aboutsummaryrefslogtreecommitdiff
path: root/weed/iamapi
diff options
context:
space:
mode:
Diffstat (limited to 'weed/iamapi')
-rw-r--r--weed/iamapi/iamapi_management_handlers.go125
-rw-r--r--weed/iamapi/iamapi_response.go129
2 files changed, 43 insertions, 211 deletions
diff --git a/weed/iamapi/iamapi_management_handlers.go b/weed/iamapi/iamapi_management_handlers.go
index 1985b042f..899db7ff3 100644
--- a/weed/iamapi/iamapi_management_handlers.go
+++ b/weed/iamapi/iamapi_management_handlers.go
@@ -1,45 +1,40 @@
package iamapi
// This file provides IAM API handlers for the standalone IAM server.
-// NOTE: There is code duplication with weed/s3api/s3api_embedded_iam.go.
-// See GitHub issue #7747 for the planned refactoring to extract common IAM logic
-// into a shared package.
+// Common IAM types and helpers are imported from the shared weed/iam package.
import (
- "crypto/rand"
- "crypto/sha1"
"encoding/json"
"errors"
"fmt"
- "math/big"
"net/http"
"net/url"
- "sort"
"strings"
"sync"
+ "github.com/aws/aws-sdk-go/service/iam"
"github.com/seaweedfs/seaweedfs/weed/glog"
+ iamlib "github.com/seaweedfs/seaweedfs/weed/iam"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/policy_engine"
- "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
-
- "github.com/aws/aws-sdk-go/service/iam"
)
+// Constants from shared package
const (
- charsetUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
- charset = charsetUpper + "abcdefghijklmnopqrstuvwxyz/"
- policyDocumentVersion = "2012-10-17"
- StatementActionAdmin = "*"
- StatementActionWrite = "Put*"
- StatementActionWriteAcp = "PutBucketAcl"
- StatementActionRead = "Get*"
- StatementActionReadAcp = "GetBucketAcl"
- StatementActionList = "List*"
- StatementActionTagging = "Tagging*"
- StatementActionDelete = "DeleteBucket*"
+ charsetUpper = iamlib.CharsetUpper
+ charset = iamlib.Charset
+ policyDocumentVersion = iamlib.PolicyDocumentVersion
+ StatementActionAdmin = iamlib.StatementActionAdmin
+ StatementActionWrite = iamlib.StatementActionWrite
+ StatementActionWriteAcp = iamlib.StatementActionWriteAcp
+ StatementActionRead = iamlib.StatementActionRead
+ StatementActionReadAcp = iamlib.StatementActionReadAcp
+ StatementActionList = iamlib.StatementActionList
+ StatementActionTagging = iamlib.StatementActionTagging
+ StatementActionDelete = iamlib.StatementActionDelete
+ USER_DOES_NOT_EXIST = iamlib.UserDoesNotExist
)
var (
@@ -47,105 +42,29 @@ var (
policyLock = sync.RWMutex{}
)
+// Helper function wrappers using shared package
func MapToStatementAction(action string) string {
- switch action {
- case StatementActionAdmin:
- return s3_constants.ACTION_ADMIN
- case StatementActionWrite:
- return s3_constants.ACTION_WRITE
- case StatementActionWriteAcp:
- return s3_constants.ACTION_WRITE_ACP
- case StatementActionRead:
- return s3_constants.ACTION_READ
- case StatementActionReadAcp:
- return s3_constants.ACTION_READ_ACP
- case StatementActionList:
- return s3_constants.ACTION_LIST
- case StatementActionTagging:
- return s3_constants.ACTION_TAGGING
- case StatementActionDelete:
- return s3_constants.ACTION_DELETE_BUCKET
- default:
- return ""
- }
+ return iamlib.MapToStatementAction(action)
}
func MapToIdentitiesAction(action string) string {
- switch action {
- case s3_constants.ACTION_ADMIN:
- return StatementActionAdmin
- case s3_constants.ACTION_WRITE:
- return StatementActionWrite
- case s3_constants.ACTION_WRITE_ACP:
- return StatementActionWriteAcp
- case s3_constants.ACTION_READ:
- return StatementActionRead
- case s3_constants.ACTION_READ_ACP:
- return StatementActionReadAcp
- case s3_constants.ACTION_LIST:
- return StatementActionList
- case s3_constants.ACTION_TAGGING:
- return StatementActionTagging
- case s3_constants.ACTION_DELETE_BUCKET:
- return StatementActionDelete
- default:
- return ""
- }
+ return iamlib.MapToIdentitiesAction(action)
}
-const (
- USER_DOES_NOT_EXIST = "the user with name %s cannot be found."
-)
-
type Policies struct {
Policies map[string]policy_engine.PolicyDocument `json:"policies"`
}
func Hash(s *string) string {
- h := sha1.New()
- h.Write([]byte(*s))
- return fmt.Sprintf("%x", h.Sum(nil))
+ return iamlib.Hash(s)
}
-// StringWithCharset generates a cryptographically secure random string.
-// Uses crypto/rand for security-sensitive credential generation.
func StringWithCharset(length int, charset string) (string, error) {
- if length <= 0 {
- return "", fmt.Errorf("length must be positive, got %d", length)
- }
- if charset == "" {
- return "", fmt.Errorf("charset must not be empty")
- }
- b := make([]byte, length)
- for i := range b {
- n, err := rand.Int(rand.Reader, big.NewInt(int64(len(charset))))
- if err != nil {
- return "", fmt.Errorf("failed to generate random index: %w", err)
- }
- b[i] = charset[n.Int64()]
- }
- return string(b), nil
+ return iamlib.GenerateRandomString(length, charset)
}
-// stringSlicesEqual compares two string slices for equality, ignoring order.
-// This is used instead of reflect.DeepEqual to avoid order-dependent comparisons.
func stringSlicesEqual(a, b []string) bool {
- if len(a) != len(b) {
- return false
- }
- // Make copies to avoid modifying the originals
- aCopy := make([]string, len(a))
- bCopy := make([]string, len(b))
- copy(aCopy, a)
- copy(bCopy, b)
- sort.Strings(aCopy)
- sort.Strings(bCopy)
- for i := range aCopy {
- if aCopy[i] != bCopy[i] {
- return false
- }
- }
- return true
+ return iamlib.StringSlicesEqual(a, b)
}
func (iama *IamApiServer) ListUsers(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp ListUsersResponse) {
diff --git a/weed/iamapi/iamapi_response.go b/weed/iamapi/iamapi_response.go
index fc68ce5a5..c16b1f79b 100644
--- a/weed/iamapi/iamapi_response.go
+++ b/weed/iamapi/iamapi_response.go
@@ -1,113 +1,26 @@
package iamapi
-import (
- "encoding/xml"
- "fmt"
- "time"
+// This file re-exports IAM response types from the shared weed/iam package
+// for backwards compatibility with existing code.
- "github.com/aws/aws-sdk-go/service/iam"
+import (
+ iamlib "github.com/seaweedfs/seaweedfs/weed/iam"
)
-type CommonResponse struct {
- ResponseMetadata struct {
- RequestId string `xml:"RequestId"`
- } `xml:"ResponseMetadata"`
-}
-
-type ListUsersResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ListUsersResponse"`
- ListUsersResult struct {
- Users []*iam.User `xml:"Users>member"`
- IsTruncated bool `xml:"IsTruncated"`
- } `xml:"ListUsersResult"`
-}
-
-type ListAccessKeysResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ListAccessKeysResponse"`
- ListAccessKeysResult struct {
- AccessKeyMetadata []*iam.AccessKeyMetadata `xml:"AccessKeyMetadata>member"`
- IsTruncated bool `xml:"IsTruncated"`
- } `xml:"ListAccessKeysResult"`
-}
-
-type DeleteAccessKeyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteAccessKeyResponse"`
-}
-
-type CreatePolicyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreatePolicyResponse"`
- CreatePolicyResult struct {
- Policy iam.Policy `xml:"Policy"`
- } `xml:"CreatePolicyResult"`
-}
-
-type CreateUserResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreateUserResponse"`
- CreateUserResult struct {
- User iam.User `xml:"User"`
- } `xml:"CreateUserResult"`
-}
-
-type DeleteUserResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteUserResponse"`
-}
-
-type GetUserResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ GetUserResponse"`
- GetUserResult struct {
- User iam.User `xml:"User"`
- } `xml:"GetUserResult"`
-}
-
-type UpdateUserResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ UpdateUserResponse"`
-}
-
-type CreateAccessKeyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ CreateAccessKeyResponse"`
- CreateAccessKeyResult struct {
- AccessKey iam.AccessKey `xml:"AccessKey"`
- } `xml:"CreateAccessKeyResult"`
-}
-
-type PutUserPolicyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ PutUserPolicyResponse"`
-}
-
-type DeleteUserPolicyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ DeleteUserPolicyResponse"`
-}
-
-type GetUserPolicyResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ GetUserPolicyResponse"`
- GetUserPolicyResult struct {
- UserName string `xml:"UserName"`
- PolicyName string `xml:"PolicyName"`
- PolicyDocument string `xml:"PolicyDocument"`
- } `xml:"GetUserPolicyResult"`
-}
-
-type ErrorResponse struct {
- CommonResponse
- XMLName xml.Name `xml:"https://iam.amazonaws.com/doc/2010-05-08/ ErrorResponse"`
- Error struct {
- iam.ErrorDetails
- Type string `xml:"Type"`
- } `xml:"Error"`
-}
-
-func (r *CommonResponse) SetRequestId() {
- r.ResponseMetadata.RequestId = fmt.Sprintf("%d", time.Now().UnixNano())
-}
+// Type aliases for IAM response types from shared package
+type (
+ CommonResponse = iamlib.CommonResponse
+ ListUsersResponse = iamlib.ListUsersResponse
+ ListAccessKeysResponse = iamlib.ListAccessKeysResponse
+ DeleteAccessKeyResponse = iamlib.DeleteAccessKeyResponse
+ CreatePolicyResponse = iamlib.CreatePolicyResponse
+ CreateUserResponse = iamlib.CreateUserResponse
+ DeleteUserResponse = iamlib.DeleteUserResponse
+ GetUserResponse = iamlib.GetUserResponse
+ UpdateUserResponse = iamlib.UpdateUserResponse
+ CreateAccessKeyResponse = iamlib.CreateAccessKeyResponse
+ PutUserPolicyResponse = iamlib.PutUserPolicyResponse
+ DeleteUserPolicyResponse = iamlib.DeleteUserPolicyResponse
+ GetUserPolicyResponse = iamlib.GetUserPolicyResponse
+ ErrorResponse = iamlib.ErrorResponse
+)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 23:13:13 +0000