/
access.go
93 lines (75 loc) · 2.57 KB
/
access.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.
package edge
import (
"context"
"errors"
"github.com/zeebo/errs"
"storj.io/common/pb"
"storj.io/uplink"
)
// We use uplinkError.* instead of errs.* to add a prefix "uplink" to every error.
// It is not called "edge" on purpose so that the entire library emits the same error prefix.
var uplinkError = errs.Class("uplink")
// ErrAuthDialFailed is a network or protocol error.
var ErrAuthDialFailed = errors.New("dail to auth service failed")
// ErrRegisterAccessFailed is an internal error in the auth service.
var ErrRegisterAccessFailed = errors.New("register access for edge services failed")
// Credentials give access to the multi-tenant gateway.
// These work in S3 clients.
type Credentials struct {
// Base32
// This is also used in the linkshare url path.
AccessKeyID string
// Base32
SecretKey string
// HTTP(S) URL to the gateway.
Endpoint string
}
// RegisterAccessOptions contains optional parameters for RegisterAccess.
type RegisterAccessOptions struct {
// Whether objects can be read without authentication.
Public bool
}
// RegisterAccess gets credentials for the Storj-hosted Gateway and linkshare service.
// All files accessible under the Access are then also accessible via those services.
// If you call this function a lot, and the use case allows it,
// please limit the lifetime of the credentials
// by setting Permission.NotAfter when creating the Access.
func (config *Config) RegisterAccess(
ctx context.Context,
access *uplink.Access,
options *RegisterAccessOptions,
) (*Credentials, error) {
if config.AuthServiceAddress == "" {
return nil, uplinkError.New("AuthServiceAddress is missing")
}
if options == nil {
options = &RegisterAccessOptions{}
}
conn, err := config.createDialer().DialAddressHostnameVerification(ctx, config.AuthServiceAddress)
if err != nil {
return nil, uplinkError.New("%w: %v", ErrAuthDialFailed, err)
}
defer func() {
_ = conn.Close()
}()
client := pb.NewDRPCEdgeAuthClient(conn)
serializedAccess, err := access.Serialize()
if err != nil {
return nil, uplinkError.Wrap(err)
}
registerGatewayResponse, err := client.RegisterAccess(ctx, &pb.EdgeRegisterAccessRequest{
AccessGrant: serializedAccess,
Public: options.Public,
})
if err != nil {
return nil, uplinkError.New("%w: %v", ErrRegisterAccessFailed, err)
}
credentials := Credentials{
AccessKeyID: registerGatewayResponse.AccessKeyId,
SecretKey: registerGatewayResponse.SecretKey,
Endpoint: registerGatewayResponse.Endpoint,
}
return &credentials, nil
}