From e3f2d59565e3a6461c1c4f0ad3081a6fe3158feb Mon Sep 17 00:00:00 2001
From: Roman Loginov <r.loginov@yadro.com>
Date: Mon, 2 Oct 2023 12:42:02 +0300
Subject: [PATCH] [#154] Rename access key to secret key

Signed-off-by: Roman Loginov <r.loginov@yadro.com>
---
 api/auth/center.go              |  4 ++--
 api/auth/presign_test.go        |  2 +-
 api/handler/put_test.go         |  2 +-
 api/handler/s3reader.go         |  2 +-
 authmate/authmate.go            | 10 +++++-----
 creds/accessbox/accessbox.go    | 10 +++++-----
 creds/accessbox/accessbox.pb.go | 14 +++++++-------
 creds/accessbox/accessbox.proto |  2 +-
 8 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/api/auth/center.go b/api/auth/center.go
index 76a9c44..a06885b 100644
--- a/api/auth/center.go
+++ b/api/auth/center.go
@@ -261,7 +261,7 @@ func (c *center) checkFormData(r *http.Request) (*Box, error) {
 		return nil, fmt.Errorf("get box: %w", err)
 	}
 
-	secret := box.Gate.AccessKey
+	secret := box.Gate.SecretKey
 	service, region := submatches["service"], submatches["region"]
 
 	signature := signStr(secret, service, region, signatureDateTime, policy)
@@ -294,7 +294,7 @@ func cloneRequest(r *http.Request, authHeader *AuthHeader) *http.Request {
 }
 
 func (c *center) checkSign(authHeader *AuthHeader, box *accessbox.Box, request *http.Request, signatureDateTime time.Time) error {
-	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.AccessKey, "")
+	awsCreds := credentials.NewStaticCredentials(authHeader.AccessKeyID, box.Gate.SecretKey, "")
 	signer := v4.NewSigner(awsCreds)
 	signer.DisableURIPathEscaping = true
 
diff --git a/api/auth/presign_test.go b/api/auth/presign_test.go
index fd5b953..188456a 100644
--- a/api/auth/presign_test.go
+++ b/api/auth/presign_test.go
@@ -77,7 +77,7 @@ func TestCheckSign(t *testing.T) {
 
 	expBox := &accessbox.Box{
 		Gate: &accessbox.GateData{
-			AccessKey: secretKey,
+			SecretKey: secretKey,
 		},
 	}
 
diff --git a/api/handler/put_test.go b/api/handler/put_test.go
index 30ddf5c..b1d0bf1 100644
--- a/api/handler/put_test.go
+++ b/api/handler/put_test.go
@@ -292,7 +292,7 @@ func getChunkedRequest(ctx context.Context, t *testing.T, bktName, objName strin
 	}))
 	req = req.WithContext(middleware.SetBoxData(req.Context(), &accessbox.Box{
 		Gate: &accessbox.GateData{
-			AccessKey: AWSSecretAccessKey,
+			SecretKey: AWSSecretAccessKey,
 		},
 	}))
 
diff --git a/api/handler/s3reader.go b/api/handler/s3reader.go
index 596568f..6b0cfb7 100644
--- a/api/handler/s3reader.go
+++ b/api/handler/s3reader.go
@@ -199,7 +199,7 @@ func newSignV4ChunkedReader(req *http.Request) (io.ReadCloser, error) {
 		return nil, errs.GetAPIError(errs.ErrAuthorizationHeaderMalformed)
 	}
 
-	currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.AccessKey, "")
+	currentCredentials := credentials.NewStaticCredentials(authHeaders.AccessKeyID, box.Gate.SecretKey, "")
 	seed, err := hex.DecodeString(authHeaders.SignatureV4)
 	if err != nil {
 		return nil, errs.GetAPIError(errs.ErrSignatureDoesNotMatch)
diff --git a/authmate/authmate.go b/authmate/authmate.go
index f5d3680..f0ab58d 100644
--- a/authmate/authmate.go
+++ b/authmate/authmate.go
@@ -282,7 +282,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 	ir := &issuingResult{
 		InitialAccessKeyID: accessKeyID,
 		AccessKeyID:        accessKeyID,
-		SecretAccessKey:    secrets.AccessKey,
+		SecretAccessKey:    secrets.SecretKey,
 		OwnerPrivateKey:    hex.EncodeToString(secrets.EphemeralKey.Bytes()),
 		WalletPublicKey:    hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
 		ContainerID:        id.EncodeToString(),
@@ -305,7 +305,7 @@ func (a *Agent) IssueSecret(ctx context.Context, w io.Writer, options *IssueSecr
 		}
 		defer file.Close()
 		if _, err = file.WriteString(fmt.Sprintf("\n[%s]\naws_access_key_id = %s\naws_secret_access_key = %s\n",
-			profileName, accessKeyID, secrets.AccessKey)); err != nil {
+			profileName, accessKeyID, secrets.SecretKey)); err != nil {
 			return fmt.Errorf("fails to write to file: %w", err)
 		}
 	}
@@ -321,7 +321,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
 		return fmt.Errorf("get accessbox: %w", err)
 	}
 
-	secret, err := hex.DecodeString(box.Gate.AccessKey)
+	secret, err := hex.DecodeString(box.Gate.SecretKey)
 	if err != nil {
 		return fmt.Errorf("failed to decode secret key access box: %w", err)
 	}
@@ -358,7 +358,7 @@ func (a *Agent) UpdateSecret(ctx context.Context, w io.Writer, options *UpdateSe
 	ir := &issuingResult{
 		AccessKeyID:        accessKeyIDFromAddr(addr),
 		InitialAccessKeyID: accessKeyIDFromAddr(oldAddr),
-		SecretAccessKey:    secrets.AccessKey,
+		SecretAccessKey:    secrets.SecretKey,
 		OwnerPrivateKey:    hex.EncodeToString(secrets.EphemeralKey.Bytes()),
 		WalletPublicKey:    hex.EncodeToString(options.FrostFSKey.PublicKey().Bytes()),
 		ContainerID:        addr.Container().EncodeToString(),
@@ -396,7 +396,7 @@ func (a *Agent) ObtainSecret(ctx context.Context, w io.Writer, options *ObtainSe
 
 	or := &obtainingResult{
 		BearerToken:     box.Gate.BearerToken,
-		SecretAccessKey: box.Gate.AccessKey,
+		SecretAccessKey: box.Gate.SecretKey,
 	}
 
 	enc := json.NewEncoder(w)
diff --git a/creds/accessbox/accessbox.go b/creds/accessbox/accessbox.go
index a98025e..43c626c 100644
--- a/creds/accessbox/accessbox.go
+++ b/creds/accessbox/accessbox.go
@@ -33,7 +33,7 @@ type ContainerPolicy struct {
 
 // GateData represents gate tokens in AccessBox.
 type GateData struct {
-	AccessKey     string
+	SecretKey     string
 	BearerToken   *bearer.Token
 	SessionTokens []*session.Container
 	GateKey       *keys.PublicKey
@@ -77,9 +77,9 @@ func isAppropriateContainerContext(tok *session.Container, verb session.Containe
 	}
 }
 
-// Secrets represents AccessKey and the key to encrypt gate tokens.
+// Secrets represents SecretKey and the key to encrypt gate tokens.
 type Secrets struct {
-	AccessKey    string
+	SecretKey    string
 	EphemeralKey *keys.PrivateKey
 }
 
@@ -184,7 +184,7 @@ func (x *AccessBox) addTokens(gatesData []*GateData, ephemeralKey *keys.PrivateK
 		}
 
 		tokens := new(Tokens)
-		tokens.AccessKey = secret
+		tokens.SecretKey = secret
 		tokens.BearerToken = encBearer
 		tokens.SessionTokens = encSessions
 
@@ -240,7 +240,7 @@ func decodeGate(gate *AccessBox_Gate, owner *keys.PrivateKey, sender *keys.Publi
 
 	gateData := NewGateData(owner.PublicKey(), &bearerTkn)
 	gateData.SessionTokens = sessionTkns
-	gateData.AccessKey = hex.EncodeToString(tokens.AccessKey)
+	gateData.SecretKey = hex.EncodeToString(tokens.SecretKey)
 	return gateData, nil
 }
 
diff --git a/creds/accessbox/accessbox.pb.go b/creds/accessbox/accessbox.pb.go
index 2ad4c51..278df80 100644
--- a/creds/accessbox/accessbox.pb.go
+++ b/creds/accessbox/accessbox.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.12.4
 // source: creds/accessbox/accessbox.proto
 
 package accessbox
@@ -88,7 +88,7 @@ type Tokens struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	AccessKey     []byte   `protobuf:"bytes,1,opt,name=accessKey,proto3" json:"accessKey,omitempty"`
+	SecretKey     []byte   `protobuf:"bytes,1,opt,name=secretKey,proto3" json:"secretKey,omitempty"`
 	BearerToken   []byte   `protobuf:"bytes,2,opt,name=bearerToken,proto3" json:"bearerToken,omitempty"`
 	SessionTokens [][]byte `protobuf:"bytes,3,rep,name=sessionTokens,proto3" json:"sessionTokens,omitempty"`
 }
@@ -125,9 +125,9 @@ func (*Tokens) Descriptor() ([]byte, []int) {
 	return file_creds_accessbox_accessbox_proto_rawDescGZIP(), []int{1}
 }
 
-func (x *Tokens) GetAccessKey() []byte {
+func (x *Tokens) GetSecretKey() []byte {
 	if x != nil {
-		return x.AccessKey
+		return x.SecretKey
 	}
 	return nil
 }
@@ -284,8 +284,8 @@ var file_creds_accessbox_accessbox_proto_rawDesc = []byte{
 	0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6e, 0x74, 0x12, 0x16, 0x0a, 0x06,
 	0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x70, 0x6f,
 	0x6c, 0x69, 0x63, 0x79, 0x22, 0x6e, 0x0a, 0x06, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x12, 0x1c,
-	0x0a, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
-	0x0c, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
+	0x0a, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x0c, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x20, 0x0a, 0x0b,
 	0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28,
 	0x0c, 0x52, 0x0b, 0x62, 0x65, 0x61, 0x72, 0x65, 0x72, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x24,
 	0x0a, 0x0d, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18,
diff --git a/creds/accessbox/accessbox.proto b/creds/accessbox/accessbox.proto
index 1cec16d..65371ee 100644
--- a/creds/accessbox/accessbox.proto
+++ b/creds/accessbox/accessbox.proto
@@ -23,7 +23,7 @@ message AccessBox {
 }
 
 message Tokens {
-    bytes accessKey = 1 [json_name = "accessKey"];
+    bytes secretKey = 1 [json_name = "secretKey"];
     bytes bearerToken = 2 [json_name = "bearerToken"];
     repeated bytes sessionTokens = 3 [json_name = "sessionTokens"];
 }