mirror of
https://github.com/chrislusf/seaweedfs
synced 2024-06-25 20:09:30 +02:00
change s3_account.go package to avoid cycle dependency (#3813)
This commit is contained in:
LHHDZ
GitHub
parent
0711870f43
commit
3550692afc
|
|
@ -2,6 +2,7 @@ package s3api
|
|||
|
||||
import (
|
||||
"fmt"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
|
@ -40,7 +41,7 @@ type Identity struct {
|
|||
}
|
||||
|
||||
func (i *Identity) isAnonymous() bool {
|
||||
return i.Name == AccountAnonymous.Name
|
||||
return i.Name == s3account.AccountAnonymous.Name
|
||||
}
|
||||
|
||||
type Credential struct {
|
||||
|
|
@ -132,16 +133,16 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
|
|||
for _, ident := range config.Identities {
|
||||
t := &Identity{
|
||||
Name: ident.Name,
|
||||
AccountId: AccountAdmin.Id,
|
||||
AccountId: s3account.AccountAdmin.Id,
|
||||
Credentials: nil,
|
||||
Actions: nil,
|
||||
}
|
||||
|
||||
if ident.Name == AccountAnonymous.Name {
|
||||
if ident.AccountId != "" && ident.AccountId != AccountAnonymous.Id {
|
||||
if ident.Name == s3account.AccountAnonymous.Name {
|
||||
if ident.AccountId != "" && ident.AccountId != s3account.AccountAnonymous.Id {
|
||||
glog.Warningf("anonymous identity is associated with a non-anonymous account ID, the association is invalid")
|
||||
}
|
||||
t.AccountId = AccountAnonymous.Id
|
||||
t.AccountId = s3account.AccountAnonymous.Id
|
||||
IdentityAnonymous = t
|
||||
} else {
|
||||
if len(ident.AccountId) > 0 {
|
||||
|
|
@ -163,8 +164,8 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
|
|||
|
||||
if IdentityAnonymous == nil {
|
||||
IdentityAnonymous = &Identity{
|
||||
Name: AccountAnonymous.Name,
|
||||
AccountId: AccountAnonymous.Id,
|
||||
Name: s3account.AccountAnonymous.Name,
|
||||
AccountId: s3account.AccountAnonymous.Id,
|
||||
}
|
||||
}
|
||||
iam.m.Lock()
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ package s3api
|
|||
|
||||
import (
|
||||
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"reflect"
|
||||
"testing"
|
||||
|
|
@ -150,7 +151,7 @@ func TestLoadS3ApiConfiguration(t *testing.T) {
|
|||
},
|
||||
expectIdent: &Identity{
|
||||
Name: "notSpecifyAccountId",
|
||||
AccountId: AccountAdmin.Id,
|
||||
AccountId: s3account.AccountAdmin.Id,
|
||||
Actions: []Action{
|
||||
"Read",
|
||||
"Write",
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import (
|
|||
"github.com/seaweedfs/seaweedfs/weed/glog"
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
|
||||
//"github.com/seaweedfs/seaweedfs/weed/s3api"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
|
||||
|
|
@ -93,8 +94,8 @@ func buildBucketMetadata(entry *filer_pb.Entry) *BucketMetaData {
|
|||
|
||||
// Default owner: `AccountAdmin`
|
||||
Owner: &s3.Owner{
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
},
|
||||
}
|
||||
if entry.Extended != nil {
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ import (
|
|||
"github.com/aws/aws-sdk-go/service/s3"
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
|
||||
"reflect"
|
||||
"sync"
|
||||
|
|
@ -27,8 +28,8 @@ var (
|
|||
//good entry
|
||||
goodEntryAcp, _ = jsonutil.BuildJSON(&s3.AccessControlPolicy{
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Grants: s3_constants.PublicRead,
|
||||
})
|
||||
|
|
@ -99,8 +100,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: badEntry.Name,
|
||||
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: nil,
|
||||
},
|
||||
|
|
@ -110,8 +111,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: goodEntry.Name,
|
||||
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: s3_constants.PublicRead,
|
||||
},
|
||||
|
|
@ -121,8 +122,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: ownershipEmptyStr.Name,
|
||||
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: nil,
|
||||
},
|
||||
|
|
@ -132,8 +133,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: ownershipValid.Name,
|
||||
ObjectOwnership: s3_constants.OwnershipBucketOwnerEnforced,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: nil,
|
||||
},
|
||||
|
|
@ -143,8 +144,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: acpEmptyStr.Name,
|
||||
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: nil,
|
||||
},
|
||||
|
|
@ -154,8 +155,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: acpEmptyObject.Name,
|
||||
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: nil,
|
||||
},
|
||||
|
|
@ -165,8 +166,8 @@ var tcs = []*BucketMetadataTestCase{
|
|||
Name: acpOwnerNil.Name,
|
||||
ObjectOwnership: s3_constants.DefaultOwnershipForExists,
|
||||
Owner: &s3.Owner{
|
||||
DisplayName: &AccountAdmin.Name,
|
||||
ID: &AccountAdmin.Id,
|
||||
DisplayName: &s3account.AccountAdmin.Name,
|
||||
ID: &s3account.AccountAdmin.Id,
|
||||
},
|
||||
Acl: make([]*s3.Grant, 0),
|
||||
},
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package s3api
|
||||
package s3account
|
||||
|
||||
import (
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
||||
"sync"
|
||||
)
|
||||
|
||||
|
|
@ -36,15 +37,15 @@ type Account struct {
|
|||
|
||||
type AccountManager struct {
|
||||
sync.Mutex
|
||||
s3a *S3ApiServer
|
||||
filerClient filer_pb.FilerClient
|
||||
|
||||
IdNameMapping map[string]string
|
||||
EmailIdMapping map[string]string
|
||||
}
|
||||
|
||||
func NewAccountManager(s3a *S3ApiServer) *AccountManager {
|
||||
func NewAccountManager(filerClient filer_pb.FilerClient) *AccountManager {
|
||||
am := &AccountManager{
|
||||
s3a: s3a,
|
||||
filerClient: filerClient,
|
||||
IdNameMapping: make(map[string]string),
|
||||
EmailIdMapping: make(map[string]string),
|
||||
}
|
||||
|
|
@ -2,6 +2,7 @@ package s3api
|
|||
|
||||
import (
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
|
||||
"net/http"
|
||||
)
|
||||
|
|
@ -9,7 +10,7 @@ import (
|
|||
func getAccountId(r *http.Request) string {
|
||||
id := r.Header.Get(s3_constants.AmzAccountId)
|
||||
if len(id) == 0 {
|
||||
return AccountAnonymous.Id
|
||||
return s3account.AccountAnonymous.Id
|
||||
} else {
|
||||
return id
|
||||
}
|
||||
|
|
@ -21,7 +22,7 @@ func (s3a *S3ApiServer) checkAccessByOwnership(r *http.Request, bucket string) s
|
|||
return errCode
|
||||
}
|
||||
accountId := getAccountId(r)
|
||||
if accountId == AccountAdmin.Id || accountId == *metadata.Owner.ID {
|
||||
if accountId == s3account.AccountAdmin.Id || accountId == *metadata.Owner.ID {
|
||||
return s3err.ErrNone
|
||||
}
|
||||
return s3err.ErrAccessDenied
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
"fmt"
|
||||
"github.com/seaweedfs/seaweedfs/weed/filer"
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb/s3_pb"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
|
||||
"net"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
|
@ -40,7 +41,7 @@ type S3ApiServer struct {
|
|||
randomClientId int32
|
||||
filerGuard *security.Guard
|
||||
client *http.Client
|
||||
accountManager *AccountManager
|
||||
accountManager *s3account.AccountManager
|
||||
bucketRegistry *BucketRegistry
|
||||
}
|
||||
|
||||
|
|
@ -61,7 +62,7 @@ func NewS3ApiServer(router *mux.Router, option *S3ApiServerOption) (s3ApiServer
|
|||
filerGuard: security.NewGuard([]string{}, signingKey, expiresAfterSec, readSigningKey, readExpiresAfterSec),
|
||||
cb: NewCircuitBreaker(option),
|
||||
}
|
||||
s3ApiServer.accountManager = NewAccountManager(s3ApiServer)
|
||||
s3ApiServer.accountManager = s3account.NewAccountManager(s3ApiServer)
|
||||
s3ApiServer.bucketRegistry = NewBucketRegistry(s3ApiServer)
|
||||
if option.LocalFilerSocket == "" {
|
||||
s3ApiServer.client = &http.Client{Transport: &http.Transport{
|
||||
|
|
|
|||
Loading…
Reference in a new issue