Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9967 Commits
32 Branches
296 Tags
160 MiB
Tree: 1397b1ca09
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1397b1ca09'
${ noResults }
seaweedfs/weed/s3api/s3api_server.go

268 lines
13 KiB
Raw Normal View History

add list all my buckets
7 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
s3: use bucket in the domain fix https://github.com/chrislusf/seaweedfs/issues/1405
4 years ago
move to https://github.com/seaweedfs/seaweedfs
2 years ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
move to https://github.com/seaweedfs/seaweedfs
2 years ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
support acl
5 years ago
multiplate DomainNames through comma
4 years ago
s3: subscribe to s3.configure changes
4 years ago
support acl
5 years ago
add list all my buckets
7 years ago
move to https://github.com/seaweedfs/seaweedfs
2 years ago
adding grpc mutual tls
6 years ago
add list all my buckets
7 years ago
allowDeleteBucketNotEmpty
3 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
2 years ago
filer prefer volume server in same data center (#3405) * initial prefer same data center https://github.com/seaweedfs/seaweedfs/issues/3404 * GetDataCenter * prefer same data center for ReplicationSource * GetDataCenterId * remove glog
2 years ago
Use filerGroup for s3 buckets collection prefix (#4465) * Use filerGroup for s3 buckets collection prefix * Fix templates * Remove flags * Remove s3CollectionPrefix
2 years ago
add list all my buckets
7 years ago
s3: add grpc server to accept configuration changes
3 years ago
add client id for all metadata listening clients
3 years ago
add s3 circuit breaker support for 'simultaneous request count' and 'simultaneous request bytes' limitations configure s3 circuit breaker by 'command_s3_circuitbreaker.go': usage eg: # Configure the number of simultaneous global (current s3api node) requests s3.circuit.breaker -global -type count -actions Write -values 1000 -apply # Configure the number of simultaneous requests for bucket x read and write s3.circuit.breaker -buckets -type count -actions Read,Write -values 1000 -apply # Configure the total bytes of simultaneous requests for bucket write s3.circuit.breaker -buckets -type bytes -actions Write -values 100MiB -apply # Disable circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -enable false -apply # Delete circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -delete -apply
3 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
s3: sync bucket info from filer (#3759)
2 years ago
add list all my buckets
7 years ago
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Client - one JWT for reading and one for writing, analogous to how the JWT between Master and Volume Server works - I did not implement IP `whiteList` parameter on the filer Additionally, because http_util.DownloadFile now sets the JWT, the `download` command should now work when `jwt.signing.read` is configured. By looking at the code, I think this case did not work before. ## Docs to be adjusted after a release Page `Amazon-S3-API`: ``` # Authentication with Filer You can use mTLS for the gRPC connection between S3-API-Proxy and the filer, as explained in [Security-Configuration](Security-Configuration) - controlled by the `grpc.*` configuration in `security.toml`. Starting with version XX, it is also possible to authenticate the HTTP operations between the S3-API-Proxy and the Filer (especially uploading new files). This is configured by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. With both configurations (gRPC and JWT), it is possible to have Filer and S3 communicate in fully authenticated fashion; so Filer will reject any unauthenticated communication. ``` Page `Security Overview`: ``` The following items are not covered, yet: - master server http REST services Starting with version XX, the Filer HTTP REST services can be secured with a JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. ... Before version XX: "weed filer -disableHttp", disable http operations, only gRPC operations are allowed. This works with "weed mount" by FUSE. It does **not work** with the [S3 Gateway](Amazon S3 API), as this does HTTP calls to the Filer. Starting with version XX: secured by JWT, by setting `filer_jwt.signing.key` and `filer_jwt.signing.read.key` in `security.toml`. **This now works with the [S3 Gateway](Amazon S3 API).** ... # Securing Filer HTTP with JWT To enable JWT-based access control for the Filer, 1. generate `security.toml` file by `weed scaffold -config=security` 2. set `filer_jwt.signing.key` to a secret string - and optionally filer_jwt.signing.read.key` as well to a secret string 3. copy the same `security.toml` file to the filers and all S3 proxies. If `filer_jwt.signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.key`. If `filer_jwt.signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `filer_jwt.signing.read.key`. The S3 API Gateway reads the above JWT keys and sends authenticated HTTP requests to the filer. ``` Page `Security Configuration`: ``` (update scaffold file) ... [filer_jwt.signing] key = "blahblahblahblah" [filer_jwt.signing.read] key = "blahblahblahblah" ``` Resolves: #158
3 years ago
add list all my buckets
7 years ago
add client id for all metadata listening clients
3 years ago
Merge branch 'master' into metadata_follow_with_client_id
3 years ago
add s3 circuit breaker support for 'simultaneous request count' and 'simultaneous request bytes' limitations configure s3 circuit breaker by 'command_s3_circuitbreaker.go': usage eg: # Configure the number of simultaneous global (current s3api node) requests s3.circuit.breaker -global -type count -actions Write -values 1000 -apply # Configure the number of simultaneous requests for bucket x read and write s3.circuit.breaker -buckets -type count -actions Read,Write -values 1000 -apply # Configure the total bytes of simultaneous requests for bucket write s3.circuit.breaker -buckets -type bytes -actions Write -values 100MiB -apply # Disable circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -enable false -apply # Delete circuit breaker config of bucket 'x' s3.circuit.breaker -buckets x -delete -apply
3 years ago
add list all my buckets
7 years ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
fix
1 year ago
[s3] do reload s3 static config (#4923) * do reload s3 config * print error on reload s3 config * print success msg * Update weed/s3api/s3api_server.go --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com>
1 year ago
s3: sync bucket info from filer (#3759)
2 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
2 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
avoid DATA RACE on S3Options.localFilerSocket (#3571) * avoid DATA RACE on S3Options.localFilerSocket https://github.com/seaweedfs/seaweedfs/issues/3552 * copy localSocket
2 years ago
s3 and filer transport using unix domain socket instead of tcp
3 years ago
add list all my buckets
7 years ago
s3: sync bucket info from filer (#3759)
2 years ago
add list all my buckets
7 years ago
Add liveness\readiness probe for s3 api handler on /status path
3 years ago
Handle preflight cors requests (#3481)
2 years ago
fix:Handle preflight cors requests (#3496)
2 years ago
Handle preflight cors requests (#3481)
2 years ago
fix:Handle preflight cors requests (#3496)
2 years ago
Handle preflight cors requests (#3481)
2 years ago
add list all my buckets
7 years ago
multiplate DomainNames through comma
4 years ago
add list all my buckets
7 years ago
add s3 upload, and removing mono and multi part upload analyzer removing mono and multi part upload analyzer, which were used just to determine the file name
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV2Handler
7 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
add some unit tests and some code optimizes
3 years ago
add place holders for multiplarts upload
6 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
add some unit tests and some code optimizes
3 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
add some unit tests and some code optimizes
3 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
add some unit tests and some code optimizes
3 years ago
s3: support object tagging * GetObjectTagging * PutObjectTagging * DeleteObjectTagging
4 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
1 year ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
add some unit tests and some code optimizes
3 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
add some unit tests and some code optimizes
3 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
add some unit tests and some code optimizes
3 years ago
s3: avoid overwriting object with ACL/LegalHold/Retension/LockConfiguration requests
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
1 year ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add s3 copy fix https://github.com/chrislusf/seaweedfs/issues/1190
5 years ago
add some unit tests and some code optimizes
3 years ago
working S3 multipart uploads
6 years ago
add some unit tests and some code optimizes
3 years ago
s3 add HEAD DELETE
7 years ago
add some unit tests and some code optimizes
3 years ago
add list all my buckets
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3 API add ListObjectsV1
7 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
s3: add support for PostPolicy fix https://github.com/chrislusf/seaweedfs/issues/1426
4 years ago
preparing to support S3 multipart uploads
6 years ago
add some unit tests and some code optimizes
3 years ago
AclHandlers
3 years ago
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
1 year ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
1 year ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: added new bucket handlers for more compatibility with AWS S3 Protocol Otherwise any requests to the underlying handlers results in calls to ListObjects (v1) that may intensively load gateway and volume servers. Added the following handlers with default responses: - GetBucketLocation - GetBucketRequestPayment Added the following handlers with NotFound and NotImplemented responses: - PutBucketAcl - GetBucketPolicy - PutBucketPolicy - DeleteBucketPolicy - GetBucketCors - PutBucketCors - DeleteBucketCors
3 years ago
add some unit tests and some code optimizes
3 years ago
AclHandlers
3 years ago
s3 api add default response for GetBucketVersioning
1 year ago
s3 api add not implemented response for PutBucketVersioning
1 year ago
s3 api add default response for GetBucketVersioning
1 year ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add ownership rest apis (#3765)
2 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
AclHandlers
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
s3: skip permission checking for creating bucket if the bucket already exists fix https://github.com/chrislusf/seaweedfs/issues/2417 Rclone was trying to create the bucket even though the bucket already exists.
3 years ago
fix DeleteBucketLifecycleConfiguration
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add some unit tests and some code optimizes
3 years ago
weed/s3api: rearrange s3 methods handlers to ensure correct methods requesting Otherwise current calls for some methods (i.e. GetObjectAcl) ends up with wrong method selection (i.e. GetObject). Added generic comment rule of traversing methods
3 years ago
add list all my buckets
7 years ago
s3: support config action Admin:bucket
4 years ago
add list all my buckets
7 years ago
refactor
4 years ago
add list all my buckets
7 years ago
  1. package s3api
  3. import (
  4. "context"
  5. "fmt"
  6. "github.com/seaweedfs/seaweedfs/weed/filer"
  7. "github.com/seaweedfs/seaweedfs/weed/glog"
  8. "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
  9. "github.com/seaweedfs/seaweedfs/weed/util/grace"
  10. "net"
  11. "net/http"
  12. "strings"
  13. "time"
  15. "github.com/gorilla/mux"
  16. "github.com/seaweedfs/seaweedfs/weed/pb"
  17. . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
  18. "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
  19. "github.com/seaweedfs/seaweedfs/weed/security"
  20. "github.com/seaweedfs/seaweedfs/weed/util"
  21. "google.golang.org/grpc"
  22. )
  24. type S3ApiServerOption struct {
  25. Filer pb.ServerAddress
  26. Port int
  27. Config string
  28. DomainName string
  29. BucketsPath string
  30. GrpcDialOption grpc.DialOption
  31. AllowEmptyFolder bool
  32. AllowDeleteBucketNotEmpty bool
  33. LocalFilerSocket string
  34. DataCenter string
  35. FilerGroup string
  36. }
  38. type S3ApiServer struct {
  39. s3_pb.UnimplementedSeaweedS3Server
  40. option *S3ApiServerOption
  41. iam *IdentityAccessManagement
  42. cb *CircuitBreaker
  43. randomClientId int32
  44. filerGuard *security.Guard
  45. client *http.Client
  46. bucketRegistry *BucketRegistry
  47. }
  49. func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
  50. v := util.GetViper()
  51. signingKey := v.GetString("jwt.filer_signing.key")
  52. v.SetDefault("jwt.filer_signing.expires_after_seconds", 10)
  53. expiresAfterSec := v.GetInt("jwt.filer_signing.expires_after_seconds")
  55. readSigningKey := v.GetString("jwt.filer_signing.read.key")
  56. v.SetDefault("jwt.filer_signing.read.expires_after_seconds", 60)
  57. readExpiresAfterSec := v.GetInt("jwt.filer_signing.read.expires_after_seconds")
  59. s3ApiServer = &S3ApiServer{
  60. option: option,
  61. iam: NewIdentityAccessManagement(option),
  62. randomClientId: util.RandomInt32(),
  63. filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
  64. cb: NewCircuitBreaker(option),
  65. }
  66. if option.Config != "" {
  67. grace.OnReload(func() {
  68. if err := s3ApiServer.iam.loadS3ApiConfigurationFromFile(option.Config); err != nil {
  69. glog.Errorf("fail to load config file %s: %v", option.Config, err)
  70. } else {
  71. glog.V(0).Infof("Loaded %d identities from config file %s", len(s3ApiServer.iam.identities), option.Config)
  72. }
  73. })
  74. }
  75. s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
  76. if option.LocalFilerSocket == "" {
  77. s3ApiServer.client = &http.Client{Transport: &http.Transport{
  78. MaxIdleConns: 1024,
  79. MaxIdleConnsPerHost: 1024,
  80. }}
  81. } else {
  82. s3ApiServer.client = &http.Client{
  83. Transport: &http.Transport{
  84. DialContext: func(_ context.Context, _, _ string) (net.Conn, error) {
  85. return net.Dial("unix", option.LocalFilerSocket)
  86. },
  87. },
  88. }
  89. }
  91. s3ApiServer.registerRouter(router)
  93. go s3ApiServer.subscribeMetaEvents("s3", time.Now().UnixNano(), filer.DirectoryEtcRoot, []string{option.BucketsPath})
  94. return s3ApiServer, nil
  95. }
  97. func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
  98. // API Router
  99. apiRouter := router.PathPrefix("/").Subrouter()
  101. // Readiness Probe
  102. apiRouter.Methods("GET").Path("/status").HandlerFunc(s3a.StatusHandler)
  104. apiRouter.Methods("OPTIONS").HandlerFunc(
  105. func(w http.ResponseWriter, r *http.Request) {
  106. w.Header().Set("Access-Control-Allow-Origin", "*")
  107. w.Header().Set("Access-Control-Expose-Headers", "*")
  108. w.Header().Set("Access-Control-Allow-Methods", "*")
  109. w.Header().Set("Access-Control-Allow-Headers", "*")
  110. writeSuccessResponseEmpty(w, r)
  111. })
  113. var routers []*mux.Router
  114. if s3a.option.DomainName != "" {
  115. domainNames := strings.Split(s3a.option.DomainName, ",")
  116. for _, domainName := range domainNames {
  117. routers = append(routers, apiRouter.Host(
  118. fmt.Sprintf("%s.%s:%d", "{bucket:.+}", domainName, s3a.option.Port)).Subrouter())
  119. routers = append(routers, apiRouter.Host(
  120. fmt.Sprintf("%s.%s", "{bucket:.+}", domainName)).Subrouter())
  121. }
  122. }
  123. routers = append(routers, apiRouter.PathPrefix("/{bucket}").Subrouter())
  125. for _, bucket := range routers {
  127. // each case should follow the next rule:
  128. // - requesting object with query must precede any other methods
  129. // - requesting object must precede any methods with buckets
  130. // - requesting bucket with query must precede raw methods with buckets
  131. // - requesting bucket must be processed in the end
  133. // objects with query
  135. // CopyObjectPart
  136. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", `.*?(\/|%2F).*?`).HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  137. // PutObjectPart
  138. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectPartHandler, ACTION_WRITE)), "PUT")).Queries("partNumber", "{partNumber:[0-9]+}", "uploadId", "{uploadId:.*}")
  139. // CompleteMultipartUpload
  140. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CompleteMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploadId", "{uploadId:.*}")
  141. // NewMultipartUpload
  142. bucket.Methods("POST").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.NewMultipartUploadHandler, ACTION_WRITE)), "POST")).Queries("uploads", "")
  143. // AbortMultipartUpload
  144. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.AbortMultipartUploadHandler, ACTION_WRITE)), "DELETE")).Queries("uploadId", "{uploadId:.*}")
  145. // ListObjectParts
  146. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectPartsHandler, ACTION_READ)), "GET")).Queries("uploadId", "{uploadId:.*}")
  147. // ListMultipartUploads
  148. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListMultipartUploadsHandler, ACTION_READ)), "GET")).Queries("uploads", "")
  150. // GetObjectTagging
  151. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectTaggingHandler, ACTION_READ)), "GET")).Queries("tagging", "")
  152. // PutObjectTagging
  153. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectTaggingHandler, ACTION_TAGGING)), "PUT")).Queries("tagging", "")
  154. // DeleteObjectTagging
  155. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectTaggingHandler, ACTION_TAGGING)), "DELETE")).Queries("tagging", "")
  157. // PutObjectACL
  158. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
  159. // PutObjectRetention
  160. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectRetentionHandler, ACTION_WRITE)), "PUT")).Queries("retention", "")
  161. // PutObjectLegalHold
  162. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLegalHoldHandler, ACTION_WRITE)), "PUT")).Queries("legal-hold", "")
  163. // PutObjectLockConfiguration
  164. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectLockConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("object-lock", "")
  166. // GetObjectACL
  167. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
  169. // objects with query
  171. // raw objects
  173. // HeadObject
  174. bucket.Methods("HEAD").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadObjectHandler, ACTION_READ)), "GET"))
  176. // GetObject, but directory listing is not supported
  177. bucket.Methods("GET").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetObjectHandler, ACTION_READ)), "GET"))
  179. // CopyObject
  180. bucket.Methods("PUT").Path("/{object:.+}").HeadersRegexp("X-Amz-Copy-Source", ".*?(\\/|%2F).*?").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.CopyObjectHandler, ACTION_WRITE)), "COPY"))
  181. // PutObject
  182. bucket.Methods("PUT").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutObjectHandler, ACTION_WRITE)), "PUT"))
  183. // DeleteObject
  184. bucket.Methods("DELETE").Path("/{object:.+}").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteObjectHandler, ACTION_WRITE)), "DELETE"))
  186. // raw objects
  188. // buckets with query
  190. // DeleteMultipleObjects
  191. bucket.Methods("POST").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteMultipleObjectsHandler, ACTION_WRITE)), "DELETE")).Queries("delete", "")
  193. // GetBucketACL
  194. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketAclHandler, ACTION_READ_ACP)), "GET")).Queries("acl", "")
  195. // PutBucketACL
  196. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketAclHandler, ACTION_WRITE_ACP)), "PUT")).Queries("acl", "")
  198. // GetBucketPolicy
  199. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketPolicyHandler, ACTION_READ)), "GET")).Queries("policy", "")
  200. // PutBucketPolicy
  201. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketPolicyHandler, ACTION_WRITE)), "PUT")).Queries("policy", "")
  202. // DeleteBucketPolicy
  203. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketPolicyHandler, ACTION_WRITE)), "DELETE")).Queries("policy", "")
  205. // GetBucketCors
  206. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketCorsHandler, ACTION_READ)), "GET")).Queries("cors", "")
  207. // PutBucketCors
  208. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketCorsHandler, ACTION_WRITE)), "PUT")).Queries("cors", "")
  209. // DeleteBucketCors
  210. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketCorsHandler, ACTION_WRITE)), "DELETE")).Queries("cors", "")
  212. // GetBucketLifecycleConfiguration
  213. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLifecycleConfigurationHandler, ACTION_READ)), "GET")).Queries("lifecycle", "")
  214. // PutBucketLifecycleConfiguration
  215. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketLifecycleConfigurationHandler, ACTION_WRITE)), "PUT")).Queries("lifecycle", "")
  216. // DeleteBucketLifecycleConfiguration
  217. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketLifecycleHandler, ACTION_WRITE)), "DELETE")).Queries("lifecycle", "")
  219. // GetBucketLocation
  220. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketLocationHandler, ACTION_READ)), "GET")).Queries("location", "")
  222. // GetBucketRequestPayment
  223. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketRequestPaymentHandler, ACTION_READ)), "GET")).Queries("requestPayment", "")
  225. // GetBucketVersioning
  226. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.GetBucketVersioningHandler, ACTION_READ)), "GET")).Queries("versioning", "")
  227. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PutBucketVersioningHandler, ACTION_WRITE)), "PUT")).Queries("versioning", "")
  229. // ListObjectsV2
  230. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV2Handler, ACTION_LIST)), "LIST")).Queries("list-type", "2")
  232. // buckets with query
  233. // PutBucketOwnershipControls
  234. bucket.Methods("PUT").HandlerFunc(track(s3a.iam.Auth(s3a.PutBucketOwnershipControls, ACTION_ADMIN), "PUT")).Queries("ownershipControls", "")
  236. //GetBucketOwnershipControls
  237. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.GetBucketOwnershipControls, ACTION_READ), "GET")).Queries("ownershipControls", "")
  239. //DeleteBucketOwnershipControls
  240. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.DeleteBucketOwnershipControls, ACTION_ADMIN), "DELETE")).Queries("ownershipControls", "")
  242. // raw buckets
  244. // PostPolicy
  245. bucket.Methods("POST").HeadersRegexp("Content-Type", "multipart/form-data*").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.PostPolicyBucketHandler, ACTION_WRITE)), "POST"))
  247. // HeadBucket
  248. bucket.Methods("HEAD").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.HeadBucketHandler, ACTION_READ)), "GET"))
  250. // PutBucket
  251. bucket.Methods("PUT").HandlerFunc(track(s3a.PutBucketHandler, "PUT"))
  252. // DeleteBucket
  253. bucket.Methods("DELETE").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.DeleteBucketHandler, ACTION_WRITE)), "DELETE"))
  255. // ListObjectsV1 (Legacy)
  256. bucket.Methods("GET").HandlerFunc(track(s3a.iam.Auth(s3a.cb.Limit(s3a.ListObjectsV1Handler, ACTION_LIST)), "LIST"))
  258. // raw buckets
  260. }
  262. // ListBuckets
  263. apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.ListBucketsHandler, "LIST"))
  265. // NotFound
  266. apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
  268. }