[#84] Make targets for issuing credentials

Signed-off-by: Nikita Zinkevich <n.zinkevich@yadro.com>

Makefile

@@ -60,6 +60,7 @@ get: $(foreach SVC, $(GET_SVCS), get.$(SVC))
 .PHONY: up
 up: up/basic
 	@$(foreach SVC, $(START_SVCS), $(shell docker-compose -f services/$(SVC)/docker-compose.yml up -d))
+	./vendor/frostfs-adm morph proxy-add-account --config frostfs-adm.yml --account=`docker container exec morph_chain neo-go wallet dump-keys -w /wallets/s3-wallet.json | head -1 | awk '{print $1}'` || die "Couldn't set s3-gw wallet as proxy wallet"
 	@echo "Full FrostFS Developer Environment is ready"
 
 # Build up FrostFS

README.md

@@ -137,6 +137,65 @@ Display addresses and host names for each running service, if available.
 
 Clean up `vendor` directory.
 
+### s3cred
+
+Registers user wallet and issues s3 credentials.
+
+Usage and default parameter values:
+```sh
+make s3cred [password=""] [contract_password=s3] [wallet=/user_wallet.json] [gate_public_key=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf]
+```
+
+As soon as the storage node is in the network map (see above) you can generate S3
+credentials:
+
+``` sh
+$ make s3cred
+{
+  "access_key_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p",
+  "secret_access_key": "d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f",
+  "owner_private_key": "140947599afd9ca89af4b358c3176eb046e554d942a0dc99a8e06f3e43c8f4ad",
+  "wallet_public_key": "0324e76288fcb900100d01802a14ef977cca45ad073561230446df14b344c858b6",
+  "container_id": "EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT"
+}                   
+```
+Running without any parameters will result in defaults which are based on the private key from
+`/user-wallet.json` file and `/wallet.json` contract wallet.
+
+Now let's configure an S3 client (AWS CLI will be used as example):
+
+``` sh
+$ aws configure
+AWS Access Key ID []: EXArWh8x1zeHG3851s1RtoCo7dowxF6rhLGA15nbMffT0AKRSjJ5fmcqf3Ht2VCAkfmPQUVARghRB77xHCA1BoN2p
+AWS Secret Access Key []: d70c1dba83f0f90bb231f06f1ce0e0dfbcfb122f4b4345a3c18d3869c359b79f
+Default region name []: us-east-1
+Default output format []: json
+```
+
+If you need to create credentials for different users, put user wallets to `wallets` dir and specify them via `wallet` parameter.
+Pass wallet password in `password` parameter if it's not default. The same is for `contract_wallet` and `gate_public_key` params.
+
+```sh
+$ make s3cred wallet=custom_wallet.json password=test
+{
+  "access_key_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys904W7xXFNKqem2ACvTRWRYJsZMCUikYFSokN7pPJziWyDi",
+  "secret_access_key": "21bb64fafa32c82417fd8b97ac56cc8a085998a3852632d52fe7042453daa440",
+  "owner_private_key": "10f6f9d7a47bb0bf68363ad8a99fe69f1493f8b6e1665b3e4e83feb2d5c7ee39",
+  "wallet_public_key": "03e38759973a6bb722baabc2dd84036a39f0b2f53d32fec45a4dacde8a50fe4b70",
+  "container_id": "jHhL5B33o16R4jQsb8wm9A3RRdS6KrTB5N4bja9Jys9"
+}
+```
+
+To get credentials from custom wallet, place it in `wallets` dir before start.
+
+### cred
+
+Usage and default parameter values:
+```sh
+make cred [password=""] [contract_password=s3] [wallet=/user_wallet.json]
+```
+The same as `s3cred`, but it doesn't issues s3 credentials.
+
 ## Contributing
 
 Feel free to contribute to this project after reading the [contributing

services/morph_chain/docker-compose.yml

@@ -19,6 +19,7 @@ services:
     - ./config.yml:/wallets/config.yml
     - ./../../vendor/hosts:/etc/hosts
     - ./../../wallets/wallet.json:/wallets/wallet.json
+    - ./../s3_gate/wallet.json:/wallets/s3-wallet.json
     - chains:/chains
 
 networks:

services/s3_gate/docker-compose.yml

@@ -12,11 +12,17 @@ services:
       internet:
         ipv4_address: ${IPV4_PREFIX}.82
     volumes:
+      # Gate wallet
       - ./wallet.json:/wallet.json
+      # Custom user wallets
+      - ./wallets:/wallets
+      # Default user wallet
+      - ./../../wallets/wallet.json:/wallets/wallet.json
       - ./tls.key:/tls.key
       - ./tls.crt:/tls.crt
       - ./../../vendor/hosts:/etc/hosts
       - ./cfg:/etc/frostfs/s3
+      - ./issue-creds.sh:/usr/bin/issue-creds.sh
     stop_signal: SIGTERM
     stop_grace_period: 15s
     env_file: [ ".env", ".s3.env", ".int_test.env" ]
@@ -34,6 +40,8 @@ services:
       - S3_GW_PEERS_2_WEIGHT=0.2
       - S3_GW_PEERS_3_ADDRESS=s04.${LOCAL_DOMAIN}:8080
       - S3_GW_PEERS_3_WEIGHT=0.2
+      - AUTHMATE_WALLET_PASSPHRASE=
+      - AUTHMATE_WALLET_CONTRACT_PASSPHRASE=s3
 
 networks:
   s3_gate_int:

services/s3_gate/issue-creds.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+initUser() {
+  /bin/frostfs-s3-authmate register-user \
+    --wallet $WALLET_PATH \
+    --rpc-endpoint http://morph-chain.frostfs.devenv:30333 \
+    --username $USERNAME \
+    --contract-wallet /wallet.json 1> /dev/null && touch $WALLET_CACHE/$USERNAME
+}
+
+issueCreds() {
+  /bin/frostfs-s3-authmate issue-secret \
+    --wallet $WALLET_PATH \
+    --peer s01.frostfs.devenv:8080 \
+    --gate-public-key $S3_GATE_PUBLIC_KEY \
+    --container-placement-policy "REP 3"
+}
+
+set -e
+
+WALLET_PATH=/wallets/$2
+if [[ -z "$2" ]]; then
+  WALLET_PATH=/wallets/wallet.json
+fi
+
+S3_GATE_PUBLIC_KEY=$3
+if [[ -z "$3" ]]; then
+  S3_GATE_PUBLIC_KEY=0313b1ac3a8076e155a7e797b24f0b650cccad5941ea59d7cfd51a024a8b2a06bf
+fi 
+
+WALLET_CACHE=/data/wallets
+mkdir -p $WALLET_CACHE
+
+USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
+if [ ! -e $WALLET_CACHE/$USERNAME ]; then
+  initUser
+fi
+
+if [ $1 == "s3" ]; then
+  issueCreds
+fi

services/s3_gate/prepare.mk

@@ -0,0 +1,14 @@
+.PHONY: s3cred register
+
+password?=
+contract_password?=s3
+gate_public_key?=
+wallet?=
+
+# Register wallet & generate S3 credentials
+s3cred:
+	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh s3 "$(wallet)" "$(gate_public_key)"
+
+# Only registers user wallet
+register:
+	@docker exec -e AUTHMATE_WALLET_PASSPHRASE="$(password)" -e AUTHMATE_WALLET_CONTRACT_PASSPHRASE="$(contract_password)" s3_gate /usr/bin/issue-creds.sh native "$(wallet)"