mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-12-23 09:18:55 +00:00
ECS credentials bug fixes
This commit is contained in:
parent
ccea87ca68
commit
366f0705a0
29
src/curl.cpp
29
src/curl.cpp
@ -320,14 +320,16 @@ void CurlHandlerPool::ReturnHandler(CURL* h)
|
|||||||
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
|
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
|
||||||
|
|
||||||
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
|
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
|
||||||
#define IAM_BASE_URL "http://169.254.169.254"
|
#define IAM_CRED_URL_ECS "http://169.254.170.2"
|
||||||
#define IAM_CRED_URL "/latest/meta-data/iam/security-credentials/"
|
#define IAM_CRED_URL "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
|
||||||
#define ECS_IAM_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
|
#define ECS_IAM_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
|
||||||
#define IAMCRED_ACCESSKEYID "AccessKeyId"
|
#define IAMCRED_ACCESSKEYID "AccessKeyId"
|
||||||
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
|
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
|
||||||
#define IAMCRED_ACCESSTOKEN "Token"
|
#define IAMCRED_ACCESSTOKEN "Token"
|
||||||
#define IAMCRED_EXPIRATION "Expiration"
|
#define IAMCRED_EXPIRATION "Expiration"
|
||||||
|
#define IAMCRED_ROLEARN "RoleArn"
|
||||||
#define IAMCRED_KEYCOUNT 4
|
#define IAMCRED_KEYCOUNT 4
|
||||||
|
#define IAMCRED_KEYCOUNT_ECS 5
|
||||||
|
|
||||||
// [NOTICE]
|
// [NOTICE]
|
||||||
// This symbol is for libcurl under 7.23.0
|
// This symbol is for libcurl under 7.23.0
|
||||||
@ -1401,7 +1403,9 @@ bool S3fsCurl::ParseIAMCredentialResponse(const char* response, iamcredmap_t& ke
|
|||||||
string::size_type pos;
|
string::size_type pos;
|
||||||
string key;
|
string key;
|
||||||
string val;
|
string val;
|
||||||
if(string::npos != (pos = oneline.find(IAMCRED_ACCESSKEYID))){
|
if(string::npos != (pos = oneline.find(IAMCRED_ROLEARN))){
|
||||||
|
key = IAMCRED_ROLEARN;
|
||||||
|
}else if(string::npos != (pos = oneline.find(IAMCRED_ACCESSKEYID))){
|
||||||
key = IAMCRED_ACCESSKEYID;
|
key = IAMCRED_ACCESSKEYID;
|
||||||
}else if(string::npos != (pos = oneline.find(IAMCRED_SECRETACCESSKEY))){
|
}else if(string::npos != (pos = oneline.find(IAMCRED_SECRETACCESSKEY))){
|
||||||
key = IAMCRED_SECRETACCESSKEY;
|
key = IAMCRED_SECRETACCESSKEY;
|
||||||
@ -1410,6 +1414,7 @@ bool S3fsCurl::ParseIAMCredentialResponse(const char* response, iamcredmap_t& ke
|
|||||||
}else if(string::npos != (pos = oneline.find(IAMCRED_EXPIRATION))){
|
}else if(string::npos != (pos = oneline.find(IAMCRED_EXPIRATION))){
|
||||||
key = IAMCRED_EXPIRATION;
|
key = IAMCRED_EXPIRATION;
|
||||||
}else{
|
}else{
|
||||||
|
S3FS_PRN_INFO3("Unknown key");
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(string::npos == (pos = oneline.find(':', pos + key.length()))){
|
if(string::npos == (pos = oneline.find(':', pos + key.length()))){
|
||||||
@ -1423,6 +1428,7 @@ bool S3fsCurl::ParseIAMCredentialResponse(const char* response, iamcredmap_t& ke
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
val = oneline.substr(0, pos);
|
val = oneline.substr(0, pos);
|
||||||
|
S3FS_PRN_INFO3("keyval: %s - %s", key, val);
|
||||||
keyval[key] = val;
|
keyval[key] = val;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
@ -1437,10 +1443,14 @@ bool S3fsCurl::SetIAMCredentials(const char* response)
|
|||||||
if(!ParseIAMCredentialResponse(response, keyval)){
|
if(!ParseIAMCredentialResponse(response, keyval)){
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if(IAMCRED_KEYCOUNT != keyval.size()){
|
S3FS_PRN_INFO3("Parsed");
|
||||||
|
|
||||||
|
if(S3fsCurl::is_ecs ? IAMCRED_KEYCOUNT_ECS : IAMCRED_KEYCOUNT != keyval.size()){
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
S3FS_PRN_INFO3("keyval size OK");
|
||||||
|
|
||||||
S3fsCurl::AWSAccessKeyId = keyval[string(IAMCRED_ACCESSKEYID)];
|
S3fsCurl::AWSAccessKeyId = keyval[string(IAMCRED_ACCESSKEYID)];
|
||||||
S3fsCurl::AWSSecretAccessKey = keyval[string(IAMCRED_SECRETACCESSKEY)];
|
S3fsCurl::AWSSecretAccessKey = keyval[string(IAMCRED_SECRETACCESSKEY)];
|
||||||
S3fsCurl::AWSAccessToken = keyval[string(IAMCRED_ACCESSTOKEN)];
|
S3fsCurl::AWSAccessToken = keyval[string(IAMCRED_ACCESSTOKEN)];
|
||||||
@ -1451,7 +1461,7 @@ bool S3fsCurl::SetIAMCredentials(const char* response)
|
|||||||
|
|
||||||
bool S3fsCurl::CheckIAMCredentialUpdate(void)
|
bool S3fsCurl::CheckIAMCredentialUpdate(void)
|
||||||
{
|
{
|
||||||
if(0 == S3fsCurl::IAM_role.size()){
|
if(0 == S3fsCurl::IAM_role.size() && !S3fsCurl::is_ecs){
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if(time(NULL) + IAM_EXPIRE_MERGIN <= S3fsCurl::AWSAccessTokenExpire){
|
if(time(NULL) + IAM_EXPIRE_MERGIN <= S3fsCurl::AWSAccessTokenExpire){
|
||||||
@ -2344,12 +2354,15 @@ int S3fsCurl::DeleteRequest(const char* tpath)
|
|||||||
//
|
//
|
||||||
int S3fsCurl::GetIAMCredentials(void)
|
int S3fsCurl::GetIAMCredentials(void)
|
||||||
{
|
{
|
||||||
|
if (!S3fsCurl::is_ecs) {
|
||||||
S3FS_PRN_INFO3("[IAM role=%s]", S3fsCurl::IAM_role.c_str());
|
S3FS_PRN_INFO3("[IAM role=%s]", S3fsCurl::IAM_role.c_str());
|
||||||
|
|
||||||
if(0 == S3fsCurl::IAM_role.size()) {
|
if(0 == S3fsCurl::IAM_role.size()) {
|
||||||
S3FS_PRN_ERR("IAM role name is empty.");
|
S3FS_PRN_ERR("IAM role name is empty.");
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// at first set type for handle
|
// at first set type for handle
|
||||||
type = REQTYPE_IAMCRED;
|
type = REQTYPE_IAMCRED;
|
||||||
|
|
||||||
@ -2359,10 +2372,10 @@ int S3fsCurl::GetIAMCredentials(void)
|
|||||||
|
|
||||||
// url
|
// url
|
||||||
if (is_ecs) {
|
if (is_ecs) {
|
||||||
url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
|
url = string(IAM_CRED_URL_ECS) + std::getenv(ECS_IAM_ENV_VAR);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
url = string(IAM_BASE_URL) + string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
url = string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
||||||
}
|
}
|
||||||
|
|
||||||
requestHeaders = NULL;
|
requestHeaders = NULL;
|
||||||
@ -2401,7 +2414,7 @@ bool S3fsCurl::LoadIAMRoleFromMetaData(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// url
|
// url
|
||||||
url = string(IAM_BASE_URL) + string(IAM_CRED_URL);
|
url = string(IAM_CRED_URL);
|
||||||
requestHeaders = NULL;
|
requestHeaders = NULL;
|
||||||
responseHeaders.clear();
|
responseHeaders.clear();
|
||||||
bodydata = new BodyData();
|
bodydata = new BodyData();
|
||||||
|
@ -4918,7 +4918,7 @@ int main(int argc, char* argv[])
|
|||||||
S3FS_PRN_EXIT("specifying both passwd_file and the access keys options is invalid.");
|
S3FS_PRN_EXIT("specifying both passwd_file and the access keys options is invalid.");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
if(!S3fsCurl::IsPublicBucket() && !load_iamrole){
|
if(!S3fsCurl::IsPublicBucket() && !load_iamrole && !is_ecs){
|
||||||
if(EXIT_SUCCESS != get_access_keys()){
|
if(EXIT_SUCCESS != get_access_keys()){
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user