per-bucket keys #68
6 changed files with 51 additions and 17 deletions
13
garage.go
13
garage.go
|
@ -23,8 +23,9 @@ func gadmin() (*garage.APIClient, context.Context) {
|
||||||
func grgCreateKey(name string) (*garage.KeyInfo, error) {
|
func grgCreateKey(name string) (*garage.KeyInfo, error) {
|
||||||
client, ctx := gadmin()
|
client, ctx := gadmin()
|
||||||
|
|
||||||
kr := garage.AddKeyRequest{Name: &name}
|
kr := garage.NewAddKeyRequest()
|
||||||
resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute()
|
kr.SetName(name)
|
||||||
|
resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(*kr).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("%+v\n", err)
|
fmt.Printf("%+v\n", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -35,7 +36,7 @@ func grgCreateKey(name string) (*garage.KeyInfo, error) {
|
||||||
func grgGetKey(accessKey string) (*garage.KeyInfo, error) {
|
func grgGetKey(accessKey string) (*garage.KeyInfo, error) {
|
||||||
client, ctx := gadmin()
|
client, ctx := gadmin()
|
||||||
|
|
||||||
resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute()
|
resp, _, err := client.KeyApi.GetKey(ctx).Id(accessKey).ShowSecretKey("true").Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("%+v\n", err)
|
fmt.Printf("%+v\n", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -88,7 +89,7 @@ func allowWebsiteDefault() *garage.UpdateBucketRequestWebsiteAccess {
|
||||||
func grgUpdateBucket(bid string, ur *garage.UpdateBucketRequest) (*garage.BucketInfo, error) {
|
func grgUpdateBucket(bid string, ur *garage.UpdateBucketRequest) (*garage.BucketInfo, error) {
|
||||||
client, ctx := gadmin()
|
client, ctx := gadmin()
|
||||||
|
|
||||||
binfo, _, err := client.BucketApi.UpdateBucket(ctx, bid).UpdateBucketRequest(*ur).Execute()
|
binfo, _, err := client.BucketApi.UpdateBucket(ctx).Id(bid).UpdateBucketRequest(*ur).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("%+v\n", err)
|
fmt.Printf("%+v\n", err)
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -145,7 +146,7 @@ func grgDelLocalAlias(bid, key, alias string) (*garage.BucketInfo, error) {
|
||||||
func grgGetBucket(bid string) (*garage.BucketInfo, error) {
|
func grgGetBucket(bid string) (*garage.BucketInfo, error) {
|
||||||
client, ctx := gadmin()
|
client, ctx := gadmin()
|
||||||
|
|
||||||
resp, _, err := client.BucketApi.GetBucketInfo(ctx, bid).Execute()
|
resp, _, err := client.BucketApi.GetBucketInfo(ctx).Id(bid).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -157,7 +158,7 @@ func grgGetBucket(bid string) (*garage.BucketInfo, error) {
|
||||||
func grgDeleteBucket(bid string) error {
|
func grgDeleteBucket(bid string) error {
|
||||||
client, ctx := gadmin()
|
client, ctx := gadmin()
|
||||||
|
|
||||||
_, err := client.BucketApi.DeleteBucket(ctx, bid).Execute()
|
_, err := client.BucketApi.DeleteBucket(ctx).Id(bid).Execute()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
log.Println(err)
|
||||||
}
|
}
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -3,7 +3,7 @@ module git.deuxfleurs.fr/Deuxfleurs/guichet
|
||||||
go 1.18
|
go 1.18
|
||||||
|
|
||||||
require (
|
require (
|
||||||
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9
|
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20231128153612-8b81fae65e5e
|
||||||
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b
|
github.com/emersion/go-sasl v0.0.0-20191210011802-430746ea8b9b
|
||||||
github.com/emersion/go-smtp v0.12.1
|
github.com/emersion/go-smtp v0.12.1
|
||||||
github.com/go-ldap/ldap/v3 v3.1.6
|
github.com/go-ldap/ldap/v3 v3.1.6
|
||||||
|
|
2
go.sum
2
go.sum
|
@ -33,6 +33,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
|
||||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||||
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9 h1:ERg8KCpIKym98EOKa8Gq0NSBxsasD3sqb/R0gg1wOzU=
|
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9 h1:ERg8KCpIKym98EOKa8Gq0NSBxsasD3sqb/R0gg1wOzU=
|
||||||
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9/go.mod h1:TlSL6QVxozmdRaSgP6Akspi0HCJv4HAkkq3Dldru4GM=
|
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20230131081355-c965fe7f7dc9/go.mod h1:TlSL6QVxozmdRaSgP6Akspi0HCJv4HAkkq3Dldru4GM=
|
||||||
|
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20231128153612-8b81fae65e5e h1:h89CAh0qmUcGJykss/utXIw+yRGa3Gr6VyrZ5ZWN0kY=
|
||||||
|
git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang v0.0.0-20231128153612-8b81fae65e5e/go.mod h1:TlSL6QVxozmdRaSgP6Akspi0HCJv4HAkkq3Dldru4GM=
|
||||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||||
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
|
||||||
|
|
2
login.go
2
login.go
|
@ -221,7 +221,7 @@ func (lu *LoggedUser) S3KeyInfo() (*garage.KeyInfo, error) {
|
||||||
// @FIXME compatibility feature for bagage (SFTP+webdav)
|
// @FIXME compatibility feature for bagage (SFTP+webdav)
|
||||||
// you can remove it once bagage will be updated to fetch the key from garage directly
|
// you can remove it once bagage will be updated to fetch the key from garage directly
|
||||||
// or when bottin will be able to dynamically fetch it.
|
// or when bottin will be able to dynamically fetch it.
|
||||||
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
|
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey.Get()})
|
||||||
err = lu.Login.conn.Modify(modify_request)
|
err = lu.Login.conn.Modify(modify_request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
46
website.go
46
website.go
|
@ -18,7 +18,8 @@ var (
|
||||||
ErrBucketDeleteNotEmpty = fmt.Errorf("You must remove all the files before deleting a bucket")
|
ErrBucketDeleteNotEmpty = fmt.Errorf("You must remove all the files before deleting a bucket")
|
||||||
ErrBucketDeleteUnfinishedUpload = fmt.Errorf("You must remove all the unfinished multipart uploads before deleting a bucket")
|
ErrBucketDeleteUnfinishedUpload = fmt.Errorf("You must remove all the unfinished multipart uploads before deleting a bucket")
|
||||||
ErrCantChangeVhost = fmt.Errorf("Can't change the vhost to the desired value. Maybe it's already used by someone else or an internal error occured")
|
ErrCantChangeVhost = fmt.Errorf("Can't change the vhost to the desired value. Maybe it's already used by someone else or an internal error occured")
|
||||||
ErrCantRemoveOldVhost = fmt.Errorf("The new vhost is bound to the bucket but the old one can't be removed, this is an internal error")
|
ErrCantRemoveOldVhost = fmt.Errorf("The new vhost is bound to the bucket but the old one can't be removed, it's an internal error")
|
||||||
|
ErrFetchDedicatedKey = fmt.Errorf("Bucket has no dedicated key while it's required, it's an internal error")
|
||||||
)
|
)
|
||||||
|
|
||||||
type WebsiteId struct {
|
type WebsiteId struct {
|
||||||
|
@ -91,10 +92,12 @@ func (w *WebsiteController) Describe() (*WebsiteDescribe, error) {
|
||||||
for _, k := range w.PrettyList {
|
for _, k := range w.PrettyList {
|
||||||
r = append(r, w.WebsiteIdx[k])
|
r = append(r, w.WebsiteIdx[k])
|
||||||
}
|
}
|
||||||
|
|
||||||
return &WebsiteDescribe{
|
return &WebsiteDescribe{
|
||||||
&w.WebsiteCount,
|
&w.WebsiteCount,
|
||||||
w.User.Quota.WebsiteSizeBurstedPretty(),
|
w.User.Quota.WebsiteSizeBurstedPretty(),
|
||||||
r}, nil
|
r,
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WebsiteController) Inspect(pretty string) (*WebsiteView, error) {
|
func (w *WebsiteController) Inspect(pretty string) (*WebsiteView, error) {
|
||||||
|
@ -108,7 +111,9 @@ func (w *WebsiteController) Inspect(pretty string) (*WebsiteView, error) {
|
||||||
return nil, ErrFetchBucketInfo
|
return nil, ErrFetchBucketInfo
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewWebsiteView(binfo), nil
|
// @TODO: fetch the associated key
|
||||||
|
|
||||||
|
return NewWebsiteView(binfo, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WebsiteController) Patch(pretty string, patch *WebsitePatch) (*WebsiteView, error) {
|
func (w *WebsiteController) Patch(pretty string, patch *WebsitePatch) (*WebsiteView, error) {
|
||||||
|
@ -152,7 +157,11 @@ func (w *WebsiteController) Patch(pretty string, patch *WebsitePatch) (*WebsiteV
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewWebsiteView(binfo), nil
|
if patch.RotateKey != nil && *patch.RotateKey {
|
||||||
|
// @TODO: rotate key
|
||||||
|
}
|
||||||
|
|
||||||
|
return NewWebsiteView(binfo, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WebsiteController) Create(pretty string) (*WebsiteView, error) {
|
func (w *WebsiteController) Create(pretty string) (*WebsiteView, error) {
|
||||||
|
@ -164,11 +173,13 @@ func (w *WebsiteController) Create(pretty string) (*WebsiteView, error) {
|
||||||
return nil, ErrWebsiteQuotaReached
|
return nil, ErrWebsiteQuotaReached
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Create bucket
|
||||||
binfo, err := grgCreateBucket(pretty)
|
binfo, err := grgCreateBucket(pretty)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, ErrCantCreateBucket
|
return nil, ErrCantCreateBucket
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Allow user's global key on bucket
|
||||||
s3key, err := w.User.S3KeyInfo()
|
s3key, err := w.User.S3KeyInfo()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -179,6 +190,7 @@ func (w *WebsiteController) Create(pretty string) (*WebsiteView, error) {
|
||||||
return nil, ErrCantAllowKey
|
return nil, ErrCantAllowKey
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set quota
|
||||||
qr := w.User.Quota.DefaultWebsiteQuota()
|
qr := w.User.Quota.DefaultWebsiteQuota()
|
||||||
wr := allowWebsiteDefault()
|
wr := allowWebsiteDefault()
|
||||||
|
|
||||||
|
@ -191,7 +203,10 @@ func (w *WebsiteController) Create(pretty string) (*WebsiteView, error) {
|
||||||
return nil, ErrCantConfigureBucket
|
return nil, ErrCantConfigureBucket
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewWebsiteView(binfo), nil
|
// Create a dedicated key
|
||||||
|
// @TODO
|
||||||
|
|
||||||
|
return NewWebsiteView(binfo, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *WebsiteController) Delete(pretty string) error {
|
func (w *WebsiteController) Delete(pretty string) error {
|
||||||
|
@ -204,6 +219,7 @@ func (w *WebsiteController) Delete(pretty string) error {
|
||||||
return ErrWebsiteNotFound
|
return ErrWebsiteNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Error checking
|
||||||
binfo, err := grgGetBucket(website.Internal)
|
binfo, err := grgGetBucket(website.Internal)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ErrFetchBucketInfo
|
return ErrFetchBucketInfo
|
||||||
|
@ -217,6 +233,10 @@ func (w *WebsiteController) Delete(pretty string) error {
|
||||||
return ErrBucketDeleteUnfinishedUpload
|
return ErrBucketDeleteUnfinishedUpload
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Delete dedicated key
|
||||||
|
// @TODO
|
||||||
|
|
||||||
|
// Actually delete bucket
|
||||||
err = grgDeleteBucket(website.Internal)
|
err = grgDeleteBucket(website.Internal)
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -229,7 +249,14 @@ type WebsiteView struct {
|
||||||
Files QuotaStat `json:"quota_files"`
|
Files QuotaStat `json:"quota_files"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewWebsiteView(binfo *garage.BucketInfo) *WebsiteView {
|
func NewWebsiteView(binfo *garage.BucketInfo, s3key *garage.KeyInfo) (*WebsiteView, error) {
|
||||||
|
if binfo == nil {
|
||||||
|
return nil, ErrFetchBucketInfo
|
||||||
|
}
|
||||||
|
if s3key == nil {
|
||||||
|
return nil, ErrFetchDedicatedKey
|
||||||
|
}
|
||||||
|
|
||||||
q := binfo.GetQuotas()
|
q := binfo.GetQuotas()
|
||||||
|
|
||||||
wid := NewWebsiteIdFromBucketInfo(binfo)
|
wid := NewWebsiteIdFromBucketInfo(binfo)
|
||||||
|
@ -237,14 +264,15 @@ func NewWebsiteView(binfo *garage.BucketInfo) *WebsiteView {
|
||||||
objects := NewQuotaStat(*binfo.Objects, (&q).GetMaxObjects(), false)
|
objects := NewQuotaStat(*binfo.Objects, (&q).GetMaxObjects(), false)
|
||||||
return &WebsiteView{
|
return &WebsiteView{
|
||||||
wid,
|
wid,
|
||||||
"not yet implemented",
|
*s3key.AccessKeyId,
|
||||||
"not yet implemented",
|
*s3key.SecretAccessKey.Get(),
|
||||||
size,
|
size,
|
||||||
objects,
|
objects,
|
||||||
}
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
type WebsitePatch struct {
|
type WebsitePatch struct {
|
||||||
Size *int64 `json:"quota_size"`
|
Size *int64 `json:"quota_size"`
|
||||||
Vhost *string `json:"vhost"`
|
Vhost *string `json:"vhost"`
|
||||||
|
RotateKey *bool `json:"rotate_key"`
|
||||||
}
|
}
|
||||||
|
|
|
@ -102,6 +102,9 @@ func handleWebsiteInspect(w http.ResponseWriter, r *http.Request) {
|
||||||
if processErr == nil {
|
if processErr == nil {
|
||||||
http.Redirect(w, r, "/website", http.StatusFound)
|
http.Redirect(w, r, "/website", http.StatusFound)
|
||||||
}
|
}
|
||||||
|
case "rotate_key":
|
||||||
|
do_action := true
|
||||||
|
_, processErr = ctrl.Patch(bucketName, &WebsitePatch { RotateKey: &do_action })
|
||||||
default:
|
default:
|
||||||
processErr = fmt.Errorf("Unknown action")
|
processErr = fmt.Errorf("Unknown action")
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue