From 3fea1d5e35d91f504c9aa056f66fc8cd4ee891dd Mon Sep 17 00:00:00 2001 From: gzur Date: Sat, 14 Mar 2020 05:58:53 +0000 Subject: [PATCH] Align STS web-identity code snippet to documentation (minio#9114) (#9130) --- docs/sts/keycloak.md | 16 ++++++++++------ docs/sts/web-identity.go | 30 ++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/docs/sts/keycloak.md b/docs/sts/keycloak.md index b5481dda0..372de6327 100644 --- a/docs/sts/keycloak.md +++ b/docs/sts/keycloak.md @@ -39,15 +39,19 @@ $ go run docs/sts/web-identity.go -cid account -csec 072e7f00-4289-469c-9ab2-bbe 2018/12/26 17:49:36 listening on http://localhost:8888/ ``` -This will open the login page of keycloak, upon successful login, STS credentials will be printed on the screen, for example +This will open the login page of keycloak, upon successful login, STS credentials along with any buckets discovered using the credentials will be printed on the screen, for example: ``` -##### Credentials { - "accessKey": "6N2BALX7ELO827DXS3GK", - "secretKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR", - "expiration": "2019-10-01T07:22:34Z", - "sessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA" + "buckets": [ + "bucket-x" + ], + "credentials": { + "AccessKeyID": "6N2BALX7ELO827DXS3GK", + "SecretAccessKey": "23JKqAD+um8ObHqzfIh+bfqwG9V8qs9tFY6MqeFR+xxx", + "SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiI2TjJCQUxYN0VMTzgyN0RYUzNHSyIsImFjciI6IjAiLCJhdWQiOiJhY2NvdW50IiwiYXV0aF90aW1lIjoxNTY5OTEwNTUyLCJhenAiOiJhY2NvdW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJleHAiOjE1Njk5MTQ1NTQsImlhdCI6MTU2OTkxMDk1NCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgxL2F1dGgvcmVhbG1zL2RlbW8iLCJqdGkiOiJkOTk4YTBlZS01NDk2LTQ4OWYtYWJlMi00ZWE5MjJiZDlhYWYiLCJuYmYiOjAsInBvbGljeSI6InJlYWR3cml0ZSIsInByZWZlcnJlZF91c2VybmFtZSI6Im5ld3VzZXIxIiwic2Vzc2lvbl9zdGF0ZSI6IjJiYTAyYTI2LWE5MTUtNDUxNC04M2M1LWE0YjgwYjc4ZTgxNyIsInN1YiI6IjY4ZmMzODVhLTA5MjItNGQyMS04N2U5LTZkZTdhYjA3Njc2NSIsInR5cCI6IklEIn0._UG_-ZHgwdRnsp0gFdwChb7VlbPs-Gr_RNUz9EV7TggCD59qjCFAKjNrVHfOSVkKvYEMe0PvwfRKjnJl3A_mBA"", + "SignerType": 1 + } } ``` diff --git a/docs/sts/web-identity.go b/docs/sts/web-identity.go index df793f519..4d49cae21 100644 --- a/docs/sts/web-identity.go +++ b/docs/sts/web-identity.go @@ -143,6 +143,7 @@ func main() { ddoc, err := parseDiscoveryDoc(configEndpoint) if err != nil { + log.Println(fmt.Errorf("Failed to parse OIDC discovery document %s", err)) fmt.Println(err) return } @@ -163,10 +164,16 @@ func main() { state := randomState() http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + log.Printf("%s %s", r.Method, r.RequestURI) + if r.RequestURI != "/" { + http.NotFound(w, r) + return + } http.Redirect(w, r, config.AuthCodeURL(state), http.StatusFound) }) http.HandleFunc("/oauth2/callback", func(w http.ResponseWriter, r *http.Request) { + log.Printf("%s %s", r.Method, r.RequestURI) if r.URL.Query().Get("state") != state { http.Error(w, "state did not match", http.StatusBadRequest) return @@ -189,13 +196,11 @@ func main() { sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry) if err != nil { + log.Println(fmt.Errorf("Could not get STS credentials: %s", err)) http.Error(w, err.Error(), http.StatusBadRequest) return } - // Uncomment this to use MinIO API operations by initializing minio - // client with obtained credentials. - opts := &minio.Options{ Creds: sts, BucketLookup: minio.BucketLookupAuto, @@ -203,23 +208,40 @@ func main() { u, err := url.Parse(stsEndpoint) if err != nil { + log.Println(fmt.Errorf("Failed to parse STS Endpoint: %s", err)) http.Error(w, err.Error(), http.StatusBadRequest) return } clnt, err := minio.NewWithOptions(u.Host, opts) if err != nil { + log.Println(fmt.Errorf("Error while initializing Minio client, %s", err)) http.Error(w, err.Error(), http.StatusBadRequest) return } buckets, err := clnt.ListBuckets() if err != nil { + log.Println(fmt.Errorf("Error while listing buckets, %s", err)) http.Error(w, err.Error(), http.StatusBadRequest) return } + creds, _ := sts.Get() + + bucketNames := []string{} + for _, bucket := range buckets { - log.Println(bucket) + log.Println(fmt.Sprintf("Bucket discovered: %s", bucket.Name)) + bucketNames = append(bucketNames, bucket.Name) } + response := make(map[string]interface{}) + response["credentials"] = creds + response["buckets"] = bucketNames + c, err := json.MarshalIndent(response, "", "\t") + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + w.Write(c) }) address := fmt.Sprintf("localhost:%v", port)