Browse Source

change s3_account.go package to avoid cycle dependency (#3813)

pull/3815/head
LHHDZ 2 years ago
committed by GitHub
parent
commit
3550692afc
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 15
      weed/s3api/auth_credentials.go
  2. 3
      weed/s3api/auth_credentials_test.go
  3. 5
      weed/s3api/bucket_metadata.go
  4. 33
      weed/s3api/bucket_metadata_test.go
  5. 9
      weed/s3api/s3account/s3_account.go
  6. 5
      weed/s3api/s3api_acp.go
  7. 5
      weed/s3api/s3api_server.go

15
weed/s3api/auth_credentials.go

@ -2,6 +2,7 @@ package s3api
import (
"fmt"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"net/http"
"os"
"strings"
@ -40,7 +41,7 @@ type Identity struct {
}
func (i *Identity) isAnonymous() bool {
return i.Name == AccountAnonymous.Name
return i.Name == s3account.AccountAnonymous.Name
}
type Credential struct {
@ -132,16 +133,16 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
for _, ident := range config.Identities {
t := &Identity{
Name: ident.Name,
AccountId: AccountAdmin.Id,
AccountId: s3account.AccountAdmin.Id,
Credentials: nil,
Actions: nil,
}
if ident.Name == AccountAnonymous.Name {
if ident.AccountId != "" && ident.AccountId != AccountAnonymous.Id {
if ident.Name == s3account.AccountAnonymous.Name {
if ident.AccountId != "" && ident.AccountId != s3account.AccountAnonymous.Id {
glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid")
}
t.AccountId = AccountAnonymous.Id
t.AccountId = s3account.AccountAnonymous.Id
IdentityAnonymous = t
} else {
if len(ident.AccountId) > 0 {
@ -163,8 +164,8 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
if IdentityAnonymous == nil {
IdentityAnonymous = &Identity{
Name: AccountAnonymous.Name,
AccountId: AccountAnonymous.Id,
Name: s3account.AccountAnonymous.Name,
AccountId: s3account.AccountAnonymous.Id,
}
}
iam.m.Lock()

3
weed/s3api/auth_credentials_test.go

@ -2,6 +2,7 @@ package s3api
import (
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/stretchr/testify/assert"
"reflect"
"testing"
@ -150,7 +151,7 @@ func TestLoadS3ApiConfiguration(t *testing.T) {
},
expectIdent: &Identity{
Name: "notSpecifyAccountId",
AccountId: AccountAdmin.Id,
AccountId: s3account.AccountAdmin.Id,
Actions: []Action{
"Read",
"Write",

5
weed/s3api/bucket_metadata.go

@ -8,6 +8,7 @@ import (
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
//"github.com/seaweedfs/seaweedfs/weed/s3api"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
@ -93,8 +94,8 @@ func buildBucketMetadata(entry *filer_pb.Entry) *BucketMetaData {
// Default owner: `AccountAdmin`
Owner: &s3.Owner{
ID: &AccountAdmin.Id,
DisplayName: &AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
},
}
if entry.Extended != nil {

33
weed/s3api/bucket_metadata_test.go

@ -6,6 +6,7 @@ import (
"github.com/aws/aws-sdk-go/service/s3"
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"reflect"
"sync"
@ -27,8 +28,8 @@ var (
//good entry
goodEntryAcp, _ = jsonutil.BuildJSON(&s3.AccessControlPolicy{
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Grants: s3_constants.PublicRead,
})
@ -99,8 +100,8 @@ var tcs = []*BucketMetadataTestCase{
Name: badEntry.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: nil,
},
@ -110,8 +111,8 @@ var tcs = []*BucketMetadataTestCase{
Name: goodEntry.Name,
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: s3_constants.PublicRead,
},
@ -121,8 +122,8 @@ var tcs = []*BucketMetadataTestCase{
Name: ownershipEmptyStr.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: nil,
},
@ -132,8 +133,8 @@ var tcs = []*BucketMetadataTestCase{
Name: ownershipValid.Name,
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: nil,
},
@ -143,8 +144,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpEmptyStr.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: nil,
},
@ -154,8 +155,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpEmptyObject.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: nil,
},
@ -165,8 +166,8 @@ var tcs = []*BucketMetadataTestCase{
Name: acpOwnerNil.Name,
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
Owner: &s3.Owner{
DisplayName: &AccountAdmin.Name,
ID: &AccountAdmin.Id,
DisplayName: &s3account.AccountAdmin.Name,
ID: &s3account.AccountAdmin.Id,
},
Acl: make([]*s3.Grant, 0),
},

9
weed/s3api/s3api_account.go → weed/s3api/s3account/s3_account.go

@ -1,6 +1,7 @@
package s3api
package s3account
import (
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
"sync"
)
@ -36,15 +37,15 @@ type Account struct {
type AccountManager struct {
sync.Mutex
s3a *S3ApiServer
filerClient filer_pb.FilerClient
IdNameMapping map[string]string
EmailIdMapping map[string]string
}
func NewAccountManager(s3a *S3ApiServer) *AccountManager {
func NewAccountManager(filerClient filer_pb.FilerClient) *AccountManager {
am := &AccountManager{
s3a: s3a,
filerClient: filerClient,
IdNameMapping: make(map[string]string),
EmailIdMapping: make(map[string]string),
}

5
weed/s3api/s3api_acp.go

@ -2,6 +2,7 @@ package s3api
import (
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
"net/http"
)
@ -9,7 +10,7 @@ import (
func getAccountId(r *http.Request) string {
id := r.Header.Get(s3_constants.AmzAccountId)
if len(id) == 0 {
return AccountAnonymous.Id
return s3account.AccountAnonymous.Id
} else {
return id
}
@ -21,7 +22,7 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
return errCode
}
accountId := getAccountId(r)
if accountId == AccountAdmin.Id || accountId == *metadata.Owner.ID {
if accountId == s3account.AccountAdmin.Id || accountId == *metadata.Owner.ID {
return s3err.ErrNone
}
return s3err.ErrAccessDenied

5
weed/s3api/s3api_server.go

@ -5,6 +5,7 @@ import (
"fmt"
"github.com/seaweedfs/seaweedfs/weed/filer"
"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
"net"
"net/http"
"strings"
@ -40,7 +41,7 @@ type S3ApiServer struct {
randomClientId int32
filerGuard *security.Guard
client *http.Client
accountManager *AccountManager
accountManager *s3account.AccountManager
bucketRegistry *BucketRegistry
}
@ -61,7 +62,7 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer
filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
cb: NewCircuitBreaker(option),
}
s3ApiServer.accountManager = NewAccountManager(s3ApiServer)
s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer)
s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
if option.LocalFilerSocket == "" {
s3ApiServer.client = &http.Client{Transport: &http.Transport{

Loading…
Cancel
Save