[#154] Rename access key to secret key #229
8 changed files with 23 additions and 23 deletions
|
@ -261,7 +261,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
|
|||
return nil, fmt.Errorf("get box: %w", err)
|
||||
}
|
||||
|
||||
secret := box.Gate.AccessKey
|
||||
secret := box.Gate.SecretKey
|
||||
service, region := submatches["service"], submatches["region"]
|
||||
|
||||
signature := signStr(secret, service, region, signatureDateTime, policy)
|
||||
|
@ -294,7 +294,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
|
|||
}
|
||||
|
||||
func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
|
||||
awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "")
|
||||
awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "")
|
||||
signer := v4.NewSigner(awsCreds)
|
||||
signer.DisableURIPathEscaping = true
|
||||
|
||||
|
|
|
@ -77,7 +77,7 @@ func TestCheckSign(t *testing.T) {
|
|||
|
||||
expBox := &accessbox.Box{
|
||||
Gate: &accessbox.GateData{
|
||||
AccessKey: secretKey,
|
||||
SecretKey: secretKey,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -292,7 +292,7 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
|
|||
}))
|
||||
req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{
|
||||
Gate: &accessbox.GateData{
|
||||
AccessKey: AWSSecretAccessKey,
|
||||
SecretKey: AWSSecretAccessKey,
|
||||
},
|
||||
}))
|
||||
|
||||
|
|
|
@ -199,7 +199,7 @@ func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, error) {
|
|||
return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
|
||||
}
|
||||
|
||||
currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.AccessKey, "")
|
||||
currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.SecretKey, "")
|
||||
seed, err := hex.DecodeString(authHeaders.SignatureV4)
|
||||
if err != nil {
|
||||
return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
|
||||
|
|
|
@ -282,7 +282,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
|||
ir := &issuingResult{
|
||||
InitialAccessKeyID: accessKeyID,
|
||||
AccessKeyID: accessKeyID,
|
||||
SecretAccessKey: secrets.AccessKey,
|
||||
SecretAccessKey: secrets.SecretKey,
|
||||
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
||||
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
||||
ContainerID: id.EncodeToString(),
|
||||
|
@ -305,7 +305,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
|||
}
|
||||
defer file.Close()
|
||||
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
|
||||
profileName, accessKeyID, secrets.AccessKey)); err != nil {
|
||||
profileName, accessKeyID, secrets.SecretKey)); err != nil {
|
||||
return fmt.Errorf("fails to write to file: %w", err)
|
||||
}
|
||||
}
|
||||
|
@ -321,7 +321,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
|
|||
return fmt.Errorf("get accessbox: %w", err)
|
||||
}
|
||||
|
||||
secret, err := hex.DecodeString(box.Gate.AccessKey)
|
||||
secret, err := hex.DecodeString(box.Gate.SecretKey)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to decode secret key access box: %w", err)
|
||||
}
|
||||
|
@ -358,7 +358,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
|
|||
ir := &issuingResult{
|
||||
AccessKeyID: accessKeyIDFromAddr(addr),
|
||||
InitialAccessKeyID: accessKeyIDFromAddr(oldAddr),
|
||||
SecretAccessKey: secrets.AccessKey,
|
||||
SecretAccessKey: secrets.SecretKey,
|
||||
OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()),
|
||||
WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
|
||||
ContainerID: addr.Container().EncodeToString(),
|
||||
|
@ -396,7 +396,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
|
|||
|
||||
or := &obtainingResult{
|
||||
BearerToken: box.Gate.BearerToken,
|
||||
SecretAccessKey: box.Gate.AccessKey,
|
||||
SecretAccessKey: box.Gate.SecretKey,
|
||||
}
|
||||
|
||||
enc := json.NewEncoder(w)
|
||||
|
|
|
@ -33,7 +33,7 @@ type ContainerPolicy struct {
|
|||
|
||||
// GateData represents gate tokens in AccessBox.
|
||||
type GateData struct {
|
||||
AccessKey string
|
||||
SecretKey string
|
||||
BearerToken *bearer.Token
|
||||
SessionTokens []*session.Container
|
||||
GateKey *keys.PublicKey
|
||||
|
@ -77,9 +77,9 @@ func isAppropriateContainerContext(tok *session.Container, verb session.Containe
|
|||
}
|
||||
}
|
||||
|
||||
// Secrets represents AccessKey and the key to encrypt gate tokens.
|
||||
// Secrets represents SecretKey and the key to encrypt gate tokens.
|
||||
type Secrets struct {
|
||||
AccessKey string
|
||||
SecretKey string
|
||||
EphemeralKey *keys.PrivateKey
|
||||
}
|
||||
|
||||
|
@ -184,7 +184,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
|
|||
}
|
||||
|
||||
tokens := new(Tokens)
|
||||
tokens.AccessKey = secret
|
||||
tokens.SecretKey = secret
|
||||
tokens.BearerToken = encBearer
|
||||
tokens.SessionTokens = encSessions
|
||||
|
||||
|
@ -240,7 +240,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
|
|||
|
||||
gateData := NewGateData(owner.PublicKey(), &bearerTkn)
|
||||
gateData.SessionTokens = sessionTkns
|
||||
gateData.AccessKey = hex.EncodeToString(tokens.AccessKey)
|
||||
gateData.SecretKey = hex.EncodeToString(tokens.SecretKey)
|
||||
return gateData, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.1
|
||||
// protoc v3.21.12
|
||||
// protoc-gen-go v1.30.0
|
||||
// protoc v3.12.4
|
||||
// source: creds/accessbox/accessbox.proto
|
||||
|
||||
package accessbox
|
||||
|
@ -88,7 +88,7 @@ type Tokens struct {
|
|||
sizeCache protoimpl.SizeCache
|
||||
unknownFields protoimpl.UnknownFields
|
||||
|
||||
AccessKey []byte `protobuf:"bytes,1,opt,name=accessKey,proto3" json:"accessKey,omitempty"`
|
||||
SecretKey []byte `protobuf:"bytes,1,opt,name=secretKey,proto3" json:"secretKey,omitempty"`
|
||||
BearerToken []byte `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"`
|
||||
SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"`
|
||||
}
|
||||
|
@ -125,9 +125,9 @@ func (*Tokens) Descriptor() ([]byte, []int) {
|
|||
return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1}
|
||||
}
|
||||
|
||||
func (x *Tokens) GetAccessKey() []byte {
|
||||
func (x *Tokens) GetSecretKey() []byte {
|
||||
if x != nil {
|
||||
return x.AccessKey
|
||||
return x.SecretKey
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
@ -284,8 +284,8 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
|
|||
0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06,
|
||||
0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f,
|
||||
0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c,
|
||||
0x0a, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
|
||||
0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
|
||||
0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
|
||||
0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
|
||||
0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,
|
||||
|
|
|
@ -23,7 +23,7 @@ message AccessBox {
|
|||
}
|
||||
|
||||
message Tokens {
|
||||
bytes accessKey = 1 [json_name = "accessKey"];
|
||||
bytes secretKey = 1 [json_name = "secretKey"];
|
||||
bytes bearerToken = 2 [json_name = "bearerToken"];
|
||||
repeated bytes sessionTokens = 3 [json_name = "sessionTokens"];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue