command_s3_configure.go 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. package shell
  2. import (
  3. "bytes"
  4. "flag"
  5. "fmt"
  6. "github.com/chrislusf/seaweedfs/weed/filer"
  7. "io"
  8. "sort"
  9. "strings"
  10. "github.com/chrislusf/seaweedfs/weed/pb/filer_pb"
  11. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  12. )
  13. func init() {
  14. Commands = append(Commands, &commandS3Configure{})
  15. }
  16. type commandS3Configure struct {
  17. }
  18. func (c *commandS3Configure) Name() string {
  19. return "s3.configure"
  20. }
  21. func (c *commandS3Configure) Help() string {
  22. return `configure and apply s3 options for each bucket
  23. # see the current configuration file content
  24. s3.configure
  25. `
  26. }
  27. func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
  28. s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
  29. actions := s3ConfigureCommand.String("actions", "", "comma separated actions names: Read,Write,List,Tagging,Admin")
  30. user := s3ConfigureCommand.String("user", "", "user name")
  31. buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
  32. accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
  33. secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
  34. isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
  35. apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")
  36. if err = s3ConfigureCommand.Parse(args); err != nil {
  37. return nil
  38. }
  39. var buf bytes.Buffer
  40. if err = commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  41. return filer.ReadEntry(commandEnv.MasterClient, client, filer.IamConfigDirecotry, filer.IamIdentityFile, &buf)
  42. }); err != nil && err != filer_pb.ErrNotFound {
  43. return err
  44. }
  45. s3cfg := &iam_pb.S3ApiConfiguration{}
  46. if buf.Len() > 0 {
  47. if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
  48. return err
  49. }
  50. }
  51. idx := 0
  52. changed := false
  53. if *user != "" {
  54. for i, identity := range s3cfg.Identities {
  55. if *user == identity.Name {
  56. idx = i
  57. changed = true
  58. break
  59. }
  60. }
  61. }
  62. var cmdActions []string
  63. for _, action := range strings.Split(*actions, ",") {
  64. if *buckets == "" {
  65. cmdActions = append(cmdActions, action)
  66. } else {
  67. for _, bucket := range strings.Split(*buckets, ",") {
  68. cmdActions = append(cmdActions, fmt.Sprintf("%s:%s", action, bucket))
  69. }
  70. }
  71. }
  72. if changed {
  73. if *isDelete {
  74. var exists []int
  75. for _, cmdAction := range cmdActions {
  76. for i, currentAction := range s3cfg.Identities[idx].Actions {
  77. if cmdAction == currentAction {
  78. exists = append(exists, i)
  79. }
  80. }
  81. }
  82. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  83. for _, i := range exists {
  84. s3cfg.Identities[idx].Actions = append(
  85. s3cfg.Identities[idx].Actions[:i],
  86. s3cfg.Identities[idx].Actions[i+1:]...,
  87. )
  88. }
  89. if *accessKey != "" {
  90. exists = []int{}
  91. for i, credential := range s3cfg.Identities[idx].Credentials {
  92. if credential.AccessKey == *accessKey {
  93. exists = append(exists, i)
  94. }
  95. }
  96. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  97. for _, i := range exists {
  98. s3cfg.Identities[idx].Credentials = append(
  99. s3cfg.Identities[idx].Credentials[:i],
  100. s3cfg.Identities[idx].Credentials[:i+1]...,
  101. )
  102. }
  103. }
  104. if *actions == "" && *accessKey == "" && *buckets == "" {
  105. s3cfg.Identities = append(s3cfg.Identities[:idx], s3cfg.Identities[idx+1:]...)
  106. }
  107. } else {
  108. if *actions != "" {
  109. for _, cmdAction := range cmdActions {
  110. found := false
  111. for _, action := range s3cfg.Identities[idx].Actions {
  112. if cmdAction == action {
  113. found = true
  114. break
  115. }
  116. }
  117. if !found {
  118. s3cfg.Identities[idx].Actions = append(s3cfg.Identities[idx].Actions, cmdAction)
  119. }
  120. }
  121. }
  122. if *accessKey != "" && *user != "anonymous" {
  123. found := false
  124. for _, credential := range s3cfg.Identities[idx].Credentials {
  125. if credential.AccessKey == *accessKey {
  126. found = true
  127. credential.SecretKey = *secretKey
  128. break
  129. }
  130. }
  131. if !found {
  132. s3cfg.Identities[idx].Credentials = append(s3cfg.Identities[idx].Credentials, &iam_pb.Credential{
  133. AccessKey: *accessKey,
  134. SecretKey: *secretKey,
  135. })
  136. }
  137. }
  138. }
  139. } else if *user != "" && *actions != "" {
  140. identity := iam_pb.Identity{
  141. Name: *user,
  142. Actions: cmdActions,
  143. Credentials: []*iam_pb.Credential{},
  144. }
  145. if *user != "anonymous" {
  146. identity.Credentials = append(identity.Credentials,
  147. &iam_pb.Credential{AccessKey: *accessKey, SecretKey: *secretKey})
  148. }
  149. s3cfg.Identities = append(s3cfg.Identities, &identity)
  150. }
  151. buf.Reset()
  152. filer.ProtoToText(&buf, s3cfg)
  153. fmt.Fprintf(writer, string(buf.Bytes()))
  154. fmt.Fprintln(writer)
  155. if *apply {
  156. if err := commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  157. return filer.SaveInsideFiler(client, filer.IamConfigDirecotry, filer.IamIdentityFile, buf.Bytes())
  158. }); err != nil {
  159. return err
  160. }
  161. }
  162. return nil
  163. }