Key schenanigans

2023-10-16 12:51:11 +02:00 · 2023-10-16 12:51:11 +02:00 · 19410edcbb
parent 6f4c1122f7
commit 19410edcbb
1 changed files with 22 additions and 32 deletions
--- a/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs
+++ b/csharp/App/Backend/DataTypes/Methods/ExoCmd.cs
@ -10,40 +10,30 @@ public static class ExoCmd
    [UnconditionalSuppressMessage("Trimming", "IL2026:Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code", Justification = "<Pending>")]
    public static readonly S3Credentials? S3Creds = JsonSerializer.Deserialize<S3Credentials>(File.OpenRead("./Resources/exoscaleS3.json"));
    
-    public static async Task<(String key, String secret)> CreateReadKey(this Installation installation)
+    public static async Task<(String, String)> CreateReadKey(this Installation installation)
    {
-        var iamService = new S3Region($"https://{installation.S3Region}.{installation.S3Provider}", S3Creds!).GetIamClient();
-        if (!await Iam.RoleExists(iamService, $"READ{installation.BucketName()}"))
-        {
+        var url = $"https://{installation.S3Region}-2.exoscale.com/v2/access-key";

-            var readOnlyPolicy =@"{
-                ""default-service-strategy"": ""deny"",
-                ""services"": {
-                    ""sos"": {
-                        ""type"": ""rules"",
-                        ""rules"": [
-                        {
-                            ""expression"": ""operation == 'list-objects'"",
-                            ""action"": ""allow""
-                        },
-                        {
-                            ""expression"": ""operation == 'get-object'"",
-                            ""action"": ""allow""
-                        }
-                        ],
-                    ""resource"": " + $@"{installation.BucketName()}
-                    }}
-                }}
-            }}";
+        var content = new HttpMessageContent(new HttpRequestMessage(HttpMethod.Post, requestUri: $$"""
+               {
+               "name" : {{installation.Name}},
+               "operations": [
+                                               "list-objects",
+                                               "get-object"
+                                         ],
+                                   "resources": {
+               "resource-name": "{{installation.BucketName()}}"
+                 }
+              }
+"""));
                
-            await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
-            await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
-        }
+            // await Iam.CreateRoleAsync(iamService, $"READ{installation.BucketName()}");
+            // await Iam.PutRolePolicyAsync(iamService, $"READ{installation.BucketName()}", $"READ{installation.BucketName()}",readOnlyPolicy);
+            var client = new HttpClient();
+            var postRequestResponse = await client.PostAsync(url, content);
+        // var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");

-        var keySecret = await Iam.CreateAccessKeyAsync(iamService, $"READ{installation.BucketName()}");
-        
-
-        return (keySecret.AccessKeyId, keySecret.SecretAccessKey);
+        return (postRequestResponse.Content.ToString(), postRequestResponse.Content.ToString());
    }
    
    public static async Task<Boolean> RevokeReadKey(this Installation installation)