Fix IAM manager and post policy to use current active filer

3 days ago · f838472b79
3 changed files with 7 additions and 23 deletions
--- a/weed/iamapi/iamapi_server.go
+++ b/weed/iamapi/iamapi_server.go
@ -38,16 +38,6 @@ type IamS3ApiConfigure struct {
 	credentialManager *credential.CredentialManager
 }

-// getFilerAddress returns the current filer address to use
-// Note: IAM operations don't have access to FilerClient's current filer tracking
-// Returns the first filer as fallback - consider adding FilerClient to IamS3ApiConfigure
-func (iama *IamS3ApiConfigure) getFilerAddress() pb.ServerAddress {
-	if len(iama.option.Filers) > 0 {
-		return iama.option.Filers[0]
-	}
-	return ""
-}
-
 type IamServerOption struct {
 	Masters        map[string]pb.ServerAddress
 	Filers         []pb.ServerAddress
--- a/weed/s3api/s3api_object_handlers_postpolicy.go
+++ b/weed/s3api/s3api_object_handlers_postpolicy.go
@ -114,7 +114,7 @@ func (s3a *S3ApiServer) PostPolicyBucketHandler(w http.ResponseWriter, r *http.R
 		}
 	}

-	uploadUrl := fmt.Sprintf("http://%s%s/%s%s", s3a.getFilerAddress().ToHttpAddress(), s3a.option.BucketsPath, bucket, urlEscapeObject(object))
+	filePath := fmt.Sprintf("%s/%s%s", s3a.option.BucketsPath, bucket, object)

 	// Get ContentType from post formData
 	// Otherwise from formFile ContentType
@ -136,7 +136,7 @@ func (s3a *S3ApiServer) PostPolicyBucketHandler(w http.ResponseWriter, r *http.R
 		}
 	}

-	etag, errCode, sseMetadata := s3a.putToFiler(r, uploadUrl, fileBody, bucket, 1)
+	etag, errCode, sseMetadata := s3a.putToFiler(r, filePath, fileBody, bucket, 1)

 	if errCode != s3err.ErrNone {
 		s3err.WriteErrorResponse(w, r, errCode)
--- a/weed/s3api/s3api_server.go
+++ b/weed/s3api/s3api_server.go
@ -154,22 +154,16 @@ func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, expl
 	if option.IamConfig != "" {
 		glog.V(1).Infof("Loading advanced IAM configuration from: %s", option.IamConfig)

-		// Note: IAM manager and S3IAMIntegration currently use only the first filer address
-		// TODO: Update loadIAMManagerFromConfig and NewS3IAMIntegration to support multiple filers
-		// for full HA. This is a known limitation for filer-backed IAM stores.
-		filerAddr := ""
-		if len(option.Filers) > 0 {
-			filerAddr = string(option.Filers[0])
-		}
-
+		// Use FilerClient's GetCurrentFiler for HA-aware filer selection
 		iamManager, err := loadIAMManagerFromConfig(option.IamConfig, func() string {
-			return filerAddr
+			return string(filerClient.GetCurrentFiler())
 		})
 		if err != nil {
 			glog.Errorf("Failed to load IAM configuration: %v", err)
 		} else {
 			// Create S3 IAM integration with the loaded IAM manager
-			s3iam := NewS3IAMIntegration(iamManager, filerAddr)
+			// filerAddress not actually used, just for backward compatibility
+			s3iam := NewS3IAMIntegration(iamManager, "")

 			// Set IAM integration in server
 			s3ApiServer.iamIntegration = s3iam
@ -177,7 +171,7 @@ func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, expl
 			// Set the integration in the traditional IAM for compatibility
 			iam.SetIAMIntegration(s3iam)

-			glog.V(1).Infof("Advanced IAM system initialized successfully")
+			glog.V(1).Infof("Advanced IAM system initialized successfully with HA filer support")
 		}
 	}