diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-15 14:38:46 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2023-09-15 14:38:46 +0200 |
commit | 9c21c2e799449ae303ed764ba1677366d0571e8d (patch) | |
tree | 97fbbbc6121b75d2f1250a137d496da9dea14af8 | |
parent | 74113fad490ccdaa00961c5818eaa107781dfd79 (diff) | |
download | guichet-9c21c2e799449ae303ed764ba1677366d0571e8d.tar.gz guichet-9c21c2e799449ae303ed764ba1677366d0571e8d.zip |
split LDAP and S3
-rw-r--r-- | garage.go | 19 |
1 files changed, 13 insertions, 6 deletions
@@ -109,17 +109,15 @@ func grgGetBucket(bid string) (*garage.BucketInfo, error) { } -func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { - login := checkLogin(w, r) +func checkS3(login *LoginStatus) (*garage.KeyInfo, error) { if login == nil { - return nil, nil, errors.New("LDAP login failed") + return nil, errors.New("Login can't be nil") } - keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key") if keyID == "" { keyPair, err := grgCreateKey(login.Info.Username) if err != nil { - return login, nil, err + return nil, err } modify_request := ldap.NewModifyRequest(login.Info.DN, nil) modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId}) @@ -128,11 +126,20 @@ func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *gar // or when bottin will be able to dynamically fetch it. modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey}) err = login.conn.Modify(modify_request) - return login, keyPair, err + return keyPair, err } // Note: we could simply return the login info, but LX asked we do not // store the secrets in LDAP in the future. keyPair, err := grgGetKey(keyID) + return keyPair, err +} + +func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { + login := checkLogin(w, r) + if login == nil { + return nil, nil, errors.New("LDAP login failed") + } + keyPair, err := checkS3(login) return login, keyPair, err } |