| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970 |
- package s3account
- import (
- "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
- "sync"
- )
- //Predefined Accounts
- var (
- // AccountAdmin is used as the default account for IAM-Credentials access without Account configured
- AccountAdmin = Account{
- Name: "admin",
- EmailAddress: "admin@example.com",
- Id: "admin",
- }
- // AccountAnonymous is used to represent the account for anonymous access
- AccountAnonymous = Account{
- Name: "anonymous",
- EmailAddress: "anonymous@example.com",
- Id: "anonymous",
- }
- )
- //Account represents a system user, a system user can
- //configure multiple IAM-Users, IAM-Users can configure
- //permissions respectively, and each IAM-User can
- //configure multiple security credentials
- type Account struct {
- //Name is also used to display the "DisplayName" as the owner of the bucket or object
- Name string
- EmailAddress string
- //Id is used to identify an Account when granting cross-account access(ACLs) to buckets and objects
- Id string
- }
- type AccountManager struct {
- sync.Mutex
- filerClient filer_pb.FilerClient
- IdNameMapping map[string]string
- EmailIdMapping map[string]string
- }
- func NewAccountManager(filerClient filer_pb.FilerClient) *AccountManager {
- am := &AccountManager{
- filerClient: filerClient,
- IdNameMapping: make(map[string]string),
- EmailIdMapping: make(map[string]string),
- }
- am.initialize()
- return am
- }
- func (am *AccountManager) GetAccountNameById(canonicalId string) string {
- return am.IdNameMapping[canonicalId]
- }
- func (am *AccountManager) GetAccountIdByEmail(email string) string {
- return am.EmailIdMapping[email]
- }
- func (am *AccountManager) initialize() {
- // load predefined Accounts
- for _, account := range []Account{AccountAdmin, AccountAnonymous} {
- am.IdNameMapping[account.Id] = account.Name
- am.EmailIdMapping[account.EmailAddress] = account.Id
- }
- }
|
