35 #include <WhiteList.h>
36 #include <TheBESKeys.h>
37 #include <kvp_utils.h>
38 #include <BESInternalError.h>
41 #include "CredentialsManager.h"
45 #define MODULE "dmrpp:creds"
53 const string AccessCredentials::ID_KEY=
"id";
54 const string AccessCredentials::KEY_KEY=
"key";
55 const string AccessCredentials::REGION_KEY=
"region";
56 const string AccessCredentials::BUCKET_KEY=
"bucket";
57 const string AccessCredentials::URL_KEY=
"url";
60 const string CredentialsManager::ENV_ID_KEY=
"CMAC_ID";
61 const string CredentialsManager::ENV_ACCESS_KEY=
"CMAC_ACCESS_KEY";
62 const string CredentialsManager::ENV_REGION_KEY=
"CMAC_REGION";
63 const string CredentialsManager::ENV_BUCKET_KEY=
"CMAC_BUCKET";
64 const string CredentialsManager::ENV_URL_KEY=
"CMAC_URL";
65 const string CredentialsManager::ENV_CREDS_KEY_VALUE=
"ENV_CREDS";
77 std::string get_env_value(
const string &key){
79 const char *cstr = getenv(key.c_str());
82 BESDEBUG(MODULE, __FILE__ <<
" " << __LINE__ <<
" From system environment - " << key <<
": " << value << endl);
98 std::string get_config_value(
const string &key){
100 bool key_found=
false;
103 BESDEBUG(MODULE, __FILE__ <<
" " << __LINE__ <<
" Using " << key <<
" from TheBESKeys" << endl);
115 for (std::map<std::string, AccessCredentials *>::iterator it = creds.begin(); it != creds.end(); ++it) {
124 CredentialsManager::CredentialsManager(){}
129 void CredentialsManager::initialize_instance()
133 atexit(delete_instance);
141 void CredentialsManager::delete_instance()
155 creds.insert(std::pair<std::string,AccessCredentials *>(key, ac));
156 BESDEBUG(MODULE,
"Added AccessCredentials to CredentialsManager. credentials: " << endl << ac->to_json() << endl);
168 std::string best_key(
"");
170 if(url.find(
"http://") == 0 || url.find(
"https://") == 0) {
171 for (std::map<std::string, AccessCredentials *>::iterator it = creds.begin(); it != creds.end(); ++it) {
172 std::string key = it->first;
173 if (url.rfind(key, 0) == 0) {
175 if (key.length() > best_key.length()) {
177 best_match = it->second;
190 bool file_exists(
const string &filename) {
192 return (stat (filename.c_str(), &buffer) == 0);
215 bool file_is_secured(
const string &filename) {
217 if (stat(filename.c_str(), &st) != 0) {
219 err.append(
"file_is_secured() Unable to access file ");
220 err.append(filename).append(
" strerror: ").append(strerror(errno));
224 mode_t perm = st.st_mode;
226 status = (perm & S_IRUSR) && !(
235 BESDEBUG(MODULE,
"file_is_secured() " << filename <<
" secured: " << (status ?
"true" :
"false") << endl);
271 bool found_key =
true;
273 map<string, AccessCredentials *> credential_sets;
278 BESDEBUG(MODULE,
"The BES key " << CATALOG_MANAGER_CREDENTIALS
279 <<
" was not found in the BES configuration tree. No AccessCredentials were loaded" << endl);
284 if(config_file == ENV_CREDS_KEY_VALUE){
286 accessCredentials = load_credentials_from_env();
287 if(accessCredentials){
289 string url = accessCredentials->
get(AccessCredentials::URL_KEY);
290 theCM()->add(url,accessCredentials);
299 if(!file_exists(config_file)){
300 BESDEBUG(MODULE,
"The file specified by the BES key " << CATALOG_MANAGER_CREDENTIALS
301 <<
" does not exist. No Access Credentials were loaded." << endl);
305 if (!file_is_secured(config_file)) {
307 err.append(
"CredentialsManager config file ");
308 err.append(config_file);
309 err.append(
" is not secured! ");
310 err.append(
"Set the access permissions to -rw------- (600) and try again.");
313 BESDEBUG(MODULE,
"CredentialsManager config file '" << config_file <<
"' is secured." << endl);
315 map <string, vector<string>> keystore;
317 kvp::load_keys(config_file, keystore);
319 for(map <
string, vector<string>>::iterator it=keystore.begin(); it!=keystore.end(); it++) {
320 string creds_name = it->first;
321 vector<string> &credentials_entries = it->second;
322 map<string, AccessCredentials *>::iterator mit;
323 mit = credential_sets.find(creds_name);
324 if (mit != credential_sets.end()) {
326 accessCredentials = mit->second;
330 credential_sets.insert(pair<string, AccessCredentials *>(creds_name, accessCredentials));
332 for (vector<string>::iterator jt = credentials_entries.begin(); jt != credentials_entries.end(); jt++) {
333 string credentials_entry = *jt;
334 int index = credentials_entry.find(
":");
336 string key_name = credentials_entry.substr(0, index);
337 string value = credentials_entry.substr(index + 1);
338 BESDEBUG(MODULE, creds_name <<
":" << key_name <<
"=" << value << endl);
339 accessCredentials->
add(key_name, value);
343 BESDEBUG(MODULE,
"CredentialsManager loaded " << credential_sets.size() <<
" AccessCredentials" << endl);
344 vector<AccessCredentials *> bad_creds;
345 map<string,AccessCredentials *>::iterator acit;
347 for (acit = credential_sets.begin(); acit != credential_sets.end(); acit++) {
348 accessCredentials = acit->second;
349 string url = accessCredentials->
get(AccessCredentials::URL_KEY);
351 theCM()->add(url,accessCredentials);
354 bad_creds.push_back(acit->second);
357 if(bad_creds.size()){
359 vector<AccessCredentials * >::iterator bc;
361 ss <<
"Encountered " << bad_creds.size() <<
" AccessCredentials "
362 <<
" definitions missing an associated URL. offenders: ";
364 for (bc = bad_creds.begin(); bc != bad_creds.end(); bc++) {
365 ss << (*bc)->name() <<
" ";
366 credential_sets.erase((*bc)->name());
371 BESDEBUG(MODULE,
"CredentialsManager has successfully ingested " << theCM()->size() <<
" AccessCredentials" << endl);
377 string env_url, env_id, env_access_key, env_region, env_bucket;
382 env_id.assign( get_env_value(ENV_ID_KEY));
383 env_access_key.assign(get_env_value(ENV_ACCESS_KEY));
384 env_region.assign( get_env_value(ENV_REGION_KEY));
385 env_bucket.assign( get_env_value(ENV_BUCKET_KEY));
386 env_url.assign( get_env_value(ENV_URL_KEY));
388 if(env_url.length() &&
390 env_access_key.length() &&
391 env_region.length() &&
392 env_bucket.length()){
394 ac->
add(AccessCredentials::URL_KEY, env_url);
395 ac->
add(AccessCredentials::ID_KEY, env_id);
396 ac->
add(AccessCredentials::KEY_KEY, env_access_key);
397 ac->
add(AccessCredentials::REGION_KEY, env_region);
398 ac->
add(AccessCredentials::BUCKET_KEY, env_bucket);
419 std::map<std::string, std::string>::iterator it;
420 std::string value(
"");
434 const std::string &key,
435 const std::string &value){
436 kvp.insert(std::pair<std::string, std::string>(key, value));
445 is_s3 = get(URL_KEY).length()>0 &&
446 get(ID_KEY).length()>0 &&
447 get(KEY_KEY).length()>0 &&
448 get(REGION_KEY).length()>0 &&
449 get(BUCKET_KEY).length()>0;
455 string AccessCredentials::to_json(){
457 ss <<
"{" << endl <<
" \"AccessCredentials\": { " << endl;
458 ss <<
" \"name\": \"" << d_config_name <<
"\"," << endl;
459 for (std::map<string, string>::iterator it = kvp.begin(); it != kvp.end(); ++it) {
460 std::string key = it->first;
461 std::string value = it->second;
466 ss <<
" \"" << it->first <<
"\": \"" << it->second <<
"\"";
468 ss << endl <<
" }" << endl <<
"}" << endl;