diff --git a/garage.go b/garage.go index 4e23e8f..e8962ae 100644 --- a/garage.go +++ b/garage.go @@ -1,9 +1,12 @@ package main import ( + "errors" + "log" "net/http" "context" "fmt" + "github.com/go-ldap/ldap/v3" garage "git.deuxfleurs.fr/garage-sdk/garage-admin-sdk-golang" ) @@ -21,26 +24,82 @@ func gadmin() (*garage.APIClient, context.Context) { } -func createKey(name string) error { +func grgCreateKey(name string) (*garage.KeyInfo, error) { client, ctx := gadmin() kr := garage.AddKeyRequest{Name: &name} resp, _, err := client.KeyApi.AddKey(ctx).AddKeyRequest(kr).Execute() if err != nil { fmt.Printf("%+v\n", err) - return err + return nil, err } - fmt.Printf("%+v\n", resp) - return nil + return resp, nil +} + +func grgGetKey(accessKey string) (*garage.KeyInfo, error) { + client, ctx := gadmin() + + resp, _, err := client.KeyApi.GetKey(ctx, accessKey).Execute() + if err != nil { + fmt.Printf("%+v\n", err) + return nil, err + } + return resp, nil +} + + +func checkLoginAndS3(w http.ResponseWriter, r *http.Request) (*LoginStatus, *garage.KeyInfo, error) { + login := checkLogin(w, r) + if login == nil { + return nil, nil, errors.New("LDAP login failed") + } + + keyID := login.UserEntry.GetAttributeValue("garage_s3_access_key") + if keyID == "" { + keyPair, err := grgCreateKey(login.Info.Username) + if err != nil { + return login, nil, err + } + modify_request := ldap.NewModifyRequest(login.Info.DN, nil) + modify_request.Replace("garage_s3_access_key", []string{*keyPair.AccessKeyId}) + // @FIXME compatibility feature for bagage (SFTP+webdav) + // you can remove it once bagage will be updated to fetch the key from garage directly + // or when bottin will be able to dynamically fetch it. + modify_request.Replace("garage_s3_secret_key", []string{*keyPair.SecretAccessKey}) + err = login.conn.Modify(modify_request) + return login, keyPair, err + } + // Note: we could simply return the login info, but LX asked we do not + // store the secrets in LDAP in the future. + keyPair, err := grgGetKey(keyID) + return login, keyPair, err +} + +type keyView struct { + Status *LoginStatus + Key *garage.KeyInfo } func handleGarageKey(w http.ResponseWriter, r *http.Request) { - createKey("toto") + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + view := keyView{Status: login, Key: s3key} + tKey := getTemplate("garage_key.html") - tKey.Execute(w, nil) + tKey.Execute(w, &view) } func handleGarageWebsiteList(w http.ResponseWriter, r *http.Request) { + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + log.Println(login, s3key) + tWebsiteList := getTemplate("garage_website_list.html") tWebsiteList.Execute(w, nil) } @@ -51,6 +110,13 @@ func handleGarageWebsiteNew(w http.ResponseWriter, r *http.Request) { } func handleGarageWebsiteInspect(w http.ResponseWriter, r *http.Request) { + login, s3key, err := checkLoginAndS3(w, r) + if err != nil { + log.Println(err) + return + } + log.Println(login, s3key) + tWebsiteInspect := getTemplate("garage_website_inspect.html") tWebsiteInspect.Execute(w, nil) } diff --git a/main.go b/main.go index 89051f5..0e47e73 100644 --- a/main.go +++ b/main.go @@ -255,6 +255,7 @@ func checkLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { "mail", "memberof", "description", + "garage_s3_access_key", FIELD_NAME_DIRECTORY_VISIBILITY, FIELD_NAME_PROFILE_PICTURE, }, diff --git a/templates/garage_key.html b/templates/garage_key.html index 862aabd..b839fcb 100644 --- a/templates/garage_key.html +++ b/templates/garage_key.html @@ -22,11 +22,11 @@
Créez un fichier nommé ~/.awsrc
:
-export AWS_ACCESS_KEY_ID=GK... -export AWS_SECRET_ACCESS_KEY=... +export AWS_ACCESS_KEY_ID={{ .Key.AccessKeyId }} +export AWS_SECRET_ACCESS_KEY={{ .Key.SecretAccessKey }} export AWS_DEFAULT_REGION='garage' function aws { command aws --endpoint-url https://garage.deuxfleurs.fr $@ ; } @@ -97,8 +97,8 @@ aws s3 cp /tmp/a.txt s3://my-bucket mc alias set \ garage \ https://garage.deuxfleurs.fr \ - GK... \ - ... \ + {{ .Key.AccessKeyId }} \ + {{ .Key.SecretAccessKey }} \ --api S3v4
Et ensuite pour utiliser Minio CLI avec :
@@ -176,7 +176,7 @@ hugo deployUn exemple avec SCP :
-scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public bagage.deuxfleurs.fr:mon_bucket/ +scp -oHostKeyAlgorithms=+ssh-rsa -P2222 -r ./public {{ .Status.Info.Username }}@bagage.deuxfleurs.fr:mon_bucket/