Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AssumeRole feature support #615

Merged
merged 3 commits into from
May 9, 2022
Merged

AssumeRole feature support #615

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a4a4cdf
AssumeRole feature support
ebozduman Apr 12, 2022
74f6137
Fixes the build error
ebozduman Apr 14, 2022
7a95de2
Implements the review comments
ebozduman Apr 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
70 changes: 70 additions & 0 deletions Minio.Examples/Cases/AssumeRoleProviderExample.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
// -*- coding: utf-8 -*-
// MinIO Python Library for Amazon S3 Compatible Cloud Storage,
// (C) 2022 MinIO, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

using System;
using System.Threading.Tasks;
using Minio.Credentials;


namespace Minio.Examples.Cases
{
public class AssumeRoleProviderExample
{
// Establish Authentication by assuming the role of an existing user
public async static Task Run()
{
// endpoint usually point to MinIO server.
var endpoint = "alias:port";

// Access key to fetch credentials from STS endpoint.
var accessKey = "access-key";

// Secret key to fetch credentials from STS endpoint.
var secretKey = "secret-key";

MinioClient minio = new MinioClient()
.WithEndpoint(endpoint)
.WithCredentials(accessKey, secretKey)
.WithSSL()
.Build();
try
{
var provider = new AssumeRoleProvider(minio);

var token = await provider.GetCredentialsAsync();
// Console.WriteLine("\nToken = "); utils.Print(token);
MinioClient minioClient = new MinioClient()
.WithEndpoint(endpoint)
.WithCredentials(token.AccessKey, token.SecretKey)
.WithSessionToken(token.SessionToken)
.WithSSL()
.Build()
;
StatObjectArgs statObjectArgs = new StatObjectArgs()
.WithBucket("bucket-name")
.WithObject("object-name");
var result = await minio.StatObjectAsync(statObjectArgs);
// Console.WriteLine("Object Stat: \n"); utils.Print(result);
Console.WriteLine("AssumeRoleProvider test PASSed\n");
}
catch (Exception e)
{
Console.WriteLine($"AssumeRoleProvider test exception: {e}\n");
}
}
}
}
57 changes: 29 additions & 28 deletions Minio.Examples/Cases/CertificateIdentityProviderExample.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,42 +28,43 @@
namespace Minio.Examples.Cases
{

public class CeritificateIdentityProviderExample
public class CertificateIdentityProviderExample
{
// Establish Authentication on both ways with client and server certificates
public async static Task Run()
{
// STS endpoint
var stsEndpoint = "https://myminio:9000/";
var stsEndpoint = "https://alias:port/";

// Generatng pfx cert for this call.
// openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile server.crt
using(var cert = new X509Certificate2("C:\\dev\\client.pfx", "optional-password"))
{
var provider = new CertificateIdentityProvider()
.WithStsEndpoint(stsEndpoint)
.WithCertificate(cert)
.Build();
// Generatng pfx cert for this call.
// openssl pkcs12 -export -out client.pfx -inkey client.key -in client.crt -certfile server.crt
using (var cert = new X509Certificate2("C:\\dev\\client.pfx", "optional-password"))
{
try
{
var provider = new CertificateIdentityProvider()
.WithStsEndpoint(stsEndpoint)
.WithCertificate(cert)
.Build();

MinioClient minioClient = new MinioClient()
.WithEndpoint("myminio:9000")
.WithSSL()
.WithCredentialsProvider(provider)
.Build();
MinioClient minioClient = new MinioClient()
.WithEndpoint("alias:port")
.WithSSL()
.WithCredentialsProvider(provider)
.Build();

try
{
StatObjectArgs statObjectArgs = new StatObjectArgs()
.WithBucket("bucket-name")
.WithObject("object-name");
ObjectStat result = await minioClient.StatObjectAsync(statObjectArgs);
Console.WriteLine("Object Stat: \n" + result.ToString());
}
catch (Exception e)
{
Console.WriteLine($"CertificateIdentityExample test exception: {e}");
}
}
StatObjectArgs statObjectArgs = new StatObjectArgs()
.WithBucket("bucket-name")
.WithObject("object-name");
ObjectStat result = await minioClient.StatObjectAsync(statObjectArgs);
// Console.WriteLine("\nObject Stat: \n" + result.ToString());
Console.WriteLine("\nCertificateIdentityProvider test PASSed\n");
}
catch (Exception e)
{
Console.WriteLine($"\nCertificateIdentityProvider test exception: {e}\n");
}
}
}
}
}
6 changes: 4 additions & 2 deletions Minio.Functional.Tests/FunctionalTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -669,6 +669,7 @@ internal async static Task TearDown(MinioClient minio, string bucketName)
{
return;
});

System.Threading.Thread.Sleep(4500);
if (lockConfig != null && lockConfig.ObjectLockEnabled.Equals(ObjectLockConfiguration.LockEnabled))
{
Expand Down Expand Up @@ -2883,11 +2884,11 @@ internal async static Task ListObjects_Test6(MinioClient minio)
Assert.AreEqual(count, numObjects);
});
System.Threading.Thread.Sleep(3500);
new MintLogger("ListObjects_Test6", listObjectsSignature, "Tests whether ListObjects lists all objects when number of objects == 100", TestStatus.PASS, (DateTime.Now - startTime), args: args).Log();
new MintLogger("ListObjects_Test6", listObjectsSignature, "Tests whether ListObjects lists more than 1000 objects correctly(max-keys = 1000)", TestStatus.PASS, (DateTime.Now - startTime), args: args).Log();
}
catch (Exception ex)
{
new MintLogger("ListObjects_Test6", listObjectsSignature, "Tests whether ListObjects lists all objects when number of objects == 100", TestStatus.FAIL, (DateTime.Now - startTime), ex.Message, ex.ToString(), args: args).Log();
new MintLogger("ListObjects_Test6", listObjectsSignature, "Tests whether ListObjects lists more than 1000 objects correctly(max-keys = 1000)", TestStatus.FAIL, (DateTime.Now - startTime), ex.Message, ex.ToString(), args: args).Log();
throw;
}
finally
Expand Down Expand Up @@ -3774,6 +3775,7 @@ internal async static Task RemoveIncompleteUpload_Test(MinioClient minio)
RemoveIncompleteUploadArgs rmArgs = new RemoveIncompleteUploadArgs()
.WithBucket(bucketName)
.WithObject(objectName);

await minio.RemoveIncompleteUploadAsync(rmArgs);

ListIncompleteUploadsArgs listArgs = new ListIncompleteUploadsArgs()
Expand Down
12 changes: 6 additions & 6 deletions Minio.Tests/AuthenticatorTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,10 +37,10 @@ public void TestAnonymousInsecureRequestHeaders()
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");

var authenticatorInsecure = new V4Authenticator(false, "a", "b");
var authenticatorInsecure = new V4Authenticator(false, "a", "b");
Assert.IsFalse(authenticatorInsecure.isAnonymous);

authenticatorInsecure.Authenticate(request);
authenticatorInsecure.Authenticate(request, false);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
}

Expand All @@ -54,10 +54,10 @@ public void TestAnonymousSecureRequestHeaders()
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");

var authenticatorSecure = new V4Authenticator(true, "a", "b");
var authenticatorSecure = new V4Authenticator(true, "a", "b");
Assert.IsFalse(authenticatorSecure.isAnonymous);

authenticatorSecure.Authenticate(request);
authenticatorSecure.Authenticate(request, false);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
}

Expand All @@ -71,7 +71,7 @@ public void TestSecureRequestHeaders()

var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");
authenticator.Authenticate(request);
authenticator.Authenticate(request, false);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Tuple<string, string> match = GetHeaderKV(request, "x-amz-content-sha256");
Assert.IsTrue(match != null && match.Item2.Equals("UNSIGNED-PAYLOAD"));
Expand All @@ -86,7 +86,7 @@ public void TestInsecureRequestHeaders()
Assert.IsFalse(authenticator.isAnonymous);
var request = new HttpRequestMessageBuilder(HttpMethod.Put, "http://localhost:9000/bucketname/objectname");
request.AddJsonBody("[]");
authenticator.Authenticate(request);
authenticator.Authenticate(request, false);
Assert.IsTrue(hasPayloadHeader(request, "x-amz-content-sha256"));
Assert.IsFalse(hasPayloadHeader(request, "Content-Md5"));
}
Expand Down
115 changes: 58 additions & 57 deletions Minio/ApiEndpoints/BucketOperations.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,63 +253,64 @@ public IObservable<Item> ListObjectsAsync(ListObjectsArgs args, CancellationToke
{
args.Validate();
return Observable.Create<Item>(
async (obs, ct) =>
{
bool isRunning = true;
var delimiter = (args.Recursive) ? string.Empty : "/";
string marker = string.Empty;
uint count = 0;
string versionIdMarker = string.Empty;
string nextContinuationToken = string.Empty;
using (var cts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, ct))
{
while (isRunning)
{
GetObjectListArgs goArgs = new GetObjectListArgs()
.WithBucket(args.BucketName)
.WithPrefix(args.Prefix)
.WithDelimiter(delimiter)
.WithVersions(args.Versions)
.WithContinuationToken(nextContinuationToken)
.WithMarker(marker)
.WithListObjectsV1(!args.UseV2)
.WithVersionIdMarker(versionIdMarker);
if (args.Versions)
{
Tuple<ListVersionsResult, List<Item>> objectList = await this.GetObjectVersionsListAsync(goArgs, cts.Token).ConfigureAwait(false);
ListObjectVersionResponse listObjectsItemResponse = new ListObjectVersionResponse(args, objectList, obs);
if (objectList.Item2.Count == 0 && count == 0)
{
string name = args.BucketName;
if (!string.IsNullOrEmpty(args.Prefix))
name += "/" + args.Prefix;
throw new EmptyBucketOperation("Bucket " + name + " is empty.");
}
obs = listObjectsItemResponse.ItemObservable;
marker = listObjectsItemResponse.NextKeyMarker;
versionIdMarker = listObjectsItemResponse.NextVerMarker;
isRunning = objectList.Item1.IsTruncated;
}
else
{
Tuple<ListBucketResult, List<Item>> objectList = await GetObjectListAsync(goArgs, cts.Token).ConfigureAwait(false);
if (objectList.Item2.Count == 0 && objectList.Item1.KeyCount.Equals("0") && count == 0)
{
string name = args.BucketName;
if (!string.IsNullOrEmpty(args.Prefix))
name += "/" + args.Prefix;
throw new EmptyBucketOperation("Bucket " + name + " is empty.");
}
ListObjectsItemResponse listObjectsItemResponse = new ListObjectsItemResponse(args, objectList, obs);
marker = listObjectsItemResponse.NextMarker;
isRunning = objectList.Item1.IsTruncated;
nextContinuationToken = (objectList.Item1.IsTruncated) ? objectList.Item1.NextContinuationToken : string.Empty;
}
cts.Token.ThrowIfCancellationRequested();
count++;
}
}
});
async (obs, ct) =>
{
bool isRunning = true;
var delimiter = (args.Recursive) ? string.Empty : "/";
string marker = string.Empty;
uint count = 0;
string versionIdMarker = string.Empty;
string nextContinuationToken = string.Empty;
using (var cts = CancellationTokenSource.CreateLinkedTokenSource(cancellationToken, ct))
{
while (isRunning)
{
GetObjectListArgs goArgs = new GetObjectListArgs()
.WithBucket(args.BucketName)
.WithPrefix(args.Prefix)
.WithDelimiter(delimiter)
.WithVersions(args.Versions)
.WithContinuationToken(nextContinuationToken)
.WithMarker(marker)
.WithListObjectsV1(!args.UseV2)
.WithVersionIdMarker(versionIdMarker);
if (args.Versions)
{
Tuple<ListVersionsResult, List<Item>> objectList = await this.GetObjectVersionsListAsync(goArgs, cts.Token).ConfigureAwait(false);
ListObjectVersionResponse listObjectsItemResponse = new ListObjectVersionResponse(args, objectList, obs);
if (objectList.Item2.Count == 0 && count == 0)
{
string name = args.BucketName;
if (!string.IsNullOrEmpty(args.Prefix))
name += "/" + args.Prefix;
throw new EmptyBucketOperation("Bucket " + name + " is empty.");
}
obs = listObjectsItemResponse.ItemObservable;
marker = listObjectsItemResponse.NextKeyMarker;
versionIdMarker = listObjectsItemResponse.NextVerMarker;
isRunning = objectList.Item1.IsTruncated;
}
else
{
Tuple<ListBucketResult, List<Item>> objectList = await GetObjectListAsync(goArgs, cts.Token).ConfigureAwait(false);
if (objectList.Item2.Count == 0 && objectList.Item1.KeyCount.Equals("0") && count == 0)
{
string name = args.BucketName;
if (!string.IsNullOrEmpty(args.Prefix))
name += "/" + args.Prefix;
throw new EmptyBucketOperation("Bucket " + name + " is empty.");
}
ListObjectsItemResponse listObjectsItemResponse = new ListObjectsItemResponse(args, objectList, obs);
marker = listObjectsItemResponse.NextMarker;
isRunning = objectList.Item1.IsTruncated;
nextContinuationToken = (objectList.Item1.IsTruncated) ? objectList.Item1.NextContinuationToken : string.Empty;
}
cts.Token.ThrowIfCancellationRequested();
count++;
}
}
}
);
}


Expand Down
1 change: 1 addition & 0 deletions Minio/Credentials/AssumeRoleBaseProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ internal async virtual Task<HttpRequestMessageBuilder> BuildRequest()
throw new InvalidOperationException("MinioClient is not set in AssumeRoleBaseProvider");
}
reqBuilder = await Client.CreateRequest(HttpMethod.Post);
reqBuilder.AddQueryParameter("Action", this.Action);
reqBuilder.AddQueryParameter("Version", "2011-06-15");
if (!string.IsNullOrWhiteSpace(this.Policy))
{
Expand Down