Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8348 Commits
32 Branches
297 Tags
164 MiB
Tree: 01b7aa79fa
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '01b7aa79fa'
${ noResults }
seaweedfs/weed/iamapi/iamapi_management_handlers.go

516 lines
16 KiB
Raw Normal View History

init Iam Api Server
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
base handlers
4 years ago
init Iam Api Server
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
add tests
4 years ago
base handlers
4 years ago
init Iam Api Server
4 years ago
complete project code, remain test code
3 years ago
init Iam Api Server
4 years ago
GetUserPolicy
4 years ago
init Iam Api Server
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
base handlers
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
add tests
4 years ago
base handlers
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
base handlers
4 years ago
init Iam Api Server
4 years ago
base handlers
4 years ago
iam ListAccessKeys filtred by username
4 years ago
base handlers
4 years ago
iam ListAccessKeys filtred by username
4 years ago
base handlers
4 years ago
iam GetUser
4 years ago
GetUserPolicy
4 years ago
iam GetUser
4 years ago
complete project code, remain test code
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
refine PutUserPolicy
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
refine PutUserPolicy
3 years ago
filter duplicated action
3 years ago
refine PutUserPolicy
3 years ago
filter duplicated action
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
refactor code
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
refactor code
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
add DeleteUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
SaveAs S3 Configuration
4 years ago
SaveInsideFiler S3 Configuration
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
SaveAs S3 Configuration
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
SaveAs S3 Configuration
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
base handlers
4 years ago
filter duplicated action
3 years ago
base handlers
4 years ago
init Iam Api Server
4 years ago
handle implicit username
3 years ago
add more checks and comments
3 years ago
handle implicit username
3 years ago
Merge branch 'master' into handle_implicit_username
3 years ago
add more checks and comments
3 years ago
Merge branch 'master' into handle_implicit_username
3 years ago
add more checks and comments
3 years ago
Merge branch 'master' into handle_implicit_username
3 years ago
add more checks and comments
3 years ago
handle implicit username
3 years ago
init Iam Api Server
4 years ago
refactoring
3 years ago
init Iam Api Server
4 years ago
add tests
4 years ago
refactoring
3 years ago
init Iam Api Server
4 years ago
add tests
4 years ago
init Iam Api Server
4 years ago
iam GetUser
4 years ago
SaveAs S3 Configuration
4 years ago
init Iam Api Server
4 years ago
SaveAs S3 Configuration
4 years ago
init Iam Api Server
4 years ago
handle implicit username
3 years ago
base handlers
4 years ago
SaveAs S3 Configuration
4 years ago
base handlers
4 years ago
iam GetUser
4 years ago
refactoring
3 years ago
iam GetUser
4 years ago
GetUserPolicy
4 years ago
complete project code, remain test code
3 years ago
base handlers
4 years ago
iam GetUser
4 years ago
refactoring
3 years ago
iam GetUser
4 years ago
base handlers
4 years ago
handle implicit username
3 years ago
base handlers
4 years ago
handle implicit username
3 years ago
base handlers
4 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
add tests
4 years ago
refactoring
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
add tests
4 years ago
refactoring
3 years ago
handler PutUserPolicy https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
4 years ago
GetUserPolicy
4 years ago
refactoring
3 years ago
GetUserPolicy
4 years ago
add DeleteUserPolicy
4 years ago
refactoring
3 years ago
add missing return
3 years ago
add DeleteUserPolicy
4 years ago
init Iam Api Server
4 years ago
add DeleteUserPolicy
4 years ago
refactoring
3 years ago
init Iam Api Server
4 years ago
SaveAs S3 Configuration
4 years ago
add tests
4 years ago
SaveInsideFiler S3 Configuration
4 years ago
refactoring
3 years ago
SaveAs S3 Configuration
4 years ago
refactoring
3 years ago
init Iam Api Server
4 years ago
  1. package iamapi
  3. import (
  4. "crypto/sha1"
  5. "encoding/json"
  6. "fmt"
  7. "math/rand"
  8. "net/http"
  9. "net/url"
  10. "reflect"
  11. "strings"
  12. "sync"
  13. "time"
  15. "github.com/chrislusf/seaweedfs/weed/glog"
  16. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  17. "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  18. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  20. "github.com/aws/aws-sdk-go/service/iam"
  21. )
  23. const (
  24. charsetUpper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
  25. charset = charsetUpper + "abcdefghijklmnopqrstuvwxyz/"
  26. policyDocumentVersion = "2012-10-17"
  27. StatementActionAdmin = "*"
  28. StatementActionWrite = "Put*"
  29. StatementActionRead = "Get*"
  30. StatementActionList = "List*"
  31. StatementActionTagging = "Tagging*"
  32. )
  34. var (
  35. seededRand *rand.Rand = rand.New(
  36. rand.NewSource(time.Now().UnixNano()))
  37. policyDocuments = map[string]*PolicyDocument{}
  38. policyLock = sync.RWMutex{}
  39. )
  41. func MapToStatementAction(action string) string {
  42. switch action {
  43. case StatementActionAdmin:
  44. return s3_constants.ACTION_ADMIN
  45. case StatementActionWrite:
  46. return s3_constants.ACTION_WRITE
  47. case StatementActionRead:
  48. return s3_constants.ACTION_READ
  49. case StatementActionList:
  50. return s3_constants.ACTION_LIST
  51. case StatementActionTagging:
  52. return s3_constants.ACTION_TAGGING
  53. default:
  54. return ""
  55. }
  56. }
  58. func MapToIdentitiesAction(action string) string {
  59. switch action {
  60. case s3_constants.ACTION_ADMIN:
  61. return StatementActionAdmin
  62. case s3_constants.ACTION_WRITE:
  63. return StatementActionWrite
  64. case s3_constants.ACTION_READ:
  65. return StatementActionRead
  66. case s3_constants.ACTION_LIST:
  67. return StatementActionList
  68. case s3_constants.ACTION_TAGGING:
  69. return StatementActionTagging
  70. default:
  71. return ""
  72. }
  73. }
  75. type Statement struct {
  76. Effect string `json:"Effect"`
  77. Action []string `json:"Action"`
  78. Resource []string `json:"Resource"`
  79. }
  81. type Policies struct {
  82. Policies map[string]PolicyDocument `json:"policies"`
  83. }
  85. type PolicyDocument struct {
  86. Version string `json:"Version"`
  87. Statement []*Statement `json:"Statement"`
  88. }
  90. func (p PolicyDocument) String() string {
  91. b, _ := json.Marshal(p)
  92. return string(b)
  93. }
  95. func Hash(s *string) string {
  96. h := sha1.New()
  97. h.Write([]byte(*s))
  98. return fmt.Sprintf("%x", h.Sum(nil))
  99. }
  101. func StringWithCharset(length int, charset string) string {
  102. b := make([]byte, length)
  103. for i := range b {
  104. b[i] = charset[seededRand.Intn(len(charset))]
  105. }
  106. return string(b)
  107. }
  109. func (iama *IamApiServer) ListUsers(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp ListUsersResponse) {
  110. for _, ident := range s3cfg.Identities {
  111. resp.ListUsersResult.Users = append(resp.ListUsersResult.Users, &iam.User{UserName: &ident.Name})
  112. }
  113. return resp
  114. }
  116. func (iama *IamApiServer) ListAccessKeys(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp ListAccessKeysResponse) {
  117. status := iam.StatusTypeActive
  118. userName := values.Get("UserName")
  119. for _, ident := range s3cfg.Identities {
  120. if userName != "" && userName != ident.Name {
  121. continue
  122. }
  123. for _, cred := range ident.Credentials {
  124. resp.ListAccessKeysResult.AccessKeyMetadata = append(resp.ListAccessKeysResult.AccessKeyMetadata,
  125. &iam.AccessKeyMetadata{UserName: &ident.Name, AccessKeyId: &cred.AccessKey, Status: &status},
  126. )
  127. }
  128. }
  129. return resp
  130. }
  132. func (iama *IamApiServer) CreateUser(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp CreateUserResponse) {
  133. userName := values.Get("UserName")
  134. resp.CreateUserResult.User.UserName = &userName
  135. s3cfg.Identities = append(s3cfg.Identities, &iam_pb.Identity{Name: userName})
  136. return resp
  137. }
  139. func (iama *IamApiServer) DeleteUser(s3cfg *iam_pb.S3ApiConfiguration, userName string) (resp DeleteUserResponse, err error) {
  140. for i, ident := range s3cfg.Identities {
  141. if userName == ident.Name {
  142. s3cfg.Identities = append(s3cfg.Identities[:i], s3cfg.Identities[i+1:]...)
  143. return resp, nil
  144. }
  145. }
  146. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  147. }
  149. func (iama *IamApiServer) GetUser(s3cfg *iam_pb.S3ApiConfiguration, userName string) (resp GetUserResponse, err error) {
  150. for _, ident := range s3cfg.Identities {
  151. if userName == ident.Name {
  152. resp.GetUserResult.User = iam.User{UserName: &ident.Name}
  153. return resp, nil
  154. }
  155. }
  156. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  157. }
  159. func (iama *IamApiServer) UpdateUser(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp UpdateUserResponse, err error) {
  160. userName := values.Get("UserName")
  161. newUserName := values.Get("NewUserName")
  162. if newUserName != "" {
  163. for _, ident := range s3cfg.Identities {
  164. if userName == ident.Name {
  165. ident.Name = newUserName
  166. return resp, nil
  167. }
  168. }
  169. } else {
  170. return resp, nil
  171. }
  172. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  173. }
  175. func GetPolicyDocument(policy *string) (policyDocument PolicyDocument, err error) {
  176. if err = json.Unmarshal([]byte(*policy), &policyDocument); err != nil {
  177. return PolicyDocument{}, err
  178. }
  179. return policyDocument, err
  180. }
  182. func (iama *IamApiServer) CreatePolicy(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp CreatePolicyResponse, err error) {
  183. policyName := values.Get("PolicyName")
  184. policyDocumentString := values.Get("PolicyDocument")
  185. policyDocument, err := GetPolicyDocument(&policyDocumentString)
  186. if err != nil {
  187. return CreatePolicyResponse{}, err
  188. }
  189. policyId := Hash(&policyDocumentString)
  190. arn := fmt.Sprintf("arn:aws:iam:::policy/%s", policyName)
  191. resp.CreatePolicyResult.Policy.PolicyName = &policyName
  192. resp.CreatePolicyResult.Policy.Arn = &arn
  193. resp.CreatePolicyResult.Policy.PolicyId = &policyId
  194. policies := Policies{}
  195. policyLock.Lock()
  196. defer policyLock.Unlock()
  197. if err = iama.s3ApiConfig.GetPolicies(&policies); err != nil {
  198. return resp, err
  199. }
  200. policies.Policies[policyName] = policyDocument
  201. if err = iama.s3ApiConfig.PutPolicies(&policies); err != nil {
  202. return resp, err
  203. }
  204. return resp, nil
  205. }
  207. // https://docs.aws.amazon.com/IAM/latest/APIReference/API_PutUserPolicy.html
  208. func (iama *IamApiServer) PutUserPolicy(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp PutUserPolicyResponse, err error) {
  209. userName := values.Get("UserName")
  210. policyName := values.Get("PolicyName")
  211. policyDocumentString := values.Get("PolicyDocument")
  212. policyDocument, err := GetPolicyDocument(&policyDocumentString)
  213. if err != nil {
  214. return PutUserPolicyResponse{}, err
  215. }
  216. policyDocuments[policyName] = &policyDocument
  217. actions := GetActions(&policyDocument)
  218. for _, ident := range s3cfg.Identities {
  219. if userName != ident.Name {
  220. continue
  221. }
  223. existedActions := make(map[string]bool, len(ident.Actions))
  224. for _, action := range ident.Actions {
  225. existedActions[action] = true
  226. }
  228. for _, action := range actions {
  229. if !existedActions[action] {
  230. ident.Actions = append(ident.Actions, action)
  231. }
  232. }
  233. return resp, nil
  234. }
  235. return resp, fmt.Errorf("%s: the user with name %s cannot be found", iam.ErrCodeNoSuchEntityException, userName)
  236. }
  238. func (iama *IamApiServer) GetUserPolicy(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp GetUserPolicyResponse, err error) {
  239. userName := values.Get("UserName")
  240. policyName := values.Get("PolicyName")
  241. for _, ident := range s3cfg.Identities {
  242. if userName != ident.Name {
  243. continue
  244. }
  246. resp.GetUserPolicyResult.UserName = userName
  247. resp.GetUserPolicyResult.PolicyName = policyName
  248. if len(ident.Actions) == 0 {
  249. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  250. }
  252. policyDocument := PolicyDocument{Version: policyDocumentVersion}
  253. statements := make(map[string][]string)
  254. for _, action := range ident.Actions {
  255. // parse "Read:EXAMPLE-BUCKET"
  256. act := strings.Split(action, ":")
  258. resource := "*"
  259. if len(act) == 2 {
  260. resource = fmt.Sprintf("arn:aws:s3:::%s/*", act[1])
  261. }
  262. statements[resource] = append(statements[resource],
  263. fmt.Sprintf("s3:%s", MapToIdentitiesAction(act[0])),
  264. )
  265. }
  266. for resource, actions := range statements {
  267. isEqAction := false
  268. for i, statement := range policyDocument.Statement {
  269. if reflect.DeepEqual(statement.Action, actions) {
  270. policyDocument.Statement[i].Resource = append(
  271. policyDocument.Statement[i].Resource, resource)
  272. isEqAction = true
  273. break
  274. }
  275. }
  276. if isEqAction {
  277. continue
  278. }
  279. policyDocumentStatement := Statement{
  280. Effect: "Allow",
  281. Action: actions,
  282. }
  283. policyDocumentStatement.Resource = append(policyDocumentStatement.Resource, resource)
  284. policyDocument.Statement = append(policyDocument.Statement, &policyDocumentStatement)
  285. }
  286. resp.GetUserPolicyResult.PolicyDocument = policyDocument.String()
  287. return resp, nil
  288. }
  289. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  290. }
  292. func (iama *IamApiServer) DeleteUserPolicy(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp PutUserPolicyResponse, err error) {
  293. userName := values.Get("UserName")
  294. for i, ident := range s3cfg.Identities {
  295. if ident.Name == userName {
  296. s3cfg.Identities = append(s3cfg.Identities[:i], s3cfg.Identities[i+1:]...)
  297. return resp, nil
  298. }
  299. }
  300. return resp, fmt.Errorf(iam.ErrCodeNoSuchEntityException)
  301. }
  303. func GetActions(policy *PolicyDocument) (actions []string) {
  304. for _, statement := range policy.Statement {
  305. if statement.Effect != "Allow" {
  306. continue
  307. }
  308. for _, resource := range statement.Resource {
  309. // Parse "arn:aws:s3:::my-bucket/shared/*"
  310. res := strings.Split(resource, ":")
  311. if len(res) != 6 || res[0] != "arn" || res[1] != "aws" || res[2] != "s3" {
  312. glog.Infof("not match resource: %s", res)
  313. continue
  314. }
  315. for _, action := range statement.Action {
  316. // Parse "s3:Get*"
  317. act := strings.Split(action, ":")
  318. if len(act) != 2 || act[0] != "s3" {
  319. glog.Infof("not match action: %s", act)
  320. continue
  321. }
  322. statementAction := MapToStatementAction(act[1])
  323. if res[5] == "*" {
  324. actions = append(actions, statementAction)
  325. continue
  326. }
  327. // Parse my-bucket/shared/*
  328. path := strings.Split(res[5], "/")
  329. if len(path) != 2 || path[1] != "*" {
  330. glog.Infof("not match bucket: %s", path)
  331. continue
  332. }
  333. actions = append(actions, fmt.Sprintf("%s:%s", statementAction, path[0]))
  334. }
  335. }
  336. }
  337. return actions
  338. }
  340. func (iama *IamApiServer) CreateAccessKey(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp CreateAccessKeyResponse) {
  341. userName := values.Get("UserName")
  342. status := iam.StatusTypeActive
  343. accessKeyId := StringWithCharset(21, charsetUpper)
  344. secretAccessKey := StringWithCharset(42, charset)
  345. resp.CreateAccessKeyResult.AccessKey.AccessKeyId = &accessKeyId
  346. resp.CreateAccessKeyResult.AccessKey.SecretAccessKey = &secretAccessKey
  347. resp.CreateAccessKeyResult.AccessKey.UserName = &userName
  348. resp.CreateAccessKeyResult.AccessKey.Status = &status
  349. changed := false
  350. for _, ident := range s3cfg.Identities {
  351. if userName == ident.Name {
  352. ident.Credentials = append(ident.Credentials,
  353. &iam_pb.Credential{AccessKey: accessKeyId, SecretKey: secretAccessKey})
  354. changed = true
  355. break
  356. }
  357. }
  358. if !changed {
  359. s3cfg.Identities = append(s3cfg.Identities,
  360. &iam_pb.Identity{
  361. Name: userName,
  362. Credentials: []*iam_pb.Credential{
  363. {
  364. AccessKey: accessKeyId,
  365. SecretKey: secretAccessKey,
  366. },
  367. },
  368. },
  369. )
  370. }
  371. return resp
  372. }
  374. func (iama *IamApiServer) DeleteAccessKey(s3cfg *iam_pb.S3ApiConfiguration, values url.Values) (resp DeleteAccessKeyResponse) {
  375. userName := values.Get("UserName")
  376. accessKeyId := values.Get("AccessKeyId")
  377. for _, ident := range s3cfg.Identities {
  378. if userName == ident.Name {
  379. for i, cred := range ident.Credentials {
  380. if cred.AccessKey == accessKeyId {
  381. ident.Credentials = append(ident.Credentials[:i], ident.Credentials[i+1:]...)
  382. break
  383. }
  384. }
  385. break
  386. }
  387. }
  388. return resp
  389. }
  391. // handleImplicitUsername adds username who signs the request to values if 'username' is not specified
  392. // According to https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/create-access-key.html/
  393. // "If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web
  394. // Services access key ID signing the request."
  395. func handleImplicitUsername(r *http.Request, values url.Values) {
  396. if len(r.Header["Authorization"]) == 0 || values.Get("UserName") != "" {
  397. return
  398. }
  399. // get username who signs the request. For a typical Authorization:
  400. // "AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request, SignedHeaders=content-type;
  401. // host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8",
  402. // the "test1" will be extracted as the username
  403. glog.V(4).Infof("Authorization field: %v", r.Header["Authorization"][0])
  404. s := strings.Split(r.Header["Authorization"][0], "Credential=")
  405. if len(s) < 2 {
  406. return
  407. }
  408. s = strings.Split(s[1], ",")
  409. if len(s) < 2 {
  410. return
  411. }
  412. s = strings.Split(s[0], "/")
  413. if len(s) < 5 {
  414. return
  415. }
  416. userName := s[2]
  417. values.Set("UserName", userName)
  418. }
  420. func (iama *IamApiServer) DoActions(w http.ResponseWriter, r *http.Request) {
  421. if err := r.ParseForm(); err != nil {
  422. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  423. return
  424. }
  425. values := r.PostForm
  426. s3cfg := &iam_pb.S3ApiConfiguration{}
  427. if err := iama.s3ApiConfig.GetS3ApiConfiguration(s3cfg); err != nil {
  428. s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
  429. return
  430. }
  432. glog.V(4).Infof("DoActions: %+v", values)
  433. var response interface{}
  434. var err error
  435. changed := true
  436. switch r.Form.Get("Action") {
  437. case "ListUsers":
  438. response = iama.ListUsers(s3cfg, values)
  439. changed = false
  440. case "ListAccessKeys":
  441. handleImplicitUsername(r, values)
  442. response = iama.ListAccessKeys(s3cfg, values)
  443. changed = false
  444. case "CreateUser":
  445. response = iama.CreateUser(s3cfg, values)
  446. case "GetUser":
  447. userName := values.Get("UserName")
  448. response, err = iama.GetUser(s3cfg, userName)
  449. if err != nil {
  450. writeIamErrorResponse(w, r, err, "user", userName, nil)
  451. return
  452. }
  453. changed = false
  454. case "UpdateUser":
  455. response, err = iama.UpdateUser(s3cfg, values)
  456. if err != nil {
  457. glog.Errorf("UpdateUser: %+v", err)
  458. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  459. return
  460. }
  461. case "DeleteUser":
  462. userName := values.Get("UserName")
  463. response, err = iama.DeleteUser(s3cfg, userName)
  464. if err != nil {
  465. writeIamErrorResponse(w, r, err, "user", userName, nil)
  466. return
  467. }
  468. case "CreateAccessKey":
  469. handleImplicitUsername(r, values)
  470. response = iama.CreateAccessKey(s3cfg, values)
  471. case "DeleteAccessKey":
  472. handleImplicitUsername(r, values)
  473. response = iama.DeleteAccessKey(s3cfg, values)
  474. case "CreatePolicy":
  475. response, err = iama.CreatePolicy(s3cfg, values)
  476. if err != nil {
  477. glog.Errorf("CreatePolicy: %+v", err)
  478. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  479. return
  480. }
  481. case "PutUserPolicy":
  482. response, err = iama.PutUserPolicy(s3cfg, values)
  483. if err != nil {
  484. glog.Errorf("PutUserPolicy: %+v", err)
  485. s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRequest)
  486. return
  487. }
  488. case "GetUserPolicy":
  489. response, err = iama.GetUserPolicy(s3cfg, values)
  490. if err != nil {
  491. writeIamErrorResponse(w, r, err, "user", values.Get("UserName"), nil)
  492. return
  493. }
  494. changed = false
  495. case "DeleteUserPolicy":
  496. if response, err = iama.DeleteUserPolicy(s3cfg, values); err != nil {
  497. writeIamErrorResponse(w, r, err, "user", values.Get("UserName"), nil)
  498. return
  499. }
  500. default:
  501. errNotImplemented := s3err.GetAPIError(s3err.ErrNotImplemented)
  502. errorResponse := ErrorResponse{}
  503. errorResponse.Error.Code = &errNotImplemented.Code
  504. errorResponse.Error.Message = &errNotImplemented.Description
  505. s3err.WriteXMLResponse(w, r, errNotImplemented.HTTPStatusCode, errorResponse)
  506. return
  507. }
  508. if changed {
  509. err := iama.s3ApiConfig.PutS3ApiConfiguration(s3cfg)
  510. if err != nil {
  511. writeIamErrorResponse(w, r, fmt.Errorf(iam.ErrCodeServiceFailureException), "", "", err)
  512. return
  513. }
  514. }
  515. s3err.WriteXMLResponse(w, r, http.StatusOK, response)
  516. }