From fcde457bf4a504cb20627a31ed91eca7ad8e7291 Mon Sep 17 00:00:00 2001
From: Dmitriy Zayakin <d.zayakin@yadro.com>
Date: Wed, 21 Jun 2023 13:02:16 +0300
Subject: [PATCH] Change s3 auth func

Signed-off-by: Dmitriy Zayakin <d.zayakin@yadro.com>
---
 .../controllers/cluster_state_controller.py   |  0
 src/frostfs_testlib/steps/s3/s3_helper.py     | 74 +++++++++----------
 2 files changed, 37 insertions(+), 37 deletions(-)
 delete mode 100644 src/frostfs_testlib/controllers/cluster_state_controller.py

diff --git a/src/frostfs_testlib/controllers/cluster_state_controller.py b/src/frostfs_testlib/controllers/cluster_state_controller.py
deleted file mode 100644
index e69de29..0000000
diff --git a/src/frostfs_testlib/steps/s3/s3_helper.py b/src/frostfs_testlib/steps/s3/s3_helper.py
index 0c6c448..d6c2095 100644
--- a/src/frostfs_testlib/steps/s3/s3_helper.py
+++ b/src/frostfs_testlib/steps/s3/s3_helper.py
@@ -8,17 +8,20 @@ from typing import Optional
 
 from dateutil.parser import parse
 
+from frostfs_testlib.cli import FrostfsAuthmate
 from frostfs_testlib.reporter import get_reporter
 from frostfs_testlib.resources.cli import FROSTFS_AUTHMATE_EXEC
 from frostfs_testlib.resources.common import CREDENTIALS_CREATE_TIMEOUT
 from frostfs_testlib.s3 import S3ClientWrapper, VersioningStatus
-from frostfs_testlib.shell import Shell
+from frostfs_testlib.shell import CommandOptions, InteractiveInput, Shell
+from frostfs_testlib.shell.interfaces import SshCredentials
 from frostfs_testlib.steps.cli.container import (
     search_container_by_name,
     search_nodes_with_container,
 )
 from frostfs_testlib.storage.cluster import Cluster, ClusterNode
 from frostfs_testlib.storage.dataclasses.frostfs_services import S3Gate
+from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
 from frostfs_testlib.utils.cli_utils import _run_with_passwd
 
 reporter = get_reporter()
@@ -183,48 +186,45 @@ def assert_s3_acl(acl_grants: list, permitted_users: str):
 
 @reporter.step_deco("Init S3 Credentials")
 def init_s3_credentials(
-    wallet_path: str,
+    wallet: WalletInfo,
+    shell: Shell,
     cluster: Cluster,
     s3_bearer_rules_file: str,
     policy: Optional[dict] = None,
+    s3gates: Optional[list[S3Gate]] = None,
 ):
+    gate_public_keys = []
     bucket = str(uuid.uuid4())
-
-    s3gate_node = cluster.services(S3Gate)[0]
-    gate_public_key = s3gate_node.get_wallet_public_key()
-    cmd = (
-        f"{FROSTFS_AUTHMATE_EXEC} --debug --with-log --timeout {CREDENTIALS_CREATE_TIMEOUT} "
-        f"issue-secret --wallet {wallet_path} --gate-public-key={gate_public_key} "
-        f"--peer {cluster.default_rpc_endpoint} --container-friendly-name {bucket} "
-        f"--bearer-rules {s3_bearer_rules_file}"
+    if not s3gates:
+        s3gates = [cluster.s3_gates[0]]
+    for s3gate in s3gates:
+        gate_public_keys.append(s3gate.get_wallet_public_key())
+    frostfs_authmate_exec: FrostfsAuthmate = FrostfsAuthmate(shell, FROSTFS_AUTHMATE_EXEC)
+    issue_secret_output = frostfs_authmate_exec.secret.issue(
+        wallet=wallet.path,
+        peer=cluster.default_rpc_endpoint,
+        bearer_rules=s3_bearer_rules_file,
+        gate_public_key=gate_public_keys,
+        wallet_password=wallet.password,
+        container_policy=policy,
+        container_friendly_name=bucket,
+    ).stdout
+    aws_access_key_id = str(
+        re.search(r"access_key_id.*:\s.(?P<aws_access_key_id>\w*)", issue_secret_output).group(
+            "aws_access_key_id"
+        )
     )
-    if policy:
-        cmd += f" --container-policy {policy}'"
-    logger.info(f"Executing command: {cmd}")
-
-    try:
-        output = _run_with_passwd(cmd)
-        logger.info(f"Command completed with output: {output}")
-
-        # output contains some debug info and then several JSON structures, so we find each
-        # JSON structure by curly brackets (naive approach, but works while JSON is not nested)
-        # and then we take JSON containing secret_access_key
-        json_blocks = re.findall(r"\{.*?\}", output, re.DOTALL)
-        for json_block in json_blocks:
-            try:
-                parsed_json_block = json.loads(json_block)
-                if "secret_access_key" in parsed_json_block:
-                    return (
-                        parsed_json_block["container_id"],
-                        parsed_json_block["access_key_id"],
-                        parsed_json_block["secret_access_key"],
-                    )
-            except json.JSONDecodeError:
-                raise AssertionError(f"Could not parse info from output\n{output}")
-        raise AssertionError(f"Could not find AWS credentials in output:\n{output}")
-
-    except Exception as exc:
-        raise RuntimeError(f"Failed to init s3 credentials because of error\n{exc}") from exc
+    aws_secret_access_key = str(
+        re.search(
+            r"secret_access_key.*:\s.(?P<aws_secret_access_key>\w*)", issue_secret_output
+        ).group("aws_secret_access_key")
+    )
+    cid = str(
+        re.search(r"container_id.*:\s.(?P<container_id>\w*)", issue_secret_output).group(
+            "container_id"
+        )
+    )
+    return cid, aws_access_key_id, aws_secret_access_key
 
 
 @reporter.step_deco("Delete bucket with all objects")