Change s3-auth function #40
2 changed files with 37 additions and 37 deletions
|
@ -8,17 +8,20 @@ from typing import Optional
|
||||||
|
|
||||||
from dateutil.parser import parse
|
from dateutil.parser import parse
|
||||||
|
|
||||||
|
from frostfs_testlib.cli import FrostfsAuthmate
|
||||||
from frostfs_testlib.reporter import get_reporter
|
from frostfs_testlib.reporter import get_reporter
|
||||||
from frostfs_testlib.resources.cli import FROSTFS_AUTHMATE_EXEC
|
from frostfs_testlib.resources.cli import FROSTFS_AUTHMATE_EXEC
|
||||||
from frostfs_testlib.resources.common import CREDENTIALS_CREATE_TIMEOUT
|
from frostfs_testlib.resources.common import CREDENTIALS_CREATE_TIMEOUT
|
||||||
from frostfs_testlib.s3 import S3ClientWrapper, VersioningStatus
|
from frostfs_testlib.s3 import S3ClientWrapper, VersioningStatus
|
||||||
from frostfs_testlib.shell import Shell
|
from frostfs_testlib.shell import CommandOptions, InteractiveInput, Shell
|
||||||
|
from frostfs_testlib.shell.interfaces import SshCredentials
|
||||||
from frostfs_testlib.steps.cli.container import (
|
from frostfs_testlib.steps.cli.container import (
|
||||||
search_container_by_name,
|
search_container_by_name,
|
||||||
search_nodes_with_container,
|
search_nodes_with_container,
|
||||||
)
|
)
|
||||||
from frostfs_testlib.storage.cluster import Cluster, ClusterNode
|
from frostfs_testlib.storage.cluster import Cluster, ClusterNode
|
||||||
from frostfs_testlib.storage.dataclasses.frostfs_services import S3Gate
|
from frostfs_testlib.storage.dataclasses.frostfs_services import S3Gate
|
||||||
|
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
||||||
from frostfs_testlib.utils.cli_utils import _run_with_passwd
|
from frostfs_testlib.utils.cli_utils import _run_with_passwd
|
||||||
|
|
||||||
reporter = get_reporter()
|
reporter = get_reporter()
|
||||||
|
@ -183,48 +186,45 @@ def assert_s3_acl(acl_grants: list, permitted_users: str):
|
||||||
|
|
||||||
@reporter.step_deco("Init S3 Credentials")
|
@reporter.step_deco("Init S3 Credentials")
|
||||||
def init_s3_credentials(
|
def init_s3_credentials(
|
||||||
wallet_path: str,
|
wallet: WalletInfo,
|
||||||
|
shell: Shell,
|
||||||
cluster: Cluster,
|
cluster: Cluster,
|
||||||
s3_bearer_rules_file: str,
|
s3_bearer_rules_file: str,
|
||||||
policy: Optional[dict] = None,
|
policy: Optional[dict] = None,
|
||||||
|
s3gates: Optional[list[S3Gate]] = None,
|
||||||
):
|
):
|
||||||
|
gate_public_keys = []
|
||||||
bucket = str(uuid.uuid4())
|
bucket = str(uuid.uuid4())
|
||||||
|
if not s3gates:
|
||||||
s3gate_node = cluster.services(S3Gate)[0]
|
s3gates = [cluster.s3_gates[0]]
|
||||||
gate_public_key = s3gate_node.get_wallet_public_key()
|
for s3gate in s3gates:
|
||||||
cmd = (
|
gate_public_keys.append(s3gate.get_wallet_public_key())
|
||||||
f"{FROSTFS_AUTHMATE_EXEC} --debug --with-log --timeout {CREDENTIALS_CREATE_TIMEOUT} "
|
frostfs_authmate_exec: FrostfsAuthmate = FrostfsAuthmate(shell, FROSTFS_AUTHMATE_EXEC)
|
||||||
f"issue-secret --wallet {wallet_path} --gate-public-key={gate_public_key} "
|
issue_secret_output = frostfs_authmate_exec.secret.issue(
|
||||||
f"--peer {cluster.default_rpc_endpoint} --container-friendly-name {bucket} "
|
wallet=wallet.path,
|
||||||
f"--bearer-rules {s3_bearer_rules_file}"
|
peer=cluster.default_rpc_endpoint,
|
||||||
|
bearer_rules=s3_bearer_rules_file,
|
||||||
|
gate_public_key=gate_public_keys,
|
||||||
|
wallet_password=wallet.password,
|
||||||
|
container_policy=policy,
|
||||||
|
container_friendly_name=bucket,
|
||||||
|
).stdout
|
||||||
|
aws_access_key_id = str(
|
||||||
|
re.search(r"access_key_id.*:\s.(?P<aws_access_key_id>\w*)", issue_secret_output).group(
|
||||||
|
"aws_access_key_id"
|
||||||
)
|
)
|
||||||
if policy:
|
|
||||||
cmd += f" --container-policy {policy}'"
|
|
||||||
logger.info(f"Executing command: {cmd}")
|
|
||||||
|
|
||||||
try:
|
|
||||||
output = _run_with_passwd(cmd)
|
|
||||||
logger.info(f"Command completed with output: {output}")
|
|
||||||
|
|
||||||
# output contains some debug info and then several JSON structures, so we find each
|
|
||||||
# JSON structure by curly brackets (naive approach, but works while JSON is not nested)
|
|
||||||
# and then we take JSON containing secret_access_key
|
|
||||||
json_blocks = re.findall(r"\{.*?\}", output, re.DOTALL)
|
|
||||||
for json_block in json_blocks:
|
|
||||||
try:
|
|
||||||
parsed_json_block = json.loads(json_block)
|
|
||||||
if "secret_access_key" in parsed_json_block:
|
|
||||||
return (
|
|
||||||
parsed_json_block["container_id"],
|
|
||||||
parsed_json_block["access_key_id"],
|
|
||||||
parsed_json_block["secret_access_key"],
|
|
||||||
)
|
)
|
||||||
except json.JSONDecodeError:
|
aws_secret_access_key = str(
|
||||||
raise AssertionError(f"Could not parse info from output\n{output}")
|
re.search(
|
||||||
raise AssertionError(f"Could not find AWS credentials in output:\n{output}")
|
r"secret_access_key.*:\s.(?P<aws_secret_access_key>\w*)", issue_secret_output
|
||||||
|
).group("aws_secret_access_key")
|
||||||
except Exception as exc:
|
)
|
||||||
raise RuntimeError(f"Failed to init s3 credentials because of error\n{exc}") from exc
|
cid = str(
|
||||||
|
re.search(r"container_id.*:\s.(?P<container_id>\w*)", issue_secret_output).group(
|
||||||
|
"container_id"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
return cid, aws_access_key_id, aws_secret_access_key
|
||||||
|
|
||||||
|
|
||||||
@reporter.step_deco("Delete bucket with all objects")
|
@reporter.step_deco("Delete bucket with all objects")
|
||||||
|
|
Loading…
Reference in a new issue