Add s3tables shell and admin UI (#8172)
* Add shared s3tables manager * Add s3tables shell commands * Add s3tables admin API * Add s3tables admin UI * Fix admin s3tables namespace create * Rename table buckets menu * Centralize s3tables tag validation * Reuse s3tables manager in admin * Extract s3tables list limit * Add s3tables bucket ARN helper * Remove write middleware from s3tables APIs * Fix bucket link and policy hint * Fix table tag parsing and nav link * Disable namespace table link on invalid ARN * Improve s3tables error decode * Return flag parse errors for s3tables tag * Accept query params for namespace create * Bind namespace create form data * Read s3tables JS data from DOM * s3tables: allow empty region ARN * shell: pass s3tables account id * shell: require account for table buckets * shell: use bucket name for namespaces * shell: use bucket name for tables * shell: use bucket name for tags * admin: add table buckets links in file browser * s3api: reuse s3tables tag validation * admin: harden s3tables UI handlers * fix admin list table buckets * allow admin s3tables access * validate s3tables bucket tags * log s3tables bucket metadata errors * rollback table bucket on owner failure * show s3tables bucket owner * add s3tables iam conditions * Add s3tables user permissions UI * Authorize s3tables using identity actions * Add s3tables permissions to user modal * Disambiguate bucket scope in user permissions * Block table bucket names that match S3 buckets * Pretty-print IAM identity JSON * Include tags in s3tables permission context * admin: refactor S3 Tables inline JavaScript into a separate file * s3tables: extend IAM policy condition operators support * shell: use LookupEntry wrapper for s3tables bucket conflict check * admin: handle buildBucketPermissions validation in create/update flows
This commit is contained in:
Chris Lu
89
weed/shell/s3tables_helpers.go
Normal file
89
weed/shell/s3tables_helpers.go
Normal file
@@ -0,0 +1,89 @@
|
||||
package shell
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb"
|
||||
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3tables"
|
||||
"google.golang.org/grpc"
|
||||
)
|
||||
|
||||
const s3TablesDefaultRegion = ""
|
||||
const timeFormat = "2006-01-02T15:04:05Z07:00"
|
||||
|
||||
func withFilerClient(commandEnv *CommandEnv, fn func(client filer_pb.SeaweedFilerClient) error) error {
|
||||
return pb.WithGrpcClient(false, 0, func(conn *grpc.ClientConn) error {
|
||||
client := filer_pb.NewSeaweedFilerClient(conn)
|
||||
return fn(client)
|
||||
}, commandEnv.option.FilerAddress.ToGrpcAddress(), false, commandEnv.option.GrpcDialOption)
|
||||
}
|
||||
|
||||
func executeS3Tables(commandEnv *CommandEnv, operation string, req interface{}, resp interface{}, accountID string) error {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
|
||||
defer cancel()
|
||||
return withFilerClient(commandEnv, func(client filer_pb.SeaweedFilerClient) error {
|
||||
manager := s3tables.NewManager()
|
||||
mgrClient := s3tables.NewManagerClient(client)
|
||||
return manager.Execute(ctx, mgrClient, operation, req, resp, accountID)
|
||||
})
|
||||
}
|
||||
|
||||
func parseS3TablesError(err error) error {
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
var s3Err *s3tables.S3TablesError
|
||||
if errors.As(err, &s3Err) {
|
||||
if s3Err.Message != "" {
|
||||
return fmt.Errorf("%s: %s", s3Err.Type, s3Err.Message)
|
||||
}
|
||||
return fmt.Errorf("%s", s3Err.Type)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
func parseS3TablesTags(value string) (map[string]string, error) {
|
||||
parsed := make(map[string]string)
|
||||
for _, kv := range strings.Split(value, ",") {
|
||||
if kv == "" {
|
||||
continue
|
||||
}
|
||||
parts := strings.SplitN(kv, "=", 2)
|
||||
if len(parts) != 2 {
|
||||
return nil, fmt.Errorf("invalid tag: %s", kv)
|
||||
}
|
||||
parsed[parts[0]] = parts[1]
|
||||
}
|
||||
if err := s3tables.ValidateTags(parsed); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return parsed, nil
|
||||
}
|
||||
|
||||
func parseS3TablesTagKeys(value string) ([]string, error) {
|
||||
var keys []string
|
||||
for _, key := range strings.Split(value, ",") {
|
||||
key = strings.TrimSpace(key)
|
||||
if key == "" {
|
||||
continue
|
||||
}
|
||||
keys = append(keys, key)
|
||||
}
|
||||
if len(keys) == 0 {
|
||||
return nil, fmt.Errorf("tagKeys are required")
|
||||
}
|
||||
return keys, nil
|
||||
}
|
||||
|
||||
func buildS3TablesBucketARN(bucketName, accountID string) (string, error) {
|
||||
return s3tables.BuildBucketARN(s3TablesDefaultRegion, accountID, bucketName)
|
||||
}
|
||||
|
||||
func buildS3TablesTableARN(bucketName, namespace, tableName, accountID string) (string, error) {
|
||||
return s3tables.BuildTableARN(s3TablesDefaultRegion, accountID, bucketName, namespace, tableName)
|
||||
}
|
||||
Reference in New Issue
Block a user