[#154] Rename access key to secret key

Signed-off-by: Roman Loginov <r.loginov@yadro.com>

api/auth/center.go

@@ -261,7 +261,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
 		return nil, fmt.Errorf("get box: %w", err)
 	}
 
-	secret := box.Gate.AccessKey
+	secret := box.Gate.SecretKey
 	service, region := submatches["service"], submatches["region"]
 
 	signature := signStr(secret, service, region, signatureDateTime, policy)
@@ -294,7 +294,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
 }
 
 func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
-	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "")
+	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "")
 	signer := v4.NewSigner(awsCreds)
 	signer.DisableURIPathEscaping = true
 

api/auth/presign_test.go

@@ -77,7 +77,7 @@ func TestCheckSign(t *testing.T) {
 
 	expBox := &accessbox.Box{
 		Gate: &accessbox.GateData{
-			AccessKey: secretKey,
+			SecretKey: secretKey,
 		},
 	}
 

api/handler/put_test.go

@@ -292,7 +292,7 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
 	}))
 	req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{
 		Gate: &accessbox.GateData{
-			AccessKey: AWSSecretAccessKey,
+			SecretKey: AWSSecretAccessKey,
 		},
 	}))
 

api/handler/s3reader.go

@@ -199,7 +199,7 @@ func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, error) {
 		return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
 	}
 
-	currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.AccessKey, "")
+	currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.SecretKey, "")
 	seed, err := hex.DecodeString(authHeaders.SignatureV4)
 	if err != nil {
 		return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)

authmate/authmate.go

@@ -282,7 +282,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 	ir := &issuingResult{
 		InitialAccessKeyID: accessKeyID,
 		AccessKeyID:        accessKeyID,
-		SecretAccessKey:    secrets.AccessKey,
+		SecretAccessKey:    secrets.SecretKey,
 		OwnerPrivateKey:    hex.EncodeToString(secrets.EphemeralKey.Bytes()),
 		WalletPublicKey:    hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
 		ContainerID:        id.EncodeToString(),
@@ -305,7 +305,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 		}
 		defer file.Close()
 		if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
-			profileName, accessKeyID, secrets.AccessKey)); err != nil {
+			profileName, accessKeyID, secrets.SecretKey)); err != nil {
 			return fmt.Errorf("fails to write to file: %w", err)
 		}
 	}
@@ -321,7 +321,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
 		return fmt.Errorf("get accessbox: %w", err)
 	}
 
-	secret, err := hex.DecodeString(box.Gate.AccessKey)
+	secret, err := hex.DecodeString(box.Gate.SecretKey)
 	if err != nil {
 		return fmt.Errorf("failed to decode secret key access box: %w", err)
 	}
@@ -358,7 +358,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
 	ir := &issuingResult{
 		AccessKeyID:        accessKeyIDFromAddr(addr),
 		InitialAccessKeyID: accessKeyIDFromAddr(oldAddr),
-		SecretAccessKey:    secrets.AccessKey,
+		SecretAccessKey:    secrets.SecretKey,
 		OwnerPrivateKey:    hex.EncodeToString(secrets.EphemeralKey.Bytes()),
 		WalletPublicKey:    hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
 		ContainerID:        addr.Container().EncodeToString(),
@@ -396,7 +396,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
 
 	or := &obtainingResult{
 		BearerToken:     box.Gate.BearerToken,
-		SecretAccessKey: box.Gate.AccessKey,
+		SecretAccessKey: box.Gate.SecretKey,
 	}
 
 	enc := json.NewEncoder(w)

creds/accessbox/accessbox.go

@@ -33,7 +33,7 @@ type ContainerPolicy struct {
 
 // GateData represents gate tokens in AccessBox.
 type GateData struct {
-	AccessKey     string
+	SecretKey     string
 	BearerToken   *bearer.Token
 	SessionTokens []*session.Container
 	GateKey       *keys.PublicKey
@@ -77,9 +77,9 @@ func isAppropriateContainerContext(tok *session.Container, verb session.Containe
 	}
 }
 
-// Secrets represents AccessKey and the key to encrypt gate tokens.
+// Secrets represents SecretKey and the key to encrypt gate tokens.
 type Secrets struct {
-	AccessKey    string
+	SecretKey    string
 	EphemeralKey *keys.PrivateKey
 }
 
@@ -184,7 +184,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
 		}
 
 		tokens := new(Tokens)
-		tokens.AccessKey = secret
+		tokens.SecretKey = secret
 		tokens.BearerToken = encBearer
 		tokens.SessionTokens = encSessions
 
@@ -240,7 +240,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
 
 	gateData := NewGateData(owner.PublicKey(), &bearerTkn)
 	gateData.SessionTokens = sessionTkns
-	gateData.AccessKey = hex.EncodeToString(tokens.AccessKey)
+	gateData.SecretKey = hex.EncodeToString(tokens.SecretKey)
 	return gateData, nil
 }
 

creds/accessbox/accessbox.pb.go

@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.12.4
 // source: creds/accessbox/accessbox.proto
 
 package accessbox
@@ -88,7 +88,7 @@ type Tokens struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	AccessKey     []byte   `protobuf:"bytes,1,opt,name=accessKey,proto3" json:"accessKey,omitempty"`
+	SecretKey     []byte   `protobuf:"bytes,1,opt,name=secretKey,proto3" json:"secretKey,omitempty"`
 	BearerToken   []byte   `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"`
 	SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"`
 }
@@ -125,9 +125,9 @@ func (*Tokens) Descriptor() ([]byte, []int) {
 	return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *Tokens) GetAccessKey() []byte {
+func (x *Tokens) GetSecretKey() []byte {
 	if x != nil {
-		return x.AccessKey
+		return x.SecretKey
 	}
 	return nil
 }
@@ -284,8 +284,8 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
 	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06,
 	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f,
 	0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c,
-	0x0a, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
+	0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
 	0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
 	0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,

creds/accessbox/accessbox.proto

@@ -23,7 +23,7 @@ message AccessBox {
 }
 
 message Tokens {
-    bytes accessKey = 1 [json_name = "accessKey"];
+    bytes secretKey = 1 [json_name = "secretKey"];
     bytes bearerToken = 2 [json_name = "bearerToken"];
     repeated bytes sessionTokens = 3 [json_name = "sessionTokens"];
 }