minio/server-auth-config.go

/*
 * Minio Cloud Storage, (C) 2015 Minio, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package main

import (
	"os"
	"os/user"
	"path/filepath"

	"github.com/minio/minio/pkg/probe"
	"github.com/minio/minio/pkg/quick"
)

// AuthUser container
type AuthUser struct {
	Name            string
	AccessKeyID     string
	SecretAccessKey string
}

// AuthConfig auth keys
type AuthConfig struct {
	Version string
	Users   map[string]*AuthUser
}

// getAuthConfigPath get users config path
func getAuthConfigPath() (string, *probe.Error) {
	if customConfigPath != "" {
		return customConfigPath, nil
	}
	u, err := user.Current()
	if err != nil {
		return "", probe.NewError(err)
	}
	authConfigPath := filepath.Join(u.HomeDir, ".minio")
	return authConfigPath, nil
}

// createAuthConfigPath create users config path
func createAuthConfigPath() *probe.Error {
	authConfigPath, err := getAuthConfigPath()
	if err != nil {
		return err.Trace()
	}
	if err := os.MkdirAll(authConfigPath, 0700); err != nil {
		return probe.NewError(err)
	}
	return nil
}

// isAuthConfigFileExists is auth config file exists?
func isAuthConfigFileExists() bool {
	if _, err := os.Stat(mustGetAuthConfigFile()); err != nil {
		if os.IsNotExist(err) {
			return false
		}
		panic(err)
	}
	return true
}

// mustGetAuthConfigFile always get users config file, if not panic
func mustGetAuthConfigFile() string {
	authConfigFile, err := getAuthConfigFile()
	if err != nil {
		panic(err)
	}
	return authConfigFile
}

// getAuthConfigFile get users config file
func getAuthConfigFile() (string, *probe.Error) {
	authConfigPath, err := getAuthConfigPath()
	if err != nil {
		return "", err.Trace()
	}
	return filepath.Join(authConfigPath, "users.json"), nil
}

// customConfigPath not accessed from outside only allowed through get/set methods
var customConfigPath string

// SetAuthConfigPath - set custom auth config path
func SetAuthConfigPath(configPath string) {
	customConfigPath = configPath
}

// SaveConfig save auth config
func SaveConfig(a *AuthConfig) *probe.Error {
	authConfigFile, err := getAuthConfigFile()
	if err != nil {
		return err.Trace()
	}
	qc, err := quick.New(a)
	if err != nil {
		return err.Trace()
	}
	if err := qc.Save(authConfigFile); err != nil {
		return err.Trace()
	}
	return nil
}

// LoadConfig load auth config
func LoadConfig() (*AuthConfig, *probe.Error) {
	authConfigFile, err := getAuthConfigFile()
	if err != nil {
		return nil, err.Trace()
	}
	if _, err := os.Stat(authConfigFile); err != nil {
		return nil, probe.NewError(err)
	}
	a := &AuthConfig{}
	a.Version = "0.0.1"
	a.Users = make(map[string]*AuthUser)
	qc, err := quick.New(a)
	if err != nil {
		return nil, err.Trace()
	}
	if err := qc.Load(authConfigFile); err != nil {
		return nil, err.Trace()
	}
	return qc.Data().(*AuthConfig), nil
}
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`/*`
Move from Minimalist Object Storage to Minio Cloud Storage 9 years ago			`* Minio Cloud Storage, (C) 2015 Minio, Inc.`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`package main`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago
			`import (`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`"os"`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`"os/user"`
			`"path/filepath"`

Migrate from iodine to probe 9 years ago			`"github.com/minio/minio/pkg/probe"`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`"github.com/minio/minio/pkg/quick"`
			`)`

First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`// AuthUser container`
			`type AuthUser struct {`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`Name string`
			`AccessKeyID string`
			`SecretAccessKey string`
			`}`

First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`// AuthConfig auth keys`
			`type AuthConfig struct {`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`Version string`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`Users map[string]*AuthUser`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`// getAuthConfigPath get users config path`
Migrate from iodine to probe 9 years ago			`func getAuthConfigPath() (string, *probe.Error) {`
Remove global custom config path variables, use get/set methods instead 9 years ago			`if customConfigPath != "" {`
			`return customConfigPath, nil`
			`}`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`u, err := user.Current()`
			`if err != nil {`
Probe revamped to provide for a new WrappedError struct to wrap probes as error interface This convenience was necessary to be used for golang library functions like io.Copy and io.Pipe where we shouldn't be writing proxies and alternatives returning probe.Error This change also brings more changes across code base for clear separation regarding where an error interface should be passed encapsulating probe.Error and where it should be used as is. 9 years ago			`return "", probe.NewError(err)`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`authConfigPath := filepath.Join(u.HomeDir, ".minio")`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`return authConfigPath, nil`
			`}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`// createAuthConfigPath create users config path`
			`func createAuthConfigPath() *probe.Error {`
			`authConfigPath, err := getAuthConfigPath()`
			`if err != nil {`
			`return err.Trace()`
			`}`
			`if err := os.MkdirAll(authConfigPath, 0700); err != nil {`
			`return probe.NewError(err)`
			`}`
			`return nil`
			`}`

			`// isAuthConfigFileExists is auth config file exists?`
			`func isAuthConfigFileExists() bool {`
			`if _, err := os.Stat(mustGetAuthConfigFile()); err != nil {`
			`if os.IsNotExist(err) {`
			`return false`
			`}`
			`panic(err)`
			`}`
			`return true`
			`}`

			`// mustGetAuthConfigFile always get users config file, if not panic`
			`func mustGetAuthConfigFile() string {`
			`authConfigFile, err := getAuthConfigFile()`
			`if err != nil {`
			`panic(err)`
			`}`
			`return authConfigFile`
			`}`

			`// getAuthConfigFile get users config file`
			`func getAuthConfigFile() (string, *probe.Error) {`
			`authConfigPath, err := getAuthConfigPath()`
			`if err != nil {`
			`return "", err.Trace()`
			`}`
			`return filepath.Join(authConfigPath, "users.json"), nil`
			`}`

Remove global custom config path variables, use get/set methods instead 9 years ago			`// customConfigPath not accessed from outside only allowed through get/set methods`
			`var customConfigPath string`

			`// SetAuthConfigPath - set custom auth config path`
			`func SetAuthConfigPath(configPath string) {`
			`customConfigPath = configPath`
			`}`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`// SaveConfig save auth config`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`func SaveConfig(a AuthConfig) probe.Error {`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`authConfigFile, err := getAuthConfigFile()`
Remove global custom config path variables, use get/set methods instead 9 years ago			`if err != nil {`
Migrate from iodine to probe 9 years ago			`return err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
			`qc, err := quick.New(a)`
			`if err != nil {`
Migrate from iodine to probe 9 years ago			`return err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`if err := qc.Save(authConfigFile); err != nil {`
Migrate from iodine to probe 9 years ago			`return err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
			`return nil`
			`}`

Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`// LoadConfig load auth config`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`func LoadConfig() (AuthConfig, probe.Error) {`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`authConfigFile, err := getAuthConfigFile()`
Remove global custom config path variables, use get/set methods instead 9 years ago			`if err != nil {`
Migrate from iodine to probe 9 years ago			`return nil, err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`if _, err := os.Stat(authConfigFile); err != nil {`
			`return nil, probe.NewError(err)`
			`}`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`a := &AuthConfig{}`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`a.Version = "0.0.1"`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`a.Users = make(map[string]*AuthUser)`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`qc, err := quick.New(a)`
			`if err != nil {`
Migrate from iodine to probe 9 years ago			`return nil, err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
Enhance auth JSONRPC, now provides persistent output Implements - Auth.Generate("user") - Auth.Fetch("user") - Auth.Reset("user") This patch also adds testing for each of these cases 9 years ago			`if err := qc.Load(authConfigFile); err != nil {`
Migrate from iodine to probe 9 years ago			`return nil, err.Trace()`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`
First time mode for controller - Upon first time invocation ``minio controller`` would create access keys and secret id - Upon request passing 'keys' arg ``minio controller`` would provide the keys - Add colorized notification 9 years ago			`return qc.Data().(*AuthConfig), nil`
Add server side signaturev4 check, not wired up to the readers yet. 9 years ago			`}`