diff --git a/src/_secureaccesstokenauthorizer/_plugin.py b/src/_secureaccesstokenauthorizer/_plugin.py index 4b4019244fa4d4f0b34ec53f7e2b139fd31f4889..0350fa7e1fc73fc6453d50657373fe2342741f90 100644 --- a/src/_secureaccesstokenauthorizer/_plugin.py +++ b/src/_secureaccesstokenauthorizer/_plugin.py @@ -34,6 +34,11 @@ from allmydata.interfaces import ( from .api import ( SecureAccessTokenAuthorizerStorageServer, + SecureAccessTokenAuthorizerStorageClient, +) + +from ._storage_server import ( + TOKEN_LENGTH, ) @implementer(IAnnounceableStorageServer) @@ -66,5 +71,8 @@ class SecureAccessTokenAuthorizer(object): ) - def get_storage_client(self, configuration, announcement): - raise NotImplementedError() + def get_storage_client(self, configuration, announcement, get_rref): + return SecureAccessTokenAuthorizerStorageClient( + get_rref, + lambda: [b"x" * TOKEN_LENGTH], + ) diff --git a/src/_secureaccesstokenauthorizer/_storage_client.py b/src/_secureaccesstokenauthorizer/_storage_client.py new file mode 100644 index 0000000000000000000000000000000000000000..0648ab190bfd665d00ff502c396beb57144f49bd --- /dev/null +++ b/src/_secureaccesstokenauthorizer/_storage_client.py @@ -0,0 +1,69 @@ +# Copyright 2019 PrivateStorage.io, LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +A Tahoe-LAFS ``IStorageServer`` implementation which presents tokens +per-call to prove authorization for writes and lease updates. + +This is the client part of a storage access protocol. The server part is +implemented in ``_storage_server.py``. +""" + +import attr + +from zope.interface import ( + implementer, +) + +from allmydata.interfaces import ( + IStorageServer, +) + +@implementer(IStorageServer) +@attr.s +class SecureAccessTokenAuthorizerStorageClient(object): + """ + XXX + """ + _get_rref = attr.ib() + _get_tokens = attr.ib() + + @property + def _rref(self): + return self._get_rref() + + def get_version(self): + return self._rref.callRemote( + "get_version", + ) + + def allocate_buckets( + self, + storage_index, + renew_secret, + cancel_secret, + sharenums, + allocated_size, + canary, + ): + return self._rref.callRemote( + "allocate_buckets", + self._get_tokens(), + storage_index, + renew_secret, + cancel_secret, + sharenums, + allocated_size, + canary, + ) diff --git a/src/_secureaccesstokenauthorizer/_storage_server.py b/src/_secureaccesstokenauthorizer/_storage_server.py index 2e1501aa5eebafaa712fd21bd269da1d06574073..5593c289273d59c12c7f32a0e25f2c843008e439 100644 --- a/src/_secureaccesstokenauthorizer/_storage_server.py +++ b/src/_secureaccesstokenauthorizer/_storage_server.py @@ -15,6 +15,9 @@ """ A Tahoe-LAFS RIStorageServer-alike which authorizes writes and lease updates using a per-call token. + +This is the server part of a storage access protocol. The client part is +implemented in ``_storage_client.py``. """ from zope.interface import ( diff --git a/src/_secureaccesstokenauthorizer/api.py b/src/_secureaccesstokenauthorizer/api.py index 6ccb378e6e3031f2e8b14b5b2f79f155e996e875..53887349735138b3d8463c5d070361a422b3da72 100644 --- a/src/_secureaccesstokenauthorizer/api.py +++ b/src/_secureaccesstokenauthorizer/api.py @@ -14,12 +14,16 @@ __all__ = [ "SecureAccessTokenAuthorizerStorageServer", + "SecureAccessTokenAuthorizerStorageClient", "SecureAccessTokenAuthorizer", ] from ._storage_server import ( SecureAccessTokenAuthorizerStorageServer, ) +from ._storage_client import ( + SecureAccessTokenAuthorizerStorageClient, +) from ._plugin import ( SecureAccessTokenAuthorizer,