storj/cmd/uplinkng/external_access.go

// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.

package main

import (
	"context"
	"encoding/json"
	"os"
	"strings"

	"github.com/zeebo/errs"

	"storj.io/uplink"
)

func (ex *external) loadAccesses() error {
	if ex.access.accesses != nil {
		return nil
	}

	fh, err := os.Open(ex.AccessInfoFile())
	if os.IsNotExist(err) {
		return nil
	} else if err != nil {
		return errs.Wrap(err)
	}
	defer func() { _ = fh.Close() }()

	var jsonInput struct {
		Default  string
		Accesses map[string]string
	}

	if err := json.NewDecoder(fh).Decode(&jsonInput); err != nil {
		return errs.Wrap(err)
	}

	ex.access.defaultName = jsonInput.Default
	ex.access.accesses = jsonInput.Accesses
	ex.access.loaded = true

	return nil
}

func (ex *external) OpenAccess(accessName string) (access *uplink.Access, err error) {
	accessDefault, accesses, err := ex.GetAccessInfo(true)
	if err != nil {
		return nil, err
	}
	if accessName != "" {
		accessDefault = accessName
	}

	if data, ok := accesses[accessDefault]; ok {
		access, err = uplink.ParseAccess(data)
	} else {
		access, err = uplink.ParseAccess(accessDefault)
		// TODO: if this errors then it's probably a name so don't report an error
		// that says "it failed to parse"
	}
	if err != nil {
		return nil, err
	}

	return access, nil
}

func (ex *external) GetAccessInfo(required bool) (string, map[string]string, error) {
	if !ex.access.loaded {
		if err := ex.loadAccesses(); err != nil {
			return "", nil, err
		}
		if required && !ex.access.loaded {
			return "", nil, errs.New("No accesses configured. Use 'access save' or 'access create' to create one")
		}
	}

	// return a copy to avoid mutations messing things up
	accesses := make(map[string]string)
	for name, accessData := range ex.access.accesses {
		accesses[name] = accessData
	}

	return ex.access.defaultName, accesses, nil
}

// SaveAccessInfo writes out the access file using the provided values.
func (ex *external) SaveAccessInfo(defaultName string, accesses map[string]string) error {
	// TODO(jeff): write it atomically

	accessFh, err := os.OpenFile(ex.AccessInfoFile(), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
	if err != nil {
		return errs.Wrap(err)
	}
	defer func() { _ = accessFh.Close() }()

	var jsonOutput = struct {
		Default  string
		Accesses map[string]string
	}{
		Default:  defaultName,
		Accesses: accesses,
	}

	data, err := json.MarshalIndent(jsonOutput, "", "\t")
	if err != nil {
		return errs.Wrap(err)
	}

	if _, err := accessFh.Write(data); err != nil {
		return errs.Wrap(err)
	}

	if err := accessFh.Sync(); err != nil {
		return errs.Wrap(err)
	}

	if err := accessFh.Close(); err != nil {
		return errs.Wrap(err)
	}

	return nil
}

func (ex *external) RequestAccess(ctx context.Context, token, passphrase string) (*uplink.Access, error) {
	idx := strings.IndexByte(token, '/')
	if idx == -1 {
		return nil, errs.New("invalid setup token. should be 'satelliteAddress/apiKey'")
	}
	satelliteAddr, apiKey := token[:idx], token[idx+1:]

	access, err := uplink.RequestAccessWithPassphrase(ctx, satelliteAddr, apiKey, passphrase)
	if err != nil {
		return nil, errs.Wrap(err)
	}
	return access, nil
}
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`// Copyright (C) 2021 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package main`

			`import (`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`"context"`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`"encoding/json"`
			`"os"`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`"strings"`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00
			`"github.com/zeebo/errs"`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00
			`"storj.io/uplink"`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`)`

			`func (ex *external) loadAccesses() error {`
			`if ex.access.accesses != nil {`
			`return nil`
			`}`

cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`fh, err := os.Open(ex.AccessInfoFile())`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`if os.IsNotExist(err) {`
			`return nil`
			`} else if err != nil {`
			`return errs.Wrap(err)`
			`}`
			`defer func() { _ = fh.Close() }()`

			`var jsonInput struct {`
			`Default string`
			`Accesses map[string]string`
			`}`

			`if err := json.NewDecoder(fh).Decode(&jsonInput); err != nil {`
			`return errs.Wrap(err)`
			`}`

			`ex.access.defaultName = jsonInput.Default`
			`ex.access.accesses = jsonInput.Accesses`
			`ex.access.loaded = true`

			`return nil`
			`}`

cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`func (ex external) OpenAccess(accessName string) (access uplink.Access, err error) {`
			`accessDefault, accesses, err := ex.GetAccessInfo(true)`
			`if err != nil {`
			`return nil, err`
			`}`
			`if accessName != "" {`
			`accessDefault = accessName`
			`}`

			`if data, ok := accesses[accessDefault]; ok {`
			`access, err = uplink.ParseAccess(data)`
			`} else {`
			`access, err = uplink.ParseAccess(accessDefault)`
			`// TODO: if this errors then it's probably a name so don't report an error`
			`// that says "it failed to parse"`
			`}`
			`if err != nil {`
			`return nil, err`
			`}`

			`return access, nil`
			`}`

cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`func (ex *external) GetAccessInfo(required bool) (string, map[string]string, error) {`
			`if !ex.access.loaded {`
			`if err := ex.loadAccesses(); err != nil {`
			`return "", nil, err`
			`}`
			`if required && !ex.access.loaded {`
cmd/uplinkng: initial setup Change-Id: If4df3ec8b3b554f5228d43e97503eb8a87525b23 2021-08-13 20:31:04 +01:00			`return "", nil, errs.New("No accesses configured. Use 'access save' or 'access create' to create one")`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`}`
			`}`

			`// return a copy to avoid mutations messing things up`
			`accesses := make(map[string]string)`
			`for name, accessData := range ex.access.accesses {`
			`accesses[name] = accessData`
			`}`

			`return ex.access.defaultName, accesses, nil`
			`}`

			`// SaveAccessInfo writes out the access file using the provided values.`
			`func (ex *external) SaveAccessInfo(defaultName string, accesses map[string]string) error {`
			`// TODO(jeff): write it atomically`

cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00			`accessFh, err := os.OpenFile(ex.AccessInfoFile(), os.O_RDWR\|os.O_CREATE\|os.O_TRUNC, 0600)`
cmd/uplinkng: remove global flags this changes globalFlags to be a ulext.External interface value that is passed to each command. rather than have the ulext.External have a Setup call in the way that the projectProvider used to we make all of the state arguments to the functions and have the commands call setup themselves. the reason it is in its own package is so that cmd/uplinkng can import cmd/uplinkng/ultest but cmd/uplinkng/ultest needs to refer to whatever the interface type is to call the function that creates the commands. there's also quite a bit of shuffling around of code and names. sorry if that makes it tricky to review. there should be no logic changes, though. a side benefit is there's no longer a need to do a type assertion in ultest to make it set the fake filesystem to use. that can be passed in directly now. additionally, this makes the access commands much easier to test. Change-Id: I29cf6a2144248a58b7a605a7ae0a5ada5cfd57b6 2021-05-26 21:19:29 +01:00			`if err != nil {`
			`return errs.Wrap(err)`
			`}`
			`defer func() { _ = accessFh.Close() }()`

			`var jsonOutput = struct {`
			`Default string`
			`Accesses map[string]string`
			`}{`
			`Default: defaultName,`
			`Accesses: accesses,`
			`}`

			`data, err := json.MarshalIndent(jsonOutput, "", "\t")`
			`if err != nil {`
			`return errs.Wrap(err)`
			`}`

			`if _, err := accessFh.Write(data); err != nil {`
			`return errs.Wrap(err)`
			`}`

			`if err := accessFh.Sync(); err != nil {`
			`return errs.Wrap(err)`
			`}`

			`if err := accessFh.Close(); err != nil {`
			`return errs.Wrap(err)`
			`}`

			`return nil`
			`}`
cmd/uplinkng: access creation/restriction and review fixes Change-Id: I649ae3615363685c28c39d1efb6a65fcad507f46 2021-06-22 23:41:22 +01:00
			`func (ex external) RequestAccess(ctx context.Context, token, passphrase string) (uplink.Access, error) {`
			`idx := strings.IndexByte(token, '/')`
			`if idx == -1 {`
			`return nil, errs.New("invalid setup token. should be 'satelliteAddress/apiKey'")`
			`}`
			`satelliteAddr, apiKey := token[:idx], token[idx+1:]`

			`access, err := uplink.RequestAccessWithPassphrase(ctx, satelliteAddr, apiKey, passphrase)`
			`if err != nil {`
			`return nil, errs.Wrap(err)`
			`}`
			`return access, nil`
			`}`