f9311a3422
* s3api: honor attached IAM policies over legacy actions * s3api: hydrate IAM policy docs during config reload * s3api: use policy-aware auth when listing buckets * credential: propagate context through filer_etc policy reads * credential: make legacy policy deletes durable * s3api: exercise managed policy runtime loader * s3api: allow static IAM users without session tokens * iam: deny unmatched attached policies under default allow * iam: load embedded policy files from filer store * s3api: require session tokens for IAM presigning * s3api: sync runtime policies into zero-config IAM * credential: respect context in policy file loads * credential: serialize legacy policy deletes * iam: align filer policy store naming * s3api: use authenticated principals for presigning * iam: deep copy policy conditions * s3api: require request creation in policy tests * filer: keep ReadInsideFiler as the context-aware API * iam: harden filer policy store writes * credential: strengthen legacy policy serialization test * credential: forward runtime policy loaders through wrapper * s3api: harden runtime policy merging * iam: require typed already-exists errors
126 lines
3.7 KiB
Go
126 lines
3.7 KiB
Go
package filer
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/remote_pb"
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/protobuf/proto"
|
|
)
|
|
|
|
func ReadMountMappings(grpcDialOption grpc.DialOption, filerAddress pb.ServerAddress) (mappings *remote_pb.RemoteStorageMapping, readErr error) {
|
|
var oldContent []byte
|
|
if readErr = pb.WithFilerClient(false, 0, filerAddress, grpcDialOption, func(client filer_pb.SeaweedFilerClient) error {
|
|
oldContent, readErr = ReadInsideFiler(context.Background(), client, DirectoryEtcRemote, REMOTE_STORAGE_MOUNT_FILE)
|
|
return readErr
|
|
}); readErr != nil {
|
|
if readErr != filer_pb.ErrNotFound {
|
|
return nil, fmt.Errorf("read existing mapping: %w", readErr)
|
|
}
|
|
oldContent = nil
|
|
}
|
|
mappings, readErr = UnmarshalRemoteStorageMappings(oldContent)
|
|
if readErr != nil {
|
|
return nil, fmt.Errorf("unmarshal mappings: %w", readErr)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func InsertMountMapping(filerClient filer_pb.FilerClient, dir string, remoteStorageLocation *remote_pb.RemoteStorageLocation) (err error) {
|
|
|
|
// read current mapping
|
|
var oldContent, newContent []byte
|
|
err = filerClient.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
|
|
oldContent, err = ReadInsideFiler(context.Background(), client, DirectoryEtcRemote, REMOTE_STORAGE_MOUNT_FILE)
|
|
return err
|
|
})
|
|
if err != nil {
|
|
if err != filer_pb.ErrNotFound {
|
|
return fmt.Errorf("read existing mapping: %w", err)
|
|
}
|
|
}
|
|
|
|
// add new mapping
|
|
newContent, err = addRemoteStorageMapping(oldContent, dir, remoteStorageLocation)
|
|
if err != nil {
|
|
return fmt.Errorf("add mapping %s~%s: %v", dir, remoteStorageLocation, err)
|
|
}
|
|
|
|
// save back
|
|
err = filerClient.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
|
|
return SaveInsideFiler(client, DirectoryEtcRemote, REMOTE_STORAGE_MOUNT_FILE, newContent)
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("save mapping: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func DeleteMountMapping(filerClient filer_pb.FilerClient, dir string) (err error) {
|
|
|
|
// read current mapping
|
|
var oldContent, newContent []byte
|
|
err = filerClient.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
|
|
oldContent, err = ReadInsideFiler(context.Background(), client, DirectoryEtcRemote, REMOTE_STORAGE_MOUNT_FILE)
|
|
return err
|
|
})
|
|
if err != nil {
|
|
if err != filer_pb.ErrNotFound {
|
|
return fmt.Errorf("read existing mapping: %w", err)
|
|
}
|
|
}
|
|
|
|
// add new mapping
|
|
newContent, err = removeRemoteStorageMapping(oldContent, dir)
|
|
if err != nil {
|
|
return fmt.Errorf("delete mount %s: %v", dir, err)
|
|
}
|
|
|
|
// save back
|
|
err = filerClient.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
|
|
return SaveInsideFiler(client, DirectoryEtcRemote, REMOTE_STORAGE_MOUNT_FILE, newContent)
|
|
})
|
|
if err != nil {
|
|
return fmt.Errorf("save mapping: %w", err)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func addRemoteStorageMapping(oldContent []byte, dir string, storageLocation *remote_pb.RemoteStorageLocation) (newContent []byte, err error) {
|
|
mappings, unmarshalErr := UnmarshalRemoteStorageMappings(oldContent)
|
|
if unmarshalErr != nil {
|
|
// skip
|
|
}
|
|
|
|
// set the new mapping
|
|
mappings.Mappings[dir] = storageLocation
|
|
|
|
if newContent, err = proto.Marshal(mappings); err != nil {
|
|
return oldContent, fmt.Errorf("marshal mappings: %w", err)
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
func removeRemoteStorageMapping(oldContent []byte, dir string) (newContent []byte, err error) {
|
|
mappings, unmarshalErr := UnmarshalRemoteStorageMappings(oldContent)
|
|
if unmarshalErr != nil {
|
|
return nil, unmarshalErr
|
|
}
|
|
|
|
// set the new mapping
|
|
delete(mappings.Mappings, dir)
|
|
|
|
if newContent, err = proto.Marshal(mappings); err != nil {
|
|
return oldContent, fmt.Errorf("marshal mappings: %w", err)
|
|
}
|
|
|
|
return
|
|
}
|