From 7fa9f758ba42aa16ca45156bdfa6e695ac746d4c Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Tue, 2 Jul 2019 15:38:00 -0400 Subject: [PATCH] Start of the client --- src/_secureaccesstokenauthorizer/_plugin.py | 12 +++- .../_storage_client.py | 69 +++++++++++++++++++ .../_storage_server.py | 3 + src/_secureaccesstokenauthorizer/api.py | 4 ++ 4 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 src/_secureaccesstokenauthorizer/_storage_client.py diff --git a/src/_secureaccesstokenauthorizer/_plugin.py b/src/_secureaccesstokenauthorizer/_plugin.py index 4b40192..0350fa7 100644 --- a/src/_secureaccesstokenauthorizer/_plugin.py +++ b/src/_secureaccesstokenauthorizer/_plugin.py @@ -34,6 +34,11 @@ from allmydata.interfaces import ( from .api import ( SecureAccessTokenAuthorizerStorageServer, + SecureAccessTokenAuthorizerStorageClient, +) + +from ._storage_server import ( + TOKEN_LENGTH, ) @implementer(IAnnounceableStorageServer) @@ -66,5 +71,8 @@ class SecureAccessTokenAuthorizer(object): ) - def get_storage_client(self, configuration, announcement): - raise NotImplementedError() + def get_storage_client(self, configuration, announcement, get_rref): + return SecureAccessTokenAuthorizerStorageClient( + get_rref, + lambda: [b"x" * TOKEN_LENGTH], + ) diff --git a/src/_secureaccesstokenauthorizer/_storage_client.py b/src/_secureaccesstokenauthorizer/_storage_client.py new file mode 100644 index 0000000..0648ab1 --- /dev/null +++ b/src/_secureaccesstokenauthorizer/_storage_client.py @@ -0,0 +1,69 @@ +# Copyright 2019 PrivateStorage.io, LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +""" +A Tahoe-LAFS ``IStorageServer`` implementation which presents tokens +per-call to prove authorization for writes and lease updates. + +This is the client part of a storage access protocol. The server part is +implemented in ``_storage_server.py``. +""" + +import attr + +from zope.interface import ( + implementer, +) + +from allmydata.interfaces import ( + IStorageServer, +) + +@implementer(IStorageServer) +@attr.s +class SecureAccessTokenAuthorizerStorageClient(object): + """ + XXX + """ + _get_rref = attr.ib() + _get_tokens = attr.ib() + + @property + def _rref(self): + return self._get_rref() + + def get_version(self): + return self._rref.callRemote( + "get_version", + ) + + def allocate_buckets( + self, + storage_index, + renew_secret, + cancel_secret, + sharenums, + allocated_size, + canary, + ): + return self._rref.callRemote( + "allocate_buckets", + self._get_tokens(), + storage_index, + renew_secret, + cancel_secret, + sharenums, + allocated_size, + canary, + ) diff --git a/src/_secureaccesstokenauthorizer/_storage_server.py b/src/_secureaccesstokenauthorizer/_storage_server.py index 2e1501a..5593c28 100644 --- a/src/_secureaccesstokenauthorizer/_storage_server.py +++ b/src/_secureaccesstokenauthorizer/_storage_server.py @@ -15,6 +15,9 @@ """ A Tahoe-LAFS RIStorageServer-alike which authorizes writes and lease updates using a per-call token. + +This is the server part of a storage access protocol. The client part is +implemented in ``_storage_client.py``. """ from zope.interface import ( diff --git a/src/_secureaccesstokenauthorizer/api.py b/src/_secureaccesstokenauthorizer/api.py index 6ccb378..5388734 100644 --- a/src/_secureaccesstokenauthorizer/api.py +++ b/src/_secureaccesstokenauthorizer/api.py @@ -14,12 +14,16 @@ __all__ = [ "SecureAccessTokenAuthorizerStorageServer", + "SecureAccessTokenAuthorizerStorageClient", "SecureAccessTokenAuthorizer", ] from ._storage_server import ( SecureAccessTokenAuthorizerStorageServer, ) +from ._storage_client import ( + SecureAccessTokenAuthorizerStorageClient, +) from ._plugin import ( SecureAccessTokenAuthorizer, -- GitLab