mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-15 02:40:23 +00:00
187 lines
5.4 KiB
Go
187 lines
5.4 KiB
Go
|
package auth
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"fmt"
|
||
|
|
||
|
smithy "github.com/aws/smithy-go"
|
||
|
"github.com/aws/smithy-go/middleware"
|
||
|
)
|
||
|
|
||
|
// SigV4 is a constant representing
|
||
|
// Authentication Scheme Signature Version 4
|
||
|
const SigV4 = "sigv4"
|
||
|
|
||
|
// SigV4A is a constant representing
|
||
|
// Authentication Scheme Signature Version 4A
|
||
|
const SigV4A = "sigv4a"
|
||
|
|
||
|
// None is a constant representing the
|
||
|
// None Authentication Scheme
|
||
|
const None = "none"
|
||
|
|
||
|
// SupportedSchemes is a data structure
|
||
|
// that indicates the list of supported AWS
|
||
|
// authentication schemes
|
||
|
var SupportedSchemes = map[string]bool{
|
||
|
SigV4: true,
|
||
|
SigV4A: true,
|
||
|
None: true,
|
||
|
}
|
||
|
|
||
|
// AuthenticationScheme is a representation of
|
||
|
// AWS authentication schemes
|
||
|
type AuthenticationScheme interface {
|
||
|
isAuthenticationScheme()
|
||
|
}
|
||
|
|
||
|
// AuthenticationSchemeV4 is a AWS SigV4 representation
|
||
|
type AuthenticationSchemeV4 struct {
|
||
|
Name string
|
||
|
SigningName *string
|
||
|
SigningRegion *string
|
||
|
DisableDoubleEncoding *bool
|
||
|
}
|
||
|
|
||
|
func (a *AuthenticationSchemeV4) isAuthenticationScheme() {}
|
||
|
|
||
|
// AuthenticationSchemeV4A is a AWS SigV4A representation
|
||
|
type AuthenticationSchemeV4A struct {
|
||
|
Name string
|
||
|
SigningName *string
|
||
|
SigningRegionSet []string
|
||
|
DisableDoubleEncoding *bool
|
||
|
}
|
||
|
|
||
|
func (a *AuthenticationSchemeV4A) isAuthenticationScheme() {}
|
||
|
|
||
|
// AuthenticationSchemeNone is a representation for the none auth scheme
|
||
|
type AuthenticationSchemeNone struct{}
|
||
|
|
||
|
func (a *AuthenticationSchemeNone) isAuthenticationScheme() {}
|
||
|
|
||
|
// NoAuthenticationSchemesFoundError is used in signaling
|
||
|
// that no authentication schemes have been specified.
|
||
|
type NoAuthenticationSchemesFoundError struct{}
|
||
|
|
||
|
func (e *NoAuthenticationSchemesFoundError) Error() string {
|
||
|
return fmt.Sprint("No authentication schemes specified.")
|
||
|
}
|
||
|
|
||
|
// UnSupportedAuthenticationSchemeSpecifiedError is used in
|
||
|
// signaling that only unsupported authentication schemes
|
||
|
// were specified.
|
||
|
type UnSupportedAuthenticationSchemeSpecifiedError struct {
|
||
|
UnsupportedSchemes []string
|
||
|
}
|
||
|
|
||
|
func (e *UnSupportedAuthenticationSchemeSpecifiedError) Error() string {
|
||
|
return fmt.Sprint("Unsupported authentication scheme specified.")
|
||
|
}
|
||
|
|
||
|
// GetAuthenticationSchemes extracts the relevant authentication scheme data
|
||
|
// into a custom strongly typed Go data structure.
|
||
|
func GetAuthenticationSchemes(p *smithy.Properties) ([]AuthenticationScheme, error) {
|
||
|
var result []AuthenticationScheme
|
||
|
if !p.Has("authSchemes") {
|
||
|
return nil, &NoAuthenticationSchemesFoundError{}
|
||
|
}
|
||
|
|
||
|
authSchemes, _ := p.Get("authSchemes").([]interface{})
|
||
|
|
||
|
var unsupportedSchemes []string
|
||
|
for _, scheme := range authSchemes {
|
||
|
authScheme, _ := scheme.(map[string]interface{})
|
||
|
|
||
|
switch authScheme["name"] {
|
||
|
case SigV4:
|
||
|
v4Scheme := AuthenticationSchemeV4{
|
||
|
Name: SigV4,
|
||
|
SigningName: getSigningName(authScheme),
|
||
|
SigningRegion: getSigningRegion(authScheme),
|
||
|
DisableDoubleEncoding: getDisableDoubleEncoding(authScheme),
|
||
|
}
|
||
|
result = append(result, AuthenticationScheme(&v4Scheme))
|
||
|
case SigV4A:
|
||
|
v4aScheme := AuthenticationSchemeV4A{
|
||
|
Name: SigV4A,
|
||
|
SigningName: getSigningName(authScheme),
|
||
|
SigningRegionSet: getSigningRegionSet(authScheme),
|
||
|
DisableDoubleEncoding: getDisableDoubleEncoding(authScheme),
|
||
|
}
|
||
|
result = append(result, AuthenticationScheme(&v4aScheme))
|
||
|
case None:
|
||
|
noneScheme := AuthenticationSchemeNone{}
|
||
|
result = append(result, AuthenticationScheme(&noneScheme))
|
||
|
default:
|
||
|
unsupportedSchemes = append(unsupportedSchemes, authScheme["name"].(string))
|
||
|
continue
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if len(result) == 0 {
|
||
|
return nil, &UnSupportedAuthenticationSchemeSpecifiedError{
|
||
|
UnsupportedSchemes: unsupportedSchemes,
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return result, nil
|
||
|
}
|
||
|
|
||
|
type disableDoubleEncoding struct{}
|
||
|
|
||
|
// SetDisableDoubleEncoding sets or modifies the disable double encoding option
|
||
|
// on the context.
|
||
|
//
|
||
|
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
|
||
|
// to clear all stack values.
|
||
|
func SetDisableDoubleEncoding(ctx context.Context, value bool) context.Context {
|
||
|
return middleware.WithStackValue(ctx, disableDoubleEncoding{}, value)
|
||
|
}
|
||
|
|
||
|
// GetDisableDoubleEncoding retrieves the disable double encoding option
|
||
|
// from the context.
|
||
|
//
|
||
|
// Scoped to stack values. Use github.com/aws/smithy-go/middleware#ClearStackValues
|
||
|
// to clear all stack values.
|
||
|
func GetDisableDoubleEncoding(ctx context.Context) (value bool, ok bool) {
|
||
|
value, ok = middleware.GetStackValue(ctx, disableDoubleEncoding{}).(bool)
|
||
|
return value, ok
|
||
|
}
|
||
|
|
||
|
func getSigningName(authScheme map[string]interface{}) *string {
|
||
|
signingName, ok := authScheme["signingName"].(string)
|
||
|
if !ok || signingName == "" {
|
||
|
return nil
|
||
|
}
|
||
|
return &signingName
|
||
|
}
|
||
|
|
||
|
func getSigningRegionSet(authScheme map[string]interface{}) []string {
|
||
|
untypedSigningRegionSet, ok := authScheme["signingRegionSet"].([]interface{})
|
||
|
if !ok {
|
||
|
return nil
|
||
|
}
|
||
|
signingRegionSet := []string{}
|
||
|
for _, item := range untypedSigningRegionSet {
|
||
|
signingRegionSet = append(signingRegionSet, item.(string))
|
||
|
}
|
||
|
return signingRegionSet
|
||
|
}
|
||
|
|
||
|
func getSigningRegion(authScheme map[string]interface{}) *string {
|
||
|
signingRegion, ok := authScheme["signingRegion"].(string)
|
||
|
if !ok || signingRegion == "" {
|
||
|
return nil
|
||
|
}
|
||
|
return &signingRegion
|
||
|
}
|
||
|
|
||
|
func getDisableDoubleEncoding(authScheme map[string]interface{}) *bool {
|
||
|
disableDoubleEncoding, ok := authScheme["disableDoubleEncoding"].(bool)
|
||
|
if !ok {
|
||
|
return nil
|
||
|
}
|
||
|
return &disableDoubleEncoding
|
||
|
}
|