mirror of
https://github.com/versity/versitygw.git
synced 2026-04-22 21:50:29 +00:00
Merge pull request #367 from versity/azure-sas-token
Azure sas token authentication
This commit is contained in:
@@ -49,11 +49,22 @@ type Azure struct {
|
||||
client *azblob.Client
|
||||
creds *azblob.SharedKeyCredential
|
||||
serviceURL string
|
||||
sasToken string
|
||||
}
|
||||
|
||||
var _ backend.Backend = &Azure{}
|
||||
|
||||
func New(accountName, accountKey, serviceURL string) (*Azure, error) {
|
||||
func New(accountName, accountKey, serviceURL, sasToken string) (*Azure, error) {
|
||||
if sasToken != "" && (accountName != "" || accountKey != "") {
|
||||
return nil, fmt.Errorf("choose one of the authentication methods: with sas token or with access key/name")
|
||||
}
|
||||
if sasToken != "" {
|
||||
client, err := azblob.NewClientWithNoCredential(serviceURL+"?"+sasToken, nil)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("init client: %w", err)
|
||||
}
|
||||
return &Azure{client: client, serviceURL: serviceURL, sasToken: sasToken}, nil
|
||||
}
|
||||
cred, err := azblob.NewSharedKeyCredential(accountName, accountKey)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("init credentials: %w", err)
|
||||
@@ -645,16 +656,36 @@ func (az *Azure) GetBucketAcl(ctx context.Context, input *s3.GetBucketAclInput)
|
||||
return []byte(*aclPtr), nil
|
||||
}
|
||||
|
||||
func (az *Azure) getContainerURL(container string) string {
|
||||
return fmt.Sprintf("%v/%v", az.serviceURL, container)
|
||||
}
|
||||
|
||||
func (az *Azure) getBlobURL(container, blob string) string {
|
||||
return az.getContainerURL(container) + "/" + blob
|
||||
}
|
||||
|
||||
func (az *Azure) getBlobClient(container, blb string) (*blob.Client, error) {
|
||||
return blob.NewClientWithSharedKeyCredential(fmt.Sprintf("%v/%v/%v", az.serviceURL, container, blb), az.creds, nil)
|
||||
blobURL := az.getBlobURL(container, blb)
|
||||
if az.sasToken != "" {
|
||||
return blob.NewClientWithNoCredential(blobURL+"?"+az.sasToken, nil)
|
||||
}
|
||||
return blob.NewClientWithSharedKeyCredential(blobURL, az.creds, nil)
|
||||
}
|
||||
|
||||
func (az *Azure) getContainerClient(ctr string) (*container.Client, error) {
|
||||
return container.NewClientWithSharedKeyCredential(fmt.Sprintf("%v/%v", az.serviceURL, ctr), az.creds, nil)
|
||||
containerURL := az.getContainerURL(ctr)
|
||||
if az.sasToken != "" {
|
||||
return container.NewClientWithNoCredential(containerURL+"?"+az.sasToken, nil)
|
||||
}
|
||||
return container.NewClientWithSharedKeyCredential(containerURL, az.creds, nil)
|
||||
}
|
||||
|
||||
func (az *Azure) getBlockBlobClient(container, blob string) (*blockblob.Client, error) {
|
||||
return blockblob.NewClientWithSharedKeyCredential(fmt.Sprintf("%v/%v/%v", az.serviceURL, container, blob), az.creds, nil)
|
||||
blobURL := az.getBlobURL(container, blob)
|
||||
if az.sasToken != "" {
|
||||
return blockblob.NewClientWithNoCredential(blobURL+"?"+az.sasToken, nil)
|
||||
}
|
||||
return blockblob.NewClientWithSharedKeyCredential(blobURL, az.creds, nil)
|
||||
}
|
||||
|
||||
func parseMetadata(m map[string]string) map[string]*string {
|
||||
|
||||
@@ -22,7 +22,7 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
azAccount, azKey, azServiceURL string
|
||||
azAccount, azKey, azServiceURL, azSASToken string
|
||||
)
|
||||
|
||||
func azureCommand() *cli.Command {
|
||||
@@ -46,6 +46,13 @@ func azureCommand() *cli.Command {
|
||||
Aliases: []string{"k"},
|
||||
Destination: &azKey,
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "sas-token",
|
||||
Usage: "azure blob storage SAS token",
|
||||
EnvVars: []string{"AZ_SAS_TOKEN"},
|
||||
Aliases: []string{"st"},
|
||||
Destination: &azSASToken,
|
||||
},
|
||||
&cli.StringFlag{
|
||||
Name: "url",
|
||||
Usage: "azure service URL",
|
||||
@@ -63,7 +70,7 @@ func runAzure(ctx *cli.Context) error {
|
||||
azServiceURL = fmt.Sprintf("https://%s.blob.core.windows.net/", azAccount)
|
||||
}
|
||||
|
||||
be, err := azure.New(azAccount, azKey, azServiceURL)
|
||||
be, err := azure.New(azAccount, azKey, azServiceURL, azSASToken)
|
||||
if err != nil {
|
||||
return fmt.Errorf("init azure: %v", err)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user