-
Notifications
You must be signed in to change notification settings - Fork 234
/
Copy pathcredentialFactory.go
212 lines (184 loc) · 7.35 KB
/
credentialFactory.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
// Copyright © 2017 Microsoft <[email protected]>
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
package common
import (
gcpUtils "cloud.google.com/go/storage"
"context"
"fmt"
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/blob"
"sync"
"github.com/minio/minio-go"
"github.com/minio/minio-go/pkg/credentials"
)
// ==============================================================================================
// credential factories
// ==============================================================================================
// CredentialOpOptions contains credential operations' parameters.
type CredentialOpOptions struct {
LogInfo func(string)
LogError func(string)
Panic func(error)
CallerID string
// Used to cancel operations, if fatal error happened during operation.
Cancel context.CancelFunc
}
// callerMessage formats caller message prefix.
func (o CredentialOpOptions) callerMessage() string {
return Iff(o.CallerID == "", o.CallerID, o.CallerID+" ")
}
// panicError uses built-in panic if no Panic is specified in CredentialOpOptions.
func (o CredentialOpOptions) panicError(err error) {
newErr := fmt.Errorf("%s%v", o.callerMessage(), err)
if o.Panic == nil {
panic(newErr)
} else {
o.Panic(newErr)
}
}
// CreateS3Credential creates AWS S3 credential according to credential info.
func CreateS3Credential(ctx context.Context, credInfo CredentialInfo, options CredentialOpOptions) (*credentials.Credentials, error) {
switch credInfo.CredentialType {
case ECredentialType.S3PublicBucket():
return credentials.NewStatic("", "", "", credentials.SignatureAnonymous), nil
case ECredentialType.S3AccessKey():
accessKeyID := GetEnvironmentVariable(EEnvironmentVariable.AWSAccessKeyID())
secretAccessKey := GetEnvironmentVariable(EEnvironmentVariable.AWSSecretAccessKey())
sessionToken := GetEnvironmentVariable(EEnvironmentVariable.AwsSessionToken())
// create and return s3 credential
return credentials.NewStaticV4(accessKeyID, secretAccessKey, sessionToken), nil // S3 uses V4 signature
default:
options.panicError(fmt.Errorf("invalid state, credential type %v is not supported", credInfo.CredentialType))
}
panic("work around the compiling, logic wouldn't reach here")
}
// ==============================================================================================
// S3 credential related factory methods
// ==============================================================================================
func CreateS3Client(ctx context.Context, credInfo CredentialInfo, option CredentialOpOptions, logger ILogger) (*minio.Client, error) {
if credInfo.CredentialType == ECredentialType.S3PublicBucket() {
cred := credentials.NewStatic("", "", "", credentials.SignatureAnonymous)
return minio.NewWithOptions(credInfo.S3CredentialInfo.Endpoint, &minio.Options{Creds: cred, Secure: true, Region: credInfo.S3CredentialInfo.Region})
}
// Support access key
credential, err := CreateS3Credential(ctx, credInfo, option)
if err != nil {
return nil, err
}
s3Client, err := minio.NewWithCredentials(credInfo.S3CredentialInfo.Endpoint, credential, true, credInfo.S3CredentialInfo.Region)
if logger != nil {
s3Client.TraceOn(NewS3HTTPTraceLogger(logger, LogDebug))
}
return s3Client, err
}
type S3ClientFactory struct {
s3Clients map[S3CredentialInfo]*minio.Client
lock sync.RWMutex
}
// NewS3ClientFactory creates new S3 client factory.
func NewS3ClientFactory() S3ClientFactory {
return S3ClientFactory{
s3Clients: make(map[S3CredentialInfo]*minio.Client),
}
}
// GetS3Client gets S3 client from pool, or create a new S3 client if no client created for specific credInfo.
func (f *S3ClientFactory) GetS3Client(ctx context.Context, credInfo CredentialInfo, option CredentialOpOptions, logger ILogger) (*minio.Client, error) {
f.lock.RLock()
s3Client, ok := f.s3Clients[credInfo.S3CredentialInfo]
f.lock.RUnlock()
if ok {
return s3Client, nil
}
f.lock.Lock()
defer f.lock.Unlock()
if s3Client, ok := f.s3Clients[credInfo.S3CredentialInfo]; !ok {
newS3Client, err := CreateS3Client(ctx, credInfo, option, logger)
if err != nil {
return nil, err
}
f.s3Clients[credInfo.S3CredentialInfo] = newS3Client
return newS3Client, nil
} else {
return s3Client, nil
}
}
// ====================================================================
// GCP credential factory related methods
// ====================================================================
func CreateGCPClient(ctx context.Context) (*gcpUtils.Client, error) {
client, err := gcpUtils.NewClient(ctx)
return client, err
}
type GCPClientFactory struct {
gcpClients map[GCPCredentialInfo]*gcpUtils.Client
lock sync.RWMutex
}
func NewGCPClientFactory() GCPClientFactory {
return GCPClientFactory{
gcpClients: make(map[GCPCredentialInfo]*gcpUtils.Client),
}
}
func (f *GCPClientFactory) GetGCPClient(ctx context.Context, credInfo CredentialInfo, option CredentialOpOptions) (*gcpUtils.Client, error) {
f.lock.RLock()
gcpClient, ok := f.gcpClients[credInfo.GCPCredentialInfo]
f.lock.RUnlock()
if ok {
return gcpClient, nil
}
f.lock.Lock()
defer f.lock.Unlock()
if gcpClient, ok := f.gcpClients[credInfo.GCPCredentialInfo]; !ok {
newGCPClient, err := CreateGCPClient(ctx)
if err != nil {
return nil, err
}
f.gcpClients[credInfo.GCPCredentialInfo] = newGCPClient
return newGCPClient, nil
} else {
return gcpClient, nil
}
}
func GetCpkInfo(cpkInfo bool) *blob.CPKInfo {
if !cpkInfo {
return nil
}
// fetch EncryptionKey and EncryptionKeySHA256 from the environment variables
encryptionKey := GetEnvironmentVariable(EEnvironmentVariable.CPKEncryptionKey())
encryptionKeySHA256 := GetEnvironmentVariable(EEnvironmentVariable.CPKEncryptionKeySHA256())
encryptionAlgorithmAES256 := blob.EncryptionAlgorithmTypeAES256
glcm := GetLifecycleMgr()
if encryptionKey == "" || encryptionKeySHA256 == "" {
glcm.Error("fatal: failed to fetch cpk encryption key (" + EEnvironmentVariable.CPKEncryptionKey().Name +
") or hash (" + EEnvironmentVariable.CPKEncryptionKeySHA256().Name + ") from environment variables")
}
return &blob.CPKInfo{
EncryptionKey: &encryptionKey,
EncryptionKeySHA256: &encryptionKeySHA256,
EncryptionAlgorithm: &encryptionAlgorithmAES256,
}
}
func GetCpkScopeInfo(cpkScopeInfo string) *blob.CPKScopeInfo {
if cpkScopeInfo == "" {
return nil
} else {
return &blob.CPKScopeInfo{
EncryptionScope: &cpkScopeInfo,
}
}
}