Merge pull request #720 from harshavardhana/pr_out_add_auth_rpc_service_to_generate_access_keys

commands.go

@@ -123,6 +123,12 @@ func runController(c *cli.Context) {
 			Fatalln(err)
 		}
 		Println(string(sysinfo))
+	case "auth":
+		keys, err := controller.GetAuthKeys(c.Args().Tail().First())
+		if err != nil {
+			Fatalln(err)
+		}
+		Println(string(keys))
 	case "donut":
 		if len(c.Args()) <= 2 || c.Args().First() == "help" {
 			cli.ShowCommandHelpAndExit(c, "controller", 1) // last argument is exit code

pkg/auth/auth.go

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package keys
+package auth
 
 import (
 	"crypto/rand"
@@ -24,28 +24,26 @@ import (
 // Static alphaNumeric table used for generating unique keys
 var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
 
-// GenerateRandomAlphaNumeric - generate random alpha numeric value using only uppercase characters
+// GenerateAccessKeyID - generate random alpha numeric value using only uppercase characters
 // takes input as size in integer
-func GenerateRandomAlphaNumeric(size int) ([]byte, error) {
-	alpha := make([]byte, size)
+func GenerateAccessKeyID() ([]byte, error) {
+	alpha := make([]byte, MinioAccessID)
 	_, err := rand.Read(alpha)
 	if err != nil {
 		return nil, err
 	}
-
-	for i := 0; i < size; i++ {
+	for i := 0; i < MinioAccessID; i++ {
 		alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
 	}
 	return alpha, nil
 }
 
-// GenerateRandomBase64 - generate random base64 numeric value from a random seed.
-func GenerateRandomBase64(size int) ([]byte, error) {
-	rb := make([]byte, size)
+// GenerateSecretAccessKey - generate random base64 numeric value from a random seed.
+func GenerateSecretAccessKey() ([]byte, error) {
+	rb := make([]byte, MinioSecretID)
 	_, err := rand.Read(rb)
 	if err != nil {
 		return nil, err
 	}
-	dest := base64.StdEncoding.EncodeToString(rb)
-	return []byte(dest), nil
+	return []byte(base64.StdEncoding.EncodeToString(rb))[:MinioSecretID], nil
 }

pkg/auth/auth_test.go

@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-package keys_test
+package auth_test
 
 import (
 	"testing"
 
 	. "github.com/minio/check"
-	"github.com/minio/minio/pkg/server/api/auth/keys"
+	"github.com/minio/minio/pkg/auth"
 )
 
 func Test(t *testing.T) { TestingT(t) }
@@ -29,13 +29,16 @@ type MySuite struct{}
 
 var _ = Suite(&MySuite{})
 
-func (s *MySuite) TestingKeys(c *C) {
-	value, err := keys.GenerateRandomBase64(keys.MinioSecretID)
+func (s *MySuite) TestAuth(c *C) {
+	secretID, err := auth.GenerateSecretAccessKey()
 	c.Assert(err, IsNil)
 
-	alphanum, err := keys.GenerateRandomAlphaNumeric(keys.MinioAccessID)
+	accessID, err := auth.GenerateAccessKeyID()
 	c.Assert(err, IsNil)
 
-	c.Log(string(value))
-	c.Log(string(alphanum))
+	c.Assert(len(secretID), Equals, auth.MinioSecretID)
+	c.Assert(len(accessID), Equals, auth.MinioAccessID)
+
+	c.Log(string(secretID))
+	c.Log(string(accessID))
 }

pkg/auth/common.go

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package keys
+package auth
 
 import "regexp"
 

pkg/controller/client.go

@@ -91,6 +91,28 @@ func GetSysInfo(url string) ([]byte, error) {
 	return json.MarshalIndent(reply, "", "\t")
 }
 
+// GetAuthKeys get access key id and secret access key
+func GetAuthKeys(url string) ([]byte, error) {
+	op := RPCOps{
+		Method:  "Auth.Get",
+		Request: rpc.Args{Request: ""},
+	}
+	req, err := NewRequest(url, op, http.DefaultTransport)
+	if err != nil {
+		return nil, iodine.New(err, nil)
+	}
+	resp, err := req.Do()
+	if err != nil {
+		return nil, iodine.New(err, nil)
+	}
+	defer resp.Body.Close()
+	var reply rpc.AuthReply
+	if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
+		return nil, iodine.New(err, nil)
+	}
+	return json.MarshalIndent(reply, "", "\t")
+}
+
 // SetDonut - set donut config
 func SetDonut(url, hostname string, disks []string) error {
 	op := RPCOps{

pkg/server/api/generic-handlers.go

@@ -25,8 +25,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/quick"
-	"github.com/minio/minio/pkg/server/api/auth/keys"
 )
 
 type contentTypeHandler struct {
@@ -45,7 +45,7 @@ type resourceHandler struct {
 	handler http.Handler
 }
 
-type auth struct {
+type authHeader struct {
 	prefix        string
 	credential    string
 	signedheaders string
@@ -62,13 +62,13 @@ const (
 )
 
 // strip auth from authorization header
-func stripAuth(r *http.Request) (*auth, error) {
-	authHeader := r.Header.Get("Authorization")
-	if authHeader == "" {
+func stripAuth(r *http.Request) (*authHeader, error) {
+	ah := r.Header.Get("Authorization")
+	if ah == "" {
 		return nil, errors.New("Missing auth header")
 	}
-	a := new(auth)
-	authFields := strings.Split(authHeader, ",")
+	a := new(authHeader)
+	authFields := strings.Split(ah, ",")
 	if len(authFields) != 3 {
 		return nil, errors.New("Missing fields in Auth header")
 	}
@@ -95,7 +95,7 @@ func stripAuth(r *http.Request) (*auth, error) {
 	a.signedheaders = signedheaders[1]
 	a.signature = signature[1]
 	a.accessKey = strings.Split(a.credential, "/")[0]
-	if !keys.IsValidAccessKey(a.accessKey) {
+	if !auth.IsValidAccessKey(a.accessKey) {
 		return nil, errors.New("Invalid access key")
 	}
 	return a, nil

pkg/server/router.go

@@ -117,6 +117,7 @@ func getRPCHandler() http.Handler {
 	s.RegisterService(new(rpc.MemStatsService), "MemStats")
 	s.RegisterService(new(rpc.DiskInfoService), "DiskInfo")
 	s.RegisterService(new(rpc.DonutService), "Donut")
+	s.RegisterService(new(rpc.AuthService), "Auth")
 	// Add new RPC services here
 	return registerRPC(router.NewRouter(), s)
 }

pkg/server/rpc/signature.go

@@ -0,0 +1,52 @@
+/*
+ * Minimalist Object Storage, (C) 2015 Minio, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package rpc
+
+import (
+	"net/http"
+
+	"github.com/minio/minio/pkg/auth"
+	"github.com/minio/minio/pkg/iodine"
+)
+
+// AuthService auth service
+type AuthService struct{}
+
+// AuthReply reply with new access keys and secret ids
+type AuthReply struct {
+	AccessKeyID     string `json:"accesskey"`
+	SecretAccessKey string `json:"secretaccesskey"`
+}
+
+func getAuth(reply *AuthReply) error {
+	accessID, err := auth.GenerateAccessKeyID()
+	if err != nil {
+		return iodine.New(err, nil)
+	}
+	reply.AccessKeyID = string(accessID)
+	secretID, err := auth.GenerateSecretAccessKey()
+	if err != nil {
+		return iodine.New(err, nil)
+	}
+	reply.SecretAccessKey = string(secretID)
+	return nil
+}
+
+// Get auth keys
+func (s *AuthService) Get(r *http.Request, args *Args, reply *AuthReply) error {
+	return getAuth(reply)
+}

pkg/server/rpc_test.go

@@ -99,3 +99,24 @@ func (s *MyRPCSuite) TestSysInfo(c *C) {
 	resp.Body.Close()
 	c.Assert(reply, Not(DeepEquals), rpc.SysInfoReply{})
 }
+
+func (s *MyRPCSuite) TestAuth(c *C) {
+	op := controller.RPCOps{
+		Method:  "Auth.Get",
+		Request: rpc.Args{Request: ""},
+	}
+	req, err := controller.NewRequest(testRPCServer.URL+"/rpc", op, http.DefaultTransport)
+	c.Assert(err, IsNil)
+	c.Assert(req.Get("Content-Type"), Equals, "application/json")
+	resp, err := req.Do()
+	c.Assert(err, IsNil)
+	c.Assert(resp.StatusCode, Equals, http.StatusOK)
+
+	var reply rpc.AuthReply
+	err = jsonrpc.DecodeClientResponse(resp.Body, &reply)
+	c.Assert(err, IsNil)
+	resp.Body.Close()
+	c.Assert(reply, Not(DeepEquals), rpc.AuthReply{})
+	c.Assert(len(reply.AccessKeyID), Equals, 20)
+	c.Assert(len(reply.SecretAccessKey), Equals, 40)
+}