mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
Update web-identity example to use minio-go SDK (#8501)
This commit is contained in:
parent
fb48ca5020
commit
64759189f5
@ -1,7 +1,7 @@
|
|||||||
// +build ignore
|
// +build ignore
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* MinIO Cloud Storage, (C) 2018 MinIO, Inc.
|
* MinIO Cloud Storage, (C) 2019 MinIO, Inc.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
@ -22,8 +22,8 @@ import (
|
|||||||
"context"
|
"context"
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/json"
|
|
||||||
"encoding/xml"
|
"encoding/xml"
|
||||||
|
"errors"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
@ -34,6 +34,8 @@ import (
|
|||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
googleOAuth2 "golang.org/x/oauth2/google"
|
googleOAuth2 "golang.org/x/oauth2/google"
|
||||||
|
|
||||||
|
"github.com/minio/minio-go/v6"
|
||||||
|
"github.com/minio/minio-go/v6/pkg/credentials"
|
||||||
"github.com/minio/minio/pkg/auth"
|
"github.com/minio/minio/pkg/auth"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -78,7 +80,7 @@ var (
|
|||||||
tokenEndpoint string
|
tokenEndpoint string
|
||||||
clientID string
|
clientID string
|
||||||
clientSecret string
|
clientSecret string
|
||||||
port int
|
port int
|
||||||
)
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
@ -122,56 +124,52 @@ func main() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
|
getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
|
||||||
|
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if !oauth2Token.Valid() {
|
||||||
|
return nil, errors.New("invalid token")
|
||||||
|
}
|
||||||
|
|
||||||
|
return &credentials.WebIdentityToken{
|
||||||
|
Token: oauth2Token.Extra("id_token").(string),
|
||||||
|
Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
|
||||||
|
}, nil
|
||||||
|
}
|
||||||
|
sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if oauth2Token.Valid() {
|
// Uncomment this to use MinIO API operations by initializing minio
|
||||||
v := url.Values{}
|
// client with obtained credentials.
|
||||||
v.Set("Action", "AssumeRoleWithWebIdentity")
|
|
||||||
v.Set("WebIdentityToken", fmt.Sprintf("%s", oauth2Token.Extra("id_token")))
|
|
||||||
v.Set("DurationSeconds", fmt.Sprintf("%d", int64(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds())))
|
|
||||||
v.Set("Version", "2011-06-15")
|
|
||||||
|
|
||||||
u, err := url.Parse("http://localhost:9000")
|
opts := &minio.Options{
|
||||||
if err != nil {
|
Creds: sts,
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
BucketLookup: minio.BucketLookupAuto,
|
||||||
return
|
}
|
||||||
}
|
|
||||||
u.RawQuery = v.Encode()
|
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodPost, u.String(), nil)
|
u, err := url.Parse(stsEndpoint)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
resp, err := http.DefaultClient.Do(req)
|
|
||||||
if err != nil {
|
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
||||||
return
|
|
||||||
|
|
||||||
}
|
clnt, err := minio.NewWithOptions(u.Host, opts)
|
||||||
defer resp.Body.Close()
|
if err != nil {
|
||||||
if resp.StatusCode != http.StatusOK {
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
http.Error(w, resp.Status, resp.StatusCode)
|
return
|
||||||
return
|
}
|
||||||
}
|
buckets, err := clnt.ListBuckets()
|
||||||
|
if err != nil {
|
||||||
a := AssumeRoleWithWebIdentityResponse{}
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
if err = xml.NewDecoder(resp.Body).Decode(&a); err != nil {
|
return
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
}
|
||||||
return
|
for _, bucket := range buckets {
|
||||||
}
|
log.Println(bucket)
|
||||||
|
|
||||||
w.Write([]byte("##### Credentials\n"))
|
|
||||||
c, err := json.MarshalIndent(a.Result.Credentials, "", "\t")
|
|
||||||
if err != nil {
|
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
w.Write(c)
|
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user