2022-01-30 08:04:33 +00:00
|
|
|
/*
|
|
|
|
* s3fs - FUSE-based file system backed by Amazon S3
|
|
|
|
*
|
|
|
|
* Copyright(C) 2007 Randy Rizun <rrizun@gmail.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef S3FS_CRED_H_
|
|
|
|
#define S3FS_CRED_H_
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
#include "autolock.h"
|
2022-10-22 01:42:07 +00:00
|
|
|
#include "s3fs_extcred.h"
|
2022-02-23 15:03:08 +00:00
|
|
|
|
2022-01-30 08:04:33 +00:00
|
|
|
//----------------------------------------------
|
|
|
|
// Typedefs
|
|
|
|
//----------------------------------------------
|
|
|
|
typedef std::map<std::string, std::string> iamcredmap_t;
|
|
|
|
|
|
|
|
//------------------------------------------------
|
|
|
|
// class S3fsCred
|
|
|
|
//------------------------------------------------
|
|
|
|
// This is a class for operating and managing Credentials(accesskey,
|
|
|
|
// secret key, tokens, etc.) used by S3fs.
|
|
|
|
// Operations related to Credentials are aggregated in this class.
|
|
|
|
//
|
|
|
|
// cppcheck-suppress ctuOneDefinitionRuleViolation ; for stub in test_curl_util.cpp
|
|
|
|
class S3fsCred
|
|
|
|
{
|
|
|
|
private:
|
|
|
|
static const char* ALLBUCKET_FIELDS_TYPE; // special key for mapping(This name is absolutely not used as a bucket name)
|
|
|
|
static const char* KEYVAL_FIELDS_TYPE; // special key for mapping(This name is absolutely not used as a bucket name)
|
|
|
|
static const char* AWS_ACCESSKEYID;
|
|
|
|
static const char* AWS_SECRETKEY;
|
|
|
|
|
|
|
|
static const int IAM_EXPIRE_MERGIN;
|
2022-02-23 15:03:08 +00:00
|
|
|
static const char* ECS_IAM_ENV_VAR;
|
2022-01-30 08:04:33 +00:00
|
|
|
static const char* IAMCRED_ACCESSKEYID;
|
|
|
|
static const char* IAMCRED_SECRETACCESSKEY;
|
|
|
|
static const char* IAMCRED_ROLEARN;
|
|
|
|
|
|
|
|
static std::string bucket_name;
|
|
|
|
|
2023-01-04 11:23:39 +00:00
|
|
|
mutable pthread_mutex_t token_lock;
|
2022-02-23 15:03:08 +00:00
|
|
|
bool is_lock_init;
|
|
|
|
|
2022-01-30 08:04:33 +00:00
|
|
|
std::string passwd_file;
|
|
|
|
std::string aws_profile;
|
|
|
|
|
|
|
|
bool load_iamrole;
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
std::string AWSAccessKeyId; // Protect exclusively
|
|
|
|
std::string AWSSecretAccessKey; // Protect exclusively
|
|
|
|
std::string AWSAccessToken; // Protect exclusively
|
|
|
|
time_t AWSAccessTokenExpire; // Protect exclusively
|
2022-01-30 08:04:33 +00:00
|
|
|
|
|
|
|
bool is_ecs;
|
|
|
|
bool is_use_session_token;
|
|
|
|
bool is_ibm_iam_auth;
|
|
|
|
|
|
|
|
std::string IAM_cred_url;
|
2022-02-23 15:03:08 +00:00
|
|
|
int IAM_api_version; // Protect exclusively
|
|
|
|
std::string IAMv2_api_token; // Protect exclusively
|
2022-01-30 08:04:33 +00:00
|
|
|
size_t IAM_field_count;
|
|
|
|
std::string IAM_token_field;
|
|
|
|
std::string IAM_expiry_field;
|
2022-02-23 15:03:08 +00:00
|
|
|
std::string IAM_role; // Protect exclusively
|
2022-01-30 08:04:33 +00:00
|
|
|
|
2022-10-22 01:42:07 +00:00
|
|
|
bool set_builtin_cred_opts; // true if options other than "credlib" is set
|
|
|
|
std::string credlib; // credlib(name or path)
|
|
|
|
std::string credlib_opts; // options for credlib
|
|
|
|
|
|
|
|
void* hExtCredLib;
|
|
|
|
fp_VersionS3fsCredential pFuncCredVersion;
|
|
|
|
fp_InitS3fsCredential pFuncCredInit;
|
|
|
|
fp_FreeS3fsCredential pFuncCredFree;
|
|
|
|
fp_UpdateS3fsCredential pFuncCredUpdate;
|
|
|
|
|
2022-01-30 08:04:33 +00:00
|
|
|
public:
|
|
|
|
static const char* IAMv2_token_url;
|
|
|
|
static int IAMv2_token_ttl;
|
|
|
|
static const char* IAMv2_token_ttl_hdr;
|
|
|
|
static const char* IAMv2_token_hdr;
|
|
|
|
|
|
|
|
private:
|
|
|
|
static bool ParseIAMRoleFromMetaDataResponse(const char* response, std::string& rolename);
|
|
|
|
|
2022-02-16 11:24:06 +00:00
|
|
|
bool SetS3fsPasswdFile(const char* file);
|
2022-10-22 01:42:07 +00:00
|
|
|
bool IsSetPasswdFile() const;
|
2022-02-16 11:24:06 +00:00
|
|
|
bool SetAwsProfileName(const char* profile_name);
|
|
|
|
bool SetIAMRoleMetadataType(bool flag);
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
bool SetAccessKey(const char* AccessKeyId, const char* SecretAccessKey, AutoLock::Type type);
|
|
|
|
bool SetAccessKeyWithSessionToken(const char* AccessKeyId, const char* SecretAccessKey, const char * SessionToken, AutoLock::Type type);
|
2023-01-04 11:23:39 +00:00
|
|
|
bool IsSetAccessKeys(AutoLock::Type type) const;
|
2022-02-16 11:24:06 +00:00
|
|
|
|
|
|
|
bool SetIsECS(bool flag);
|
|
|
|
bool SetIsUseSessionToken(bool flag);
|
|
|
|
|
|
|
|
bool SetIsIBMIAMAuth(bool flag);
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
int SetIMDSVersion(int version, AutoLock::Type type);
|
2023-01-04 11:23:39 +00:00
|
|
|
int GetIMDSVersion(AutoLock::Type type) const;
|
2022-02-23 15:03:08 +00:00
|
|
|
|
|
|
|
bool SetIAMv2APIToken(const std::string& token, AutoLock::Type type);
|
2023-01-04 11:23:39 +00:00
|
|
|
std::string GetIAMv2APIToken(AutoLock::Type type) const;
|
2022-02-23 15:03:08 +00:00
|
|
|
|
|
|
|
bool SetIAMRole(const char* role, AutoLock::Type type);
|
2023-01-04 11:23:39 +00:00
|
|
|
std::string GetIAMRole(AutoLock::Type type) const;
|
|
|
|
bool IsSetIAMRole(AutoLock::Type type) const;
|
2022-02-16 11:24:06 +00:00
|
|
|
size_t SetIAMFieldCount(size_t field_count);
|
|
|
|
std::string SetIAMCredentialsURL(const char* url);
|
|
|
|
std::string SetIAMTokenField(const char* token_field);
|
|
|
|
std::string SetIAMExpiryField(const char* expiry_field);
|
|
|
|
|
2023-01-04 11:23:39 +00:00
|
|
|
bool IsReadableS3fsPasswdFile() const;
|
2022-01-30 08:04:33 +00:00
|
|
|
bool CheckS3fsPasswdFilePerms();
|
|
|
|
bool ParseS3fsPasswdFile(bucketkvmap_t& resmap);
|
2022-02-23 15:03:08 +00:00
|
|
|
bool ReadS3fsPasswdFile(AutoLock::Type type);
|
2022-01-30 08:04:33 +00:00
|
|
|
|
2022-07-29 13:00:07 +00:00
|
|
|
static int CheckS3fsCredentialAwsFormat(const kvmap_t& kvmap, std::string& access_key_id, std::string& secret_access_key);
|
2022-02-23 15:03:08 +00:00
|
|
|
bool ReadAwsCredentialFile(const std::string &filename, AutoLock::Type type);
|
2022-01-30 08:04:33 +00:00
|
|
|
|
2022-02-16 11:24:06 +00:00
|
|
|
bool InitialS3fsCredentials();
|
2022-01-30 08:04:33 +00:00
|
|
|
bool ParseIAMCredentialResponse(const char* response, iamcredmap_t& keyval);
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
bool GetIAMCredentialsURL(std::string& url, bool check_iam_role, AutoLock::Type type);
|
|
|
|
bool LoadIAMCredentials(AutoLock::Type type);
|
|
|
|
bool SetIAMCredentials(const char* response, AutoLock::Type type);
|
|
|
|
bool SetIAMRoleFromMetaData(const char* response, AutoLock::Type type);
|
|
|
|
|
2022-10-22 01:42:07 +00:00
|
|
|
bool SetExtCredLib(const char* arg);
|
|
|
|
bool IsSetExtCredLib() const;
|
|
|
|
bool SetExtCredLibOpts(const char* args);
|
|
|
|
bool IsSetExtCredLibOpts() const;
|
|
|
|
|
|
|
|
bool InitExtCredLib();
|
|
|
|
bool LoadExtCredLib();
|
|
|
|
bool UnloadExtCredLib();
|
|
|
|
bool UpdateExtCredentials(AutoLock::Type type);
|
|
|
|
|
2022-07-29 13:00:07 +00:00
|
|
|
static bool CheckForbiddenBucketParams();
|
2022-02-16 11:24:06 +00:00
|
|
|
|
2022-01-30 08:04:33 +00:00
|
|
|
public:
|
|
|
|
static bool SetBucket(const char* bucket);
|
|
|
|
static const std::string& GetBucket();
|
|
|
|
|
|
|
|
S3fsCred();
|
|
|
|
~S3fsCred();
|
|
|
|
|
|
|
|
bool IsIBMIAMAuth() const { return is_ibm_iam_auth; }
|
|
|
|
|
2022-02-23 15:03:08 +00:00
|
|
|
bool LoadIAMRoleFromMetaData();
|
2022-01-30 08:04:33 +00:00
|
|
|
|
2023-07-27 12:56:58 +00:00
|
|
|
bool CheckIAMCredentialUpdate(std::string* access_key_id = nullptr, std::string* secret_access_key = nullptr, std::string* access_token = nullptr);
|
2022-10-22 01:42:07 +00:00
|
|
|
const char* GetCredFuncVersion(bool detail) const;
|
2022-01-30 08:04:33 +00:00
|
|
|
|
2022-02-16 11:24:06 +00:00
|
|
|
int DetectParam(const char* arg);
|
|
|
|
bool CheckAllParams();
|
2022-01-30 08:04:33 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
#endif // S3FS_CRED_H_
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Local variables:
|
|
|
|
* tab-width: 4
|
|
|
|
* c-basic-offset: 4
|
|
|
|
* End:
|
|
|
|
* vim600: expandtab sw=4 ts=4 fdm=marker
|
|
|
|
* vim<600: expandtab sw=4 ts=4
|
|
|
|
*/
|