Browse Source

change s3_account.go package to avoid cycle dependency (#3813)

pull/3815/head
LHHDZ 2 years ago
committed by GitHub
parent
commit
3550692afc
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 15
      weed/s3api/auth_credentials.go
  2. 3
      weed/s3api/auth_credentials_test.go
  3. 5
      weed/s3api/bucket_metadata.go
  4. 33
      weed/s3api/bucket_metadata_test.go
  5. 9
      weed/s3api/s3account/s3_account.go
  6. 5
      weed/s3api/s3api_acp.go
  7. 5
      weed/s3api/s3api_server.go

15
weed/s3api/auth_credentials.go

@ -2,6 +2,7 @@ package s3api
import ( import (
"fmt" "fmt"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"net/http" "net/http"
"os" "os"
"strings" "strings"
@ -40,7 +41,7 @@ type Identity struct {
} }
func (i *Identity) isAnonymous() bool { func (i *Identity) isAnonymous() bool {
return i.Name == AccountAnonymous.Name
return i.Name == s3account.AccountAnonymous.Name
} }
type Credential struct { type Credential struct {
@ -132,16 +133,16 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
for _, ident := range config.Identities { for _, ident := range config.Identities {
t := &Identity{ t := &Identity{
Name: ident.Name, Name: ident.Name,
AccountId: AccountAdmin.Id,
AccountId: s3account.AccountAdmin.Id,
Credentials: nil, Credentials: nil,
Actions: nil, Actions: nil,
} }
if ident.Name == AccountAnonymous.Name {
if ident.AccountId != "" && ident.AccountId != AccountAnonymous.Id {
if ident.Name == s3account.AccountAnonymous.Name {
if ident.AccountId != "" && ident.AccountId != s3account.AccountAnonymous.Id {
glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid") glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid")
} }
t.AccountId = AccountAnonymous.Id
t.AccountId = s3account.AccountAnonymous.Id
IdentityAnonymous = t IdentityAnonymous = t
} else { } else {
if len(ident.AccountId) > 0 { if len(ident.AccountId) > 0 {
@ -163,8 +164,8 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
if IdentityAnonymous == nil { if IdentityAnonymous == nil {
IdentityAnonymous = &Identity{ IdentityAnonymous = &Identity{
Name: AccountAnonymous.Name,
AccountId: AccountAnonymous.Id,
Name: s3account.AccountAnonymous.Name,
AccountId: s3account.AccountAnonymous.Id,
} }
} }
iam.m.Lock() iam.m.Lock()

3
weed/s3api/auth_credentials_test.go

@ -2,6 +2,7 @@ package s3api
import ( import (
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"reflect" "reflect"
"testing" "testing"
@ -150,7 +151,7 @@ func TestLoadS3ApiConfiguration(t *testing.T) {
}, },
expectIdent: &Identity{ expectIdent: &Identity{
Name: "notSpecifyAccountId", Name: "notSpecifyAccountId",
AccountId: AccountAdmin.Id,
AccountId: s3account.AccountAdmin.Id,
Actions: []Action{ Actions: []Action{
"Read", "Read",
"Write", "Write",

5
weed/s3api/bucket_metadata.go

@ -8,6 +8,7 @@ import (
"github.com/seaweedfs/seaweedfs/weed/glog" "github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
//"github.com/seaweedfs/seaweedfs/weed/s3api" //"github.com/seaweedfs/seaweedfs/weed/s3api"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
@ -93,8 +94,8 @@ func buildBucketMetadata(entry *filer_pb.Entry) *BucketMetaData {
// Default owner: `AccountAdmin` // Default owner: `AccountAdmin`
Owner: &s3.Owner{ Owner: &s3.Owner{
ID: &AccountAdmin.Id,
DisplayName: &AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
}, },
} }
if entry.Extended != nil { if entry.Extended != nil {

33
weed/s3api/bucket_metadata_test.go

@ -6,6 +6,7 @@ import (
"github.com/aws/aws-sdk-go/service/s3" "github.com/aws/aws-sdk-go/service/s3"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"reflect" "reflect"
"sync" "sync"
@ -27,8 +28,8 @@ var (
//good entry //good entry
goodEntryAcp, _ = jsonutil.BuildJSON(&s3.AccessControlPolicy{ goodEntryAcp, _ = jsonutil.BuildJSON(&s3.AccessControlPolicy{
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Grants: s3_constants.PublicRead, Grants: s3_constants.PublicRead,
}) })
@ -99,8 +100,8 @@ var tcs = []*BucketMetadataTestCase{
Name: badEntry.Name, Name: badEntry.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists, ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: nil, Acl: nil,
}, },
@ -110,8 +111,8 @@ var tcs = []*BucketMetadataTestCase{
Name: goodEntry.Name, Name: goodEntry.Name,
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced, ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: s3_constants.PublicRead, Acl: s3_constants.PublicRead,
}, },
@ -121,8 +122,8 @@ var tcs = []*BucketMetadataTestCase{
Name: ownershipEmptyStr.Name, Name: ownershipEmptyStr.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists, ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: nil, Acl: nil,
}, },
@ -132,8 +133,8 @@ var tcs = []*BucketMetadataTestCase{
Name: ownershipValid.Name, Name: ownershipValid.Name,
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced, ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: nil, Acl: nil,
}, },
@ -143,8 +144,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpEmptyStr.Name, Name: acpEmptyStr.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists, ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: nil, Acl: nil,
}, },
@ -154,8 +155,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpEmptyObject.Name, Name: acpEmptyObject.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists, ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: nil, Acl: nil,
}, },
@ -165,8 +166,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpOwnerNil.Name, Name: acpOwnerNil.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists, ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{ Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
}, },
Acl: make([]*s3.Grant, 0), Acl: make([]*s3.Grant, 0),
}, },

9
weed/s3api/s3api_account.go → weed/s3api/s3account/s3_account.go

@ -1,6 +1,7 @@
package s3api
package s3account
import ( import (
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"sync" "sync"
) )
@ -36,15 +37,15 @@ type Account struct {
type AccountManager struct { type AccountManager struct {
sync.Mutex sync.Mutex
s3a *S3ApiServer
filerClient filer_pb.FilerClient
IdNameMapping map[string]string IdNameMapping map[string]string
EmailIdMapping map[string]string EmailIdMapping map[string]string
} }
func NewAccountManager(s3a *S3ApiServer) *AccountManager {
func NewAccountManager(filerClient filer_pb.FilerClient) *AccountManager {
am := &AccountManager{ am := &AccountManager{
s3a: s3a,
filerClient: filerClient,
IdNameMapping: make(map[string]string), IdNameMapping: make(map[string]string),
EmailIdMapping: make(map[string]string), EmailIdMapping: make(map[string]string),
} }

5
weed/s3api/s3api_acp.go

@ -2,6 +2,7 @@ package s3api
import ( import (
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"net/http" "net/http"
) )
@ -9,7 +10,7 @@ import (
func getAccountId(r *http.Request) string { func getAccountId(r *http.Request) string {
id := r.Header.Get(s3_constants.AmzAccountId) id := r.Header.Get(s3_constants.AmzAccountId)
if len(id) == 0 { if len(id) == 0 {
return AccountAnonymous.Id
return s3account.AccountAnonymous.Id
} else { } else {
return id return id
} }
@ -21,7 +22,7 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
return errCode return errCode
} }
accountId := getAccountId(r) accountId := getAccountId(r)
if accountId == AccountAdmin.Id || accountId == *metadata.Owner.ID {
if accountId == s3account.AccountAdmin.Id || accountId == *metadata.Owner.ID {
return s3err.ErrNone return s3err.ErrNone
} }
return s3err.ErrAccessDenied return s3err.ErrAccessDenied

5
weed/s3api/s3api_server.go

@ -5,6 +5,7 @@ import (
"fmt" "fmt"
"github.com/seaweedfs/seaweedfs/weed/filer" "github.com/seaweedfs/seaweedfs/weed/filer"
"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb" "github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"net" "net"
"net/http" "net/http"
"strings" "strings"
@ -40,7 +41,7 @@ type S3ApiServer struct {
randomClientId int32 randomClientId int32
filerGuard *security.Guard filerGuard *security.Guard
client *http.Client client *http.Client
accountManager *AccountManager
accountManager *s3account.AccountManager
bucketRegistry *BucketRegistry bucketRegistry *BucketRegistry
} }
@ -61,7 +62,7 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer
filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec), filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
cb: NewCircuitBreaker(option), cb: NewCircuitBreaker(option),
} }
s3ApiServer.accountManager = NewAccountManager(s3ApiServer)
s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer)
s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer) s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
if option.LocalFilerSocket == "" { if option.LocalFilerSocket == "" {
s3ApiServer.client = &http.Client{Transport: &http.Transport{ s3ApiServer.client = &http.Client{Transport: &http.Transport{

Loading…
Cancel
Save