Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Implement explicit IAM gRPC APIs in S3 server

pull/8126/head
Chris Lu 4 days ago
parent
3c9a7efde9
commit
823db0d1fc
1 changed files with 210 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 214
      weed/s3api/s3api_server_grpc.go

214
weed/s3api/s3api_server_grpc.go
View File

@ -3,15 +3,221 @@ package s3api
import ( import (
"context" "context"
"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
"encoding/json"
"fmt"
"net/url"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
) )
func (s3a *S3ApiServer) Configure(ctx context.Context, request *s3_pb.S3ConfigureRequest) (*s3_pb.S3ConfigureResponse, error) {
func (s3a *S3ApiServer) executeAction(values url.Values) (interface{}, error) {
if s3a.embeddedIam == nil {
return nil, fmt.Errorf("embedded iam is disabled")
}
response, iamErr := s3a.embeddedIam.ExecuteAction(values)
if iamErr != nil {
return nil, fmt.Errorf("IAM error: %s - %v", iamErr.Code, iamErr.Error)
}
return response, nil
}
func (s3a *S3ApiServer) ListUsers(ctx context.Context, req *iam_pb.ListUsersRequest) (*iam_pb.ListUsersResponse, error) {
values := url.Values{}
values.Set("Action", "ListUsers")
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
return &iam_pb.ListUsersResponse{}, nil
}
func (s3a *S3ApiServer) CreateUser(ctx context.Context, req *iam_pb.CreateUserRequest) (*iam_pb.CreateUserResponse, error) {
values := url.Values{}
values.Set("Action", "CreateUser")
if req.Identity != nil {
values.Set("UserName", req.Identity.Name)
}
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.CreateUserResponse{}, nil
}
func (s3a *S3ApiServer) GetUser(ctx context.Context, req *iam_pb.GetUserRequest) (*iam_pb.GetUserResponse, error) {
values := url.Values{}
values.Set("Action", "GetUser")
values.Set("UserName", req.Username)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
return &iam_pb.GetUserResponse{}, nil
}
func (s3a *S3ApiServer) UpdateUser(ctx context.Context, req *iam_pb.UpdateUserRequest) (*iam_pb.UpdateUserResponse, error) {
values := url.Values{}
values.Set("Action", "UpdateUser")
values.Set("UserName", req.Username)
// UpdateUser in DoActions expects "NewUserName" if renaming, but CreateUser just takes UserName.
// Looking at s3api_embedded_iam.go, UpdateUser uses "NewUserName" to change name.
if req.Identity != nil && req.Identity.Name != "" {
values.Set("NewUserName", req.Identity.Name)
}
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.UpdateUserResponse{}, nil
}
func (s3a *S3ApiServer) DeleteUser(ctx context.Context, req *iam_pb.DeleteUserRequest) (*iam_pb.DeleteUserResponse, error) {
values := url.Values{}
values.Set("Action", "DeleteUser")
values.Set("UserName", req.Username)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.DeleteUserResponse{}, nil
}
func (s3a *S3ApiServer) ListAccessKeys(ctx context.Context, req *iam_pb.ListAccessKeysRequest) (*iam_pb.ListAccessKeysResponse, error) {
values := url.Values{}
values.Set("Action", "ListAccessKeys")
values.Set("UserName", req.Username)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
return &iam_pb.ListAccessKeysResponse{}, nil
}
func (s3a *S3ApiServer) CreateAccessKey(ctx context.Context, req *iam_pb.CreateAccessKeyRequest) (*iam_pb.CreateAccessKeyResponse, error) {
values := url.Values{}
values.Set("Action", "CreateAccessKey")
values.Set("UserName", req.Username)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.CreateAccessKeyResponse{}, nil
}
func (s3a *S3ApiServer) DeleteAccessKey(ctx context.Context, req *iam_pb.DeleteAccessKeyRequest) (*iam_pb.DeleteAccessKeyResponse, error) {
values := url.Values{}
values.Set("Action", "DeleteAccessKey")
values.Set("UserName", req.Username)
values.Set("AccessKeyId", req.AccessKey)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.DeleteAccessKeyResponse{}, nil
}
if err := s3a.iam.LoadS3ApiConfigurationFromBytes(request.S3ConfigurationFileContent); err != nil {
func (s3a *S3ApiServer) PutUserPolicy(ctx context.Context, req *iam_pb.PutUserPolicyRequest) (*iam_pb.PutUserPolicyResponse, error) {
values := url.Values{}
values.Set("Action", "PutUserPolicy")
values.Set("UserName", req.Username)
values.Set("PolicyName", req.PolicyName)
values.Set("PolicyDocument", req.PolicyDocument)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err return nil, err
} }
return &iam_pb.PutUserPolicyResponse{}, nil
}
return &s3_pb.S3ConfigureResponse{}, nil
func (s3a *S3ApiServer) GetUserPolicy(ctx context.Context, req *iam_pb.GetUserPolicyRequest) (*iam_pb.GetUserPolicyResponse, error) {
values := url.Values{}
values.Set("Action", "GetUserPolicy")
values.Set("UserName", req.Username)
values.Set("PolicyName", req.PolicyName)
resp, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
jsonBytes, _ := json.Marshal(resp)
return &iam_pb.GetUserPolicyResponse{PolicyDocument: string(jsonBytes)}, nil
}
func (s3a *S3ApiServer) DeleteUserPolicy(ctx context.Context, req *iam_pb.DeleteUserPolicyRequest) (*iam_pb.DeleteUserPolicyResponse, error) {
values := url.Values{}
values.Set("Action", "DeleteUserPolicy")
values.Set("UserName", req.Username)
values.Set("PolicyName", req.PolicyName)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.DeleteUserPolicyResponse{}, nil
}
func (s3a *S3ApiServer) ListServiceAccounts(ctx context.Context, req *iam_pb.ListServiceAccountsRequest) (*iam_pb.ListServiceAccountsResponse, error) {
values := url.Values{}
values.Set("Action", "ListServiceAccounts")
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
return &iam_pb.ListServiceAccountsResponse{}, nil
}
func (s3a *S3ApiServer) CreateServiceAccount(ctx context.Context, req *iam_pb.CreateServiceAccountRequest) (*iam_pb.CreateServiceAccountResponse, error) {
values := url.Values{}
values.Set("Action", "CreateServiceAccount")
if req.ServiceAccount != nil {
values.Set("CreatedBy", req.ServiceAccount.CreatedBy)
}
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.CreateServiceAccountResponse{}, nil
}
func (s3a *S3ApiServer) UpdateServiceAccount(ctx context.Context, req *iam_pb.UpdateServiceAccountRequest) (*iam_pb.UpdateServiceAccountResponse, error) {
values := url.Values{}
values.Set("Action", "UpdateServiceAccount")
values.Set("ServiceAccountId", req.Id)
if req.ServiceAccount != nil {
values.Set("Status", "Active")
if req.ServiceAccount.Disabled {
values.Set("Status", "Inactive")
}
}
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.UpdateServiceAccountResponse{}, nil
}
func (s3a *S3ApiServer) DeleteServiceAccount(ctx context.Context, req *iam_pb.DeleteServiceAccountRequest) (*iam_pb.DeleteServiceAccountResponse, error) {
values := url.Values{}
values.Set("Action", "DeleteServiceAccount")
values.Set("ServiceAccountId", req.Id)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
return &iam_pb.DeleteServiceAccountResponse{}, nil
}
func (s3a *S3ApiServer) GetServiceAccount(ctx context.Context, req *iam_pb.GetServiceAccountRequest) (*iam_pb.GetServiceAccountResponse, error) {
values := url.Values{}
values.Set("Action", "GetServiceAccount")
values.Set("ServiceAccountId", req.Id)
_, err := s3a.executeAction(values)
if err != nil {
return nil, err
}
// TODO: map response
return &iam_pb.GetServiceAccountResponse{}, nil
} }
Write Preview
Loading…
Cancel
Save