JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
main
storj/cmd/uplink/cmd_access_create.go
Kaloyan Raev 2c28a0e599 cmd/uplink: ability to opt-out from object key encryption 
Option added to `uplink access setup` and `uplink access create`
commands to disable object key encryption.

Related to https://github.com/storj/storj/issues/5678

Change-Id: I4789a94143742ff4b232fd60decc029ad2883c2a
2023-03-20 13:56:15 +00:00

135 lines
3.4 KiB
Go
Raw Permalink Blame History

// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.
package main
import (
"context"
"fmt"
"io"
"strconv"
"strings"
"github.com/zeebo/clingy"
"github.com/zeebo/errs"
"storj.io/storj/cmd/uplink/ulext"
)
type cmdAccessCreate struct {
ex ulext.External
am accessMaker
passphraseStdin bool
satelliteAddr string
apiKey string
importAs string
exportTo string
unencryptedObjectKeys *bool
}
func newCmdAccessCreate(ex ulext.External) *cmdAccessCreate {
return &cmdAccessCreate{ex: ex}
}
func (c *cmdAccessCreate) Setup(params clingy.Parameters) {
c.passphraseStdin = params.Flag("passphrase-stdin", "If set, the passphrase is read from stdin, and all other values must be provided.", false,
clingy.Transform(strconv.ParseBool),
clingy.Boolean,
).(bool)
c.satelliteAddr = params.Flag("satellite-address", "Satellite address from satellite UI (prompted if unspecified)", "").(string)
c.apiKey = params.Flag("api-key", "API key from satellite UI (prompted if unspecified)", "").(string)
c.importAs = params.Flag("import-as", "Import the access as this name", "").(string)
c.exportTo = params.Flag("export-to", "Export the access to this file path", "").(string)
c.unencryptedObjectKeys = params.Flag("unencrypted-object-keys", "If set, the created access grant won't encrypt object keys", nil,
clingy.Transform(strconv.ParseBool), clingy.Boolean, clingy.Optional,
).(*bool)
params.Break()
c.am.Setup(params, c.ex)
}
func (c *cmdAccessCreate) Execute(ctx context.Context) (err error) {
if c.satelliteAddr == "" {
if c.passphraseStdin {
return errs.New("Must specify the satellite address as a flag when passphrase-stdin is set.")
}
c.satelliteAddr, err = c.ex.PromptInput(ctx, "Satellite address:")
if err != nil {
return errs.Wrap(err)
}
}
if c.apiKey == "" {
if c.passphraseStdin {
return errs.New("Must specify the api key as a flag when passphrase-stdin is set.")
}
c.apiKey, err = c.ex.PromptInput(ctx, "API key:")
if err != nil {
return errs.Wrap(err)
}
}
unencryptedObjectKeys := false
if c.unencryptedObjectKeys != nil {
unencryptedObjectKeys = *c.unencryptedObjectKeys
} else if !c.passphraseStdin {
answer, err := c.ex.PromptInput(ctx, "Would you like to disable encryption for object keys (allows lexicographical sorting of objects in listings)? (y/N):")
if err != nil {
return errs.Wrap(err)
}
answer = strings.ToLower(answer)
if answer == "y" || answer == "yes" {
unencryptedObjectKeys = true
}
}
var passphrase string
if c.passphraseStdin {
stdinData, err := io.ReadAll(clingy.Stdin(ctx))
if err != nil {
return errs.Wrap(err)
}
passphrase = strings.TrimRight(string(stdinData), "\r\n")
} else {
passphrase, err = c.ex.PromptSecret(ctx, "Passphrase:")
if err != nil {
return errs.Wrap(err)
}
}
if passphrase == "" {
return errs.New("Encryption passphrase must be non-empty")
}
access, err := c.ex.RequestAccess(ctx, c.satelliteAddr, c.apiKey, passphrase, unencryptedObjectKeys)
if err != nil {
return errs.Wrap(err)
}
access, err = c.am.Execute(ctx, c.importAs, access)
if err != nil {
return errs.Wrap(err)
}
if c.exportTo != "" {
return c.ex.ExportAccess(ctx, access, c.exportTo)
}
if c.importAs != "" {
return nil
}
serialized, err := access.Serialize()
if err != nil {
return errs.Wrap(err)
}
fmt.Fprintln(clingy.Stdout(ctx), serialized)
return nil
}
Reference in New Issue View Git Blame Copy Permalink