mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-12-23 01:08:54 +00:00
Add support for ECS metadata endpoint
This commit is contained in:
parent
ab89b4cd4a
commit
662f65c3c8
27
src/curl.cpp
27
src/curl.cpp
@ -320,7 +320,9 @@ void CurlHandlerPool::ReturnHandler(CURL* h)
|
|||||||
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
|
#define MAX_MULTI_COPY_SOURCE_SIZE 524288000 // 500MB
|
||||||
|
|
||||||
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
|
#define IAM_EXPIRE_MERGIN (20 * 60) // update timing
|
||||||
#define IAM_CRED_URL "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
|
#define IAM_BASE_URL "http://169.254.169.254"
|
||||||
|
#define IAM_CRED_URL "/latest/meta-data/iam/security-credentials/"
|
||||||
|
#define ECS_IAM_ENV_VAR "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
|
||||||
#define IAMCRED_ACCESSKEYID "AccessKeyId"
|
#define IAMCRED_ACCESSKEYID "AccessKeyId"
|
||||||
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
|
#define IAMCRED_SECRETACCESSKEY "SecretAccessKey"
|
||||||
#define IAMCRED_ACCESSTOKEN "Token"
|
#define IAMCRED_ACCESSTOKEN "Token"
|
||||||
@ -357,6 +359,7 @@ string S3fsCurl::AWSAccessKeyId;
|
|||||||
string S3fsCurl::AWSSecretAccessKey;
|
string S3fsCurl::AWSSecretAccessKey;
|
||||||
string S3fsCurl::AWSAccessToken;
|
string S3fsCurl::AWSAccessToken;
|
||||||
time_t S3fsCurl::AWSAccessTokenExpire= 0;
|
time_t S3fsCurl::AWSAccessTokenExpire= 0;
|
||||||
|
bool S3fsCurl::is_ecs = false;
|
||||||
string S3fsCurl::IAM_role;
|
string S3fsCurl::IAM_role;
|
||||||
long S3fsCurl::ssl_verify_hostname = 1; // default(original code...)
|
long S3fsCurl::ssl_verify_hostname = 1; // default(original code...)
|
||||||
curltime_t S3fsCurl::curl_times;
|
curltime_t S3fsCurl::curl_times;
|
||||||
@ -1133,6 +1136,13 @@ long S3fsCurl::SetSslVerifyHostname(long value)
|
|||||||
return old;
|
return old;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool S3fsCurl::SetIsECS(bool flag)
|
||||||
|
{
|
||||||
|
bool old = S3fsCurl::is_ecs;
|
||||||
|
S3fsCurl::is_ecs = flag;
|
||||||
|
return old;
|
||||||
|
}
|
||||||
|
|
||||||
string S3fsCurl::SetIAMRole(const char* role)
|
string S3fsCurl::SetIAMRole(const char* role)
|
||||||
{
|
{
|
||||||
string old = S3fsCurl::IAM_role;
|
string old = S3fsCurl::IAM_role;
|
||||||
@ -2348,7 +2358,13 @@ int S3fsCurl::GetIAMCredentials(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// url
|
// url
|
||||||
url = string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
if (is_ecs) {
|
||||||
|
url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
url = string(IAM_BASE_URL) + string(IAM_CRED_URL) + S3fsCurl::IAM_role;
|
||||||
|
}
|
||||||
|
|
||||||
requestHeaders = NULL;
|
requestHeaders = NULL;
|
||||||
responseHeaders.clear();
|
responseHeaders.clear();
|
||||||
bodydata = new BodyData();
|
bodydata = new BodyData();
|
||||||
@ -2385,7 +2401,12 @@ bool S3fsCurl::LoadIAMRoleFromMetaData(void)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// url
|
// url
|
||||||
url = IAM_CRED_URL;
|
//if (is_ecs) {
|
||||||
|
// url = string(IAM_BASE_URL) + std::getenv(ECS_IAM_ENV_VAR);
|
||||||
|
//}
|
||||||
|
//else {
|
||||||
|
url = string(IAM_BASE_URL) + string(IAM_CRED_URL);
|
||||||
|
//}
|
||||||
requestHeaders = NULL;
|
requestHeaders = NULL;
|
||||||
responseHeaders.clear();
|
responseHeaders.clear();
|
||||||
bodydata = new BodyData();
|
bodydata = new BodyData();
|
||||||
|
@ -230,6 +230,7 @@ class S3fsCurl
|
|||||||
static std::string AWSSecretAccessKey;
|
static std::string AWSSecretAccessKey;
|
||||||
static std::string AWSAccessToken;
|
static std::string AWSAccessToken;
|
||||||
static time_t AWSAccessTokenExpire;
|
static time_t AWSAccessTokenExpire;
|
||||||
|
static bool is_ecs;
|
||||||
static std::string IAM_role;
|
static std::string IAM_role;
|
||||||
static long ssl_verify_hostname;
|
static long ssl_verify_hostname;
|
||||||
static curltime_t curl_times;
|
static curltime_t curl_times;
|
||||||
@ -370,6 +371,7 @@ class S3fsCurl
|
|||||||
static long GetSslVerifyHostname(void) { return S3fsCurl::ssl_verify_hostname; }
|
static long GetSslVerifyHostname(void) { return S3fsCurl::ssl_verify_hostname; }
|
||||||
static int SetMaxParallelCount(int value);
|
static int SetMaxParallelCount(int value);
|
||||||
static int GetMaxParallelCount(void) { return S3fsCurl::max_parallel_cnt; }
|
static int GetMaxParallelCount(void) { return S3fsCurl::max_parallel_cnt; }
|
||||||
|
static bool SetIsECS(bool flag);
|
||||||
static std::string SetIAMRole(const char* role);
|
static std::string SetIAMRole(const char* role);
|
||||||
static const char* GetIAMRole(void) { return S3fsCurl::IAM_role.c_str(); }
|
static const char* GetIAMRole(void) { return S3fsCurl::IAM_role.c_str(); }
|
||||||
static bool SetMultipartSize(off_t size);
|
static bool SetMultipartSize(off_t size);
|
||||||
|
10
src/s3fs.cpp
10
src/s3fs.cpp
@ -122,6 +122,7 @@ static bool is_s3fs_uid = false;// default does not set.
|
|||||||
static bool is_s3fs_gid = false;// default does not set.
|
static bool is_s3fs_gid = false;// default does not set.
|
||||||
static bool is_s3fs_umask = false;// default does not set.
|
static bool is_s3fs_umask = false;// default does not set.
|
||||||
static bool is_remove_cache = false;
|
static bool is_remove_cache = false;
|
||||||
|
static bool is_ecs = false;
|
||||||
static bool is_use_xattr = false;
|
static bool is_use_xattr = false;
|
||||||
static bool create_bucket = false;
|
static bool create_bucket = false;
|
||||||
static int64_t singlepart_copy_limit = FIVE_GB;
|
static int64_t singlepart_copy_limit = FIVE_GB;
|
||||||
@ -4508,7 +4509,16 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
|
|||||||
passwd_file = strchr(arg, '=') + sizeof(char);
|
passwd_file = strchr(arg, '=') + sizeof(char);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
if(0 == strcmp(arg, "ecs")){
|
||||||
|
S3fsCurl::SetIsECS(true);
|
||||||
|
is_ecs = true;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
if(0 == STR2NCMP(arg, "iam_role")){
|
if(0 == STR2NCMP(arg, "iam_role")){
|
||||||
|
if (is_ecs) {
|
||||||
|
S3FS_PRN_EXIT("option iam_role cannot be used in conjunction with ecs");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
|
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
|
||||||
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
|
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
|
||||||
//
|
//
|
||||||
|
@ -1167,6 +1167,10 @@ void show_help (void)
|
|||||||
" enable_content_md5 (default is disable)\n"
|
" enable_content_md5 (default is disable)\n"
|
||||||
" - ensure data integrity during writes with MD5 hash.\n"
|
" - ensure data integrity during writes with MD5 hash.\n"
|
||||||
"\n"
|
"\n"
|
||||||
|
" ecs\n"
|
||||||
|
" - This option instructs s3fs to query the ECS container credential\n"
|
||||||
|
" metadata address instead of the instance metadata address.\n"
|
||||||
|
"\n"
|
||||||
" iam_role (default is no IAM role)\n"
|
" iam_role (default is no IAM role)\n"
|
||||||
" - This option requires the IAM role name or \"auto\". If you specify\n"
|
" - This option requires the IAM role name or \"auto\". If you specify\n"
|
||||||
" \"auto\", s3fs will automatically use the IAM role names that are set\n"
|
" \"auto\", s3fs will automatically use the IAM role names that are set\n"
|
||||||
|
Loading…
Reference in New Issue
Block a user