Update web-identity example to use minio-go SDK (#8501)

master
Harshavardhana 5 years ago committed by Nitish Tiwari
parent fb48ca5020
commit 64759189f5
  1. 66
      docs/sts/web-identity.go

@ -1,7 +1,7 @@
// +build ignore // +build ignore
/* /*
* MinIO Cloud Storage, (C) 2018 MinIO, Inc. * MinIO Cloud Storage, (C) 2019 MinIO, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -22,8 +22,8 @@ import (
"context" "context"
"crypto/rand" "crypto/rand"
"encoding/base64" "encoding/base64"
"encoding/json"
"encoding/xml" "encoding/xml"
"errors"
"flag" "flag"
"fmt" "fmt"
"log" "log"
@ -34,6 +34,8 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
googleOAuth2 "golang.org/x/oauth2/google" googleOAuth2 "golang.org/x/oauth2/google"
"github.com/minio/minio-go/v6"
"github.com/minio/minio-go/v6/pkg/credentials"
"github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/auth"
) )
@ -122,56 +124,52 @@ func main() {
return return
} }
getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code")) oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
if err != nil { if err != nil {
http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError) return nil, err
return
} }
if !oauth2Token.Valid() {
if oauth2Token.Valid() { return nil, errors.New("invalid token")
v := url.Values{}
v.Set("Action", "AssumeRoleWithWebIdentity")
v.Set("WebIdentityToken", fmt.Sprintf("%s", oauth2Token.Extra("id_token")))
v.Set("DurationSeconds", fmt.Sprintf("%d", int64(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds())))
v.Set("Version", "2011-06-15")
u, err := url.Parse("http://localhost:9000")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
} }
u.RawQuery = v.Encode()
req, err := http.NewRequest(http.MethodPost, u.String(), nil) return &credentials.WebIdentityToken{
if err != nil { Token: oauth2Token.Extra("id_token").(string),
http.Error(w, err.Error(), http.StatusInternalServerError) Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
return }, nil
} }
resp, err := http.DefaultClient.Do(req) sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusBadRequest)
return return
}
// Uncomment this to use MinIO API operations by initializing minio
// client with obtained credentials.
opts := &minio.Options{
Creds: sts,
BucketLookup: minio.BucketLookupAuto,
} }
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK { u, err := url.Parse(stsEndpoint)
http.Error(w, resp.Status, resp.StatusCode) if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
a := AssumeRoleWithWebIdentityResponse{} clnt, err := minio.NewWithOptions(u.Host, opts)
if err = xml.NewDecoder(resp.Body).Decode(&a); err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
buckets, err := clnt.ListBuckets()
w.Write([]byte("##### Credentials\n"))
c, err := json.MarshalIndent(a.Result.Credentials, "", "\t")
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError) http.Error(w, err.Error(), http.StatusBadRequest)
return return
} }
w.Write(c) for _, bucket := range buckets {
log.Println(bucket)
} }
}) })

Loading…
Cancel
Save