1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
package s3api
import (
"sync"
)
//Predefined Accounts
var (
// AccountAdmin is used as the default account for IAM-Credentials access without Account configured
AccountAdmin = Account{
Name: "admin",
EmailAddress: "admin@example.com",
Id: "admin",
}
// AccountAnonymous is used to represent the account for anonymous access
AccountAnonymous = Account{
Name: "anonymous",
EmailAddress: "anonymous@example.com",
Id: "anonymous",
}
)
//Account represents a system user, a system user can
//configure multiple IAM-Users, IAM-Users can configure
//permissions respectively, and each IAM-User can
//configure multiple security credentials
type Account struct {
//Name is also used to display the "DisplayName" as the owner of the bucket or object
Name string
EmailAddress string
//Id is used to identify an Account when granting cross-account access(ACLs) to buckets and objects
Id string
}
type AccountManager struct {
sync.Mutex
s3a *S3ApiServer
IdNameMapping map[string]string
EmailIdMapping map[string]string
}
func NewAccountManager(s3a *S3ApiServer) *AccountManager {
am := &AccountManager{
s3a: s3a,
IdNameMapping: make(map[string]string),
EmailIdMapping: make(map[string]string),
}
am.initialize()
return am
}
func (am *AccountManager) GetAccountNameById(canonicalId string) string {
return am.IdNameMapping[canonicalId]
}
func (am *AccountManager) GetAccountIdByEmail(email string) string {
return am.EmailIdMapping[email]
}
func (am *AccountManager) initialize() {
// load predefined Accounts
for _, account := range []Account{AccountAdmin, AccountAnonymous} {
am.IdNameMapping[account.Id] = account.Name
am.EmailIdMapping[account.EmailAddress] = account.Id
}
}
|
