[#241] Add aws-cli-credentials flag

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
This commit is contained in:
Denis Kirillov 2021-09-01 14:30:15 +03:00 committed by Alex Vanin
parent 07dd0e1af4
commit 345dafb29d
2 changed files with 30 additions and 1 deletions

View file

@ -8,6 +8,7 @@ import (
"fmt" "fmt"
"io" "io"
"math" "math"
"os"
"strconv" "strconv"
"time" "time"
@ -57,6 +58,7 @@ type (
ContextRules []byte ContextRules []byte
SessionTkn bool SessionTkn bool
Lifetime uint64 Lifetime uint64
AwsCliCredentialsFile string
ContainerPolicies ContainerPolicies ContainerPolicies ContainerPolicies
} }
@ -241,7 +243,26 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
enc := json.NewEncoder(w) enc := json.NewEncoder(w)
enc.SetIndent("", " ") enc.SetIndent("", " ")
return enc.Encode(ir) if err = enc.Encode(ir); err != nil {
return err
}
if options.AwsCliCredentialsFile != "" {
profileName := "authmate_cred_" + address.ObjectID().String()
if _, err = os.Stat(options.AwsCliCredentialsFile); os.IsNotExist(err) {
profileName = "default"
}
file, err := os.OpenFile(options.AwsCliCredentialsFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0600)
if err != nil {
return fmt.Errorf("couldn't open aws cli credentials file: %w", err)
}
defer file.Close()
if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
profileName, accessKeyID, secrets.AccessKey)); err != nil {
return err
}
}
return nil
} }
// ObtainSecret receives an existing secret access key from NeoFS and // ObtainSecret receives an existing secret access key from NeoFS and

View file

@ -47,6 +47,7 @@ var (
sessionTokenFlag bool sessionTokenFlag bool
lifetimeFlag uint64 lifetimeFlag uint64
containerPolicies string containerPolicies string
awcCliCredFile string
) )
const ( const (
@ -209,6 +210,12 @@ func issueSecret() *cli.Command {
Required: false, Required: false,
Destination: &containerPolicies, Destination: &containerPolicies,
}, },
&cli.StringFlag{
Name: "aws-cli-credentials",
Usage: "path to the aws cli credential file",
Required: false,
Destination: &awcCliCredFile,
},
}, },
Action: func(c *cli.Context) error { Action: func(c *cli.Context) error {
ctx, log := prepare() ctx, log := prepare()
@ -264,6 +271,7 @@ func issueSecret() *cli.Command {
ContainerPolicies: policies, ContainerPolicies: policies,
SessionTkn: sessionTokenFlag, SessionTkn: sessionTokenFlag,
Lifetime: lifetimeFlag, Lifetime: lifetimeFlag,
AwsCliCredentialsFile: awcCliCredFile,
} }
if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil { if err = agent.IssueSecret(ctx, os.Stdout, issueSecretOptions); err != nil {