Innovenergy
/
Innovenergy_trunk
2
1
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Key schenanigans

This commit is contained in:
Kim 2023-10-16 12:51:11 +02:00
parent 6f4c1122f7
commit 19410edcbb
1 changed files with 22 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
csharp/App/Backend/DataTypes/Methods/ExoCmd.cs
View File

@ -10,40 +10,30 @@ public static class ExoCmd
[UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")] [UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json")); public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json"));
public static async Task<(String key, String secret)> CreateReadKey(this Installation installation) public static async Task<(String, String)> CreateReadKey(this Installation installation)
{ {
var iamService = new S3Region($"https://{installation.S3Region}.{installation.S3Provider}", S3Creds!).GetIamClient(); var url = $"https://{installation.S3Region}-2.exoscale.com/v2/access-key";
if (!await Iam.RoleExists(iamService, $"READ{installation.BucketName()}"))
{
var readOnlyPolicy =@"{ var content = new HttpMessageContent(new HttpRequestMessage(HttpMethod.Post, requestUri: $$"""
""default-service-strategy"": ""deny"", {
""services"": { "name" : {{installation.Name}},
""sos"": { "operations": [
""type"": ""rules"", "list-objects",
""rules"": [ "get-object"
{ ],
""expression"": ""operation == 'list-objects'"", "resources": {
""action"": ""allow"" "resource-name": "{{installation.BucketName()}}"
}, }
{ }
""expression"": ""operation == 'get-object'"", """));
""action"": ""allow""
}
],
""resource"": " + $@"{installation.BucketName()}
}}
}}
}}";
await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}"); // await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy); // await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
} var client = new HttpClient();
var postRequestResponse = await client.PostAsync(url, content);
// var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");
var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}"); return (postRequestResponse.Content.ToString(), postRequestResponse.Content.ToString());
return (keySecret.AccessKeyId, keySecret.SecretAccessKey);
} }
public static async Task<Boolean> RevokeReadKey(this Installation installation) public static async Task<Boolean> RevokeReadKey(this Installation installation)