity_name: &str,
125    ) -> Result<()>;
126
127    // ==================== Group Operations ====================
128
129    /// List all groups
130    async fn list_groups(&self) -> Result<Vec<String>>;
131
132    /// Get group information
133    async fn get_group(&self, name: &str) -> Result<Group>;
134
135    /// Create a new group
136    async fn create_group(&self, name: &str, members: Option<&[String]>) -> Result<Group>;
137
138    /// Delete a group
139    async fn delete_group(&self, name: &str) -> Result<()>;
140
141    /// Set group status (enable/disable)
142    async fn set_group_status(&self, name: &str, status: GroupStatus) -> Result<()>;
143
144    /// Add members to a group
145    async fn add_group_members(&self, group: &str, members: &[String]) -> Result<()>;
146
147    /// Remove members from a group
148    async fn remove_group_members(&self, group: &str, members: &[String]) -> Result<()>;
149
150    // ==================== Service Account Operations ====================
151
152    /// List service accounts for a user
153    async fn list_service_accounts(&self, user: Option<&str>) -> Result<Vec<ServiceAccount>>;
154
155    /// Get service account information
156    async fn get_service_account(&self, access_key: &str) -> Result<ServiceAccount>;
157
158    /// Create a new service account
159    async fn create_service_account(
160        &self,
161        request: CreateServiceAccountRequest,
162    ) -> Result<ServiceAccount>;
163
164    /// Delete a service account
165    async fn delete_service_account(&self, access_key: &str) -> Result<()>;
166
167    /// Get information for any access key type.
168    async fn get_access_key_info(&self, access_key: &str) -> Result<AccessKeyInfo>;
169
170    // ==================== Bucket Quota Operations ====================
171
172    /// Set bucket quota in bytes
173    async fn set_bucket_quota(&self, bucket: &str, quota: u64) -> Result<BucketQuota>;
174
175    /// Get bucket quota information
176    async fn get_bucket_quota(&self, bucket: &str) -> Result<BucketQuota>;
177
178    /// Clear bucket quota
179    async fn clear_bucket_quota(&self, bucket: &str) -> Result<BucketQuota>;
180
181    // ==================== Tier Operations ====================
182
183    /// List all configured storage tiers
184    async fn list_tiers(&self) -> Result<Vec<TierConfig>>;
185
186    /// Get tier statistics
187    async fn tier_stats(&self) -> Result<serde_json::Value>;
188
189    /// Add a new storage tier
190    async fn add_tier(&self, config: TierConfig) -> Result<()>;
191
192    /// Edit tier credentials
193    async fn edit_tier(&self, name: &str, creds: TierCreds) -> Result<()>;
194
195    /// Remove a storage tier
196    async fn remove_tier(&self, name: &str, force: bool) -> Result<()>;
197
198    // ==================== Replication Target Operations ====================
199
200    /// Set a remote replication target for a bucket, returns the ARN
201    async fn set_remote_target(
202        &self,
203        bucket: &str,
204        target: crate::replication::BucketTarget,
205        update: bool,
206    ) -> Result<String>;
207
208    /// List remote replication targets for a bucket
209    async fn list_remote_targets(
210        &self,
211        bucket: &str,
212    ) -> Result<Vec<crate::replication::BucketTarget>>;
213
214    /// Remove a remote replication target
215    async fn remove_remote_target(&self, bucket: &str, arn: &str) -> Result<()>;
216
217    /// Get replication metrics for a bucket
218    async fn replication_metrics(&self, bucket: &str) -> Result<serde_json::Value>;
219}
220
221#[cfg(test)]
222mod tests {
223    use super::*;
224
225    // Test that types are re-exported correctly
226    #[test]
227    fn test_user_status_reexport() {
228        assert_eq!(UserStatus::Enabled.to_string(), "enabled");
229        assert_eq!(UserStatus::Disabled.to_string(), "disabled");
230    }
231
232    #[test]
233    fn test_group_status_reexport() {
234        assert_eq!(GroupStatus::Enabled.to_string(), "enabled");
235        assert_eq!(GroupStatus::Disabled.to_string(), "disabled");
236    }
237
238    #[test]
239    fn test_policy_entity_reexport() {
240        assert_eq!(PolicyEntity::User.to_string(), "user");
241        assert_eq!(PolicyEntity::Group.to_string(), "group");
242    }
243
244    #[test]
245    fn test_user_new() {
246        let user = User::new("testuser");
247        assert_eq!(user.access_key, "testuser");
248        assert_eq!(user.status, UserStatus::Enabled);
249    }
250
251    #[test]
252    fn test_group_new() {
253        let group = Group::new("developers");
254        assert_eq!(group.name, "developers");
255        assert_eq!(group.status, GroupStatus::Enabled);
256    }
257
258    #[test]
259    fn test_policy_new() {
260        let policy = Policy::new("readonly", r#"{"Version":"2012-10-17","Statement":[]}"#);
261        assert_eq!(policy.name, "readonly");
262        assert!(policy.parse_document().is_ok());
263    }
264
265    #[test]
266    fn test_service_account_new() {
267        let sa = ServiceAccount::new("AKIAIOSFODNN7EXAMPLE");
268        assert_eq!(sa.access_key, "AKIAIOSFODNN7EXAMPLE");
269        assert!(sa.secret_key.is_none());
270    }
271}