|
|
@ -24,7 +24,7 @@ type Iam interface { |
|
|
|
} |
|
|
|
|
|
|
|
type IdentityAccessManagement struct { |
|
|
|
m sync.Mutex |
|
|
|
m sync.RWMutex |
|
|
|
|
|
|
|
identities []*Identity |
|
|
|
domain string |
|
|
@ -135,21 +135,22 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api |
|
|
|
identities = append(identities, t) |
|
|
|
} |
|
|
|
iam.m.Lock() |
|
|
|
|
|
|
|
// atomically switch
|
|
|
|
iam.identities = identities |
|
|
|
|
|
|
|
iam.m.Unlock() |
|
|
|
return nil |
|
|
|
} |
|
|
|
|
|
|
|
func (iam *IdentityAccessManagement) isEnabled() bool { |
|
|
|
|
|
|
|
iam.m.RLock() |
|
|
|
defer iam.m.RUnlock() |
|
|
|
return len(iam.identities) > 0 |
|
|
|
} |
|
|
|
|
|
|
|
func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identity *Identity, cred *Credential, found bool) { |
|
|
|
|
|
|
|
iam.m.RLock() |
|
|
|
defer iam.m.RUnlock() |
|
|
|
for _, ident := range iam.identities { |
|
|
|
for _, cred := range ident.Credentials { |
|
|
|
// println("checking", ident.Name, cred.AccessKey)
|
|
|
@ -163,7 +164,8 @@ func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identi |
|
|
|
} |
|
|
|
|
|
|
|
func (iam *IdentityAccessManagement) lookupAnonymous() (identity *Identity, found bool) { |
|
|
|
|
|
|
|
iam.m.RLock() |
|
|
|
defer iam.m.RUnlock() |
|
|
|
for _, ident := range iam.identities { |
|
|
|
if ident.Name == "anonymous" { |
|
|
|
return ident, true |
|
|
|