forked from TrueCloudLab/frostfs-s3-gw
Merge pull request #166 from masterSplinter01/164-access_key_numeric
Change delimiter in acesskeyID
This commit is contained in:
commit
739c04a274
3 changed files with 10 additions and 6 deletions
|
@ -292,7 +292,7 @@ $ ./neofs-authmate issue-secret --wallet wallet.json \
|
||||||
|
|
||||||
Enter password for wallet.json >
|
Enter password for wallet.json >
|
||||||
{
|
{
|
||||||
"access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM",
|
"access_key_id": "5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM",
|
||||||
"secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c",
|
"secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c",
|
||||||
"owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a"
|
"owner_private_key": "274fdd6e71fc6a6b8fe77bec500254115d66d6d17347d7db0880d2eb80afc72a"
|
||||||
}
|
}
|
||||||
|
@ -301,6 +301,9 @@ Enter password for wallet.json >
|
||||||
Access key ID and secret access key are AWS credentials that you can use with
|
Access key ID and secret access key are AWS credentials that you can use with
|
||||||
any S3 client.
|
any S3 client.
|
||||||
|
|
||||||
|
Access key ID consists of Base58 encoded containerID(cid) and objectID(oid) stored on the NeoFS network and containing
|
||||||
|
the secret. Format of access_key_id: `%cid0%oid`, where 0(zero) is a delimiter.
|
||||||
|
|
||||||
#### Obtainment of a secret access key
|
#### Obtainment of a secret access key
|
||||||
|
|
||||||
You can get a secret access key associated with access key ID by obtaining a
|
You can get a secret access key associated with access key ID by obtaining a
|
||||||
|
@ -312,7 +315,7 @@ and other (for `gate-wallet.json`) interactively:
|
||||||
./neofs-authmate obtain-secret --wallet wallet.json \
|
./neofs-authmate obtain-secret --wallet wallet.json \
|
||||||
--peer 192.168.130.71:8080 \
|
--peer 192.168.130.71:8080 \
|
||||||
--gate-wallet gate-wallet.json \
|
--gate-wallet gate-wallet.json \
|
||||||
--access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
|
--access-key-id 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
|
||||||
|
|
||||||
Enter password for gate-wallet.json >
|
Enter password for gate-wallet.json >
|
||||||
{
|
{
|
||||||
|
@ -336,7 +339,7 @@ $ aws configure
|
||||||
after you enter this command, the AWS CLI will prompt you for four pieces of information, like in this example
|
after you enter this command, the AWS CLI will prompt you for four pieces of information, like in this example
|
||||||
(replace with your own values):
|
(replace with your own values):
|
||||||
```
|
```
|
||||||
AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT_AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
|
AWS Access Key ID [None]: 5g933dyLEkXbbAspouhPPTiyLZRg4axBW1axSPD87eVT0AiXsH4AjYy1iTJ4C1WExzjBrSobJsQFWEyKLREe5sQYM
|
||||||
AWS Secret Access Key [None]: 438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c
|
AWS Secret Access Key [None]: 438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c
|
||||||
Default region name [None]: ru
|
Default region name [None]: ru
|
||||||
Default output format [none]: json
|
Default output format [none]: json
|
||||||
|
|
|
@ -20,7 +20,8 @@ import (
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
|
||||||
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)_(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
|
// authorizationFieldRegexp -- is regexp for credentials with Base58 encoded cid and oid and '0' (zero) as delimiter.
|
||||||
|
var authorizationFieldRegexp = regexp.MustCompile(`AWS4-HMAC-SHA256 Credential=(?P<access_key_id_cid>[^/]+)0(?P<access_key_id_oid>[^/]+)/(?P<date>[^/]+)/(?P<region>[^/]*)/(?P<service>[^/]+)/aws4_request,\s*SignedHeaders=(?P<signed_header_fields>.+),\s*Signature=(?P<v4_signature>.+)`)
|
||||||
|
|
||||||
type (
|
type (
|
||||||
// Center is a user authentication interface.
|
// Center is a user authentication interface.
|
||||||
|
@ -89,7 +90,7 @@ func (c *center) Authenticate(r *http.Request) (*accessbox.GateData, error) {
|
||||||
return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
|
return nil, fmt.Errorf("failed to parse x-amz-date header field: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
accessKeyID := fmt.Sprintf("%s_%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
accessKeyID := fmt.Sprintf("%s0%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
||||||
accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
accessKeyAddress := fmt.Sprintf("%s/%s", sms1["access_key_id_cid"], sms1["access_key_id_oid"])
|
||||||
|
|
||||||
address := object.NewAddress()
|
address := object.NewAddress()
|
||||||
|
|
|
@ -179,7 +179,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
|
||||||
return fmt.Errorf("failed to put bearer token: %w", err)
|
return fmt.Errorf("failed to put bearer token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
accessKeyID := address.ContainerID().String() + "_" + address.ObjectID().String()
|
accessKeyID := address.ContainerID().String() + "0" + address.ObjectID().String()
|
||||||
|
|
||||||
ir := &issuingResult{
|
ir := &issuingResult{
|
||||||
AccessKeyID: accessKeyID,
|
AccessKeyID: accessKeyID,
|
||||||
|
|
Loading…
Reference in a new issue