Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix: enable dual loading of static and dynamic IAM configuration 

Refactored `NewIdentityAccessManagementWithStore` to remove mutual
exclusivity between static (file-based) and dynamic (filer-based)
configuration loading.

Previously, if a static config configuration was present (including the
legacy `IamConfig` option used by `weed mini`), it prevented loading
users from the filer.

Now, the system loads the static configuration first (if present), and
then *always* attempts to merge in the dynamic configuration from the
filer. This ensures that:
1. Static users (e.g. from `weed mini` env vars or `-s3.config`) are loaded and protected.
2. Dynamic users (e.g. created via Admin UI and stored in Filer) are also loaded and available.
pull/7992/head
Chris Lu 2 days ago
parent
451b897d56
commit
7f1182472a
1 changed files with 13 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      weed/s3api/auth_credentials.go

23
weed/s3api/auth_credentials.go
View File

@ -186,18 +186,21 @@ func NewIdentityAccessManagementWithStore(option *S3ApiServerOption, explicitSto
}
configLoaded = len(iam.identities) > 0
iam.m.Unlock()
} else {
glog.V(3).Infof("no static config file specified... loading config from credential manager")
if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil {
glog.Warningf("fail to load config: %v", err)
}
// Only consider config loaded if we actually have identities
// Don't block environment variable fallback just because filer call succeeded
iam.m.RLock()
configLoaded = len(iam.identities) > 0
iam.m.RUnlock()
}
// Always try to load/merge config from credential manager (filer)
// This ensures we get both static users (from file) and dynamic users (from filer)
glog.V(3).Infof("loading dynamic config from credential manager")
if err := iam.loadS3ApiConfigurationFromFiler(option); err != nil {
glog.Warningf("fail to load config: %v", err)
}
// Only consider config loaded if we actually have identities
// Don't block environment variable fallback just because filer call succeeded
iam.m.RLock()
configLoaded = len(iam.identities) > 0
iam.m.RUnlock()
// Only use environment variables as fallback if no configuration was loaded
if !configLoaded {
accessKeyId := os.Getenv("AWS_ACCESS_KEY_ID")

Write Preview
Loading…
Cancel
Save