Add edit, enable, and disable to mc idp ldap accesskey

[taran-p]

Community Contribution License

All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.

Description

Adds edit, enable, and disable commands to idp ldap accesskey similar to those under admin user svcacct.

Motivation and Context

These actions are currently not available when using idp ldap accesskey

How to test this PR?

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Optimization (provides speedup with no functional changes)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Fixes a regression (If yes, please add commit-id or PR # here)
• Unit tests added/updated
• Internal documentation updated
• Create a documentation update request here

[shtripat]

mostly looks good. one minor one

[shtripat]

While testing I see as below

$ ./mc idp ldap accesskey edit myminio "svcacct-bobfisher-1" --expiry-duration 20h
Successfully edited access key `svcacct-bobfisher-1`.

$ ./mc idp ldap accesskey info myminio "svcacct-bobfisher-1" 
Access Key: svcacct-bobfisher-1
Parent User: uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io
Policy: implied
Name: svcacct-bobfisher-1
Description: svcacct-bobfisher-1-desc
Expiration: 19 hours from now

I understand that just after edit its few secs less than 20hrs so it shows 19 hrs and --json output shows absolute expiry date as below

$ ./mc idp ldap accesskey info myminio "svcacct-bobfisher-1" --json 
{
 "status": "success",
 "accessKey": "svcacct-bobfisher-1",
 "parentUser": "uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io",
 "accountStatus": "on",
 "impliedPolicy": true,
 "policy": {
  "Version": "2012-10-17",
  "Statement": [
   {
    "Effect": "Allow",
    "Action": [
     "admin:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "kms:*"
    ]
   },
   {
    "Effect": "Allow",
    "Action": [
     "s3:*"
    ],
    "Resource": [
     "arn:aws:s3:::*"
    ]
   }
  ]
 },
 "name": "svcacct-bobfisher-1",
 "description": "svcacct-bobfisher-1-desc",
 "expiration": "2024-09-05T06:44:27.822605691Z"
}

[shtripat]

Also after enable/disable there is no way to see the status in non json output.

Access Key: svcacct-bobfisher-1
Parent User: uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io
Policy: implied
Name: svcacct-bobfisher-1
Description: svcacct-bobfisher-1-desc
Expiration: 19 hours from now

I feel we should add a field status: enabled/disabled to this output.

[taran-p]

@shtripat I made the fix and added a status to the printout. The time rounding down seems to be a consequence of using humanize.Time, so this is an issue everywhere that function is used. It may be worth fixing separately

[shtripat]

LGTM. Verified

[harshavardhana]

$ ./mc idp ldap accesskey info myminio "svcacct-bobfisher-1" 
Access Key: svcacct-bobfisher-1
Parent User: uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io
Policy: implied
Name: svcacct-bobfisher-1
Description: svcacct-bobfisher-1-desc
Expiration: 19 hours from now

yeah its way more humanized but its precision is only in hrs not in 1minutes or seconds. which for now is okay..

We can change it to just show ugly time.Duration