storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/docs/sts/client-grants.go (about) 1 //go:build ignore 2 // +build ignore 3 4 /* 5 * MinIO Cloud Storage, (C) 2019,2020 MinIO, Inc. 6 * 7 * Licensed under the Apache License, Version 2.0 (the "License"); 8 * you may not use this file except in compliance with the License. 9 * You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, software 14 * distributed under the License is distributed on an "AS IS" BASIS, 15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 * See the License for the specific language governing permissions and 17 * limitations under the License. 18 */ 19 20 package main 21 22 import ( 23 "bytes" 24 "context" 25 "crypto/tls" 26 "encoding/json" 27 "flag" 28 "fmt" 29 "log" 30 "net/http" 31 "net/url" 32 "strings" 33 34 minio "github.com/minio/minio-go/v7" 35 "github.com/minio/minio-go/v7/pkg/credentials" 36 ) 37 38 // JWTToken - parses the output from IDP access token. 39 type JWTToken struct { 40 AccessToken string `json:"access_token"` 41 Expiry int `json:"expires_in"` 42 } 43 44 var ( 45 stsEndpoint string 46 idpEndpoint string 47 clientID string 48 clientSecret string 49 ) 50 51 func init() { 52 flag.StringVar(&stsEndpoint, "sts-ep", "http://localhost:9000", "STS endpoint") 53 flag.StringVar(&idpEndpoint, "idp-ep", "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token", "IDP token endpoint") 54 flag.StringVar(&clientID, "cid", "", "Client ID") 55 flag.StringVar(&clientSecret, "csec", "", "Client secret") 56 } 57 58 func getTokenExpiry() (*credentials.ClientGrantsToken, error) { 59 data := url.Values{} 60 data.Set("grant_type", "client_credentials") 61 req, err := http.NewRequest(http.MethodPost, idpEndpoint, strings.NewReader(data.Encode())) 62 if err != nil { 63 return nil, err 64 } 65 req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 66 req.SetBasicAuth(clientID, clientSecret) 67 t := &http.Transport{ 68 TLSClientConfig: &tls.Config{ 69 InsecureSkipVerify: true, 70 }, 71 } 72 hclient := http.Client{ 73 Transport: t, 74 } 75 resp, err := hclient.Do(req) 76 if err != nil { 77 return nil, err 78 } 79 defer resp.Body.Close() 80 if resp.StatusCode != http.StatusOK { 81 return nil, fmt.Errorf("%s", resp.Status) 82 } 83 84 var idpToken JWTToken 85 if err = json.NewDecoder(resp.Body).Decode(&idpToken); err != nil { 86 return nil, err 87 } 88 89 return &credentials.ClientGrantsToken{Token: idpToken.AccessToken, Expiry: idpToken.Expiry}, nil 90 } 91 92 func main() { 93 flag.Parse() 94 if clientID == "" || clientSecret == "" { 95 flag.PrintDefaults() 96 return 97 } 98 99 sts, err := credentials.NewSTSClientGrants(stsEndpoint, getTokenExpiry) 100 if err != nil { 101 log.Fatal(err) 102 } 103 104 // Uncomment this to use MinIO API operations by initializing minio 105 // client with obtained credentials. 106 107 opts := &minio.Options{ 108 Creds: sts, 109 BucketLookup: minio.BucketLookupAuto, 110 } 111 112 u, err := url.Parse(stsEndpoint) 113 if err != nil { 114 log.Fatal(err) 115 } 116 117 clnt, err := minio.New(u.Host, opts) 118 if err != nil { 119 log.Fatal(err) 120 } 121 122 d := bytes.NewReader([]byte("Hello, World")) 123 n, err := clnt.PutObject(context.Background(), "my-bucketname", "my-objectname", d, d.Size(), minio.PutObjectOptions{}) 124 if err != nil { 125 log.Fatalln(err) 126 } 127 128 log.Println("Uploaded", "my-objectname", " of size: ", n, "Successfully.") 129 }