command_s3_configure.go 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
  1. package shell
  2. import (
  3. "bytes"
  4. "flag"
  5. "fmt"
  6. "io"
  7. "sort"
  8. "strings"
  9. "github.com/seaweedfs/seaweedfs/weed/filer"
  10. "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
  11. "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
  12. )
  13. func init() {
  14. Commands = append(Commands, &commandS3Configure{})
  15. }
  16. type commandS3Configure struct {
  17. }
  18. func (c *commandS3Configure) Name() string {
  19. return "s3.configure"
  20. }
  21. func (c *commandS3Configure) Help() string {
  22. return `configure and apply s3 options for each bucket
  23. # see the current configuration file content
  24. s3.configure
  25. `
  26. }
  27. func (c *commandS3Configure) HasTag(CommandTag) bool {
  28. return false
  29. }
  30. func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
  31. s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
  32. actions := s3ConfigureCommand.String("actions", "", "comma separated actions names: Read,Write,List,Tagging,Admin")
  33. user := s3ConfigureCommand.String("user", "", "user name")
  34. buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
  35. accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
  36. secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
  37. isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
  38. apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")
  39. if err = s3ConfigureCommand.Parse(args); err != nil {
  40. return nil
  41. }
  42. var buf bytes.Buffer
  43. if err = commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  44. return filer.ReadEntry(commandEnv.MasterClient, client, filer.IamConfigDirectory, filer.IamIdentityFile, &buf)
  45. }); err != nil && err != filer_pb.ErrNotFound {
  46. return err
  47. }
  48. s3cfg := &iam_pb.S3ApiConfiguration{}
  49. if buf.Len() > 0 {
  50. if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
  51. return err
  52. }
  53. }
  54. idx := 0
  55. changed := false
  56. if *user != "" {
  57. for i, identity := range s3cfg.Identities {
  58. if *user == identity.Name {
  59. idx = i
  60. changed = true
  61. break
  62. }
  63. }
  64. }
  65. var cmdActions []string
  66. for _, action := range strings.Split(*actions, ",") {
  67. if *buckets == "" {
  68. cmdActions = append(cmdActions, action)
  69. } else {
  70. for _, bucket := range strings.Split(*buckets, ",") {
  71. cmdActions = append(cmdActions, fmt.Sprintf("%s:%s", action, bucket))
  72. }
  73. }
  74. }
  75. if changed {
  76. infoAboutSimulationMode(writer, *apply, "-apply")
  77. if *isDelete {
  78. var exists []int
  79. for _, cmdAction := range cmdActions {
  80. for i, currentAction := range s3cfg.Identities[idx].Actions {
  81. if cmdAction == currentAction {
  82. exists = append(exists, i)
  83. }
  84. }
  85. }
  86. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  87. for _, i := range exists {
  88. s3cfg.Identities[idx].Actions = append(
  89. s3cfg.Identities[idx].Actions[:i],
  90. s3cfg.Identities[idx].Actions[i+1:]...,
  91. )
  92. }
  93. if *accessKey != "" {
  94. exists = []int{}
  95. for i, credential := range s3cfg.Identities[idx].Credentials {
  96. if credential.AccessKey == *accessKey {
  97. exists = append(exists, i)
  98. }
  99. }
  100. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  101. for _, i := range exists {
  102. s3cfg.Identities[idx].Credentials = append(
  103. s3cfg.Identities[idx].Credentials[:i],
  104. s3cfg.Identities[idx].Credentials[i+1:]...,
  105. )
  106. }
  107. }
  108. if *actions == "" && *accessKey == "" && *buckets == "" {
  109. s3cfg.Identities = append(s3cfg.Identities[:idx], s3cfg.Identities[idx+1:]...)
  110. }
  111. } else {
  112. if *actions != "" {
  113. for _, cmdAction := range cmdActions {
  114. found := false
  115. for _, action := range s3cfg.Identities[idx].Actions {
  116. if cmdAction == action {
  117. found = true
  118. break
  119. }
  120. }
  121. if !found {
  122. s3cfg.Identities[idx].Actions = append(s3cfg.Identities[idx].Actions, cmdAction)
  123. }
  124. }
  125. }
  126. if *accessKey != "" && *user != "anonymous" {
  127. found := false
  128. for _, credential := range s3cfg.Identities[idx].Credentials {
  129. if credential.AccessKey == *accessKey {
  130. found = true
  131. credential.SecretKey = *secretKey
  132. break
  133. }
  134. }
  135. if !found {
  136. s3cfg.Identities[idx].Credentials = append(s3cfg.Identities[idx].Credentials, &iam_pb.Credential{
  137. AccessKey: *accessKey,
  138. SecretKey: *secretKey,
  139. })
  140. }
  141. }
  142. }
  143. } else if *user != "" && *actions != "" {
  144. infoAboutSimulationMode(writer, *apply, "-apply")
  145. identity := iam_pb.Identity{
  146. Name: *user,
  147. Actions: cmdActions,
  148. Credentials: []*iam_pb.Credential{},
  149. }
  150. if *user != "anonymous" {
  151. identity.Credentials = append(identity.Credentials,
  152. &iam_pb.Credential{AccessKey: *accessKey, SecretKey: *secretKey})
  153. }
  154. s3cfg.Identities = append(s3cfg.Identities, &identity)
  155. }
  156. if err = filer.CheckDuplicateAccessKey(s3cfg); err != nil {
  157. return err
  158. }
  159. buf.Reset()
  160. filer.ProtoToText(&buf, s3cfg)
  161. fmt.Fprintf(writer, string(buf.Bytes()))
  162. fmt.Fprintln(writer)
  163. if *apply {
  164. if err := commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  165. return filer.SaveInsideFiler(client, filer.IamConfigDirectory, filer.IamIdentityFile, buf.Bytes())
  166. }); err != nil {
  167. return err
  168. }
  169. }
  170. return nil
  171. }