2013-04-25 21:28:25 +00:00
|
|
|
{- S3 remotes
|
2011-03-28 02:00:44 +00:00
|
|
|
-
|
2019-01-23 17:08:47 +00:00
|
|
|
- Copyright 2011-2019 Joey Hess <id@joeyh.name>
|
2011-03-28 02:00:44 +00:00
|
|
|
-
|
|
|
|
- Licensed under the GNU GPL version 3 or higher.
|
|
|
|
-}
|
|
|
|
|
2014-10-23 19:48:37 +00:00
|
|
|
{-# LANGUAGE TypeFamilies #-}
|
2014-12-19 20:53:25 +00:00
|
|
|
{-# LANGUAGE OverloadedStrings #-}
|
2017-02-13 19:35:24 +00:00
|
|
|
{-# LANGUAGE BangPatterns #-}
|
2014-10-23 20:51:10 +00:00
|
|
|
{-# LANGUAGE CPP #-}
|
2014-10-23 19:48:37 +00:00
|
|
|
|
2014-10-23 19:54:00 +00:00
|
|
|
module Remote.S3 (remote, iaHost, configIA, iaItemUrl) where
|
2011-03-28 02:00:44 +00:00
|
|
|
|
2014-08-08 22:54:04 +00:00
|
|
|
import qualified Aws as AWS
|
|
|
|
import qualified Aws.Core as AWS
|
|
|
|
import qualified Aws.S3 as S3
|
2012-12-01 18:11:37 +00:00
|
|
|
import qualified Data.Text as T
|
2014-05-28 00:31:25 +00:00
|
|
|
import qualified Data.Text.Encoding as T
|
|
|
|
import qualified Data.ByteString.Lazy as L
|
2018-08-31 17:12:58 +00:00
|
|
|
import qualified Data.ByteString as BS
|
2019-01-07 19:51:05 +00:00
|
|
|
import qualified Data.ByteString.Char8 as B8
|
2011-03-29 17:49:54 +00:00
|
|
|
import qualified Data.Map as M
|
2018-08-31 17:12:58 +00:00
|
|
|
import qualified Data.Set as S
|
2018-09-14 16:25:23 +00:00
|
|
|
import qualified System.FilePath.Posix as Posix
|
2011-05-16 15:20:30 +00:00
|
|
|
import Data.Char
|
2019-01-23 17:08:47 +00:00
|
|
|
import Data.String
|
2013-04-25 17:14:49 +00:00
|
|
|
import Network.Socket (HostName)
|
2018-04-04 19:15:12 +00:00
|
|
|
import Network.HTTP.Conduit (Manager)
|
2017-08-17 15:00:48 +00:00
|
|
|
import Network.HTTP.Client (responseStatus, responseBody, RequestBody(..))
|
2014-08-08 22:54:04 +00:00
|
|
|
import Network.HTTP.Types
|
|
|
|
import Control.Monad.Trans.Resource
|
|
|
|
import Control.Monad.Catch
|
2014-12-19 20:53:25 +00:00
|
|
|
import Data.IORef
|
2015-04-21 19:55:42 +00:00
|
|
|
import System.Log.Logger
|
2011-03-28 02:00:44 +00:00
|
|
|
|
2016-01-20 20:36:33 +00:00
|
|
|
import Annex.Common
|
2011-06-02 01:56:04 +00:00
|
|
|
import Types.Remote
|
2017-09-15 20:34:45 +00:00
|
|
|
import Types.Export
|
2017-09-19 18:20:47 +00:00
|
|
|
import Annex.Export
|
2011-06-30 17:16:57 +00:00
|
|
|
import qualified Git
|
2011-03-30 19:15:46 +00:00
|
|
|
import Config
|
2013-03-13 20:16:01 +00:00
|
|
|
import Config.Cost
|
2011-08-17 00:49:54 +00:00
|
|
|
import Remote.Helper.Special
|
2014-08-09 18:23:54 +00:00
|
|
|
import Remote.Helper.Http
|
2015-08-17 14:42:14 +00:00
|
|
|
import Remote.Helper.Messages
|
2017-09-01 17:02:07 +00:00
|
|
|
import Remote.Helper.Export
|
2012-11-20 20:43:58 +00:00
|
|
|
import qualified Remote.Helper.AWS as AWS
|
2012-11-14 23:32:27 +00:00
|
|
|
import Creds
|
2013-09-07 22:38:00 +00:00
|
|
|
import Annex.UUID
|
2019-01-23 17:08:47 +00:00
|
|
|
import Annex.Magic
|
2013-04-25 21:28:25 +00:00
|
|
|
import Logs.Web
|
2018-08-31 17:12:58 +00:00
|
|
|
import Logs.MetaData
|
|
|
|
import Types.MetaData
|
2014-08-09 19:58:01 +00:00
|
|
|
import Utility.Metered
|
2018-07-31 20:29:11 +00:00
|
|
|
import qualified Annex.Url as Url
|
2014-10-28 18:17:30 +00:00
|
|
|
import Utility.DataUnits
|
2015-06-05 20:23:35 +00:00
|
|
|
import Annex.Content
|
|
|
|
import Annex.Url (withUrlOptions)
|
2018-04-04 19:15:12 +00:00
|
|
|
import Utility.Url (checkBoth, UrlOptions(..))
|
2018-09-05 19:53:57 +00:00
|
|
|
import Utility.Env
|
2013-04-25 21:28:25 +00:00
|
|
|
|
2014-08-09 00:29:56 +00:00
|
|
|
type BucketName = String
|
2018-07-31 20:29:11 +00:00
|
|
|
type BucketObject = String
|
2011-03-28 02:00:44 +00:00
|
|
|
|
2012-01-06 03:14:10 +00:00
|
|
|
remote :: RemoteType
|
2017-09-07 17:45:31 +00:00
|
|
|
remote = RemoteType
|
|
|
|
{ typename = "S3"
|
|
|
|
, enumerate = const (findSpecialRemotes "s3")
|
|
|
|
, generate = gen
|
|
|
|
, setup = s3Setup
|
2017-09-08 19:41:31 +00:00
|
|
|
, exportSupported = exportIsSupported
|
2017-09-07 17:45:31 +00:00
|
|
|
}
|
2011-03-29 03:51:07 +00:00
|
|
|
|
2013-09-12 19:54:35 +00:00
|
|
|
gen :: Git.Repo -> UUID -> RemoteConfig -> RemoteGitConfig -> Annex (Maybe Remote)
|
2014-08-10 02:13:03 +00:00
|
|
|
gen r u c gc = do
|
|
|
|
cst <- remoteCost gc expensiveRemoteCost
|
2018-09-06 20:03:15 +00:00
|
|
|
info <- extractS3Info c
|
2019-01-23 17:08:47 +00:00
|
|
|
magic <- liftIO initMagicMimeType
|
|
|
|
return $ new cst info magic
|
2012-11-30 04:55:59 +00:00
|
|
|
where
|
2019-01-23 17:08:47 +00:00
|
|
|
new cst info magic = Just $ specialRemote c
|
|
|
|
(prepareS3Handle this $ store this info magic)
|
2018-09-06 18:31:41 +00:00
|
|
|
(prepareS3HandleMaybe this $ retrieve this c info)
|
2015-06-05 17:09:41 +00:00
|
|
|
(prepareS3Handle this $ remove info)
|
2018-09-06 18:31:41 +00:00
|
|
|
(prepareS3HandleMaybe this $ checkKey this c info)
|
2011-04-17 15:01:34 +00:00
|
|
|
this
|
2012-11-30 04:55:59 +00:00
|
|
|
where
|
2014-12-16 19:26:13 +00:00
|
|
|
this = Remote
|
|
|
|
{ uuid = u
|
|
|
|
, cost = cst
|
|
|
|
, name = Git.repoDescribe r
|
|
|
|
, storeKey = storeKeyDummy
|
|
|
|
, retrieveKeyFile = retreiveKeyFileDummy
|
|
|
|
, retrieveKeyFileCheap = retrieveCheap
|
2018-06-21 15:35:27 +00:00
|
|
|
-- HttpManagerRestricted is used here, so this is
|
|
|
|
-- secure.
|
|
|
|
, retrievalSecurityPolicy = RetrievalAllKeysSecure
|
2014-12-16 19:26:13 +00:00
|
|
|
, removeKey = removeKeyDummy
|
2015-10-08 19:01:38 +00:00
|
|
|
, lockContent = Nothing
|
2014-12-16 19:26:13 +00:00
|
|
|
, checkPresent = checkPresentDummy
|
|
|
|
, checkPresentCheap = False
|
2018-07-31 20:29:11 +00:00
|
|
|
, exportActions = withS3HandleMaybe c gc u $ \mh ->
|
2017-09-12 20:59:04 +00:00
|
|
|
return $ ExportActions
|
2019-01-23 17:08:47 +00:00
|
|
|
{ storeExport = storeExportS3 u info mh magic
|
2018-07-31 20:29:11 +00:00
|
|
|
, retrieveExport = retrieveExportS3 u info mh
|
|
|
|
, removeExport = removeExportS3 u info mh
|
|
|
|
, checkPresentExport = checkPresentExportS3 u info mh
|
2017-09-15 17:15:47 +00:00
|
|
|
-- S3 does not have directories.
|
|
|
|
, removeExportDirectory = Nothing
|
2018-07-31 20:29:11 +00:00
|
|
|
, renameExport = renameExportS3 u info mh
|
2017-09-12 20:59:04 +00:00
|
|
|
}
|
2018-09-06 20:03:15 +00:00
|
|
|
, whereisKey = Just (getPublicWebUrls u info c)
|
2014-12-16 19:26:13 +00:00
|
|
|
, remoteFsck = Nothing
|
|
|
|
, repairRepo = Nothing
|
|
|
|
, config = c
|
2018-06-04 18:31:55 +00:00
|
|
|
, getRepo = return r
|
2014-12-16 19:26:13 +00:00
|
|
|
, gitconfig = gc
|
|
|
|
, localpath = Nothing
|
|
|
|
, readonly = False
|
2018-08-31 14:53:07 +00:00
|
|
|
, appendonly = versioning info
|
2014-12-16 19:26:13 +00:00
|
|
|
, availability = GloballyAvailable
|
|
|
|
, remotetype = remote
|
|
|
|
, mkUnavailable = gen r u (M.insert "host" "!dne!" c) gc
|
2015-06-05 20:23:35 +00:00
|
|
|
, getInfo = includeCredsInfo c (AWS.creds u) (s3Info c info)
|
2014-12-16 19:26:13 +00:00
|
|
|
, claimUrl = Nothing
|
|
|
|
, checkUrl = Nothing
|
|
|
|
}
|
2011-03-28 05:32:47 +00:00
|
|
|
|
2017-02-07 18:35:58 +00:00
|
|
|
s3Setup :: SetupStage -> Maybe UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
s3Setup ss mu mcreds c gc = do
|
2013-09-07 22:38:00 +00:00
|
|
|
u <- maybe (liftIO genUUID) return mu
|
2017-02-07 18:35:58 +00:00
|
|
|
s3Setup' ss u mcreds c gc
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2017-02-07 18:35:58 +00:00
|
|
|
s3Setup' :: SetupStage -> UUID -> Maybe CredPair -> RemoteConfig -> RemoteGitConfig -> Annex (RemoteConfig, UUID)
|
|
|
|
s3Setup' ss u mcreds c gc
|
2016-05-23 21:03:20 +00:00
|
|
|
| configIA c = archiveorg
|
|
|
|
| otherwise = defaulthost
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
|
|
|
remotename = fromJust (M.lookup "name" c)
|
|
|
|
defbucket = remotename ++ "-" ++ fromUUID u
|
|
|
|
defaults = M.fromList
|
2012-12-01 18:11:37 +00:00
|
|
|
[ ("datacenter", T.unpack $ AWS.defaultRegion AWS.S3)
|
2012-11-11 04:51:07 +00:00
|
|
|
, ("storageclass", "STANDARD")
|
2014-08-08 22:54:04 +00:00
|
|
|
, ("host", AWS.s3DefaultHost)
|
|
|
|
, ("port", "80")
|
2012-11-11 04:51:07 +00:00
|
|
|
, ("bucket", defbucket)
|
|
|
|
]
|
2011-05-16 15:20:30 +00:00
|
|
|
|
2012-11-11 04:51:07 +00:00
|
|
|
use fullconfig = do
|
2019-01-29 18:08:42 +00:00
|
|
|
enableBucketVersioning ss fullconfig gc u
|
2018-03-27 16:41:57 +00:00
|
|
|
gitConfigSpecialRemote u fullconfig [("s3", "true")]
|
2014-02-24 19:14:44 +00:00
|
|
|
return (fullconfig, u)
|
2011-05-16 15:20:30 +00:00
|
|
|
|
2012-11-11 04:51:07 +00:00
|
|
|
defaulthost = do
|
2016-05-23 21:27:15 +00:00
|
|
|
(c', encsetup) <- encryptionSetup c gc
|
2016-05-23 21:08:43 +00:00
|
|
|
c'' <- setRemoteCredPair encsetup c' gc (AWS.creds u) mcreds
|
glacier, S3: Fix bug that caused embedded creds to not be encypted using the remote's key.
encryptionSetup must be called before setRemoteCredPair. Otherwise,
the RemoteConfig doesn't have the cipher in it, and so no cipher is used to
encrypt the embedded creds.
This is a security fix for non-shared encryption methods!
For encryption=shared, there's no security problem, just an
inconsistentency in whether the embedded creds are encrypted.
This is very important to get right, so used some types to help ensure that
setRemoteCredPair is only run after encryptionSetup. Note that the external
special remote bypasses the type safety, since creds can be set after the
initial remote config, if the external special remote program requests it.
Also note that IA remotes never use encryption, so encryptionSetup is not
run for them at all, and again the type safety is bypassed.
This leaves two open questions:
1. What to do about S3 and glacier remotes that were set up
using encryption=pubkey/hybrid with embedcreds?
Such a git repo has a security hole embedded in it, and this needs to be
communicated to the user. Is the changelog enough?
2. enableremote won't work in such a repo, because git-annex will
try to decrypt the embedded creds, which are not encrypted, so fails.
This needs to be dealt with, especially for ecryption=shared repos,
which are not really broken, just inconsistently configured.
Noticing that problem for encryption=shared is what led to commit
fbdeeeed5fa276d94be587c8916d725eddcaf546, which tried to
fix the problem by not decrypting the embedded creds.
This commit was sponsored by Josh Taylor.
2014-09-18 21:07:17 +00:00
|
|
|
let fullconfig = c'' `M.union` defaults
|
2017-09-04 16:40:33 +00:00
|
|
|
case ss of
|
|
|
|
Init -> genBucket fullconfig gc u
|
|
|
|
_ -> return ()
|
2012-11-11 04:51:07 +00:00
|
|
|
use fullconfig
|
2011-05-16 15:20:30 +00:00
|
|
|
|
2012-11-11 04:51:07 +00:00
|
|
|
archiveorg = do
|
|
|
|
showNote "Internet Archive mode"
|
2016-05-23 21:08:43 +00:00
|
|
|
c' <- setRemoteCredPair noEncryptionUsed c gc (AWS.creds u) mcreds
|
2013-10-16 20:35:47 +00:00
|
|
|
-- Ensure user enters a valid bucket name, since
|
|
|
|
-- this determines the name of the archive.org item.
|
2015-04-27 22:00:58 +00:00
|
|
|
let validbucket = replace " " "-" $
|
2016-11-16 01:29:54 +00:00
|
|
|
fromMaybe (giveup "specify bucket=") $
|
2014-10-22 21:14:38 +00:00
|
|
|
getBucketName c'
|
2013-10-16 20:35:47 +00:00
|
|
|
let archiveconfig =
|
2014-08-09 01:42:46 +00:00
|
|
|
-- IA acdepts x-amz-* as an alias for x-archive-*
|
2012-11-11 04:51:07 +00:00
|
|
|
M.mapKeys (replace "x-archive-" "x-amz-") $
|
|
|
|
-- encryption does not make sense here
|
|
|
|
M.insert "encryption" "none" $
|
2014-08-10 02:13:03 +00:00
|
|
|
M.insert "bucket" validbucket $
|
2014-10-12 17:15:52 +00:00
|
|
|
M.union c' $
|
2012-11-11 04:51:07 +00:00
|
|
|
-- special constraints on key names
|
2014-08-10 02:17:40 +00:00
|
|
|
M.insert "mungekeys" "ia" defaults
|
2018-09-06 20:03:15 +00:00
|
|
|
info <- extractS3Info archiveconfig
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3Handle archiveconfig gc u $
|
2015-06-05 17:09:41 +00:00
|
|
|
writeUUIDFile archiveconfig u info
|
2013-10-16 20:35:47 +00:00
|
|
|
use archiveconfig
|
2011-03-29 20:21:21 +00:00
|
|
|
|
2015-04-21 19:55:42 +00:00
|
|
|
-- Sets up a http connection manager for S3 endpoint, which allows
|
2014-08-09 18:23:54 +00:00
|
|
|
-- http connections to be reused across calls to the helper.
|
2015-06-05 17:09:41 +00:00
|
|
|
prepareS3Handle :: Remote -> (S3Handle -> helper) -> Preparer helper
|
|
|
|
prepareS3Handle r = resourcePrepare $ const $
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3Handle (config r) (gitconfig r) (uuid r)
|
2015-06-05 17:09:41 +00:00
|
|
|
|
|
|
|
-- Allows for read-only actions, which can be run without a S3Handle.
|
|
|
|
prepareS3HandleMaybe :: Remote -> (Maybe S3Handle -> helper) -> Preparer helper
|
|
|
|
prepareS3HandleMaybe r = resourcePrepare $ const $
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3HandleMaybe (config r) (gitconfig r) (uuid r)
|
2015-06-05 17:09:41 +00:00
|
|
|
|
2019-01-23 17:08:47 +00:00
|
|
|
store :: Remote -> S3Info -> Maybe Magic -> S3Handle -> Storer
|
|
|
|
store _r info magic h = fileStorer $ \k f p -> do
|
|
|
|
void $ storeHelper info h magic f (T.pack $ bucketObject info k) p
|
2014-08-09 18:23:54 +00:00
|
|
|
-- Store public URL to item in Internet Archive.
|
2015-06-05 17:09:41 +00:00
|
|
|
when (isIA info && not (isChunkKey k)) $
|
2018-10-04 21:33:25 +00:00
|
|
|
setUrlPresent k (iaPublicUrl info (bucketObject info k))
|
2014-08-09 18:23:54 +00:00
|
|
|
return True
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2019-01-23 17:08:47 +00:00
|
|
|
storeHelper :: S3Info -> S3Handle -> Maybe Magic -> FilePath -> S3.Object -> MeterUpdate -> Annex (Maybe S3VersionID)
|
|
|
|
storeHelper info h magic f object p = case partSize info of
|
2017-09-08 19:41:31 +00:00
|
|
|
Just partsz | partsz > 0 -> do
|
|
|
|
fsz <- liftIO $ getFileSize f
|
|
|
|
if fsz > partsz
|
|
|
|
then multipartupload fsz partsz
|
|
|
|
else singlepartupload
|
|
|
|
_ -> singlepartupload
|
2014-10-28 18:17:30 +00:00
|
|
|
where
|
2017-09-08 19:41:31 +00:00
|
|
|
singlepartupload = do
|
2019-01-23 17:08:47 +00:00
|
|
|
contenttype <- getcontenttype
|
2014-10-28 18:17:30 +00:00
|
|
|
rbody <- liftIO $ httpBodyStorer f p
|
2019-01-23 17:08:47 +00:00
|
|
|
r <- sendS3Handle h $ (putObject info object rbody)
|
|
|
|
{ S3.poContentType = encodeBS <$> contenttype }
|
2018-08-30 18:47:52 +00:00
|
|
|
return (mkS3VersionID object (S3.porVersionId r))
|
2017-09-08 19:41:31 +00:00
|
|
|
multipartupload fsz partsz = do
|
2018-09-13 13:58:36 +00:00
|
|
|
#if MIN_VERSION_aws(0,16,0)
|
2019-01-23 17:08:47 +00:00
|
|
|
contenttype <- getcontenttype
|
2014-11-04 19:39:48 +00:00
|
|
|
let startreq = (S3.postInitiateMultipartUpload (bucket info) object)
|
2014-10-28 18:17:30 +00:00
|
|
|
{ S3.imuStorageClass = Just (storageClass info)
|
|
|
|
, S3.imuMetadata = metaHeaders info
|
|
|
|
, S3.imuAutoMakeBucket = isIA info
|
|
|
|
, S3.imuExpires = Nothing -- TODO set some reasonable expiry
|
2019-01-23 17:08:47 +00:00
|
|
|
, S3.imuContentType = fromString <$> contenttype
|
2014-10-28 18:17:30 +00:00
|
|
|
}
|
2014-11-04 19:39:48 +00:00
|
|
|
uploadid <- S3.imurUploadId <$> sendS3Handle h startreq
|
2014-10-28 18:17:30 +00:00
|
|
|
|
2014-11-04 20:21:55 +00:00
|
|
|
-- The actual part size will be a even multiple of the
|
2016-12-07 18:25:01 +00:00
|
|
|
-- 32k chunk size that lazy ByteStrings use.
|
2014-11-04 20:21:55 +00:00
|
|
|
let partsz' = (partsz `div` toInteger defaultChunkSize) * toInteger defaultChunkSize
|
2014-11-04 00:49:30 +00:00
|
|
|
|
2014-11-03 23:18:46 +00:00
|
|
|
-- Send parts of the file, taking care to stream each part
|
|
|
|
-- w/o buffering in memory, since the parts can be large.
|
2014-11-03 23:50:33 +00:00
|
|
|
etags <- bracketIO (openBinaryFile f ReadMode) hClose $ \fh -> do
|
2014-11-04 18:47:18 +00:00
|
|
|
let sendparts meter etags partnum = do
|
|
|
|
pos <- liftIO $ hTell fh
|
|
|
|
if pos >= fsz
|
|
|
|
then return (reverse etags)
|
|
|
|
else do
|
|
|
|
-- Calculate size of part that will
|
|
|
|
-- be read.
|
2014-11-04 20:21:55 +00:00
|
|
|
let sz = if fsz - pos < partsz'
|
2014-11-04 18:47:18 +00:00
|
|
|
then fsz - pos
|
|
|
|
else partsz'
|
2014-11-04 19:39:48 +00:00
|
|
|
let p' = offsetMeterUpdate p (toBytesProcessed pos)
|
|
|
|
let numchunks = ceiling (fromIntegral sz / fromIntegral defaultChunkSize :: Double)
|
|
|
|
let popper = handlePopper numchunks defaultChunkSize p' fh
|
2014-11-04 19:22:08 +00:00
|
|
|
let req = S3.uploadPart (bucket info) object partnum uploadid $
|
|
|
|
RequestBodyStream (fromIntegral sz) popper
|
2017-02-07 17:01:57 +00:00
|
|
|
S3.UploadPartResponse { S3.uprETag = etag } <- sendS3Handle h req
|
2014-11-04 18:47:18 +00:00
|
|
|
sendparts (offsetMeterUpdate meter (toBytesProcessed sz)) (etag:etags) (partnum + 1)
|
2014-11-04 00:04:42 +00:00
|
|
|
sendparts p [] 1
|
2014-10-28 18:17:30 +00:00
|
|
|
|
2018-08-30 18:22:26 +00:00
|
|
|
r <- sendS3Handle h $ S3.postCompleteMultipartUpload
|
2014-11-03 19:53:22 +00:00
|
|
|
(bucket info) object uploadid (zip [1..] etags)
|
2018-08-30 18:47:52 +00:00
|
|
|
return (mkS3VersionID object (S3.cmurVersionId r))
|
2014-10-28 18:17:30 +00:00
|
|
|
#else
|
2014-11-04 00:49:30 +00:00
|
|
|
warning $ "Cannot do multipart upload (partsize " ++ show partsz ++ ") of large file (" ++ show fsz ++ "); built with too old a version of the aws library."
|
2017-09-08 19:41:31 +00:00
|
|
|
singlepartupload
|
2014-10-28 18:17:30 +00:00
|
|
|
#endif
|
2019-01-23 17:08:47 +00:00
|
|
|
getcontenttype = liftIO $
|
|
|
|
maybe (pure Nothing) (flip getMagicMimeType f) magic
|
2014-08-02 19:51:58 +00:00
|
|
|
|
2014-08-09 19:58:01 +00:00
|
|
|
{- Implemented as a fileRetriever, that uses conduit to stream the chunks
|
|
|
|
- out to the file. Would be better to implement a byteRetriever, but
|
|
|
|
- that is difficult. -}
|
2018-09-06 18:31:41 +00:00
|
|
|
retrieve :: Remote -> RemoteConfig -> S3Info -> Maybe S3Handle -> Retriever
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
retrieve r c info (Just h) = fileRetriever $ \f k p ->
|
|
|
|
eitherS3VersionID info (uuid r) c k (T.pack $ bucketObject info k) >>= \case
|
|
|
|
Left failreason -> do
|
|
|
|
warning failreason
|
|
|
|
giveup "cannot download content"
|
|
|
|
Right loc -> retrieveHelper info h loc f p
|
2018-09-06 18:31:41 +00:00
|
|
|
retrieve r c info Nothing = fileRetriever $ \f k p ->
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
getPublicWebUrls' (uuid r) info c k >>= \case
|
|
|
|
Left failreason -> do
|
|
|
|
warning failreason
|
|
|
|
giveup "cannot download content"
|
|
|
|
Right us -> unlessM (downloadUrl k p us f) $
|
2017-09-08 19:41:31 +00:00
|
|
|
giveup "failed to download content"
|
|
|
|
|
2018-08-30 18:47:52 +00:00
|
|
|
retrieveHelper :: S3Info -> S3Handle -> (Either S3.Object S3VersionID) -> FilePath -> MeterUpdate -> Annex ()
|
|
|
|
retrieveHelper info h loc f p = liftIO $ runResourceT $ do
|
|
|
|
let req = case loc of
|
|
|
|
Left o -> S3.getObject (bucket info) o
|
|
|
|
Right (S3VersionID o vid) -> (S3.getObject (bucket info) o)
|
2019-01-07 19:51:05 +00:00
|
|
|
{ S3.goVersionId = Just vid }
|
2014-08-09 19:58:01 +00:00
|
|
|
S3.GetObjectResponse { S3.gorResponse = rsp } <- sendS3Handle' h req
|
2018-04-06 19:58:16 +00:00
|
|
|
Url.sinkResponseFile p zeroBytesProcessed f WriteMode rsp
|
2011-04-19 18:45:19 +00:00
|
|
|
|
2015-04-14 20:35:10 +00:00
|
|
|
retrieveCheap :: Key -> AssociatedFile -> FilePath -> Annex Bool
|
|
|
|
retrieveCheap _ _ _ = return False
|
2012-01-20 17:23:11 +00:00
|
|
|
|
2013-04-25 21:28:25 +00:00
|
|
|
{- Internet Archive doesn't easily allow removing content.
|
|
|
|
- While it may remove the file, there are generally other files
|
|
|
|
- derived from it that it does not remove. -}
|
2015-06-05 17:09:41 +00:00
|
|
|
remove :: S3Info -> S3Handle -> Remover
|
2017-09-12 16:45:33 +00:00
|
|
|
remove info h k = do
|
2017-09-12 16:33:08 +00:00
|
|
|
res <- tryNonAsync $ sendS3Handle h $
|
|
|
|
S3.DeleteObject (T.pack $ bucketObject info k) (bucket info)
|
|
|
|
return $ either (const False) (const True) res
|
|
|
|
|
2018-09-06 18:31:41 +00:00
|
|
|
checkKey :: Remote -> RemoteConfig -> S3Info -> Maybe S3Handle -> CheckPresent
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
checkKey r c info (Just h) k = do
|
2015-08-17 14:42:14 +00:00
|
|
|
showChecking r
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
eitherS3VersionID info (uuid r) c k (T.pack $ bucketObject info k) >>= \case
|
|
|
|
Left failreason -> do
|
|
|
|
warning failreason
|
|
|
|
giveup "cannot check content"
|
|
|
|
Right loc -> checkKeyHelper info h loc
|
2018-09-06 18:31:41 +00:00
|
|
|
checkKey r c info Nothing k =
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
getPublicWebUrls' (uuid r) info c k >>= \case
|
|
|
|
Left failreason -> do
|
|
|
|
warning failreason
|
|
|
|
giveup "cannot check content"
|
|
|
|
Right us -> do
|
2018-09-06 18:31:41 +00:00
|
|
|
showChecking r
|
|
|
|
let check u = withUrlOptions $
|
|
|
|
liftIO . checkBoth u (keySize k)
|
|
|
|
anyM check us
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2018-08-30 18:47:52 +00:00
|
|
|
checkKeyHelper :: S3Info -> S3Handle -> (Either S3.Object S3VersionID) -> Annex Bool
|
|
|
|
checkKeyHelper info h loc = do
|
2014-10-23 20:32:18 +00:00
|
|
|
#if MIN_VERSION_aws(0,10,0)
|
|
|
|
rsp <- go
|
2014-10-23 20:52:05 +00:00
|
|
|
return (isJust $ S3.horMetadata rsp)
|
2014-10-23 20:32:18 +00:00
|
|
|
#else
|
2014-08-09 18:23:54 +00:00
|
|
|
catchMissingException $ do
|
2014-10-23 20:32:18 +00:00
|
|
|
void go
|
2014-08-09 18:23:54 +00:00
|
|
|
return True
|
2014-10-23 20:32:18 +00:00
|
|
|
#endif
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
2018-08-30 18:47:52 +00:00
|
|
|
go = sendS3Handle h req
|
|
|
|
req = case loc of
|
|
|
|
Left o -> S3.headObject (bucket info) o
|
|
|
|
Right (S3VersionID o vid) -> (S3.headObject (bucket info) o)
|
2019-01-07 19:51:05 +00:00
|
|
|
{ S3.hoVersionId = Just vid }
|
2014-10-23 20:32:18 +00:00
|
|
|
|
|
|
|
#if ! MIN_VERSION_aws(0,10,0)
|
|
|
|
{- Catch exception headObject returns when an object is not present
|
|
|
|
- in the bucket, and returns False. All other exceptions indicate a
|
|
|
|
- check error and are let through. -}
|
|
|
|
catchMissingException :: Annex Bool -> Annex Bool
|
|
|
|
catchMissingException a = catchJust missing a (const $ return False)
|
|
|
|
where
|
|
|
|
missing :: AWS.HeaderException -> Maybe ()
|
|
|
|
missing e
|
|
|
|
| AWS.headerErrorMessage e == "ETag missing" = Just ()
|
|
|
|
| otherwise = Nothing
|
|
|
|
#endif
|
2015-06-05 20:23:35 +00:00
|
|
|
|
2019-01-23 17:08:47 +00:00
|
|
|
storeExportS3 :: UUID -> S3Info -> Maybe S3Handle -> Maybe Magic -> FilePath -> Key -> ExportLocation -> MeterUpdate -> Annex Bool
|
|
|
|
storeExportS3 u info (Just h) magic f k loc p =
|
2017-09-08 19:41:31 +00:00
|
|
|
catchNonAsync go (\e -> warning (show e) >> return False)
|
|
|
|
where
|
2017-09-12 20:59:04 +00:00
|
|
|
go = do
|
2018-08-30 18:47:52 +00:00
|
|
|
let o = T.pack $ bucketExportLocation info loc
|
2019-01-23 17:08:47 +00:00
|
|
|
storeHelper info h magic f o p
|
2018-08-30 18:47:52 +00:00
|
|
|
>>= setS3VersionID info u k
|
2017-09-08 19:41:31 +00:00
|
|
|
return True
|
2019-01-23 17:08:47 +00:00
|
|
|
storeExportS3 u _ Nothing _ _ _ _ _ = do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2018-07-31 20:29:11 +00:00
|
|
|
return False
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
retrieveExportS3 :: UUID -> S3Info -> Maybe S3Handle -> Key -> ExportLocation -> FilePath -> MeterUpdate -> Annex Bool
|
|
|
|
retrieveExportS3 u info mh _k loc f p =
|
2017-09-08 19:41:31 +00:00
|
|
|
catchNonAsync go (\e -> warning (show e) >> return False)
|
|
|
|
where
|
2018-07-31 20:29:11 +00:00
|
|
|
go = case mh of
|
|
|
|
Just h -> do
|
2018-08-30 18:47:52 +00:00
|
|
|
retrieveHelper info h (Left (T.pack exporturl)) f p
|
2018-07-31 20:29:11 +00:00
|
|
|
return True
|
2018-09-06 20:03:15 +00:00
|
|
|
Nothing -> case getPublicUrlMaker info of
|
2018-07-31 20:29:11 +00:00
|
|
|
Nothing -> do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2018-07-31 20:29:11 +00:00
|
|
|
return False
|
|
|
|
Just geturl -> Url.withUrlOptions $
|
|
|
|
liftIO . Url.download p (geturl exporturl) f
|
|
|
|
exporturl = bucketExportLocation info loc
|
|
|
|
|
|
|
|
removeExportS3 :: UUID -> S3Info -> Maybe S3Handle -> Key -> ExportLocation -> Annex Bool
|
2019-01-29 19:07:27 +00:00
|
|
|
removeExportS3 u info (Just h) k loc = checkVersioning info u $
|
2017-09-08 19:41:31 +00:00
|
|
|
catchNonAsync go (\e -> warning (show e) >> return False)
|
|
|
|
where
|
2017-09-12 20:59:04 +00:00
|
|
|
go = do
|
2017-09-08 19:41:31 +00:00
|
|
|
res <- tryNonAsync $ sendS3Handle h $
|
|
|
|
S3.DeleteObject (T.pack $ bucketExportLocation info loc) (bucket info)
|
|
|
|
return $ either (const False) (const True) res
|
2018-07-31 20:29:11 +00:00
|
|
|
removeExportS3 u _ Nothing _ _ = do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2018-07-31 20:29:11 +00:00
|
|
|
return False
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
checkPresentExportS3 :: UUID -> S3Info -> Maybe S3Handle -> Key -> ExportLocation -> Annex Bool
|
|
|
|
checkPresentExportS3 _u info (Just h) _k loc =
|
2018-08-30 18:47:52 +00:00
|
|
|
checkKeyHelper info h (Left (T.pack $ bucketExportLocation info loc))
|
2018-09-06 20:03:15 +00:00
|
|
|
checkPresentExportS3 u info Nothing k loc = case getPublicUrlMaker info of
|
2018-07-31 20:29:11 +00:00
|
|
|
Nothing -> do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2018-07-31 20:29:11 +00:00
|
|
|
giveup "No S3 credentials configured"
|
|
|
|
Just geturl -> withUrlOptions $ liftIO .
|
|
|
|
checkBoth (geturl $ bucketExportLocation info loc) (keySize k)
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2017-09-08 20:19:38 +00:00
|
|
|
-- S3 has no move primitive; copy and delete.
|
2018-07-31 20:29:11 +00:00
|
|
|
renameExportS3 :: UUID -> S3Info -> Maybe S3Handle -> Key -> ExportLocation -> ExportLocation -> Annex Bool
|
2019-01-29 19:07:27 +00:00
|
|
|
renameExportS3 u info (Just h) k src dest = checkVersioning info u k src $
|
|
|
|
catchNonAsync go (\_ -> return False)
|
2017-09-08 19:41:31 +00:00
|
|
|
where
|
2017-09-12 20:59:04 +00:00
|
|
|
go = do
|
2017-09-08 20:19:38 +00:00
|
|
|
let co = S3.copyObject (bucket info) dstobject
|
2017-09-08 19:41:31 +00:00
|
|
|
(S3.ObjectId (bucket info) srcobject Nothing)
|
|
|
|
S3.CopyMetadata
|
2017-09-08 20:19:38 +00:00
|
|
|
-- ACL is not preserved by copy.
|
|
|
|
void $ sendS3Handle h $ co { S3.coAcl = acl info }
|
2017-09-08 19:41:31 +00:00
|
|
|
void $ sendS3Handle h $ S3.DeleteObject srcobject (bucket info)
|
|
|
|
return True
|
|
|
|
srcobject = T.pack $ bucketExportLocation info src
|
|
|
|
dstobject = T.pack $ bucketExportLocation info dest
|
2018-07-31 20:29:11 +00:00
|
|
|
renameExportS3 u _ Nothing _ _ _ = do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2018-07-31 20:29:11 +00:00
|
|
|
return False
|
2014-08-09 18:23:54 +00:00
|
|
|
|
2014-07-11 19:21:43 +00:00
|
|
|
{- Generate the bucket if it does not already exist, including creating the
|
|
|
|
- UUID file within the bucket.
|
|
|
|
-
|
2014-08-08 22:54:04 +00:00
|
|
|
- Some ACLs can allow read/write to buckets, but not querying them,
|
2019-01-29 17:44:55 +00:00
|
|
|
- so first check if the UUID file already exists and we can skip creating
|
|
|
|
- it.
|
2014-07-11 19:21:43 +00:00
|
|
|
-}
|
2016-05-23 21:03:20 +00:00
|
|
|
genBucket :: RemoteConfig -> RemoteGitConfig -> UUID -> Annex ()
|
|
|
|
genBucket c gc u = do
|
2011-07-19 18:07:23 +00:00
|
|
|
showAction "checking bucket"
|
2018-09-06 20:03:15 +00:00
|
|
|
info <- extractS3Info c
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3Handle c gc u $ \h ->
|
2015-06-05 17:09:41 +00:00
|
|
|
go info h =<< checkUUIDFile c u info h
|
2012-11-11 04:51:07 +00:00
|
|
|
where
|
2015-06-05 17:09:41 +00:00
|
|
|
go _ _ (Right True) = noop
|
|
|
|
go info h _ = do
|
|
|
|
v <- tryNonAsync $ sendS3Handle h (S3.getBucket $ bucket info)
|
2014-08-08 22:54:04 +00:00
|
|
|
case v of
|
|
|
|
Right _ -> noop
|
|
|
|
Left _ -> do
|
|
|
|
showAction $ "creating bucket in " ++ datacenter
|
2018-12-31 17:09:20 +00:00
|
|
|
void $ sendS3Handle h $
|
|
|
|
(S3.putBucket (bucket info))
|
|
|
|
{ S3.pbCannedAcl = acl info
|
|
|
|
, S3.pbLocationConstraint = locconstraint
|
2015-11-02 15:14:03 +00:00
|
|
|
#if MIN_VERSION_aws(0,13,0)
|
2018-12-31 17:09:20 +00:00
|
|
|
, S3.pbXStorageClass = storageclass
|
2015-11-02 15:14:03 +00:00
|
|
|
#endif
|
2018-12-31 17:09:20 +00:00
|
|
|
}
|
2015-06-05 17:09:41 +00:00
|
|
|
writeUUIDFile c u info h
|
2014-08-08 22:54:04 +00:00
|
|
|
|
2015-06-05 18:38:01 +00:00
|
|
|
locconstraint = mkLocationConstraint $ T.pack datacenter
|
2012-11-11 04:51:07 +00:00
|
|
|
datacenter = fromJust $ M.lookup "datacenter" c
|
2015-11-02 15:14:03 +00:00
|
|
|
#if MIN_VERSION_aws(0,13,0)
|
|
|
|
-- "NEARLINE" as a storage class when creating a bucket is a
|
|
|
|
-- nonstandard extension of Google Cloud Storage.
|
|
|
|
storageclass = case getStorageClass c of
|
|
|
|
sc@(S3.OtherStorageClass "NEARLINE") -> Just sc
|
|
|
|
_ -> Nothing
|
|
|
|
#endif
|
2011-05-16 13:42:54 +00:00
|
|
|
|
2013-04-27 21:01:24 +00:00
|
|
|
{- Writes the UUID to an annex-uuid file within the bucket.
|
|
|
|
-
|
2017-02-13 19:35:24 +00:00
|
|
|
- If the file already exists in the bucket, it must match,
|
|
|
|
- or this fails.
|
2013-04-27 21:01:24 +00:00
|
|
|
-
|
2014-08-08 22:54:04 +00:00
|
|
|
- Note that IA buckets can only created by having a file
|
|
|
|
- stored in them. So this also takes care of that.
|
2013-04-27 21:01:24 +00:00
|
|
|
-}
|
2015-06-05 17:09:41 +00:00
|
|
|
writeUUIDFile :: RemoteConfig -> UUID -> S3Info -> S3Handle -> Annex ()
|
|
|
|
writeUUIDFile c u info h = do
|
|
|
|
v <- checkUUIDFile c u info h
|
2014-07-11 19:21:43 +00:00
|
|
|
case v of
|
2014-08-08 22:54:04 +00:00
|
|
|
Right True -> noop
|
2017-02-13 19:35:24 +00:00
|
|
|
Right False -> do
|
|
|
|
warning "The bucket already exists, and its annex-uuid file indicates it is used by a different special remote."
|
|
|
|
giveup "Cannot reuse this bucket."
|
2014-11-05 16:42:12 +00:00
|
|
|
_ -> void $ sendS3Handle h mkobject
|
2013-04-27 21:01:24 +00:00
|
|
|
where
|
2014-08-08 22:54:04 +00:00
|
|
|
file = T.pack $ uuidFile c
|
2014-07-11 19:21:43 +00:00
|
|
|
uuidb = L.fromChunks [T.encodeUtf8 $ T.pack $ fromUUID u]
|
|
|
|
|
2015-06-05 17:09:41 +00:00
|
|
|
mkobject = putObject info file (RequestBodyLBS uuidb)
|
2014-07-11 19:21:43 +00:00
|
|
|
|
2014-08-08 22:54:04 +00:00
|
|
|
{- Checks if the UUID file exists in the bucket
|
|
|
|
- and has the specified UUID already. -}
|
2015-06-05 17:09:41 +00:00
|
|
|
checkUUIDFile :: RemoteConfig -> UUID -> S3Info -> S3Handle -> Annex (Either SomeException Bool)
|
2017-02-13 19:35:24 +00:00
|
|
|
checkUUIDFile c u info h = tryNonAsync $ liftIO $ runResourceT $ do
|
|
|
|
resp <- tryS3 $ sendS3Handle' h (S3.getObject (bucket info) file)
|
|
|
|
case resp of
|
|
|
|
Left _ -> return False
|
|
|
|
Right r -> do
|
|
|
|
v <- AWS.loadToMemory r
|
|
|
|
let !ok = check v
|
|
|
|
return ok
|
2014-07-11 19:21:43 +00:00
|
|
|
where
|
2017-02-13 19:35:24 +00:00
|
|
|
check (S3.GetObjectMemoryResponse _meta rsp) =
|
2014-08-08 22:54:04 +00:00
|
|
|
responseStatus rsp == ok200 && responseBody rsp == uuidb
|
|
|
|
|
|
|
|
file = T.pack $ uuidFile c
|
2014-06-06 18:04:35 +00:00
|
|
|
uuidb = L.fromChunks [T.encodeUtf8 $ T.pack $ fromUUID u]
|
2013-04-27 21:01:24 +00:00
|
|
|
|
2014-07-11 19:21:43 +00:00
|
|
|
uuidFile :: RemoteConfig -> FilePath
|
2014-08-09 00:29:56 +00:00
|
|
|
uuidFile c = getFilePrefix c ++ "annex-uuid"
|
2014-07-11 19:21:43 +00:00
|
|
|
|
2017-02-13 19:35:24 +00:00
|
|
|
tryS3 :: ResourceT IO a -> ResourceT IO (Either S3.S3Error a)
|
|
|
|
tryS3 a = (Right <$> a) `catch` (pure . Left)
|
|
|
|
|
2014-08-09 00:51:22 +00:00
|
|
|
data S3Handle = S3Handle
|
|
|
|
{ hmanager :: Manager
|
|
|
|
, hawscfg :: AWS.Configuration
|
|
|
|
, hs3cfg :: S3.S3Configuration AWS.NormalQuery
|
|
|
|
}
|
2014-08-08 22:54:04 +00:00
|
|
|
|
|
|
|
{- Sends a request to S3 and gets back the response.
|
|
|
|
-
|
|
|
|
- Note that pureAws's use of ResourceT is bypassed here;
|
2014-08-09 00:29:56 +00:00
|
|
|
- the response should be fully processed while the S3Handle
|
|
|
|
- is still open, eg within a call to withS3Handle.
|
2014-08-08 22:54:04 +00:00
|
|
|
-}
|
|
|
|
sendS3Handle
|
|
|
|
:: (AWS.Transaction req res, AWS.ServiceConfiguration req ~ S3.S3Configuration)
|
|
|
|
=> S3Handle
|
|
|
|
-> req
|
2014-08-09 00:29:56 +00:00
|
|
|
-> Annex res
|
2014-08-09 19:58:01 +00:00
|
|
|
sendS3Handle h r = liftIO $ runResourceT $ sendS3Handle' h r
|
|
|
|
|
|
|
|
sendS3Handle'
|
|
|
|
:: (AWS.Transaction r a, AWS.ServiceConfiguration r ~ S3.S3Configuration)
|
|
|
|
=> S3Handle
|
|
|
|
-> r
|
|
|
|
-> ResourceT IO a
|
2015-04-21 19:55:42 +00:00
|
|
|
sendS3Handle' h r = AWS.pureAws (hawscfg h) (hs3cfg h) (hmanager h) r
|
2014-08-08 22:54:04 +00:00
|
|
|
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3Handle :: RemoteConfig -> RemoteGitConfig -> UUID -> (S3Handle -> Annex a) -> Annex a
|
|
|
|
withS3Handle c gc u a = withS3HandleMaybe c gc u $ \mh -> case mh of
|
2015-06-15 18:48:38 +00:00
|
|
|
Just h -> a h
|
|
|
|
Nothing -> do
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
warning $ needS3Creds u
|
2016-11-16 01:29:54 +00:00
|
|
|
giveup "No S3 credentials configured"
|
2015-06-05 17:09:41 +00:00
|
|
|
|
2016-05-23 21:03:20 +00:00
|
|
|
withS3HandleMaybe :: RemoteConfig -> RemoteGitConfig -> UUID -> (Maybe S3Handle -> Annex a) -> Annex a
|
|
|
|
withS3HandleMaybe c gc u a = do
|
|
|
|
mcreds <- getRemoteCredPair c gc (AWS.creds u)
|
2015-06-05 17:09:41 +00:00
|
|
|
case mcreds of
|
|
|
|
Just creds -> do
|
|
|
|
awscreds <- liftIO $ genCredentials creds
|
|
|
|
let awscfg = AWS.Configuration AWS.Timestamp awscreds debugMapper
|
2017-10-11 15:43:03 +00:00
|
|
|
#if MIN_VERSION_aws(0,17,0)
|
2017-10-11 14:57:20 +00:00
|
|
|
Nothing
|
|
|
|
#endif
|
2018-04-04 19:15:12 +00:00
|
|
|
withUrlOptions $ \ou ->
|
|
|
|
a $ Just $ S3Handle (httpManager ou) awscfg s3cfg
|
2015-06-05 17:09:41 +00:00
|
|
|
Nothing -> a Nothing
|
2014-08-08 22:54:04 +00:00
|
|
|
where
|
|
|
|
s3cfg = s3Configuration c
|
|
|
|
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
needS3Creds :: UUID -> String
|
|
|
|
needS3Creds u = missingCredPairFor "S3" (AWS.creds u)
|
2018-07-31 20:29:11 +00:00
|
|
|
|
2014-08-08 22:54:04 +00:00
|
|
|
s3Configuration :: RemoteConfig -> S3.S3Configuration AWS.NormalQuery
|
2016-02-09 19:36:31 +00:00
|
|
|
s3Configuration c = cfg
|
|
|
|
{ S3.s3Port = port
|
|
|
|
, S3.s3RequestStyle = case M.lookup "requeststyle" c of
|
|
|
|
Just "path" -> S3.PathStyle
|
2016-11-16 01:29:54 +00:00
|
|
|
Just s -> giveup $ "bad S3 requeststyle value: " ++ s
|
2016-02-09 19:36:31 +00:00
|
|
|
Nothing -> S3.s3RequestStyle cfg
|
|
|
|
}
|
2014-08-08 22:54:04 +00:00
|
|
|
where
|
|
|
|
proto
|
|
|
|
| port == 443 = AWS.HTTPS
|
|
|
|
| otherwise = AWS.HTTP
|
2018-09-06 20:03:15 +00:00
|
|
|
h = fromJust $ M.lookup "host" c
|
2014-08-08 22:54:04 +00:00
|
|
|
datacenter = fromJust $ M.lookup "datacenter" c
|
|
|
|
-- When the default S3 host is configured, connect directly to
|
|
|
|
-- the S3 endpoint for the configured datacenter.
|
|
|
|
-- When another host is configured, it's used as-is.
|
|
|
|
endpoint
|
2018-09-06 20:03:15 +00:00
|
|
|
| h == AWS.s3DefaultHost = AWS.s3HostName $ T.pack datacenter
|
|
|
|
| otherwise = T.encodeUtf8 $ T.pack h
|
2014-08-08 22:54:04 +00:00
|
|
|
port = let s = fromJust $ M.lookup "port" c in
|
|
|
|
case reads s of
|
|
|
|
[(p, _)] -> p
|
2016-11-16 01:29:54 +00:00
|
|
|
_ -> giveup $ "bad S3 port value: " ++ s
|
2016-02-09 19:36:31 +00:00
|
|
|
cfg = S3.s3 proto endpoint False
|
2014-08-08 22:54:04 +00:00
|
|
|
|
2014-08-10 02:13:03 +00:00
|
|
|
data S3Info = S3Info
|
|
|
|
{ bucket :: S3.Bucket
|
|
|
|
, storageClass :: S3.StorageClass
|
2018-07-31 20:29:11 +00:00
|
|
|
, bucketObject :: Key -> BucketObject
|
|
|
|
, bucketExportLocation :: ExportLocation -> BucketObject
|
2014-08-10 02:13:03 +00:00
|
|
|
, metaHeaders :: [(T.Text, T.Text)]
|
2014-10-28 18:17:30 +00:00
|
|
|
, partSize :: Maybe Integer
|
2014-08-10 02:13:03 +00:00
|
|
|
, isIA :: Bool
|
2018-08-30 17:45:28 +00:00
|
|
|
, versioning :: Bool
|
2015-06-05 20:23:35 +00:00
|
|
|
, public :: Bool
|
2018-09-06 20:03:15 +00:00
|
|
|
, publicurl :: Maybe URLString
|
|
|
|
, host :: Maybe String
|
2014-08-10 02:13:03 +00:00
|
|
|
}
|
|
|
|
|
2018-09-06 20:03:15 +00:00
|
|
|
extractS3Info :: RemoteConfig -> Annex S3Info
|
|
|
|
extractS3Info c = do
|
2014-08-10 02:13:03 +00:00
|
|
|
b <- maybe
|
2016-11-16 01:29:54 +00:00
|
|
|
(giveup "S3 bucket not configured")
|
2014-08-10 02:13:03 +00:00
|
|
|
(return . T.pack)
|
|
|
|
(getBucketName c)
|
2018-09-06 20:03:15 +00:00
|
|
|
return $ S3Info
|
2014-08-10 02:13:03 +00:00
|
|
|
{ bucket = b
|
|
|
|
, storageClass = getStorageClass c
|
2015-06-05 20:23:35 +00:00
|
|
|
, bucketObject = getBucketObject c
|
2017-09-08 19:41:31 +00:00
|
|
|
, bucketExportLocation = getBucketExportLocation c
|
2014-08-10 02:13:03 +00:00
|
|
|
, metaHeaders = getMetaHeaders c
|
2014-10-28 18:17:30 +00:00
|
|
|
, partSize = getPartSize c
|
2014-08-10 02:13:03 +00:00
|
|
|
, isIA = configIA c
|
2018-08-30 17:45:28 +00:00
|
|
|
, versioning = boolcfg "versioning"
|
|
|
|
, public = boolcfg "public"
|
2018-09-06 20:03:15 +00:00
|
|
|
, publicurl = M.lookup "publicurl" c
|
|
|
|
, host = M.lookup "host" c
|
2014-08-10 02:13:03 +00:00
|
|
|
}
|
2018-08-30 17:45:28 +00:00
|
|
|
where
|
2018-10-10 15:07:49 +00:00
|
|
|
boolcfg k = fromMaybe False $ yesNo =<< M.lookup k c
|
2014-08-10 02:13:03 +00:00
|
|
|
|
2015-06-05 17:09:41 +00:00
|
|
|
putObject :: S3Info -> T.Text -> RequestBody -> S3.PutObject
|
|
|
|
putObject info file rbody = (S3.putObject (bucket info) file rbody)
|
|
|
|
{ S3.poStorageClass = Just (storageClass info)
|
|
|
|
, S3.poMetadata = metaHeaders info
|
|
|
|
, S3.poAutoMakeBucket = isIA info
|
2015-06-05 18:38:01 +00:00
|
|
|
, S3.poAcl = acl info
|
2015-06-05 17:09:41 +00:00
|
|
|
}
|
|
|
|
|
2015-06-05 20:23:35 +00:00
|
|
|
acl :: S3Info -> Maybe S3.CannedAcl
|
|
|
|
acl info
|
|
|
|
| public info = Just S3.AclPublicRead
|
|
|
|
| otherwise = Nothing
|
|
|
|
|
2014-08-09 00:29:56 +00:00
|
|
|
getBucketName :: RemoteConfig -> Maybe BucketName
|
2015-04-27 22:00:58 +00:00
|
|
|
getBucketName = map toLower <$$> M.lookup "bucket"
|
2013-04-27 21:01:24 +00:00
|
|
|
|
2014-08-08 22:54:04 +00:00
|
|
|
getStorageClass :: RemoteConfig -> S3.StorageClass
|
2014-08-09 00:51:22 +00:00
|
|
|
getStorageClass c = case M.lookup "storageclass" c of
|
2015-09-22 15:03:44 +00:00
|
|
|
Just "REDUCED_REDUNDANCY" -> S3.ReducedRedundancy
|
|
|
|
#if MIN_VERSION_aws(0,13,0)
|
2015-09-17 21:20:01 +00:00
|
|
|
Just s -> S3.OtherStorageClass (T.pack s)
|
2015-09-22 15:03:44 +00:00
|
|
|
#endif
|
|
|
|
_ -> S3.Standard
|
2014-10-28 18:17:30 +00:00
|
|
|
|
|
|
|
getPartSize :: RemoteConfig -> Maybe Integer
|
|
|
|
getPartSize c = readSize dataUnits =<< M.lookup "partsize" c
|
|
|
|
|
2014-08-09 18:44:53 +00:00
|
|
|
getMetaHeaders :: RemoteConfig -> [(T.Text, T.Text)]
|
|
|
|
getMetaHeaders = map munge . filter ismetaheader . M.assocs
|
2013-04-27 21:01:24 +00:00
|
|
|
where
|
2014-08-09 18:44:53 +00:00
|
|
|
ismetaheader (h, _) = metaprefix `isPrefixOf` h
|
|
|
|
metaprefix = "x-amz-meta-"
|
|
|
|
metaprefixlen = length metaprefix
|
|
|
|
munge (k, v) = (T.pack $ drop metaprefixlen k, T.pack v)
|
2013-04-27 21:01:24 +00:00
|
|
|
|
2014-08-09 00:29:56 +00:00
|
|
|
getFilePrefix :: RemoteConfig -> String
|
|
|
|
getFilePrefix = M.findWithDefault "" "fileprefix"
|
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
getBucketObject :: RemoteConfig -> Key -> BucketObject
|
2019-01-14 17:03:35 +00:00
|
|
|
getBucketObject c = munge . serializeKey
|
2014-08-09 18:23:54 +00:00
|
|
|
where
|
|
|
|
munge s = case M.lookup "mungekeys" c of
|
|
|
|
Just "ia" -> iaMunge $ getFilePrefix c ++ s
|
|
|
|
_ -> getFilePrefix c ++ s
|
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
getBucketExportLocation :: RemoteConfig -> ExportLocation -> BucketObject
|
2017-09-18 17:57:25 +00:00
|
|
|
getBucketExportLocation c loc = getFilePrefix c ++ fromExportLocation loc
|
2017-09-08 19:41:31 +00:00
|
|
|
|
2017-09-12 16:33:08 +00:00
|
|
|
{- Internet Archive documentation limits filenames to a subset of ascii.
|
|
|
|
- While other characters seem to work now, this entity encodes everything
|
|
|
|
- else to avoid problems. -}
|
2014-08-09 00:29:56 +00:00
|
|
|
iaMunge :: String -> String
|
|
|
|
iaMunge = (>>= munge)
|
|
|
|
where
|
|
|
|
munge c
|
|
|
|
| isAsciiUpper c || isAsciiLower c || isNumber c = [c]
|
2015-05-10 19:41:41 +00:00
|
|
|
| c `elem` ("_-.\"" :: String) = [c]
|
2014-08-09 00:29:56 +00:00
|
|
|
| isSpace c = []
|
|
|
|
| otherwise = "&" ++ show (ord c) ++ ";"
|
|
|
|
|
2014-08-10 02:13:03 +00:00
|
|
|
configIA :: RemoteConfig -> Bool
|
|
|
|
configIA = maybe False isIAHost . M.lookup "host"
|
|
|
|
|
2013-04-25 17:14:49 +00:00
|
|
|
{- Hostname to use for archive.org S3. -}
|
|
|
|
iaHost :: HostName
|
|
|
|
iaHost = "s3.us.archive.org"
|
|
|
|
|
|
|
|
isIAHost :: HostName -> Bool
|
|
|
|
isIAHost h = ".archive.org" `isSuffixOf` map toLower h
|
2013-04-25 20:42:17 +00:00
|
|
|
|
2014-08-09 00:29:56 +00:00
|
|
|
iaItemUrl :: BucketName -> URLString
|
2014-08-10 02:13:03 +00:00
|
|
|
iaItemUrl b = "http://archive.org/details/" ++ b
|
2013-04-25 21:28:25 +00:00
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
iaPublicUrl :: S3Info -> BucketObject -> URLString
|
2018-09-06 18:31:41 +00:00
|
|
|
iaPublicUrl info = genericPublicUrl $
|
2015-06-05 20:23:35 +00:00
|
|
|
"http://archive.org/download/" ++ T.unpack (bucket info) ++ "/"
|
|
|
|
|
2018-07-31 20:29:11 +00:00
|
|
|
awsPublicUrl :: S3Info -> BucketObject -> URLString
|
2018-09-06 18:31:41 +00:00
|
|
|
awsPublicUrl info = genericPublicUrl $
|
2015-06-05 20:23:35 +00:00
|
|
|
"https://" ++ T.unpack (bucket info) ++ ".s3.amazonaws.com/"
|
|
|
|
|
2018-09-06 18:31:41 +00:00
|
|
|
genericPublicUrl :: URLString -> BucketObject -> URLString
|
2018-09-14 16:25:23 +00:00
|
|
|
genericPublicUrl baseurl p = baseurl Posix.</> p
|
2014-12-19 20:53:25 +00:00
|
|
|
|
|
|
|
genCredentials :: CredPair -> IO AWS.Credentials
|
|
|
|
genCredentials (keyid, secret) = AWS.Credentials
|
2018-09-05 19:53:57 +00:00
|
|
|
<$> pure (tobs keyid)
|
|
|
|
<*> pure (tobs secret)
|
2014-12-19 20:53:25 +00:00
|
|
|
<*> newIORef []
|
2018-09-05 19:53:57 +00:00
|
|
|
<*> (fmap tobs <$> getEnv "AWS_SESSION_TOKEN")
|
|
|
|
where
|
|
|
|
tobs = T.encodeUtf8 . T.pack
|
2014-12-19 20:53:25 +00:00
|
|
|
|
|
|
|
mkLocationConstraint :: AWS.Region -> S3.LocationConstraint
|
|
|
|
mkLocationConstraint "US" = S3.locationUsClassic
|
|
|
|
mkLocationConstraint r = r
|
2015-04-21 19:55:42 +00:00
|
|
|
|
|
|
|
debugMapper :: AWS.Logger
|
2015-04-21 19:59:30 +00:00
|
|
|
debugMapper level t = forward "S3" (T.unpack t)
|
|
|
|
where
|
|
|
|
forward = case level of
|
|
|
|
AWS.Debug -> debugM
|
|
|
|
AWS.Info -> infoM
|
|
|
|
AWS.Warning -> warningM
|
|
|
|
AWS.Error -> errorM
|
2015-04-23 18:12:25 +00:00
|
|
|
|
2015-06-05 20:23:35 +00:00
|
|
|
s3Info :: RemoteConfig -> S3Info -> [(String, String)]
|
|
|
|
s3Info c info = catMaybes
|
2015-04-23 18:12:25 +00:00
|
|
|
[ Just ("bucket", fromMaybe "unknown" (getBucketName c))
|
2018-08-31 17:12:58 +00:00
|
|
|
, Just ("endpoint", w82s (BS.unpack (S3.s3Endpoint s3c)))
|
2015-04-23 18:12:25 +00:00
|
|
|
, Just ("port", show (S3.s3Port s3c))
|
2016-05-05 15:54:59 +00:00
|
|
|
, Just ("storage class", showstorageclass (getStorageClass c))
|
2015-04-23 18:12:25 +00:00
|
|
|
, if configIA c
|
|
|
|
then Just ("internet archive item", iaItemUrl $ fromMaybe "unknown" $ getBucketName c)
|
|
|
|
else Nothing
|
|
|
|
, Just ("partsize", maybe "unlimited" (roughSize storageUnits False) (getPartSize c))
|
2015-06-05 20:23:35 +00:00
|
|
|
, Just ("public", if public info then "yes" else "no")
|
2018-09-06 18:31:41 +00:00
|
|
|
, Just ("versioning", if versioning info then "yes" else "no")
|
2015-04-23 18:12:25 +00:00
|
|
|
]
|
|
|
|
where
|
|
|
|
s3c = s3Configuration c
|
2016-05-05 15:54:59 +00:00
|
|
|
#if MIN_VERSION_aws(0,13,0)
|
|
|
|
showstorageclass (S3.OtherStorageClass t) = T.unpack t
|
|
|
|
#endif
|
|
|
|
showstorageclass sc = show sc
|
2015-06-05 20:52:38 +00:00
|
|
|
|
2018-09-06 20:03:15 +00:00
|
|
|
getPublicWebUrls :: UUID -> S3Info -> RemoteConfig -> Key -> Annex [URLString]
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
getPublicWebUrls u info c k = either (const []) id <$> getPublicWebUrls' u info c k
|
|
|
|
|
|
|
|
getPublicWebUrls' :: UUID -> S3Info -> RemoteConfig -> Key -> Annex (Either String [URLString])
|
|
|
|
getPublicWebUrls' u info c k
|
|
|
|
| not (public info) = return $ Left $
|
|
|
|
"S3 bucket does not allow public access; " ++ needS3Creds u
|
2018-09-06 20:03:15 +00:00
|
|
|
| exportTree c = if versioning info
|
|
|
|
then case publicurl info of
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
Just url -> getversionid (const $ genericPublicUrl url)
|
2018-09-06 20:03:15 +00:00
|
|
|
Nothing -> case host info of
|
|
|
|
Just h | h == AWS.s3DefaultHost ->
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
getversionid awsPublicUrl
|
|
|
|
_ -> return nopublicurl
|
|
|
|
else return (Left "exporttree used without versioning")
|
2018-09-06 20:03:15 +00:00
|
|
|
| otherwise = case getPublicUrlMaker info of
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
Just geturl -> return (Right [geturl $ bucketObject info k])
|
|
|
|
Nothing -> return nopublicurl
|
|
|
|
where
|
|
|
|
nopublicurl = Left "No publicurl is configured for this remote"
|
|
|
|
getversionid url = getS3VersionIDPublicUrls url info u k >>= \case
|
|
|
|
[] -> return (Left "Remote is configured to use versioning, but no S3 version ID is recorded for this key")
|
|
|
|
l -> return (Right l)
|
2015-06-05 20:52:38 +00:00
|
|
|
|
2018-09-06 20:03:15 +00:00
|
|
|
getPublicUrlMaker :: S3Info -> Maybe (BucketObject -> URLString)
|
|
|
|
getPublicUrlMaker info = case publicurl info of
|
|
|
|
Just url -> Just (genericPublicUrl url)
|
|
|
|
Nothing -> case host info of
|
|
|
|
Just h
|
|
|
|
| h == AWS.s3DefaultHost ->
|
|
|
|
Just (awsPublicUrl info)
|
|
|
|
| isIAHost h ->
|
|
|
|
Just (iaPublicUrl info)
|
|
|
|
_ -> Nothing
|
|
|
|
|
|
|
|
|
2019-01-07 19:51:05 +00:00
|
|
|
data S3VersionID = S3VersionID S3.Object T.Text
|
2018-08-30 18:22:26 +00:00
|
|
|
deriving (Show)
|
|
|
|
|
|
|
|
-- smart constructor
|
2018-08-30 18:47:52 +00:00
|
|
|
mkS3VersionID :: S3.Object -> Maybe T.Text -> Maybe S3VersionID
|
2019-01-07 19:51:05 +00:00
|
|
|
mkS3VersionID o (Just t)
|
|
|
|
| T.null t = Nothing
|
2018-08-30 18:22:26 +00:00
|
|
|
-- AWS documentation says a version ID is at most 1024 bytes long.
|
|
|
|
-- Since they are stored in the git-annex branch, prevent them from
|
|
|
|
-- being very much larger than that.
|
2019-01-07 19:51:05 +00:00
|
|
|
| T.length t < 2048 = Just (S3VersionID o t)
|
2018-08-30 18:22:26 +00:00
|
|
|
| otherwise = Nothing
|
2019-01-07 19:51:05 +00:00
|
|
|
mkS3VersionID _ Nothing = Nothing
|
2018-08-30 18:22:26 +00:00
|
|
|
|
2018-09-06 18:31:41 +00:00
|
|
|
-- Format for storage in per-remote metadata.
|
|
|
|
--
|
2018-08-31 17:49:08 +00:00
|
|
|
-- A S3 version ID is "url ready" so does not contain '#' and so we'll use
|
|
|
|
-- that to separate it from the object id. (Could use a space, but spaces
|
|
|
|
-- in metadata values lead to an inefficient encoding.)
|
2019-01-07 19:51:05 +00:00
|
|
|
formatS3VersionID :: S3VersionID -> BS.ByteString
|
|
|
|
formatS3VersionID (S3VersionID o v) = T.encodeUtf8 v <> "#" <> T.encodeUtf8 o
|
2018-08-30 18:22:26 +00:00
|
|
|
|
2018-09-06 18:31:41 +00:00
|
|
|
-- Parse from value stored in per-remote metadata.
|
2019-01-07 19:51:05 +00:00
|
|
|
parseS3VersionID :: BS.ByteString -> Maybe S3VersionID
|
|
|
|
parseS3VersionID b = do
|
|
|
|
let (v, rest) = B8.break (== '#') b
|
|
|
|
o <- eitherToMaybe $ T.decodeUtf8' $ BS.drop 1 rest
|
|
|
|
mkS3VersionID o (eitherToMaybe $ T.decodeUtf8' v)
|
2018-08-30 18:47:52 +00:00
|
|
|
|
|
|
|
setS3VersionID :: S3Info -> UUID -> Key -> Maybe S3VersionID -> Annex ()
|
|
|
|
setS3VersionID info u k vid
|
|
|
|
| versioning info = maybe noop (setS3VersionID' u k) vid
|
|
|
|
| otherwise = noop
|
|
|
|
|
|
|
|
setS3VersionID' :: UUID -> Key -> S3VersionID -> Annex ()
|
2018-08-31 17:12:58 +00:00
|
|
|
setS3VersionID' u k vid = addRemoteMetaData k $
|
|
|
|
RemoteMetaData u (updateMetaData s3VersionField v emptyMetaData)
|
|
|
|
where
|
|
|
|
v = mkMetaValue (CurrentlySet True) (formatS3VersionID vid)
|
2018-08-30 18:47:52 +00:00
|
|
|
|
2018-08-31 17:12:58 +00:00
|
|
|
getS3VersionID :: UUID -> Key -> Annex [S3VersionID]
|
|
|
|
getS3VersionID u k = do
|
|
|
|
(RemoteMetaData _ m) <- getCurrentRemoteMetaData u k
|
|
|
|
return $ mapMaybe parseS3VersionID $ map unwrap $ S.toList $
|
|
|
|
metaDataValues s3VersionField m
|
|
|
|
where
|
|
|
|
unwrap (MetaValue _ v) = v
|
|
|
|
|
|
|
|
s3VersionField :: MetaField
|
|
|
|
s3VersionField = mkMetaFieldUnchecked "V"
|
|
|
|
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
eitherS3VersionID :: S3Info -> UUID -> RemoteConfig -> Key -> S3.Object -> Annex (Either String (Either S3.Object S3VersionID))
|
|
|
|
eitherS3VersionID info u c k fallback
|
2018-08-31 17:12:58 +00:00
|
|
|
| versioning info = getS3VersionID u k >>= return . \case
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
[] -> if exportTree c
|
|
|
|
then Left "Remote is configured to use versioning, but no S3 version ID is recorded for this key"
|
|
|
|
else Right (Left fallback)
|
2018-08-31 17:12:58 +00:00
|
|
|
-- It's possible for a key to be stored multiple timees in
|
|
|
|
-- a bucket with different version IDs; only use one of them.
|
S3: Improve diagnostics when a remote is configured with exporttree and versioning, but no S3 version id has been recorded for a key.
When public access is used for the remote, it complained that the user
needed to set creds to use it, which was just wrong.
When creds were being used, it fell back from trying to use the version ID
to just accessing the key in the bucket, which was ok for non-export
remotes, but wrong for buckets.
In both cases, display a hopefully useful warning.
This should only come up when an existing S3 remote has been exported
to, and then later versioning was enabled.
Note that it would perhaps be possible to fall back from trying to use
retrieveKeyFile when it fails and instead use retrieveKeyFileFromExport,
which may work when S3 version ID is missing. But there are problems
with that approach; how to tell when retrieveKeyFile has failed due to this
rather than a network problem etc? Anyway, that approach would only work
until the file in the export got overwritten, and then it would no
longer be accessible. And with versioning enabled, the user wants old
versions of objects to remain accessible, so it seems better to warn
about the problem as soon as possible, so they can go back and add S3
version IDs.
This work is supported by the NIH-funded NICEMAN (ReproNim TR&D3) project.
2018-12-06 17:43:18 +00:00
|
|
|
(v:_) -> Right (Right v)
|
|
|
|
| otherwise = return (Right (Left fallback))
|
2018-09-06 18:31:41 +00:00
|
|
|
|
|
|
|
s3VersionIDPublicUrl :: (S3Info -> BucketObject -> URLString) -> S3Info -> S3VersionID -> URLString
|
|
|
|
s3VersionIDPublicUrl mk info (S3VersionID obj vid) = mk info $ concat
|
|
|
|
[ T.unpack obj
|
|
|
|
, "?versionId="
|
2019-01-07 19:51:05 +00:00
|
|
|
, T.unpack vid -- version ID is "url ready" so no escaping needed
|
2018-09-06 18:31:41 +00:00
|
|
|
]
|
|
|
|
|
|
|
|
getS3VersionIDPublicUrls :: (S3Info -> BucketObject -> URLString) -> S3Info -> UUID -> Key -> Annex [URLString]
|
|
|
|
getS3VersionIDPublicUrls mk info u k =
|
|
|
|
map (s3VersionIDPublicUrl mk info) <$> getS3VersionID u k
|
2019-01-29 17:44:55 +00:00
|
|
|
|
2019-01-29 18:08:42 +00:00
|
|
|
-- Enable versioning on the bucket can only be done at init time;
|
|
|
|
-- setting versioning in a bucket that git-annex has already exported
|
|
|
|
-- files to risks losing the content of those un-versioned files.
|
|
|
|
enableBucketVersioning :: SetupStage -> RemoteConfig -> RemoteGitConfig -> UUID -> Annex ()
|
|
|
|
enableBucketVersioning ss c gc u = do
|
|
|
|
info <- extractS3Info c
|
|
|
|
case ss of
|
|
|
|
Init -> when (versioning info) $
|
|
|
|
enableversioning (bucket info)
|
|
|
|
Enable oldc -> do
|
|
|
|
oldinfo <- extractS3Info oldc
|
|
|
|
when (versioning info /= versioning oldinfo) $
|
|
|
|
giveup "Cannot change versioning= of existing S3 remote."
|
|
|
|
where
|
|
|
|
enableversioning b = do
|
2019-01-29 17:44:55 +00:00
|
|
|
#if MIN_VERSION_aws(0,22,0)
|
2019-01-29 18:08:42 +00:00
|
|
|
showAction "enabling bucket versioning"
|
|
|
|
withS3Handle c gc u $ \h ->
|
|
|
|
void $ sendS3Handle h $ S3.putBucketVersioning b S3.VersioningEnabled
|
2019-01-29 17:44:55 +00:00
|
|
|
#else
|
2019-01-29 18:08:42 +00:00
|
|
|
showLongNote $ unlines
|
|
|
|
[ "This version of git-annex cannot auto-enable S3 bucket versioning."
|
|
|
|
, "You need to manually enable versioning in the S3 console"
|
|
|
|
, "for the bucket \"" ++ T.unpack b ++ "\""
|
|
|
|
, "https://docs.aws.amazon.com/AmazonS3/latest/user-guide/enable-versioning.html"
|
|
|
|
, "It's important you enable versioning before storing anything in the bucket!"
|
|
|
|
]
|
2019-01-29 17:44:55 +00:00
|
|
|
#endif
|
2019-01-29 19:07:27 +00:00
|
|
|
|
|
|
|
-- If the remote has versioning enabled, but the version ID is for some
|
|
|
|
-- reason not being recorded, it's not safe to perform an action that
|
|
|
|
-- will remove the unversioned file. The file may be the only copy of an
|
|
|
|
-- annex object.
|
|
|
|
--
|
|
|
|
-- This code could be removed eventually, since enableBucketVersioning
|
|
|
|
-- will avoid this situation. Before that was added, some remotes
|
|
|
|
-- were created without versioning, some unversioned files exported to
|
|
|
|
-- them, and then versioning enabled, and this is to avoid data loss in
|
|
|
|
-- those cases.
|
|
|
|
checkVersioning :: S3Info -> UUID -> Key -> Annex Bool -> Annex Bool
|
|
|
|
checkVersioning info u k a
|
|
|
|
| versioning info = getS3VersionID u k >>= \case
|
|
|
|
[] -> do
|
|
|
|
warning $ "Remote is configured to use versioning, but no S3 version ID is recorded for this key, so it cannot safely be modified."
|
|
|
|
return False
|
|
|
|
_ -> a
|
|
|
|
| otherwise = a
|