Add auth rpc service to generate access keys, add corresponding test

master
Harshavardhana 10 years ago
parent 770fd23afa
commit 396b728031
  1. 6
      commands.go
  2. 14
      pkg/auth/auth.go
  3. 4
      pkg/auth/auth_test.go
  4. 22
      pkg/controller/client.go
  5. 16
      pkg/server/api/generic-handlers.go
  6. 1
      pkg/server/router.go
  7. 52
      pkg/server/rpc/signature.go
  8. 21
      pkg/server/rpc_test.go

@ -123,6 +123,12 @@ func runController(c *cli.Context) {
Fatalln(err) Fatalln(err)
} }
Println(string(sysinfo)) Println(string(sysinfo))
case "auth":
keys, err := controller.GetAuthKeys(c.Args().Tail().First())
if err != nil {
Fatalln(err)
}
Println(string(keys))
case "donut": case "donut":
if len(c.Args()) <= 2 || c.Args().First() == "help" { if len(c.Args()) <= 2 || c.Args().First() == "help" {
cli.ShowCommandHelpAndExit(c, "controller", 1) // last argument is exit code cli.ShowCommandHelpAndExit(c, "controller", 1) // last argument is exit code

@ -26,26 +26,24 @@ var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
// GenerateAccessKeyID - generate random alpha numeric value using only uppercase characters // GenerateAccessKeyID - generate random alpha numeric value using only uppercase characters
// takes input as size in integer // takes input as size in integer
func GenerateAccessKeyID(size int) ([]byte, error) { func GenerateAccessKeyID() ([]byte, error) {
alpha := make([]byte, size) alpha := make([]byte, MinioAccessID)
_, err := rand.Read(alpha) _, err := rand.Read(alpha)
if err != nil { if err != nil {
return nil, err return nil, err
} }
for i := 0; i < MinioAccessID; i++ {
for i := 0; i < size; i++ {
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))] alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
} }
return alpha, nil return alpha, nil
} }
// GenerateSecretAccessKey - generate random base64 numeric value from a random seed. // GenerateSecretAccessKey - generate random base64 numeric value from a random seed.
func GenerateSecretAccessKey(size int) ([]byte, error) { func GenerateSecretAccessKey() ([]byte, error) {
rb := make([]byte, size) rb := make([]byte, MinioSecretID)
_, err := rand.Read(rb) _, err := rand.Read(rb)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return []byte(base64.StdEncoding.EncodeToString(rb))[:MinioSecretID], nil
return []byte(base64.StdEncoding.EncodeToString(rb))[:size], nil
} }

@ -30,10 +30,10 @@ type MySuite struct{}
var _ = Suite(&MySuite{}) var _ = Suite(&MySuite{})
func (s *MySuite) TestAuth(c *C) { func (s *MySuite) TestAuth(c *C) {
secretID, err := auth.GenerateSecretAccessKey(auth.MinioSecretID) secretID, err := auth.GenerateSecretAccessKey()
c.Assert(err, IsNil) c.Assert(err, IsNil)
accessID, err := auth.GenerateAccessKeyID(auth.MinioAccessID) accessID, err := auth.GenerateAccessKeyID()
c.Assert(err, IsNil) c.Assert(err, IsNil)
c.Assert(len(secretID), Equals, auth.MinioSecretID) c.Assert(len(secretID), Equals, auth.MinioSecretID)

@ -91,6 +91,28 @@ func GetSysInfo(url string) ([]byte, error) {
return json.MarshalIndent(reply, "", "\t") return json.MarshalIndent(reply, "", "\t")
} }
// GetAuthKeys get access key id and secret access key
func GetAuthKeys(url string) ([]byte, error) {
op := RPCOps{
Method: "Auth.Get",
Request: rpc.Args{Request: ""},
}
req, err := NewRequest(url, op, http.DefaultTransport)
if err != nil {
return nil, iodine.New(err, nil)
}
resp, err := req.Do()
if err != nil {
return nil, iodine.New(err, nil)
}
defer resp.Body.Close()
var reply rpc.AuthReply
if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
return nil, iodine.New(err, nil)
}
return json.MarshalIndent(reply, "", "\t")
}
// SetDonut - set donut config // SetDonut - set donut config
func SetDonut(url, hostname string, disks []string) error { func SetDonut(url, hostname string, disks []string) error {
op := RPCOps{ op := RPCOps{

@ -25,8 +25,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/minio/minio/pkg/auth"
"github.com/minio/minio/pkg/quick" "github.com/minio/minio/pkg/quick"
"github.com/minio/minio/pkg/server/api/auth/keys"
) )
type contentTypeHandler struct { type contentTypeHandler struct {
@ -45,7 +45,7 @@ type resourceHandler struct {
handler http.Handler handler http.Handler
} }
type auth struct { type authHeader struct {
prefix string prefix string
credential string credential string
signedheaders string signedheaders string
@ -62,13 +62,13 @@ const (
) )
// strip auth from authorization header // strip auth from authorization header
func stripAuth(r *http.Request) (*auth, error) { func stripAuth(r *http.Request) (*authHeader, error) {
authHeader := r.Header.Get("Authorization") ah := r.Header.Get("Authorization")
if authHeader == "" { if ah == "" {
return nil, errors.New("Missing auth header") return nil, errors.New("Missing auth header")
} }
a := new(auth) a := new(authHeader)
authFields := strings.Split(authHeader, ",") authFields := strings.Split(ah, ",")
if len(authFields) != 3 { if len(authFields) != 3 {
return nil, errors.New("Missing fields in Auth header") return nil, errors.New("Missing fields in Auth header")
} }
@ -95,7 +95,7 @@ func stripAuth(r *http.Request) (*auth, error) {
a.signedheaders = signedheaders[1] a.signedheaders = signedheaders[1]
a.signature = signature[1] a.signature = signature[1]
a.accessKey = strings.Split(a.credential, "/")[0] a.accessKey = strings.Split(a.credential, "/")[0]
if !keys.IsValidAccessKey(a.accessKey) { if !auth.IsValidAccessKey(a.accessKey) {
return nil, errors.New("Invalid access key") return nil, errors.New("Invalid access key")
} }
return a, nil return a, nil

@ -117,6 +117,7 @@ func getRPCHandler() http.Handler {
s.RegisterService(new(rpc.MemStatsService), "MemStats") s.RegisterService(new(rpc.MemStatsService), "MemStats")
s.RegisterService(new(rpc.DiskInfoService), "DiskInfo") s.RegisterService(new(rpc.DiskInfoService), "DiskInfo")
s.RegisterService(new(rpc.DonutService), "Donut") s.RegisterService(new(rpc.DonutService), "Donut")
s.RegisterService(new(rpc.AuthService), "Auth")
// Add new RPC services here // Add new RPC services here
return registerRPC(router.NewRouter(), s) return registerRPC(router.NewRouter(), s)
} }

@ -0,0 +1,52 @@
/*
* Minimalist Object Storage, (C) 2015 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package rpc
import (
"net/http"
"github.com/minio/minio/pkg/auth"
"github.com/minio/minio/pkg/iodine"
)
// AuthService auth service
type AuthService struct{}
// AuthReply reply with new access keys and secret ids
type AuthReply struct {
AccessKeyID string `json:"accesskey"`
SecretAccessKey string `json:"secretaccesskey"`
}
func getAuth(reply *AuthReply) error {
accessID, err := auth.GenerateAccessKeyID()
if err != nil {
return iodine.New(err, nil)
}
reply.AccessKeyID = string(accessID)
secretID, err := auth.GenerateSecretAccessKey()
if err != nil {
return iodine.New(err, nil)
}
reply.SecretAccessKey = string(secretID)
return nil
}
// Get auth keys
func (s *AuthService) Get(r *http.Request, args *Args, reply *AuthReply) error {
return getAuth(reply)
}

@ -99,3 +99,24 @@ func (s *MyRPCSuite) TestSysInfo(c *C) {
resp.Body.Close() resp.Body.Close()
c.Assert(reply, Not(DeepEquals), rpc.SysInfoReply{}) c.Assert(reply, Not(DeepEquals), rpc.SysInfoReply{})
} }
func (s *MyRPCSuite) TestAuth(c *C) {
op := controller.RPCOps{
Method: "Auth.Get",
Request: rpc.Args{Request: ""},
}
req, err := controller.NewRequest(testRPCServer.URL+"/rpc", op, http.DefaultTransport)
c.Assert(err, IsNil)
c.Assert(req.Get("Content-Type"), Equals, "application/json")
resp, err := req.Do()
c.Assert(err, IsNil)
c.Assert(resp.StatusCode, Equals, http.StatusOK)
var reply rpc.AuthReply
err = jsonrpc.DecodeClientResponse(resp.Body, &reply)
c.Assert(err, IsNil)
resp.Body.Close()
c.Assert(reply, Not(DeepEquals), rpc.AuthReply{})
c.Assert(len(reply.AccessKeyID), Equals, 20)
c.Assert(len(reply.SecretAccessKey), Equals, 40)
}

Loading…
Cancel
Save