Key schenanigans

This commit is contained in:
Kim 2023-10-16 12:51:11 +02:00
parent 6f4c1122f7
commit 19410edcbb
1 changed files with 22 additions and 32 deletions

View File

@ -10,40 +10,30 @@ public static class ExoCmd
[UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json"));
public static async Task<(String key, String secret)> CreateReadKey(this Installation installation)
{
var iamService = new S3Region($"https://{installation.S3Region}.{installation.S3Provider}", S3Creds!).GetIamClient();
if (!await Iam.RoleExists(iamService, $"READ{installation.BucketName()}"))
public static async Task<(String, String)> CreateReadKey(this Installation installation)
{
var url = $"https://{installation.S3Region}-2.exoscale.com/v2/access-key";
var readOnlyPolicy =@"{
""default-service-strategy"": ""deny"",
""services"": {
""sos"": {
""type"": ""rules"",
""rules"": [
var content = new HttpMessageContent(new HttpRequestMessage(HttpMethod.Post, requestUri: $$"""
{
""expression"": ""operation == 'list-objects'"",
""action"": ""allow""
},
{
""expression"": ""operation == 'get-object'"",
""action"": ""allow""
}
"name" : {{installation.Name}},
"operations": [
"list-objects",
"get-object"
],
""resource"": " + $@"{installation.BucketName()}
}}
}}
}}";
await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
"resources": {
"resource-name": "{{installation.BucketName()}}"
}
}
"""));
var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");
// await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
// await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
var client = new HttpClient();
var postRequestResponse = await client.PostAsync(url, content);
// var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");
return (keySecret.AccessKeyId, keySecret.SecretAccessKey);
return (postRequestResponse.Content.ToString(), postRequestResponse.Content.ToString());
}
public static async Task<Boolean> RevokeReadKey(this Installation installation)