mirror of
https://github.com/chrislusf/seaweedfs
synced 2025-07-04 10:42:47 +02:00
1db7c2b8aa
* add credential store interface * load credential.toml * lint * create credentialManager with explicit store type * add type name * InitializeCredentialManager * remove unused functions * fix missing import * fix import * fix nil configuration
235 lines
6.9 KiB
Go
235 lines
6.9 KiB
Go
package filer_etc
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/credential"
|
|
"github.com/seaweedfs/seaweedfs/weed/filer"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/util"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
func init() {
|
|
credential.Stores = append(credential.Stores, &FilerEtcStore{})
|
|
}
|
|
|
|
// FilerEtcStore implements CredentialStore using SeaweedFS filer for storage
|
|
type FilerEtcStore struct {
|
|
filerGrpcAddress string
|
|
grpcDialOption grpc.DialOption
|
|
}
|
|
|
|
func (store *FilerEtcStore) GetName() credential.CredentialStoreTypeName {
|
|
return credential.StoreTypeFilerEtc
|
|
}
|
|
|
|
func (store *FilerEtcStore) Initialize(configuration util.Configuration, prefix string) error {
|
|
// Handle nil configuration gracefully
|
|
if configuration != nil {
|
|
store.filerGrpcAddress = configuration.GetString(prefix + "filer")
|
|
// TODO: Initialize grpcDialOption based on configuration
|
|
}
|
|
// Note: filerGrpcAddress can be set later via SetFilerClient method
|
|
return nil
|
|
}
|
|
|
|
// SetFilerClient sets the filer client details for the file store
|
|
func (store *FilerEtcStore) SetFilerClient(filerAddress string, grpcDialOption grpc.DialOption) {
|
|
store.filerGrpcAddress = filerAddress
|
|
store.grpcDialOption = grpcDialOption
|
|
}
|
|
|
|
// withFilerClient executes a function with a filer client
|
|
func (store *FilerEtcStore) withFilerClient(fn func(client filer_pb.SeaweedFilerClient) error) error {
|
|
if store.filerGrpcAddress == "" {
|
|
return fmt.Errorf("filer address not configured")
|
|
}
|
|
|
|
// Use the pb.WithGrpcFilerClient helper similar to existing code
|
|
return pb.WithGrpcFilerClient(false, 0, pb.ServerAddress(store.filerGrpcAddress), store.grpcDialOption, fn)
|
|
}
|
|
|
|
func (store *FilerEtcStore) LoadConfiguration(ctx context.Context) (*iam_pb.S3ApiConfiguration, error) {
|
|
s3cfg := &iam_pb.S3ApiConfiguration{}
|
|
|
|
err := store.withFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
|
var buf bytes.Buffer
|
|
if err := filer.ReadEntry(nil, client, filer.IamConfigDirectory, filer.IamIdentityFile, &buf); err != nil {
|
|
if err != filer_pb.ErrNotFound {
|
|
return err
|
|
}
|
|
}
|
|
if buf.Len() > 0 {
|
|
return filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg)
|
|
}
|
|
return nil
|
|
})
|
|
|
|
return s3cfg, err
|
|
}
|
|
|
|
func (store *FilerEtcStore) SaveConfiguration(ctx context.Context, config *iam_pb.S3ApiConfiguration) error {
|
|
return store.withFilerClient(func(client filer_pb.SeaweedFilerClient) error {
|
|
var buf bytes.Buffer
|
|
if err := filer.ProtoToText(&buf, config); err != nil {
|
|
return fmt.Errorf("failed to marshal configuration: %v", err)
|
|
}
|
|
return filer.SaveInsideFiler(client, filer.IamConfigDirectory, filer.IamIdentityFile, buf.Bytes())
|
|
})
|
|
}
|
|
|
|
func (store *FilerEtcStore) CreateUser(ctx context.Context, identity *iam_pb.Identity) error {
|
|
// Load existing configuration
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
// Check if user already exists
|
|
for _, existingIdentity := range config.Identities {
|
|
if existingIdentity.Name == identity.Name {
|
|
return credential.ErrUserAlreadyExists
|
|
}
|
|
}
|
|
|
|
// Add new identity
|
|
config.Identities = append(config.Identities, identity)
|
|
|
|
// Save configuration
|
|
return store.SaveConfiguration(ctx, config)
|
|
}
|
|
|
|
func (store *FilerEtcStore) GetUser(ctx context.Context, username string) (*iam_pb.Identity, error) {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
for _, identity := range config.Identities {
|
|
if identity.Name == username {
|
|
return identity, nil
|
|
}
|
|
}
|
|
|
|
return nil, credential.ErrUserNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) UpdateUser(ctx context.Context, username string, identity *iam_pb.Identity) error {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
// Find and update the user
|
|
for i, existingIdentity := range config.Identities {
|
|
if existingIdentity.Name == username {
|
|
config.Identities[i] = identity
|
|
return store.SaveConfiguration(ctx, config)
|
|
}
|
|
}
|
|
|
|
return credential.ErrUserNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) DeleteUser(ctx context.Context, username string) error {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
// Find and remove the user
|
|
for i, identity := range config.Identities {
|
|
if identity.Name == username {
|
|
config.Identities = append(config.Identities[:i], config.Identities[i+1:]...)
|
|
return store.SaveConfiguration(ctx, config)
|
|
}
|
|
}
|
|
|
|
return credential.ErrUserNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) ListUsers(ctx context.Context) ([]string, error) {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
var usernames []string
|
|
for _, identity := range config.Identities {
|
|
usernames = append(usernames, identity.Name)
|
|
}
|
|
|
|
return usernames, nil
|
|
}
|
|
|
|
func (store *FilerEtcStore) GetUserByAccessKey(ctx context.Context, accessKey string) (*iam_pb.Identity, error) {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
for _, identity := range config.Identities {
|
|
for _, credential := range identity.Credentials {
|
|
if credential.AccessKey == accessKey {
|
|
return identity, nil
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil, credential.ErrAccessKeyNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) CreateAccessKey(ctx context.Context, username string, cred *iam_pb.Credential) error {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
// Find the user and add the credential
|
|
for _, identity := range config.Identities {
|
|
if identity.Name == username {
|
|
// Check if access key already exists
|
|
for _, existingCred := range identity.Credentials {
|
|
if existingCred.AccessKey == cred.AccessKey {
|
|
return fmt.Errorf("access key %s already exists", cred.AccessKey)
|
|
}
|
|
}
|
|
|
|
identity.Credentials = append(identity.Credentials, cred)
|
|
return store.SaveConfiguration(ctx, config)
|
|
}
|
|
}
|
|
|
|
return credential.ErrUserNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) DeleteAccessKey(ctx context.Context, username string, accessKey string) error {
|
|
config, err := store.LoadConfiguration(ctx)
|
|
if err != nil {
|
|
return fmt.Errorf("failed to load configuration: %v", err)
|
|
}
|
|
|
|
// Find the user and remove the credential
|
|
for _, identity := range config.Identities {
|
|
if identity.Name == username {
|
|
for i, cred := range identity.Credentials {
|
|
if cred.AccessKey == accessKey {
|
|
identity.Credentials = append(identity.Credentials[:i], identity.Credentials[i+1:]...)
|
|
return store.SaveConfiguration(ctx, config)
|
|
}
|
|
}
|
|
return credential.ErrAccessKeyNotFound
|
|
}
|
|
}
|
|
|
|
return credential.ErrUserNotFound
|
|
}
|
|
|
|
func (store *FilerEtcStore) Shutdown() {
|
|
// No cleanup needed for file store
|
|
}
|