forked from TrueCloudLab/frostfs-s3-gw
poc impersonate
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
6eb7966800
commit
0483556f64
5 changed files with 14 additions and 13 deletions
|
@ -329,10 +329,8 @@ func (n *layer) Owner(ctx context.Context) user.ID {
|
||||||
|
|
||||||
func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) {
|
func (n *layer) prepareAuthParameters(ctx context.Context, prm *PrmAuth, bktOwner user.ID) {
|
||||||
if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
|
if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil && bd.Gate.BearerToken != nil {
|
||||||
if bktOwner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) {
|
prm.BearerToken = bd.Gate.BearerToken
|
||||||
prm.BearerToken = bd.Gate.BearerToken
|
return
|
||||||
return
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
prm.PrivateKey = &n.anonKey.Key.PrivateKey
|
prm.PrivateKey = &n.anonKey.Key.PrivateKey
|
||||||
|
|
|
@ -349,11 +349,12 @@ func buildBearerToken(key *keys.PrivateKey, table *eacl.Table, lifetime lifetime
|
||||||
user.IDFromKey(&ownerID, (ecdsa.PublicKey)(*gateKey))
|
user.IDFromKey(&ownerID, (ecdsa.PublicKey)(*gateKey))
|
||||||
|
|
||||||
var bearerToken bearer.Token
|
var bearerToken bearer.Token
|
||||||
bearerToken.SetEACLTable(*table)
|
bearerToken.SetEACLTable(*eacl.NewTable())
|
||||||
bearerToken.ForUser(ownerID)
|
bearerToken.ForUser(ownerID)
|
||||||
bearerToken.SetExp(lifetime.Exp)
|
bearerToken.SetExp(lifetime.Exp)
|
||||||
bearerToken.SetIat(lifetime.Iat)
|
bearerToken.SetIat(lifetime.Iat)
|
||||||
bearerToken.SetNbf(lifetime.Iat)
|
bearerToken.SetNbf(lifetime.Iat)
|
||||||
|
bearerToken.SetImpersonate(true)
|
||||||
|
|
||||||
err := bearerToken.Sign(key.PrivateKey)
|
err := bearerToken.Sign(key.PrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
5
go.mod
5
go.mod
|
@ -24,6 +24,11 @@ require (
|
||||||
google.golang.org/protobuf v1.28.1
|
google.golang.org/protobuf v1.28.1
|
||||||
)
|
)
|
||||||
|
|
||||||
|
replace (
|
||||||
|
github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68 => github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447
|
||||||
|
github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20230130120602-cf64ddfb143c => github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221122223-9424a67fb108
|
||||||
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42 // indirect
|
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42 // indirect
|
||||||
github.com/TrueCloudLab/frostfs-crypto v0.5.0
|
github.com/TrueCloudLab/frostfs-crypto v0.5.0
|
||||||
|
|
8
go.sum
8
go.sum
|
@ -42,14 +42,14 @@ github.com/CityOfZion/neo-go v0.62.1-pre.0.20191114145240-e740fbe708f8/go.mod h1
|
||||||
github.com/CityOfZion/neo-go v0.70.1-pre.0.20191209120015-fccb0085941e/go.mod h1:0enZl0az8xA6PVkwzEOwPWVJGqlt/GO4hA4kmQ5Xzig=
|
github.com/CityOfZion/neo-go v0.70.1-pre.0.20191209120015-fccb0085941e/go.mod h1:0enZl0az8xA6PVkwzEOwPWVJGqlt/GO4hA4kmQ5Xzig=
|
||||||
github.com/CityOfZion/neo-go v0.70.1-pre.0.20191212173117-32ac01130d4c/go.mod h1:JtlHfeqLywZLswKIKFnAp+yzezY4Dji9qlfQKB2OD/I=
|
github.com/CityOfZion/neo-go v0.70.1-pre.0.20191212173117-32ac01130d4c/go.mod h1:JtlHfeqLywZLswKIKFnAp+yzezY4Dji9qlfQKB2OD/I=
|
||||||
github.com/CityOfZion/neo-go v0.71.1-pre.0.20200129171427-f773ec69fb84/go.mod h1:FLI526IrRWHmcsO+mHsCbj64pJZhwQFTLJZu+A4PGOA=
|
github.com/CityOfZion/neo-go v0.71.1-pre.0.20200129171427-f773ec69fb84/go.mod h1:FLI526IrRWHmcsO+mHsCbj64pJZhwQFTLJZu+A4PGOA=
|
||||||
github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68 h1:mwZr15qCuIcWojIOmH6LILPohbWIkknZe9vhBRapmfQ=
|
github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447 h1:8PH1Wdzdk96XwMQheflK9uS9lsSDtLaE9Wfr1sBq+Ng=
|
||||||
github.com/TrueCloudLab/frostfs-api-go/v2 v2.0.0-20221212144048-1351b6656d68/go.mod h1:u3P6aL/NpAIY5IFRsJhmV+61Q3pJ3BkLENqySkf5zZQ=
|
github.com/KirillovDenis/frostfs-api-go/v2 v2.11.2-0.20230221082308-ac00938fa447/go.mod h1:u3P6aL/NpAIY5IFRsJhmV+61Q3pJ3BkLENqySkf5zZQ=
|
||||||
|
github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221122223-9424a67fb108 h1:EbH3LgjwB+XuaICaWnK/ZnecSzfGSUBlwJ+kT4uOq68=
|
||||||
|
github.com/KirillovDenis/frostfs-sdk-go v0.0.0-20230221122223-9424a67fb108/go.mod h1:kEJuY2GhRZ3MFBwZvTLMlA2D5mrjjoB+g/Q2Lz1dwyQ=
|
||||||
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42 h1:P/gisZxTzJ9R3tuYDaQWe0tY6m1Zea3gzdPpNYK+NP4=
|
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42 h1:P/gisZxTzJ9R3tuYDaQWe0tY6m1Zea3gzdPpNYK+NP4=
|
||||||
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42/go.mod h1:qmf648elr+FWBZH3hqND8KVrXMnqu/e0z48k+sX8C2s=
|
github.com/TrueCloudLab/frostfs-contract v0.0.0-20221213081248-6c805c1b4e42/go.mod h1:qmf648elr+FWBZH3hqND8KVrXMnqu/e0z48k+sX8C2s=
|
||||||
github.com/TrueCloudLab/frostfs-crypto v0.5.0 h1:ZoLjixSkQv3j1EwZ1WJzMEJY2NR+9nO4Pd8WSyM/RRI=
|
github.com/TrueCloudLab/frostfs-crypto v0.5.0 h1:ZoLjixSkQv3j1EwZ1WJzMEJY2NR+9nO4Pd8WSyM/RRI=
|
||||||
github.com/TrueCloudLab/frostfs-crypto v0.5.0/go.mod h1:775MUewpH8AWpXrimAG2NYWOXB6lpKOI5kqgu+eI5zs=
|
github.com/TrueCloudLab/frostfs-crypto v0.5.0/go.mod h1:775MUewpH8AWpXrimAG2NYWOXB6lpKOI5kqgu+eI5zs=
|
||||||
github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20230130120602-cf64ddfb143c h1:7TTjeRSWHOSmFEsblebGBN4aLeZEVVN9JixQvu2tD7Q=
|
|
||||||
github.com/TrueCloudLab/frostfs-sdk-go v0.0.0-20230130120602-cf64ddfb143c/go.mod h1:J5Gv7HtN9wJ5vKMy+vOT9/D6ixPMNl2ureKNNq8dask=
|
|
||||||
github.com/TrueCloudLab/hrw v1.1.0 h1:2U69PpUX1UtMWgh/RAg6D8mQW+/WsxbLNE+19EUhLhY=
|
github.com/TrueCloudLab/hrw v1.1.0 h1:2U69PpUX1UtMWgh/RAg6D8mQW+/WsxbLNE+19EUhLhY=
|
||||||
github.com/TrueCloudLab/hrw v1.1.0/go.mod h1:Pzi8Hy3qx12cew+ajVxgbtDVM4sRG9/gJnJLcL/yRyY=
|
github.com/TrueCloudLab/hrw v1.1.0/go.mod h1:Pzi8Hy3qx12cew+ajVxgbtDVM4sRG9/gJnJLcL/yRyY=
|
||||||
github.com/TrueCloudLab/rfc6979 v0.3.0 h1:0SYMAfQWh/TjnofqYQHy+s3rmQ5gi0fvOaDbqd60/Ic=
|
github.com/TrueCloudLab/rfc6979 v0.3.0 h1:0SYMAfQWh/TjnofqYQHy+s3rmQ5gi0fvOaDbqd60/Ic=
|
||||||
|
|
|
@ -14,7 +14,6 @@ import (
|
||||||
"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
|
"github.com/TrueCloudLab/frostfs-s3-gw/api/layer"
|
||||||
"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
|
"github.com/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
|
||||||
"github.com/TrueCloudLab/frostfs-s3-gw/internal/frostfs/services/tree"
|
"github.com/TrueCloudLab/frostfs-s3-gw/internal/frostfs/services/tree"
|
||||||
"github.com/TrueCloudLab/frostfs-sdk-go/bearer"
|
|
||||||
oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
|
oid "github.com/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||||
"github.com/TrueCloudLab/frostfs-sdk-go/user"
|
"github.com/TrueCloudLab/frostfs-sdk-go/user"
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
|
@ -1262,9 +1261,7 @@ func handleError(msg string, err error) error {
|
||||||
func getBearer(ctx context.Context, bktInfo *data.BucketInfo) []byte {
|
func getBearer(ctx context.Context, bktInfo *data.BucketInfo) []byte {
|
||||||
if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil {
|
if bd, ok := ctx.Value(api.BoxData).(*accessbox.Box); ok && bd != nil && bd.Gate != nil {
|
||||||
if bd.Gate.BearerToken != nil {
|
if bd.Gate.BearerToken != nil {
|
||||||
if bktInfo.Owner.Equals(bearer.ResolveIssuer(*bd.Gate.BearerToken)) {
|
return bd.Gate.BearerToken.Marshal()
|
||||||
return bd.Gate.BearerToken.Marshal()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in a new issue