From 396b728031bab98d71b889edf9691d8f16ba7999 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Wed, 8 Jul 2015 14:33:54 -0700 Subject: [PATCH] Add auth rpc service to generate access keys, add corresponding test --- commands.go | 6 ++++ pkg/auth/auth.go | 14 ++++---- pkg/auth/auth_test.go | 4 +-- pkg/controller/client.go | 22 +++++++++++++ pkg/server/api/generic-handlers.go | 16 ++++----- pkg/server/router.go | 1 + pkg/server/rpc/signature.go | 52 ++++++++++++++++++++++++++++++ pkg/server/rpc_test.go | 21 ++++++++++++ 8 files changed, 118 insertions(+), 18 deletions(-) create mode 100644 pkg/server/rpc/signature.go diff --git a/commands.go b/commands.go index e1fefa0b5..fcc36a526 100644 --- a/commands.go +++ b/commands.go @@ -123,6 +123,12 @@ func runController(c *cli.Context) { Fatalln(err) } Println(string(sysinfo)) + case "auth": + keys, err := controller.GetAuthKeys(c.Args().Tail().First()) + if err != nil { + Fatalln(err) + } + Println(string(keys)) case "donut": if len(c.Args()) <= 2 || c.Args().First() == "help" { cli.ShowCommandHelpAndExit(c, "controller", 1) // last argument is exit code diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 8b50e068e..d15395378 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -26,26 +26,24 @@ var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ") // GenerateAccessKeyID - generate random alpha numeric value using only uppercase characters // takes input as size in integer -func GenerateAccessKeyID(size int) ([]byte, error) { - alpha := make([]byte, size) +func GenerateAccessKeyID() ([]byte, error) { + alpha := make([]byte, MinioAccessID) _, err := rand.Read(alpha) if err != nil { return nil, err } - - for i := 0; i < size; i++ { + for i := 0; i < MinioAccessID; i++ { alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))] } return alpha, nil } // GenerateSecretAccessKey - generate random base64 numeric value from a random seed. -func GenerateSecretAccessKey(size int) ([]byte, error) { - rb := make([]byte, size) +func GenerateSecretAccessKey() ([]byte, error) { + rb := make([]byte, MinioSecretID) _, err := rand.Read(rb) if err != nil { return nil, err } - - return []byte(base64.StdEncoding.EncodeToString(rb))[:size], nil + return []byte(base64.StdEncoding.EncodeToString(rb))[:MinioSecretID], nil } diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go index 35f5133e4..6ccbbc5f2 100644 --- a/pkg/auth/auth_test.go +++ b/pkg/auth/auth_test.go @@ -30,10 +30,10 @@ type MySuite struct{} var _ = Suite(&MySuite{}) func (s *MySuite) TestAuth(c *C) { - secretID, err := auth.GenerateSecretAccessKey(auth.MinioSecretID) + secretID, err := auth.GenerateSecretAccessKey() c.Assert(err, IsNil) - accessID, err := auth.GenerateAccessKeyID(auth.MinioAccessID) + accessID, err := auth.GenerateAccessKeyID() c.Assert(err, IsNil) c.Assert(len(secretID), Equals, auth.MinioSecretID) diff --git a/pkg/controller/client.go b/pkg/controller/client.go index 1383af66a..11a0b3a4d 100644 --- a/pkg/controller/client.go +++ b/pkg/controller/client.go @@ -91,6 +91,28 @@ func GetSysInfo(url string) ([]byte, error) { return json.MarshalIndent(reply, "", "\t") } +// GetAuthKeys get access key id and secret access key +func GetAuthKeys(url string) ([]byte, error) { + op := RPCOps{ + Method: "Auth.Get", + Request: rpc.Args{Request: ""}, + } + req, err := NewRequest(url, op, http.DefaultTransport) + if err != nil { + return nil, iodine.New(err, nil) + } + resp, err := req.Do() + if err != nil { + return nil, iodine.New(err, nil) + } + defer resp.Body.Close() + var reply rpc.AuthReply + if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil { + return nil, iodine.New(err, nil) + } + return json.MarshalIndent(reply, "", "\t") +} + // SetDonut - set donut config func SetDonut(url, hostname string, disks []string) error { op := RPCOps{ diff --git a/pkg/server/api/generic-handlers.go b/pkg/server/api/generic-handlers.go index bf21b6c43..6395cac8a 100644 --- a/pkg/server/api/generic-handlers.go +++ b/pkg/server/api/generic-handlers.go @@ -25,8 +25,8 @@ import ( "strings" "time" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/quick" - "github.com/minio/minio/pkg/server/api/auth/keys" ) type contentTypeHandler struct { @@ -45,7 +45,7 @@ type resourceHandler struct { handler http.Handler } -type auth struct { +type authHeader struct { prefix string credential string signedheaders string @@ -62,13 +62,13 @@ const ( ) // strip auth from authorization header -func stripAuth(r *http.Request) (*auth, error) { - authHeader := r.Header.Get("Authorization") - if authHeader == "" { +func stripAuth(r *http.Request) (*authHeader, error) { + ah := r.Header.Get("Authorization") + if ah == "" { return nil, errors.New("Missing auth header") } - a := new(auth) - authFields := strings.Split(authHeader, ",") + a := new(authHeader) + authFields := strings.Split(ah, ",") if len(authFields) != 3 { return nil, errors.New("Missing fields in Auth header") } @@ -95,7 +95,7 @@ func stripAuth(r *http.Request) (*auth, error) { a.signedheaders = signedheaders[1] a.signature = signature[1] a.accessKey = strings.Split(a.credential, "/")[0] - if !keys.IsValidAccessKey(a.accessKey) { + if !auth.IsValidAccessKey(a.accessKey) { return nil, errors.New("Invalid access key") } return a, nil diff --git a/pkg/server/router.go b/pkg/server/router.go index 509202002..4c40b7fe9 100644 --- a/pkg/server/router.go +++ b/pkg/server/router.go @@ -117,6 +117,7 @@ func getRPCHandler() http.Handler { s.RegisterService(new(rpc.MemStatsService), "MemStats") s.RegisterService(new(rpc.DiskInfoService), "DiskInfo") s.RegisterService(new(rpc.DonutService), "Donut") + s.RegisterService(new(rpc.AuthService), "Auth") // Add new RPC services here return registerRPC(router.NewRouter(), s) } diff --git a/pkg/server/rpc/signature.go b/pkg/server/rpc/signature.go new file mode 100644 index 000000000..799c2f0d2 --- /dev/null +++ b/pkg/server/rpc/signature.go @@ -0,0 +1,52 @@ +/* + * Minimalist Object Storage, (C) 2015 Minio, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package rpc + +import ( + "net/http" + + "github.com/minio/minio/pkg/auth" + "github.com/minio/minio/pkg/iodine" +) + +// AuthService auth service +type AuthService struct{} + +// AuthReply reply with new access keys and secret ids +type AuthReply struct { + AccessKeyID string `json:"accesskey"` + SecretAccessKey string `json:"secretaccesskey"` +} + +func getAuth(reply *AuthReply) error { + accessID, err := auth.GenerateAccessKeyID() + if err != nil { + return iodine.New(err, nil) + } + reply.AccessKeyID = string(accessID) + secretID, err := auth.GenerateSecretAccessKey() + if err != nil { + return iodine.New(err, nil) + } + reply.SecretAccessKey = string(secretID) + return nil +} + +// Get auth keys +func (s *AuthService) Get(r *http.Request, args *Args, reply *AuthReply) error { + return getAuth(reply) +} diff --git a/pkg/server/rpc_test.go b/pkg/server/rpc_test.go index 0cd1e089c..090d1edc7 100644 --- a/pkg/server/rpc_test.go +++ b/pkg/server/rpc_test.go @@ -99,3 +99,24 @@ func (s *MyRPCSuite) TestSysInfo(c *C) { resp.Body.Close() c.Assert(reply, Not(DeepEquals), rpc.SysInfoReply{}) } + +func (s *MyRPCSuite) TestAuth(c *C) { + op := controller.RPCOps{ + Method: "Auth.Get", + Request: rpc.Args{Request: ""}, + } + req, err := controller.NewRequest(testRPCServer.URL+"/rpc", op, http.DefaultTransport) + c.Assert(err, IsNil) + c.Assert(req.Get("Content-Type"), Equals, "application/json") + resp, err := req.Do() + c.Assert(err, IsNil) + c.Assert(resp.StatusCode, Equals, http.StatusOK) + + var reply rpc.AuthReply + err = jsonrpc.DecodeClientResponse(resp.Body, &reply) + c.Assert(err, IsNil) + resp.Body.Close() + c.Assert(reply, Not(DeepEquals), rpc.AuthReply{}) + c.Assert(len(reply.AccessKeyID), Equals, 20) + c.Assert(len(reply.SecretAccessKey), Equals, 40) +}