github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/sts/assume-role.go

github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/docs/sts/assume-role.go (about)

     1  //go:build ignore
     2  // +build ignore
     3  
     4  // Copyright (c) 2015-2021 MinIO, Inc.
     5  //
     6  // This file is part of MinIO Object Storage stack
     7  //
     8  // This program is free software: you can redistribute it and/or modify
     9  // it under the terms of the GNU Affero General Public License as published by
    10  // the Free Software Foundation, either version 3 of the License, or
    11  // (at your option) any later version.
    12  //
    13  // This program is distributed in the hope that it will be useful
    14  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    15  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    16  // GNU Affero General Public License for more details.
    17  //
    18  // You should have received a copy of the GNU Affero General Public License
    19  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    20  
    21  package main
    22  
    23  import (
    24  	"context"
    25  	"flag"
    26  	"fmt"
    27  	"io"
    28  	"log"
    29  	"net/url"
    30  	"os"
    31  	"time"
    32  
    33  	"github.com/minio/minio-go/v7"
    34  	cr "github.com/minio/minio-go/v7/pkg/credentials"
    35  )
    36  
    37  var (
    38  	// Minio endpoint (for STS API)
    39  	stsEndpoint string
    40  
    41  	// User account credentials
    42  	minioUsername string
    43  	minioPassword string
    44  
    45  	// Display credentials flag
    46  	displayCreds bool
    47  
    48  	// Credential expiry duration
    49  	expiryDuration time.Duration
    50  
    51  	// Bucket to list
    52  	bucketToList string
    53  
    54  	// Session policy file (FIXME: add support in minio-go)
    55  	sessionPolicyFile string
    56  )
    57  
    58  func init() {
    59  	flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint")
    60  	flag.StringVar(&minioUsername, "u", "", "MinIO Username")
    61  	flag.StringVar(&minioPassword, "p", "", "MinIO Password")
    62  	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")
    63  	flag.DurationVar(&expiryDuration, "e", 0, "Request a duration of validity for the generated credential")
    64  	flag.StringVar(&bucketToList, "b", "", "Bucket to list (defaults to username)")
    65  	flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request")
    66  }
    67  
    68  func main() {
    69  	flag.Parse()
    70  	if minioUsername == "" || minioPassword == "" {
    71  		flag.PrintDefaults()
    72  		return
    73  	}
    74  
    75  	// The credentials package in minio-go provides an interface to call the
    76  	// STS API.
    77  
    78  	// Initialize credential options
    79  	var stsOpts cr.STSAssumeRoleOptions
    80  	stsOpts.AccessKey = minioUsername
    81  	stsOpts.SecretKey = minioPassword
    82  
    83  	if sessionPolicyFile != "" {
    84  		var policy string
    85  		if f, err := os.Open(sessionPolicyFile); err != nil {
    86  			log.Fatalf("Unable to open session policy file: %v", err)
    87  		} else {
    88  			bs, err := io.ReadAll(f)
    89  			if err != nil {
    90  				log.Fatalf("Error reading session policy file: %v", err)
    91  			}
    92  			policy = string(bs)
    93  		}
    94  		stsOpts.Policy = policy
    95  	}
    96  	if expiryDuration != 0 {
    97  		stsOpts.DurationSeconds = int(expiryDuration.Seconds())
    98  	}
    99  	li, err := cr.NewSTSAssumeRole(stsEndpoint, stsOpts)
   100  	if err != nil {
   101  		log.Fatalf("Error initializing STS Identity: %v", err)
   102  	}
   103  
   104  	stsEndpointURL, err := url.Parse(stsEndpoint)
   105  	if err != nil {
   106  		log.Fatalf("Error parsing sts endpoint: %v", err)
   107  	}
   108  
   109  	opts := &minio.Options{
   110  		Creds:  li,
   111  		Secure: stsEndpointURL.Scheme == "https",
   112  	}
   113  
   114  	v, err := li.Get()
   115  	if err != nil {
   116  		log.Fatalf("Error retrieving STS credentials: %v", err)
   117  	}
   118  
   119  	if displayCreds {
   120  		fmt.Println("Only displaying credentials:")
   121  		fmt.Println("AccessKeyID:", v.AccessKeyID)
   122  		fmt.Println("SecretAccessKey:", v.SecretAccessKey)
   123  		fmt.Println("SessionToken:", v.SessionToken)
   124  		return
   125  	}
   126  
   127  	// Use generated credentials to authenticate with MinIO server
   128  	minioClient, err := minio.New(stsEndpointURL.Host, opts)
   129  	if err != nil {
   130  		log.Fatalf("Error initializing client: %v", err)
   131  	}
   132  
   133  	// Use minIO Client object normally like the regular client.
   134  	if bucketToList == "" {
   135  		bucketToList = minioUsername
   136  	}
   137  	fmt.Printf("Calling list objects on bucket named `%s` with temp creds:\n===\n", bucketToList)
   138  	objCh := minioClient.ListObjects(context.Background(), bucketToList, minio.ListObjectsOptions{})
   139  	for obj := range objCh {
   140  		if obj.Err != nil {
   141  			log.Fatalf("Listing error: %v", obj.Err)
   142  		}
   143  		fmt.Printf("Key: %s\nSize: %d\nLast Modified: %s\n===\n", obj.Key, obj.Size, obj.LastModified)
   144  	}
   145  }