diff options
| author | LHHDZ <changlin.shi@ly.com> | 2022-10-02 10:18:00 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-01 19:18:00 -0700 |
| commit | e9584d96615870176d9fd5317b31695e87ff7b7e (patch) | |
| tree | 279e2eaca22ac6847c9cfcc946ccd6d9f1eb5329 /weed/s3api/auth_credentials.go | |
| parent | 6fa3d0cc463fd866828ee071d295eab4eb725f4b (diff) | |
| download | seaweedfs-e9584d96615870176d9fd5317b31695e87ff7b7e.tar.xz seaweedfs-e9584d96615870176d9fd5317b31695e87ff7b7e.zip | |
add ownership rest apis (#3765)
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index a243d6222..46a66a427 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -16,6 +16,8 @@ import ( "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" ) +var IdentityAnonymous *Identity + type Action string type Iam interface { @@ -32,10 +34,15 @@ type IdentityAccessManagement struct { type Identity struct { Name string + AccountId string Credentials []*Credential Actions []Action } +func (i *Identity) isAnonymous() bool { + return i.Name == AccountAnonymous.Name +} + type Credential struct { AccessKey string SecretKey string @@ -125,9 +132,23 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api for _, ident := range config.Identities { t := &Identity{ Name: ident.Name, + AccountId: AccountAdmin.Id, Credentials: nil, Actions: nil, } + + if ident.Name == AccountAnonymous.Name { + if ident.AccountId != "" && ident.AccountId != AccountAnonymous.Id { + glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid") + } + t.AccountId = AccountAnonymous.Id + IdentityAnonymous = t + } else { + if len(ident.AccountId) > 0 { + t.AccountId = ident.AccountId + } + } + for _, action := range ident.Actions { t.Actions = append(t.Actions, Action(action)) } @@ -139,6 +160,13 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api } identities = append(identities, t) } + + if IdentityAnonymous == nil { + IdentityAnonymous = &Identity{ + Name: AccountAnonymous.Name, + AccountId: AccountAnonymous.Id, + } + } iam.m.Lock() // atomically switch iam.identities = identities @@ -173,7 +201,7 @@ func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, foun iam.m.RLock() defer iam.m.RUnlock() for _, ident := range iam.identities { - if ident.Name == "anonymous" { + if ident.isAnonymous() { return ident, true } } @@ -259,6 +287,9 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, action Action) return identity, s3err.ErrAccessDenied } + if !identity.isAnonymous() { + r.Header.Set(s3_constants.AmzAccountId, identity.AccountId) + } return identity, s3err.ErrNone } |