aboutsummaryrefslogtreecommitdiff
path: root/weed/s3api/auth_credentials.go
diff options
context:
space:
mode:
Diffstat (limited to 'weed/s3api/auth_credentials.go')
-rw-r--r--weed/s3api/auth_credentials.go65
1 files changed, 26 insertions, 39 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go
index de1a0e3a1..da0a38dbf 100644
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@@ -1,33 +1,19 @@
package s3api
import (
- "bytes"
"fmt"
- "github.com/chrislusf/seaweedfs/weed/pb"
- "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
- "google.golang.org/grpc"
+ "github.com/chrislusf/seaweedfs/weed/filer"
"io/ioutil"
"net/http"
- xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
- "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
- "github.com/chrislusf/seaweedfs/weed/s3iam"
- "github.com/golang/protobuf/jsonpb"
-
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
+ xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http"
+ "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
)
type Action string
-const (
- ACTION_READ = "Read"
- ACTION_WRITE = "Write"
- ACTION_ADMIN = "Admin"
- ACTION_TAGGING = "Tagging"
- ACTION_LIST = "List"
-)
-
type Iam interface {
Check(f http.HandlerFunc, actions ...Action) http.HandlerFunc
}
@@ -52,44 +38,40 @@ func NewIdentityAccessManagement(option *S3ApiServerOption) *IdentityAccessManag
iam := &IdentityAccessManagement{
domain: option.DomainName,
}
- if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil {
- glog.Warningf("fail to load config %v", err)
- }
- if len(iam.identities) == 0 && option.Config != "" {
+ if option.Config != "" {
if err := iam.loadS3ApiConfigurationFromFile(option.Config); err != nil {
glog.Fatalf("fail to load config file %s: %v", option.Config, err)
}
+ } else {
+ if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil {
+ glog.Warningf("fail to load config: %v", err)
+ }
}
return iam
}
func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFiler(option *S3ApiServerOption) error {
- s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}
- return pb.WithCachedGrpcClient(func(grpcConnection *grpc.ClientConn) error {
- client := filer_pb.NewSeaweedFilerClient(grpcConnection)
- store := s3iam.NewIAMFilerStore(&client)
- if err := store.LoadIAMConfig(s3ApiConfiguration); err != nil {
- return nil
- }
- if err := iam.loadS3ApiConfiguration(s3ApiConfiguration); err != nil {
- return err
- }
- return nil
- }, option.FilerGrpcAddress, option.GrpcDialOption)
+ content, err := filer.ReadContent(option.Filer, filer.IamConfigDirecotry, filer.IamIdentityFile)
+ if err != nil {
+ return fmt.Errorf("read S3 config: %v", err)
+ }
+ return iam.loadS3ApiConfigurationFromBytes(content)
}
func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFile(fileName string) error {
- s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}
- rawData, readErr := ioutil.ReadFile(fileName)
+ content, readErr := ioutil.ReadFile(fileName)
if readErr != nil {
glog.Warningf("fail to read %s : %v", fileName, readErr)
return fmt.Errorf("fail to read %s : %v", fileName, readErr)
}
+ return iam.loadS3ApiConfigurationFromBytes(content)
+}
- glog.V(1).Infof("load s3 config: %v", fileName)
- if err := jsonpb.Unmarshal(bytes.NewReader(rawData), s3ApiConfiguration); err != nil {
+func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromBytes(content []byte) error {
+ s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}
+ if err := filer.ParseS3ConfigurationFromBytes(content, s3ApiConfiguration); err != nil {
glog.Warningf("unmarshal error: %v", err)
- return fmt.Errorf("unmarshal %s error: %v", fileName, err)
+ return fmt.Errorf("unmarshal error: %v", err)
}
if err := iam.loadS3ApiConfiguration(s3ApiConfiguration); err != nil {
return err
@@ -97,7 +79,9 @@ func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFile(fileName str
return nil
}
+
func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3ApiConfiguration) error {
+ var identities []*Identity
for _, ident := range config.Identities {
t := &Identity{
Name: ident.Name,
@@ -113,8 +97,11 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
SecretKey: cred.SecretKey,
})
}
- iam.identities = append(iam.identities, t)
+ identities = append(identities, t)
}
+
+ // atomically switch
+ iam.identities = identities
return nil
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 12:37:07 +0000