Update web-identity example to use minio-go SDK (#8501)

This commit is contained in:
Harshavardhana 2019-11-13 02:30:54 -08:00 committed by Nitish Tiwari
parent fb48ca5020
commit 64759189f5

View File

@ -1,7 +1,7 @@
// +build ignore // +build ignore
/* /*
* MinIO Cloud Storage, (C) 2018 MinIO, Inc. * MinIO Cloud Storage, (C) 2019 MinIO, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -22,8 +22,8 @@ import (
"context" "context"
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"encoding/json"
"encoding/xml" "encoding/xml"
"errors"
"flag" "flag"
"fmt" "fmt"
"log" "log"
@ -34,6 +34,8 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
googleOAuth2 "golang.org/x/oauth2/google" googleOAuth2 "golang.org/x/oauth2/google"
"github.com/minio/minio-go/v6"
"github.com/minio/minio-go/v6/pkg/credentials"
"github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/auth"
) )
@ -78,7 +80,7 @@ var (
tokenEndpoint string tokenEndpoint string
clientID string clientID string
clientSecret string clientSecret string
port int port int
) )
func init() { func init() {
@ -122,56 +124,52 @@ func main() {
return return
} }
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code")) getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil {
return nil, err
}
if !oauth2Token.Valid() {
return nil, errors.New("invalid token")
}
return &credentials.WebIdentityToken{
Token: oauth2Token.Extra("id_token").(string),
Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
}, nil
}
sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
if err != nil { if err != nil {
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
if oauth2Token.Valid() { // Uncomment this to use MinIO API operations by initializing minio
v := url.Values{} // client with obtained credentials.
v.Set("Action", "AssumeRoleWithWebIdentity")
v.Set("WebIdentityToken", fmt.Sprintf("%s", oauth2Token.Extra("id_token")))
v.Set("DurationSeconds", fmt.Sprintf("%d", int64(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds())))
v.Set("Version", "2011-06-15")
u, err := url.Parse("http://localhost:9000") opts := &minio.Options{
if err != nil { Creds: sts,
http.Error(w, err.Error(), http.StatusInternalServerError) BucketLookup: minio.BucketLookupAuto,
return }
}
u.RawQuery = v.Encode()
req, err := http.NewRequest(http.MethodPost, u.String(), nil) u, err := url.Parse(stsEndpoint)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
resp, err := http.DefaultClient.Do(req)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
} clnt, err := minio.NewWithOptions(u.Host, opts)
defer resp.Body.Close() if err != nil {
if resp.StatusCode != http.StatusOK { http.Error(w, err.Error(), http.StatusBadRequest)
http.Error(w, resp.Status, resp.StatusCode) return
return }
} buckets, err := clnt.ListBuckets()
if err != nil {
a := AssumeRoleWithWebIdentityResponse{} http.Error(w, err.Error(), http.StatusBadRequest)
if err = xml.NewDecoder(resp.Body).Decode(&a); err != nil { return
http.Error(w, err.Error(), http.StatusInternalServerError) }
return for _, bucket := range buckets {
} log.Println(bucket)
w.Write([]byte("##### Credentials\n"))
c, err := json.MarshalIndent(a.Result.Credentials, "", "\t")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Write(c)
} }
}) })