Align STS web-identity code snippet to documentation (minio#9114) (#9130)

This commit is contained in:
gzur 2020-03-14 05:58:53 +00:00 committed by GitHub
parent 35ecc04223
commit 3fea1d5e35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 10 deletions

View File

@ -39,15 +39,19 @@ $ go run docs/sts/web-identity.go -cid account -csec 072e7f00-4289-469c-9ab2-bbe
2018/12/26 17:49:36 listening on http://localhost:8888/
```
This will open the login page of keycloak, upon successful login, STS credentials will be printed on the screen, for example
This will open the login page of keycloak, upon successful login, STS credentials along with any buckets discovered using the credentials will be printed on the screen, for example:
```
##### Credentials
{
"accessKey": "6N2BALX7ELO827DXS3GK",
"secretKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR",
"expiration": "2019-10-01T07:22:34Z",
"sessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA"
"buckets": [
"bucket-x"
],
"credentials": {
"AccessKeyID": "6N2BALX7ELO827DXS3GK",
"SecretAccessKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR+xxx",
"SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA"",
"SignerType": 1
}
}
```

View File

@ -143,6 +143,7 @@ func main() {
ddoc, err := parseDiscoveryDoc(configEndpoint)
if err != nil {
log.Println(fmt.Errorf("Failed to parse OIDC discovery document %s", err))
fmt.Println(err)
return
}
@ -163,10 +164,16 @@ func main() {
state := randomState()
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
log.Printf("%s %s", r.Method, r.RequestURI)
if r.RequestURI != "/" {
http.NotFound(w, r)
return
}
http.Redirect(w, r, config.AuthCodeURL(state), http.StatusFound)
})
http.HandleFunc("/oauth2/callback", func(w http.ResponseWriter, r *http.Request) {
log.Printf("%s %s", r.Method, r.RequestURI)
if r.URL.Query().Get("state") != state {
http.Error(w, "state did not match", http.StatusBadRequest)
return
@ -189,13 +196,11 @@ func main() {
sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
if err != nil {
log.Println(fmt.Errorf("Could not get STS credentials: %s", err))
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Uncomment this to use MinIO API operations by initializing minio
// client with obtained credentials.
opts := &minio.Options{
Creds: sts,
BucketLookup: minio.BucketLookupAuto,
@ -203,23 +208,40 @@ func main() {
u, err := url.Parse(stsEndpoint)
if err != nil {
log.Println(fmt.Errorf("Failed to parse STS Endpoint: %s", err))
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
clnt, err := minio.NewWithOptions(u.Host, opts)
if err != nil {
log.Println(fmt.Errorf("Error while initializing Minio client, %s", err))
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
buckets, err := clnt.ListBuckets()
if err != nil {
log.Println(fmt.Errorf("Error while listing buckets, %s", err))
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
creds, _ := sts.Get()
bucketNames := []string{}
for _, bucket := range buckets {
log.Println(bucket)
log.Println(fmt.Sprintf("Bucket discovered: %s", bucket.Name))
bucketNames = append(bucketNames, bucket.Name)
}
response := make(map[string]interface{})
response["credentials"] = creds
response["buckets"] = bucketNames
c, err := json.MarshalIndent(response, "", "\t")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Write(c)
})
address := fmt.Sprintf("localhost:%v", port)