[#41] Update credential issue process

* Register wallet key in FrostFS ID before issuing secret
* Use issue-creds script instead of Makefile command

Signed-off-by: Alex Vanin <a.vanin@yadro.com>
This commit is contained in:
Alexey Vanin 2024-07-08 15:34:55 +03:00
parent e350f078fd
commit b35b347b3e
3 changed files with 35 additions and 10 deletions

View file

@ -56,6 +56,7 @@ COPY ./vendor/locode_db /config/locode.db
COPY ./vendor/contracts/ /config/contracts
COPY ./bin/init-aio.sh /usr/bin/init-aio.sh
COPY ./bin/issue-creds.sh /usr/bin/issue-creds.sh
ENV AUTHMATE_WALLET_PASSPHRASE=""
ENV AUTHMATE_WALLET_CONTRACT_PASSPHRASE=""

View file

@ -63,19 +63,11 @@ clean: down
# Generate S3 credentials
s3cred:
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
--wallet /config/user-wallet.json \
--peer localhost:8080 \
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
--container-placement-policy "REP 1"
@docker exec aio /usr/bin/issue-creds.sh
# Generate S3 credentials based on imported wallets
s3cred-custom:
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
--wallet /wallets/$(wallet) \
--peer localhost:8080 \
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
--container-placement-policy "REP 1"
@docker exec aio /usr/bin/issue-creds.sh $(wallet)
enable-oracle:
@docker exec aio neo-go contract invokefunction -r http://localhost:30333 \

32
bin/issue-creds.sh Executable file
View file

@ -0,0 +1,32 @@
#!/bin/bash
initUser() {
/usr/bin/frostfs-s3-authmate register-user \
--wallet $WALLET_PATH \
--rpc-endpoint http://localhost:30333 \
--username $USERNAME \
--contract-wallet /config/s3-gw-wallet.json >/dev/null 2>&1 && touch $WALLET_CACHE/$USERNAME
}
issueAWS() {
/usr/bin/frostfs-s3-authmate issue-secret \
--wallet $WALLET_PATH \
--peer localhost:8080 \
--gate-public-key $S3_GATE_PUBLIC_KEY \
--container-placement-policy "REP 1"
}
S3_GATE_PUBLIC_KEY=$(neo-go wallet dump-keys -w /config/s3-gw-wallet.json | tail -1)
WALLET_PATH=/wallets/$1
if [[ -z "$1" ]]; then
WALLET_PATH=/config/user-wallet.json
fi
WALLET_CACHE=/data/wallets
mkdir -p $WALLET_CACHE
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
initUser
fi
issueAWS