forked from Deuxfleurs/guichet
split LDAP and S3
This commit is contained in:
parent
74113fad49
commit
9c21c2e799
1 changed files with 13 additions and 6 deletions
19
garage.go
19
garage.go
|
@ -109,17 +109,15 @@ func grgGetBucket(bid string) (*garage.BucketInfo, error) {
|
|||
|
||||
}
|
||||
|
||||
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
|
||||
login := checkLogin(w, r)
|
||||
func checkS3(login *LoginStatus) (*garage.KeyInfo, error) {
|
||||
if login == nil {
|
||||
return nil, nil, errors.New("LDAP login failed")
|
||||
return nil, errors.New("Login can't be nil")
|
||||
}
|
||||
|
||||
keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key")
|
||||
if keyID == "" {
|
||||
keyPair, err := grgCreateKey(login.Info.Username)
|
||||
if err != nil {
|
||||
return login, nil, err
|
||||
return nil, err
|
||||
}
|
||||
modify_request := ldap.NewModifyRequest(login.Info.DN, nil)
|
||||
modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId})
|
||||
|
@ -128,11 +126,20 @@ func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *gar
|
|||
// or when bottin will be able to dynamically fetch it.
|
||||
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
|
||||
err = login.conn.Modify(modify_request)
|
||||
return login, keyPair, err
|
||||
return keyPair, err
|
||||
}
|
||||
// Note: we could simply return the login info, but LX asked we do not
|
||||
// store the secrets in LDAP in the future.
|
||||
keyPair, err := grgGetKey(keyID)
|
||||
return keyPair, err
|
||||
}
|
||||
|
||||
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
|
||||
login := checkLogin(w, r)
|
||||
if login == nil {
|
||||
return nil, nil, errors.New("LDAP login failed")
|
||||
}
|
||||
keyPair, err := checkS3(login)
|
||||
return login, keyPair, err
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue