Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

s3: add account (#3753) 

associate `Account` and `Identity` by accountId
pull/3757/head
LHHDZ 2 years ago
committed by GitHub
parent
301b678147
commit
aacdcc4cad
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 71 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 69
      weed/s3api/s3api_account.go
  2. 2
      weed/s3api/s3api_server.go

69
weed/s3api/s3api_account.go
View File

@ -0,0 +1,69 @@
package s3api
import (
"sync"
)
//Predefined Accounts
var (
// AccountAdmin is used as the default account for IAM-Credentials access without Account configured
AccountAdmin = Account{
Name: "admin",
EmailAddress: "admin@example.com",
Id: "admin",
}
// AccountAnonymous is used to represent the account for anonymous access
AccountAnonymous = Account{
Name: "anonymous",
EmailAddress: "anonymous@example.com",
Id: "anonymous",
}
)
//Account represents a system user, a system user can
//configure multiple IAM-Users, IAM-Users can configure
//permissions respectively, and each IAM-User can
//configure multiple security credentials
type Account struct {
//Name is also used to display the "DisplayName" as the owner of the bucket or object
Name string
EmailAddress string
//Id is used to identify an Account when granting cross-account access(ACLs) to buckets and objects
Id string
}
type AccountManager struct {
sync.Mutex
s3a *S3ApiServer
IdNameMapping map[string]string
EmailIdMapping map[string]string
}
func NewAccountManager(s3a *S3ApiServer) *AccountManager {
am := &AccountManager{
s3a: s3a,
IdNameMapping: make(map[string]string),
EmailIdMapping: make(map[string]string),
}
am.initialize()
return am
}
func (am *AccountManager) GetAccountNameById(canonicalId string) string {
return am.IdNameMapping[canonicalId]
}
func (am *AccountManager) GetAccountIdByEmail(email string) string {
return am.EmailIdMapping[email]
}
func (am *AccountManager) initialize() {
// load predefined Accounts
for _, account := range []Account{AccountAdmin, AccountAnonymous} {
am.IdNameMapping[account.Id] = account.Name
am.EmailIdMapping[account.EmailAddress] = account.Id
}
}

2
weed/s3api/s3api_server.go
View File

@ -40,6 +40,7 @@ type S3ApiServer struct {
randomClientId int32 randomClientId int32
filerGuard *security.Guard filerGuard *security.Guard
client *http.Client client *http.Client
accountManager *AccountManager
} }
func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) { func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer *S3ApiServer, err error) {
@ -59,6 +60,7 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer
filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec), filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
cb: NewCircuitBreaker(option), cb: NewCircuitBreaker(option),
} }
s3ApiServer.accountManager = NewAccountManager(s3ApiServer)
if option.LocalFilerSocket == "" { if option.LocalFilerSocket == "" {
s3ApiServer.client = &http.Client{Transport: &http.Transport{ s3ApiServer.client = &http.Client{Transport: &http.Transport{
MaxIdleConns: 1024, MaxIdleConns: 1024,

Write Preview
Loading…
Cancel
Save