diff options
| author | guosj <515878133@qq.com> | 2022-04-20 10:12:33 +0800 |
|---|---|---|
| committer | guosj <515878133@qq.com> | 2022-04-20 10:12:33 +0800 |
| commit | a23629b2fe9112cfa9676206292f5a7de4c3a33a (patch) | |
| tree | 849f544ce12ee2fda279afe4928e2409c3789644 | |
| parent | 0a137e675de5be121f73d030085bf3c0a3ba7ee7 (diff) | |
| download | seaweedfs-a23629b2fe9112cfa9676206292f5a7de4c3a33a.tar.xz seaweedfs-a23629b2fe9112cfa9676206292f5a7de4c3a33a.zip | |
handle implicit username
| -rw-r--r-- | weed/iamapi/iamapi_management_handlers.go | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/weed/iamapi/iamapi_management_handlers.go b/weed/iamapi/iamapi_management_handlers.go index 94003c46e..5fea49f5c 100644 --- a/weed/iamapi/iamapi_management_handlers.go +++ b/weed/iamapi/iamapi_management_handlers.go @@ -377,6 +377,18 @@ func (iama *IamApiServer) DeleteAccessKey(s3cfg *iam_pb.S3ApiConfiguration, valu return resp } +// handleImplicitUsername adds username who signs the request to values if 'username' is not specified +// According to https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/create-access-key.html/ +// "If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web +// Services access key ID signing the request." +func handleImplicitUsername(r *http.Request, values url.Values) { + if values.Get("UserName") == "" { + // get username who signs the request + userName := strings.Split(r.Header["Authorization"][0], "/")[2] + values.Set("UserName", userName) + } +} + func (iama *IamApiServer) DoActions(w http.ResponseWriter, r *http.Request) { if err := r.ParseForm(); err != nil { s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest) @@ -401,6 +413,7 @@ func (iama *IamApiServer) DoActions(w http.ResponseWriter, r *http.Request) { response = iama.ListUsers(s3cfg, values) changed = false case "ListAccessKeys": + handleImplicitUsername(r, values) response = iama.ListAccessKeys(s3cfg, values) changed = false case "CreateUser": @@ -428,8 +441,10 @@ func (iama *IamApiServer) DoActions(w http.ResponseWriter, r *http.Request) { return } case "CreateAccessKey": + handleImplicitUsername(r, values) response = iama.CreateAccessKey(s3cfg, values) case "DeleteAccessKey": + handleImplicitUsername(r, values) response = iama.DeleteAccessKey(s3cfg, values) case "CreatePolicy": response, err = iama.CreatePolicy(s3cfg, values) |