split LDAP and S3

This commit is contained in:
Quentin 2023-09-15 14:38:46 +02:00
parent 74113fad49
commit 9c21c2e799
Signed by untrusted user: quentin
GPG key ID: E9602264D639FF68

View file

@ -109,17 +109,15 @@ func grgGetBucket(bid string) (*garage.BucketInfo, error) {
}
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
login := checkLogin(w, r)
func checkS3(login *LoginStatus) (*garage.KeyInfo, error) {
if login == nil {
return nil, nil, errors.New("LDAP login failed")
return nil, errors.New("Login can't be nil")
}
keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key")
if keyID == "" {
keyPair, err := grgCreateKey(login.Info.Username)
if err != nil {
return login, nil, err
return nil, err
}
modify_request := ldap.NewModifyRequest(login.Info.DN, nil)
modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId})
@ -128,11 +126,20 @@ func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *gar
// or when bottin will be able to dynamically fetch it.
modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey})
err = login.conn.Modify(modify_request)
return login, keyPair, err
return keyPair, err
}
// Note: we could simply return the login info, but LX asked we do not
// store the secrets in LDAP in the future.
keyPair, err := grgGetKey(keyID)
return keyPair, err
}
func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) {
login := checkLogin(w, r)
if login == nil {
return nil, nil, errors.New("LDAP login failed")
}
keyPair, err := checkS3(login)
return login, keyPair, err
}