minio · dvaldivia · Feb 11, 2022 · Feb 8, 2022 · Feb 11, 2022
diff --git a/integration/service_account_test.go b/integration/service_account_test.go
@@ -50,21 +50,6 @@ func TestAddServiceAccount(t *testing.T) {
 	requestDataAddServiceAccount := map[string]interface{}{
 		"accessKey": "testuser1",
 		"secretKey": "password",
-		"policy": "{" +
-			"\n    \"Version\": \"2012-10-17\"," +
-			"\n    \"Statement\": [" +
-			"\n        {" +
-			"\n            \"Effect\": \"Allow\"," +
-			"\n            \"Action\": [" +
-			"\n                \"s3:GetBucketLocation\"," +
-			"\n                \"s3:GetObject\"" +
-			"\n            ]," +
-			"\n            \"Resource\": [" +
-			"\n                \"arn:aws:s3:::*\"" +
-			"\n            ]" +
-			"\n        }" +
-			"\n    ]" +
-			"\n}",
 	}
 
 	fmt.Println("..............................TestServiceAccountPolicy(): Prepare the POST")
@@ -95,7 +80,51 @@ func TestAddServiceAccount(t *testing.T) {
 		assert.Equal(201, response.StatusCode, "Status Code is incorrect")
 	}
 
-	fmt.Println("...................................TestServiceAccountPolicy(): Remove user")
+	requestDataPolicy := map[string]interface{}{"policy": "{" +
+		"\n    \"Version\": \"2012-10-17\"," +
+		"\n    \"Statement\": [" +
+		"\n        {" +
+		"\n            \"Effect\": \"Allow\"," +
+		"\n            \"Action\": [" +
+		"\n                \"s3:GetBucketLocation\"," +
+		"\n                \"s3:GetObject\"" +
+		"\n            ]," +
+		"\n            \"Resource\": [" +
+		"\n                \"arn:aws:s3:::*\"" +
+		"\n            ]" +
+		"\n        }" +
+		"\n    ]" +
+		"\n}",
+	}
+	fmt.Println("..............................TestServiceAccountPolicy(): Prepare the PUT")
+	requestDataJSON, _ = json.Marshal(requestDataPolicy)
+	requestDataBody = bytes.NewReader(requestDataJSON)
+	request, err = http.NewRequest(
+		"PUT", "http://localhost:9090/api/v1/service-accounts/testuser1/policy", requestDataBody)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	request.Header.Add("Cookie", fmt.Sprintf("token=%s", token))
+	request.Header.Add("Content-Type", "application/json")
+
+	fmt.Println(".................................TestServiceAccountPolicy(): Make the PUT")
+	response, err = client.Do(request)
+	if err != nil {
+		log.Println(err)
+		return
+	}
+	fmt.Println("..................................TestServiceAccountPolicy(): Verification")
+	fmt.Println(".................................TestServiceAccountPolicy(): PUT response")
+	fmt.Println(response)
+	fmt.Println("....................................TestServiceAccountPolicy(): PUT error")
+	fmt.Println(err)
+	if response != nil {
+		fmt.Println("POST StatusCode:", response.StatusCode)
+		assert.Equal(200, response.StatusCode, "Status Code is incorrect")
+	}
+
+	fmt.Println("...................................TestServiceAccountPolicy(): Check policy")
 
 	// Test policy
 	fmt.Println(".......................TestAddUserServiceAccount(): Create Data to add user")

diff --git a/models/add_service_account_policy_request.go b/models/add_service_account_policy_request.go
diff --git a/portal-ui/src/screens/Console/Account/Account.tsx b/portal-ui/src/screens/Console/Account/Account.tsx
@@ -179,6 +179,7 @@ const Account = ({ classes, displayErrorMessage }: IServiceAccountsProps) => {
 
   const closePolicyModal = () => {
     setPolicyOpen(false);
+    setLoading(true);
   };
 
   const confirmDeleteServiceAccount = (selectedServiceAccount: string) => {

diff --git a/portal-ui/src/screens/Console/Account/ServiceAccountPolicy.tsx b/portal-ui/src/screens/Console/Account/ServiceAccountPolicy.tsx
@@ -85,6 +85,18 @@ const ServiceAccountPolicy = ({
     }
   }, [loading, setLoading, setModalErrorSnackMessage, selectedAccessKey]);
 
+  const setPolicy = (event: React.FormEvent, newPolicy: string) => {
+    event.preventDefault();
+    api
+        .invoke("PUT", `/api/v1/service-accounts/${selectedAccessKey}/policy`, {policy: newPolicy})
+        .then((res) => {
+          closeModalAndRefresh();
+        })
+        .catch((err: ErrorResponseHandler) => {
+          setModalErrorSnackMessage(err);
+        });
+  };
+
   return (
     <ModalWrapper
       title="Service Account Policy"
@@ -94,6 +106,13 @@ const ServiceAccountPolicy = ({
       }}
       titleIcon={<ChangeAccessPolicyIcon />}
     >
+      <form
+          noValidate
+          autoComplete="off"
+          onSubmit={(e: React.FormEvent<HTMLFormElement>) => {
+            setPolicy(e, policyDefinition);
+          }}
+      >
       <Grid container>
         <Grid item xs={12} className={classes.codeMirrorContainer}>
           <CodeMirrorWrapper
@@ -103,7 +122,6 @@ const ServiceAccountPolicy = ({
               setPolicyDefinition(value);
             }}
             editorHeight={"350px"}
-            readOnly={true}
           />
         </Grid>
         <Grid item xs={12} className={classes.modalButtonBar}>
@@ -118,8 +136,19 @@ const ServiceAccountPolicy = ({
           >
             Cancel
           </Button>
+          <Button
+              type="submit"
+              variant="contained"
+              color="primary"
+              disabled={
+                loading
+              }
+          >
+            Set
+          </Button>
         </Grid>
       </Grid>
+      </form>
     </ModalWrapper>
   );
 };

diff --git a/restapi/client-admin.go b/restapi/client-admin.go
@@ -99,6 +99,7 @@ type MinioAdmin interface {
 	listServiceAccounts(ctx context.Context, user string) (madmin.ListServiceAccountsResp, error)
 	deleteServiceAccount(ctx context.Context, serviceAccount string) error
 	infoServiceAccount(ctx context.Context, serviceAccount string) (madmin.InfoServiceAccountResp, error)
+	updateServiceAccount(ctx context.Context, serviceAccount string, opts madmin.UpdateServiceAccountReq) error
 	// Remote Buckets
 	listRemoteBuckets(ctx context.Context, bucket, arnType string) (targets []madmin.BucketTarget, err error)
 	getRemoteBucket(ctx context.Context, bucket, arnType string) (targets *madmin.BucketTarget, err error)
@@ -312,6 +313,11 @@ func (ac AdminClient) infoServiceAccount(ctx context.Context, serviceAccount str
 	return ac.Client.InfoServiceAccount(ctx, serviceAccount)
 }
 
+// implements madmin.UpdateServiceAccount()
+func (ac AdminClient) updateServiceAccount(ctx context.Context, serviceAccount string, opts madmin.UpdateServiceAccountReq) error {
+	return ac.Client.UpdateServiceAccount(ctx, serviceAccount, opts)
+}
+
 // AccountInfo implements madmin.AccountInfo()
 func (ac AdminClient) AccountInfo(ctx context.Context) (madmin.AccountInfo, error) {
 	return ac.Client.AccountInfo(ctx, madmin.AccountOpts{})

diff --git a/restapi/embedded_spec.go b/restapi/embedded_spec.go