From 9c21c2e799449ae303ed764ba1677366d0571e8d Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Fri, 15 Sep 2023 14:38:46 +0200 Subject: split LDAP and S3 --- garage.go | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/garage.go b/garage.go index 1ae02e4..61d1b93 100644 --- a/garage.go +++ b/garage.go @@ -109,17 +109,15 @@ func grgGetBucket(bid string) (*garage.BucketInfo, error) { } -func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { - login := checkLogin(w, r) +func checkS3(login *LoginStatus) (*garage.KeyInfo, error) { if login == nil { - return nil, nil, errors.New("LDAP login failed") + return nil, errors.New("Login can't be nil") } - keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key") if keyID == "" { keyPair, err := grgCreateKey(login.Info.Username) if err != nil { - return login, nil, err + return nil, err } modify_request := ldap.NewModifyRequest(login.Info.DN, nil) modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId}) @@ -128,11 +126,20 @@ func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *gar // or when bottin will be able to dynamically fetch it. modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey}) err = login.conn.Modify(modify_request) - return login, keyPair, err + return keyPair, err } // Note: we could simply return the login info, but LX asked we do not // store the secrets in LDAP in the future. keyPair, err := grgGetKey(keyID) + return keyPair, err +} + +func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { + login := checkLogin(w, r) + if login == nil { + return nil, nil, errors.New("LDAP login failed") + } + keyPair, err := checkS3(login) return login, keyPair, err } -- cgit v1.2.3