mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
Align STS web-identity code snippet to documentation (minio#9114) (#9130)
This commit is contained in:
parent
35ecc04223
commit
3fea1d5e35
@ -39,15 +39,19 @@ $ go run docs/sts/web-identity.go -cid account -csec 072e7f00-4289-469c-9ab2-bbe
|
||||
2018/12/26 17:49:36 listening on http://localhost:8888/
|
||||
```
|
||||
|
||||
This will open the login page of keycloak, upon successful login, STS credentials will be printed on the screen, for example
|
||||
This will open the login page of keycloak, upon successful login, STS credentials along with any buckets discovered using the credentials will be printed on the screen, for example:
|
||||
|
||||
```
|
||||
##### Credentials
|
||||
{
|
||||
"accessKey": "6N2BALX7ELO827DXS3GK",
|
||||
"secretKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR",
|
||||
"expiration": "2019-10-01T07:22:34Z",
|
||||
"sessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA"
|
||||
"buckets": [
|
||||
"bucket-x"
|
||||
],
|
||||
"credentials": {
|
||||
"AccessKeyID": "6N2BALX7ELO827DXS3GK",
|
||||
"SecretAccessKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR+xxx",
|
||||
"SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA"",
|
||||
"SignerType": 1
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
|
@ -143,6 +143,7 @@ func main() {
|
||||
|
||||
ddoc, err := parseDiscoveryDoc(configEndpoint)
|
||||
if err != nil {
|
||||
log.Println(fmt.Errorf("Failed to parse OIDC discovery document %s", err))
|
||||
fmt.Println(err)
|
||||
return
|
||||
}
|
||||
@ -163,10 +164,16 @@ func main() {
|
||||
state := randomState()
|
||||
|
||||
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
|
||||
log.Printf("%s %s", r.Method, r.RequestURI)
|
||||
if r.RequestURI != "/" {
|
||||
http.NotFound(w, r)
|
||||
return
|
||||
}
|
||||
http.Redirect(w, r, config.AuthCodeURL(state), http.StatusFound)
|
||||
})
|
||||
|
||||
http.HandleFunc("/oauth2/callback", func(w http.ResponseWriter, r *http.Request) {
|
||||
log.Printf("%s %s", r.Method, r.RequestURI)
|
||||
if r.URL.Query().Get("state") != state {
|
||||
http.Error(w, "state did not match", http.StatusBadRequest)
|
||||
return
|
||||
@ -189,13 +196,11 @@ func main() {
|
||||
|
||||
sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
|
||||
if err != nil {
|
||||
log.Println(fmt.Errorf("Could not get STS credentials: %s", err))
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
// Uncomment this to use MinIO API operations by initializing minio
|
||||
// client with obtained credentials.
|
||||
|
||||
opts := &minio.Options{
|
||||
Creds: sts,
|
||||
BucketLookup: minio.BucketLookupAuto,
|
||||
@ -203,23 +208,40 @@ func main() {
|
||||
|
||||
u, err := url.Parse(stsEndpoint)
|
||||
if err != nil {
|
||||
log.Println(fmt.Errorf("Failed to parse STS Endpoint: %s", err))
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
|
||||
clnt, err := minio.NewWithOptions(u.Host, opts)
|
||||
if err != nil {
|
||||
log.Println(fmt.Errorf("Error while initializing Minio client, %s", err))
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
buckets, err := clnt.ListBuckets()
|
||||
if err != nil {
|
||||
log.Println(fmt.Errorf("Error while listing buckets, %s", err))
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
creds, _ := sts.Get()
|
||||
|
||||
bucketNames := []string{}
|
||||
|
||||
for _, bucket := range buckets {
|
||||
log.Println(bucket)
|
||||
log.Println(fmt.Sprintf("Bucket discovered: %s", bucket.Name))
|
||||
bucketNames = append(bucketNames, bucket.Name)
|
||||
}
|
||||
response := make(map[string]interface{})
|
||||
response["credentials"] = creds
|
||||
response["buckets"] = bucketNames
|
||||
c, err := json.MarshalIndent(response, "", "\t")
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
w.Write(c)
|
||||
})
|
||||
|
||||
address := fmt.Sprintf("localhost:%v", port)
|
||||
|
Loading…
Reference in New Issue
Block a user