From bdb9af5a26f49799cb1feec866d289513eb09e7b Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Wed, 19 Apr 2023 11:36:13 +0200 Subject: Garage key page info --- garage.go | 78 +++++++++++++++++++++++++++++++++++++++++++---- main.go | 1 + templates/garage_key.html | 16 +++++----- 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/garage.go b/garage.go index 4e23e8f..e8962ae 100644 --- a/garage.go +++ b/garage.go @@ -1,9 +1,12 @@ package main import ( + "errors" + "log" "net/http" "context" "fmt" + "github.com/go-ldap/ldap/v3" garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" ) @@ -21,26 +24,82 @@ func gadmin() (*garage.APIClient, context.Context) { } -func createKey(name string) error { +func grgCreateKey(name string) (*garage.KeyInfo, error) { client, ctx := gadmin() kr := garage.AddKeyRequest{Name: &name} resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute() if err != nil { fmt.Printf("%+v\n", err) - return err + return nil, err } - fmt.Printf("%+v\n", resp) - return nil + return resp, nil +} + +func grgGetKey(accessKey string) (*garage.KeyInfo, error) { + client, ctx := gadmin() + + resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute() + if err != nil { + fmt.Printf("%+v\n", err) + return nil, err + } + return resp, nil +} + + +func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { + login := checkLogin(w, r) + if login == nil { + return nil, nil, errors.New("LDAP login failed") + } + + keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key") + if keyID == "" { + keyPair, err := grgCreateKey(login.Info.Username) + if err != nil { + return login, nil, err + } + modify_request := ldap.NewModifyRequest(login.Info.DN, nil) + modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId}) + // @FIXME compatibility feature for bagage (SFTP+webdav) + // you can remove it once bagage will be updated to fetch the key from garage directly + // or when bottin will be able to dynamically fetch it. + modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey}) + err = login.conn.Modify(modify_request) + return login, keyPair, err + } + // Note: we could simply return the login info, but LX asked we do not + // store the secrets in LDAP in the future. + keyPair, err := grgGetKey(keyID) + return login, keyPair, err +} + +type keyView struct { + Status *LoginStatus + Key *garage.KeyInfo } func handleGarageKey(w http.ResponseWriter, r *http.Request) { - createKey("toto") + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + view := keyView{Status: login, Key: s3key} + tKey := getTemplate("garage_key.html") - tKey.Execute(w, nil) + tKey.Execute(w, &view) } func handleGarageWebsiteList(w http.ResponseWriter, r *http.Request) { + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + log.Println(login, s3key) + tWebsiteList := getTemplate("garage_website_list.html") tWebsiteList.Execute(w, nil) } @@ -51,6 +110,13 @@ func handleGarageWebsiteNew(w http.ResponseWriter, r *http.Request) { } func handleGarageWebsiteInspect(w http.ResponseWriter, r *http.Request) { + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + log.Println(login, s3key) + tWebsiteInspect := getTemplate("garage_website_inspect.html") tWebsiteInspect.Execute(w, nil) } diff --git a/main.go b/main.go index 89051f5..0e47e73 100644 --- a/main.go +++ b/main.go @@ -255,6 +255,7 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { "mail", "memberof", "description", + "garage_s3_access_key", FIELD_NAME_DIRECTORY_VISIBILITY, FIELD_NAME_PROFILE_PICTURE, }, diff --git a/templates/garage_key.html b/templates/garage_key.html index 862aabd..b839fcb 100644 --- a/templates/garage_key.html +++ b/templates/garage_key.html @@ -22,11 +22,11 @@ Identifiant de clé - GKxxx + {{ .Key.AccessKeyId }} Clé secrète - ... + {{ .Key.SecretAccessKey }} Région @@ -62,8 +62,8 @@

Créez un fichier nommé ~/.awsrc :

-export AWS_ACCESS_KEY_ID=GK...
-export AWS_SECRET_ACCESS_KEY=...
+export AWS_ACCESS_KEY_ID={{ .Key.AccessKeyId }}
+export AWS_SECRET_ACCESS_KEY={{ .Key.SecretAccessKey }}
 export AWS_DEFAULT_REGION='garage'
 
 function aws { command aws --endpoint-url https://garage.deuxfleurs.fr $@ ; }
@@ -97,8 +97,8 @@ aws s3 cp /tmp/a.txt s3://my-bucket
 mc alias set \
   garage \
   https://garage.deuxfleurs.fr \
-  GK... \
-  ... \
+  {{ .Key.AccessKeyId }} \
+  {{ .Key.SecretAccessKey }} \
   --api S3v4
                         

Et ensuite pour utiliser Minio CLI avec :

@@ -176,7 +176,7 @@ hugo deploy Nom d'utilisateur-ice - (votre username guichet) + {{ .Status.Info.Username }} Mot de passe @@ -207,7 +207,7 @@ hugo deploy

Un exemple avec SCP :

-scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public bagage.deuxfleurs.fr:mon_bucket/
+scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public {{ .Status.Info.Username }}@bagage.deuxfleurs.fr:mon_bucket/
                         
-- cgit v1.2.3