1 files changed, 133 insertions, 0 deletions
diff --git a/weed/credential/config_loader.go b/weed/credential/config_loader.go
new file mode 100644
index 000000000..959f1cfb4
--- /dev/null
+++ b/weed/credential/config_loader.go
@@ -0,0 +1,133 @@
+package credential
+
+import (
+	"fmt"
+
+	"github.com/seaweedfs/seaweedfs/weed/glog"
+	"github.com/seaweedfs/seaweedfs/weed/util"
+)
+
+// CredentialConfig represents the credential configuration from credential.toml
+type CredentialConfig struct {
+	Store  string
+	Config util.Configuration
+	Prefix string
+}
+
+// LoadCredentialConfiguration loads credential configuration from credential.toml
+// Returns the store type, configuration, and prefix for credential management
+func LoadCredentialConfiguration() (*CredentialConfig, error) {
+	// Try to load credential.toml configuration
+	loaded := util.LoadConfiguration("credential", false)
+	if !loaded {
+		glog.V(1).Info("No credential.toml found, credential store disabled")
+		return nil, nil
+	}
+
+	viper := util.GetViper()
+
+	// Find which credential store is enabled
+	var enabledStore string
+	var storePrefix string
+
+	// Get available store types from registered stores
+	storeTypes := GetAvailableStores()
+	for _, storeType := range storeTypes {
+		key := fmt.Sprintf("credential.%s.enabled", string(storeType))
+		if viper.GetBool(key) {
+			if enabledStore != "" {
+				return nil, fmt.Errorf("multiple credential stores enabled: %s and %s. Only one store can be enabled", enabledStore, string(storeType))
+			}
+			enabledStore = string(storeType)
+			storePrefix = fmt.Sprintf("credential.%s.", string(storeType))
+		}
+	}
+
+	if enabledStore == "" {
+		glog.V(1).Info("No credential store enabled in credential.toml")
+		return nil, nil
+	}
+
+	glog.V(0).Infof("Loaded credential configuration: store=%s", enabledStore)
+
+	return &CredentialConfig{
+		Store:  enabledStore,
+		Config: viper,
+		Prefix: storePrefix,
+	}, nil
+}
+
+// GetCredentialStoreConfig extracts credential store configuration from command line flags
+// This is used when credential store is configured via command line instead of credential.toml
+func GetCredentialStoreConfig(store string, config util.Configuration, prefix string) *CredentialConfig {
+	if store == "" {
+		return nil
+	}
+
+	return &CredentialConfig{
+		Store:  store,
+		Config: config,
+		Prefix: prefix,
+	}
+}
+
+// MergeCredentialConfig merges command line credential config with credential.toml config
+// Command line flags take priority over credential.toml
+func MergeCredentialConfig(cmdLineStore string, cmdLineConfig util.Configuration, cmdLinePrefix string) (*CredentialConfig, error) {
+	// If command line credential store is specified, use it
+	if cmdLineStore != "" {
+		glog.V(0).Infof("Using command line credential configuration: store=%s", cmdLineStore)
+		return GetCredentialStoreConfig(cmdLineStore, cmdLineConfig, cmdLinePrefix), nil
+	}
+
+	// Otherwise, try to load from credential.toml
+	config, err := LoadCredentialConfiguration()
+	if err != nil {
+		return nil, err
+	}
+
+	if config == nil {
+		glog.V(1).Info("No credential store configured")
+	}
+
+	return config, nil
+}
+
+// NewCredentialManagerWithDefaults creates a credential manager with fallback to defaults
+// If explicitStore is provided, it will be used regardless of credential.toml
+// If explicitStore is empty, it tries credential.toml first, then defaults to "filer_etc"
+func NewCredentialManagerWithDefaults(explicitStore CredentialStoreTypeName) (*CredentialManager, error) {
+	var storeName CredentialStoreTypeName
+	var config util.Configuration
+	var prefix string
+
+	// If explicit store is provided, use it
+	if explicitStore != "" {
+		storeName = explicitStore
+		config = nil
+		prefix = ""
+		glog.V(0).Infof("Using explicit credential store: %s", storeName)
+	} else {
+		// Try to load from credential.toml first
+		if credConfig, err := LoadCredentialConfiguration(); err == nil && credConfig != nil {
+			storeName = CredentialStoreTypeName(credConfig.Store)
+			config = credConfig.Config
+			prefix = credConfig.Prefix
+			glog.V(0).Infof("Loaded credential configuration from credential.toml: store=%s", storeName)
+		} else {
+			// Default to filer_etc store
+			storeName = StoreTypeFilerEtc
+			config = nil
+			prefix = ""
+			glog.V(1).Info("No credential.toml found, defaulting to filer_etc store")
+		}
+	}
+
+	// Create the credential manager
+	credentialManager, err := NewCredentialManager(storeName, config, prefix)
+	if err != nil {
+		return nil, fmt.Errorf("failed to initialize credential manager with store '%s': %v", storeName, err)
+	}
+
+	return credentialManager, nil
+}