|
|
@ -1,7 +1,7 @@ |
|
|
|
// +build ignore
|
|
|
|
// +build ignore
|
|
|
|
|
|
|
|
|
|
|
|
/* |
|
|
|
/* |
|
|
|
* MinIO Cloud Storage, (C) 2018 MinIO, Inc. |
|
|
|
* MinIO Cloud Storage, (C) 2019 MinIO, Inc. |
|
|
|
* |
|
|
|
* |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
|
* you may not use this file except in compliance with the License. |
|
|
@ -22,8 +22,8 @@ import ( |
|
|
|
"context" |
|
|
|
"context" |
|
|
|
"crypto/rand" |
|
|
|
"crypto/rand" |
|
|
|
"encoding/base64" |
|
|
|
"encoding/base64" |
|
|
|
"encoding/json" |
|
|
|
|
|
|
|
"encoding/xml" |
|
|
|
"encoding/xml" |
|
|
|
|
|
|
|
"errors" |
|
|
|
"flag" |
|
|
|
"flag" |
|
|
|
"fmt" |
|
|
|
"fmt" |
|
|
|
"log" |
|
|
|
"log" |
|
|
@ -34,6 +34,8 @@ import ( |
|
|
|
"golang.org/x/oauth2" |
|
|
|
"golang.org/x/oauth2" |
|
|
|
googleOAuth2 "golang.org/x/oauth2/google" |
|
|
|
googleOAuth2 "golang.org/x/oauth2/google" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/minio/minio-go/v6" |
|
|
|
|
|
|
|
"github.com/minio/minio-go/v6/pkg/credentials" |
|
|
|
"github.com/minio/minio/pkg/auth" |
|
|
|
"github.com/minio/minio/pkg/auth" |
|
|
|
) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
@ -122,56 +124,52 @@ func main() { |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) { |
|
|
|
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code")) |
|
|
|
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code")) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError) |
|
|
|
return nil, err |
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if !oauth2Token.Valid() { |
|
|
|
if oauth2Token.Valid() { |
|
|
|
return nil, errors.New("invalid token") |
|
|
|
v := url.Values{} |
|
|
|
|
|
|
|
v.Set("Action", "AssumeRoleWithWebIdentity") |
|
|
|
|
|
|
|
v.Set("WebIdentityToken", fmt.Sprintf("%s", oauth2Token.Extra("id_token"))) |
|
|
|
|
|
|
|
v.Set("DurationSeconds", fmt.Sprintf("%d", int64(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()))) |
|
|
|
|
|
|
|
v.Set("Version", "2011-06-15") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
u, err := url.Parse("http://localhost:9000") |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
|
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError) |
|
|
|
|
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
u.RawQuery = v.Encode() |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
req, err := http.NewRequest(http.MethodPost, u.String(), nil) |
|
|
|
return &credentials.WebIdentityToken{ |
|
|
|
if err != nil { |
|
|
|
Token: oauth2Token.Extra("id_token").(string), |
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError) |
|
|
|
Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()), |
|
|
|
return |
|
|
|
}, nil |
|
|
|
} |
|
|
|
} |
|
|
|
resp, err := http.DefaultClient.Do(req) |
|
|
|
sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError) |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
return |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Uncomment this to use MinIO API operations by initializing minio
|
|
|
|
|
|
|
|
// client with obtained credentials.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
opts := &minio.Options{ |
|
|
|
|
|
|
|
Creds: sts, |
|
|
|
|
|
|
|
BucketLookup: minio.BucketLookupAuto, |
|
|
|
} |
|
|
|
} |
|
|
|
defer resp.Body.Close() |
|
|
|
|
|
|
|
if resp.StatusCode != http.StatusOK { |
|
|
|
u, err := url.Parse(stsEndpoint) |
|
|
|
http.Error(w, resp.Status, resp.StatusCode) |
|
|
|
if err != nil { |
|
|
|
|
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
a := AssumeRoleWithWebIdentityResponse{} |
|
|
|
clnt, err := minio.NewWithOptions(u.Host, opts) |
|
|
|
if err = xml.NewDecoder(resp.Body).Decode(&a); err != nil { |
|
|
|
if err != nil { |
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError) |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
buckets, err := clnt.ListBuckets() |
|
|
|
w.Write([]byte("##### Credentials\n")) |
|
|
|
|
|
|
|
c, err := json.MarshalIndent(a.Result.Credentials, "", "\t") |
|
|
|
|
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
http.Error(w, err.Error(), http.StatusInternalServerError) |
|
|
|
http.Error(w, err.Error(), http.StatusBadRequest) |
|
|
|
return |
|
|
|
return |
|
|
|
} |
|
|
|
} |
|
|
|
w.Write(c) |
|
|
|
for _, bucket := range buckets { |
|
|
|
|
|
|
|
log.Println(bucket) |
|
|
|
} |
|
|
|
} |
|
|
|
}) |
|
|
|
}) |
|
|
|
|
|
|
|
|
|
|
|