Add domain and subdomain support for MinioAPI

This change brings in domain and subdomain support

   - ./minio --domain "yourminiodomain.com"

This change brings in a much needed feature by keeping
bucketnames as part of your 'DNS' name.

All your existing applications can be migrated off from s3 to
Minio without little to no modifications.

NOTE: Setting up DNS for your `buckets` is out of scope of this feature
master
Harshavardhana 10 years ago
parent 2d3b00b831
commit 51e80eaa6d
  1. 8
      main.go
  2. 24
      pkg/api/minioapi/api_test.go
  3. 105
      pkg/api/minioapi/bucket_handlers.go
  4. 5
      pkg/api/minioapi/headers.go
  5. 56
      pkg/api/minioapi/muxer.go
  6. 6
      pkg/api/minioapi/object_handlers.go
  7. 112
      pkg/api/minioapi/policy_handlers.go
  8. 2
      pkg/httpserver/httpserver.go
  9. 3
      pkg/server/server.go
  10. 16
      pkg/storage/fs/fs.go
  11. 3
      pkg/storage/storage.go
  12. 25
      pkg/utils/crypto/signers/signers.go
  13. 13
      pkg/utils/policy/policy.go

@ -41,6 +41,7 @@ func getStorageType(input string) server.StorageType {
func runCmd(c *cli.Context) {
storageTypeStr := c.String("storage-type")
domain := c.String("domain")
apiaddress := c.String("api-address")
webaddress := c.String("web-address")
certFile := c.String("cert")
@ -52,6 +53,7 @@ func runCmd(c *cli.Context) {
storageType := getStorageType(storageTypeStr)
var serverConfigs []server.ServerConfig
apiServerConfig := server.ServerConfig{
Domain: domain,
Address: apiaddress,
Tls: tls,
CertFile: certFile,
@ -61,6 +63,7 @@ func runCmd(c *cli.Context) {
},
}
webUiServerConfig := server.ServerConfig{
Domain: domain,
Address: webaddress,
Tls: false,
CertFile: "",
@ -79,6 +82,11 @@ func main() {
app.Name = "minio"
app.Usage = ""
app.Flags = []cli.Flag{
cli.StringFlag{
Name: "domain,d",
Value: "",
Usage: "address for incoming API requests",
},
cli.StringFlag{
Name: "api-address,a",
Value: ":9000",

@ -40,7 +40,7 @@ var _ = Suite(&MySuite{})
func (s *MySuite) TestNonExistantObject(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -52,7 +52,7 @@ func (s *MySuite) TestNonExistantObject(c *C) {
func (s *MySuite) TestEmptyObject(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -77,7 +77,7 @@ func (s *MySuite) TestEmptyObject(c *C) {
func (s *MySuite) TestObject(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -100,7 +100,7 @@ func (s *MySuite) TestObject(c *C) {
func (s *MySuite) TestMultipleObjects(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -180,7 +180,7 @@ func (s *MySuite) TestMultipleObjects(c *C) {
func (s *MySuite) TestNotImplemented(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -191,7 +191,7 @@ func (s *MySuite) TestNotImplemented(c *C) {
func (s *MySuite) TestHeader(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -214,7 +214,7 @@ func (s *MySuite) TestHeader(c *C) {
func (s *MySuite) TestPutBucket(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -239,7 +239,7 @@ func (s *MySuite) TestPutBucket(c *C) {
func (s *MySuite) TestPutObject(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -289,7 +289,7 @@ func (s *MySuite) TestPutObject(c *C) {
func (s *MySuite) TestListBuckets(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -368,7 +368,7 @@ func verifyHeaders(c *C, header http.Header, date time.Time, size int, contentTy
func (s *MySuite) TestXMLNameNotInBucketListJson(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -393,7 +393,7 @@ func (s *MySuite) TestXMLNameNotInBucketListJson(c *C) {
func (s *MySuite) TestXMLNameNotInObjectListJson(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()
@ -418,7 +418,7 @@ func (s *MySuite) TestXMLNameNotInObjectListJson(c *C) {
func (s *MySuite) TestContentTypePersists(c *C) {
_, _, storage := inmemory.Start()
httpHandler := HttpHandler(storage)
httpHandler := HttpHandler("", storage)
testServer := httptest.NewServer(httpHandler)
defer testServer.Close()

@ -1,116 +1,13 @@
package minioapi
import (
"encoding/json"
"log"
"net/http"
"github.com/gorilla/mux"
mstorage "github.com/minio-io/minio/pkg/storage"
"github.com/minio-io/minio/pkg/utils/policy"
)
func (server *minioApi) putBucketPolicyHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
bucket := vars["bucket"]
acceptsContentType := getContentType(req)
policy, ok := policy.Parsepolicy(req.Body)
if ok == false {
error := errorCodeError(InvalidPolicyDocument)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
return
}
err := server.storage.StoreBucketPolicy(bucket, policy)
switch err := err.(type) {
case nil:
{
w.WriteHeader(http.StatusNoContent)
writeCommonHeaders(w, getContentString(acceptsContentType))
w.Header().Set("Connection", "keep-alive")
}
case mstorage.BucketNameInvalid:
{
error := errorCodeError(InvalidBucketName)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketNotFound:
{
error := errorCodeError(NoSuchBucket)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BackendCorrupted:
case mstorage.ImplementationError:
{
log.Println(err)
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
}
}
func (server *minioApi) getBucketPolicyHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
bucket := vars["bucket"]
acceptsContentType := getContentType(req)
p, err := server.storage.GetBucketPolicy(bucket)
switch err := err.(type) {
case nil:
{
responsePolicy, ret := json.Marshal(p)
if ret != nil {
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
writeCommonHeaders(w, getContentString(acceptsContentType))
w.Header().Set("Connection", "keep-alive")
w.Write(responsePolicy)
}
case mstorage.BucketNameInvalid:
{
error := errorCodeError(InvalidBucketName)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketNotFound:
{
error := errorCodeError(NoSuchBucket)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketPolicyNotFound:
{
error := errorCodeError(NoSuchBucketPolicy)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BackendCorrupted:
case mstorage.ImplementationError:
{
log.Println(err)
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
}
}
func (server *minioApi) listObjectsHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
bucket := vars["bucket"]
@ -224,7 +121,7 @@ func (server *minioApi) putBucketHandler(w http.ResponseWriter, req *http.Reques
}
case mstorage.ImplementationError:
{
// Embed errors log on serve side
// Embed errors log on server side
log.Println(err)
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)

@ -27,6 +27,11 @@ import (
mstorage "github.com/minio-io/minio/pkg/storage"
)
// No encoder interface exists, so we create one.
type encoder interface {
Encode(v interface{}) error
}
// Write Common Header helpers
func writeCommonHeaders(w http.ResponseWriter, acceptsType string) {
w.Header().Set("Server", "Minio")

@ -20,7 +20,7 @@ import (
"log"
"net/http"
"github.com/gorilla/mux"
x "github.com/gorilla/mux"
mstorage "github.com/minio-io/minio/pkg/storage"
"github.com/minio-io/minio/pkg/utils/config"
)
@ -30,30 +30,60 @@ const (
)
type minioApi struct {
domain string
storage mstorage.Storage
}
// No encoder interface exists, so we create one.
type encoder interface {
Encode(v interface{}) error
func pathMux(api minioApi, mux *x.Router) *x.Router {
mux.HandleFunc("/", api.listBucketsHandler).Methods("GET")
mux.HandleFunc("/{bucket}", api.listObjectsHandler).Methods("GET")
mux.HandleFunc("/{bucket}", api.putBucketHandler).Methods("PUT")
mux.HandleFunc("/{bucket}/{object:.*}", api.getObjectHandler).Methods("GET")
mux.HandleFunc("/{bucket}/{object:.*}", api.headObjectHandler).Methods("HEAD")
mux.HandleFunc("/{bucket}/{object:.*}", api.putObjectHandler).Methods("PUT")
return mux
}
func domainMux(api minioApi, mux *x.Router) *x.Router {
mux.HandleFunc("/",
api.listObjectsHandler).Host("{bucket}" + "." + api.domain).Methods("GET")
mux.HandleFunc("/{object:.*}",
api.getObjectHandler).Host("{bucket}" + "." + api.domain).Methods("GET")
mux.HandleFunc("/{object:.*}",
api.headObjectHandler).Host("{bucket}" + "." + api.domain).Methods("HEAD")
mux.HandleFunc("/{object:.*}",
api.putObjectHandler).Host("{bucket}" + "." + api.domain).Methods("PUT")
mux.HandleFunc("/", api.listBucketsHandler).Methods("GET")
mux.HandleFunc("/{bucket}", api.putBucketHandler).Methods("PUT")
return mux
}
func HttpHandler(storage mstorage.Storage) http.Handler {
mux := mux.NewRouter()
func getMux(api minioApi, mux *x.Router) *x.Router {
switch true {
case api.domain == "":
return pathMux(api, mux)
case api.domain != "":
s := mux.Host(api.domain).Subrouter()
return domainMux(api, s)
}
return nil
}
func HttpHandler(domain string, storage mstorage.Storage) http.Handler {
var mux *x.Router
var api = minioApi{}
api.storage = storage
api.domain = domain
r := x.NewRouter()
mux = getMux(api, r)
var conf = config.Config{}
if err := conf.SetupConfig(); err != nil {
log.Fatal(err)
}
mux.HandleFunc("/", api.listBucketsHandler).Methods("GET")
mux.HandleFunc("/{bucket}", api.listObjectsHandler).Methods("GET")
mux.HandleFunc("/{bucket}", api.putBucketHandler).Methods("PUT")
mux.HandleFunc("/{bucket}/{object:.*}", api.getObjectHandler).Methods("GET")
mux.HandleFunc("/{bucket}/{object:.*}", api.headObjectHandler).Methods("HEAD")
mux.HandleFunc("/{bucket}/{object:.*}", api.putObjectHandler).Methods("PUT")
return validateHandler(conf, ignoreResourcesHandler(mux))
}

@ -103,6 +103,12 @@ func (server *minioApi) putObjectHandler(w http.ResponseWriter, req *http.Reques
bucket = vars["bucket"]
object = vars["object"]
resources := getBucketResources(req.URL.Query())
if resources.policy == true && object == "" {
server.putBucketPolicyHandler(w, req)
return
}
err := server.storage.StoreObject(bucket, object, "", req.Body)
switch err := err.(type) {
case nil:

@ -0,0 +1,112 @@
package minioapi
import (
"encoding/json"
"log"
"net/http"
"github.com/gorilla/mux"
mstorage "github.com/minio-io/minio/pkg/storage"
"github.com/minio-io/minio/pkg/utils/policy"
)
func (server *minioApi) putBucketPolicyHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
bucket := vars["bucket"]
acceptsContentType := getContentType(req)
policy, ok := policy.Parsepolicy(req.Body)
if ok == false {
error := errorCodeError(InvalidPolicyDocument)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
return
}
err := server.storage.StoreBucketPolicy(bucket, policy)
switch err := err.(type) {
case nil:
{
w.WriteHeader(http.StatusNoContent)
writeCommonHeaders(w, getContentString(acceptsContentType))
w.Header().Set("Connection", "keep-alive")
}
case mstorage.BucketNameInvalid:
{
error := errorCodeError(InvalidBucketName)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketNotFound:
{
error := errorCodeError(NoSuchBucket)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BackendCorrupted:
case mstorage.ImplementationError:
{
log.Println(err)
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
}
}
func (server *minioApi) getBucketPolicyHandler(w http.ResponseWriter, req *http.Request) {
vars := mux.Vars(req)
bucket := vars["bucket"]
acceptsContentType := getContentType(req)
p, err := server.storage.GetBucketPolicy(bucket)
switch err := err.(type) {
case nil:
{
responsePolicy, ret := json.Marshal(p)
if ret != nil {
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
writeCommonHeaders(w, getContentString(acceptsContentType))
w.Header().Set("Connection", "keep-alive")
w.Write(responsePolicy)
}
case mstorage.BucketNameInvalid:
{
error := errorCodeError(InvalidBucketName)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketNotFound:
{
error := errorCodeError(NoSuchBucket)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BucketPolicyNotFound:
{
error := errorCodeError(NoSuchBucketPolicy)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
case mstorage.BackendCorrupted:
case mstorage.ImplementationError:
{
log.Println(err)
error := errorCodeError(InternalError)
errorResponse := getErrorResponse(error, bucket)
w.WriteHeader(error.HttpStatusCode)
w.Write(writeErrorResponse(w, errorResponse, acceptsContentType))
}
}
}

@ -27,7 +27,7 @@ type HttpServerConfig struct {
TLS bool
CertFile string
KeyFile string
Websocket bool
Websocket bool // implement it - TODO
}
type HttpServer struct{}

@ -31,6 +31,7 @@ import (
)
type ServerConfig struct {
Domain string
Address string
Tls bool
CertFile string
@ -78,7 +79,7 @@ func getHttpChannels(configs []ServerConfig) (ctrlChans []chan<- string, statusC
ctrlChans, statusChans, storage = getStorageChannels(k.StorageType)
// start minio api in a web server, pass storage driver into it
ctrlChan, statusChan, _ = httpserver.Start(minioapi.HttpHandler(storage), httpConfig)
ctrlChan, statusChan, _ = httpserver.Start(minioapi.HttpHandler(config.Domain, storage), httpConfig)
ctrlChans = append(ctrlChans, ctrlChan)
statusChans = append(statusChans, statusChan)

@ -127,14 +127,15 @@ func (storage *storage) GetBucketPolicy(bucket string) (interface{}, error) {
// get policy path
bucketPolicy := path.Join(storage.root, bucket+"_policy.json")
filestat, err := os.Stat(bucketPolicy)
if filestat.IsDir() {
return policy.BucketPolicy{}, mstorage.BackendCorrupted{Path: bucketPolicy}
}
if os.IsNotExist(err) {
return policy.BucketPolicy{}, mstorage.BucketPolicyNotFound{Bucket: bucket}
}
if filestat.IsDir() {
return policy.BucketPolicy{}, mstorage.BackendCorrupted{Path: bucketPolicy}
}
file, err := os.OpenFile(bucketPolicy, os.O_RDONLY, 0666)
defer file.Close()
if err != nil {
@ -170,10 +171,13 @@ func (storage *storage) StoreBucketPolicy(bucket string, policy interface{}) err
// get policy path
bucketPolicy := path.Join(storage.root, bucket+"_policy.json")
filestat, _ := os.Stat(bucketPolicy)
if filestat.IsDir() {
return mstorage.BackendCorrupted{Path: bucketPolicy}
filestat, ret := os.Stat(bucketPolicy)
if !os.IsNotExist(ret) {
if filestat.IsDir() {
return mstorage.BackendCorrupted{Path: bucketPolicy}
}
}
file, err := os.OpenFile(bucketPolicy, os.O_WRONLY|os.O_CREATE, 0600)
defer file.Close()
if err != nil {

@ -61,7 +61,8 @@ func IsValidBucket(bucket string) bool {
if match, _ := regexp.MatchString("\\.\\.", bucket); match == true {
return false
}
match, _ := regexp.MatchString("^[a-zA-Z][a-zA-Z0-9\\.\\-]+[a-zA-Z0-9]$", bucket)
// We don't support buckets with '.' in them
match, _ := regexp.MatchString("^[a-zA-Z][a-zA-Z0-9\\-]+[a-zA-Z0-9]$", bucket)
return match
}

@ -67,9 +67,9 @@ func ValidateRequest(user config.User, req *http.Request) (bool, error) {
encoder.Close()
// DEBUG
//fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
//fmt.Println("Header calculated: ", authHeader.String())
//fmt.Printf("%q : %x", ss, ss)
// fmt.Println("Request header sent: ", req.Header.Get("Authorization"))
// fmt.Println("Header calculated: ", authHeader.String())
// fmt.Printf("%q : %x", ss, ss)
if req.Header.Get("Authorization") != authHeader.String() {
return false, fmt.Errorf("Authorization header mismatch")
}
@ -155,6 +155,11 @@ var subResList = []string{"acl", "lifecycle", "location", "logging", "notificati
// <HTTP-Request-URI, from the protocol name up to the query string> +
// [ sub-resource, if present. For example "?acl", "?location", "?logging", or "?torrent"];
func writeCanonicalizedResource(buf *bytes.Buffer, req *http.Request) {
bucket := bucketFromHostname(req)
if bucket != "" {
buf.WriteByte('/')
buf.WriteString(bucket)
}
buf.WriteString(req.URL.Path)
if req.URL.RawQuery != "" {
n := 0
@ -176,3 +181,17 @@ func writeCanonicalizedResource(buf *bytes.Buffer, req *http.Request) {
}
}
}
func bucketFromHostname(req *http.Request) string {
host := req.Host
if host == "" {
host = req.URL.Host
}
host = strings.TrimSpace(host)
hostParts := strings.Split(host, ".")
if len(hostParts) > 1 {
return hostParts[0]
}
return ""
}

@ -31,8 +31,8 @@ const (
// TODO support canonical user
const (
AwsPrincipal = "arn:aws:iam::Account-ID:user/"
MinioPrincipal = "minio::Account-ID:user/"
AwsPrincipal = "arn:aws:iam::"
MinioPrincipal = "minio::"
)
var SupportedActionMap = map[string]bool{
@ -55,10 +55,13 @@ var SupportedEffectMap = map[string]bool{
func isValidAction(action []string) bool {
var ok bool = false
for _, a := range action {
if SupportedActionMap[a] {
ok = true
if !SupportedActionMap[a] {
goto error
}
}
ok = true
error:
return ok
}
@ -104,6 +107,7 @@ func isValidPrincipal(principal string) bool {
if len(username) == 0 {
ok = false
}
case strings.HasPrefix(principal, MinioPrincipal):
username := strings.SplitAfter(principal, MinioPrincipal)[1]
ok = true
@ -160,6 +164,7 @@ func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
if len(statement.Resource) == 0 {
goto error
}
if !isValidResource(statement.Resource) {
goto error
}

Loading…
Cancel
Save