seaweedfs/weed/iamapi/iamapi_server.go

149 lines
4.5 KiB
Go
Raw Permalink Normal View History

2020-12-09 20:11:49 +08:00
package iamapi
// https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
import (
"bytes"
2021-04-11 02:57:45 +08:00
"encoding/json"
2021-04-06 16:43:08 +08:00
"fmt"
2022-07-08 17:42:21 +08:00
"net/http"
2020-12-09 20:11:49 +08:00
"github.com/gorilla/mux"
"github.com/seaweedfs/seaweedfs/weed/filer"
"github.com/seaweedfs/seaweedfs/weed/pb"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api"
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"github.com/seaweedfs/seaweedfs/weed/util"
"github.com/seaweedfs/seaweedfs/weed/wdclient"
2020-12-09 20:11:49 +08:00
"google.golang.org/grpc"
)
2021-04-06 16:43:08 +08:00
type IamS3ApiConfig interface {
GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
2021-04-11 02:57:45 +08:00
GetPolicies(policies *Policies) (err error)
PutPolicies(policies *Policies) (err error)
2021-04-06 16:43:08 +08:00
}
type IamS3ApiConfigure struct {
option *IamServerOption
masterClient *wdclient.MasterClient
}
2020-12-09 20:11:49 +08:00
type IamServerOption struct {
Masters map[string]pb.ServerAddress
2021-09-15 01:37:06 +08:00
Filer pb.ServerAddress
Port int
GrpcDialOption grpc.DialOption
2020-12-09 20:11:49 +08:00
}
type IamApiServer struct {
2021-04-06 16:43:08 +08:00
s3ApiConfig IamS3ApiConfig
2021-04-08 20:40:47 +08:00
iam *s3api.IdentityAccessManagement
2020-12-09 20:11:49 +08:00
}
2021-04-06 16:43:08 +08:00
var s3ApiConfigure IamS3ApiConfig
2020-12-09 20:11:49 +08:00
func NewIamApiServer(router *mux.Router, option *IamServerOption) (iamApiServer *IamApiServer, err error) {
2021-04-06 16:43:08 +08:00
s3ApiConfigure = IamS3ApiConfigure{
2020-12-09 20:11:49 +08:00
option: option,
masterClient: wdclient.NewMasterClient(option.GrpcDialOption, "", "iam", "", "", "", *pb.NewServiceDiscoveryFromMap(option.Masters)),
2020-12-09 20:11:49 +08:00
}
2023-09-20 05:02:51 +08:00
s3Option := s3api.S3ApiServerOption{
Filer: option.Filer,
GrpcDialOption: option.GrpcDialOption,
}
2021-04-06 16:43:08 +08:00
iamApiServer = &IamApiServer{
s3ApiConfig: s3ApiConfigure,
2021-04-08 20:40:47 +08:00
iam: s3api.NewIdentityAccessManagement(&s3Option),
2021-04-06 16:43:08 +08:00
}
2020-12-09 20:11:49 +08:00
iamApiServer.registerRouter(router)
return iamApiServer, nil
}
func (iama *IamApiServer) registerRouter(router *mux.Router) {
// API Router
apiRouter := router.PathPrefix("/").Subrouter()
// ListBuckets
// apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST"))
apiRouter.Methods(http.MethodPost).Path("/").HandlerFunc(iama.iam.Auth(iama.DoActions, ACTION_ADMIN))
2021-04-08 20:40:47 +08:00
//
2020-12-09 20:11:49 +08:00
// NotFound
2021-06-11 12:50:21 +08:00
apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
2020-12-09 20:11:49 +08:00
}
2021-04-06 16:43:08 +08:00
func (iam IamS3ApiConfigure) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
2020-12-09 20:11:49 +08:00
var buf bytes.Buffer
err = pb.WithGrpcFilerClient(false, 0, iam.option.Filer, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirectory, filer.IamIdentityFile, &buf); err != nil {
2020-12-09 20:11:49 +08:00
return err
}
return nil
})
if err != nil {
return err
}
if buf.Len() > 0 {
if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
return err
}
}
return nil
}
2021-04-06 16:43:08 +08:00
func (iam IamS3ApiConfigure) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
buf := bytes.Buffer{}
2021-07-09 18:19:21 +08:00
if err := filer.ProtoToText(&buf, s3cfg); err != nil {
return fmt.Errorf("ProtoToText: %s", err)
2021-04-06 16:43:08 +08:00
}
return pb.WithGrpcFilerClient(false, 0, iam.option.Filer, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
err = util.Retry("saveIamIdentity", func() error {
return filer.SaveInsideFiler(client, filer.IamConfigDirectory, filer.IamIdentityFile, buf.Bytes())
})
if err != nil {
return err
}
return nil
})
2021-04-06 16:43:08 +08:00
}
2021-04-11 02:57:45 +08:00
func (iam IamS3ApiConfigure) GetPolicies(policies *Policies) (err error) {
var buf bytes.Buffer
err = pb.WithGrpcFilerClient(false, 0, iam.option.Filer, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirectory, filer.IamPoliciesFile, &buf); err != nil {
2021-04-11 02:57:45 +08:00
return err
}
return nil
})
2022-07-08 17:42:21 +08:00
if err != nil && err != filer_pb.ErrNotFound {
2021-04-11 02:57:45 +08:00
return err
}
2022-07-08 17:42:21 +08:00
if err == filer_pb.ErrNotFound || buf.Len() == 0 {
2021-04-11 02:57:45 +08:00
policies.Policies = make(map[string]PolicyDocument)
return nil
}
if err := json.Unmarshal(buf.Bytes(), policies); err != nil {
return err
}
return nil
}
func (iam IamS3ApiConfigure) PutPolicies(policies *Policies) (err error) {
var b []byte
if b, err = json.Marshal(policies); err != nil {
return err
}
return pb.WithGrpcFilerClient(false, 0, iam.option.Filer, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
if err := filer.SaveInsideFiler(client, filer.IamConfigDirectory, filer.IamPoliciesFile, b); err != nil {
return err
}
return nil
})
2021-04-11 02:57:45 +08:00
}