From fcde457bf4a504cb20627a31ed91eca7ad8e7291 Mon Sep 17 00:00:00 2001 From: Dmitriy Zayakin Date: Wed, 21 Jun 2023 13:02:16 +0300 Subject: [PATCH] Change s3 auth func Signed-off-by: Dmitriy Zayakin --- .../controllers/cluster_state_controller.py | 0 src/frostfs_testlib/steps/s3/s3_helper.py | 74 +++++++++---------- 2 files changed, 37 insertions(+), 37 deletions(-) delete mode 100644 src/frostfs_testlib/controllers/cluster_state_controller.py diff --git a/src/frostfs_testlib/controllers/cluster_state_controller.py b/src/frostfs_testlib/controllers/cluster_state_controller.py deleted file mode 100644 index e69de29..0000000 diff --git a/src/frostfs_testlib/steps/s3/s3_helper.py b/src/frostfs_testlib/steps/s3/s3_helper.py index 0c6c448..d6c2095 100644 --- a/src/frostfs_testlib/steps/s3/s3_helper.py +++ b/src/frostfs_testlib/steps/s3/s3_helper.py @@ -8,17 +8,20 @@ from typing import Optional from dateutil.parser import parse +from frostfs_testlib.cli import FrostfsAuthmate from frostfs_testlib.reporter import get_reporter from frostfs_testlib.resources.cli import FROSTFS_AUTHMATE_EXEC from frostfs_testlib.resources.common import CREDENTIALS_CREATE_TIMEOUT from frostfs_testlib.s3 import S3ClientWrapper, VersioningStatus -from frostfs_testlib.shell import Shell +from frostfs_testlib.shell import CommandOptions, InteractiveInput, Shell +from frostfs_testlib.shell.interfaces import SshCredentials from frostfs_testlib.steps.cli.container import ( search_container_by_name, search_nodes_with_container, ) from frostfs_testlib.storage.cluster import Cluster, ClusterNode from frostfs_testlib.storage.dataclasses.frostfs_services import S3Gate +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.utils.cli_utils import _run_with_passwd reporter = get_reporter() @@ -183,48 +186,45 @@ def assert_s3_acl(acl_grants: list, permitted_users: str): @reporter.step_deco("Init S3 Credentials") def init_s3_credentials( - wallet_path: str, + wallet: WalletInfo, + shell: Shell, cluster: Cluster, s3_bearer_rules_file: str, policy: Optional[dict] = None, + s3gates: Optional[list[S3Gate]] = None, ): + gate_public_keys = [] bucket = str(uuid.uuid4()) - - s3gate_node = cluster.services(S3Gate)[0] - gate_public_key = s3gate_node.get_wallet_public_key() - cmd = ( - f"{FROSTFS_AUTHMATE_EXEC} --debug --with-log --timeout {CREDENTIALS_CREATE_TIMEOUT} " - f"issue-secret --wallet {wallet_path} --gate-public-key={gate_public_key} " - f"--peer {cluster.default_rpc_endpoint} --container-friendly-name {bucket} " - f"--bearer-rules {s3_bearer_rules_file}" + if not s3gates: + s3gates = [cluster.s3_gates[0]] + for s3gate in s3gates: + gate_public_keys.append(s3gate.get_wallet_public_key()) + frostfs_authmate_exec: FrostfsAuthmate = FrostfsAuthmate(shell, FROSTFS_AUTHMATE_EXEC) + issue_secret_output = frostfs_authmate_exec.secret.issue( + wallet=wallet.path, + peer=cluster.default_rpc_endpoint, + bearer_rules=s3_bearer_rules_file, + gate_public_key=gate_public_keys, + wallet_password=wallet.password, + container_policy=policy, + container_friendly_name=bucket, + ).stdout + aws_access_key_id = str( + re.search(r"access_key_id.*:\s.(?P\w*)", issue_secret_output).group( + "aws_access_key_id" + ) ) - if policy: - cmd += f" --container-policy {policy}'" - logger.info(f"Executing command: {cmd}") - - try: - output = _run_with_passwd(cmd) - logger.info(f"Command completed with output: {output}") - - # output contains some debug info and then several JSON structures, so we find each - # JSON structure by curly brackets (naive approach, but works while JSON is not nested) - # and then we take JSON containing secret_access_key - json_blocks = re.findall(r"\{.*?\}", output, re.DOTALL) - for json_block in json_blocks: - try: - parsed_json_block = json.loads(json_block) - if "secret_access_key" in parsed_json_block: - return ( - parsed_json_block["container_id"], - parsed_json_block["access_key_id"], - parsed_json_block["secret_access_key"], - ) - except json.JSONDecodeError: - raise AssertionError(f"Could not parse info from output\n{output}") - raise AssertionError(f"Could not find AWS credentials in output:\n{output}") - - except Exception as exc: - raise RuntimeError(f"Failed to init s3 credentials because of error\n{exc}") from exc + aws_secret_access_key = str( + re.search( + r"secret_access_key.*:\s.(?P\w*)", issue_secret_output + ).group("aws_secret_access_key") + ) + cid = str( + re.search(r"container_id.*:\s.(?P\w*)", issue_secret_output).group( + "container_id" + ) + ) + return cid, aws_access_key_id, aws_secret_access_key @reporter.step_deco("Delete bucket with all objects")