forked from TrueCloudLab/frostfs-s3-gw
[#241] Add aws-cli-credentials flag
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Alex Vanin
parent
07dd0e1af4
commit
345dafb29d
2 changed files with 30 additions and 1 deletions
|
|
@ -8,6 +8,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"math"
|
"math"
|
||||||
|
"os"
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
|
@ -57,6 +58,7 @@ type (
|
||||||
ContextRules []byte
|
ContextRules []byte
|
||||||
SessionTkn bool
|
SessionTkn bool
|
||||||
Lifetime uint64
|
Lifetime uint64
|
||||||
|
AwsCliCredentialsFile string
|
||||||
ContainerPolicies ContainerPolicies
|
ContainerPolicies ContainerPolicies
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -241,7 +243,26 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
||||||
|
|
||||||
enc := json.NewEncoder(w)
|
enc := json.NewEncoder(w)
|
||||||
enc.SetIndent("", " ")
|
enc.SetIndent("", " ")
|
||||||
return enc.Encode(ir)
|
if err = enc.Encode(ir); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if options.AwsCliCredentialsFile != "" {
|
||||||
|
profileName := "authmate_cred_" + address.ObjectID().String()
|
||||||
|
if _, err = os.Stat(options.AwsCliCredentialsFile); os.IsNotExist(err) {
|
||||||
|
profileName = "default"
|
||||||
|
}
|
||||||
|
file, err := os.OpenFile(options.AwsCliCredentialsFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't open aws cli credentials file: %w", err)
|
||||||
|
}
|
||||||
|
defer file.Close()
|
||||||
|
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
|
||||||
|
profileName, accessKeyID, secrets.AccessKey)); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// ObtainSecret receives an existing secret access key from NeoFS and
|
// ObtainSecret receives an existing secret access key from NeoFS and
|
||||||
|
|
|
||||||
|
|
@ -47,6 +47,7 @@ var (
|
||||||
sessionTokenFlag bool
|
sessionTokenFlag bool
|
||||||
lifetimeFlag uint64
|
lifetimeFlag uint64
|
||||||
containerPolicies string
|
containerPolicies string
|
||||||
|
awcCliCredFile string
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
@ -209,6 +210,12 @@ func issueSecret() *cli.Command {
|
||||||
Required: false,
|
Required: false,
|
||||||
Destination: &containerPolicies,
|
Destination: &containerPolicies,
|
||||||
},
|
},
|
||||||
|
&cli.StringFlag{
|
||||||
|
Name: "aws-cli-credentials",
|
||||||
|
Usage: "path to the aws cli credential file",
|
||||||
|
Required: false,
|
||||||
|
Destination: &awcCliCredFile,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
Action: func(c *cli.Context) error {
|
Action: func(c *cli.Context) error {
|
||||||
ctx, log := prepare()
|
ctx, log := prepare()
|
||||||
|
|
@ -264,6 +271,7 @@ func issueSecret() *cli.Command {
|
||||||
ContainerPolicies: policies,
|
ContainerPolicies: policies,
|
||||||
SessionTkn: sessionTokenFlag,
|
SessionTkn: sessionTokenFlag,
|
||||||
Lifetime: lifetimeFlag,
|
Lifetime: lifetimeFlag,
|
||||||
|
AwsCliCredentialsFile: awcCliCredFile,
|
||||||
}
|
}
|
||||||
|
|
||||||
if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil {
|
if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue