// Creds returns the credentials needed to connect to Triton
func (c *Config) Creds() (*auth.Credentials, error) {
if c.creds != nil {
return c.creds, nil
}
keyData, err := ioutil.ReadFile(c.Key)
if err != nil {
return nil, err
}
userauth, err := auth.NewAuth(c.Account, string(keyData), "rsa-sha256")
if err != nil {
return nil, err
}
// TODO: this is missing MantaKeyId (string) and MantaEndpoint (string). These
// will need to be added when Manta support is added to the provider.
c.creds = &auth.Credentials{
UserAuthentication: userauth,
SdcKeyId: c.KeyID,
SdcEndpoint: auth.Endpoint{URL: c.URL},
}
return c.creds, nil
}
// NewServer returns a Server
func NewServer() (*Server, error) {
s := new(Server)
s.Server = httptest.NewServer(nil)
s.oldHandler = s.Server.Config.Handler
s.Mux = httprouter.New()
s.Server.Config.Handler = s.Mux
key, err := ioutil.ReadFile(TestKeyFile)
if err != nil {
return nil, err
}
authentication, err := auth.NewAuth(TestAccount, string(key), "rsa-sha256")
s.Creds = &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: TestKeyID,
SdcEndpoint: auth.Endpoint{URL: s.Server.URL},
}
s.API = local.New(s.Server.URL, TestAccount)
s.API.SetupHTTP(s.Mux)
return s, nil
}
func (s *LoopingHTTPSuite) SetUpSuite(c *gc.C) {
s.HTTPSuite.SetUpSuite(c)
authCreds, err := auth.NewAuth("test_user", key, "rsa-sha256")
c.Assert(err, gc.IsNil)
s.creds = &auth.Credentials{
UserAuthentication: authCreds,
SdcKeyId: "test_key",
SdcEndpoint: auth.Endpoint{URL: "http://gotest.api.joyentcloud.com"},
}
}
func credentials(cfg *environConfig) (*auth.Credentials, error) {
authentication, err := auth.NewAuth(cfg.sdcUser(), cfg.privateKey(), cfg.algorithm())
if err != nil {
return nil, errors.Errorf("cannot create credentials: %v", err)
}
return &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: cfg.sdcKeyId(),
SdcEndpoint: auth.Endpoint{URL: cfg.sdcUrl()},
}, nil
}
func (s *AuthSuite) TestCreateMantaAuthorizationHeader(c *gc.C) {
headers := make(http.Header)
headers["Date"] = []string{"Mon, 14 Oct 2013 18:49:29 GMT"}
authentication, err := auth.NewAuth("test_user", key, "rsa-sha256")
c.Assert(err, gc.IsNil)
credentials := &auth.Credentials{
UserAuthentication: authentication,
MantaKeyId: "test_key",
MantaEndpoint: auth.Endpoint{URL: "http://gotest.manta.joyent.com"},
}
authHeader, err := auth.CreateAuthorizationHeader(headers, credentials, true)
c.Assert(err, gc.IsNil)
c.Assert(authHeader, gc.Equals, "Signature keyId=\"/test_user/keys/"+testJpcKeyName+"\",algorithm=\"rsa-sha256\",signature=\""+MantaSignature+"\"")
}
func SignHeader(url string, header http.Header, org, user, key string) string {
// TODO: algorithm should be dynamic
authentication, err := auth.NewAuth(org, key, "rsa-sha256")
check(err, "Error while creating a new auth:")
credentials := &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: user,
SdcEndpoint: auth.Endpoint{URL: url},
}
auth_header, err := auth.CreateAuthorizationHeader(header, credentials, false)
check(err, "Error while CreateAuthorizationHeader:")
return auth_header
}
func (s *LocalTests) SetUpSuite(c *gc.C) {
// Set up the HTTP server.
s.Server = httptest.NewServer(nil)
s.oldHandler = s.Server.Config.Handler
s.Mux = httprouter.New()
s.Server.Config.Handler = s.Mux
// Set up a Joyent CloudAPI service.
authentication, err := auth.NewAuth("localtest", string(privateKey), "rsa-sha256")
c.Assert(err, gc.IsNil)
s.creds = &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: "",
SdcEndpoint: auth.Endpoint{URL: s.Server.URL},
}
s.cloudapi = lc.New(s.creds.SdcEndpoint.URL, s.creds.UserAuthentication.User)
s.cloudapi.SetupHTTP(s.Mux)
}
func getCredentialsFromEnvironment() (cred *joyentauth.Credentials, err error) {
user := os.Getenv("MANTA_USER")
keyId := os.Getenv("MANTA_KEY_ID")
url := os.Getenv("MANTA_URL")
keyMaterial := os.Getenv("MANTA_KEY_MATERIAL")
if _, err := os.Stat(keyMaterial); err == nil {
// key material is a file path; try to read it
keyBytes, err := ioutil.ReadFile(keyMaterial)
if err != nil {
return nil, fmt.Errorf("Error reading key material from %s: %s",
keyMaterial, err)
} else {
block, _ := pem.Decode(keyBytes)
if block == nil {
return nil, fmt.Errorf(
"Failed to read key material '%s': no key found", keyMaterial)
}
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
return nil, fmt.Errorf(
"Failed to read key '%s': password protected keys are\n"+
"not currently supported. Please decrypt the key prior to use.", keyMaterial)
}
keyMaterial = string(keyBytes)
}
}
authentication, err := joyentauth.NewAuth(user, keyMaterial, "rsa-sha256")
if err != nil {
return nil, fmt.Errorf("Error constructing authentication for %s: %s", user, err)
}
return &joyentauth.Credentials{
UserAuthentication: authentication,
SdcKeyId: "",
SdcEndpoint: joyentauth.Endpoint{},
MantaKeyId: keyId,
MantaEndpoint: joyentauth.Endpoint{URL: url},
}, nil
}
func (c SDCConfig) getSDCClient() (*cloudapi.Client, error) {
userauth, err := auth.NewAuth(c.Account, c.KeyMaterial, "rsa-sha256")
if err != nil {
return nil, err
}
creds := &auth.Credentials{
UserAuthentication: userauth,
SdcKeyId: c.KeyID,
SdcEndpoint: auth.Endpoint{URL: c.URL},
}
client := cloudapi.New(client.NewClient(
c.URL,
cloudapi.DefaultAPIVersion,
creds,
log.New(os.Stderr, "", log.LstdFlags),
))
return client, nil
}
// GH-8
func (s *AuthSuite) TestAuthorizationRegion(c *gc.C) {
authentication, err := auth.NewAuth("test_user", key, "rsa-sha256")
c.Assert(err, gc.IsNil)
credentials := &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: "test_key",
SdcEndpoint: auth.Endpoint{URL: "http://gotest.api.joyentcloud.com/"},
}
c.Assert(credentials.Region(), gc.Equals, "gotest")
credentials.SdcEndpoint.URL = "http://gotest"
c.Assert(credentials.Region(), gc.Equals, "gotest")
credentials.SdcEndpoint.URL = "http://localhost/"
c.Assert(credentials.Region(), gc.Equals, "some-region")
credentials.SdcEndpoint.URL = "http://127.0.0.1"
c.Assert(credentials.Region(), gc.Equals, "some-region")
credentials.SdcEndpoint.URL = "bogus"
c.Assert(credentials.Region(), gc.Equals, "")
}
// CreateTritonClient returns an SDC client configured with the appropriate client credentials
// or an error if creating the client fails.
func (c *AccessConfig) CreateTritonClient() (*cloudapi.Client, error) {
keyData, err := processKeyMaterial(c.KeyMaterial)
if err != nil {
return nil, err
}
userauth, err := auth.NewAuth(c.Account, string(keyData), "rsa-sha256")
if err != nil {
return nil, err
}
creds := &auth.Credentials{
UserAuthentication: userauth,
SdcKeyId: c.KeyID,
SdcEndpoint: auth.Endpoint{URL: c.Endpoint},
}
return cloudapi.New(client.NewClient(
c.Endpoint,
cloudapi.DefaultAPIVersion,
creds,
log.New(os.Stdout, "", log.Flags()),
)), nil
}
// credentialsFromEnv creates and initializes the credentials from the
// environment variables.
func credentialsFromEnv(key string) (*auth.Credentials, error) {
var keyName string
if key == "" {
keyName = getUserHome() + "/.ssh/id_rsa"
} else {
keyName = key
}
privateKey, err := ioutil.ReadFile(keyName)
if err != nil {
return nil, err
}
authentication, err := auth.NewAuth(getConfig(TritonAccount, SdcAccount, MantaUser), string(privateKey), "rsa-sha256")
if err != nil {
return nil, err
}
return &auth.Credentials{
UserAuthentication: authentication,
SdcKeyId: getConfig(TritonKeyId, SdcKeyId),
SdcEndpoint: auth.Endpoint{URL: getConfig(TritonUrl, SdcUrl)},
MantaKeyId: getConfig(MantaKeyId),
MantaEndpoint: auth.Endpoint{URL: getConfig(MantaUrl)},
}, nil
}
// CreateSDCClient returns an SDC client configured with the appropriate client credentials
// or an error if creating the client fails.
func (c *AccessConfig) CreateSDCClient() (*cloudapi.Client, error) {
keyData, err := ioutil.ReadFile(c.KeyPath)
if err != nil {
return nil, err
}
userauth, err := auth.NewAuth(c.Account, string(keyData), "rsa-sha256")
if err != nil {
return nil, err
}
creds := &auth.Credentials{
UserAuthentication: userauth,
SdcKeyId: c.KeyID,
SdcEndpoint: auth.Endpoint{URL: c.Endpoint},
}
return cloudapi.New(client.NewClient(
c.Endpoint,
cloudapi.DefaultAPIVersion,
creds,
&cloudapi.Logger,
)), nil
}
