Skip to main content

rc_core/admin/
mod.rs

1//! Admin API module
2//!
3//! This module provides the AdminApi trait and types for managing
4//! IAM users, policies, groups, service accounts, and cluster operations.
5
6mod cluster;
7mod site;
8pub mod tier;
9mod types;
10
11pub use cluster::{
12    BackendInfo, BackendType, BucketsInfo, ClusterInfo, DecommissionPoolStatus, DecommissionStatus,
13    DiskInfo, HealDriveInfo, HealDriveInfos, HealResultItem, HealRuntimeState, HealScanMode,
14    HealStartRequest, HealStatus, HealTaskRequest, HealingDiskInfo, MemStats, ObjectsInfo,
15    PoolDecommissionInfo, PoolErasureSetInfo, PoolStatus, PoolTarget, RebalanceCleanupWarnings,
16    RebalancePoolProgress, RebalancePoolStatus, RebalanceStartResult, RebalanceStatus, ServerInfo,
17    UsageInfo,
18};
19pub use site::{PeerSiteSpec, ServiceActionResult, SiteRemoveSpec, SiteStatusOptions};
20pub use tier::{
21    TierAliyun, TierAzure, TierConfig, TierCreds, TierGCS, TierHuaweicloud, TierMinIO, TierR2,
22    TierRustFS, TierS3, TierTencent, TierType,
23};
24pub use types::{
25    AccessKeyDetails, AccessKeyInfo, BucketQuota, CreateServiceAccountRequest, Group, GroupStatus,
26    LdapAccessKeyInfo, OpenIdAccessKeyInfo, Policy, PolicyEntity, PolicyInfo, ServiceAccount,
27    ServiceAccountCreateResponse, ServiceAccountCredentials, SetPolicyRequest,
28    UpdateGroupMembersRequest, User, UserStatus,
29};
30
31use async_trait::async_trait;
32
33use crate::error::Result;
34
35/// Admin API trait for IAM and cluster management operations
36///
37/// This trait defines the interface for managing users, policies, groups,
38/// service accounts, and cluster operations on S3-compatible storage systems
39/// that support the RustFS Admin API.
40#[async_trait]
41pub trait AdminApi: Send + Sync {
42    // ==================== Cluster Operations ====================
43
44    /// Get cluster information including servers, disks, and usage
45    async fn cluster_info(&self) -> Result<ClusterInfo>;
46
47    /// Get current heal status
48    async fn heal_status(&self) -> Result<HealStatus>;
49
50    /// Start a heal operation
51    async fn heal_start(&self, request: HealStartRequest) -> Result<HealStatus>;
52
53    /// Get status for a token-scoped heal task
54    async fn heal_task_status(&self, request: HealTaskRequest) -> Result<HealStatus>;
55
56    /// Stop a running heal operation
57    async fn heal_stop(&self) -> Result<()>;
58
59    /// Stop a token-scoped heal task
60    async fn heal_task_stop(&self, request: HealTaskRequest) -> Result<HealStatus>;
61
62    /// List storage pools
63    async fn list_pools(&self) -> Result<Vec<PoolStatus>>;
64
65    /// Get storage pool status
66    async fn pool_status(&self, target: PoolTarget) -> Result<PoolStatus>;
67
68    /// Start decommissioning one or more storage pools
69    async fn decommission_start(&self, target: PoolTarget) -> Result<()>;
70
71    /// Cancel decommissioning a storage pool
72    async fn decommission_cancel(&self, target: PoolTarget) -> Result<()>;
73
74    /// Clear failed or canceled decommissioning metadata for a storage pool
75    async fn decommission_clear(&self, target: PoolTarget) -> Result<()>;
76
77    /// Get decommissioning status
78    async fn decommission_status(&self, target: Option<PoolTarget>) -> Result<DecommissionStatus>;
79
80    /// Start a rebalance operation
81    async fn rebalance_start(&self) -> Result<RebalanceStartResult>;
82
83    /// Get rebalance status
84    async fn rebalance_status(&self) -> Result<RebalanceStatus>;
85
86    /// Stop a running rebalance operation
87    async fn rebalance_stop(&self) -> Result<()>;
88
89    // ==================== User Operations ====================
90
91    /// List all users
92    async fn list_users(&self) -> Result<Vec<User>>;
93
94    /// Get user information
95    async fn get_user(&self, access_key: &str) -> Result<User>;
96
97    /// Create a new user
98    async fn create_user(&self, access_key: &str, secret_key: &str) -> Result<User>;
99
100    /// Delete a user
101    async fn delete_user(&self, access_key: &str) -> Result<()>;
102
103    /// Set user status (enable/disable)
104    async fn set_user_status(&self, access_key: &str, status: UserStatus) -> Result<()>;
105
106    // ==================== Policy Operations ====================
107
108    /// List all policies
109    async fn list_policies(&self) -> Result<Vec<PolicyInfo>>;
110
111    /// Get policy information
112    async fn get_policy(&self, name: &str) -> Result<Policy>;
113
114    /// Create a new policy
115    async fn create_policy(&self, name: &str, policy_document: &str) -> Result<()>;
116
117    /// Delete a policy
118    async fn delete_policy(&self, name: &str) -> Result<()>;
119
120    /// Attach policy to a user or group
121    async fn attach_policy(
122        &self,
123        policy_names: &[String],
124        entity_type: PolicyEntity,
125        entity_name: &str,
126    ) -> Result<()>;
127
128    /// Detach policy from a user or group
129    async fn detach_policy(
130        &self,
131        policy_names: &[String],
132        entity_type: PolicyEntity,
133        entity_name: &str,
134    ) -> Result<()>;
135
136    // ==================== Group Operations ====================
137
138    /// List all groups
139    async fn list_groups(&self) -> Result<Vec<String>>;
140
141    /// Get group information
142    async fn get_group(&self, name: &str) -> Result<Group>;
143
144    /// Create a new group
145    async fn create_group(&self, name: &str, members: Option<&[String]>) -> Result<Group>;
146
147    /// Delete a group
148    async fn delete_group(&self, name: &str) -> Result<()>;
149
150    /// Set group status (enable/disable)
151    async fn set_group_status(&self, name: &str, status: GroupStatus) -> Result<()>;
152
153    /// Add members to a group
154    async fn add_group_members(&self, group: &str, members: &[String]) -> Result<()>;
155
156    /// Remove members from a group
157    async fn remove_group_members(&self, group: &str, members: &[String]) -> Result<()>;
158
159    // ==================== Service Account Operations ====================
160
161    /// List service accounts for a user
162    async fn list_service_accounts(&self, user: Option<&str>) -> Result<Vec<ServiceAccount>>;
163
164    /// Get service account information
165    async fn get_service_account(&self, access_key: &str) -> Result<ServiceAccount>;
166
167    /// Create a new service account
168    async fn create_service_account(
169        &self,
170        request: CreateServiceAccountRequest,
171    ) -> Result<ServiceAccount>;
172
173    /// Delete a service account
174    async fn delete_service_account(&self, access_key: &str) -> Result<()>;
175
176    /// Get information for any access key type.
177    async fn get_access_key_info(&self, access_key: &str) -> Result<AccessKeyInfo>;
178
179    // ==================== Bucket Quota Operations ====================
180
181    /// Set bucket quota in bytes
182    async fn set_bucket_quota(&self, bucket: &str, quota: u64) -> Result<BucketQuota>;
183
184    /// Get bucket quota information
185    async fn get_bucket_quota(&self, bucket: &str) -> Result<BucketQuota>;
186
187    /// Clear bucket quota
188    async fn clear_bucket_quota(&self, bucket: &str) -> Result<BucketQuota>;
189
190    // ==================== Tier Operations ====================
191
192    /// List all configured storage tiers
193    async fn list_tiers(&self) -> Result<Vec<TierConfig>>;
194
195    /// Get tier statistics
196    async fn tier_stats(&self) -> Result<serde_json::Value>;
197
198    /// Add a new storage tier
199    async fn add_tier(&self, config: TierConfig) -> Result<()>;
200
201    /// Edit tier credentials
202    async fn edit_tier(&self, name: &str, creds: TierCreds) -> Result<()>;
203
204    /// Remove a storage tier
205    async fn remove_tier(&self, name: &str, force: bool) -> Result<()>;
206
207    // ==================== Replication Target Operations ====================
208
209    /// Set a remote replication target for a bucket, returns the ARN
210    async fn set_remote_target(
211        &self,
212        bucket: &str,
213        target: crate::replication::BucketTarget,
214        update: bool,
215    ) -> Result<String>;
216
217    /// List remote replication targets for a bucket
218    async fn list_remote_targets(
219        &self,
220        bucket: &str,
221    ) -> Result<Vec<crate::replication::BucketTarget>>;
222
223    /// Remove a remote replication target
224    async fn remove_remote_target(&self, bucket: &str, arn: &str) -> Result<()>;
225
226    /// Get replication metrics for a bucket
227    async fn replication_metrics(&self, bucket: &str) -> Result<serde_json::Value>;
228
229    // ==================== Service Control Operations ====================
230
231    /// Request a service action (restart, stop, freeze, unfreeze)
232    async fn service_action(&self, action: &str) -> Result<ServiceActionResult>;
233
234    // ==================== Site Replication Operations ====================
235
236    /// Get current site replication configuration
237    async fn site_replication_info(&self) -> Result<serde_json::Value>;
238
239    /// Add peer sites to the site replication cluster
240    async fn site_replication_add(&self, sites: &[PeerSiteSpec]) -> Result<serde_json::Value>;
241
242    /// Get site replication status
243    async fn site_replication_status(
244        &self,
245        options: &SiteStatusOptions,
246    ) -> Result<serde_json::Value>;
247
248    /// Remove sites from the site replication cluster
249    async fn site_replication_remove(&self, spec: &SiteRemoveSpec) -> Result<serde_json::Value>;
250}
251
252#[cfg(test)]
253mod tests {
254    use super::*;
255
256    // Test that types are re-exported correctly
257    #[test]
258    fn test_user_status_reexport() {
259        assert_eq!(UserStatus::Enabled.to_string(), "enabled");
260        assert_eq!(UserStatus::Disabled.to_string(), "disabled");
261    }
262
263    #[test]
264    fn test_group_status_reexport() {
265        assert_eq!(GroupStatus::Enabled.to_string(), "enabled");
266        assert_eq!(GroupStatus::Disabled.to_string(), "disabled");
267    }
268
269    #[test]
270    fn test_policy_entity_reexport() {
271        assert_eq!(PolicyEntity::User.to_string(), "user");
272        assert_eq!(PolicyEntity::Group.to_string(), "group");
273    }
274
275    #[test]
276    fn test_user_new() {
277        let user = User::new("testuser");
278        assert_eq!(user.access_key, "testuser");
279        assert_eq!(user.status, UserStatus::Enabled);
280    }
281
282    #[test]
283    fn test_group_new() {
284        let group = Group::new("developers");
285        assert_eq!(group.name, "developers");
286        assert_eq!(group.status, GroupStatus::Enabled);
287    }
288
289    #[test]
290    fn test_policy_new() {
291        let policy = Policy::new("readonly", r#"{"Version":"2012-10-17","Statement":[]}"#);
292        assert_eq!(policy.name, "readonly");
293        assert!(policy.parse_document().is_ok());
294    }
295
296    #[test]
297    fn test_service_account_new() {
298        let sa = ServiceAccount::new("AKIAIOSFODNN7EXAMPLE");
299        assert_eq!(sa.access_key, "AKIAIOSFODNN7EXAMPLE");
300        assert!(sa.secret_key.is_none());
301    }
302}