forked from TrueCloudLab/frostfs-s3-gw
[#387] authmate: fix parsing session rules
Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
parent
83bb6fc020
commit
4322da90d8
2 changed files with 11 additions and 5 deletions
|
@ -98,6 +98,7 @@ type (
|
|||
GatesPublicKeys []*keys.PublicKey
|
||||
EACLRules []byte
|
||||
SessionTokenRules []byte
|
||||
SkipSessionRules bool
|
||||
Lifetime time.Duration
|
||||
AwsCliCredentialsFile string
|
||||
ContainerPolicies ContainerPolicies
|
||||
|
@ -439,7 +440,7 @@ func createTokens(options *IssueSecretOptions, lifetime lifetimeOptions) ([]*acc
|
|||
gates[i] = accessbox.NewGateData(gateKey, bearerTokens[i])
|
||||
}
|
||||
|
||||
if options.SessionTokenRules != nil {
|
||||
if !options.SkipSessionRules {
|
||||
sessionRules, err := buildContext(options.SessionTokenRules)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to build context for session token: %w", err)
|
||||
|
|
|
@ -276,7 +276,7 @@ It will be ceil rounded to the nearest amount of epoch.`,
|
|||
return cli.Exit(fmt.Sprintf("couldn't parse 'bearer-rules' flag: %s", err.Error()), 7)
|
||||
}
|
||||
|
||||
sessionRules, err := getSessionRules(sessionTokenFlag)
|
||||
sessionRules, skipSessionRules, err := getSessionRules(sessionTokenFlag)
|
||||
if err != nil {
|
||||
return cli.Exit(fmt.Sprintf("couldn't parse 'session-token' flag: %s", err.Error()), 8)
|
||||
}
|
||||
|
@ -291,6 +291,7 @@ It will be ceil rounded to the nearest amount of epoch.`,
|
|||
GatesPublicKeys: gatesPublicKeys,
|
||||
EACLRules: bearerRules,
|
||||
SessionTokenRules: sessionRules,
|
||||
SkipSessionRules: skipSessionRules,
|
||||
ContainerPolicies: policies,
|
||||
Lifetime: lifetimeFlag,
|
||||
AwsCliCredentialsFile: awcCliCredFile,
|
||||
|
@ -343,11 +344,15 @@ func getJSONRules(val string) ([]byte, error) {
|
|||
return nil, fmt.Errorf("coudln't read json file or its content is invalid")
|
||||
}
|
||||
|
||||
func getSessionRules(r string) ([]byte, error) {
|
||||
// getSessionRules reads json session rules.
|
||||
// Returns true if rules must be skipped.
|
||||
func getSessionRules(r string) ([]byte, bool, error) {
|
||||
if r == "none" {
|
||||
return nil, nil
|
||||
return nil, true, nil
|
||||
}
|
||||
return getJSONRules(r)
|
||||
|
||||
data, err := getJSONRules(r)
|
||||
return data, false, err
|
||||
}
|
||||
|
||||
func obtainSecret() *cli.Command {
|
||||
|
|
Loading…
Reference in a new issue