[#132] authmate: Add bearer token to obtain-secret result

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2023-06-09 14:31:31 +03:00 committed by Alexey Vanin
parent 19c89b38e6
commit 8fcaf76f41
3 changed files with 24 additions and 4 deletions

View file

@ -24,6 +24,7 @@ This document outlines major changes between releases.
- Add new `kludge.use_default_xmlns_for_complete_multipart` config param (TrueCloudLab#40)
- Support dump metrics descriptions (#80)
- Support impersonate bearer token (#81)
- Return bearer token in `s3-authmate obtain-secret` result (#132)
### Changed
- Remove object from tree and reset its cache on object deletion when it is already removed from storage (#78)

View file

@ -137,7 +137,7 @@ type (
}
obtainingResult struct {
BearerToken *bearer.Token `json:"-"`
BearerToken *bearer.Token `json:"bearer_token"`
SecretAccessKey string `json:"secret_access_key"`
}
)

View file

@ -24,7 +24,7 @@ potentially).
2. [Bearer tokens](#bearer-tokens)
3. [Session tokens](#session-tokens)
4. [Containers policy](#containers-policy)
3. [Obtainment of a secret](#obtainment-of-a-secret-access-key)
3. [Obtainment of a secret](#obtaining-credential-secrets)
4. [Generate presigned url](#generate-presigned-url)
## Generation of wallet
@ -252,9 +252,9 @@ can be set via parameter `--container-policy` (json-string and file path allowed
}
```
## Obtainment of a secret access key
## Obtaining credential secrets
You can get a secret access key associated with an access key ID by obtaining a
You can get a secret access key and bearer token associated with an access key ID by obtaining a
secret stored on the FrostFS network. Here is an example of providing one password (for `wallet.json`) via env variable
and the other (for `gate-wallet.json`) interactively:
@ -267,6 +267,25 @@ frostfs-s3-authmate obtain-secret --wallet wallet.json \
Enter password for gate-wallet.json >
{
"bearer_token": {
"body": {
"eaclTable": null,
"ownerID": {
"value": "Naq5pfYuroaGE7h9o5iQsPR/1aRe5gmWrg=="
},
"lifetime": {
"exp": "10813",
"nbf": "13",
"iat": "13"
},
"allowImpersonate": true
},
"signature": {
"key": "Axpsb7vfAso1F0X6hrm6WpRS14WsT3/Ct1SMoqRsT89K",
"signature": "BMIOqcNEwTughI26ivFw7vnGyzhWip8NsgSYTTf21aVkv0AH7bgE9R91gglYgS6tGNVcWZMTisYCJCT3OEQ9lkw=",
"scheme": "ECDSA_SHA512"
}
},
"secret_access_key": "438bbd8243060e1e1c9dd4821756914a6e872ce29bf203b68f81b140ac91231c"
}
```