forked from TrueCloudLab/frostfs-s3-gw
Merge pull request #66 from masterSplinter01/feature/64-fix-authmate
[#64] Fix access key id
This commit is contained in:
commit
6ac5dd52d5
3 changed files with 15 additions and 9 deletions
|
@ -21,7 +21,7 @@ import (
|
|||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)/(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
|
||||
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)_(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
|
||||
|
||||
type (
|
||||
// Center is a user authentication interface.
|
||||
|
@ -88,10 +88,11 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
|
|||
return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
|
||||
}
|
||||
|
||||
accessKeyID := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
||||
accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
||||
accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
||||
|
||||
address := object.NewAddress()
|
||||
if err = address.Parse(accessKeyID); err != nil {
|
||||
if err = address.Parse(accessKeyAddress); err != nil {
|
||||
return nil, fmt.Errorf("could not parse AccessBox address: %s : %w", accessKeyID, err)
|
||||
}
|
||||
|
||||
|
|
|
@ -162,8 +162,10 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
|||
return fmt.Errorf("failed to get bearer token secret key: %w", err)
|
||||
}
|
||||
|
||||
accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String()
|
||||
|
||||
ir := &issuingResult{
|
||||
AccessKeyID: address.String(),
|
||||
AccessKeyID: accessKeyID,
|
||||
SecretAccessKey: secret,
|
||||
OwnerPrivateKey: options.OwnerPrivateKey.String(),
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"fmt"
|
||||
"os"
|
||||
"os/signal"
|
||||
"strings"
|
||||
"syscall"
|
||||
"time"
|
||||
|
||||
|
@ -37,7 +38,7 @@ var (
|
|||
peerAddressFlag string
|
||||
eaclRulesFlag string
|
||||
gatePrivateKeyFlag string
|
||||
secretAddressFlag string
|
||||
accessKeyIDFlag string
|
||||
ownerPrivateKeyFlag string
|
||||
containerIDFlag string
|
||||
containerFriendlyName string
|
||||
|
@ -311,10 +312,10 @@ func obtainSecret() *cli.Command {
|
|||
Destination: &gatePrivateKeyFlag,
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "secret-address",
|
||||
Usage: "address of a secret (i.e. access key id for s3)",
|
||||
Name: "access-key-id",
|
||||
Usage: "access key id for s3",
|
||||
Required: true,
|
||||
Destination: &secretAddressFlag,
|
||||
Destination: &accessKeyIDFlag,
|
||||
},
|
||||
},
|
||||
Action: func(c *cli.Context) error {
|
||||
|
@ -342,8 +343,10 @@ func obtainSecret() *cli.Command {
|
|||
return cli.Exit(fmt.Sprintf("failed to create owner's private key: %s", err), 4)
|
||||
}
|
||||
|
||||
secretAddress := strings.Replace(accessKeyIDFlag, "_", "/", 1)
|
||||
|
||||
obtainSecretOptions := &authmate.ObtainSecretOptions{
|
||||
SecretAddress: secretAddressFlag,
|
||||
SecretAddress: secretAddress,
|
||||
GatePrivateKey: gateCreds.PrivateKey(),
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue