lsm/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2025-05-12 03:47:49 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

s3: keep auth enabled in case identities are set to empty

Browse Source 
fix https://github.com/chrislusf/seaweedfs/issues/3084
This commit is contained in:
chrislu 2022-05-29 19:00:03 -07:00
parent 81d6159290
commit b8f3db0d46
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
weed/s3api/auth_credentials.go
View File

@ -26,8 +26,9 @@ type Iam interface {
type IdentityAccessManagement struct { type IdentityAccessManagement struct {
m sync.RWMutex m sync.RWMutex
identities []*Identity identities []*Identity
domain string isAuthEnabled bool
domain string
} }
type Identity struct { type Identity struct {
@ -137,14 +138,15 @@ func (iam *IdentityAccessManagement) loadS3ApiConfiguration(config *iam_pb.S3Api
iam.m.Lock() iam.m.Lock()
// atomically switch // atomically switch
iam.identities = identities iam.identities = identities
if !iam.isAuthEnabled { // one-directional, no toggling
iam.isAuthEnabled = len(identities) > 0
}
iam.m.Unlock() iam.m.Unlock()
return nil return nil
} }
func (iam *IdentityAccessManagement) isEnabled() bool { func (iam *IdentityAccessManagement) isEnabled() bool {
iam.m.RLock() return iam.isAuthEnabled
defer iam.m.RUnlock()
return len(iam.identities) > 0
} }
func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identity *Identity, cred *Credential, found bool) { func (iam *IdentityAccessManagement) lookupByAccessKey(accessKey string) (identity *Identity, cred *Credential, found bool) {