mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-12-23 01:08:54 +00:00
Add support for ECS metadata endpoint
This commit is contained in:
parent
ab89b4cd4a
commit
662f65c3c8
27
src/curl.cpp
27
src/curl.cpp
@ -320,7 +320,9 @@ void CurlHandlerPool::ReturnHandler(CURL* h)
|
||||
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
|
||||
|
||||
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
|
||||
#define IAM_CRED_URL "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
|
||||
#define IAM_BASE_URL "http://169.254.169.254"
|
||||
#define IAM_CRED_URL "/latest/meta-data/iam/security-credentials/"
|
||||
#define ECS_IAM_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
|
||||
#define IAMCRED_ACCESSKEYID "AccessKeyId"
|
||||
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
|
||||
#define IAMCRED_ACCESSTOKEN "Token"
|
||||
@ -357,6 +359,7 @@ string S3fsCurl::AWSAccessKeyId;
|
||||
string S3fsCurl::AWSSecretAccessKey;
|
||||
string S3fsCurl::AWSAccessToken;
|
||||
time_t S3fsCurl::AWSAccessTokenExpire= 0;
|
||||
bool S3fsCurl::is_ecs = false;
|
||||
string S3fsCurl::IAM_role;
|
||||
long S3fsCurl::ssl_verify_hostname = 1; // default(original code...)
|
||||
curltime_t S3fsCurl::curl_times;
|
||||
@ -1133,6 +1136,13 @@ long S3fsCurl::SetSslVerifyHostname(long value)
|
||||
return old;
|
||||
}
|
||||
|
||||
bool S3fsCurl::SetIsECS(bool flag)
|
||||
{
|
||||
bool old = S3fsCurl::is_ecs;
|
||||
S3fsCurl::is_ecs = flag;
|
||||
return old;
|
||||
}
|
||||
|
||||
string S3fsCurl::SetIAMRole(const char* role)
|
||||
{
|
||||
string old = S3fsCurl::IAM_role;
|
||||
@ -2348,7 +2358,13 @@ int S3fsCurl::GetIAMCredentials(void)
|
||||
}
|
||||
|
||||
// url
|
||||
url = string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
||||
if (is_ecs) {
|
||||
url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
|
||||
}
|
||||
else {
|
||||
url = string(IAM_BASE_URL) + string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
||||
}
|
||||
|
||||
requestHeaders = NULL;
|
||||
responseHeaders.clear();
|
||||
bodydata = new BodyData();
|
||||
@ -2385,7 +2401,12 @@ bool S3fsCurl::LoadIAMRoleFromMetaData(void)
|
||||
}
|
||||
|
||||
// url
|
||||
url = IAM_CRED_URL;
|
||||
//if (is_ecs) {
|
||||
// url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
|
||||
//}
|
||||
//else {
|
||||
url = string(IAM_BASE_URL) + string(IAM_CRED_URL);
|
||||
//}
|
||||
requestHeaders = NULL;
|
||||
responseHeaders.clear();
|
||||
bodydata = new BodyData();
|
||||
|
@ -230,6 +230,7 @@ class S3fsCurl
|
||||
static std::string AWSSecretAccessKey;
|
||||
static std::string AWSAccessToken;
|
||||
static time_t AWSAccessTokenExpire;
|
||||
static bool is_ecs;
|
||||
static std::string IAM_role;
|
||||
static long ssl_verify_hostname;
|
||||
static curltime_t curl_times;
|
||||
@ -370,6 +371,7 @@ class S3fsCurl
|
||||
static long GetSslVerifyHostname(void) { return S3fsCurl::ssl_verify_hostname; }
|
||||
static int SetMaxParallelCount(int value);
|
||||
static int GetMaxParallelCount(void) { return S3fsCurl::max_parallel_cnt; }
|
||||
static bool SetIsECS(bool flag);
|
||||
static std::string SetIAMRole(const char* role);
|
||||
static const char* GetIAMRole(void) { return S3fsCurl::IAM_role.c_str(); }
|
||||
static bool SetMultipartSize(off_t size);
|
||||
|
10
src/s3fs.cpp
10
src/s3fs.cpp
@ -122,6 +122,7 @@ static bool is_s3fs_uid = false;// default does not set.
|
||||
static bool is_s3fs_gid = false;// default does not set.
|
||||
static bool is_s3fs_umask = false;// default does not set.
|
||||
static bool is_remove_cache = false;
|
||||
static bool is_ecs = false;
|
||||
static bool is_use_xattr = false;
|
||||
static bool create_bucket = false;
|
||||
static int64_t singlepart_copy_limit = FIVE_GB;
|
||||
@ -4508,7 +4509,16 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
|
||||
passwd_file = strchr(arg, '=') + sizeof(char);
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "ecs")){
|
||||
S3fsCurl::SetIsECS(true);
|
||||
is_ecs = true;
|
||||
return 0;
|
||||
}
|
||||
if(0 == STR2NCMP(arg, "iam_role")){
|
||||
if (is_ecs) {
|
||||
S3FS_PRN_EXIT("option iam_role cannot be used in conjunction with ecs");
|
||||
return -1;
|
||||
}
|
||||
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
|
||||
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
|
||||
//
|
||||
|
@ -1167,6 +1167,10 @@ void show_help (void)
|
||||
" enable_content_md5 (default is disable)\n"
|
||||
" - ensure data integrity during writes with MD5 hash.\n"
|
||||
"\n"
|
||||
" ecs\n"
|
||||
" - This option instructs s3fs to query the ECS container credential\n"
|
||||
" metadata address instead of the instance metadata address.\n"
|
||||
"\n"
|
||||
" iam_role (default is no IAM role)\n"
|
||||
" - This option requires the IAM role name or \"auto\". If you specify\n"
|
||||
" \"auto\", s3fs will automatically use the IAM role names that are set\n"
|
||||
|
Loading…
Reference in New Issue
Block a user