You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

150 lines
4.4 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. package iamapi
  2. // https://docs.aws.amazon.com/cli/latest/reference/iam/list-roles.html
  3. import (
  4. "bytes"
  5. "encoding/json"
  6. "fmt"
  7. "github.com/chrislusf/seaweedfs/weed/filer"
  8. "github.com/chrislusf/seaweedfs/weed/pb"
  9. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  10. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  11. "github.com/chrislusf/seaweedfs/weed/s3api"
  12. . "github.com/chrislusf/seaweedfs/weed/s3api/s3_constants"
  13. "github.com/chrislusf/seaweedfs/weed/s3api/s3err"
  14. "github.com/chrislusf/seaweedfs/weed/wdclient"
  15. "github.com/gorilla/mux"
  16. "google.golang.org/grpc"
  17. "net/http"
  18. "strings"
  19. )
  20. type IamS3ApiConfig interface {
  21. GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  22. PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  23. GetPolicies(policies *Policies) (err error)
  24. PutPolicies(policies *Policies) (err error)
  25. }
  26. type IamS3ApiConfigure struct {
  27. option *IamServerOption
  28. masterClient *wdclient.MasterClient
  29. }
  30. type IamServerOption struct {
  31. Masters string
  32. Filer string
  33. Port int
  34. FilerGrpcAddress string
  35. GrpcDialOption grpc.DialOption
  36. }
  37. type IamApiServer struct {
  38. s3ApiConfig IamS3ApiConfig
  39. iam *s3api.IdentityAccessManagement
  40. }
  41. var s3ApiConfigure IamS3ApiConfig
  42. func NewIamApiServer(router *mux.Router, option *IamServerOption) (iamApiServer *IamApiServer, err error) {
  43. s3ApiConfigure = IamS3ApiConfigure{
  44. option: option,
  45. masterClient: wdclient.NewMasterClient(option.GrpcDialOption, pb.AdminShellClient, "", 0, "", strings.Split(option.Masters, ",")),
  46. }
  47. s3Option := s3api.S3ApiServerOption{Filer: option.Filer}
  48. iamApiServer = &IamApiServer{
  49. s3ApiConfig: s3ApiConfigure,
  50. iam: s3api.NewIdentityAccessManagement(&s3Option),
  51. }
  52. iamApiServer.registerRouter(router)
  53. return iamApiServer, nil
  54. }
  55. func (iama *IamApiServer) registerRouter(router *mux.Router) {
  56. // API Router
  57. apiRouter := router.PathPrefix("/").Subrouter()
  58. // ListBuckets
  59. // apiRouter.Methods("GET").Path("/").HandlerFunc(track(s3a.iam.Auth(s3a.ListBucketsHandler, ACTION_ADMIN), "LIST"))
  60. apiRouter.Methods("POST").Path("/").HandlerFunc(iama.iam.Auth(iama.DoActions, ACTION_ADMIN))
  61. //
  62. // NotFound
  63. apiRouter.NotFoundHandler = http.HandlerFunc(s3err.NotFoundHandler)
  64. }
  65. func (iam IamS3ApiConfigure) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  66. var buf bytes.Buffer
  67. err = pb.WithGrpcFilerClient(iam.option.FilerGrpcAddress, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
  68. if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirecotry, filer.IamIdentityFile, &buf); err != nil {
  69. return err
  70. }
  71. return nil
  72. })
  73. if err != nil {
  74. return err
  75. }
  76. if buf.Len() > 0 {
  77. if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
  78. return err
  79. }
  80. }
  81. return nil
  82. }
  83. func (iam IamS3ApiConfigure) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  84. buf := bytes.Buffer{}
  85. if err := filer.S3ConfigurationToText(&buf, s3cfg); err != nil {
  86. return fmt.Errorf("S3ConfigurationToText: %s", err)
  87. }
  88. return pb.WithGrpcFilerClient(
  89. iam.option.FilerGrpcAddress,
  90. iam.option.GrpcDialOption,
  91. func(client filer_pb.SeaweedFilerClient) error {
  92. if err := filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamIdentityFile, buf.Bytes()); err != nil {
  93. return err
  94. }
  95. return nil
  96. },
  97. )
  98. }
  99. func (iam IamS3ApiConfigure) GetPolicies(policies *Policies) (err error) {
  100. var buf bytes.Buffer
  101. err = pb.WithGrpcFilerClient(iam.option.FilerGrpcAddress, iam.option.GrpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
  102. if err = filer.ReadEntry(iam.masterClient, client, filer.IamConfigDirecotry, filer.IamPoliciesFile, &buf); err != nil {
  103. return err
  104. }
  105. return nil
  106. })
  107. if err != nil {
  108. return err
  109. }
  110. if buf.Len() == 0 {
  111. policies.Policies = make(map[string]PolicyDocument)
  112. return nil
  113. }
  114. if err := json.Unmarshal(buf.Bytes(), policies); err != nil {
  115. return err
  116. }
  117. return nil
  118. }
  119. func (iam IamS3ApiConfigure) PutPolicies(policies *Policies) (err error) {
  120. var b []byte
  121. if b, err = json.Marshal(policies); err != nil {
  122. return err
  123. }
  124. return pb.WithGrpcFilerClient(
  125. iam.option.FilerGrpcAddress,
  126. iam.option.GrpcDialOption,
  127. func(client filer_pb.SeaweedFilerClient) error {
  128. if err := filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamPoliciesFile, b); err != nil {
  129. return err
  130. }
  131. return nil
  132. },
  133. )
  134. }