@@ -10523,7 +10523,10 @@ function Global:Get-SgwGroups {
1052310523 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1052410524 }
1052510525
10526- Write-Output $Response.Json.data
10526+ $Groups = $Response.Json.data
10527+ $Groups | Foreach-Object { $_.policies = $_.policies | ConvertTo-Json -Depth 10 }
10528+
10529+ Write-Output $Groups
1052710530 }
1052810531}
1052910532
@@ -10751,17 +10754,19 @@ function Global:New-SgwGroup {
1075110754 $Body.policies.management.rootAccess = $RootAccess.IsPresent
1075210755 }
1075310756 if ($Account.Capabilities -match "s3") {
10754- if (!$IamPolicy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
10757+ # make sure that S3 Policy does not include a Principal
10758+ $S3Policy = $S3Policy -replace '\s*"Principal":\s*"[^"]*"\s*,?','' -replace ',}','}'
10759+ if (!$S3Policy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
1075510760 Write-Warning "S3 capability specified, but no S3 Group Policy provided. Users of this group will not be able to execute any S3 commands on buckets or objects."
1075610761 }
1075710762 elseif ($S3FullAccess.IsPresent) {
1075810763 $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:*"}]}'
1075910764 }
1076010765 elseif ($S3ReadOnlyAccess.IsPresent) {
10761- $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:ListBucket s3:ListBucketVersions s3:ListAllMyBuckets s3:ListBucketMultipartUploads s3:ListMultipartUploadParts s3:GetAccelerateConfiguration s3:GetAnalyticsConfiguration s3:GetBucketAcl s3: GetBucketCORS s3:GetBucketLocation s3:GetBucketLogging s3: GetBucketNotification s3:GetBucketPolicy s3:GetBucketRequestPayment s3:GetBucketTagging s3: GetBucketVersioning s3:GetBucketWebsite s3:GetInventoryConfiguration s3:GetIpConfiguration s3:GetLifecycleConfiguration s3:GetMetricsConfiguration s3: GetObject s3:GetObjectAcl s3: GetObjectTagging s3:GetObjectTorrent s3: GetObjectVersion s3:GetObjectVersionAcl s3:GetObjectVersionForReplication s3: GetObjectVersionTagging s3:GetObjectVersionTorrent s3: GetReplicationConfiguration"}]}'
10766+ $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":[ "s3:ListBucket"," s3:ListBucketVersions"," s3:ListAllMyBuckets"," s3:ListBucketMultipartUploads"," s3:ListMultipartUploadParts"," s3:GetBucketCORS"," s3:GetBucketLocation"," s3:GetBucketNotification"," s3:GetBucketPolicy"," s3:GetBucketVersioning"," s3:GetObject"," s3:GetObjectTagging"," s3:GetObjectVersion"," s3:GetObjectVersionTagging"," s3:GetReplicationConfiguration"] }]}'
1076210767 }
1076310768 else {
10764- $Body.policies.s3 = $IamPolicy
10769+ $Body.policies.s3 = $S3Policy
1076510770 }
1076610771 }
1076710772
@@ -10785,7 +10790,10 @@ function Global:New-SgwGroup {
1078510790 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1078610791 }
1078710792
10788- Write-Output $Response.Json.data
10793+ $Group = $Response.Json.data
10794+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
10795+
10796+ Write-Output $Group
1078910797 }
1079010798}
1079110799
@@ -10856,7 +10864,10 @@ function Global:Get-SgwGroupByShortName {
1085610864 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1085710865 }
1085810866
10859- Write-Output $Response.Json.data
10867+ $Group = $Response.Json.data
10868+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
10869+
10870+ Write-Output $Group
1086010871 }
1086110872}
1086210873
@@ -10927,10 +10938,14 @@ function Global:Get-SgwFederatedGroupByShortName {
1092710938 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1092810939 }
1092910940
10930- Write-Output $Response.Json.data
10941+ $Group = $Response.Json.data
10942+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
10943+
10944+ Write-Output $Group
1093110945 }
1093210946}
1093310947
10948+ New-Alias -Name Delete-SgwGroup -Value Remove-SgwGroup
1093410949<#
1093510950 .SYNOPSIS
1093610951 Deletes a single Group
@@ -10943,7 +10958,7 @@ function Global:Get-SgwFederatedGroupByShortName {
1094310958 .PARAMETER Id
1094410959 ID of a StorageGRID Webscale Group to delete.
1094510960#>
10946- function Global:Delete -SgwGroup {
10961+ function Global:Remove -SgwGroup {
1094710962 [CmdletBinding()]
1094810963
1094910964 PARAM (
@@ -11073,7 +11088,10 @@ function Global:Get-SgwGroup {
1107311088 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1107411089 }
1107511090
11076- Write-Output $Response.Json.data
11091+ $Group = $Response.Json.data
11092+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
11093+
11094+ Write-Output $Group
1107711095 }
1107811096}
1107911097
@@ -11140,6 +11158,7 @@ function Global:Update-SgwGroup {
1114011158 [parameter(
1114111159 Mandatory = $False,
1114211160 Position = 3,
11161+ ValueFromPipelineByPropertyName = $true,
1114311162 HelpMessage = "The human-readable name for the Group (required for local Groups and imported automatically for federated Groups).")][String]$DisplayName,
1114411163 [parameter(
1114511164 Mandatory = $False,
@@ -11196,6 +11215,7 @@ function Global:Update-SgwGroup {
1119611215 [parameter(
1119711216 Mandatory = $False,
1119811217 Position = 17,
11218+ ValueFromPipelineByPropertyName = $true,
1119911219 HelpMessage = "S3 Group Policy.")][PSCustomObject]$S3Policy,
1120011220 [parameter(
1120111221 Mandatory = $False,
@@ -11284,17 +11304,19 @@ function Global:Update-SgwGroup {
1128411304 $Body.policies.management.rootAccess = $RootAccess.IsPresent
1128511305 }
1128611306 if ($Account.Capabilities -match "s3") {
11287- if (!$IamPolicy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
11307+ # make sure that S3 Policy does not include a Principal
11308+ $S3Policy = $S3Policy -replace '\s*"Principal":\s*"[^"]*"\s*,?','' -replace ',}','}'
11309+ if (!$S3Policy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
1128811310 Write-Warning "S3 capability specified, but no S3 Group Policy provided. Users of this group will not be able to execute any S3 commands on buckets or objects."
1128911311 }
1129011312 elseif ($S3FullAccess.IsPresent) {
1129111313 $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:*"}]}'
1129211314 }
1129311315 elseif ($S3ReadOnlyAccess.IsPresent) {
11294- $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:ListBucket s3:ListBucketVersions s3:ListAllMyBuckets s3:ListBucketMultipartUploads s3:ListMultipartUploadParts s3:GetAccelerateConfiguration s3:GetAnalyticsConfiguration s3:GetBucketAcl s3: GetBucketCORS s3:GetBucketLocation s3:GetBucketLogging s3: GetBucketNotification s3:GetBucketPolicy s3:GetBucketRequestPayment s3:GetBucketTagging s3: GetBucketVersioning s3:GetBucketWebsite s3:GetInventoryConfiguration s3:GetIpConfiguration s3:GetLifecycleConfiguration s3:GetMetricsConfiguration s3: GetObject s3:GetObjectAcl s3: GetObjectTagging s3:GetObjectTorrent s3: GetObjectVersion s3:GetObjectVersionAcl s3:GetObjectVersionForReplication s3: GetObjectVersionTagging s3:GetObjectVersionTorrent s3: GetReplicationConfiguration"}]}'
11316+ $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":[ "s3:ListBucket"," s3:ListBucketVersions"," s3:ListAllMyBuckets"," s3:ListBucketMultipartUploads"," s3:ListMultipartUploadParts"," s3:GetBucketCORS"," s3:GetBucketLocation"," s3:GetBucketNotification"," s3:GetBucketPolicy"," s3:GetBucketVersioning"," s3:GetObject"," s3:GetObjectTagging"," s3:GetObjectVersion"," s3:GetObjectVersionTagging"," s3:GetReplicationConfiguration"] }]}'
1129511317 }
1129611318 else {
11297- $Body.policies.s3 = $IamPolicy
11319+ $Body.policies.s3 = $S3Policy
1129811320 }
1129911321 }
1130011322
@@ -11318,7 +11340,10 @@ function Global:Update-SgwGroup {
1131811340 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1131911341 }
1132011342
11321- Write-Output $Response.Json.data
11343+ $Group = $Response.Json.data
11344+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
11345+
11346+ Write-Output $Group
1132211347 }
1132311348}
1132411349
@@ -11393,6 +11418,7 @@ function Global:Replace-SgwGroup {
1139311418 [parameter(
1139411419 Mandatory = $False,
1139511420 Position = 3,
11421+ ValueFromPipelineByPropertyName = $true,
1139611422 HelpMessage = "The human-readable name for the Group (required for local Groups and imported automatically for federated Groups).")][String]$DisplayName,
1139711423 [parameter(
1139811424 Mandatory = $False,
@@ -11457,6 +11483,7 @@ function Global:Replace-SgwGroup {
1145711483 [parameter(
1145811484 Mandatory = $False,
1145911485 Position = 19,
11486+ ValueFromPipelineByPropertyName = $true,
1146011487 HelpMessage = "S3 Group Policy.")][PSCustomObject]$S3Policy,
1146111488 [parameter(
1146211489 Mandatory = $False,
@@ -11557,17 +11584,19 @@ function Global:Replace-SgwGroup {
1155711584 $Body.policies.management.rootAccess = $RootAccess.IsPresent
1155811585 }
1155911586 if ($Account.Capabilities -match "s3") {
11560- if (!$IamPolicy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
11587+ # make sure that S3 Policy does not include a Principal
11588+ $S3Policy = $S3Policy -replace '\s*"Principal":\s*"[^"]*"\s*,?','' -replace ',}','}'
11589+ if (!$S3Policy -and !($S3FullAccess.IsPresent -or $S3ReadOnlyAccess)) {
1156111590 Write-Warning "S3 capability specified, but no S3 Group Policy provided. Users of this group will not be able to execute any S3 commands on buckets or objects."
1156211591 }
1156311592 elseif ($S3FullAccess.IsPresent) {
1156411593 $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:*"}]}'
1156511594 }
1156611595 elseif ($S3ReadOnlyAccess.IsPresent) {
11567- $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":"s3:ListBucket s3:ListBucketVersions s3:ListAllMyBuckets s3:ListBucketMultipartUploads s3:ListMultipartUploadParts s3:GetAccelerateConfiguration s3:GetAnalyticsConfiguration s3:GetBucketAcl s3: GetBucketCORS s3:GetBucketLocation s3:GetBucketLogging s3: GetBucketNotification s3:GetBucketPolicy s3:GetBucketRequestPayment s3:GetBucketTagging s3: GetBucketVersioning s3:GetBucketWebsite s3:GetInventoryConfiguration s3:GetIpConfiguration s3:GetLifecycleConfiguration s3:GetMetricsConfiguration s3: GetObject s3:GetObjectAcl s3: GetObjectTagging s3:GetObjectTorrent s3: GetObjectVersion s3:GetObjectVersionAcl s3:GetObjectVersionForReplication s3: GetObjectVersionTagging s3:GetObjectVersionTorrent s3: GetReplicationConfiguration"}]}'
11596+ $Body.policies.s3 = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Resource":"urn:sgws:s3:::*","Action":[ "s3:ListBucket"," s3:ListBucketVersions"," s3:ListAllMyBuckets"," s3:ListBucketMultipartUploads"," s3:ListMultipartUploadParts"," s3:GetBucketCORS"," s3:GetBucketLocation"," s3:GetBucketNotification"," s3:GetBucketPolicy"," s3:GetBucketVersioning"," s3:GetObject"," s3:GetObjectTagging"," s3:GetObjectVersion"," s3:GetObjectVersionTagging"," s3:GetReplicationConfiguration"] }]}'
1156811597 }
1156911598 else {
11570- $Body.policies.s3 = $IamPolicy
11599+ $Body.policies.s3 = $S3Policy
1157111600 }
1157211601 }
1157311602
@@ -11591,7 +11620,10 @@ function Global:Replace-SgwGroup {
1159111620 Throw "$Method to $Uri failed with Exception $( $_.Exception.Message ) `n $responseBody"
1159211621 }
1159311622
11594- Write-Output $Response.Json.data
11623+ $Group = $Response.Json.data
11624+ $Group.policies = $Group.policies | ConvertTo-Json -Depth 10
11625+
11626+ Write-Output $Group
1159511627 }
1159611628}
1159711629
0 commit comments