mirror of
https://github.com/minio/minio.git
synced 2025-11-07 12:52:58 -05:00
gateway/manta: Add support for RBAC (#5332)
Manta has the ability to allow users to authenticate with a username other than the main account. We want to expose this functionality to minio manta gateway.
This commit is contained in:
Paul Stack
committed by
Nitish Tiwari
Nitish Tiwari
parent
b85c75996d
commit
a1a98617ca
31
vendor/github.com/joyent/triton-go/authentication/private_key_signer.go
generated
vendored
31
vendor/github.com/joyent/triton-go/authentication/private_key_signer.go
generated
vendored
@@ -9,6 +9,7 @@ import (
|
||||
"encoding/pem"
|
||||
"errors"
|
||||
"fmt"
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/errwrap"
|
||||
@@ -20,15 +21,23 @@ type PrivateKeySigner struct {
|
||||
keyFingerprint string
|
||||
algorithm string
|
||||
accountName string
|
||||
userName string
|
||||
hashFunc crypto.Hash
|
||||
|
||||
privateKey *rsa.PrivateKey
|
||||
}
|
||||
|
||||
func NewPrivateKeySigner(keyFingerprint string, privateKeyMaterial []byte, accountName string) (*PrivateKeySigner, error) {
|
||||
keyFingerprintMD5 := strings.Replace(keyFingerprint, ":", "", -1)
|
||||
type PrivateKeySignerInput struct {
|
||||
KeyID string
|
||||
PrivateKeyMaterial []byte
|
||||
AccountName string
|
||||
Username string
|
||||
}
|
||||
|
||||
block, _ := pem.Decode(privateKeyMaterial)
|
||||
func NewPrivateKeySigner(input PrivateKeySignerInput) (*PrivateKeySigner, error) {
|
||||
keyFingerprintMD5 := strings.Replace(input.KeyID, ":", "", -1)
|
||||
|
||||
block, _ := pem.Decode(input.PrivateKeyMaterial)
|
||||
if block == nil {
|
||||
return nil, errors.New("Error PEM-decoding private key material: nil block received")
|
||||
}
|
||||
@@ -51,13 +60,17 @@ func NewPrivateKeySigner(keyFingerprint string, privateKeyMaterial []byte, accou
|
||||
|
||||
signer := &PrivateKeySigner{
|
||||
formattedKeyFingerprint: displayKeyFingerprint,
|
||||
keyFingerprint: keyFingerprint,
|
||||
accountName: accountName,
|
||||
keyFingerprint: input.KeyID,
|
||||
accountName: input.AccountName,
|
||||
|
||||
hashFunc: crypto.SHA1,
|
||||
privateKey: rsakey,
|
||||
}
|
||||
|
||||
if input.Username != "" {
|
||||
signer.userName = input.Username
|
||||
}
|
||||
|
||||
_, algorithm, err := signer.SignRaw("HelloWorld")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Cannot sign using ssh agent: %s", err)
|
||||
@@ -80,7 +93,13 @@ func (s *PrivateKeySigner) Sign(dateHeader string) (string, error) {
|
||||
}
|
||||
signedBase64 := base64.StdEncoding.EncodeToString(signed)
|
||||
|
||||
keyID := fmt.Sprintf("/%s/keys/%s", s.accountName, s.formattedKeyFingerprint)
|
||||
var keyID string
|
||||
if s.userName != "" {
|
||||
|
||||
keyID = path.Join("/", s.accountName, "users", s.userName, "keys", s.formattedKeyFingerprint)
|
||||
} else {
|
||||
keyID = path.Join("/", s.accountName, "keys", s.formattedKeyFingerprint)
|
||||
}
|
||||
return fmt.Sprintf(authorizationHeaderFormat, keyID, "rsa-sha1", headerName, signedBase64), nil
|
||||
}
|
||||
|
||||
|
||||
21
vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go
generated
vendored
21
vendor/github.com/joyent/triton-go/authentication/ssh_agent_signer.go
generated
vendored
@@ -8,6 +8,7 @@ import (
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
"path"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/errwrap"
|
||||
@@ -24,13 +25,20 @@ type SSHAgentSigner struct {
|
||||
keyFingerprint string
|
||||
algorithm string
|
||||
accountName string
|
||||
userName string
|
||||
keyIdentifier string
|
||||
|
||||
agent agent.Agent
|
||||
key ssh.PublicKey
|
||||
}
|
||||
|
||||
func NewSSHAgentSigner(keyFingerprint, accountName string) (*SSHAgentSigner, error) {
|
||||
type SSHAgentSignerInput struct {
|
||||
KeyID string
|
||||
AccountName string
|
||||
Username string
|
||||
}
|
||||
|
||||
func NewSSHAgentSigner(input SSHAgentSignerInput) (*SSHAgentSigner, error) {
|
||||
sshAgentAddress, agentOk := os.LookupEnv("SSH_AUTH_SOCK")
|
||||
if !agentOk {
|
||||
return nil, ErrUnsetEnvVar
|
||||
@@ -44,8 +52,8 @@ func NewSSHAgentSigner(keyFingerprint, accountName string) (*SSHAgentSigner, err
|
||||
ag := agent.NewClient(conn)
|
||||
|
||||
signer := &SSHAgentSigner{
|
||||
keyFingerprint: keyFingerprint,
|
||||
accountName: accountName,
|
||||
keyFingerprint: input.KeyID,
|
||||
accountName: input.AccountName,
|
||||
agent: ag,
|
||||
}
|
||||
|
||||
@@ -55,7 +63,12 @@ func NewSSHAgentSigner(keyFingerprint, accountName string) (*SSHAgentSigner, err
|
||||
}
|
||||
signer.key = matchingKey
|
||||
signer.formattedKeyFingerprint = formatPublicKeyFingerprint(signer.key, true)
|
||||
signer.keyIdentifier = fmt.Sprintf("/%s/keys/%s", signer.accountName, signer.formattedKeyFingerprint)
|
||||
if input.Username != "" {
|
||||
signer.userName = input.Username
|
||||
signer.keyIdentifier = path.Join("/", signer.accountName, "users", input.Username, "keys", signer.formattedKeyFingerprint)
|
||||
} else {
|
||||
signer.keyIdentifier = path.Join("/", signer.accountName, "keys", signer.formattedKeyFingerprint)
|
||||
}
|
||||
|
||||
_, algorithm, err := signer.SignRaw("HelloWorld")
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user