minio/pkg/controller/rpc/auth.go

/*
 * Minio Cloud Storage, (C) 2015 Minio, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package rpc

import (
	"errors"
	"net/http"
	"os"
	"strings"

	"github.com/minio/minio/pkg/auth"
	"github.com/minio/minio/pkg/probe"
)

// AuthService auth service
type AuthService struct{}

// AuthArgs auth params
type AuthArgs struct {
	User string `json:"user"`
}

// AuthReply reply with new access keys and secret ids
type AuthReply struct {
	Name            string `json:"name"`
	AccessKeyID     string `json:"accessKeyId"`
	SecretAccessKey string `json:"secretAccessKey"`
}

// generateAuth generate new auth keys for a user
func generateAuth(args *AuthArgs, reply *AuthReply) *probe.Error {
	config, err := auth.LoadConfig()
	if err != nil {
		if os.IsNotExist(err.ToGoError()) {
			// Initialize new config, since config file doesn't exist yet
			config = &auth.Config{}
			config.Version = "0.0.1"
			config.Users = make(map[string]*auth.User)
		} else {
			return err.Trace()
		}
	}
	if _, ok := config.Users[args.User]; ok {
		return probe.NewError(errors.New("Credentials already set, if you wish to change this invoke Reset() method"))
	}
	accessKeyID, err := auth.GenerateAccessKeyID()
	if err != nil {
		return err.Trace()
	}
	reply.AccessKeyID = string(accessKeyID)

	secretAccessKey, err := auth.GenerateSecretAccessKey()
	if err != nil {
		return err.Trace()
	}
	reply.SecretAccessKey = string(secretAccessKey)
	config.Users[args.User] = &auth.User{
		Name:            args.User,
		AccessKeyID:     string(accessKeyID),
		SecretAccessKey: string(secretAccessKey),
	}
	if err := auth.SaveConfig(config); err != nil {
		return err.Trace()
	}
	return nil
}

// fetchAuth fetch auth keys for a user
func fetchAuth(args *AuthArgs, reply *AuthReply) *probe.Error {
	config, err := auth.LoadConfig()
	if err != nil {
		return err.Trace()
	}
	if _, ok := config.Users[args.User]; !ok {
		return probe.NewError(errors.New("User not found"))
	}
	reply.AccessKeyID = config.Users[args.User].AccessKeyID
	reply.SecretAccessKey = config.Users[args.User].SecretAccessKey
	return nil
}

// resetAuth reset auth keys for a user
func resetAuth(args *AuthArgs, reply *AuthReply) *probe.Error {
	config, err := auth.LoadConfig()
	if err != nil {
		return err.Trace()
	}
	if _, ok := config.Users[args.User]; !ok {
		return probe.NewError(errors.New("User not found"))
	}
	accessKeyID, err := auth.GenerateAccessKeyID()
	if err != nil {
		return err.Trace()
	}
	reply.AccessKeyID = string(accessKeyID)
	secretAccessKey, err := auth.GenerateSecretAccessKey()
	if err != nil {
		return err.Trace()
	}
	reply.SecretAccessKey = string(secretAccessKey)

	config.Users[args.User] = &auth.User{
		Name:            args.User,
		AccessKeyID:     string(accessKeyID),
		SecretAccessKey: string(secretAccessKey),
	}
	return auth.SaveConfig(config).Trace()
}

// Generate auth keys
func (s *AuthService) Generate(r *http.Request, args *AuthArgs, reply *AuthReply) error {
	if strings.TrimSpace(args.User) == "" {
		return errors.New("Invalid argument")
	}
	if err := generateAuth(args, reply); err != nil {
		return probe.WrapError(err)
	}
	return nil
}

// Fetch auth keys
func (s *AuthService) Fetch(r *http.Request, args *AuthArgs, reply *AuthReply) error {
	if strings.TrimSpace(args.User) == "" {
		return errors.New("Invalid argument")
	}
	if err := fetchAuth(args, reply); err != nil {
		return probe.WrapError(err)
	}
	return nil
}

// Reset auth keys, generates new set of auth keys
func (s *AuthService) Reset(r *http.Request, args *AuthArgs, reply *AuthReply) error {
	if strings.TrimSpace(args.User) == "" {
		return errors.New("Invalid argument")
	}
	if err := resetAuth(args, reply); err != nil {
		return probe.WrapError(err)
	}
	return nil
}
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`/*`
Move from Minimalist Object Storage to Minio Cloud Storage 2015-07-24 20:51:40 -04:00			`* Minio Cloud Storage, (C) 2015 Minio, Inc.`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`package rpc`

			`import (`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`"errors"`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`"net/http"`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`"os"`
			`"strings"`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00
			`"github.com/minio/minio/pkg/auth"`
Migrate from iodine to probe 2015-08-03 19:17:21 -04:00			`"github.com/minio/minio/pkg/probe"`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`)`

			`// AuthService auth service`
			`type AuthService struct{}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`// AuthArgs auth params`
			`type AuthArgs struct {`
			User string `json:"user"`
			`}`

Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`// AuthReply reply with new access keys and secret ids`
			`type AuthReply struct {`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			Name string `json:"name"`
			AccessKeyID string `json:"accessKeyId"`
			SecretAccessKey string `json:"secretAccessKey"`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`// generateAuth generate new auth keys for a user`
			`func generateAuth(args AuthArgs, reply AuthReply) *probe.Error {`
			`config, err := auth.LoadConfig()`
			`if err != nil {`
			`if os.IsNotExist(err.ToGoError()) {`
			`// Initialize new config, since config file doesn't exist yet`
			`config = &auth.Config{}`
			`config.Version = "0.0.1"`
			`config.Users = make(map[string]*auth.User)`
			`} else {`
			`return err.Trace()`
			`}`
			`}`
			`if _, ok := config.Users[args.User]; ok {`
			`return probe.NewError(errors.New("Credentials already set, if you wish to change this invoke Reset() method"))`
			`}`
			`accessKeyID, err := auth.GenerateAccessKeyID()`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`if err != nil {`
Migrate from iodine to probe 2015-08-03 19:17:21 -04:00			`return err.Trace()`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`reply.AccessKeyID = string(accessKeyID)`

			`secretAccessKey, err := auth.GenerateSecretAccessKey()`
			`if err != nil {`
			`return err.Trace()`
			`}`
			`reply.SecretAccessKey = string(secretAccessKey)`
			`config.Users[args.User] = &auth.User{`
			`Name: args.User,`
			`AccessKeyID: string(accessKeyID),`
			`SecretAccessKey: string(secretAccessKey),`
			`}`
			`if err := auth.SaveConfig(config); err != nil {`
			`return err.Trace()`
			`}`
			`return nil`
			`}`

			`// fetchAuth fetch auth keys for a user`
			`func fetchAuth(args AuthArgs, reply AuthReply) *probe.Error {`
			`config, err := auth.LoadConfig()`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`if err != nil {`
Migrate from iodine to probe 2015-08-03 19:17:21 -04:00			`return err.Trace()`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`if _, ok := config.Users[args.User]; !ok {`
			`return probe.NewError(errors.New("User not found"))`
			`}`
			`reply.AccessKeyID = config.Users[args.User].AccessKeyID`
			`reply.SecretAccessKey = config.Users[args.User].SecretAccessKey`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`return nil`
			`}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 2015-09-18 05:59:57 -04:00			`// resetAuth reset auth keys for a user`
			`func resetAuth(args AuthArgs, reply AuthReply) *probe.Error {`
			`config, err := auth.LoadConfig()`
			`if err != nil {`
			`return err.Trace()`
			`}`
			`if _, ok := config.Users[args.User]; !ok {`
			`return probe.NewError(errors.New("User not found"))`
			`}`
			`accessKeyID, err := auth.GenerateAccessKeyID()`
			`if err != nil {`
			`return err.Trace()`
			`}`
			`reply.AccessKeyID = string(accessKeyID)`
			`secretAccessKey, err := auth.GenerateSecretAccessKey()`
			`if err != nil {`
			`return err.Trace()`
			`}`
			`reply.SecretAccessKey = string(secretAccessKey)`

			`config.Users[args.User] = &auth.User{`
			`Name: args.User,`
			`AccessKeyID: string(accessKeyID),`
			`SecretAccessKey: string(secretAccessKey),`
			`}`
			`return auth.SaveConfig(config).Trace()`
			`}`

			`// Generate auth keys`
			`func (s AuthService) Generate(r http.Request, args AuthArgs, reply AuthReply) error {`
			`if strings.TrimSpace(args.User) == "" {`
			`return errors.New("Invalid argument")`
			`}`
			`if err := generateAuth(args, reply); err != nil {`
			`return probe.WrapError(err)`
			`}`
			`return nil`
			`}`

			`// Fetch auth keys`
			`func (s AuthService) Fetch(r http.Request, args AuthArgs, reply AuthReply) error {`
			`if strings.TrimSpace(args.User) == "" {`
			`return errors.New("Invalid argument")`
			`}`
			`if err := fetchAuth(args, reply); err != nil {`
			`return probe.WrapError(err)`
			`}`
			`return nil`
			`}`

			`// Reset auth keys, generates new set of auth keys`
			`func (s AuthService) Reset(r http.Request, args AuthArgs, reply AuthReply) error {`
			`if strings.TrimSpace(args.User) == "" {`
			`return errors.New("Invalid argument")`
			`}`
			`if err := resetAuth(args, reply); err != nil {`
simplify probe APIs 2015-08-18 22:30:17 -04:00			`return probe.WrapError(err)`
Migrate from iodine to probe 2015-08-03 19:17:21 -04:00			`}`
			`return nil`
Add auth rpc service to generate access keys, add corresponding test 2015-07-08 17:33:54 -04:00			`}`