[#16] Allow to configure several sources
Allow to explicitly specify which credential source use Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
b3374bb565
commit
04c5b65ad5
6 changed files with 74 additions and 33 deletions
|
@ -8,7 +8,6 @@ import (
|
|||
"syscall"
|
||||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/pkg/service/tree"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/frostfs"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
|
||||
|
@ -89,10 +88,7 @@ func (a *App) init(ctx context.Context) {
|
|||
a.log.Fatal(logs.FailedToInitMorphClient, zap.Error(err))
|
||||
}
|
||||
|
||||
credSource, err := walletsource.New(fetchWalletsCredentials(a.cfg, a.log))
|
||||
if err != nil {
|
||||
a.log.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
|
||||
}
|
||||
credSource := fetchCredentialSource(a.cfg, a.log)
|
||||
|
||||
frostfsidContract, err := resolver.ResolveContractHash(cli, a.cfg.GetString(cfgMorphContractFrostfsID))
|
||||
if err != nil {
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/morph/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/credential/walletsource"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/lifecycle"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-lifecycler/internal/logs"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/pool"
|
||||
neogoflags "github.com/nspcc-dev/neo-go/cli/flags"
|
||||
|
@ -52,7 +53,8 @@ const (
|
|||
cfgMorphContractContainer = "morph.contract.container"
|
||||
|
||||
// Credential source.
|
||||
cfgCredentialSourceWalletsPrefixTmpl = "credential_source.wallets.%d."
|
||||
cfgCredentialUse = "credential.use"
|
||||
cfgCredentialSourceWalletsPrefixTmpl = "credential.source.wallets.%d."
|
||||
cfgCredentialSourceWalletsPathTmpl = cfgCredentialSourceWalletsPrefixTmpl + "path"
|
||||
cfgCredentialSourceWalletsAddressTmpl = cfgCredentialSourceWalletsPrefixTmpl + "address"
|
||||
cfgCredentialSourceWalletsPassphraseTmpl = cfgCredentialSourceWalletsPrefixTmpl + "passphrase"
|
||||
|
@ -477,3 +479,23 @@ func fetchLifecycleServices(v *viper.Viper) (keys.PublicKeys, error) {
|
|||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
func fetchCredentialSource(v *viper.Viper, l *zap.Logger) lifecycle.CredentialSource {
|
||||
credUse := v.GetString(cfgCredentialUse)
|
||||
|
||||
var (
|
||||
err error
|
||||
credSource lifecycle.CredentialSource
|
||||
)
|
||||
|
||||
switch credUse {
|
||||
case "wallets":
|
||||
if credSource, err = walletsource.New(fetchWalletsCredentials(v, l)); err != nil {
|
||||
l.Fatal(logs.CouldntCreateWalletSource, zap.Error(err))
|
||||
}
|
||||
default:
|
||||
l.Fatal(logs.UnknownCredentialSource, zap.String(cfgCredentialUse, credUse))
|
||||
}
|
||||
|
||||
return credSource
|
||||
}
|
||||
|
|
|
@ -32,6 +32,7 @@ S3_LIFECYCLER_MORPH_CONTRACT_FROSTFSID=frostfsid.frostfs
|
|||
S3_LIFECYCLER_MORPH_CONTRACT_CONTAINER=container.frostfs
|
||||
|
||||
# Credential source
|
||||
S3_LIFECYCLER_CREDENTIAL_USE=wallets
|
||||
S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PATH=/path/to/user/wallet.json
|
||||
S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_ADDRESS=NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
S3_LIFECYCLER_CREDENTIAL_SOURCE_WALLETS_0_PASSPHRASE=""
|
||||
|
|
|
@ -33,11 +33,13 @@ morph:
|
|||
frostfsid: frostfsid.frostfs
|
||||
container: container.frostfs
|
||||
|
||||
credential_source:
|
||||
wallets:
|
||||
- path: /path/to/wallet.json
|
||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
passphrase: ""
|
||||
credential:
|
||||
use: wallets
|
||||
source:
|
||||
wallets:
|
||||
- path: /path/to/wallet.json
|
||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
passphrase: ""
|
||||
|
||||
lifecycle:
|
||||
job_fetcher_buffer: 1000
|
||||
|
|
|
@ -4,16 +4,16 @@ This section contains detailed FrostFS S3 Lifecycler component configuration des
|
|||
|
||||
# Structure
|
||||
|
||||
| Section | Description |
|
||||
|---------------------|--------------------------------------------------------------|
|
||||
| `wallet` | [Wallet configuration](#wallet-section) |
|
||||
| `logger` | [Logger configuration](#logger-section) |
|
||||
| `pprof` | [Pprof configuration](#pprof-section) |
|
||||
| `prometheus` | [Prometheus configuration](#prometheus-section) |
|
||||
| `morph` | [Morph configuration](#morph-section) |
|
||||
| `credential_source` | [Credential source configuration](#credentialsource-section) |
|
||||
| `lifecycle` | [Lifecycle configuration](#lifecycle-section) |
|
||||
| `frostfs` | [FrostFS configuration](#frostfs-section) |
|
||||
| Section | Description |
|
||||
|---------------------|--------------------------------------------------------|
|
||||
| `wallet` | [Wallet configuration](#wallet-section) |
|
||||
| `logger` | [Logger configuration](#logger-section) |
|
||||
| `pprof` | [Pprof configuration](#pprof-section) |
|
||||
| `prometheus` | [Prometheus configuration](#prometheus-section) |
|
||||
| `morph` | [Morph configuration](#morph-section) |
|
||||
| `credential_source` | [Credential source configuration](#credential-section) |
|
||||
| `lifecycle` | [Lifecycle configuration](#lifecycle-section) |
|
||||
| `frostfs` | [FrostFS configuration](#frostfs-section) |
|
||||
|
||||
### Reload on SIGHUP
|
||||
|
||||
|
@ -121,24 +121,43 @@ morph:
|
|||
| `contract.frostfsid` | `string` | no | `frostfsid.frostfs` | FrostfsID contract hash (LE) or name in NNS. This contract is used to get all users to process their containers. |
|
||||
| `contract.container` | `string` | no | `container.frostfs` | Container contract hash (LE) or name in NNS. |
|
||||
|
||||
# `credential_source` section
|
||||
# `credential` section
|
||||
|
||||
Contains configuration for the source of user private keys (credentials).
|
||||
|
||||
```yaml
|
||||
credential_source:
|
||||
wallets:
|
||||
- path: /path/to/wallet.json
|
||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
passphrase: ""
|
||||
credential:
|
||||
use: wallets
|
||||
source:
|
||||
wallets:
|
||||
- path: /path/to/wallet.json
|
||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
passphrase: ""
|
||||
```
|
||||
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|----------------------|----------|---------------|---------------|-----------------------------------------------------------------|
|
||||
| `wallets` | | | | Source of user private keys as wallets files on filesystem. |
|
||||
| `wallets.path` | `string` | no | | Path to wallet on filesystem. |
|
||||
| `wallets.address` | `string` | no | | Account address in wallet. If omitted default one will be used. |
|
||||
| `wallets.passphrase` | `string` | no | | Passphrase to decrypt wallet. |
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|-----------|----------|---------------|---------------|-------------------------------|
|
||||
| `use` | `string` | no | | Name of source to use. |
|
||||
| `source` | `map` | no | | Available credential sources. |
|
||||
|
||||
## `wallets` subsection
|
||||
|
||||
Source of user private keys as wallets files on filesystem.
|
||||
|
||||
```yaml
|
||||
credential:
|
||||
source:
|
||||
wallets:
|
||||
- path: /path/to/wallet.json
|
||||
address: NfgHwwTi3wHAS8aFAN243C5vGbkYDpqLHP
|
||||
passphrase: ""
|
||||
```
|
||||
|
||||
| Parameter | Type | SIGHUP reload | Default value | Description |
|
||||
|--------------|----------|---------------|---------------|-----------------------------------------------------------------|
|
||||
| `path` | `string` | no | | Path to wallet on filesystem. |
|
||||
| `address` | `string` | no | | Account address in wallet. If omitted default one will be used. |
|
||||
| `passphrase` | `string` | no | | Passphrase to decrypt wallet. |
|
||||
|
||||
# `lifecycle` section
|
||||
|
||||
|
|
|
@ -63,4 +63,5 @@ const (
|
|||
AddDeleteMarker = "add delete marker"
|
||||
DeleteObjectVersionFromTree = "delete object version from tree"
|
||||
EpochMismatched = "epoch mismatched"
|
||||
UnknownCredentialSource = "unknown credential source to use"
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue