Documentation ¶
Overview ¶
Package s3 provides an interface to Amazon S3 oject storage
Index ¶
- Constants
- Variables
- func ExpToInt64(expI interface{}) (expAt int64, err error)
- func IsAccessKeyValid(accessKey string) bool
- func IsSecretKeyValid(secretKey string) bool
- func JWTSignWithAccessKey(accessKey string, m map[string]interface{}, tokenSecret string) (string, error)
- func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, error)
- func ParseWithClaims(tokenStr string, claims *MapClaims, fn func(*MapClaims) ([]byte, error)) error
- func ParseWithStandardClaims(tokenStr string, claims *StandardClaims, key []byte) error
- type AssumeRoleWithWebIdentityResponse
- type AssumedRoleUser
- type Credentials
- func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error)
- func CreateNewCredentialsWithMetadata(accessKey, secretKey string, m map[string]interface{}, tokenSecret string) (cred Credentials, err error)
- func GetNewCredentials() (cred Credentials, err error)
- func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string) (cred Credentials, err error)
- type Fs
- func (f *Fs) CleanUp(ctx context.Context) (err error)
- func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error)
- func (f *Fs) Copy(ctx context.Context, src fs.Object, remote string) (fs.Object, error)
- func (f *Fs) Features() *fs.Features
- func (f *Fs) Hashes() hash.Set
- func (f *Fs) List(ctx context.Context, dir string) (entries fs.DirEntries, err error)
- func (f *Fs) ListR(ctx context.Context, dir string, callback fs.ListRCallback) (err error)
- func (f *Fs) Mkdir(ctx context.Context, dir string) error
- func (f *Fs) Name() string
- func (f *Fs) NewObject(ctx context.Context, remote string) (fs.Object, error)
- func (f *Fs) Precision() time.Duration
- func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (link string, err error)
- func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)
- func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)
- func (f *Fs) Rmdir(ctx context.Context, dir string) error
- func (f *Fs) Root() string
- func (f *Fs) String() string
- type IAMProvider
- type MapClaims
- func (c *MapClaims) GetAccessKey() string
- func (c *MapClaims) Lookup(key string) (value string, ok bool)
- func (c *MapClaims) Map() map[string]interface{}
- func (c *MapClaims) MarshalJSON() ([]byte, error)
- func (c *MapClaims) SetAccessKey(accessKey string)
- func (c *MapClaims) SetExpiry(t time.Time)
- func (c *MapClaims) Valid() error
- type Object
- func (o *Object) Fs() fs.Info
- func (o *Object) GetTier() string
- func (o *Object) Hash(ctx context.Context, t hash.Type) (string, error)
- func (o *Object) MimeType(ctx context.Context) string
- func (o *Object) ModTime(ctx context.Context) time.Time
- func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.ReadCloser, err error)
- func (o *Object) Remote() string
- func (o *Object) Remove(ctx context.Context) error
- func (o *Object) SetModTime(ctx context.Context, modTime time.Time) error
- func (o *Object) SetTier(tier string) (err error)
- func (o *Object) Size() int64
- func (o *Object) Storable() bool
- func (o *Object) String() string
- func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) error
- type Options
- type SigningMethodHMAC
- type StandardClaims
- type WebIdentityResult
Constants ¶
const ( DefaultAccessKey = "minioadmin" DefaultSecretKey = "minioadmin" )
Default access and secret keys.
const ( // AccountOn indicates that credentials are enabled AccountOn = "on" // AccountOff indicates that credentials are disabled AccountOff = "off" )
Variables ¶
var ( ErrInvalidAccessKeyLength = fmt.Errorf("access key length should be between %d and %d", accessKeyMinLen, accessKeyMaxLen) ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen) )
Common errors generated for access and secret key validation.
var ( DefaultCredentials = Credentials{ AccessKey: DefaultAccessKey, SecretKey: DefaultSecretKey, } )
Default access credentials
var ErrInvalidDuration = errors.New("invalid token expiry")
ErrInvalidDuration invalid token expiry
Functions ¶
func ExpToInt64 ¶ added in v1.56.0
ExpToInt64 - convert input interface value to int64.
func IsAccessKeyValid ¶ added in v1.56.0
IsAccessKeyValid - validate access key for right length.
func IsSecretKeyValid ¶ added in v1.56.0
IsSecretKeyValid - validate secret key for right length.
func JWTSignWithAccessKey ¶ added in v1.56.0
func JWTSignWithAccessKey(accessKey string, m map[string]interface{}, tokenSecret string) (string, error)
JWTSignWithAccessKey - generates a session token.
func ParseWithClaims ¶ added in v1.56.0
ParseWithClaims - parse the token string, valid methods.
func ParseWithStandardClaims ¶ added in v1.56.0
func ParseWithStandardClaims(tokenStr string, claims *StandardClaims, key []byte) error
ParseWithStandardClaims - parse the token string, valid methods.
Types ¶
type AssumeRoleWithWebIdentityResponse ¶
type AssumeRoleWithWebIdentityResponse struct { XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithWebIdentityResponse" json:"-"` Result WebIdentityResult `xml:"AssumeRoleWithWebIdentityResult"` ResponseMetadata struct { RequestID string `xml:"RequestId,omitempty"` } `xml:"ResponseMetadata,omitempty"` }
AssumeRoleWithWebIdentityResponse the struct of the STS WebIdentity call response
type AssumedRoleUser ¶
AssumedRoleUser - The identifiers for the temporary security credentials that the operation returns. Please also see https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser
type Credentials ¶ added in v1.56.0
type Credentials struct { AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"` SecretKey string `xml:"SecretAccessKey" json:"secretKey,omitempty"` Expiration time.Time `xml:"Expiration" json:"expiration,omitempty"` SessionToken string `xml:"SessionToken" json:"sessionToken,omitempty"` Status string `xml:"-" json:"status,omitempty"` ParentUser string `xml:"-" json:"parentUser,omitempty"` Groups []string `xml:"-" json:"groups,omitempty"` }
Credentials holds access and secret keys.
func CreateCredentials ¶ added in v1.56.0
func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error)
CreateCredentials returns new credential with the given access key and secret key. Error is returned if given access key or secret key are invalid length.
func CreateNewCredentialsWithMetadata ¶ added in v1.56.0
func CreateNewCredentialsWithMetadata(accessKey, secretKey string, m map[string]interface{}, tokenSecret string) (cred Credentials, err error)
CreateNewCredentialsWithMetadata - creates new credentials using the specified access & secret keys and generate a session token if a secret token is provided.
func GetNewCredentials ¶ added in v1.56.0
func GetNewCredentials() (cred Credentials, err error)
GetNewCredentials generates and returns new credential.
func GetNewCredentialsWithMetadata ¶ added in v1.56.0
func GetNewCredentialsWithMetadata(m map[string]interface{}, tokenSecret string) (cred Credentials, err error)
GetNewCredentialsWithMetadata generates and returns new credential with expiry.
func (Credentials) Equal ¶ added in v1.56.0
func (cred Credentials) Equal(ccred Credentials) bool
Equal - returns whether two credentials are equal or not.
func (Credentials) IsExpired ¶ added in v1.56.0
func (cred Credentials) IsExpired() bool
IsExpired - returns whether Credential is expired or not.
func (Credentials) IsServiceAccount ¶ added in v1.56.0
func (cred Credentials) IsServiceAccount() bool
IsServiceAccount - returns whether credential is a service account or not
func (Credentials) IsTemp ¶ added in v1.56.0
func (cred Credentials) IsTemp() bool
IsTemp - returns whether credential is temporary or not.
func (Credentials) IsValid ¶ added in v1.56.0
func (cred Credentials) IsValid() bool
IsValid - returns whether credential is valid or not.
func (Credentials) String ¶ added in v1.56.0
func (cred Credentials) String() string
type Fs ¶
type Fs struct {
// contains filtered or unexported fields
}
Fs represents a remote s3 server
func (*Fs) Command ¶
func (f *Fs) Command(ctx context.Context, name string, arg []string, opt map[string]string) (out interface{}, err error)
Command the backend to run a named command
The command run is name args may be used to read arguments from opts may be used to read optional arguments from
The result should be capable of being JSON encoded If it is a string or a []string it will be shown to the user otherwise it will be JSON encoded and shown to the user like that
func (*Fs) Copy ¶
Copy src to this remote using server-side copy operations.
This is stored with the remote path given ¶
It returns the destination Object and a possible error ¶
Will only be called if src.Fs().Name() == f.Name()
If it isn't possible then return fs.ErrorCantCopy
func (*Fs) List ¶
List the objects and directories in dir into entries. The entries can be returned in any order but should be for a complete directory.
dir should be "" to list the root, and should not have trailing slashes.
This should return ErrDirNotFound if the directory isn't found.
func (*Fs) ListR ¶
ListR lists the objects and directories of the Fs starting from dir recursively into out.
dir should be "" to start from the root, and should not have trailing slashes.
This should return ErrDirNotFound if the directory isn't found.
It should call callback for each tranche of entries read. These need not be returned in any particular order. If callback returns an error then the listing will stop immediately.
Don't implement this unless you have a more efficient way of listing recursively than doing a directory traversal.
func (*Fs) NewObject ¶
NewObject finds the Object at remote. If it can't be found it returns the error fs.ErrorObjectNotFound.
func (*Fs) PublicLink ¶
func (f *Fs) PublicLink(ctx context.Context, remote string, expire fs.Duration, unlink bool) (link string, err error)
PublicLink generates a public link to the remote path (usually readable by anyone)
func (*Fs) Put ¶
func (f *Fs) Put(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)
Put the Object into the bucket
func (*Fs) PutStream ¶
func (f *Fs) PutStream(ctx context.Context, in io.Reader, src fs.ObjectInfo, options ...fs.OpenOption) (fs.Object, error)
PutStream uploads to the remote path with the modTime given of indeterminate size
type IAMProvider ¶
type IAMProvider struct {
// contains filtered or unexported fields
}
IAMProvider credential provider for oidc
func (*IAMProvider) Retrieve ¶
func (t *IAMProvider) Retrieve() (credentials.Value, error)
Retrieve credentials
type MapClaims ¶ added in v1.56.0
MapClaims - implements custom unmarshaller
func ExtractClaims ¶ added in v1.56.0
ExtractClaims extracts JWT claims from a security token using a secret key
func NewMapClaims ¶ added in v1.56.0
func NewMapClaims() *MapClaims
NewMapClaims - Initializes a new map claims
func (*MapClaims) GetAccessKey ¶ added in v1.56.0
GetAccessKey will return the access key. If nil an empty string will be returned.
func (*MapClaims) MarshalJSON ¶ added in v1.56.0
MarshalJSON marshals the MapClaims struct
func (*MapClaims) SetAccessKey ¶ added in v1.56.0
SetAccessKey sets access key as jwt subject and custom "accessKey" field.
func (*MapClaims) Valid ¶ added in v1.56.0
Valid - implements https://godoc.org/github.com/golang-jwt/jwt#Claims compatible claims interface, additionally validates "accessKey" fields.
type Object ¶
type Object struct {
// contains filtered or unexported fields
}
Object describes a s3 object
func (*Object) ModTime ¶
ModTime returns the modification time of the object
It attempts to read the objects mtime and if that isn't present the LastModified returned in the http headers
func (*Object) Open ¶
func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.ReadCloser, err error)
Open an object for read
func (*Object) SetModTime ¶
SetModTime sets the modification time of the local fs object
type Options ¶
type Options struct { Provider string `config:"provider"` EnvAuth bool `config:"env_auth"` Account string `config:"account"` // Add account option UseOidcAgent bool `config:"oidc_agent"` // Add oidc-agent option AccessKeyID string `config:"access_key_id"` SecretAccessKey string `config:"secret_access_key"` Region string `config:"region"` Endpoint string `config:"endpoint"` LocationConstraint string `config:"location_constraint"` ACL string `config:"acl"` BucketACL string `config:"bucket_acl"` RequesterPays bool `config:"requester_pays"` ServerSideEncryption string `config:"server_side_encryption"` SSEKMSKeyID string `config:"sse_kms_key_id"` SSECustomerAlgorithm string `config:"sse_customer_algorithm"` SSECustomerKey string `config:"sse_customer_key"` SSECustomerKeyMD5 string `config:"sse_customer_key_md5"` StorageClass string `config:"storage_class"` UploadCutoff fs.SizeSuffix `config:"upload_cutoff"` CopyCutoff fs.SizeSuffix `config:"copy_cutoff"` ChunkSize fs.SizeSuffix `config:"chunk_size"` MaxUploadParts int64 `config:"max_upload_parts"` DisableChecksum bool `config:"disable_checksum"` Profile string `config:"profile"` SessionToken string `config:"session_token"` UploadConcurrency int `config:"upload_concurrency"` ForcePathStyle bool `config:"force_path_style"` V2Auth bool `config:"v2_auth"` UseAccelerateEndpoint bool `config:"use_accelerate_endpoint"` LeavePartsOnError bool `config:"leave_parts_on_error"` ListChunk int64 `config:"list_chunk"` NoCheckBucket bool `config:"no_check_bucket"` NoHead bool `config:"no_head"` NoHeadObject bool `config:"no_head_object"` Enc encoder.MultiEncoder `config:"encoding"` MemoryPoolFlushTime fs.Duration `config:"memory_pool_flush_time"` MemoryPoolUseMmap bool `config:"memory_pool_use_mmap"` DisableHTTP2 bool `config:"disable_http2"` }
Options defines the configuration for this backend
type SigningMethodHMAC ¶ added in v1.56.0
SigningMethodHMAC - Implements the HMAC-SHA family of signing methods signing methods Expects key type of []byte for both signing and validation
var ( SigningMethodHS256 *SigningMethodHMAC SigningMethodHS384 *SigningMethodHMAC SigningMethodHS512 *SigningMethodHMAC )
Specific instances for HS256, HS384, HS512
func ParseUnverifiedMapClaims ¶ added in v1.56.0
func ParseUnverifiedMapClaims(tokenString string, claims *MapClaims, buf []byte) (*SigningMethodHMAC, error)
ParseUnverifiedMapClaims - WARNING: Don't use this method unless you know what you're doing
This method parses the token but doesn't validate the signature. It's only ever useful in cases where you know the signature is valid (because it has been checked previously in the stack) and you want to extract values from it.
func ParseUnverifiedStandardClaims ¶ added in v1.56.0
func ParseUnverifiedStandardClaims(tokenString string, claims *StandardClaims, buf []byte) (*SigningMethodHMAC, error)
ParseUnverifiedStandardClaims - WARNING: Don't use this method unless you know what you're doing
This method parses the token but doesn't validate the signature. It's only ever useful in cases where you know the signature is valid (because it has been checked previously in the stack) and you want to extract values from it.
type StandardClaims ¶ added in v1.56.0
type StandardClaims struct { AccessKey string `json:"accessKey,omitempty"` jwtgo.StandardClaims }
StandardClaims are basically standard claims with "accessKey"
func NewStandardClaims ¶ added in v1.56.0
func NewStandardClaims() *StandardClaims
NewStandardClaims - initializes standard claims
func (*StandardClaims) SetAccessKey ¶ added in v1.56.0
func (c *StandardClaims) SetAccessKey(accessKey string)
SetAccessKey sets access key as jwt subject and custom "accessKey" field.
func (*StandardClaims) SetAudience ¶ added in v1.56.0
func (c *StandardClaims) SetAudience(aud string)
SetAudience sets audience for these claims
func (*StandardClaims) SetExpiry ¶ added in v1.56.0
func (c *StandardClaims) SetExpiry(t time.Time)
SetExpiry sets expiry in unix epoch secs
func (*StandardClaims) SetIssuer ¶ added in v1.56.0
func (c *StandardClaims) SetIssuer(issuer string)
SetIssuer sets issuer for these claims
func (*StandardClaims) Valid ¶ added in v1.56.0
func (c *StandardClaims) Valid() error
Valid - implements https://godoc.org/github.com/golang-jwt/jwt#Claims compatible claims interface, additionally validates "accessKey" fields.
type WebIdentityResult ¶
type WebIdentityResult struct { AssumedRoleUser AssumedRoleUser `xml:",omitempty"` Audience string `xml:",omitempty"` // Ref: https://github.com/minio/minio/blob/master/internal/auth/credentials.go#L96 Credentials Credentials `xml:",omitempty"` PackedPolicySize int `xml:",omitempty"` Provider string `xml:",omitempty"` SubjectFromWebIdentityToken string `xml:",omitempty"` }
WebIdentityResult - Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary credentials that can be used to make MinIO API requests.