command_s3_configure.go 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. package shell
  2. import (
  3. "bytes"
  4. "flag"
  5. "fmt"
  6. "io"
  7. "sort"
  8. "strings"
  9. "github.com/seaweedfs/seaweedfs/weed/filer"
  10. "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
  11. "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
  12. )
  13. func init() {
  14. Commands = append(Commands, &commandS3Configure{})
  15. }
  16. type commandS3Configure struct {
  17. }
  18. func (c *commandS3Configure) Name() string {
  19. return "s3.configure"
  20. }
  21. func (c *commandS3Configure) Help() string {
  22. return `configure and apply s3 options for each bucket
  23. # see the current configuration file content
  24. s3.configure
  25. `
  26. }
  27. func (c *commandS3Configure) Do(args []string, commandEnv *CommandEnv, writer io.Writer) (err error) {
  28. s3ConfigureCommand := flag.NewFlagSet(c.Name(), flag.ContinueOnError)
  29. actions := s3ConfigureCommand.String("actions", "", "comma separated actions names: Read,Write,List,Tagging,Admin")
  30. user := s3ConfigureCommand.String("user", "", "user name")
  31. buckets := s3ConfigureCommand.String("buckets", "", "bucket name")
  32. accessKey := s3ConfigureCommand.String("access_key", "", "specify the access key")
  33. secretKey := s3ConfigureCommand.String("secret_key", "", "specify the secret key")
  34. isDelete := s3ConfigureCommand.Bool("delete", false, "delete users, actions or access keys")
  35. apply := s3ConfigureCommand.Bool("apply", false, "update and apply s3 configuration")
  36. if err = s3ConfigureCommand.Parse(args); err != nil {
  37. return nil
  38. }
  39. var buf bytes.Buffer
  40. if err = commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  41. return filer.ReadEntry(commandEnv.MasterClient, client, filer.IamConfigDirectory, filer.IamIdentityFile, &buf)
  42. }); err != nil && err != filer_pb.ErrNotFound {
  43. return err
  44. }
  45. s3cfg := &iam_pb.S3ApiConfiguration{}
  46. if buf.Len() > 0 {
  47. if err = filer.ParseS3ConfigurationFromBytes(buf.Bytes(), s3cfg); err != nil {
  48. return err
  49. }
  50. }
  51. idx := 0
  52. changed := false
  53. if *user != "" {
  54. for i, identity := range s3cfg.Identities {
  55. if *user == identity.Name {
  56. idx = i
  57. changed = true
  58. break
  59. }
  60. }
  61. }
  62. var cmdActions []string
  63. for _, action := range strings.Split(*actions, ",") {
  64. if *buckets == "" {
  65. cmdActions = append(cmdActions, action)
  66. } else {
  67. for _, bucket := range strings.Split(*buckets, ",") {
  68. cmdActions = append(cmdActions, fmt.Sprintf("%s:%s", action, bucket))
  69. }
  70. }
  71. }
  72. if changed {
  73. infoAboutSimulationMode(writer, *apply, "-apply")
  74. if *isDelete {
  75. var exists []int
  76. for _, cmdAction := range cmdActions {
  77. for i, currentAction := range s3cfg.Identities[idx].Actions {
  78. if cmdAction == currentAction {
  79. exists = append(exists, i)
  80. }
  81. }
  82. }
  83. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  84. for _, i := range exists {
  85. s3cfg.Identities[idx].Actions = append(
  86. s3cfg.Identities[idx].Actions[:i],
  87. s3cfg.Identities[idx].Actions[i+1:]...,
  88. )
  89. }
  90. if *accessKey != "" {
  91. exists = []int{}
  92. for i, credential := range s3cfg.Identities[idx].Credentials {
  93. if credential.AccessKey == *accessKey {
  94. exists = append(exists, i)
  95. }
  96. }
  97. sort.Sort(sort.Reverse(sort.IntSlice(exists)))
  98. for _, i := range exists {
  99. s3cfg.Identities[idx].Credentials = append(
  100. s3cfg.Identities[idx].Credentials[:i],
  101. s3cfg.Identities[idx].Credentials[:i+1]...,
  102. )
  103. }
  104. }
  105. if *actions == "" && *accessKey == "" && *buckets == "" {
  106. s3cfg.Identities = append(s3cfg.Identities[:idx], s3cfg.Identities[idx+1:]...)
  107. }
  108. } else {
  109. if *actions != "" {
  110. for _, cmdAction := range cmdActions {
  111. found := false
  112. for _, action := range s3cfg.Identities[idx].Actions {
  113. if cmdAction == action {
  114. found = true
  115. break
  116. }
  117. }
  118. if !found {
  119. s3cfg.Identities[idx].Actions = append(s3cfg.Identities[idx].Actions, cmdAction)
  120. }
  121. }
  122. }
  123. if *accessKey != "" && *user != "anonymous" {
  124. found := false
  125. for _, credential := range s3cfg.Identities[idx].Credentials {
  126. if credential.AccessKey == *accessKey {
  127. found = true
  128. credential.SecretKey = *secretKey
  129. break
  130. }
  131. }
  132. if !found {
  133. s3cfg.Identities[idx].Credentials = append(s3cfg.Identities[idx].Credentials, &iam_pb.Credential{
  134. AccessKey: *accessKey,
  135. SecretKey: *secretKey,
  136. })
  137. }
  138. }
  139. }
  140. } else if *user != "" && *actions != "" {
  141. infoAboutSimulationMode(writer, *apply, "-apply")
  142. identity := iam_pb.Identity{
  143. Name: *user,
  144. Actions: cmdActions,
  145. Credentials: []*iam_pb.Credential{},
  146. }
  147. if *user != "anonymous" {
  148. identity.Credentials = append(identity.Credentials,
  149. &iam_pb.Credential{AccessKey: *accessKey, SecretKey: *secretKey})
  150. }
  151. s3cfg.Identities = append(s3cfg.Identities, &identity)
  152. }
  153. if err = filer.CheckDuplicateAccessKey(s3cfg); err != nil {
  154. return err
  155. }
  156. buf.Reset()
  157. filer.ProtoToText(&buf, s3cfg)
  158. fmt.Fprintf(writer, string(buf.Bytes()))
  159. fmt.Fprintln(writer)
  160. if *apply {
  161. if err := commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
  162. return filer.SaveInsideFiler(client, filer.IamConfigDirectory, filer.IamIdentityFile, buf.Bytes())
  163. }); err != nil {
  164. return err
  165. }
  166. }
  167. return nil
  168. }