gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add debugging for InvalidAccessKeyId

Browse Source
This commit is contained in:
chrislu
2025-11-21 15:33:38 -08:00
parent 03c9649583
commit a77dfb1ddd
5 changed files with 163 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
weed/s3api/auth_signature_v2.go
View File

@@ -28,6 +28,7 @@ import (
"strings"
"time"
"github.com/seaweedfs/seaweedfs/weed/glog"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
)
@@ -76,6 +77,14 @@ func (iam *IdentityAccessManagement) doesPolicySignatureV2Match(formValues http.
identity, cred, found := iam.lookupByAccessKey(accessKey)
if !found {
// Log detailed error information for InvalidAccessKeyId (V2 POST)
iam.m.RLock()
availableKeyCount := len(iam.accessKeyIdent)
iam.m.RUnlock()
glog.Warningf("InvalidAccessKeyId (V2 POST): attempted key '%s' not found. Available keys: %d, Auth enabled: %v",
accessKey, availableKeyCount, iam.isAuthEnabled)
return s3err.ErrInvalidAccessKeyID
}
@@ -113,6 +122,14 @@ func (iam *IdentityAccessManagement) doesSignV2Match(r *http.Request) (*Identity
identity, cred, found := iam.lookupByAccessKey(accessKey)
if !found {
// Log detailed error information for InvalidAccessKeyId (V2 signed)
iam.m.RLock()
availableKeyCount := len(iam.accessKeyIdent)
iam.m.RUnlock()
glog.Warningf("InvalidAccessKeyId (V2 signed): attempted key '%s' not found. Available keys: %d, Auth enabled: %v",
accessKey, availableKeyCount, iam.isAuthEnabled)
return nil, s3err.ErrInvalidAccessKeyID
}
@@ -145,6 +162,7 @@ func (iam *IdentityAccessManagement) doesPresignV2SignatureMatch(r *http.Request
accessKey := query.Get("AWSAccessKeyId")
if accessKey == "" {
glog.Warningf("InvalidAccessKeyId (V2 presigned): empty access key in request")
return nil, s3err.ErrInvalidAccessKeyID
}
@@ -155,6 +173,14 @@ func (iam *IdentityAccessManagement) doesPresignV2SignatureMatch(r *http.Request
identity, cred, found := iam.lookupByAccessKey(accessKey)
if !found {
// Log detailed error information for InvalidAccessKeyId (V2 presigned)
iam.m.RLock()
availableKeyCount := len(iam.accessKeyIdent)
iam.m.RUnlock()
glog.Warningf("InvalidAccessKeyId (V2 presigned): attempted key '%s' not found. Available keys: %d, Auth enabled: %v",
accessKey, availableKeyCount, iam.isAuthEnabled)
return nil, s3err.ErrInvalidAccessKeyID
}