github.com/pachyderm/pachyderm@v1.13.4/src/server/pfs/s3/auth.go (about) 1 package s3 2 3 import ( 4 "net/http" 5 6 "github.com/gorilla/mux" 7 "github.com/pachyderm/pachyderm/src/client/auth" 8 "github.com/pachyderm/pachyderm/src/client/pkg/errors" 9 ) 10 11 func (c *controller) SecretKey(r *http.Request, accessKey string, region *string) (*string, error) { 12 c.logger.Debugf("SecretKey: %+v", region) 13 14 pc := c.env.GetPachClient(r.Context()) 15 pc.SetAuthToken(accessKey) 16 17 // WhoAmI will simultaneously check that auth is enabled, and that the 18 // user is who they say they are 19 _, err := pc.WhoAmI(pc.Ctx(), &auth.WhoAmIRequest{}) 20 if err != nil { 21 // Some S3 clients (like minio) require the use of authenticated 22 // requests, so in the case that auth is not enabled on pachyderm, 23 // just allow any access credentials. 24 if auth.IsErrNotActivated(err) { 25 vars := mux.Vars(r) 26 vars["s3gAuth"] = "disabled" 27 return &accessKey, nil 28 } 29 30 // Auth failed, return nil secret key, signifying that the auth failed 31 return nil, nil 32 } 33 34 // Auth succeeded, return the access key as the secret key 35 return &accessKey, nil 36 } 37 38 func (c *controller) CustomAuth(r *http.Request) (bool, error) { 39 c.logger.Debug("CustomAuth") 40 41 pc := c.env.GetPachClient(r.Context()) 42 active, err := pc.IsAuthActive() 43 if err != nil { 44 return false, errors.Wrapf(err, "could not check whether auth is active") 45 } 46 47 // Allow custom auth (including no auth headers being sent) only if 48 // pachyderm auth is disabled 49 return !active, nil 50 }