2011-03-28 02:00:44 +00:00
|
|
|
{- Amazon S3 remotes.
|
|
|
|
-
|
|
|
|
- Copyright 2011 Joey Hess <joey@kitenet.net>
|
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
2011-03-29 03:51:07 +00:00
|
|
|
module Remote.S3 (remote) where
|
2011-03-28 02:00:44 +00:00
|
|
|
|
2011-03-29 21:20:22 +00:00
|
|
|
import Control.Exception.Extensible (IOException)
|
2011-03-28 05:32:47 +00:00
|
|
|
import Network.AWS.AWSConnection
|
|
|
|
import Network.AWS.S3Object
|
2011-04-21 14:31:54 +00:00
|
|
|
import Network.AWS.S3Bucket hiding (size)
|
2011-03-28 05:32:47 +00:00
|
|
|
import Network.AWS.AWSResult
|
|
|
|
import qualified Data.ByteString.Lazy.Char8 as L
|
2011-03-29 17:49:54 +00:00
|
|
|
import qualified Data.Map as M
|
2011-03-29 20:21:21 +00:00
|
|
|
import Data.Maybe
|
2011-05-01 18:05:10 +00:00
|
|
|
import Control.Monad (when, liftM)
|
2011-03-28 05:32:47 +00:00
|
|
|
import Control.Monad.State (liftIO)
|
|
|
|
import System.Environment
|
2011-04-21 14:31:54 +00:00
|
|
|
import System.Posix.Files
|
2011-03-28 02:00:44 +00:00
|
|
|
|
|
|
|
import RemoteClass
|
|
|
|
import Types
|
|
|
|
import qualified GitRepo as Git
|
|
|
|
import qualified Annex
|
|
|
|
import UUID
|
2011-03-29 20:21:21 +00:00
|
|
|
import Messages
|
2011-03-29 21:57:20 +00:00
|
|
|
import Locations
|
2011-03-30 19:15:46 +00:00
|
|
|
import Config
|
2011-03-30 18:00:54 +00:00
|
|
|
import Remote.Special
|
2011-04-17 04:40:23 +00:00
|
|
|
import Remote.Encryptable
|
2011-04-17 15:01:34 +00:00
|
|
|
import Crypto
|
2011-04-21 14:31:54 +00:00
|
|
|
import Key
|
2011-04-28 00:06:07 +00:00
|
|
|
import Content
|
2011-03-28 02:00:44 +00:00
|
|
|
|
2011-03-29 03:51:07 +00:00
|
|
|
remote :: RemoteType Annex
|
2011-03-29 18:55:59 +00:00
|
|
|
remote = RemoteType {
|
|
|
|
typename = "S3",
|
2011-03-30 18:00:54 +00:00
|
|
|
enumerate = findSpecialRemotes "s3",
|
|
|
|
generate = gen,
|
2011-03-29 18:55:59 +00:00
|
|
|
setup = s3Setup
|
|
|
|
}
|
2011-03-29 03:51:07 +00:00
|
|
|
|
2011-04-15 19:09:36 +00:00
|
|
|
gen :: Git.Repo -> UUID -> Maybe RemoteConfig -> Annex (Remote Annex)
|
2011-03-30 19:15:46 +00:00
|
|
|
gen r u c = do
|
|
|
|
cst <- remoteCost r expensiveRemoteCost
|
2011-05-01 18:05:10 +00:00
|
|
|
c' <- s3GetCreds c
|
|
|
|
return $ gen' r u c' cst
|
2011-04-17 15:01:34 +00:00
|
|
|
gen' :: Git.Repo -> UUID -> Maybe RemoteConfig -> Int -> Remote Annex
|
2011-05-01 18:05:10 +00:00
|
|
|
gen' r u c cst = do
|
2011-04-17 15:01:34 +00:00
|
|
|
encryptableRemote c
|
|
|
|
(storeEncrypted this)
|
|
|
|
(retrieveEncrypted this)
|
|
|
|
this
|
2011-03-29 21:57:20 +00:00
|
|
|
where
|
2011-04-17 15:01:34 +00:00
|
|
|
this = Remote {
|
2011-03-29 21:57:20 +00:00
|
|
|
uuid = u,
|
|
|
|
cost = cst,
|
|
|
|
name = Git.repoDescribe r,
|
2011-04-17 15:01:34 +00:00
|
|
|
storeKey = store this,
|
|
|
|
retrieveKeyFile = retrieve this,
|
|
|
|
removeKey = remove this,
|
|
|
|
hasKey = checkPresent this,
|
2011-03-29 21:57:20 +00:00
|
|
|
hasKeyCheap = False,
|
|
|
|
config = c
|
|
|
|
}
|
2011-03-28 05:32:47 +00:00
|
|
|
|
2011-04-15 19:09:36 +00:00
|
|
|
s3Setup :: UUID -> RemoteConfig -> Annex RemoteConfig
|
2011-03-29 18:55:59 +00:00
|
|
|
s3Setup u c = do
|
2011-03-29 20:21:21 +00:00
|
|
|
-- verify configuration is sane
|
2011-04-16 17:25:27 +00:00
|
|
|
c' <- encryptionSetup c
|
2011-05-01 18:05:10 +00:00
|
|
|
c'' <- liftM fromJust (s3GetCreds $ Just c')
|
|
|
|
let fullconfig = M.union c'' defaults
|
2011-03-29 20:21:21 +00:00
|
|
|
|
2011-03-29 21:20:22 +00:00
|
|
|
-- check bucket location to see if the bucket exists, and create it
|
2011-03-29 20:21:21 +00:00
|
|
|
let datacenter = fromJust $ M.lookup "datacenter" fullconfig
|
2011-03-30 19:25:59 +00:00
|
|
|
conn <- s3ConnectionRequired fullconfig
|
2011-03-29 20:21:21 +00:00
|
|
|
showNote "checking bucket"
|
|
|
|
loc <- liftIO $ getBucketLocation conn bucket
|
|
|
|
case loc of
|
|
|
|
Right _ -> return ()
|
2011-04-19 18:45:19 +00:00
|
|
|
Left err@(NetworkError _) -> s3Error err
|
2011-03-29 20:21:21 +00:00
|
|
|
Left (AWSError _ _) -> do
|
2011-03-29 21:20:22 +00:00
|
|
|
showNote $ "creating bucket in " ++ datacenter
|
2011-03-29 20:21:21 +00:00
|
|
|
res <- liftIO $ createBucketIn conn bucket datacenter
|
|
|
|
case res of
|
|
|
|
Right _ -> return ()
|
2011-04-19 18:45:19 +00:00
|
|
|
Left err -> s3Error err
|
2011-03-29 20:21:21 +00:00
|
|
|
|
2011-03-30 18:32:08 +00:00
|
|
|
gitConfigSpecialRemote u fullconfig "s3" "true"
|
2011-05-01 18:05:10 +00:00
|
|
|
s3SetCreds fullconfig
|
2011-03-29 20:21:21 +00:00
|
|
|
where
|
2011-03-29 21:20:22 +00:00
|
|
|
remotename = fromJust (M.lookup "name" c)
|
|
|
|
bucket = remotename ++ "-" ++ u
|
2011-03-29 20:21:21 +00:00
|
|
|
defaults = M.fromList
|
|
|
|
[ ("datacenter", "US")
|
|
|
|
, ("storageclass", "STANDARD")
|
|
|
|
, ("host", defaultAmazonS3Host)
|
|
|
|
, ("port", show defaultAmazonS3Port)
|
|
|
|
, ("bucket", bucket)
|
|
|
|
]
|
|
|
|
|
2011-03-30 18:00:54 +00:00
|
|
|
store :: Remote Annex -> Key -> Annex Bool
|
2011-04-19 18:45:19 +00:00
|
|
|
store r k = s3Action r False $ \(conn, bucket) -> do
|
2011-04-19 20:31:35 +00:00
|
|
|
g <- Annex.gitRepo
|
2011-04-21 14:31:54 +00:00
|
|
|
res <- liftIO $ storeHelper (conn, bucket) r k $ gitAnnexLocation g k
|
2011-04-19 18:45:19 +00:00
|
|
|
s3Bool res
|
2011-04-17 15:01:34 +00:00
|
|
|
|
|
|
|
storeEncrypted :: Remote Annex -> (Cipher, Key) -> Key -> Annex Bool
|
2011-04-28 00:06:07 +00:00
|
|
|
storeEncrypted r (cipher, enck) k = s3Action r False $ \(conn, bucket) ->
|
2011-04-21 14:31:54 +00:00
|
|
|
-- To get file size of the encrypted content, have to use a temp file.
|
|
|
|
-- (An alternative would be chunking to to a constant size.)
|
2011-04-28 00:06:07 +00:00
|
|
|
withTmp enck $ \tmp -> do
|
|
|
|
g <- Annex.gitRepo
|
|
|
|
let f = gitAnnexLocation g k
|
|
|
|
liftIO $ withEncryptedContent cipher (L.readFile f) $ \s -> L.writeFile tmp s
|
|
|
|
res <- liftIO $ storeHelper (conn, bucket) r enck tmp
|
|
|
|
s3Bool res
|
2011-04-17 15:01:34 +00:00
|
|
|
|
2011-04-21 14:31:54 +00:00
|
|
|
storeHelper :: (AWSConnection, String) -> Remote Annex -> Key -> FilePath -> IO (AWSResult ())
|
|
|
|
storeHelper (conn, bucket) r k file = do
|
|
|
|
content <- liftIO $ L.readFile file
|
|
|
|
-- size is provided to S3 so the whole content does not need to be
|
|
|
|
-- buffered to calculate it
|
|
|
|
size <- case keySize k of
|
|
|
|
Just s -> return $ fromIntegral s
|
|
|
|
Nothing -> do
|
|
|
|
s <- liftIO $ getFileStatus file
|
|
|
|
return $ fileSize s
|
|
|
|
let object = setStorageClass storageclass $
|
|
|
|
S3Object bucket (show k) ""
|
|
|
|
[("Content-Length",(show size))] content
|
2011-04-19 18:45:19 +00:00
|
|
|
sendObject conn object
|
2011-03-29 20:21:21 +00:00
|
|
|
where
|
2011-03-29 21:20:22 +00:00
|
|
|
storageclass =
|
|
|
|
case fromJust $ M.lookup "storageclass" $ fromJust $ config r of
|
|
|
|
"REDUCED_REDUNDANCY" -> REDUCED_REDUNDANCY
|
|
|
|
_ -> STANDARD
|
2011-03-29 22:09:22 +00:00
|
|
|
|
2011-03-30 18:00:54 +00:00
|
|
|
retrieve :: Remote Annex -> Key -> FilePath -> Annex Bool
|
2011-04-19 18:45:19 +00:00
|
|
|
retrieve r k f = s3Action r False $ \(conn, bucket) -> do
|
2011-04-21 14:31:54 +00:00
|
|
|
res <- liftIO $ getObject conn $ bucketKey bucket k
|
2011-03-29 22:09:22 +00:00
|
|
|
case res of
|
|
|
|
Right o -> do
|
2011-04-19 18:45:19 +00:00
|
|
|
liftIO $ L.writeFile f $ obj_data o
|
2011-03-29 22:09:22 +00:00
|
|
|
return True
|
2011-04-19 18:45:19 +00:00
|
|
|
Left e -> s3Warning e
|
|
|
|
|
|
|
|
retrieveEncrypted :: Remote Annex -> (Cipher, Key) -> FilePath -> Annex Bool
|
|
|
|
retrieveEncrypted r (cipher, enck) f = s3Action r False $ \(conn, bucket) -> do
|
2011-04-21 14:31:54 +00:00
|
|
|
res <- liftIO $ getObject conn $ bucketKey bucket enck
|
2011-04-19 18:45:19 +00:00
|
|
|
case res of
|
|
|
|
Right o -> liftIO $
|
2011-04-19 19:26:50 +00:00
|
|
|
withDecryptedContent cipher (return $ obj_data o) $ \content -> do
|
2011-04-19 18:45:19 +00:00
|
|
|
L.writeFile f content
|
|
|
|
return True
|
|
|
|
Left e -> s3Warning e
|
|
|
|
|
2011-03-30 18:00:54 +00:00
|
|
|
remove :: Remote Annex -> Key -> Annex Bool
|
2011-03-30 19:25:59 +00:00
|
|
|
remove r k = s3Action r False $ \(conn, bucket) -> do
|
2011-04-21 14:31:54 +00:00
|
|
|
res <- liftIO $ deleteObject conn $ bucketKey bucket k
|
2011-04-19 18:50:09 +00:00
|
|
|
s3Bool res
|
|
|
|
|
|
|
|
checkPresent :: Remote Annex -> Key -> Annex (Either IOException Bool)
|
|
|
|
checkPresent r k = s3Action r noconn $ \(conn, bucket) -> do
|
|
|
|
showNote ("checking " ++ name r ++ "...")
|
2011-04-21 14:31:54 +00:00
|
|
|
res <- liftIO $ getObjectInfo conn $ bucketKey bucket k
|
2011-03-29 22:21:05 +00:00
|
|
|
case res of
|
2011-04-19 18:50:09 +00:00
|
|
|
Right _ -> return $ Right True
|
|
|
|
Left (AWSError _ _) -> return $ Right False
|
|
|
|
Left e -> return $ Left (s3Error e)
|
|
|
|
where
|
|
|
|
noconn = Left $ error "S3 not configured"
|
2011-04-19 18:45:19 +00:00
|
|
|
|
|
|
|
s3Warning :: ReqError -> Annex Bool
|
|
|
|
s3Warning e = do
|
|
|
|
warning $ prettyReqError e
|
|
|
|
return False
|
|
|
|
|
|
|
|
s3Error :: ReqError -> a
|
|
|
|
s3Error e = error $ prettyReqError e
|
|
|
|
|
|
|
|
s3Bool :: AWSResult () -> Annex Bool
|
|
|
|
s3Bool res = do
|
|
|
|
case res of
|
|
|
|
Right _ -> return True
|
|
|
|
Left e -> s3Warning e
|
2011-04-19 18:50:09 +00:00
|
|
|
|
2011-05-01 18:05:10 +00:00
|
|
|
s3Action :: Remote Annex -> a -> ((AWSConnection, String) -> Annex a) -> Annex a
|
|
|
|
s3Action r noconn action = do
|
|
|
|
when (config r == Nothing) $
|
|
|
|
error $ "Missing configuration for special remote " ++ name r
|
|
|
|
let bucket = M.lookup "bucket" $ fromJust $ config r
|
|
|
|
conn <- s3Connection $ fromJust $ config r
|
|
|
|
case (bucket, conn) of
|
|
|
|
(Just b, Just c) -> action (c, b)
|
|
|
|
_ -> return noconn
|
|
|
|
|
|
|
|
bucketKey :: String -> Key -> S3Object
|
|
|
|
bucketKey bucket k = S3Object bucket (show k) "" [] L.empty
|
|
|
|
|
2011-04-19 18:50:09 +00:00
|
|
|
s3ConnectionRequired :: RemoteConfig -> Annex AWSConnection
|
|
|
|
s3ConnectionRequired c = do
|
|
|
|
conn <- s3Connection c
|
|
|
|
case conn of
|
|
|
|
Nothing -> error "Cannot connect to S3"
|
|
|
|
Just conn' -> return conn'
|
|
|
|
|
|
|
|
s3Connection :: RemoteConfig -> Annex (Maybe AWSConnection)
|
|
|
|
s3Connection c = do
|
2011-05-01 18:05:10 +00:00
|
|
|
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of
|
|
|
|
(Just ak, Just sk) -> return $ Just $ AWSConnection host port ak sk
|
|
|
|
_ -> do
|
|
|
|
warning $ "Set both " ++ s3AccessKey ++ " and " ++ s3SecretKey ++ " to use S3"
|
2011-04-19 18:50:09 +00:00
|
|
|
return Nothing
|
|
|
|
where
|
|
|
|
host = fromJust $ (M.lookup "host" c)
|
|
|
|
port = let s = fromJust $ (M.lookup "port" c) in
|
|
|
|
case reads s of
|
|
|
|
[(p, _)] -> p
|
|
|
|
_ -> error $ "bad S3 port value: " ++ s
|
2011-05-01 18:05:10 +00:00
|
|
|
|
|
|
|
{- S3 creds come from the environment if set.
|
|
|
|
- Otherwise, might be stored encrypted in the remote's config. -}
|
|
|
|
s3GetCreds :: Maybe RemoteConfig -> Annex (Maybe RemoteConfig)
|
|
|
|
s3GetCreds Nothing = return Nothing
|
|
|
|
s3GetCreds (Just c) = do
|
|
|
|
ak <- getEnvKey s3AccessKey
|
|
|
|
sk <- getEnvKey s3SecretKey
|
|
|
|
if (null ak || null sk)
|
|
|
|
then do
|
|
|
|
mcipher <- remoteCipher c
|
|
|
|
case (M.lookup "s3creds" c, mcipher) of
|
|
|
|
(Just encrypted, Just cipher) -> do
|
|
|
|
s <- liftIO $ withDecryptedContent cipher
|
|
|
|
(return $ L.pack $ fromB64 encrypted)
|
|
|
|
(return . L.unpack)
|
|
|
|
let line = lines s
|
|
|
|
creds (line !! 0) (line !! 1)
|
|
|
|
_ -> return $ Just c
|
|
|
|
else creds ak sk
|
|
|
|
where
|
2011-04-19 18:50:09 +00:00
|
|
|
getEnvKey s = liftIO $ catch (getEnv s) (const $ return "")
|
2011-05-01 18:05:10 +00:00
|
|
|
creds ak sk = return $ Just $ M.insert s3AccessKey ak $ M.insert s3SecretKey sk c
|
2011-04-19 18:50:09 +00:00
|
|
|
|
2011-05-01 18:05:10 +00:00
|
|
|
{- Stores S3 creds encrypted in the remote's config if possible. -}
|
|
|
|
s3SetCreds :: RemoteConfig -> Annex RemoteConfig
|
|
|
|
s3SetCreds c = do
|
|
|
|
let cleanconfig = M.delete s3AccessKey $ M.delete s3SecretKey c
|
|
|
|
case (M.lookup s3AccessKey c, M.lookup s3SecretKey c) of
|
|
|
|
(Just ak, Just sk) -> do
|
|
|
|
mcipher <- remoteCipher c
|
|
|
|
case mcipher of
|
|
|
|
Just cipher -> do
|
|
|
|
s <- liftIO $ withEncryptedContent cipher
|
|
|
|
(return $ L.pack $ unlines [ak, sk])
|
|
|
|
(return . L.unpack)
|
|
|
|
return $ M.insert "s3creds" (toB64 s) cleanconfig
|
|
|
|
Nothing -> return cleanconfig
|
|
|
|
_ -> return cleanconfig
|
2011-04-19 18:50:09 +00:00
|
|
|
|
2011-05-01 18:05:10 +00:00
|
|
|
s3AccessKey :: String
|
|
|
|
s3AccessKey = "AWS_ACCESS_KEY_ID"
|
|
|
|
s3SecretKey :: String
|
|
|
|
s3SecretKey = "AWS_SECRET_ACCESS_KEY"
|