You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

174 lines
4.5 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. package shell
  2. import (
  3. "flag"
  4. "fmt"
  5. "io"
  6. "sort"
  7. "strings"
  8. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  9. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  10. "github.com/chrislusf/seaweedfs/weed/s3iam"
  11. )
  12. func init() {
  13. Commands = append(Commands, &commandS3Configure{})
  14. }
  15. type commandS3Configure struct {
  16. }
  17. func (c *commandS3Configure) Name() string {
  18. return "s3.configure"
  19. }
  20. func (c *commandS3Configure) Help() string {
  21. return `configure and apply s3 options for each bucket
  22. # see the current configuration file content
  23. s3.configure
  24. `
  25. }
  26. func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
  27. s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
  28. actions := s3ConfigureCommand.String("actions", "", "actions names")
  29. user := s3ConfigureCommand.String("user", "", "user name")
  30. buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
  31. accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
  32. secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
  33. isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
  34. apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")
  35. if err = s3ConfigureCommand.Parse(args); err != nil {
  36. return nil
  37. }
  38. s3cfg := &iam_pb.S3ApiConfiguration{}
  39. ifs := &s3iam.IAMFilerStore{}
  40. if err = commandEnv.WithFilerClient(func(client filer_pb.SeaweedFilerClient) error {
  41. ifs = s3iam.NewIAMFilerStore(&client)
  42. if err := ifs.LoadIAMConfig(s3cfg); err != nil {
  43. return nil
  44. }
  45. return nil
  46. }); err != nil {
  47. return err
  48. }
  49. idx := 0
  50. changed := false
  51. if *user != "" {
  52. for i, identity := range s3cfg.Identities {
  53. if *user == identity.Name {
  54. idx = i
  55. changed = true
  56. break
  57. }
  58. }
  59. }
  60. var cmdActions []string
  61. for _, action := range strings.Split(*actions, ",") {
  62. if *buckets == "" {
  63. cmdActions = append(cmdActions, action)
  64. } else {
  65. for _, bucket := range strings.Split(*buckets, ",") {
  66. cmdActions = append(cmdActions, fmt.Sprintf("%s:%s", action, bucket))
  67. }
  68. }
  69. }
  70. if changed {
  71. if *isDelete {
  72. var exists []int
  73. for _, cmdAction := range cmdActions {
  74. for i, currentAction := range s3cfg.Identities[idx].Actions {
  75. if cmdAction == currentAction {
  76. exists = append(exists, i)
  77. }
  78. }
  79. }
  80. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  81. for _, i := range exists {
  82. s3cfg.Identities[idx].Actions = append(
  83. s3cfg.Identities[idx].Actions[:i],
  84. s3cfg.Identities[idx].Actions[i+1:]...,
  85. )
  86. }
  87. if *accessKey != "" {
  88. exists = []int{}
  89. for i, credential := range s3cfg.Identities[idx].Credentials {
  90. if credential.AccessKey == *accessKey {
  91. exists = append(exists, i)
  92. }
  93. }
  94. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  95. for _, i := range exists {
  96. s3cfg.Identities[idx].Credentials = append(
  97. s3cfg.Identities[idx].Credentials[:i],
  98. s3cfg.Identities[idx].Credentials[:i+1]...,
  99. )
  100. }
  101. }
  102. if *actions == "" && *accessKey == "" && *buckets == "" {
  103. s3cfg.Identities = append(s3cfg.Identities[:idx], s3cfg.Identities[idx+1:]...)
  104. }
  105. } else {
  106. if *actions != "" {
  107. for _, cmdAction := range cmdActions {
  108. found := false
  109. for _, action := range s3cfg.Identities[idx].Actions {
  110. if cmdAction == action {
  111. found = true
  112. break
  113. }
  114. }
  115. if !found {
  116. s3cfg.Identities[idx].Actions = append(s3cfg.Identities[idx].Actions, cmdAction)
  117. }
  118. }
  119. }
  120. if *accessKey != "" && *user != "anonymous" {
  121. found := false
  122. for _, credential := range s3cfg.Identities[idx].Credentials {
  123. if credential.AccessKey == *accessKey {
  124. found = true
  125. credential.SecretKey = *secretKey
  126. break
  127. }
  128. }
  129. if !found {
  130. s3cfg.Identities[idx].Credentials = append(s3cfg.Identities[idx].Credentials, &iam_pb.Credential{
  131. AccessKey: *accessKey,
  132. SecretKey: *secretKey,
  133. })
  134. }
  135. }
  136. }
  137. } else if *user != "" && *actions != "" {
  138. identity := iam_pb.Identity{
  139. Name: *user,
  140. Actions: cmdActions,
  141. Credentials: []*iam_pb.Credential{},
  142. }
  143. if *user != "anonymous" {
  144. identity.Credentials = append(identity.Credentials,
  145. &iam_pb.Credential{AccessKey: *accessKey, SecretKey: *secretKey})
  146. }
  147. s3cfg.Identities = append(s3cfg.Identities, &identity)
  148. }
  149. for _, identity := range s3cfg.Identities {
  150. fmt.Fprintf(writer, fmt.Sprintf("%+v\n", identity))
  151. }
  152. fmt.Fprintln(writer)
  153. if *apply {
  154. if err := ifs.SaveIAMConfig(s3cfg); err != nil {
  155. return err
  156. }
  157. }
  158. return nil
  159. }