From 3550692afc3cad1166522c2eada46efd3b3a617d Mon Sep 17 00:00:00 2001 From: LHHDZ Date: Mon, 10 Oct 2022 21:44:29 +0800 Subject: [PATCH] change s3_account.go package to avoid cycle dependency (#3813) --- weed/s3api/auth_credentials.go | 15 +++++---- weed/s3api/auth_credentials_test.go | 3 +- weed/s3api/bucket_metadata.go | 5 +-- weed/s3api/bucket_metadata_test.go | 33 ++++++++++--------- .../s3_account.go} | 9 ++--- weed/s3api/s3api_acp.go | 5 +-- weed/s3api/s3api_server.go | 5 +-- 7 files changed, 41 insertions(+), 34 deletions(-) rename weed/s3api/{s3api_account.go => s3account/s3_account.go} (88%) diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 46a66a427..82ac3688c 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -2,6 +2,7 @@ package s3api import ( "fmt" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" "net/http" "os" "strings" @@ -40,7 +41,7 @@ type Identity struct { } func (i *Identity) isAnonymous() bool { - return i.Name == AccountAnonymous.Name + return i.Name == s3account.AccountAnonymous.Name } type Credential struct { @@ -132,16 +133,16 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api for _, ident := range config.Identities { t := &Identity{ Name: ident.Name, - AccountId: AccountAdmin.Id, + AccountId: s3account.AccountAdmin.Id, Credentials: nil, Actions: nil, } - if ident.Name == AccountAnonymous.Name { - if ident.AccountId != "" && ident.AccountId != AccountAnonymous.Id { + if ident.Name == s3account.AccountAnonymous.Name { + if ident.AccountId != "" && ident.AccountId != s3account.AccountAnonymous.Id { glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid") } - t.AccountId = AccountAnonymous.Id + t.AccountId = s3account.AccountAnonymous.Id IdentityAnonymous = t } else { if len(ident.AccountId) > 0 { @@ -163,8 +164,8 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api if IdentityAnonymous == nil { IdentityAnonymous = &Identity{ - Name: AccountAnonymous.Name, - AccountId: AccountAnonymous.Id, + Name: s3account.AccountAnonymous.Name, + AccountId: s3account.AccountAnonymous.Id, } } iam.m.Lock() diff --git a/weed/s3api/auth_credentials_test.go b/weed/s3api/auth_credentials_test.go index 51a163b98..1f0ffc1cc 100644 --- a/weed/s3api/auth_credentials_test.go +++ b/weed/s3api/auth_credentials_test.go @@ -2,6 +2,7 @@ package s3api import ( . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" "github.com/stretchr/testify/assert" "reflect" "testing" @@ -150,7 +151,7 @@ func TestLoadS3ApiConfiguration(t *testing.T) { }, expectIdent: &Identity{ Name: "notSpecifyAccountId", - AccountId: AccountAdmin.Id, + AccountId: s3account.AccountAdmin.Id, Actions: []Action{ "Read", "Write", diff --git a/weed/s3api/bucket_metadata.go b/weed/s3api/bucket_metadata.go index 1b9b09981..e660237de 100644 --- a/weed/s3api/bucket_metadata.go +++ b/weed/s3api/bucket_metadata.go @@ -8,6 +8,7 @@ import ( "github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" //"github.com/seaweedfs/seaweedfs/weed/s3api" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" @@ -93,8 +94,8 @@ func buildBucketMetadata(entry *filer_pb.Entry) *BucketMetaData { // Default owner: `AccountAdmin` Owner: &s3.Owner{ - ID: &AccountAdmin.Id, - DisplayName: &AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, }, } if entry.Extended != nil { diff --git a/weed/s3api/bucket_metadata_test.go b/weed/s3api/bucket_metadata_test.go index f3c3610cc..23af6417b 100644 --- a/weed/s3api/bucket_metadata_test.go +++ b/weed/s3api/bucket_metadata_test.go @@ -6,6 +6,7 @@ import ( "github.com/aws/aws-sdk-go/service/s3" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "reflect" "sync" @@ -27,8 +28,8 @@ var ( //good entry goodEntryAcp, _ = jsonutil.BuildJSON(&s3.AccessControlPolicy{ Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Grants: s3_constants.PublicRead, }) @@ -99,8 +100,8 @@ var tcs = []*BucketMetadataTestCase{ Name: badEntry.Name, ObjectOwnership: s3_constants.DefaultOwnershipForExists, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: nil, }, @@ -110,8 +111,8 @@ var tcs = []*BucketMetadataTestCase{ Name: goodEntry.Name, ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: s3_constants.PublicRead, }, @@ -121,8 +122,8 @@ var tcs = []*BucketMetadataTestCase{ Name: ownershipEmptyStr.Name, ObjectOwnership: s3_constants.DefaultOwnershipForExists, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: nil, }, @@ -132,8 +133,8 @@ var tcs = []*BucketMetadataTestCase{ Name: ownershipValid.Name, ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: nil, }, @@ -143,8 +144,8 @@ var tcs = []*BucketMetadataTestCase{ Name: acpEmptyStr.Name, ObjectOwnership: s3_constants.DefaultOwnershipForExists, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: nil, }, @@ -154,8 +155,8 @@ var tcs = []*BucketMetadataTestCase{ Name: acpEmptyObject.Name, ObjectOwnership: s3_constants.DefaultOwnershipForExists, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: nil, }, @@ -165,8 +166,8 @@ var tcs = []*BucketMetadataTestCase{ Name: acpOwnerNil.Name, ObjectOwnership: s3_constants.DefaultOwnershipForExists, Owner: &s3.Owner{ - DisplayName: &AccountAdmin.Name, - ID: &AccountAdmin.Id, + DisplayName: &s3account.AccountAdmin.Name, + ID: &s3account.AccountAdmin.Id, }, Acl: make([]*s3.Grant, 0), }, diff --git a/weed/s3api/s3api_account.go b/weed/s3api/s3account/s3_account.go similarity index 88% rename from weed/s3api/s3api_account.go rename to weed/s3api/s3account/s3_account.go index ce17472d8..9b1b01123 100644 --- a/weed/s3api/s3api_account.go +++ b/weed/s3api/s3account/s3_account.go @@ -1,6 +1,7 @@ -package s3api +package s3account import ( + "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "sync" ) @@ -36,15 +37,15 @@ type Account struct { type AccountManager struct { sync.Mutex - s3a *S3ApiServer + filerClient filer_pb.FilerClient IdNameMapping map[string]string EmailIdMapping map[string]string } -func NewAccountManager(s3a *S3ApiServer) *AccountManager { +func NewAccountManager(filerClient filer_pb.FilerClient) *AccountManager { am := &AccountManager{ - s3a: s3a, + filerClient: filerClient, IdNameMapping: make(map[string]string), EmailIdMapping: make(map[string]string), } diff --git a/weed/s3api/s3api_acp.go b/weed/s3api/s3api_acp.go index 0a79990f5..7a76c2a67 100644 --- a/weed/s3api/s3api_acp.go +++ b/weed/s3api/s3api_acp.go @@ -2,6 +2,7 @@ package s3api import ( "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "net/http" ) @@ -9,7 +10,7 @@ import ( func getAccountId(r *http.Request) string { id := r.Header.Get(s3_constants.AmzAccountId) if len(id) == 0 { - return AccountAnonymous.Id + return s3account.AccountAnonymous.Id } else { return id } @@ -21,7 +22,7 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s return errCode } accountId := getAccountId(r) - if accountId == AccountAdmin.Id || accountId == *metadata.Owner.ID { + if accountId == s3account.AccountAdmin.Id || accountId == *metadata.Owner.ID { return s3err.ErrNone } return s3err.ErrAccessDenied diff --git a/weed/s3api/s3api_server.go b/weed/s3api/s3api_server.go index 2163e557d..a8816424d 100644 --- a/weed/s3api/s3api_server.go +++ b/weed/s3api/s3api_server.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/seaweedfs/seaweedfs/weed/filer" "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3account" "net" "net/http" "strings" @@ -40,7 +41,7 @@ type S3ApiServer struct { randomClientId int32 filerGuard *security.Guard client *http.Client - accountManager *AccountManager + accountManager *s3account.AccountManager bucketRegistry *BucketRegistry } @@ -61,7 +62,7 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec), cb: NewCircuitBreaker(option), } - s3ApiServer.accountManager = NewAccountManager(s3ApiServer) + s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer) s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer) if option.LocalFilerSocket == "" { s3ApiServer.client = &http.Client{Transport: &http.Transport{