Add support for ECS metadata endpoint

This commit is contained in:
Richard Caunt 2017-11-05 19:24:02 +00:00
parent ab89b4cd4a
commit 662f65c3c8
4 changed files with 40 additions and 3 deletions

View File

@ -320,7 +320,9 @@ void CurlHandlerPool::ReturnHandler(CURL* h)
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
#define IAM_CRED_URL "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
#define IAM_BASE_URL "http://169.254.169.254"
#define IAM_CRED_URL "/latest/meta-data/iam/security-credentials/"
#define ECS_IAM_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
#define IAMCRED_ACCESSKEYID "AccessKeyId"
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
#define IAMCRED_ACCESSTOKEN "Token"
@ -357,6 +359,7 @@ string S3fsCurl::AWSAccessKeyId;
string S3fsCurl::AWSSecretAccessKey;
string S3fsCurl::AWSAccessToken;
time_t S3fsCurl::AWSAccessTokenExpire= 0;
bool S3fsCurl::is_ecs = false;
string S3fsCurl::IAM_role;
long S3fsCurl::ssl_verify_hostname = 1; // default(original code...)
curltime_t S3fsCurl::curl_times;
@ -1133,6 +1136,13 @@ long S3fsCurl::SetSslVerifyHostname(long value)
return old;
}
bool S3fsCurl::SetIsECS(bool flag)
{
bool old = S3fsCurl::is_ecs;
S3fsCurl::is_ecs = flag;
return old;
}
string S3fsCurl::SetIAMRole(const char* role)
{
string old = S3fsCurl::IAM_role;
@ -2348,7 +2358,13 @@ int S3fsCurl::GetIAMCredentials(void)
}
// url
url = string(IAM_CRED_URL) + S3fsCurl::IAM_role;
if (is_ecs) {
url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
}
else {
url = string(IAM_BASE_URL) + string(IAM_CRED_URL) + S3fsCurl::IAM_role;
}
requestHeaders = NULL;
responseHeaders.clear();
bodydata = new BodyData();
@ -2385,7 +2401,12 @@ bool S3fsCurl::LoadIAMRoleFromMetaData(void)
}
// url
url = IAM_CRED_URL;
//if (is_ecs) {
// url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
//}
//else {
url = string(IAM_BASE_URL) + string(IAM_CRED_URL);
//}
requestHeaders = NULL;
responseHeaders.clear();
bodydata = new BodyData();

View File

@ -230,6 +230,7 @@ class S3fsCurl
static std::string AWSSecretAccessKey;
static std::string AWSAccessToken;
static time_t AWSAccessTokenExpire;
static bool is_ecs;
static std::string IAM_role;
static long ssl_verify_hostname;
static curltime_t curl_times;
@ -370,6 +371,7 @@ class S3fsCurl
static long GetSslVerifyHostname(void) { return S3fsCurl::ssl_verify_hostname; }
static int SetMaxParallelCount(int value);
static int GetMaxParallelCount(void) { return S3fsCurl::max_parallel_cnt; }
static bool SetIsECS(bool flag);
static std::string SetIAMRole(const char* role);
static const char* GetIAMRole(void) { return S3fsCurl::IAM_role.c_str(); }
static bool SetMultipartSize(off_t size);

View File

@ -122,6 +122,7 @@ static bool is_s3fs_uid = false;// default does not set.
static bool is_s3fs_gid = false;// default does not set.
static bool is_s3fs_umask = false;// default does not set.
static bool is_remove_cache = false;
static bool is_ecs = false;
static bool is_use_xattr = false;
static bool create_bucket = false;
static int64_t singlepart_copy_limit = FIVE_GB;
@ -4508,7 +4509,16 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
passwd_file = strchr(arg, '=') + sizeof(char);
return 0;
}
if(0 == strcmp(arg, "ecs")){
S3fsCurl::SetIsECS(true);
is_ecs = true;
return 0;
}
if(0 == STR2NCMP(arg, "iam_role")){
if (is_ecs) {
S3FS_PRN_EXIT("option iam_role cannot be used in conjunction with ecs");
return -1;
}
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
//

View File

@ -1167,6 +1167,10 @@ void show_help (void)
" enable_content_md5 (default is disable)\n"
" - ensure data integrity during writes with MD5 hash.\n"
"\n"
" ecs\n"
" - This option instructs s3fs to query the ECS container credential\n"
" metadata address instead of the instance metadata address.\n"
"\n"
" iam_role (default is no IAM role)\n"
" - This option requires the IAM role name or \"auto\". If you specify\n"
" \"auto\", s3fs will automatically use the IAM role names that are set\n"