Merge pull request #166 from masterSplinter01/164-access_key_numeric

Change delimiter in acesskeyID
This commit is contained in:
Alex Vanin 2021-07-16 15:22:10 +03:00 committed by GitHub
commit 739c04a274
3 changed files with 10 additions and 6 deletions

View file

@ -292,7 +292,7 @@ $ ./neofs-authmate issue-secret --wallet wallet.json \
Enter password for wallet.json > Enter password for wallet.json >
{ {
"access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM", "access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM",
"secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c", "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c",
"owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a" "owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a"
} }
@ -301,6 +301,9 @@ Enter password for wallet.json >
Access key ID and secret access key are AWS credentials that you can use with Access key ID and secret access key are AWS credentials that you can use with
any S3 client. any S3 client.
Access key ID consists of Base58 encoded containerID(cid) and objectID(oid) stored on the NeoFS network and containing
the secret. Format of access_key_id: `%cid0%oid`, where 0(zero) is a delimiter.
#### Obtainment of a secret access key #### Obtainment of a secret access key
You can get a secret access key associated with access key ID by obtaining a You can get a secret access key associated with access key ID by obtaining a
@ -312,7 +315,7 @@ and other (for `gate-wallet.json`) interactively:
./neofs-authmate obtain-secret --wallet wallet.json \ ./neofs-authmate obtain-secret --wallet wallet.json \
--peer 192.168.130.71:8080 \ --peer 192.168.130.71:8080 \
--gate-wallet gate-wallet.json \ --gate-wallet gate-wallet.json \
--access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM --access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
Enter password for gate-wallet.json > Enter password for gate-wallet.json >
{ {
@ -336,7 +339,7 @@ $ aws configure
after you enter this command, the AWS CLI will prompt you for four pieces of information, like in this example after you enter this command, the AWS CLI will prompt you for four pieces of information, like in this example
(replace with your own values): (replace with your own values):
``` ```
AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
AWS Secret Access Key [None]: 438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c AWS Secret Access Key [None]: 438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c
Default region name [None]: ru Default region name [None]: ru
Default output format [none]: json Default output format [none]: json

View file

@ -20,7 +20,8 @@ import (
"go.uber.org/zap" "go.uber.org/zap"
) )
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)_(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`) // authorizationFieldRegexp -- is regexp for credentials with Base58 encoded cid and oid and '0' (zero) as delimiter.
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)0(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
type ( type (
// Center is a user authentication interface. // Center is a user authentication interface.
@ -89,7 +90,7 @@ func (c *center) Authenticate(r *http.Request) (*accessbox.GateData, error) {
return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err) return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
} }
accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) accessKeyID := fmt.Sprintf("%s0%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"]) accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
address := object.NewAddress() address := object.NewAddress()

View file

@ -179,7 +179,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
return fmt.Errorf("failed to put bearer token: %w", err) return fmt.Errorf("failed to put bearer token: %w", err)
} }
accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String() accessKeyID := address.ContainerID().String() + "0" + address.ObjectID().String()
ir := &issuingResult{ ir := &issuingResult{
AccessKeyID: accessKeyID, AccessKeyID: accessKeyID,