seaweedfs/weed/shell/command_s3_configure.go

package shell

import (
	"flag"
	"fmt"
	"io"
	"sort"
	"strings"

	"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
	"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
	"github.com/chrislusf/seaweedfs/weed/s3iam"
)

func init() {
	Commands = append(Commands, &commandS3Configure{})
}

type commandS3Configure struct {
}

func (c *commandS3Configure) Name() string {
	return "s3.configure"
}

func (c *commandS3Configure) Help() string {
	return `configure and apply s3 options for each bucket
	# see the current configuration file content
	s3.configure
	`
}

func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
	s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
	actions := s3ConfigureCommand.String("actions", "", "actions names")
	user := s3ConfigureCommand.String("user", "", "user name")
	buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
	accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
	secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
	isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
	apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")

	if err = s3ConfigureCommand.Parse(args); err != nil {
		return nil
	}

	s3cfg := &iam_pb.S3ApiConfiguration{}
	ifs := &s3iam.IAMFilerStore{}
	if err = commandEnv.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
		ifs = s3iam.NewIAMFilerStore(&client)
		if err := ifs.LoadIAMConfig(s3cfg); err != nil {
			return nil
		}
		return nil
	}); err != nil {
		return err
	}

	idx := 0
	changed := false
	if *user != "" && *buckets != "" {
		for i, identity := range s3cfg.Identities {
			if *user == identity.Name {
				idx = i
				changed = true
				break
			}
		}
	}
	var cmdActions []string
	for _, bucket := range strings.Split(*buckets, ",") {
		for _, action := range strings.Split(*actions, ",") {
			cmdActions = append(cmdActions, fmt.Sprintf("%s:%s", action, bucket))
		}
	}
	if changed {
		if *isDelete {
			var exists []int
			for _, cmdAction := range cmdActions {
				for i, currentAction := range s3cfg.Identities[idx].Actions {
					if cmdAction == currentAction {
						exists = append(exists, i)
					}
				}
			}
			sort.Sort(sort.Reverse(sort.IntSlice(exists)))
			for _, i := range exists {
				s3cfg.Identities[idx].Actions = append(
					s3cfg.Identities[idx].Actions[:i],
					s3cfg.Identities[idx].Actions[i+1:]...,
				)
			}
			if *accessKey != "" {
				exists = []int{}
				for i, credential := range s3cfg.Identities[idx].Credentials {
					if credential.AccessKey == *accessKey {
						exists = append(exists, i)
					}
				}
				sort.Sort(sort.Reverse(sort.IntSlice(exists)))
				for _, i := range exists {
					s3cfg.Identities[idx].Credentials = append(
						s3cfg.Identities[idx].Credentials[:i],
						s3cfg.Identities[idx].Credentials[:i+1]...,
					)
				}

			}
			if *actions == "" && *accessKey == "" {
				s3cfg.Identities = append(s3cfg.Identities[:idx], s3cfg.Identities[idx+1:]...)
			}
		} else {
			s3cfg.Identities[idx].Actions = append(s3cfg.Identities[idx].Actions, cmdActions...)
			s3cfg.Identities[idx].Credentials = append(s3cfg.Identities[idx].Credentials, &iam_pb.Credential{
				AccessKey: *accessKey,
				SecretKey: *secretKey,
			})
		}
	} else {
		identity := iam_pb.Identity{
			Name:    *user,
			Actions: cmdActions,
		}
		identity.Credentials = append(identity.Credentials, &iam_pb.Credential{
			AccessKey: *accessKey,
			SecretKey: *secretKey,
		})
		s3cfg.Identities = append(s3cfg.Identities, &identity)
	}

	fmt.Fprintf(writer, fmt.Sprintf("%+v\n", s3cfg.Identities))
	fmt.Fprintln(writer)

	if *apply {
		if err := ifs.SaveIAMConfig(s3cfg); err != nil {
			return err
		}
	}

	return nil
}