aboutsummaryrefslogtreecommitdiff
path: root/weed/iamapi/iamapi_server.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/iamapi/iamapi_server.go')
-rw-r--r--weed/iamapi/iamapi_server.go51
1 files changed, 48 insertions, 3 deletions
diff --git a/weed/iamapi/iamapi_server.go b/weed/iamapi/iamapi_server.go
index 7698fab71..18af1a919 100644
--- a/weed/iamapi/iamapi_server.go
+++ b/weed/iamapi/iamapi_server.go
@@ -4,11 +4,14 @@ package iamapi
import (
"bytes"
+ "encoding/json"
"fmt"
"github.com/chrislusf/seaweedfs/weed/filer"
"github.com/chrislusf/seaweedfs/weed/pb"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
+ "github.com/chrislusf/seaweedfs/weed/s3api"
+ . "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
"github.com/chrislusf/seaweedfs/weed/wdclient"
"github.com/gorilla/mux"
"google.golang.org/grpc"
@@ -19,6 +22,8 @@ import (
type IamS3ApiConfig interface {
GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
+ GetPolicies(policies *Policies) (err error)
+ PutPolicies(policies *Policies) (err error)
}
type IamS3ApiConfigure struct {
@@ -36,7 +41,7 @@ type IamServerOption struct {
type IamApiServer struct {
s3ApiConfig IamS3ApiConfig
- filerclient *filer_pb.SeaweedFilerClient
+ iam *s3api.IdentityAccessManagement
}
var s3ApiConfigure IamS3ApiConfig
@@ -46,9 +51,10 @@ func NewIamApiServer(router *mux.Router, option *IamServerOption) (iamApiServer
option: option,
masterClient: wdclient.NewMasterClient(option.GrpcDialOption, pb.AdminShellClient, "", 0, "", strings.Split(option.Masters, ",")),
}
-
+ s3Option := s3api.S3ApiServerOption{Filer: option.Filer}
iamApiServer = &IamApiServer{
s3ApiConfig: s3ApiConfigure,
+ iam: s3api.NewIdentityAccessManagement(&s3Option),
}
iamApiServer.registerRouter(router)
@@ -62,7 +68,8 @@ func (iama *IamApiServer) registerRouter(router *mux.Router) {
// ListBuckets
// apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST"))
- apiRouter.Path("/").Methods("POST").HandlerFunc(iama.DoActions)
+ apiRouter.Methods("POST").Path("/").HandlerFunc(iama.iam.Auth(iama.DoActions, ACTION_ADMIN))
+ //
// NotFound
apiRouter.NotFoundHandler = http.HandlerFunc(notFoundHandler)
}
@@ -102,3 +109,41 @@ func (iam IamS3ApiConfigure) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfigurat
},
)
}
+
+func (iam IamS3ApiConfigure) GetPolicies(policies *Policies) (err error) {
+ var buf bytes.Buffer
+ err = pb.WithGrpcFilerClient(iam.option.FilerGrpcAddress, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
+ if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirecotry, filer.IamPoliciesFile, &buf); err != nil {
+ return err
+ }
+ return nil
+ })
+ if err != nil {
+ return err
+ }
+ if buf.Len() == 0 {
+ policies.Policies = make(map[string]PolicyDocument)
+ return nil
+ }
+ if err := json.Unmarshal(buf.Bytes(), policies); err != nil {
+ return err
+ }
+ return nil
+}
+
+func (iam IamS3ApiConfigure) PutPolicies(policies *Policies) (err error) {
+ var b []byte
+ if b, err = json.Marshal(policies); err != nil {
+ return err
+ }
+ return pb.WithGrpcFilerClient(
+ iam.option.FilerGrpcAddress,
+ iam.option.GrpcDialOption,
+ func(client filer_pb.SeaweedFilerClient) error {
+ if err := filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamPoliciesFile, b); err != nil {
+ return err
+ }
+ return nil
+ },
+ )
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 16:22:38 +0000