You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
150 lines
3.4 KiB
150 lines
3.4 KiB
package shell
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"flag"
|
|
"fmt"
|
|
"io"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/s3api/policy_engine"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func init() {
|
|
Commands = append(Commands, &commandS3Policy{})
|
|
}
|
|
|
|
type commandS3Policy struct {
|
|
}
|
|
|
|
func (c *commandS3Policy) Name() string {
|
|
return "s3.policy"
|
|
}
|
|
|
|
func (c *commandS3Policy) Help() string {
|
|
return `manage s3 policies
|
|
|
|
# create or update a policy
|
|
s3.policy -put -name=mypolicy -file=policy.json
|
|
|
|
# list all policies
|
|
s3.policy -list
|
|
|
|
# get a policy
|
|
s3.policy -get -name=mypolicy
|
|
|
|
# delete a policy
|
|
s3.policy -delete -name=mypolicy
|
|
`
|
|
}
|
|
|
|
func (c *commandS3Policy) HasTag(CommandTag) bool {
|
|
return false
|
|
}
|
|
|
|
func (c *commandS3Policy) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
|
|
|
|
s3PolicyCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
|
|
put := s3PolicyCommand.Bool("put", false, "create or update a policy")
|
|
get := s3PolicyCommand.Bool("get", false, "get a policy")
|
|
list := s3PolicyCommand.Bool("list", false, "list all policies")
|
|
del := s3PolicyCommand.Bool("delete", false, "delete a policy")
|
|
name := s3PolicyCommand.String("name", "", "policy name")
|
|
file := s3PolicyCommand.String("file", "", "policy file (json)")
|
|
|
|
if err = s3PolicyCommand.Parse(args); err != nil {
|
|
return err
|
|
}
|
|
|
|
actionCount := 0
|
|
for _, v := range []bool{*put, *get, *list, *del} {
|
|
if v {
|
|
actionCount++
|
|
}
|
|
}
|
|
if actionCount == 0 {
|
|
return fmt.Errorf("one of -put, -get, -list, -delete must be specified")
|
|
}
|
|
if actionCount > 1 {
|
|
return fmt.Errorf("only one of -put, -get, -list, -delete can be specified")
|
|
}
|
|
|
|
return pb.WithGrpcClient(false, 0, func(conn *grpc.ClientConn) error {
|
|
client := iam_pb.NewSeaweedIdentityAccessManagementClient(conn)
|
|
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
|
defer cancel()
|
|
|
|
if *put {
|
|
if *name == "" {
|
|
return fmt.Errorf("-name is required")
|
|
}
|
|
if *file == "" {
|
|
return fmt.Errorf("-file is required")
|
|
}
|
|
data, err := os.ReadFile(*file)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to read policy file: %v", err)
|
|
}
|
|
|
|
// Validate JSON
|
|
var policy policy_engine.PolicyDocument
|
|
if err := json.Unmarshal(data, &policy); err != nil {
|
|
return fmt.Errorf("invalid policy json: %v", err)
|
|
}
|
|
|
|
_, err = client.PutPolicy(ctx, &iam_pb.PutPolicyRequest{
|
|
Name: *name,
|
|
Content: string(data),
|
|
})
|
|
return err
|
|
}
|
|
|
|
if *get {
|
|
if *name == "" {
|
|
return fmt.Errorf("-name is required")
|
|
}
|
|
resp, err := client.GetPolicy(ctx, &iam_pb.GetPolicyRequest{
|
|
Name: *name,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if resp.Content == "" {
|
|
return fmt.Errorf("policy not found")
|
|
}
|
|
fmt.Fprintf(writer, "%s\n", resp.Content)
|
|
return nil
|
|
}
|
|
|
|
if *list {
|
|
resp, err := client.ListPolicies(ctx, &iam_pb.ListPoliciesRequest{})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
for _, policy := range resp.Policies {
|
|
fmt.Fprintf(writer, "Name: %s\n", policy.Name)
|
|
fmt.Fprintf(writer, "Content: %s\n", policy.Content)
|
|
fmt.Fprintf(writer, "---\n")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
if *del {
|
|
if *name == "" {
|
|
return fmt.Errorf("-name is required")
|
|
}
|
|
_, err := client.DeletePolicy(ctx, &iam_pb.DeletePolicyRequest{
|
|
Name: *name,
|
|
})
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}, commandEnv.option.FilerAddress.ToGrpcAddress(), false, commandEnv.option.GrpcDialOption)
|
|
|
|
}
|