diff options
| author | Mesar Hameed <mesar.hameed@gmail.com> | 2023-05-19 07:08:56 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-05-18 23:08:56 -0700 |
| commit | a90b777ff4992ab59f4b1a94733b56f67ca9ddec (patch) | |
| tree | 1dfa3c1a79f477bab5466215a2ca1c3bdd6f2334 | |
| parent | 17e91d29179a41131e2a707ac2c5e63be4a21530 (diff) | |
| download | seaweedfs-a90b777ff4992ab59f4b1a94733b56f67ca9ddec.tar.xz seaweedfs-a90b777ff4992ab59f4b1a94733b56f67ca9ddec.zip | |
Feat: etcd filer store keys should have customizable prefix (#4484)
An etcd cluster is not necessarily only dedicated to seaweedfs.
This security enhancement adds a customizable key_prefix option to the etcd filer store.
This will allow an etcd cluster administrator to limit the seaweedfs etcd user to only read/write a subset of keys under the
key_prefix, instead of all keys on the etcd cluster.
| -rw-r--r-- | weed/command/scaffold/filer.toml | 1 | ||||
| -rw-r--r-- | weed/filer/etcd/etcd_store.go | 12 | ||||
| -rw-r--r-- | weed/filer/etcd/etcd_store_kv.go | 6 |
3 files changed, 11 insertions, 8 deletions
diff --git a/weed/command/scaffold/filer.toml b/weed/command/scaffold/filer.toml index b4c20d2bf..17123887d 100644 --- a/weed/command/scaffold/filer.toml +++ b/weed/command/scaffold/filer.toml @@ -264,6 +264,7 @@ enabled = false servers = "localhost:2379" username = "" password = "" +key_prefix = "seaweedfs." timeout = "3s" [mongodb] diff --git a/weed/filer/etcd/etcd_store.go b/weed/filer/etcd/etcd_store.go index 50bfa4d8c..4c4c7303c 100644 --- a/weed/filer/etcd/etcd_store.go +++ b/weed/filer/etcd/etcd_store.go @@ -25,6 +25,7 @@ func init() { type EtcdStore struct { client *clientv3.Client + etcdKeyPrefix string } func (store *EtcdStore) GetName() string { @@ -39,6 +40,7 @@ func (store *EtcdStore) Initialize(configuration weed_util.Configuration, prefix username := configuration.GetString(prefix + "username") password := configuration.GetString(prefix + "password") + store.etcdKeyPrefix = configuration.GetString(prefix + "key_prefix") timeout := configuration.GetString(prefix + "timeout") if timeout == "" { @@ -91,7 +93,7 @@ func (store *EtcdStore) InsertEntry(ctx context.Context, entry *filer.Entry) (er meta = weed_util.MaybeGzipData(meta) } - if _, err := store.client.Put(ctx, string(key), string(meta)); err != nil { + if _, err := store.client.Put(ctx, store.etcdKeyPrefix + string(key), string(meta)); err != nil { return fmt.Errorf("persisting %s : %v", entry.FullPath, err) } @@ -105,7 +107,7 @@ func (store *EtcdStore) UpdateEntry(ctx context.Context, entry *filer.Entry) (er func (store *EtcdStore) FindEntry(ctx context.Context, fullpath weed_util.FullPath) (entry *filer.Entry, err error) { key := genKey(fullpath.DirAndName()) - resp, err := store.client.Get(ctx, string(key)) + resp, err := store.client.Get(ctx, store.etcdKeyPrefix + string(key)) if err != nil { return nil, fmt.Errorf("get %s : %v", fullpath, err) } @@ -128,7 +130,7 @@ func (store *EtcdStore) FindEntry(ctx context.Context, fullpath weed_util.FullPa func (store *EtcdStore) DeleteEntry(ctx context.Context, fullpath weed_util.FullPath) (err error) { key := genKey(fullpath.DirAndName()) - if _, err := store.client.Delete(ctx, string(key)); err != nil { + if _, err := store.client.Delete(ctx, store.etcdKeyPrefix + string(key)); err != nil { return fmt.Errorf("delete %s : %v", fullpath, err) } @@ -138,7 +140,7 @@ func (store *EtcdStore) DeleteEntry(ctx context.Context, fullpath weed_util.Full func (store *EtcdStore) DeleteFolderChildren(ctx context.Context, fullpath weed_util.FullPath) (err error) { directoryPrefix := genDirectoryKeyPrefix(fullpath, "") - if _, err := store.client.Delete(ctx, string(directoryPrefix), clientv3.WithPrefix()); err != nil { + if _, err := store.client.Delete(ctx, store.etcdKeyPrefix + string(directoryPrefix), clientv3.WithPrefix()); err != nil { return fmt.Errorf("deleteFolderChildren %s : %v", fullpath, err) } @@ -156,7 +158,7 @@ func (store *EtcdStore) ListDirectoryEntries(ctx context.Context, dirPath weed_u lastFileStart = genDirectoryKeyPrefix(dirPath, startFileName) } - resp, err := store.client.Get(ctx, string(lastFileStart), + resp, err := store.client.Get(ctx, store.etcdKeyPrefix + string(lastFileStart), clientv3.WithFromKey(), clientv3.WithLimit(limit+1)) if err != nil { return lastFileName, fmt.Errorf("list %s : %v", dirPath, err) diff --git a/weed/filer/etcd/etcd_store_kv.go b/weed/filer/etcd/etcd_store_kv.go index fe887e4f1..96743124d 100644 --- a/weed/filer/etcd/etcd_store_kv.go +++ b/weed/filer/etcd/etcd_store_kv.go @@ -8,7 +8,7 @@ import ( func (store *EtcdStore) KvPut(ctx context.Context, key []byte, value []byte) (err error) { - _, err = store.client.Put(ctx, string(key), string(value)) + _, err = store.client.Put(ctx, store.etcdKeyPrefix + string(key), string(value)) if err != nil { return fmt.Errorf("kv put: %v", err) @@ -19,7 +19,7 @@ func (store *EtcdStore) KvPut(ctx context.Context, key []byte, value []byte) (er func (store *EtcdStore) KvGet(ctx context.Context, key []byte) (value []byte, err error) { - resp, err := store.client.Get(ctx, string(key)) + resp, err := store.client.Get(ctx, store.etcdKeyPrefix + string(key)) if err != nil { return nil, fmt.Errorf("kv get: %v", err) @@ -34,7 +34,7 @@ func (store *EtcdStore) KvGet(ctx context.Context, key []byte) (value []byte, er func (store *EtcdStore) KvDelete(ctx context.Context, key []byte) (err error) { - _, err = store.client.Delete(ctx, string(key)) + _, err = store.client.Delete(ctx, store.etcdKeyPrefix + string(key)) if err != nil { return fmt.Errorf("kv delete: %v", err) |