diff --git a/src/_secureaccesstokenauthorizer/_plugin.py b/src/_secureaccesstokenauthorizer/_plugin.py
index 4b4019244fa4d4f0b34ec53f7e2b139fd31f4889..0350fa7e1fc73fc6453d50657373fe2342741f90 100644
--- a/src/_secureaccesstokenauthorizer/_plugin.py
+++ b/src/_secureaccesstokenauthorizer/_plugin.py
@@ -34,6 +34,11 @@ from allmydata.interfaces import (
from .api import (
SecureAccessTokenAuthorizerStorageServer,
+ SecureAccessTokenAuthorizerStorageClient,
+)
+
+from ._storage_server import (
+ TOKEN_LENGTH,
)
@implementer(IAnnounceableStorageServer)
@@ -66,5 +71,8 @@ class SecureAccessTokenAuthorizer(object):
)
- def get_storage_client(self, configuration, announcement):
- raise NotImplementedError()
+ def get_storage_client(self, configuration, announcement, get_rref):
+ return SecureAccessTokenAuthorizerStorageClient(
+ get_rref,
+ lambda: [b"x" * TOKEN_LENGTH],
+ )
diff --git a/src/_secureaccesstokenauthorizer/_storage_client.py b/src/_secureaccesstokenauthorizer/_storage_client.py
new file mode 100644
index 0000000000000000000000000000000000000000..0648ab190bfd665d00ff502c396beb57144f49bd
--- /dev/null
+++ b/src/_secureaccesstokenauthorizer/_storage_client.py
@@ -0,0 +1,69 @@
+# Copyright 2019 PrivateStorage.io, LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+A Tahoe-LAFS ``IStorageServer`` implementation which presents tokens
+per-call to prove authorization for writes and lease updates.
+
+This is the client part of a storage access protocol. The server part is
+implemented in ``_storage_server.py``.
+"""
+
+import attr
+
+from zope.interface import (
+ implementer,
+)
+
+from allmydata.interfaces import (
+ IStorageServer,
+)
+
+@implementer(IStorageServer)
+@attr.s
+class SecureAccessTokenAuthorizerStorageClient(object):
+ """
+ XXX
+ """
+ _get_rref = attr.ib()
+ _get_tokens = attr.ib()
+
+ @property
+ def _rref(self):
+ return self._get_rref()
+
+ def get_version(self):
+ return self._rref.callRemote(
+ "get_version",
+ )
+
+ def allocate_buckets(
+ self,
+ storage_index,
+ renew_secret,
+ cancel_secret,
+ sharenums,
+ allocated_size,
+ canary,
+ ):
+ return self._rref.callRemote(
+ "allocate_buckets",
+ self._get_tokens(),
+ storage_index,
+ renew_secret,
+ cancel_secret,
+ sharenums,
+ allocated_size,
+ canary,
+ )
diff --git a/src/_secureaccesstokenauthorizer/_storage_server.py b/src/_secureaccesstokenauthorizer/_storage_server.py
index 2e1501aa5eebafaa712fd21bd269da1d06574073..5593c289273d59c12c7f32a0e25f2c843008e439 100644
--- a/src/_secureaccesstokenauthorizer/_storage_server.py
+++ b/src/_secureaccesstokenauthorizer/_storage_server.py
@@ -15,6 +15,9 @@
"""
A Tahoe-LAFS RIStorageServer-alike which authorizes writes and lease
updates using a per-call token.
+
+This is the server part of a storage access protocol. The client part is
+implemented in ``_storage_client.py``.
"""
from zope.interface import (
diff --git a/src/_secureaccesstokenauthorizer/api.py b/src/_secureaccesstokenauthorizer/api.py
index 6ccb378e6e3031f2e8b14b5b2f79f155e996e875..53887349735138b3d8463c5d070361a422b3da72 100644
--- a/src/_secureaccesstokenauthorizer/api.py
+++ b/src/_secureaccesstokenauthorizer/api.py
@@ -14,12 +14,16 @@
__all__ = [
"SecureAccessTokenAuthorizerStorageServer",
+ "SecureAccessTokenAuthorizerStorageClient",
"SecureAccessTokenAuthorizer",
]
from ._storage_server import (
SecureAccessTokenAuthorizerStorageServer,
)
+from ._storage_client import (
+ SecureAccessTokenAuthorizerStorageClient,
+)
from ._plugin import (
SecureAccessTokenAuthorizer,