diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-07-02 18:03:17 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-02 18:03:17 -0700 |
| commit | 1db7c2b8aad59177f9ccb32f156908faf0c13eca (patch) | |
| tree | b1ea2df918591ab01822e3bd3ce08277825c47fb /weed/s3api/s3api_server.go | |
| parent | 6b706f9ccdf46046133c867c4240c4e8594da5b3 (diff) | |
| download | seaweedfs-1db7c2b8aad59177f9ccb32f156908faf0c13eca.tar.xz seaweedfs-1db7c2b8aad59177f9ccb32f156908faf0c13eca.zip | |
Add credential storage (#6938)
* add credential store interface
* load credential.toml
* lint
* create credentialManager with explicit store type
* add type name
* InitializeCredentialManager
* remove unused functions
* fix missing import
* fix import
* fix nil configuration
Diffstat (limited to 'weed/s3api/s3api_server.go')
| -rw-r--r-- | weed/s3api/s3api_server.go | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go index 2f9e9e3fb..f0aaa3985 100644 --- a/weed/s3api/s3api_server.go +++ b/weed/s3api/s3api_server.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/seaweedfs/seaweedfs/weed/credential" "github.com/seaweedfs/seaweedfs/weed/filer" "github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb" @@ -41,16 +42,21 @@ type S3ApiServerOption struct { type S3ApiServer struct { s3_pb.UnimplementedSeaweedS3Server - option *S3ApiServerOption - iam *IdentityAccessManagement - cb *CircuitBreaker - randomClientId int32 - filerGuard *security.Guard - client util_http_client.HTTPClientInterface - bucketRegistry *BucketRegistry + option *S3ApiServerOption + iam *IdentityAccessManagement + cb *CircuitBreaker + randomClientId int32 + filerGuard *security.Guard + client util_http_client.HTTPClientInterface + bucketRegistry *BucketRegistry + credentialManager *credential.CredentialManager } func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) { + return NewS3ApiServerWithStore(router, option, "") +} + +func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, explicitStore string) (s3ApiServer *S3ApiServer, err error) { startTsNs := time.Now().UnixNano() v := util.GetViper() @@ -64,19 +70,25 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer v.SetDefault("cors.allowed_origins.values", "*") - if (option.AllowedOrigins == nil) || (len(option.AllowedOrigins) == 0) { + if len(option.AllowedOrigins) == 0 { allowedOrigins := v.GetString("cors.allowed_origins.values") domains := strings.Split(allowedOrigins, ",") option.AllowedOrigins = domains } + var iam *IdentityAccessManagement + + iam = NewIdentityAccessManagementWithStore(option, explicitStore) + s3ApiServer = &S3ApiServer{ - option: option, - iam: NewIdentityAccessManagement(option), - randomClientId: util.RandomInt32(), - filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec), - cb: NewCircuitBreaker(option), + option: option, + iam: iam, + randomClientId: util.RandomInt32(), + filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec), + cb: NewCircuitBreaker(option), + credentialManager: iam.credentialManager, } + if option.Config != "" { grace.OnReload(func() { if err := s3ApiServer.iam.loadS3ApiConfigurationFromFile(option.Config); err != nil { @@ -119,7 +131,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) { func(w http.ResponseWriter, r *http.Request) { origin := r.Header.Get("Origin") if origin != "" { - if s3a.option.AllowedOrigins == nil || len(s3a.option.AllowedOrigins) == 0 || s3a.option.AllowedOrigins[0] == "*" { + if len(s3a.option.AllowedOrigins) == 0 || s3a.option.AllowedOrigins[0] == "*" { origin = "*" } else { originFound := false |