TrueCloudLab/frostfs-s3-gw
17
3
Fork 19
Code Issues 28 Pull requests 6 Projects Releases 18 Packages Activity Actions

[#154] Rename access key to secret key #229

Merged
alexvanin merged 1 commit from :feature/154-rename_access_key into master 2023-10-06 09:20:40 +00:00
Conversation 2 Commits 1 Files changed 8 +23 -23
r.loginov commented 2023-10-02 09:58:20 +00:00
Member
Copy link

closes #154

Signed-off-by: Roman Loginov r.loginov@yadro.com

closes #154 Signed-off-by: Roman Loginov <r.loginov@yadro.com>
r.loginov self-assigned this 2023-10-02 09:58:20 +00:00
r.loginov added 1 commit 2023-10-02 09:58:22 +00:00
[#154] Rename access key to secret key
All checks were successful
/ DCO (pull_request) Successful in 1m19s
Details
/ Builds (1.20) (pull_request) Successful in 1m55s
Details
/ Builds (1.21) (pull_request) Successful in 1m49s
Details
/ Vulncheck (pull_request) Successful in 4m52s
Details
/ Lint (pull_request) Successful in 3m3s
Details
/ Tests (1.20) (pull_request) Successful in 7m59s
Details
/ Tests (1.21) (pull_request) Successful in 1m27s
Details
8a5295dea9 
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
r.loginov requested review from storage-services-committers 2023-10-02 10:07:59 +00:00
r.loginov requested review from storage-services-developers 2023-10-02 10:08:00 +00:00
mbiryukova approved these changes 2023-10-02 15:25:52 +00:00
dkirillov approved these changes 2023-10-04 07:50:16 +00:00
dkirillov left a comment
Member
Copy link

LGTM

LGTM
alexvanin commented 2023-10-04 11:12:04 +00:00
Owner
Copy link

@r.loginov Can you check compatibility by using frostfs-aio on current master branch and gateway from this branch?

  1. Start environment with make up s3cred and receive some access key and secret key
  2. Start frostfs-s3 gateway on your local machine and point it to frostfs-aio
  3. Try to use credentials from step 1 to create bucket and object.

Here is a small config to run s3 gateway with aio.

wallet:
  path: ../frostfs-aio/s3-gw/s3-gw-wallet.json
  passphrase: ""

peers:
  0:
    address: localhost:8080
    priority: 1
    weight: 1

server:
  - address: 0.0.0.0:8884

logger:
  level: debug

rpc_endpoint: http://localhost:30333
resolve_order:
  - nns

placement_policy:
  default: REP 1
@r.loginov Can you check compatibility by using frostfs-aio on current master branch and gateway from this branch? 1. Start environment with `make up s3cred` and receive some access key and secret key 2. Start frostfs-s3 gateway on your local machine and point it to frostfs-aio 3. Try to use credentials from step 1 to create bucket and object. Here is a small config to run s3 gateway with aio. ```yaml wallet: path: ../frostfs-aio/s3-gw/s3-gw-wallet.json passphrase: "" peers: 0: address: localhost:8080 priority: 1 weight: 1 server: - address: 0.0.0.0:8884 logger: level: debug rpc_endpoint: http://localhost:30333 resolve_order: - nns placement_policy: default: REP 1 ```
alexvanin commented 2023-10-04 11:22:15 +00:00
Owner
Copy link

I request one more change. Rename OwnerPublicKey to SeedKey in access box message.

In fact this is a random public key which is created on every new access box object and it is used as random seed to generate shared secret data.

OwnerPublicKey may be referenced as public key of the wallet which signed tokens in the box, but it is not. @pogpp felt into this bad naming once.

// Creating
ephemeralKey, err := keys.NewPrivateKey()
...
box.OwnerPublicKey = ephemeralKey.PublicKey().Bytes()

// Encoding secret
func encrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) {
    enc, err := getCipher(owner, sender) // sender is a bad naming, also rename to seedKey.

// Decoding secret
func decrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) {
	dec, err := getCipher(owner, sender) // sender is a bad naming, also rename to seedKey.
I request one more change. Rename `OwnerPublicKey` to `SeedKey` in access box message. In fact this is a random public key which is created on every new access box object and it is used as random seed to generate shared secret data. `OwnerPublicKey` may be referenced as public key of the wallet which signed tokens in the box, but it is not. @pogpp felt into this bad naming once. ``` go // Creating ephemeralKey, err := keys.NewPrivateKey() ... box.OwnerPublicKey = ephemeralKey.PublicKey().Bytes() // Encoding secret func encrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) { enc, err := getCipher(owner, sender) // sender is a bad naming, also rename to seedKey. // Decoding secret func decrypt(owner *keys.PrivateKey, sender *keys.PublicKey, data []byte) ([]byte, error) { dec, err := getCipher(owner, sender) // sender is a bad naming, also rename to seedKey. ```
alexvanin requested review from pogpp 2023-10-04 11:24:18 +00:00
ironbee approved these changes 2023-10-06 07:29:53 +00:00
alexvanin merged commit e3f2d59565 into master 2023-10-06 09:20:40 +00:00
alexvanin deleted branch feature/154-rename_access_key 2023-10-06 09:20:41 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
mbiryukova
dkirillov
pogpp
ironbee
Labels
Clear labels   
P0

Highest

  
P1

High

  
P2

Medium

  
P3

Low

  
good first issue

Good for newcomers

  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
P0
P1
P2
P3
good first issue
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
r.loginov
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-s3-gw#229
No description provided.
Delete branch ":feature/154-rename_access_key"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?