gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

s3 configure

Browse source
This commit is contained in:
Konstantin Lebedev 2020-11-25 21:02:31 +05:00
parent 27e73de797
commit 6206737df2
2 changed files with 221 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

87
weed/s3api/filer_util.go
View file

@ -3,16 +3,20 @@ package s3api
import (
"context"
"fmt"
"strings"
"github.com/chrislusf/seaweedfs/weed/filer"
"github.com/chrislusf/seaweedfs/weed/glog"
"github.com/chrislusf/seaweedfs/weed/pb"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
"github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
"github.com/chrislusf/seaweedfs/weed/util"
"strings"
proto "github.com/golang/protobuf/proto"
"google.golang.org/grpc"
"github.com/chrislusf/seaweedfs/weed/util"
)
const S3ConfName = "s3.conf"
func (s3a *S3ApiServer) mkdir(parentDirectoryPath string, dirName string, fn func(entry *filer_pb.Entry)) error {
return filer_pb.Mkdir(s3a, parentDirectoryPath, dirName, fn)
@ -84,37 +88,68 @@ func (s3a *S3ApiServer) getEntry(parentDirectoryPath, entryName string) (entry *
return filer_pb.GetEntry(s3a, fullPath)
}
func LoadS3configFromEntryExtended(extended *map[string][]byte, identities *[]*Identity) (err error) {
for name, ident := range *extended {
t := &Identity{
Name: name,
Credentials: nil,
Actions: nil,
}
identity := &iam_pb.Identity{}
if err := proto.Unmarshal(ident, identity); err != nil {
return err
}
for _, action := range identity.Actions {
t.Actions = append(t.Actions, Action(action))
}
for _, cred := range identity.Credentials {
t.Credentials = append(t.Credentials, &Credential{
AccessKey: cred.AccessKey,
SecretKey: cred.SecretKey,
})
}
*identities = append(*identities, t)
}
return nil
}
func SaveS3configToEntryExtended(extended *map[string][]byte, identities *[]*Identity) (err error) {
for _, identity := range *identities {
i := &iam_pb.Identity{
Name: identity.Name,
Credentials: []*iam_pb.Credential{},
Actions: []string{},
}
for _, cred := range identity.Credentials {
i.Credentials = append(i.Credentials, &iam_pb.Credential{
AccessKey: cred.AccessKey,
SecretKey: cred.SecretKey,
})
}
for _, action := range identity.Actions {
i.Actions = append(i.Actions, string(action))
}
ident, err := proto.Marshal(i)
if err != nil {
return err
}
(*extended)[identity.Name] = ident
}
return nil
}
func loadS3config(iam *IdentityAccessManagement, option *S3ApiServerOption) error {
return pb.WithCachedGrpcClient(func(grpcConnection *grpc.ClientConn) error {
client := filer_pb.NewSeaweedFilerClient(grpcConnection)
resp, err := filer_pb.LookupEntry(client, &filer_pb.LookupDirectoryEntryRequest{
Directory: "/.configs",
Name: "s3identities",
Directory: filer.DirectoryEtc,
Name: S3ConfName,
})
if err != nil {
return err
}
for name, ident := range resp.Entry.Extended {
t := &Identity{
Name: name,
Credentials: nil,
Actions: nil,
}
identity := &iam_pb.Identity{}
if err := proto.Unmarshal(ident, identity); err != nil {
return err
}
for _, action := range identity.Actions {
t.Actions = append(t.Actions, Action(action))
}
for _, cred := range identity.Credentials {
t.Credentials = append(t.Credentials, &Credential{
AccessKey: cred.AccessKey,
SecretKey: cred.SecretKey,
})
glog.V(0).Infof("AccessKey %s, SecretKey: %s", cred.AccessKey, cred.SecretKey)
}
iam.identities = append(iam.identities, t)
if err = LoadS3configFromEntryExtended(&resp.Entry.Extended, &iam.identities); err != nil {
return err
}
return nil
}, option.FilerGrpcAddress, option.GrpcDialOption)

160
weed/shell/command_s3_configure.go Normal file
View file

@ -0,0 +1,160 @@
package shell
import (
"flag"
"fmt"
"github.com/chrislusf/seaweedfs/weed/s3api"
"io"
"sort"
"strings"
"github.com/chrislusf/seaweedfs/weed/filer"
"github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
)
func init() {
Commands = append(Commands, &commandS3Configure{})
}
type commandS3Configure struct {
}
func (c *commandS3Configure) Name() string {
return "s3.configure"
}
func (c *commandS3Configure) Help() string {
return `configure and apply s3 options for each bucket
# see the current configuration file content
s3.configure
`
}
func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
actions := s3ConfigureCommand.String("actions", "", "actions names")
user := s3ConfigureCommand.String("user", "", "user name")
buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")
if err = s3ConfigureCommand.Parse(args); err != nil {
return nil
}
var identities []*s3api.Identity
if err = commandEnv.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
request := &filer_pb.LookupDirectoryEntryRequest{
Directory: filer.DirectoryEtc,
Name: s3api.S3ConfName,
}
respLookupEntry, err := filer_pb.LookupEntry(client, request)
if err != nil {
return err
}
if err = s3api.LoadS3configFromEntryExtended(&respLookupEntry.Entry.Extended, &identities); err != nil {
return err
}
return nil
}); err != nil {
return err
}
idx := 0
changed := false
if *user != "" && *buckets != "" {
for i, identity := range identities {
if *user == identity.Name {
idx = i
changed = true
break
}
}
}
cmdActions := []s3api.Action{}
for _, bucket := range strings.Split(*buckets, ",") {
for _, action := range strings.Split(*actions, ",") {
cmdActions = append(cmdActions, s3api.Action(fmt.Sprintf("%s:%s", action, bucket)))
}
}
cmdCredential := &s3api.Credential{
AccessKey: *accessKey,
SecretKey: *secretKey,
}
if changed {
if *isDelete {
exists := []int{}
for _, cmdAction := range cmdActions {
for i, currentAction := range identities[idx].Actions {
if cmdAction == currentAction {
exists = append(exists, i)
}
}
}
sort.Sort(sort.Reverse(sort.IntSlice(exists)))
for _, i := range exists {
identities[idx].Actions = append(identities[idx].Actions[:i], identities[idx].Actions[i+1:]...)
}
if *accessKey != "" {
exists = []int{}
for i, credential := range identities[idx].Credentials {
if credential.AccessKey == *accessKey {
exists = append(exists, i)
}
}
sort.Sort(sort.Reverse(sort.IntSlice(exists)))
for _, i := range exists {
identities[idx].Credentials = append(identities[idx].Credentials[:i], identities[idx].Credentials[:i+1]...)
}
}
if *actions == "" && *accessKey == "" {
identities = append(identities[:idx], identities[idx+1:]...)
}
} else {
identities[idx].Actions = append(identities[idx].Actions, cmdActions...)
identities[idx].Credentials = append(identities[idx].Credentials, &s3api.Credential{
AccessKey: *accessKey,
SecretKey: *secretKey,
})
}
} else {
identity := s3api.Identity{
Name: *user,
Actions: cmdActions,
}
identity.Credentials = append(identity.Credentials, &s3api.Credential{
AccessKey: *accessKey,
SecretKey: *secretKey,
})
identities = append(identities, &identity)
}
fmt.Fprintf(writer, fmt.Sprintf("%+v\n", identities))
fmt.Fprintln(writer)
if !*apply {
return nil
}
if err = commandEnv.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
request := &filer_pb.LookupDirectoryEntryRequest{
Directory: filer.DirectoryEtc,
Name: s3api.S3ConfName,
}
respLookupEntry, err := filer_pb.LookupEntry(client, request)
if err != nil {
return err
}
if err = s3api.SaveS3configToEntryExtended(&respLookupEntry.Entry.Extended, &identities); err != nil {
return err
}
return nil
}); err != nil {
return err
}
return nil
}