Merge pull request #8 from Project-MONAI/sto-112-generate-temp-cre

Storage - Generate temporary credentials (Links to #52) #112 #123

Author: lillie-dae

src/.sonarlint/project-monai_monai-deploy-storage/CSharp/SonarLint.xml

@@ -86,4 +86,4 @@
       </Parameters>
     </Rule>
   </Rules>
-</AnalysisInput>
+</AnalysisInput>

src/Storage/Common/Extensions/PolicyExtensions.cs renamed to src/Monai.Deploy.Storage.Core/Extensions/PolicyExtensions.cs

@@ -2,9 +2,11 @@
 // SPDX-License-Identifier: Apache License 2.0
 
 using Ardalis.GuardClauses;
-using Monai.Deploy.Storage.Common.Policies;
+using Monai.Deploy.Storage.Core.Policies;
+using Newtonsoft.Json;
+using static Monai.Deploy.Storage.Core.Policies.Policy;
 
-namespace Monai.Deploy.Storage.Common.Extensions
+namespace Monai.Deploy.Storage.Core.Extensions
 {
     public static class PolicyExtensions
     {
@@ -66,6 +68,64 @@ public static Policy ToPolicy(string bucketName, string folderName)
             };
         }
 
+        public static Policy ToPolicy(PolicyRequest[] policyRequests)
+        {
+            Guard.Against.NullOrEmpty(policyRequests, nameof(policyRequests));
+
+            var pathList = policyRequests.SelectMany(pr => GetPathList(pr.FolderName));
+            Guard.Against.NullOrEmpty(pathList, nameof(pathList));
+
+            return new Policy
+            {
+                Statement = new List<Statement>
+                {
+                    new Statement
+                    {
+                        Sid = "AllowUserToSeeBucketListInTheConsole",
+                        Action = new string[] {"s3:ListAllMyBuckets", "s3:GetBucketLocation" },
+                        Effect = "Allow",
+                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                    },
+                    new Statement
+                    {
+                        Sid = "AllowRootAndHomeListingOfBucket",
+                        Action = new string[] { "s3:ListBucket" },
+                        Effect = "Allow",
+                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                        Condition = new Condition
+                        {
+                            StringEquals = new StringEquals
+                            {
+                                S3Prefix = pathList.ToArray(),
+                                S3Delimiter = new string[] { "/" }
+                            }
+                        }
+                    },
+                    new Statement
+                    {
+                        Sid = "AllowListingOfUserFolder",
+                        Action = new string[] { "s3:ListBucket" },
+                        Effect = "Allow",
+                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                        Condition = new Condition
+                        {
+                            StringEquals = new StringEquals
+                            {
+                                S3Prefix = policyRequests.Select(pr => $"{pr.FolderName}/*").ToArray(),
+                            }
+                        }
+                    },
+                    new Statement
+                    {
+                        Sid = "AllowAllS3ActionsInUserFolder",
+                        Action = new string[] { "s3:*" },
+                        Effect = "Allow",
+                        Resource = policyRequests.Select(pr => $"{pr.BucketName}/{pr.FolderName}").ToArray(),
+                    },
+                }
+            };
+        }
+
         public static List<string> GetPathList(string folderName)
         {
             Guard.Against.NullOrWhiteSpace(folderName, nameof(folderName));
@@ -86,5 +146,7 @@ public static List<string> GetPathList(string folderName)
 
             return pathList;
         }
+
+        public static string ToJson(this Policy self) => JsonConvert.SerializeObject(self, Converter.Settings);
     }
 }

src/Monai.Deploy.Storage.Core/Monai.Deploy.Storage.Core.csproj

@@ -0,0 +1,20 @@
+<!--
+© 2021-2022 MONAI Consortium
+SPDX-License-Identifier: Apache License 2.0
+-->
+
+
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net6.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Ardalis.GuardClauses" Version="4.0.0" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+  </ItemGroup>
+
+</Project>

src/Monai.Deploy.Storage.Core/Policies/Condition.cs

@@ -0,0 +1,12 @@
+// SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
+// SPDX-License-Identifier: Apache License 2.0
+
+namespace Monai.Deploy.Storage.Core.Policies
+{
+    public class Condition
+    {
+        public StringLike? StringLike { get; set; }
+
+        public StringEquals? StringEquals { get; set; }
+    }
+}

src/Monai.Deploy.Storage.Core/Policies/Converter.cs

@@ -0,0 +1,19 @@
+// SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
+// SPDX-License-Identifier: Apache License 2.0
+
+using Newtonsoft.Json;
+
+namespace Monai.Deploy.Storage.Core.Policies
+{
+    public partial class Policy
+    {
+        internal static class Converter
+        {
+            public static readonly JsonSerializerSettings Settings = new JsonSerializerSettings
+            {
+                MetadataPropertyHandling = MetadataPropertyHandling.Ignore,
+                DateParseHandling = DateParseHandling.None,
+            };
+        }
+    }
+}

src/Storage/Common/Policies/Policy.cs renamed to src/Monai.Deploy.Storage.Core/Policies/Policy.cs

@@ -1,12 +1,16 @@
 // SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
 // SPDX-License-Identifier: Apache License 2.0
 
-namespace Monai.Deploy.Storage.Common.Policies
+using Newtonsoft.Json;
+
+namespace Monai.Deploy.Storage.Core.Policies
 {
-    public class Policy
+    public partial class Policy
     {
         public string Version { get; set; } = "2012-10-17";
 
         public IList<Statement> Statement { get; set; } = new List<Statement>();
+
+        public static Policy? FromJson(string json) => JsonConvert.DeserializeObject<Policy>(json, Converter.Settings);
     }
 }

src/Monai.Deploy.Storage.Core/Policies/PolicyRequest.cs

@@ -0,0 +1,23 @@
+// SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
+// SPDX-License-Identifier: Apache License 2.0
+
+using Ardalis.GuardClauses;
+
+namespace Monai.Deploy.Storage.Core.Policies
+{
+    public class PolicyRequest
+    {
+        private readonly string _bucketName;
+
+        public PolicyRequest(string bucketName, string folderName)
+        {
+            Guard.Against.NullOrWhiteSpace(bucketName, nameof(bucketName));
+            _bucketName = bucketName;
+            FolderName = folderName;
+        }
+
+        public string BucketName { get => $"arn:aws:s3:::{_bucketName}"; }
+
+        public string FolderName { get; } = "";
+    }
+}

src/Monai.Deploy.Storage.Core/Policies/Statement.cs

@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
+// SPDX-License-Identifier: Apache License 2.0
+
+namespace Monai.Deploy.Storage.Core.Policies
+{
+    public class Statement
+    {
+        public string? Sid { get; set; }
+
+        public string[]? Action { get; set; }
+
+        public string? Effect { get; set; }
+
+        public string[]? Resource { get; set; }
+
+        public Condition? Condition { get; set; }
+    }
+}

src/Storage/Common/Policies/StringEquals.cs renamed to src/Monai.Deploy.Storage.Core/Policies/StringEquals.cs

@@ -3,14 +3,14 @@
 
 using Newtonsoft.Json;
 
-namespace Monai.Deploy.Storage.Common.Policies
+namespace Monai.Deploy.Storage.Core.Policies
 {
     public class StringEquals
     {
         [JsonProperty(PropertyName = "s3:prefix")]
-        public string[] S3Prefix { get; set; }
+        public string[]? S3Prefix { get; set; }
 
         [JsonProperty(PropertyName = "s3:delimiter")]
-        public string[] S3Delimiter { get; set; }
+        public string[]? S3Delimiter { get; set; }
     }
 }

src/Storage/Common/Policies/StringLike.cs renamed to src/Monai.Deploy.Storage.Core/Policies/StringLike.cs

@@ -3,11 +3,11 @@
 
 using Newtonsoft.Json;
 
-namespace Monai.Deploy.Storage.Common.Policies
+namespace Monai.Deploy.Storage.Core.Policies
 {
     public class StringLike
     {
         [JsonProperty(PropertyName = "s3:prefix")]
-        public string[] S3Prefix { get; set; }
+        public string[]? S3Prefix { get; set; }
     }
 }