Refactor Admin UI to use unified IAM storage and add MultipleFileStore (#8101)
* Refactor Admin UI to use unified IAM storage and add MultipleFileStore * Address PR feedback: fix renames, error handling, and sync logic in FilerMultipleStore * Address refined PR feedback: safe rename order, rollback logic, and structural sync refinement * Optimize LoadConfiguration: use streaming callback for memory efficiency * Refactor UpdateUser: log rollback failures during rename * Implement PolicyManager for FilerMultipleStore * include the filer_multiple backend configuration * Implement cross-S3 synchronization and proper shutdown for all IAM backends * Extract Admin UI refactoring to a separate PR
This commit is contained in:
Chris Lu
@@ -2,6 +2,7 @@ package s3api
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/seaweedfs/seaweedfs/weed/filer"
|
||||
@@ -56,31 +57,48 @@ func (s3a *S3ApiServer) subscribeMetaEvents(clientName string, lastTsNs int64, p
|
||||
|
||||
// onIamConfigChange handles IAM config file changes (create, update, delete)
|
||||
func (s3a *S3ApiServer) onIamConfigChange(dir string, oldEntry *filer_pb.Entry, newEntry *filer_pb.Entry) error {
|
||||
if dir != filer.IamConfigDirectory {
|
||||
return nil
|
||||
}
|
||||
if s3a.iam != nil && s3a.iam.IsStaticConfig() {
|
||||
glog.V(1).Infof("Skipping IAM config update for static configuration")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Handle deletion: reset to empty config
|
||||
if newEntry == nil && oldEntry != nil && oldEntry.Name == filer.IamIdentityFile {
|
||||
glog.V(1).Infof("IAM config file deleted, clearing identities")
|
||||
if err := s3a.iam.LoadS3ApiConfigurationFromBytes([]byte{}); err != nil {
|
||||
glog.Warningf("failed to clear IAM config on deletion: %v", err)
|
||||
return err
|
||||
// 1. Handle traditional single identity.json file
|
||||
if dir == filer.IamConfigDirectory {
|
||||
// Handle deletion: reset to empty config
|
||||
if newEntry == nil && oldEntry != nil && oldEntry.Name == filer.IamIdentityFile {
|
||||
glog.V(1).Infof("IAM config file deleted, clearing identities")
|
||||
if err := s3a.iam.LoadS3ApiConfigurationFromBytes([]byte{}); err != nil {
|
||||
glog.Warningf("failed to clear IAM config on deletion: %v", err)
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Handle create/update
|
||||
if newEntry != nil && newEntry.Name == filer.IamIdentityFile {
|
||||
if err := s3a.iam.LoadS3ApiConfigurationFromBytes(newEntry.Content); err != nil {
|
||||
return err
|
||||
}
|
||||
glog.V(1).Infof("updated %s/%s", dir, newEntry.Name)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// Handle create/update
|
||||
if newEntry != nil && newEntry.Name == filer.IamIdentityFile {
|
||||
if err := s3a.iam.LoadS3ApiConfigurationFromBytes(newEntry.Content); err != nil {
|
||||
// 2. Handle multiple-file identities and policies
|
||||
// Watch /etc/seaweedfs/identities and /etc/seaweedfs/policies
|
||||
isIdentityDir := strings.HasPrefix(dir, "/etc/seaweedfs/identities")
|
||||
isPolicyDir := strings.HasPrefix(dir, "/etc/seaweedfs/policies")
|
||||
|
||||
if isIdentityDir || isPolicyDir {
|
||||
// For multiple-file mode, any change in these directories should trigger a full reload
|
||||
// from the credential manager (which handles the details of loading from multiple files).
|
||||
glog.V(1).Infof("IAM change detected in %s, reloading configuration", dir)
|
||||
if err := s3a.iam.LoadS3ApiConfigurationFromCredentialManager(); err != nil {
|
||||
glog.Errorf("failed to reload IAM configuration after change in %s: %v", dir, err)
|
||||
return err
|
||||
}
|
||||
glog.V(1).Infof("updated %s/%s", dir, newEntry.Name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user