36 #include "AllowedHosts.h"
37 #include "TheBESKeys.h"
38 #include "kvp_utils.h"
39 #include "BESInternalError.h"
41 #include "CurlUtils.h"
43 #include "CredentialsManager.h"
44 #include "NgapS3Credentials.h"
45 #include "DmrppNames.h"
50 #define prolog std::string("CredentialsManager::").append(__func__).append("() - ")
58 const string CredentialsManager::ENV_ID_KEY=
"CMAC_ID";
59 const string CredentialsManager::ENV_ACCESS_KEY=
"CMAC_ACCESS_KEY";
60 const string CredentialsManager::ENV_REGION_KEY=
"CMAC_REGION";
62 const string CredentialsManager::ENV_URL_KEY=
"CMAC_URL";
63 const string CredentialsManager::ENV_CREDS_KEY_VALUE=
"ENV_CREDS";
74 std::string get_env_value(
const string &key){
76 const char *cstr = getenv(key.c_str());
79 BESDEBUG(CREDS, prolog <<
"From system environment - " << key <<
": " << value << endl);
95 std::string get_config_value(
const string &key){
100 BESDEBUG(CREDS, prolog <<
"Using " << key <<
" from TheBESKeys" << endl);
112 for (std::map<std::string, AccessCredentials *>::iterator it = creds.begin(); it != creds.end(); ++it) {
121 CredentialsManager::CredentialsManager(): ngaps3CredentialsLoaded(false){
122 d_netrc_filename = curl::get_netrc_filename();
128 void CredentialsManager::initialize_instance()
132 atexit(delete_instance);
140 void CredentialsManager::delete_instance()
154 creds.insert(std::pair<std::string,AccessCredentials *>(key, ac));
155 BESDEBUG(CREDS, prolog <<
"Added AccessCredentials to CredentialsManager. credentials: " << endl << ac->to_json() << endl);
167 std::string best_key(
"");
169 if(url.find(
"http://") == 0 || url.find(
"https://") == 0) {
170 for (std::map<std::string, AccessCredentials *>::iterator it = creds.begin(); it != creds.end(); ++it) {
171 std::string key = it->first;
172 if (url.rfind(key, 0) == 0) {
174 if (key.length() > best_key.length()) {
176 best_match = it->second;
189 bool file_exists(
const string &filename) {
191 return (stat (filename.c_str(), &buffer) == 0);
214 bool file_is_secured(
const string &filename) {
216 if (stat(filename.c_str(), &st) != 0) {
218 err.append(
"file_is_secured() Unable to access file ");
219 err.append(filename).append(
" strerror: ").append(strerror(errno));
223 mode_t perm = st.st_mode;
225 status = (perm & S_IRUSR) && !(
234 BESDEBUG(CREDS, prolog <<
"file_is_secured() " << filename <<
" secured: " << (status ?
"true" :
"false") << endl);
270 bool found_key =
true;
272 map<string, AccessCredentials *> credential_sets;
277 BESDEBUG(CREDS, prolog <<
"The BES key " << CATALOG_MANAGER_CREDENTIALS
278 <<
" was not found in the BES configuration tree. No AccessCredentials were loaded" << endl);
283 if(config_file == ENV_CREDS_KEY_VALUE){
285 accessCredentials = theCM()->load_credentials_from_env();
286 if(accessCredentials){
288 string url = accessCredentials->
get(AccessCredentials::URL_KEY);
289 theCM()->
add(url,accessCredentials);
298 theCM()->load_ngap_s3_credentials();
300 if(!file_exists(config_file)){
301 BESDEBUG(CREDS, prolog <<
"The file specified by the BES key " << CATALOG_MANAGER_CREDENTIALS
302 <<
" does not exist. No Access Credentials were loaded." << endl);
306 if (!file_is_secured(config_file)) {
308 err.append(
"CredentialsManager config file ");
309 err.append(config_file);
310 err.append(
" is not secured! ");
311 err.append(
"Set the access permissions to -rw------- (600) and try again.");
314 BESDEBUG(CREDS, prolog <<
"The config file '" << config_file <<
"' is secured." << endl);
316 map <string, vector<string>> keystore;
318 kvp::load_keys(config_file, keystore);
320 for(map <
string, vector<string>>::iterator it=keystore.begin(); it!=keystore.end(); it++) {
321 string creds_name = it->first;
322 vector<string> &credentials_entries = it->second;
323 map<string, AccessCredentials *>::iterator mit;
324 mit = credential_sets.find(creds_name);
325 if (mit != credential_sets.end()) {
327 accessCredentials = mit->second;
331 credential_sets.insert(pair<string, AccessCredentials *>(creds_name, accessCredentials));
333 for (vector<string>::iterator jt = credentials_entries.begin(); jt != credentials_entries.end(); jt++) {
334 string credentials_entry = *jt;
335 int index = credentials_entry.find(
":");
337 string key_name = credentials_entry.substr(0, index);
338 string value = credentials_entry.substr(index + 1);
339 BESDEBUG(CREDS, prolog << creds_name <<
":" << key_name <<
"=" << value << endl);
340 accessCredentials->
add(key_name, value);
344 BESDEBUG(CREDS, prolog <<
"Loaded " << credential_sets.size() <<
" AccessCredentials" << endl);
345 vector<AccessCredentials *> bad_creds;
346 map<string,AccessCredentials *>::iterator acit;
348 for (acit = credential_sets.begin(); acit != credential_sets.end(); acit++) {
349 accessCredentials = acit->second;
350 string url = accessCredentials->
get(AccessCredentials::URL_KEY);
352 theCM()->
add(url,accessCredentials);
355 bad_creds.push_back(acit->second);
358 if(bad_creds.size()){
360 vector<AccessCredentials * >::iterator bc;
362 ss <<
"Encountered " << bad_creds.size() <<
" AccessCredentials "
363 <<
" definitions missing an associated URL. offenders: ";
365 for (bc = bad_creds.begin(); bc != bad_creds.end(); bc++) {
366 ss << (*bc)->name() <<
" ";
367 credential_sets.erase((*bc)->name());
372 BESDEBUG(CREDS, prolog <<
"Successfully ingested " << theCM()->size() <<
" AccessCredentials" << endl);
384 string env_url, env_id, env_access_key, env_region, env_bucket;
389 env_id.assign( get_env_value(ENV_ID_KEY));
390 env_access_key.assign(get_env_value(ENV_ACCESS_KEY));
391 env_region.assign( get_env_value(ENV_REGION_KEY));
393 env_url.assign( get_env_value(ENV_URL_KEY));
395 if(env_url.length() &&
397 env_access_key.length() &&
399 env_region.length() ){
401 ac->
add(AccessCredentials::URL_KEY, env_url);
402 ac->
add(AccessCredentials::ID_KEY, env_id);
403 ac->
add(AccessCredentials::KEY_KEY, env_access_key);
404 ac->
add(AccessCredentials::REGION_KEY, env_region);
411 std::string NGAP_S3_BASE_DEFAULT=
"https://";
416 void CredentialsManager::load_ngap_s3_credentials( ){
417 string s3_distribution_endpoint_url;
423 long refresh_margin = 600;
426 refresh_margin = strtol(value.c_str(), 0, 10);
429 string s3_base_url = NGAP_S3_BASE_DEFAULT;
436 nsc->
add(NgapS3Credentials::URL_KEY, s3_base_url);
437 nsc->name(
"NgapS3Credentials");
439 CredentialsManager::theCM()->
add(s3_base_url,nsc);
440 CredentialsManager::theCM()->ngaps3CredentialsLoaded =
true;
444 BESDEBUG(CREDS,prolog <<
"WARNING: The BES configuration did not contain an instance of " <<
445 NgapS3Credentials::BES_CONF_S3_ENDPOINT_KEY <<
446 " NGAP S3 Credentials NOT loaded." << endl);
void add(const std::string &key, const std::string &value)
Add the key and value pair.
virtual std::string get(const std::string &key)
exception thrown if internal error encountered
void add(const std::string &url, AccessCredentials *ac)
static CredentialsManager * theMngr
AccessCredentials * get(const std::string &url)
void get_value(const std::string &s, std::string &val, bool &found)
Retrieve the value of a given key, if set.
static TheBESKeys * TheKeys()