[#132] authmate: Add bearer token to obtain-secret result

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-06-09 14:31:31 +03:00 · 2023-06-09 14:31:31 +03:00 · 8fcaf76f41
commit 8fcaf76f41
parent 19c89b38e6
3 changed files with 24 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -24,6 +24,7 @@ This document outlines major changes between releases.
 - Add new `kludge.use_default_xmlns_for_complete_multipart` config param (TrueCloudLab#40)
 - Support dump metrics descriptions (#80)
 - Support impersonate bearer token (#81)
+- Return bearer token in `s3-authmate obtain-secret` result (#132)

 ### Changed
 - Remove object from tree and reset its cache on object deletion when it is already removed from storage (#78)
--- a/authmate/authmate.go
+++ b/authmate/authmate.go
@ -137,7 +137,7 @@ type (
 	}

 	obtainingResult struct {
-		BearerToken     *bearer.Token `json:"-"`
+		BearerToken     *bearer.Token `json:"bearer_token"`
 		SecretAccessKey string        `json:"secret_access_key"`
 	}
 )
--- a/docs/authmate.md
+++ b/docs/authmate.md
@ -24,7 +24,7 @@ potentially).
   2. [Bearer tokens](#bearer-tokens)
   3. [Session tokens](#session-tokens)
   4. [Containers policy](#containers-policy)
-3. [Obtainment of a secret](#obtainment-of-a-secret-access-key)
+3. [Obtainment of a secret](#obtaining-credential-secrets)
 4. [Generate presigned url](#generate-presigned-url)

 ## Generation of wallet
@ -252,9 +252,9 @@ can be set via parameter `--container-policy` (json-string and file path allowed
 }
 ```

-## Obtainment of a secret access key
+## Obtaining credential secrets

-You can get a secret access key associated with an access key ID by obtaining a
+You can get a secret access key and bearer token associated with an access key ID by obtaining a
 secret stored on the FrostFS network. Here is an example of providing one password (for `wallet.json`) via env variable
 and the other (for `gate-wallet.json`) interactively:

@ -267,6 +267,25 @@ frostfs-s3-authmate obtain-secret --wallet wallet.json \

 Enter password for gate-wallet.json >
 {
+  "bearer_token": {
+    "body": {
+      "eaclTable": null,
+      "ownerID": {
+        "value": "Naq5pfYuroaGE7h9o5iQsPR/1aRe5gmWrg=="
+      },
+      "lifetime": {
+        "exp": "10813",
+        "nbf": "13",
+        "iat": "13"
+      },
+      "allowImpersonate": true
+    },
+    "signature": {
+      "key": "Axpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89K",
+      "signature": "BMIOqcNEwTughI26ivFw7vnGyzhWip8NsgSYTTf21aVkv0AH7bgE9R91gglYgS6tGNVcWZMTisYCJCT3OEQ9lkw=",
+      "scheme": "ECDSA_SHA512"
+    }
+  },
  "secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c"
 }
 ```