forked from TrueCloudLab/frostfs-aio
[#41] Update credential issue process
* Register wallet key in FrostFS ID before issuing secret * Use issue-creds script instead of Makefile command Signed-off-by: Alex Vanin <a.vanin@yadro.com>
This commit is contained in:
parent
e350f078fd
commit
b35b347b3e
3 changed files with 35 additions and 10 deletions
|
@ -56,6 +56,7 @@ COPY ./vendor/locode_db /config/locode.db
|
|||
COPY ./vendor/contracts/ /config/contracts
|
||||
|
||||
COPY ./bin/init-aio.sh /usr/bin/init-aio.sh
|
||||
COPY ./bin/issue-creds.sh /usr/bin/issue-creds.sh
|
||||
|
||||
ENV AUTHMATE_WALLET_PASSPHRASE=""
|
||||
ENV AUTHMATE_WALLET_CONTRACT_PASSPHRASE=""
|
||||
|
|
12
Makefile
12
Makefile
|
@ -63,19 +63,11 @@ clean: down
|
|||
|
||||
# Generate S3 credentials
|
||||
s3cred:
|
||||
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
|
||||
--wallet /config/user-wallet.json \
|
||||
--peer localhost:8080 \
|
||||
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
|
||||
--container-placement-policy "REP 1"
|
||||
@docker exec aio /usr/bin/issue-creds.sh
|
||||
|
||||
# Generate S3 credentials based on imported wallets
|
||||
s3cred-custom:
|
||||
@docker exec aio /usr/bin/frostfs-s3-authmate issue-secret \
|
||||
--wallet /wallets/$(wallet) \
|
||||
--peer localhost:8080 \
|
||||
--gate-public-key $(S3_GATE_PUBLIC_KEY) \
|
||||
--container-placement-policy "REP 1"
|
||||
@docker exec aio /usr/bin/issue-creds.sh $(wallet)
|
||||
|
||||
enable-oracle:
|
||||
@docker exec aio neo-go contract invokefunction -r http://localhost:30333 \
|
||||
|
|
32
bin/issue-creds.sh
Executable file
32
bin/issue-creds.sh
Executable file
|
@ -0,0 +1,32 @@
|
|||
#!/bin/bash
|
||||
|
||||
initUser() {
|
||||
/usr/bin/frostfs-s3-authmate register-user \
|
||||
--wallet $WALLET_PATH \
|
||||
--rpc-endpoint http://localhost:30333 \
|
||||
--username $USERNAME \
|
||||
--contract-wallet /config/s3-gw-wallet.json >/dev/null 2>&1 && touch $WALLET_CACHE/$USERNAME
|
||||
}
|
||||
|
||||
issueAWS() {
|
||||
/usr/bin/frostfs-s3-authmate issue-secret \
|
||||
--wallet $WALLET_PATH \
|
||||
--peer localhost:8080 \
|
||||
--gate-public-key $S3_GATE_PUBLIC_KEY \
|
||||
--container-placement-policy "REP 1"
|
||||
}
|
||||
|
||||
S3_GATE_PUBLIC_KEY=$(neo-go wallet dump-keys -w /config/s3-gw-wallet.json | tail -1)
|
||||
WALLET_PATH=/wallets/$1
|
||||
if [[ -z "$1" ]]; then
|
||||
WALLET_PATH=/config/user-wallet.json
|
||||
fi
|
||||
|
||||
WALLET_CACHE=/data/wallets
|
||||
mkdir -p $WALLET_CACHE
|
||||
|
||||
USERNAME=$(echo $WALLET_PATH | md5sum | cut -d' ' -f1)
|
||||
if [ ! -e $WALLET_CACHE/$USERNAME ]; then
|
||||
initUser
|
||||
fi
|
||||
issueAWS
|
Loading…
Reference in a new issue