You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

149 lines
4.3 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. package iamapi
  2. // https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
  3. import (
  4. "bytes"
  5. "encoding/json"
  6. "fmt"
  7. "github.com/chrislusf/seaweedfs/weed/filer"
  8. "github.com/chrislusf/seaweedfs/weed/pb"
  9. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  10. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  11. "github.com/chrislusf/seaweedfs/weed/s3api"
  12. . "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  13. "github.com/chrislusf/seaweedfs/weed/wdclient"
  14. "github.com/gorilla/mux"
  15. "google.golang.org/grpc"
  16. "net/http"
  17. "strings"
  18. )
  19. type IamS3ApiConfig interface {
  20. GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  21. PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  22. GetPolicies(policies *Policies) (err error)
  23. PutPolicies(policies *Policies) (err error)
  24. }
  25. type IamS3ApiConfigure struct {
  26. option *IamServerOption
  27. masterClient *wdclient.MasterClient
  28. }
  29. type IamServerOption struct {
  30. Masters string
  31. Filer string
  32. Port int
  33. FilerGrpcAddress string
  34. GrpcDialOption grpc.DialOption
  35. }
  36. type IamApiServer struct {
  37. s3ApiConfig IamS3ApiConfig
  38. iam *s3api.IdentityAccessManagement
  39. }
  40. var s3ApiConfigure IamS3ApiConfig
  41. func NewIamApiServer(router *mux.Router, option *IamServerOption) (iamApiServer *IamApiServer, err error) {
  42. s3ApiConfigure = IamS3ApiConfigure{
  43. option: option,
  44. masterClient: wdclient.NewMasterClient(option.GrpcDialOption, pb.AdminShellClient, "", 0, "", strings.Split(option.Masters, ",")),
  45. }
  46. s3Option := s3api.S3ApiServerOption{Filer: option.Filer}
  47. iamApiServer = &IamApiServer{
  48. s3ApiConfig: s3ApiConfigure,
  49. iam: s3api.NewIdentityAccessManagement(&s3Option),
  50. }
  51. iamApiServer.registerRouter(router)
  52. return iamApiServer, nil
  53. }
  54. func (iama *IamApiServer) registerRouter(router *mux.Router) {
  55. // API Router
  56. apiRouter := router.PathPrefix("/").Subrouter()
  57. // ListBuckets
  58. // apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST"))
  59. apiRouter.Methods("POST").Path("/").HandlerFunc(iama.iam.Auth(iama.DoActions, ACTION_ADMIN))
  60. //
  61. // NotFound
  62. apiRouter.NotFoundHandler = http.HandlerFunc(notFoundHandler)
  63. }
  64. func (iam IamS3ApiConfigure) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  65. var buf bytes.Buffer
  66. err = pb.WithGrpcFilerClient(iam.option.FilerGrpcAddress, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
  67. if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirecotry, filer.IamIdentityFile, &buf); err != nil {
  68. return err
  69. }
  70. return nil
  71. })
  72. if err != nil {
  73. return err
  74. }
  75. if buf.Len() > 0 {
  76. if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
  77. return err
  78. }
  79. }
  80. return nil
  81. }
  82. func (iam IamS3ApiConfigure) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  83. buf := bytes.Buffer{}
  84. if err := filer.S3ConfigurationToText(&buf, s3cfg); err != nil {
  85. return fmt.Errorf("S3ConfigurationToText: %s", err)
  86. }
  87. return pb.WithGrpcFilerClient(
  88. iam.option.FilerGrpcAddress,
  89. iam.option.GrpcDialOption,
  90. func(client filer_pb.SeaweedFilerClient) error {
  91. if err := filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamIdentityFile, buf.Bytes()); err != nil {
  92. return err
  93. }
  94. return nil
  95. },
  96. )
  97. }
  98. func (iam IamS3ApiConfigure) GetPolicies(policies *Policies) (err error) {
  99. var buf bytes.Buffer
  100. err = pb.WithGrpcFilerClient(iam.option.FilerGrpcAddress, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
  101. if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirecotry, filer.IamPoliciesFile, &buf); err != nil {
  102. return err
  103. }
  104. return nil
  105. })
  106. if err != nil {
  107. return err
  108. }
  109. if buf.Len() == 0 {
  110. policies.Policies = make(map[string]PolicyDocument)
  111. return nil
  112. }
  113. if err := json.Unmarshal(buf.Bytes(), policies); err != nil {
  114. return err
  115. }
  116. return nil
  117. }
  118. func (iam IamS3ApiConfigure) PutPolicies(policies *Policies) (err error) {
  119. var b []byte
  120. if b, err = json.Marshal(policies); err != nil {
  121. return err
  122. }
  123. return pb.WithGrpcFilerClient(
  124. iam.option.FilerGrpcAddress,
  125. iam.option.GrpcDialOption,
  126. func(client filer_pb.SeaweedFilerClient) error {
  127. if err := filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamPoliciesFile, b); err != nil {
  128. return err
  129. }
  130. return nil
  131. },
  132. )
  133. }