From e3f2d59565e3a6461c1c4f0ad3081a6fe3158feb Mon Sep 17 00:00:00 2001 From: Roman Loginov Date: Mon, 2 Oct 2023 12:42:02 +0300 Subject: [PATCH] [#154] Rename access key to secret key Signed-off-by: Roman Loginov --- api/auth/center.go | 4 ++-- api/auth/presign_test.go | 2 +- api/handler/put_test.go | 2 +- api/handler/s3reader.go | 2 +- authmate/authmate.go | 10 +++++----- creds/accessbox/accessbox.go | 10 +++++----- creds/accessbox/accessbox.pb.go | 14 +++++++------- creds/accessbox/accessbox.proto | 2 +- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/api/auth/center.go b/api/auth/center.go index 76a9c44c..a06885b8 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -261,7 +261,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) { return nil, fmt.Errorf("get box: %w", err) } - secret := box.Gate.AccessKey + secret := box.Gate.SecretKey service, region := submatches["service"], submatches["region"] signature := signStr(secret, service, region, signatureDateTime, policy) @@ -294,7 +294,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request { } func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error { - awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "") + awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "") signer := v4.NewSigner(awsCreds) signer.DisableURIPathEscaping = true diff --git a/api/auth/presign_test.go b/api/auth/presign_test.go index fd5b953d..188456a0 100644 --- a/api/auth/presign_test.go +++ b/api/auth/presign_test.go @@ -77,7 +77,7 @@ func TestCheckSign(t *testing.T) { expBox := &accessbox.Box{ Gate: &accessbox.GateData{ - AccessKey: secretKey, + SecretKey: secretKey, }, } diff --git a/api/handler/put_test.go b/api/handler/put_test.go index 30ddf5c1..b1d0bf14 100644 --- a/api/handler/put_test.go +++ b/api/handler/put_test.go @@ -292,7 +292,7 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin })) req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{ Gate: &accessbox.GateData{ - AccessKey: AWSSecretAccessKey, + SecretKey: AWSSecretAccessKey, }, })) diff --git a/api/handler/s3reader.go b/api/handler/s3reader.go index 596568f2..6b0cfb76 100644 --- a/api/handler/s3reader.go +++ b/api/handler/s3reader.go @@ -199,7 +199,7 @@ func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, error) { return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed) } - currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.AccessKey, "") + currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.SecretKey, "") seed, err := hex.DecodeString(authHeaders.SignatureV4) if err != nil { return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch) diff --git a/authmate/authmate.go b/authmate/authmate.go index f5d36802..f0ab58da 100644 --- a/authmate/authmate.go +++ b/authmate/authmate.go @@ -282,7 +282,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr ir := &issuingResult{ InitialAccessKeyID: accessKeyID, AccessKeyID: accessKeyID, - SecretAccessKey: secrets.AccessKey, + SecretAccessKey: secrets.SecretKey, OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()), WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()), ContainerID: id.EncodeToString(), @@ -305,7 +305,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr } defer file.Close() if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n", - profileName, accessKeyID, secrets.AccessKey)); err != nil { + profileName, accessKeyID, secrets.SecretKey)); err != nil { return fmt.Errorf("fails to write to file: %w", err) } } @@ -321,7 +321,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe return fmt.Errorf("get accessbox: %w", err) } - secret, err := hex.DecodeString(box.Gate.AccessKey) + secret, err := hex.DecodeString(box.Gate.SecretKey) if err != nil { return fmt.Errorf("failed to decode secret key access box: %w", err) } @@ -358,7 +358,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe ir := &issuingResult{ AccessKeyID: accessKeyIDFromAddr(addr), InitialAccessKeyID: accessKeyIDFromAddr(oldAddr), - SecretAccessKey: secrets.AccessKey, + SecretAccessKey: secrets.SecretKey, OwnerPrivateKey: hex.EncodeToString(secrets.EphemeralKey.Bytes()), WalletPublicKey: hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()), ContainerID: addr.Container().EncodeToString(), @@ -396,7 +396,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe or := &obtainingResult{ BearerToken: box.Gate.BearerToken, - SecretAccessKey: box.Gate.AccessKey, + SecretAccessKey: box.Gate.SecretKey, } enc := json.NewEncoder(w) diff --git a/creds/accessbox/accessbox.go b/creds/accessbox/accessbox.go index a98025e1..43c626c7 100644 --- a/creds/accessbox/accessbox.go +++ b/creds/accessbox/accessbox.go @@ -33,7 +33,7 @@ type ContainerPolicy struct { // GateData represents gate tokens in AccessBox. type GateData struct { - AccessKey string + SecretKey string BearerToken *bearer.Token SessionTokens []*session.Container GateKey *keys.PublicKey @@ -77,9 +77,9 @@ func isAppropriateContainerContext(tok *session.Container, verb session.Containe } } -// Secrets represents AccessKey and the key to encrypt gate tokens. +// Secrets represents SecretKey and the key to encrypt gate tokens. type Secrets struct { - AccessKey string + SecretKey string EphemeralKey *keys.PrivateKey } @@ -184,7 +184,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK } tokens := new(Tokens) - tokens.AccessKey = secret + tokens.SecretKey = secret tokens.BearerToken = encBearer tokens.SessionTokens = encSessions @@ -240,7 +240,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi gateData := NewGateData(owner.PublicKey(), &bearerTkn) gateData.SessionTokens = sessionTkns - gateData.AccessKey = hex.EncodeToString(tokens.AccessKey) + gateData.SecretKey = hex.EncodeToString(tokens.SecretKey) return gateData, nil } diff --git a/creds/accessbox/accessbox.pb.go b/creds/accessbox/accessbox.pb.go index 2ad4c510..278df80e 100644 --- a/creds/accessbox/accessbox.pb.go +++ b/creds/accessbox/accessbox.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.12 +// protoc-gen-go v1.30.0 +// protoc v3.12.4 // source: creds/accessbox/accessbox.proto package accessbox @@ -88,7 +88,7 @@ type Tokens struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - AccessKey []byte `protobuf:"bytes,1,opt,name=accessKey,proto3" json:"accessKey,omitempty"` + SecretKey []byte `protobuf:"bytes,1,opt,name=secretKey,proto3" json:"secretKey,omitempty"` BearerToken []byte `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"` SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"` } @@ -125,9 +125,9 @@ func (*Tokens) Descriptor() ([]byte, []int) { return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1} } -func (x *Tokens) GetAccessKey() []byte { +func (x *Tokens) GetSecretKey() []byte { if x != nil { - return x.AccessKey + return x.SecretKey } return nil } @@ -284,8 +284,8 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{ 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c, - 0x0a, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b, + 0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, diff --git a/creds/accessbox/accessbox.proto b/creds/accessbox/accessbox.proto index 1cec16d1..65371ee2 100644 --- a/creds/accessbox/accessbox.proto +++ b/creds/accessbox/accessbox.proto @@ -23,7 +23,7 @@ message AccessBox { } message Tokens { - bytes accessKey = 1 [json_name = "accessKey"]; + bytes secretKey = 1 [json_name = "secretKey"]; bytes bearerToken = 2 [json_name = "bearerToken"]; repeated bytes sessionTokens = 3 [json_name = "sessionTokens"]; }