diff options
Diffstat (limited to 'weed/s3api')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 33 | ||||
| -rw-r--r-- | weed/s3api/filer_util.go | 137 |
2 files changed, 28 insertions, 142 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index cc259645d..de1a0e3a1 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -3,11 +3,15 @@ package s3api import ( "bytes" "fmt" + "github.com/chrislusf/seaweedfs/weed/pb" + "github.com/chrislusf/seaweedfs/weed/pb/filer_pb" + "google.golang.org/grpc" "io/ioutil" "net/http" xhttp "github.com/chrislusf/seaweedfs/weed/s3api/http" "github.com/chrislusf/seaweedfs/weed/s3api/s3err" + "github.com/chrislusf/seaweedfs/weed/s3iam" "github.com/golang/protobuf/jsonpb" "github.com/chrislusf/seaweedfs/weed/glog" @@ -48,19 +52,33 @@ func NewIdentityAccessManagement(option *S3ApiServerOption) *IdentityAccessManag iam := &IdentityAccessManagement{ domain: option.DomainName, } - if err := loadS3config(iam, option); err != nil { + if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil { glog.Warningf("fail to load config %v", err) } if len(iam.identities) == 0 && option.Config != "" { - if err := iam.loadS3ApiConfiguration(option.Config); err != nil { + if err := iam.loadS3ApiConfigurationFromFile(option.Config); err != nil { glog.Fatalf("fail to load config file %s: %v", option.Config, err) } } return iam } -func (iam *IdentityAccessManagement) loadS3ApiConfiguration(fileName string) error { +func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFiler(option *S3ApiServerOption) error { + s3ApiConfiguration := &iam_pb.S3ApiConfiguration{} + return pb.WithCachedGrpcClient(func(grpcConnection *grpc.ClientConn) error { + client := filer_pb.NewSeaweedFilerClient(grpcConnection) + store := s3iam.NewIAMFilerStore(&client) + if err := store.LoadIAMConfig(s3ApiConfiguration); err != nil { + return nil + } + if err := iam.loadS3ApiConfiguration(s3ApiConfiguration); err != nil { + return err + } + return nil + }, option.FilerGrpcAddress, option.GrpcDialOption) +} +func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFile(fileName string) error { s3ApiConfiguration := &iam_pb.S3ApiConfiguration{} rawData, readErr := ioutil.ReadFile(fileName) if readErr != nil { @@ -73,8 +91,14 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(fileName string) err glog.Warningf("unmarshal error: %v", err) return fmt.Errorf("unmarshal %s error: %v", fileName, err) } + if err := iam.loadS3ApiConfiguration(s3ApiConfiguration); err != nil { + return err + } + return nil +} - for _, ident := range s3ApiConfiguration.Identities { +func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3ApiConfiguration) error { + for _, ident := range config.Identities { t := &Identity{ Name: ident.Name, Credentials: nil, @@ -91,7 +115,6 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(fileName string) err } iam.identities = append(iam.identities, t) } - return nil } diff --git a/weed/s3api/filer_util.go b/weed/s3api/filer_util.go index 7e61aa46d..3626ece98 100644 --- a/weed/s3api/filer_util.go +++ b/weed/s3api/filer_util.go @@ -3,20 +3,12 @@ package s3api import ( "context" "fmt" - "github.com/chrislusf/seaweedfs/weed/filer" "github.com/chrislusf/seaweedfs/weed/glog" - "github.com/chrislusf/seaweedfs/weed/pb" "github.com/chrislusf/seaweedfs/weed/pb/filer_pb" - "github.com/chrislusf/seaweedfs/weed/pb/iam_pb" "github.com/chrislusf/seaweedfs/weed/util" "strings" - - proto "github.com/golang/protobuf/proto" - "google.golang.org/grpc" ) -const S3ConfName = "s3.conf" - func (s3a *S3ApiServer) mkdir(parentDirectoryPath string, dirName string, fn func(entry *filer_pb.Entry)) error { return filer_pb.Mkdir(s3a, parentDirectoryPath, dirName, fn) @@ -88,135 +80,6 @@ func (s3a *S3ApiServer) getEntry(parentDirectoryPath, entryName string) (entry * return filer_pb.GetEntry(s3a, fullPath) } -func LoadS3configFromEntryExtended(extended *map[string][]byte, identities *[]*Identity) (err error) { - for name, ident := range *extended { - t := &Identity{ - Name: name, - Credentials: nil, - Actions: nil, - } - identity := &iam_pb.Identity{} - if err := proto.Unmarshal(ident, identity); err != nil { - return err - } - for _, action := range identity.Actions { - t.Actions = append(t.Actions, Action(action)) - } - for _, cred := range identity.Credentials { - t.Credentials = append(t.Credentials, &Credential{ - AccessKey: cred.AccessKey, - SecretKey: cred.SecretKey, - }) - } - *identities = append(*identities, t) - } - return nil -} - -func SaveS3configToEntryExtended(extended *map[string][]byte, identities *[]*Identity) (err error) { - for _, identity := range *identities { - i := &iam_pb.Identity{ - Name: identity.Name, - Credentials: []*iam_pb.Credential{}, - Actions: []string{}, - } - for _, cred := range identity.Credentials { - i.Credentials = append(i.Credentials, &iam_pb.Credential{ - AccessKey: cred.AccessKey, - SecretKey: cred.SecretKey, - }) - } - for _, action := range identity.Actions { - i.Actions = append(i.Actions, string(action)) - } - ident, err := proto.Marshal(i) - if err != nil { - return err - } - (*extended)[identity.Name] = ident - } - return nil -} - -func loadS3config(iam *IdentityAccessManagement, option *S3ApiServerOption) error { - return pb.WithCachedGrpcClient(func(grpcConnection *grpc.ClientConn) error { - client := filer_pb.NewSeaweedFilerClient(grpcConnection) - resp, err := filer_pb.LookupEntry(client, &filer_pb.LookupDirectoryEntryRequest{ - Directory: filer.DirectoryEtc, - Name: S3ConfName, - }) - if err != nil { - return err - } - if err = LoadS3configFromEntryExtended(&resp.Entry.Extended, &iam.identities); err != nil { - return err - } - return nil - }, option.FilerGrpcAddress, option.GrpcDialOption) -} - -/* testing save -func saveS3config(iam *IdentityAccessManagement, option *S3ApiServerOption) (error) { - return pb.WithCachedGrpcClient(func(grpcConnection *grpc.ClientConn) error { - client := filer_pb.NewSeaweedFilerClient(grpcConnection) - entry := &filer_pb.Entry{ - Name: "s3identities", - IsDirectory: false, - Attributes: &filer_pb.FuseAttributes{ - Mtime: time.Now().Unix(), - Crtime: time.Now().Unix(), - FileMode: uint32(0644), - Collection: "", - Replication: "", - }, - Extended: make(map[string][]byte), - } - for _, identity := range iam.identities { - glog.V(0).Infof("get iam identities %s", identity.Name) - i := &iam_pb.Identity{ - Name: identity.Name, - Credentials: []*iam_pb.Credential{}, - Actions: []string{}, - } - for _, cred := range identity.Credentials { - i.Credentials = append(i.Credentials, &iam_pb.Credential{ - AccessKey: cred.AccessKey, - SecretKey: cred.SecretKey, - }) - } - for _, action := range identity.Actions { - i.Actions = append(i.Actions, string(action)) - } - ident, err := proto.Marshal(i) - if err != nil { - return err - } - entry.Extended[identity.Name] = ident - } - _, err := filer_pb.LookupEntry(client, &filer_pb.LookupDirectoryEntryRequest{ - Directory: "/.configs", - Name: "s3identities", - }) - if err == filer_pb.ErrNotFound { - err = filer_pb.CreateEntry(client, &filer_pb.CreateEntryRequest{ - Directory: "/.configs", - Entry: entry, - IsFromOtherCluster: false, - Signatures: nil, - }) - } else { - err = filer_pb.UpdateEntry(client, &filer_pb.UpdateEntryRequest{ - Directory: "/.configs", - Entry: entry, - IsFromOtherCluster: false, - Signatures: nil, - }) - } - return err - },option.FilerGrpcAddress, option.GrpcDialOption) -} -*/ - func objectKey(key *string) *string { if strings.HasPrefix(*key, "/") { t := (*key)[1:] |