Innovenergy
/
Innovenergy_trunk
2
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Key schenanigans

This commit is contained in:
Kim 2023-10-16 12:51:11 +02:00
parent 6f4c1122f7
commit 19410edcbb
1 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
csharp/App/Backend/DataTypes/Methods/ExoCmd.cs
View File

@ -10,40 +10,30 @@ public static class ExoCmd
[UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")] [UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json")); public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json"));
public static async Task<(String key, String secret)> CreateReadKey(this Installation installation) public static async Task<(String, String)> CreateReadKey(this Installation installation)
{
var iamService = new S3Region($"https://{installation.S3Region}.{installation.S3Provider}", S3Creds!).GetIamClient();
if (!await Iam.RoleExists(iamService, $"READ{installation.BucketName()}"))
{ {
var url = $"https://{installation.S3Region}-2.exoscale.com/v2/access-key";
var readOnlyPolicy =@"{ var content = new HttpMessageContent(new HttpRequestMessage(HttpMethod.Post, requestUri: $$"""
""default-service-strategy"": ""deny"",
""services"": {
""sos"": {
""type"": ""rules"",
""rules"": [
{ {
""expression"": ""operation == 'list-objects'"", "name" : {{installation.Name}},
""action"": ""allow"" "operations": [
}, "list-objects",
{ "get-object"
""expression"": ""operation == 'get-object'"",
""action"": ""allow""
}
], ],
""resource"": " + $@"{installation.BucketName()} "resources": {
}} "resource-name": "{{installation.BucketName()}}"
}}
}}";
await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
} }
}
"""));
var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}"); // await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
// await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
var client = new HttpClient();
var postRequestResponse = await client.PostAsync(url, content);
// var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");
return (postRequestResponse.Content.ToString(), postRequestResponse.Content.ToString());
return (keySecret.AccessKeyId, keySecret.SecretAccessKey);
} }
public static async Task<Boolean> RevokeReadKey(this Installation installation) public static async Task<Boolean> RevokeReadKey(this Installation installation)