Skip to content

Commit

Permalink
feat: Adding IAM credential type for AWS
Browse files Browse the repository at this point in the history
Signed-off-by: Frederick Kautz <[email protected]>
  • Loading branch information
fkautz committed Dec 16, 2023
1 parent 3a7539b commit 8401816
Show file tree
Hide file tree
Showing 5 changed files with 15 additions and 4 deletions.
12 changes: 10 additions & 2 deletions cmd/archivista/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ import (
"github.com/in-toto/archivista/internal/objectstorage/blobstore"
"github.com/in-toto/archivista/internal/objectstorage/filestore"
"github.com/in-toto/archivista/internal/server"
"github.com/minio/minio-go/pkg/credentials"
"github.com/sirupsen/logrus"
)

Expand Down Expand Up @@ -166,11 +167,18 @@ func initObjectStore(ctx context.Context, cfg *config.Config) (server.StorerGett
return filestore.New(ctx, cfg.FileDir, cfg.FileServeOn)

case "BLOB":
var creds *credentials.Credentials
if cfg.BlobStoreCredentialType == "IAM" {
creds = credentials.NewIAM("")
} else if cfg.BlobStoreCredentialType == "ACCESS_KEY" {
creds = credentials.NewStaticV4(cfg.BlobStoreAccessKeyId, cfg.BlobStoreSecretAccessKeyId, "")
} else {
logrus.Fatalln("invalid blob store credential type: ", cfg.BlobStoreCredentialType)
}
return blobstore.New(
ctx,
cfg.BlobStoreEndpoint,
cfg.BlobStoreAccessKeyId,
cfg.BlobStoreSecretAccessKeyId,
creds,
cfg.BlobStoreBucketName,
cfg.BlobStoreUseTLS,
)
Expand Down
1 change: 1 addition & 0 deletions compose-dev.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ services:
ARCHIVISTA_FILE_DIR: /tmp/archivista/
ARCHIVISTA_FILE_SERVE_ON: :8081
ARCHIVISTA_BLOB_STORE_USE_TLS: "false"
ARCHIVISTA_BLOB_STORE_CREDENTIAL_TYPE: ACCESS_KEY
ARCHIVISTA_BLOB_STORE_ACCESS_KEY_ID: testifytestifytestify
ARCHIVISTA_BLOB_STORE_SECRET_ACCESS_KEY_ID: exampleexampleexample
ARCHIVISTA_BLOB_STORE_BUCKET_NAME: attestations
Expand Down
1 change: 1 addition & 0 deletions compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ services:
ARCHIVISTA_FILE_DIR: /tmp/archivista/
ARCHIVISTA_FILE_SERVE_ON: :8081
ARCHIVISTA_BLOB_STORE_USE_TLS: "false"
ARCHIVISTA_BLOB_STORE_CREDENTIAL_TYPE: ACCESS_KEY
ARCHIVISTA_BLOB_STORE_ACCESS_KEY_ID: testifytestifytestify
ARCHIVISTA_BLOB_STORE_SECRET_ACCESS_KEY_ID: exampleexampleexample
ARCHIVISTA_BLOB_STORE_BUCKET_NAME: attestations
Expand Down
1 change: 1 addition & 0 deletions internal/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ type Config struct {
FileServeOn string `default:"" desc:"What address to serve files on. Only valid when using FILE storage backend." split_words:"true"`
FileDir string `default:"/tmp/archivista/" desc:"Directory to store and serve files. Only valid when using FILE storage backend." split_words:"true"`
BlobStoreEndpoint string `default:"127.0.0.1:9000" desc:"URL endpoint for blob storage. Only valid when using BLOB storage backend." split_words:"true"`
BlobStoreCredentialType string `default:"ACCESS_KEY" desc:"Blob store credential type. Options are IAM or ACCESS_KEY" split_words:"true"`
BlobStoreAccessKeyId string `default:"" desc:"Blob store access key id. Only valid when using BLOB storage backend." split_words:"true"`
BlobStoreSecretAccessKeyId string `default:"" desc:"Blob store secret access key id. Only valid when using BLOB storage backend." split_words:"true"`
BlobStoreUseTLS bool `default:"TRUE" desc:"Use TLS for BLOB storage backend. Only valid when using BLOB storage backend." split_words:"true"`
Expand Down
4 changes: 2 additions & 2 deletions internal/objectstorage/blobstore/minio.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,15 @@ func (store *Store) PutBlob(idx string, obj []byte) error {
}

// New returns a reader/writer for storing/retrieving attestations
func New(ctx context.Context, endpoint, accessKeyId, secretAccessKeyId, bucketName string, useTLS bool) (*Store, <-chan error, error) {
func New(ctx context.Context, endpoint string, creds *credentials.Credentials, bucketName string, useTLS bool) (*Store, <-chan error, error) {
errCh := make(chan error)
go func() {
<-ctx.Done()
close(errCh)
}()

c, err := minio.NewWithOptions(endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKeyId, secretAccessKeyId, ""),
Creds: creds,
Secure: useTLS,
})
if err != nil {
Expand Down

0 comments on commit 8401816

Please sign in to comment.