EliChin/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#241] Add aws-cli-credentials flag

Browse source 
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2021-09-01 14:30:15 +03:00 committed by Alex Vanin
parent 07dd0e1af4
commit 345dafb29d
2 changed files with 30 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
authmate/authmate.go
View file

@ -8,6 +8,7 @@ import (
"fmt"
"io"
"math"
"os"
"strconv"
"time"
@ -57,6 +58,7 @@ type (
ContextRules []byte
SessionTkn bool
Lifetime uint64
AwsCliCredentialsFile string
ContainerPolicies ContainerPolicies
}
@ -241,7 +243,26 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
enc := json.NewEncoder(w)
enc.SetIndent("", " ")
return enc.Encode(ir)
if err = enc.Encode(ir); err != nil {
return err
}
if options.AwsCliCredentialsFile != "" {
profileName := "authmate_cred_" + address.ObjectID().String()
if _, err = os.Stat(options.AwsCliCredentialsFile); os.IsNotExist(err) {
profileName = "default"
}
file, err := os.OpenFile(options.AwsCliCredentialsFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
if err != nil {
return fmt.Errorf("couldn't open aws cli credentials file: %w", err)
}
defer file.Close()
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
profileName, accessKeyID, secrets.AccessKey)); err != nil {
return err
}
}
return nil
}
// ObtainSecret receives an existing secret access key from NeoFS and

8
cmd/authmate/main.go
View file

@ -47,6 +47,7 @@ var (
sessionTokenFlag bool
lifetimeFlag uint64
containerPolicies string
awcCliCredFile string
)
const (
@ -209,6 +210,12 @@ func issueSecret() *cli.Command {
Required: false,
Destination: &containerPolicies,
},
&cli.StringFlag{
Name: "aws-cli-credentials",
Usage: "path to the aws cli credential file",
Required: false,
Destination: &awcCliCredFile,
},
},
Action: func(c *cli.Context) error {
ctx, log := prepare()
@ -264,6 +271,7 @@ func issueSecret() *cli.Command {
ContainerPolicies: policies,
SessionTkn: sessionTokenFlag,
Lifetime: lifetimeFlag,
AwsCliCredentialsFile: awcCliCredFile,
}
if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil {