Make it possible to retrieve the public project ID (or a fingerprint of it) from the satellite

storj / edge

Storj edge services (including multi-tenant, S3-compatible server to interact with the Storj network)

GNU Affero General Public License v3.0

48 stars 18 forks source link

Make it possible to retrieve the public project ID (or a fingerprint of it) from the satellite #438

Closed amwolff closed 1 month ago

amwolff commented 1 month ago

Goal

It would be useful for edge services to be able to retrieve and know what the public project ID tied to the access grant at hand is. It would be most useful to have it in logs.

Acceptance Criteria

Satellite has a new endpoint or there's another endpoint that can be adjusted to respond with public project ID and libuplink has a private API added that enables using the endpoint on the client side.

Links

An example of such endpoint: satellite/console/userinfo/endpoint.go

halkyon commented 1 month ago

It looks like ProjectInfo endpoint https://github.com/storj/storj/blob/e6217d6e6658ee525504c5edb22c4bc614582a82/satellite/metainfo/endpoint.go#L194 already has the public project ID in the response. Maybe we can use that instead?

It looks like there's already private uplink code to call it: https://github.com/storj/uplink/blob/931e862e93152126af237008614eacc55ad97585/private/metaclient/client.go#L100

With a bit more helper code in the private API, we could probably have something from edge call it up like private.ProjectInfo(access) which returns that response.

halkyon commented 1 month ago

https://review.dev.storj.io/c/storj/uplink/+/13379

halkyon commented 1 month ago

Looks like this should work using https://review.dev.storj.io/c/storj/uplink/+/13379. I whipped up a quick example that feeds it into an eventkit event, with some code like this:

var projectUUID uuid.UUID
projectIDBytes, err := privateProject.GetPublicID(r.Context(), uplink.Config{}, access)
if err == nil {
  projectUUID, _ = uuid.FromBytes(projectIDBytes)
}

...

ek.Event("gmt",
  eventkit.String("public-project-id", projectUUID.String()),
...

Confirmed I get the correct public project ID for my project on AP1 satellite.

Next step would be to add it to authservice on new access key so it adds the project ID to each authservice record. Then wire up gateway to use the value from authservice. If the record doesn't have the ID, pull the ID from the satellite, then update the authservice record?

amwolff commented 1 month ago

oh, this is a great find! yeah, next step is #439. We don't need to backfill old records. Just include the ID in the new ones.

storj-gerrit[bot] commented 1 month ago

Change private/project: allow retrieving public project ID from access mentions this issue.