Finish HMAC DB storage implementation

Signed-off-by: Ben <[email protected]>

Author: Neon-White

src/api/account_api.js

@@ -445,6 +445,9 @@ module.exports = {
                     },
                     endpoint_type: {
                         $ref: 'common_api#/definitions/endpoint_type'
+                    },
+                    gcp_hmac_key: {
+                        $ref: 'common_api#/definitions/gcp_hmac_key'
                     }
 
                 }

src/api/common_api.js

@@ -897,6 +897,17 @@ module.exports = {
             }
         },
 
+        gcp_access_id: { wrapper: SensitiveString },
+        gcp_secret_key: { wrapper: SensitiveString },
+
+        gcp_hmac_key: {
+            type: 'object',
+            properties: {
+                access_id: { $ref: '#/definitions/gcp_access_id' },
+                secret_key: { $ref: '#/definitions/gcp_secret_key' },
+            }
+        },
+
         ip_range: {
             type: 'object',
             required: ['start', 'end'],

src/api/pool_api.js

@@ -624,6 +624,7 @@ module.exports = {
                 region: {
                     type: 'string'
                 },
+                gcp_hmac_key: { $ref: 'common_api#/definitions/gcp_hmac_key' },
             }
         },
 

src/sdk/namespace_gcp.js

@@ -47,6 +47,13 @@ class NamespaceGCP {
         this.project_id = project_id;
         this.client_email = client_email;
         this.private_key = private_key;
+        this.gcs = new GoogleCloudStorage({
+            projectId: this.project_id,
+            credentials: {
+                client_email: this.client_email,
+                private_key: this.private_key,
+            }
+        });
         this.s3_client = new AWS.S3({
             endpoint: 'https://storage.googleapis.com',
             accessKeyId: hmac_key.access_id,

src/sdk/object_sdk.js

@@ -402,7 +402,7 @@ class ObjectSDK {
     /**
      * @returns {nb.Namespace}
      */
-    // resource is a namespace_resource
+    // resource contains the values of namespace_resource_extended_info
     _setup_single_namespace({ resource: r, path: p }, bucket_id, options) {
 
         if (r.endpoint_type === 'NOOBAA') {
@@ -462,7 +462,8 @@ class ObjectSDK {
                 private_key,
                 access_mode: r.access_mode,
                 stats: this.stats,
-                hmac_key: r.gcp_hmac_key,
+                hmac_key: { access_id : r.gcp_hmac_key.access_id.unwrap(),
+                            secret_key : r.gcp_hmac_key.secret_key.unwrap() }
             });
         }
         if (r.fs_root_path || r.fs_root_path === '') {

src/server/system_services/master_key_manager.js

@@ -374,6 +374,13 @@ class MasterKeysManager {
                             master_key_id: ns_resource.account.master_key_id._id
                         }, undefined);
                     }
+                    if (ns_resource.connection.gcp_hmac_key?.secret_key) {
+                        ns_resource.connection.gcp_hmac_key.secret_key = await this.secret_keys_cache.get_with_cache({
+                            encrypted_value: ns_resource.connection.gcp_hmac_key.secret_key.unwrap(),
+                            undefined,
+                            master_key_id: ns_resource.account.master_key_id._id
+                        }, undefined);
+                    }
                 }
             }
         }

src/server/system_services/pool_server.js

@@ -277,6 +277,16 @@ async function create_namespace_resource(req) {
             };
         }
 
+        let gcp_hmac_key;
+        if (connection?.gcp_hmac_key?.secret_key) {
+            gcp_hmac_key = {
+                access_id: connection.gcp_hmac_key.access_id,
+                secret_key: system_store.master_key_manager.encrypt_sensitive_string_with_master_key_id(
+                    connection.gcp_hmac_key.secret_key, req.account.master_key_id._id
+                )
+            };
+        }
+
         namespace_resource = new_namespace_resource_defaults(name, req.system._id, req.account._id, _.omitBy({
             aws_sts_arn: connection.aws_sts_arn,
             endpoint: connection.endpoint,
@@ -288,6 +298,7 @@ async function create_namespace_resource(req) {
             endpoint_type: connection.endpoint_type || 'AWS',
             region: connection.region,
             azure_log_access_keys,
+            gcp_hmac_key,
         }, _.isUndefined), undefined, req.rpc_params.access_mode);
 
         const cloud_buckets = await server_rpc.client.bucket.get_cloud_buckets({
@@ -1176,6 +1187,7 @@ function get_namespace_resource_extended_info(namespace_resource) {
         secret_key: namespace_resource.connection.secret_key,
         access_mode: namespace_resource.access_mode,
         aws_sts_arn: namespace_resource.connection.aws_sts_arn || undefined,
+        gcp_hmac_key: namespace_resource.connection.gcp_hmac_key,
     };
     const nsfs_info = namespace_resource.nsfs_config && {
         fs_root_path: namespace_resource.nsfs_config.fs_root_path,

src/server/system_services/schemas/account_schema.js

@@ -70,6 +70,7 @@ module.exports = {
                     access_key: { $ref: 'common_api#/definitions/access_key' },
                     secret_key: { $ref: 'common_api#/definitions/secret_key' },
                     azure_log_access_keys: { $ref: 'common_api#/definitions/azure_log_access_keys' },
+                    gcp_hmac_key: { $ref: 'common_api#/definitions/gcp_hmac_key' },
                     aws_sts_arn: {
                         type: 'string'
                     },

src/server/system_services/schemas/namespace_resource_schema.js

@@ -53,6 +53,7 @@ module.exports = {
                 access_key: { $ref: 'common_api#/definitions/access_key' },
                 secret_key: { $ref: 'common_api#/definitions/secret_key' },
                 azure_log_access_keys: { $ref: 'common_api#/definitions/azure_log_access_keys' },
+                gcp_hmac_key: { $ref: 'common_api#/definitions/gcp_hmac_key' },
                 cp_code: {
                     type: 'string'
                 }