From 57b7e83380d3a97a1e3a7d3a62aaf292108eb3b7 Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Mon, 14 Oct 2024 12:07:09 +0300 Subject: [PATCH] [#509] Save isCustom flag into accessbox Signed-off-by: Denis Kirillov --- creds/accessbox/accessbox.go | 13 ++-- creds/accessbox/accessbox.pb.go | 72 +++++++++++-------- creds/accessbox/accessbox.proto | 1 + creds/accessbox/accessbox_test.go | 22 +++--- creds/tokens/credentials.go | 14 ++-- .../authentication/accessbox-object.puml | 1 + .../authentication/accessbox-object.svg | 15 ++-- 7 files changed, 73 insertions(+), 65 deletions(-) diff --git a/creds/accessbox/accessbox.go b/creds/accessbox/accessbox.go index 64cbdcde..6d580f49 100644 --- a/creds/accessbox/accessbox.go +++ b/creds/accessbox/accessbox.go @@ -106,6 +106,7 @@ func PackTokens(gatesData []*GateData, secret []byte, isCustomSecret bool) (*Acc return nil, nil, fmt.Errorf("create ephemeral key: %w", err) } box.SeedKey = ephemeralKey.PublicKey().Bytes() + box.IsCustom = isCustomSecret if secret == nil { secret, err = generateSecret() @@ -127,7 +128,7 @@ func PackTokens(gatesData []*GateData, secret []byte, isCustomSecret bool) (*Acc } // GetTokens returns gate tokens from AccessBox. -func (x *AccessBox) GetTokens(owner *keys.PrivateKey, isCustomSecret bool) (*GateData, error) { +func (x *AccessBox) GetTokens(owner *keys.PrivateKey) (*GateData, error) { seedKey, err := keys.NewPublicKeyFromBytes(x.SeedKey, elliptic.P256()) if err != nil { return nil, fmt.Errorf("couldn't unmarshal SeedKey: %w", err) @@ -138,7 +139,7 @@ func (x *AccessBox) GetTokens(owner *keys.PrivateKey, isCustomSecret bool) (*Gat continue } - gateData, err := decodeGate(gate, owner, seedKey, isCustomSecret) + gateData, err := x.decodeGate(gate, owner, seedKey) if err != nil { return nil, fmt.Errorf("failed to decode gate: %w", err) } @@ -166,8 +167,8 @@ func (x *AccessBox) GetPlacementPolicy() ([]*ContainerPolicy, error) { } // GetBox parses AccessBox to Box. -func (x *AccessBox) GetBox(owner *keys.PrivateKey, isCustomSecret bool) (*Box, error) { - tokens, err := x.GetTokens(owner, isCustomSecret) +func (x *AccessBox) GetBox(owner *keys.PrivateKey) (*Box, error) { + tokens, err := x.GetTokens(owner) if err != nil { return nil, fmt.Errorf("get tokens: %w", err) } @@ -222,7 +223,7 @@ func encodeGate(ephemeralKey *keys.PrivateKey, seedKey *keys.PublicKey, tokens * return gate, nil } -func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.PublicKey, isCustomSecret bool) (*GateData, error) { +func (x *AccessBox) decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.PublicKey) (*GateData, error) { data, err := decrypt(owner, seedKey, gate.Tokens) if err != nil { return nil, fmt.Errorf("decrypt tokens: %w", err) @@ -248,7 +249,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, seedKey *keys.Publ gateData := NewGateData(owner.PublicKey(), &bearerTkn) gateData.SessionTokens = sessionTkns - if isCustomSecret { + if x.IsCustom { gateData.SecretKey = string(tokens.SecretKey) } else { gateData.SecretKey = hex.EncodeToString(tokens.SecretKey) diff --git a/creds/accessbox/accessbox.pb.go b/creds/accessbox/accessbox.pb.go index 714f2e81..dbe9517c 100644 --- a/creds/accessbox/accessbox.pb.go +++ b/creds/accessbox/accessbox.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 -// protoc v3.12.4 +// protoc-gen-go v1.34.2 +// protoc v3.21.9 // source: creds/accessbox/accessbox.proto package accessbox @@ -28,6 +28,7 @@ type AccessBox struct { SeedKey []byte `protobuf:"bytes,1,opt,name=seedKey,proto3" json:"seedKey,omitempty"` Gates []*AccessBox_Gate `protobuf:"bytes,2,rep,name=gates,proto3" json:"gates,omitempty"` ContainerPolicy []*AccessBox_ContainerPolicy `protobuf:"bytes,3,rep,name=containerPolicy,proto3" json:"containerPolicy,omitempty"` + IsCustom bool `protobuf:"varint,4,opt,name=isCustom,proto3" json:"isCustom,omitempty"` } func (x *AccessBox) Reset() { @@ -83,6 +84,13 @@ func (x *AccessBox) GetContainerPolicy() []*AccessBox_ContainerPolicy { return nil } +func (x *AccessBox) GetIsCustom() bool { + if x != nil { + return x.IsCustom + } + return false +} + type Tokens struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -261,7 +269,7 @@ var File_creds_accessbox_accessbox_proto protoreflect.FileDescriptor var file_creds_accessbox_accessbox_proto_rawDesc = []byte{ 0x0a, 0x1f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x22, 0xc7, 0x02, 0x0a, + 0x6f, 0x12, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x22, 0xe3, 0x02, 0x0a, 0x09, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x6f, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x73, 0x65, 0x65, 0x64, 0x4b, 0x65, 0x79, 0x12, 0x2f, 0x0a, 0x05, 0x67, 0x61, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, @@ -272,29 +280,31 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{ 0x2e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x2e, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x42, 0x6f, 0x78, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x44, 0x0a, 0x04, 0x47, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, - 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x67, 0x61, - 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x1a, 0x59, 0x0a, 0x0f, 0x43, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, - 0x0a, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, - 0x61, 0x69, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6c, 0x6f, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, - 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, - 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, - 0x0a, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x12, 0x24, 0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x42, 0x46, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, - 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, - 0x6c, 0x6f, 0x75, 0x64, 0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, - 0x73, 0x33, 0x2d, 0x67, 0x77, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65, - 0x6e, 0x62, 0x6f, 0x78, 0x3b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x73, 0x43, 0x75, 0x73, 0x74, 0x6f, + 0x6d, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x69, 0x73, 0x43, 0x75, 0x73, 0x74, 0x6f, + 0x6d, 0x1a, 0x44, 0x0a, 0x04, 0x47, 0x61, 0x74, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x73, 0x12, 0x24, 0x0a, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, + 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x67, 0x61, 0x74, 0x65, 0x50, 0x75, + 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x1a, 0x59, 0x0a, 0x0f, 0x43, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, 0x12, 0x6c, 0x6f, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c, 0x0a, 0x09, + 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x62, 0x65, + 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, + 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, + 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x0c, 0x52, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, + 0x6e, 0x73, 0x42, 0x46, 0x5a, 0x44, 0x67, 0x69, 0x74, 0x2e, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, + 0x73, 0x2e, 0x69, 0x6e, 0x66, 0x6f, 0x2f, 0x54, 0x72, 0x75, 0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64, + 0x4c, 0x61, 0x62, 0x2f, 0x66, 0x72, 0x6f, 0x73, 0x74, 0x66, 0x73, 0x2d, 0x73, 0x33, 0x2d, 0x67, + 0x77, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x73, 0x2f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x62, 0x6f, 0x78, + 0x3b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x62, 0x6f, 0x78, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -310,7 +320,7 @@ func file_creds_accessbox_accessbox_proto_rawDescGZIP() []byte { } var file_creds_accessbox_accessbox_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_creds_accessbox_accessbox_proto_goTypes = []interface{}{ +var file_creds_accessbox_accessbox_proto_goTypes = []any{ (*AccessBox)(nil), // 0: accessbox.AccessBox (*Tokens)(nil), // 1: accessbox.Tokens (*AccessBox_Gate)(nil), // 2: accessbox.AccessBox.Gate @@ -332,7 +342,7 @@ func file_creds_accessbox_accessbox_proto_init() { return } if !protoimpl.UnsafeEnabled { - file_creds_accessbox_accessbox_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + file_creds_accessbox_accessbox_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*AccessBox); i { case 0: return &v.state @@ -344,7 +354,7 @@ func file_creds_accessbox_accessbox_proto_init() { return nil } } - file_creds_accessbox_accessbox_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + file_creds_accessbox_accessbox_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*Tokens); i { case 0: return &v.state @@ -356,7 +366,7 @@ func file_creds_accessbox_accessbox_proto_init() { return nil } } - file_creds_accessbox_accessbox_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + file_creds_accessbox_accessbox_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*AccessBox_Gate); i { case 0: return &v.state @@ -368,7 +378,7 @@ func file_creds_accessbox_accessbox_proto_init() { return nil } } - file_creds_accessbox_accessbox_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + file_creds_accessbox_accessbox_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*AccessBox_ContainerPolicy); i { case 0: return &v.state diff --git a/creds/accessbox/accessbox.proto b/creds/accessbox/accessbox.proto index ffac6b28..2b0b1db5 100644 --- a/creds/accessbox/accessbox.proto +++ b/creds/accessbox/accessbox.proto @@ -20,6 +20,7 @@ message AccessBox { bytes seedKey = 1 [json_name = "seedKey"]; repeated Gate gates = 2 [json_name = "gates"]; repeated ContainerPolicy containerPolicy = 3 [json_name = "containerPolicy"]; + bool isCustom = 4 [json_name = "isCustom"]; } message Tokens { diff --git a/creds/accessbox/accessbox_test.go b/creds/accessbox/accessbox_test.go index 27842a36..5cd1693f 100644 --- a/creds/accessbox/accessbox_test.go +++ b/creds/accessbox/accessbox_test.go @@ -70,7 +70,7 @@ func TestBearerTokenInAccessBox(t *testing.T) { err = box2.Unmarshal(data) require.NoError(t, err) - tkns, err := box2.GetTokens(cred, false) + tkns, err := box2.GetTokens(cred) require.NoError(t, err) assertBearerToken(t, tkn, *tkns.BearerToken) @@ -105,7 +105,7 @@ func TestSessionTokenInAccessBox(t *testing.T) { err = box2.Unmarshal(data) require.NoError(t, err) - tkns, err := box2.GetTokens(cred, false) + tkns, err := box2.GetTokens(cred) require.NoError(t, err) require.Equal(t, []*session.Container{tkn}, tkns.SessionTokens) @@ -140,7 +140,7 @@ func TestAccessboxMultipleKeys(t *testing.T) { require.NoError(t, err) for i, k := range privateKeys { - tkns, err := box.GetTokens(k, false) + tkns, err := box.GetTokens(k) require.NoError(t, err, "key #%d: %s failed", i, k) assertBearerToken(t, tkn, *tkns.BearerToken) } @@ -168,7 +168,7 @@ func TestUnknownKey(t *testing.T) { box, _, err = PackTokens([]*GateData{gate}, nil, false) require.NoError(t, err) - _, err = box.GetTokens(wrongCred, false) + _, err = box.GetTokens(wrongCred) require.Error(t, err) } @@ -231,7 +231,7 @@ func TestGetBox(t *testing.T) { require.NoError(t, err) require.Equal(t, hex.EncodeToString(secret), secrets.SecretKey) - box, err := accessBox.GetBox(cred, false) + box, err := accessBox.GetBox(cred) require.NoError(t, err) require.Equal(t, hex.EncodeToString(secret), box.Gate.SecretKey) }) @@ -241,7 +241,7 @@ func TestGetBox(t *testing.T) { require.NoError(t, err) require.Equal(t, string(secret), secrets.SecretKey) - box, err := accessBox.GetBox(cred, true) + box, err := accessBox.GetBox(cred) require.NoError(t, err) require.Equal(t, string(secret), box.Gate.SecretKey) }) @@ -261,10 +261,10 @@ func TestAccessBox(t *testing.T) { randomKey, err := keys.NewPrivateKey() require.NoError(t, err) - _, err = accessBox.GetTokens(randomKey, false) + _, err = accessBox.GetTokens(randomKey) require.Error(t, err) - _, err = accessBox.GetBox(randomKey, false) + _, err = accessBox.GetBox(randomKey) require.Error(t, err) }) @@ -294,17 +294,17 @@ func TestAccessBox(t *testing.T) { _, err = accessBox.GetPlacementPolicy() require.Error(t, err) - _, err = accessBox.GetBox(cred, false) + _, err = accessBox.GetBox(cred) require.Error(t, err) }) t.Run("empty seed key", func(t *testing.T) { accessBox.SeedKey = nil - _, err = accessBox.GetTokens(cred, false) + _, err = accessBox.GetTokens(cred) require.Error(t, err) - _, err = accessBox.GetBox(cred, false) + _, err = accessBox.GetBox(cred) require.Error(t, err) }) diff --git a/creds/tokens/credentials.go b/creds/tokens/credentials.go index 985ba3b8..eb325987 100644 --- a/creds/tokens/credentials.go +++ b/creds/tokens/credentials.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "strconv" - "strings" "time" "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/cache" @@ -132,10 +131,9 @@ func New(cfg Config) Credentials { } func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*accessbox.Box, []object.Attribute, error) { - isCustomSecret := isCustom(accessKeyID) cachedBoxValue := c.cache.Get(accessKeyID) if cachedBoxValue != nil { - return c.checkIfCredentialsAreRemoved(ctx, cnrID, accessKeyID, cachedBoxValue, isCustomSecret) + return c.checkIfCredentialsAreRemoved(ctx, cnrID, accessKeyID, cachedBoxValue) } box, attrs, err := c.getAccessBox(ctx, cnrID, accessKeyID) @@ -143,7 +141,7 @@ func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*a return nil, nil, fmt.Errorf("get access box: %w", err) } - cachedBox, err := box.GetBox(c.key, isCustomSecret) + cachedBox, err := box.GetBox(c.key) if err != nil { return nil, nil, fmt.Errorf("get gate box: %w", err) } @@ -153,7 +151,7 @@ func (c *cred) GetBox(ctx context.Context, cnrID cid.ID, accessKeyID string) (*a return cachedBox, attrs, nil } -func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, accessKeyID string, cachedBoxValue *cache.AccessBoxCacheValue, isCustomSecret bool) (*accessbox.Box, []object.Attribute, error) { +func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, accessKeyID string, cachedBoxValue *cache.AccessBoxCacheValue) (*accessbox.Box, []object.Attribute, error) { if time.Since(cachedBoxValue.PutTime) < c.removingCheckDuration { return cachedBoxValue.Box, cachedBoxValue.Attributes, nil } @@ -167,7 +165,7 @@ func (c *cred) checkIfCredentialsAreRemoved(ctx context.Context, cnrID cid.ID, a return cachedBoxValue.Box, cachedBoxValue.Attributes, nil } - cachedBox, err := box.GetBox(c.key, isCustomSecret) + cachedBox, err := box.GetBox(c.key) if err != nil { c.cache.Delete(accessKeyID) return nil, nil, fmt.Errorf("get gate box: %w", err) @@ -261,7 +259,3 @@ func (c *cred) createObject(ctx context.Context, prm CredentialsParam, update bo return addr, nil } - -func isCustom(accessKeyID string) bool { - return (&oid.Address{}).DecodeString(strings.ReplaceAll(accessKeyID, "0", "/")) != nil -} diff --git a/docs/images/authentication/accessbox-object.puml b/docs/images/authentication/accessbox-object.puml index d4bdb5da..28b9f249 100644 --- a/docs/images/authentication/accessbox-object.puml +++ b/docs/images/authentication/accessbox-object.puml @@ -21,6 +21,7 @@ package AccessBox { SeedKey => Encoded public seed key List of Gates *--> Gate List of container policies *--> ContainerPolicy + IsCustom => True if SecretKey was imported and must be treated as it is } diff --git a/docs/images/authentication/accessbox-object.svg b/docs/images/authentication/accessbox-object.svg index fe2f2efb..957efb75 100644 --- a/docs/images/authentication/accessbox-object.svg +++ b/docs/images/authentication/accessbox-object.svg @@ -1,10 +1,10 @@ -AccessBoxTokensSecretKeyPrivate keyBearerTokenEncoded bearer tokenSessionTokensList of encoded session tokensGateGateKeyEncoded public gate keyEncrypted tokensContainerPolicyLocationConstraintPolicy namePlacementPolicyEncoded placement policyBoxSeedKeyEncoded public seed keyList of GatesList of container policiesObjectAttributesTimestamp1710418478__SYSTEM__EXPIRATION_EPOCH10801S3-CRDT-Versions-Add5ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3Snxf,9bLtL1EsUpuSiqmHnqFf6RuT6x5QMLMNBqx7vCcCcNhyS3-Access-Box-CRDT-Name2XGRML5EW3LMHdf64W2DkBy1Nkuu4y4wGhUj44QjbXBi05ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3SnxfFilePath1710418478_access.boxFrostFSObjectHeaderPayloadAccessBoxTokensSecretKeyPrivate keyBearerTokenEncoded bearer tokenSessionTokensList of encoded session tokensGateGateKeyEncoded public gate keyEncrypted tokensContainerPolicyLocationConstraintPolicy namePlacementPolicyEncoded placement policyBoxSeedKeyEncoded public seed keyList of GatesList of container policiesIsCustomTrue if SecretKey was imported and must be treated as it isObjectAttributesTimestamp1710418478__SYSTEM__EXPIRATION_EPOCH10801S3-CRDT-Versions-Add5ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3Snxf,9bLtL1EsUpuSiqmHnqFf6RuT6x5QMLMNBqx7vCcCcNhyS3-Access-Box-CRDT-Name2XGRML5EW3LMHdf64W2DkBy1Nkuu4y4wGhUj44QjbXBi05ZNvs8WVwy1XTmSEkcVkydPKzCgtmR7U3zyLYTj3SnxfFilePath1710418478_access.boxFrostFSObjectHeaderPayload