forked from TrueCloudLab/frostfs-s3-gw
[#387] authmate: fix parsing session rules
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov
Alex Vanin
parent
83bb6fc020
commit
4322da90d8
2 changed files with 11 additions and 5 deletions
|
|
@ -98,6 +98,7 @@ type (
|
||||||
GatesPublicKeys []*keys.PublicKey
|
GatesPublicKeys []*keys.PublicKey
|
||||||
EACLRules []byte
|
EACLRules []byte
|
||||||
SessionTokenRules []byte
|
SessionTokenRules []byte
|
||||||
|
SkipSessionRules bool
|
||||||
Lifetime time.Duration
|
Lifetime time.Duration
|
||||||
AwsCliCredentialsFile string
|
AwsCliCredentialsFile string
|
||||||
ContainerPolicies ContainerPolicies
|
ContainerPolicies ContainerPolicies
|
||||||
|
|
@ -439,7 +440,7 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions) ([]*acc
|
||||||
gates[i] = accessbox.NewGateData(gateKey, bearerTokens[i])
|
gates[i] = accessbox.NewGateData(gateKey, bearerTokens[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
if options.SessionTokenRules != nil {
|
if !options.SkipSessionRules {
|
||||||
sessionRules, err := buildContext(options.SessionTokenRules)
|
sessionRules, err := buildContext(options.SessionTokenRules)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to build context for session token: %w", err)
|
return nil, fmt.Errorf("failed to build context for session token: %w", err)
|
||||||
|
|
|
||||||
|
|
@ -276,7 +276,7 @@ It will be ceil rounded to the nearest amount of epoch.`,
|
||||||
return cli.Exit(fmt.Sprintf("couldn't parse 'bearer-rules' flag: %s", err.Error()), 7)
|
return cli.Exit(fmt.Sprintf("couldn't parse 'bearer-rules' flag: %s", err.Error()), 7)
|
||||||
}
|
}
|
||||||
|
|
||||||
sessionRules, err := getSessionRules(sessionTokenFlag)
|
sessionRules, skipSessionRules, err := getSessionRules(sessionTokenFlag)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return cli.Exit(fmt.Sprintf("couldn't parse 'session-token' flag: %s", err.Error()), 8)
|
return cli.Exit(fmt.Sprintf("couldn't parse 'session-token' flag: %s", err.Error()), 8)
|
||||||
}
|
}
|
||||||
|
|
@ -291,6 +291,7 @@ It will be ceil rounded to the nearest amount of epoch.`,
|
||||||
GatesPublicKeys: gatesPublicKeys,
|
GatesPublicKeys: gatesPublicKeys,
|
||||||
EACLRules: bearerRules,
|
EACLRules: bearerRules,
|
||||||
SessionTokenRules: sessionRules,
|
SessionTokenRules: sessionRules,
|
||||||
|
SkipSessionRules: skipSessionRules,
|
||||||
ContainerPolicies: policies,
|
ContainerPolicies: policies,
|
||||||
Lifetime: lifetimeFlag,
|
Lifetime: lifetimeFlag,
|
||||||
AwsCliCredentialsFile: awcCliCredFile,
|
AwsCliCredentialsFile: awcCliCredFile,
|
||||||
|
|
@ -343,11 +344,15 @@ func getJSONRules(val string) ([]byte, error) {
|
||||||
return nil, fmt.Errorf("coudln't read json file or its content is invalid")
|
return nil, fmt.Errorf("coudln't read json file or its content is invalid")
|
||||||
}
|
}
|
||||||
|
|
||||||
func getSessionRules(r string) ([]byte, error) {
|
// getSessionRules reads json session rules.
|
||||||
|
// Returns true if rules must be skipped.
|
||||||
|
func getSessionRules(r string) ([]byte, bool, error) {
|
||||||
if r == "none" {
|
if r == "none" {
|
||||||
return nil, nil
|
return nil, true, nil
|
||||||
}
|
}
|
||||||
return getJSONRules(r)
|
|
||||||
|
data, err := getJSONRules(r)
|
||||||
|
return data, false, err
|
||||||
}
|
}
|
||||||
|
|
||||||
func obtainSecret() *cli.Command {
|
func obtainSecret() *cli.Command {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue