Update web-identity example to use minio-go SDK (#8501)

5 years ago · 64759189f5
parent fb48ca5020
commit 64759189f5
1 changed files with 44 additions and 46 deletions
--- a/docs/sts/web-identity.go
+++ b/docs/sts/web-identity.go
@ -1,7 +1,7 @@
 // +build ignore
 /*
- * MinIO Cloud Storage, (C) 2018 MinIO, Inc.
+ * MinIO Cloud Storage, (C) 2019 MinIO, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -22,8 +22,8 @@ import (
 	"context"
 	"crypto/rand"
 	"encoding/base64"
 	"encoding/json"
 	"encoding/xml"
 	"errors"
 	"flag"
 	"fmt"
 	"log"
@ -34,6 +34,8 @@ import (
 	"golang.org/x/oauth2"
 	googleOAuth2 "golang.org/x/oauth2/google"
 	"github.com/minio/minio-go/v6"
 	"github.com/minio/minio-go/v6/pkg/credentials"
 	"github.com/minio/minio/pkg/auth"
 )
@ -78,7 +80,7 @@ var (
 	tokenEndpoint string
 	clientID      string
 	clientSecret  string
-	port					int
+	port          int
 )
 func init() {
@ -122,56 +124,52 @@ func main() {
 			return
 		}
-		oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
+		getWebTokenExpiry := func() (*credentials.WebIdentityToken, error) {
 			oauth2Token, err := config.Exchange(ctx, r.URL.Query().Get("code"))
 			if err != nil {
 				return nil, err
 			}
 			if !oauth2Token.Valid() {
 				return nil, errors.New("invalid token")
 			}
 			return &credentials.WebIdentityToken{
 				Token:  oauth2Token.Extra("id_token").(string),
 				Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
 			}, nil
 		}
 		sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
 		if err != nil {
-			http.Error(w, "Failed to exchange token: "+err.Error(), http.StatusInternalServerError)
+			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
-		if oauth2Token.Valid() {
+		// Uncomment this to use MinIO API operations by initializing minio
-			v := url.Values{}
+		// client with obtained credentials.
 			v.Set("Action", "AssumeRoleWithWebIdentity")
 			v.Set("WebIdentityToken", fmt.Sprintf("%s", oauth2Token.Extra("id_token")))
 			v.Set("DurationSeconds", fmt.Sprintf("%d", int64(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds())))
 			v.Set("Version", "2011-06-15")
 			u, err := url.Parse("http://localhost:9000")
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
 			u.RawQuery = v.Encode()
 			req, err := http.NewRequest(http.MethodPost, u.String(), nil)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
 			}
 			resp, err := http.DefaultClient.Do(req)
 			if err != nil {
 				http.Error(w, err.Error(), http.StatusInternalServerError)
 				return
-			}
+		opts := &minio.Options{
-			defer resp.Body.Close()
+			Creds:        sts,
-			if resp.StatusCode != http.StatusOK {
+			BucketLookup: minio.BucketLookupAuto,
-				http.Error(w, resp.Status, resp.StatusCode)
+		}
 				return
 			}
-			a := AssumeRoleWithWebIdentityResponse{}
+		u, err := url.Parse(stsEndpoint)
-			if err = xml.NewDecoder(resp.Body).Decode(&a); err != nil {
+		if err != nil {
-				http.Error(w, err.Error(), http.StatusInternalServerError)
+			http.Error(w, err.Error(), http.StatusBadRequest)
-				return
+			return
-			}
+		}
-			w.Write([]byte("##### Credentials\n"))
+		clnt, err := minio.NewWithOptions(u.Host, opts)
-			c, err := json.MarshalIndent(a.Result.Credentials, "", "\t")
+		if err != nil {
-			if err != nil {
+			http.Error(w, err.Error(), http.StatusBadRequest)
-				http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
-				return
+		}
-			}
+		buckets, err := clnt.ListBuckets()
-			w.Write(c)
+		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
 			return
 		}
 		for _, bucket := range buckets {
 			log.Println(bucket)
 		}
 	})