From 8fcaf76f419fc9a3cf6d1b9e3004412093a3d415 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Fri, 9 Jun 2023 14:31:31 +0300 Subject: [PATCH] [#132] authmate: Add bearer token to `obtain-secret` result Signed-off-by: Denis Kirillov --- CHANGELOG.md | 1 + authmate/authmate.go | 2 +- docs/authmate.md | 25 ++++++++++++++++++++++--- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2062c25..af1e707 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ This document outlines major changes between releases. - Add new `kludge.use_default_xmlns_for_complete_multipart` config param (TrueCloudLab#40) - Support dump metrics descriptions (#80) - Support impersonate bearer token (#81) +- Return bearer token in `s3-authmate obtain-secret` result (#132) ### Changed - Remove object from tree and reset its cache on object deletion when it is already removed from storage (#78) diff --git a/authmate/authmate.go b/authmate/authmate.go index ca0633d..451b027 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -137,7 +137,7 @@ type ( } obtainingResult struct { - BearerToken *bearer.Token `json:"-"` + BearerToken *bearer.Token `json:"bearer_token"` SecretAccessKey string `json:"secret_access_key"` } ) diff --git a/docs/authmate.md b/docs/authmate.md index 42dc994..94c3921 100644 --- a/docs/authmate.md +++ b/docs/authmate.md @@ -24,7 +24,7 @@ potentially). 2. [Bearer tokens](#bearer-tokens) 3. [Session tokens](#session-tokens) 4. [Containers policy](#containers-policy) -3. [Obtainment of a secret](#obtainment-of-a-secret-access-key) +3. [Obtainment of a secret](#obtaining-credential-secrets) 4. [Generate presigned url](#generate-presigned-url) ## Generation of wallet @@ -252,9 +252,9 @@ can be set via parameter `--container-policy` (json-string and file path allowed } ``` -## Obtainment of a secret access key +## Obtaining credential secrets -You can get a secret access key associated with an access key ID by obtaining a +You can get a secret access key and bearer token associated with an access key ID by obtaining a secret stored on the FrostFS network. Here is an example of providing one password (for `wallet.json`) via env variable and the other (for `gate-wallet.json`) interactively: @@ -267,6 +267,25 @@ frostfs-s3-authmate obtain-secret --wallet wallet.json \ Enter password for gate-wallet.json > { + "bearer_token": { + "body": { + "eaclTable": null, + "ownerID": { + "value": "Naq5pfYuroaGE7h9o5iQsPR/1aRe5gmWrg==" + }, + "lifetime": { + "exp": "10813", + "nbf": "13", + "iat": "13" + }, + "allowImpersonate": true + }, + "signature": { + "key": "Axpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89K", + "signature": "BMIOqcNEwTughI26ivFw7vnGyzhWip8NsgSYTTf21aVkv0AH7bgE9R91gglYgS6tGNVcWZMTisYCJCT3OEQ9lkw=", + "scheme": "ECDSA_SHA512" + } + }, "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c" } ```