From 19410edcbbe0c4d221e0760a7b4c9a8b4d3ffff1 Mon Sep 17 00:00:00 2001 From: Kim Date: Mon, 16 Oct 2023 12:51:11 +0200 Subject: [PATCH] Key schenanigans --- .../App/Backend/DataTypes/Methods/ExoCmd.cs | 54 ++++++++----------- 1 file changed, 22 insertions(+), 32 deletions(-) diff --git a/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs b/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs index 3714ca1e2..2b26c2c76 100644 --- a/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs +++ b/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs @@ -10,40 +10,30 @@ public static class ExoCmd [UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "")] public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize(File.OpenRead("./Resources/exoscaleS3.json")); - public static async Task<(String key, String secret)> CreateReadKey(this Installation installation) + public static async Task<(String, String)> CreateReadKey(this Installation installation) { - var iamService = new S3Region($"https://{installation.S3Region}.{installation.S3Provider}", S3Creds!).GetIamClient(); - if (!await Iam.RoleExists(iamService, $"READ{installation.BucketName()}")) - { - - var readOnlyPolicy =@"{ - ""default-service-strategy"": ""deny"", - ""services"": { - ""sos"": { - ""type"": ""rules"", - ""rules"": [ - { - ""expression"": ""operation == 'list-objects'"", - ""action"": ""allow"" - }, - { - ""expression"": ""operation == 'get-object'"", - ""action"": ""allow"" - } - ], - ""resource"": " + $@"{installation.BucketName()} - }} - }} - }}"; - - await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}"); - await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy); - } - - var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}"); - + var url = $"https://{installation.S3Region}-2.exoscale.com/v2/access-key"; - return (keySecret.AccessKeyId, keySecret.SecretAccessKey); + var content = new HttpMessageContent(new HttpRequestMessage(HttpMethod.Post, requestUri: $$""" + { + "name" : {{installation.Name}}, + "operations": [ + "list-objects", + "get-object" + ], + "resources": { + "resource-name": "{{installation.BucketName()}}" + } + } +""")); + + // await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}"); + // await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy); + var client = new HttpClient(); + var postRequestResponse = await client.PostAsync(url, content); + // var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}"); + + return (postRequestResponse.Content.ToString(), postRequestResponse.Content.ToString()); } public static async Task RevokeReadKey(this Installation installation)