mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-06-06 11:00:49 +00:00
Moved parameter analysis processing to S3fsCred class
This commit is contained in:
parent
b9e2be5c21
commit
b64dc7749c
124
src/s3fs.cpp
124
src/s3fs.cpp
|
@ -3964,72 +3964,13 @@ static int my_fuse_opt_proc(void* data, const char* arg, int key, struct fuse_ar
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
if(is_prefix(arg, "passwd_file=")){
|
||||
ps3fscred->SetS3fsPasswdFile(strchr(arg, '=') + sizeof(char));
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "ibm_iam_auth")){
|
||||
ps3fscred->SetIsIBMIAMAuth(true);
|
||||
ps3fscred->SetIAMCredentialsURL("https://iam.cloud.ibm.com/identity/token");
|
||||
ps3fscred->SetIAMTokenField("\"access_token\"");
|
||||
ps3fscred->SetIAMExpiryField("\"expiration\"");
|
||||
ps3fscred->SetIAMFieldCount(2);
|
||||
ps3fscred->SetIMDSVersion(1);
|
||||
ps3fscred->SetIsIBMIAMAuth(true);
|
||||
return 0;
|
||||
}
|
||||
if (0 == strcmp(arg, "use_session_token")) {
|
||||
ps3fscred->SetIsUseSessionToken(true);
|
||||
return 0;
|
||||
}
|
||||
if(is_prefix(arg, "ibm_iam_endpoint=")){
|
||||
std::string endpoint_url;
|
||||
const char *iam_endpoint = strchr(arg, '=') + sizeof(char);
|
||||
// Check url for http / https protocol std::string
|
||||
if(!is_prefix(iam_endpoint, "https://") && !is_prefix(iam_endpoint, "http://")) {
|
||||
S3FS_PRN_EXIT("option ibm_iam_endpoint has invalid format, missing http / https protocol");
|
||||
return -1;
|
||||
}
|
||||
endpoint_url = std::string(iam_endpoint) + "/identity/token";
|
||||
ps3fscred->SetIAMCredentialsURL(endpoint_url.c_str());
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "imdsv1only")){
|
||||
ps3fscred->SetIMDSVersion(1);
|
||||
return 0;
|
||||
}
|
||||
if(0 == strcmp(arg, "ecs")){
|
||||
if(ps3fscred->IsIBMIAMAuth()){
|
||||
S3FS_PRN_EXIT("option ecs cannot be used in conjunction with ibm");
|
||||
//
|
||||
// Detect options for credential
|
||||
//
|
||||
if(0 >= (ret = ps3fscred->DetectParam(arg))){
|
||||
if(0 > ret){
|
||||
return -1;
|
||||
}
|
||||
ps3fscred->SetIsECS(true);
|
||||
ps3fscred->SetIMDSVersion(1);
|
||||
ps3fscred->SetIAMCredentialsURL("http://169.254.170.2");
|
||||
ps3fscred->SetIAMFieldCount(5);
|
||||
ps3fscred->SetIsECS(true);
|
||||
return 0;
|
||||
}
|
||||
if(is_prefix(arg, "iam_role")){
|
||||
if(ps3fscred->IsECS() || ps3fscred->IsIBMIAMAuth()){
|
||||
S3FS_PRN_EXIT("option iam_role cannot be used in conjunction with ecs or ibm");
|
||||
return -1;
|
||||
}
|
||||
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
|
||||
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
|
||||
//
|
||||
ps3fscred->SetIAMRoleMetadataType(true);
|
||||
return 0;
|
||||
|
||||
}else if(is_prefix(arg, "iam_role=")){
|
||||
const char* role = strchr(arg, '=') + sizeof(char);
|
||||
ps3fscred->SetIAMRole(role);
|
||||
ps3fscred->SetIAMRoleMetadataType(false);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if(is_prefix(arg, "profile=")){
|
||||
ps3fscred->SetAwsProfileName(strchr(arg, '=') + sizeof(char));
|
||||
return 0;
|
||||
}
|
||||
if(is_prefix(arg, "public_bucket=")){
|
||||
|
@ -4608,10 +4549,9 @@ int main(int argc, char* argv[])
|
|||
}
|
||||
|
||||
//
|
||||
// Checking forbidden parameters for bucket
|
||||
// Check the combination of parameters for credential
|
||||
//
|
||||
if(!ps3fscred->CheckForbiddenBucketParams()){
|
||||
show_usage();
|
||||
if(!ps3fscred->CheckAllParams()){
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
|
@ -4633,42 +4573,6 @@ int main(int argc, char* argv[])
|
|||
}
|
||||
}
|
||||
|
||||
// error checking of command line arguments for compatibility
|
||||
if(S3fsCurl::IsPublicBucket() && ps3fscred->IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("specifying both public_bucket and the access keys options is invalid.");
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if(!ps3fscred->IsSetPasswdFile() && ps3fscred->IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("specifying both passwd_file and the access keys options is invalid.");
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if(!S3fsCurl::IsPublicBucket() && !ps3fscred->IsIAMRoleMetadataType() && !ps3fscred->IsECS()){
|
||||
if(!ps3fscred->InitialS3fsCredentials()){
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if(!ps3fscred->IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("could not establish security credentials, check documentation.");
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
// More error checking on the access key pair can be done
|
||||
// like checking for appropriate lengths and characters
|
||||
}
|
||||
|
||||
// check tmp dir permission
|
||||
if(!FdManager::CheckTmpDirExist()){
|
||||
S3FS_PRN_EXIT("temporary directory doesn't exists.");
|
||||
|
@ -4692,20 +4596,6 @@ int main(int argc, char* argv[])
|
|||
FdManager::InitFakeUsedDiskSize(fake_diskfree_size);
|
||||
}
|
||||
|
||||
// check IBM IAM requirements
|
||||
if(ps3fscred->IsIBMIAMAuth()){
|
||||
// check that default ACL is either public-read or private
|
||||
acl_t defaultACL = S3fsCurl::GetDefaultAcl();
|
||||
if(defaultACL != acl_t::PRIVATE && defaultACL != acl_t::PUBLIC_READ){
|
||||
S3FS_PRN_EXIT("can only use 'public-read' or 'private' ACL while using ibm_iam_auth");
|
||||
S3fsCurl::DestroyS3fsCurl();
|
||||
s3fs_destroy_global_ssl();
|
||||
destroy_parser_xml_lock();
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// set user agent
|
||||
S3fsCurl::InitUserAgent();
|
||||
|
||||
|
|
|
@ -184,11 +184,6 @@ bool S3fsCred::SetAccessKeyWithSessionToken(const char* AccessKeyId, const char*
|
|||
return true;
|
||||
}
|
||||
|
||||
bool S3fsCred::IsSetAccessKeyID() const
|
||||
{
|
||||
return !AWSAccessKeyId.empty();
|
||||
}
|
||||
|
||||
bool S3fsCred::IsSetAccessKeys() const
|
||||
{
|
||||
return !IAM_role.empty() || ((!AWSAccessKeyId.empty() || is_ibm_iam_auth) && !AWSSecretAccessKey.empty());
|
||||
|
@ -705,7 +700,7 @@ bool S3fsCred::InitialS3fsCredentials()
|
|||
}
|
||||
|
||||
// 2 - was specified on the command line
|
||||
if(!IsSetPasswdFile()){
|
||||
if(IsSetPasswdFile()){
|
||||
if(!ReadS3fsPasswdFile()){
|
||||
return false;;
|
||||
}
|
||||
|
@ -877,7 +872,99 @@ bool S3fsCred::CheckIAMCredentialUpdate()
|
|||
}
|
||||
|
||||
//-------------------------------------------------------------------
|
||||
// Methods : Checking forbidden parameters
|
||||
// Methods: Option detection
|
||||
//-------------------------------------------------------------------
|
||||
// return value: 1 = Not processed as it is not a option for this class
|
||||
// 0 = The option was detected and processed appropriately
|
||||
// -1 = Processing cannot be continued because a fatal error was detected
|
||||
//
|
||||
int S3fsCred::DetectParam(const char* arg)
|
||||
{
|
||||
if(!arg){
|
||||
S3FS_PRN_EXIT("parameter arg is empty(null)");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(is_prefix(arg, "passwd_file=")){
|
||||
SetS3fsPasswdFile(strchr(arg, '=') + sizeof(char));
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(0 == strcmp(arg, "ibm_iam_auth")){
|
||||
SetIsIBMIAMAuth(true);
|
||||
SetIAMCredentialsURL("https://iam.cloud.ibm.com/identity/token");
|
||||
SetIAMTokenField("\"access_token\"");
|
||||
SetIAMExpiryField("\"expiration\"");
|
||||
SetIAMFieldCount(2);
|
||||
SetIMDSVersion(1);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(0 == strcmp(arg, "use_session_token")){
|
||||
SetIsUseSessionToken(true);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(is_prefix(arg, "ibm_iam_endpoint=")){
|
||||
std::string endpoint_url;
|
||||
const char* iam_endpoint = strchr(arg, '=') + sizeof(char);
|
||||
|
||||
// Check url for http / https protocol std::string
|
||||
if(!is_prefix(iam_endpoint, "https://") && !is_prefix(iam_endpoint, "http://")){
|
||||
S3FS_PRN_EXIT("option ibm_iam_endpoint has invalid format, missing http / https protocol");
|
||||
return -1;
|
||||
}
|
||||
endpoint_url = std::string(iam_endpoint) + "/identity/token";
|
||||
SetIAMCredentialsURL(endpoint_url.c_str());
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(0 == strcmp(arg, "imdsv1only")){
|
||||
SetIMDSVersion(1);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(0 == strcmp(arg, "ecs")){
|
||||
if(IsIBMIAMAuth()){
|
||||
S3FS_PRN_EXIT("option ecs cannot be used in conjunction with ibm");
|
||||
return -1;
|
||||
}
|
||||
SetIsECS(true);
|
||||
SetIMDSVersion(1);
|
||||
SetIAMCredentialsURL("http://169.254.170.2");
|
||||
SetIAMFieldCount(5);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if(is_prefix(arg, "iam_role")){
|
||||
if(IsECS() || IsIBMIAMAuth()){
|
||||
S3FS_PRN_EXIT("option iam_role cannot be used in conjunction with ecs or ibm");
|
||||
return -1;
|
||||
}
|
||||
if(0 == strcmp(arg, "iam_role") || 0 == strcmp(arg, "iam_role=auto")){
|
||||
// loading IAM role name in s3fs_init(), because we need to wait initializing curl.
|
||||
//
|
||||
SetIAMRoleMetadataType(true);
|
||||
return 0;
|
||||
|
||||
}else if(is_prefix(arg, "iam_role=")){
|
||||
const char* role = strchr(arg, '=') + sizeof(char);
|
||||
SetIAMRole(role);
|
||||
SetIAMRoleMetadataType(false);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
if(is_prefix(arg, "profile=")){
|
||||
SetAwsProfileName(strchr(arg, '=') + sizeof(char));
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
//-------------------------------------------------------------------
|
||||
// Methods : check parameters
|
||||
//-------------------------------------------------------------------
|
||||
//
|
||||
// Checking forbidden parameters for bucket
|
||||
|
@ -910,6 +997,53 @@ bool S3fsCred::CheckForbiddenBucketParams()
|
|||
return true;
|
||||
}
|
||||
|
||||
//
|
||||
// Check the combination of parameters
|
||||
//
|
||||
bool S3fsCred::CheckAllParams()
|
||||
{
|
||||
//
|
||||
// Checking forbidden parameters for bucket
|
||||
//
|
||||
if(!CheckForbiddenBucketParams()){
|
||||
return false;
|
||||
}
|
||||
|
||||
// error checking of command line arguments for compatibility
|
||||
if(S3fsCurl::IsPublicBucket() && IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("specifying both public_bucket and the access keys options is invalid.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!IsSetPasswdFile() && IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("specifying both passwd_file and the access keys options is invalid.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!S3fsCurl::IsPublicBucket() && !IsIAMRoleMetadataType() && !IsECS()){
|
||||
if(!InitialS3fsCredentials()){
|
||||
return false;
|
||||
}
|
||||
if(!IsSetAccessKeys()){
|
||||
S3FS_PRN_EXIT("could not establish security credentials, check documentation.");
|
||||
return false;
|
||||
}
|
||||
// More error checking on the access key pair can be done
|
||||
// like checking for appropriate lengths and characters
|
||||
}
|
||||
|
||||
// check IBM IAM requirements
|
||||
if(IsIBMIAMAuth()){
|
||||
// check that default ACL is either public-read or private
|
||||
acl_t defaultACL = S3fsCurl::GetDefaultAcl();
|
||||
if(defaultACL != acl_t::PRIVATE && defaultACL != acl_t::PUBLIC_READ){
|
||||
S3FS_PRN_EXIT("can only use 'public-read' or 'private' ACL while using ibm_iam_auth");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/*
|
||||
* Local variables:
|
||||
* tab-width: 4
|
||||
|
|
|
@ -82,6 +82,26 @@ class S3fsCred
|
|||
private:
|
||||
static bool ParseIAMRoleFromMetaDataResponse(const char* response, std::string& rolename);
|
||||
|
||||
bool SetS3fsPasswdFile(const char* file);
|
||||
bool IsSetPasswdFile();
|
||||
bool SetAwsProfileName(const char* profile_name);
|
||||
bool SetIAMRoleMetadataType(bool flag);
|
||||
|
||||
bool SetAccessKey(const char* AccessKeyId, const char* SecretAccessKey);
|
||||
bool SetAccessKeyWithSessionToken(const char* AccessKeyId, const char* SecretAccessKey, const char * SessionToken);
|
||||
bool IsSetAccessKeys() const;
|
||||
|
||||
bool SetIsECS(bool flag);
|
||||
bool SetIsUseSessionToken(bool flag);
|
||||
|
||||
bool SetIsIBMIAMAuth(bool flag);
|
||||
|
||||
std::string SetIAMRole(const char* role);
|
||||
size_t SetIAMFieldCount(size_t field_count);
|
||||
std::string SetIAMCredentialsURL(const char* url);
|
||||
std::string SetIAMTokenField(const char* token_field);
|
||||
std::string SetIAMExpiryField(const char* expiry_field);
|
||||
|
||||
bool IsReadableS3fsPasswdFile();
|
||||
bool CheckS3fsPasswdFilePerms();
|
||||
bool ParseS3fsPasswdFile(bucketkvmap_t& resmap);
|
||||
|
@ -90,8 +110,11 @@ class S3fsCred
|
|||
int CheckS3fsCredentialAwsFormat(const kvmap_t& kvmap);
|
||||
bool ReadAwsCredentialFile(const std::string &filename);
|
||||
|
||||
bool InitialS3fsCredentials();
|
||||
bool ParseIAMCredentialResponse(const char* response, iamcredmap_t& keyval);
|
||||
|
||||
bool CheckForbiddenBucketParams();
|
||||
|
||||
public:
|
||||
static bool SetBucket(const char* bucket);
|
||||
static const std::string& GetBucket();
|
||||
|
@ -99,34 +122,18 @@ class S3fsCred
|
|||
S3fsCred();
|
||||
~S3fsCred();
|
||||
|
||||
bool SetS3fsPasswdFile(const char* file);
|
||||
bool IsSetPasswdFile();
|
||||
bool SetAwsProfileName(const char* profile_name);
|
||||
bool SetIAMRoleMetadataType(bool flag);
|
||||
bool IsIAMRoleMetadataType() const { return load_iamrole; }
|
||||
|
||||
bool SetAccessKey(const char* AccessKeyId, const char* SecretAccessKey);
|
||||
bool SetAccessKeyWithSessionToken(const char* AccessKeyId, const char* SecretAccessKey, const char * SessionToken);
|
||||
bool IsSetAccessKeyID() const;
|
||||
bool IsSetAccessKeys() const;
|
||||
const std::string& GetAccessKeyID() const { return AWSAccessKeyId; }
|
||||
const std::string& GetSecretAccessKey() const { return AWSSecretAccessKey; }
|
||||
const std::string& GetAccessToken() const { return AWSAccessToken; }
|
||||
|
||||
bool SetIsECS(bool flag);
|
||||
bool IsECS() const { return is_ecs; }
|
||||
bool SetIsUseSessionToken(bool flag);
|
||||
bool IsUseSessionToken() const { return is_use_session_token; }
|
||||
bool SetIsIBMIAMAuth(bool flag);
|
||||
|
||||
bool IsIBMIAMAuth() const { return is_ibm_iam_auth; }
|
||||
|
||||
std::string SetIAMRole(const char* role);
|
||||
const std::string& GetIAMRole() const { return IAM_role; }
|
||||
size_t SetIAMFieldCount(size_t field_count);
|
||||
std::string SetIAMCredentialsURL(const char* url);
|
||||
const std::string& GetIAMCredentialsURL() const { return IAM_cred_url; }
|
||||
std::string SetIAMTokenField(const char* token_field);
|
||||
std::string SetIAMExpiryField(const char* expiry_field);
|
||||
int SetIMDSVersion(int version);
|
||||
int GetIMDSVersion() const { return IAM_api_version; }
|
||||
|
||||
|
@ -135,11 +142,10 @@ class S3fsCred
|
|||
bool SetIAMCredentials(const char* response);
|
||||
bool SetIAMRoleFromMetaData(const char* response);
|
||||
|
||||
bool InitialS3fsCredentials();
|
||||
|
||||
bool CheckIAMCredentialUpdate();
|
||||
|
||||
bool CheckForbiddenBucketParams();
|
||||
int DetectParam(const char* arg);
|
||||
bool CheckAllParams();
|
||||
};
|
||||
|
||||
#endif // S3FS_CRED_H_
|
||||
|
|
Loading…
Reference in New Issue
Block a user