From 09d81f5bb3da9a968e745d87b363a9ba9ac25191 Mon Sep 17 00:00:00 2001
From: Anoop C S <anoopcs@cryptolab.net>
Date: Fri, 8 Dec 2023 11:30:26 +0530
Subject: [PATCH] micro-osd.sh: Clarify the suspicion around S3 credentials

It's unusual to put any kind of credentials out in open. The set
of credentials defined with `S3_ACCESS_KEY` and `S3_SECRET_KEY`
variables in the script are questionable in its nature. But these
are not real/valid credential values in any form for AWS rather
used for testing the S3 compatible API from Ceph RGW. Therefore
clarify the intention and replace with sample values from official
AWS documentation.

Signed-off-by: Anoop C S <anoopcs@cryptolab.net>
---
 micro-osd.sh              | 11 ++++++++---
 rgw/admin/README.md       |  4 ++--
 rgw/admin/radosgw_test.go |  4 ++--
 rgw/admin/user_test.go    |  4 ++--
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/micro-osd.sh b/micro-osd.sh
index a6a5600..804dbc3 100755
--- a/micro-osd.sh
+++ b/micro-osd.sh
@@ -39,10 +39,15 @@ MON_NAME="a"
 MGR_NAME="x"
 MIRROR_ID="m"
 RGW_ID="r"
-S3_ACCESS_KEY=2262XNX11FZRR44XWIRD
-S3_SECRET_KEY=rmtuS1Uj1bIC08QFYGW18GfSHAbkPqdsuYynNudw
-HOST_IP=$(getent ahostsv4 "${HOSTNAME}" | grep STREAM | head -n 1 | awk '{print $1}')
 
+# Following are examples for S3 credentials taken from official AWS docs:
+# https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html#access-keys-and-secret-access-keys
+# These does not represent real/valid credentials for AWS in any form.
+# They are exclusively used for testing S3 compatible API from Ceph RGW.
+S3_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
+S3_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+
+HOST_IP=$(getent ahostsv4 "${HOSTNAME}" | grep STREAM | head -n 1 | awk '{print $1}')
 FSID="$(uuidgen)"
 export CEPH_CONF=${DIR}/ceph.conf
 
diff --git a/rgw/admin/README.md b/rgw/admin/README.md
index e4d6e42..7d6e2ed 100644
--- a/rgw/admin/README.md
+++ b/rgw/admin/README.md
@@ -3,7 +3,7 @@
 You must create an admin user like so:
 
 ```
-radosgw-admin user create --uid admin --display-name "Admin User" --caps "buckets=*;users=*;usage=read;metadata=read;zone=read --access-key=2262XNX11FZRR44XWIRD --secret-key=rmtuS1Uj1bIC08QFYGW18GfSHAbkPqdsuYynNudw
+radosgw-admin user create --uid admin --display-name "Admin User" --caps "buckets=*;users=*;usage=read;metadata=read;zone=read --access-key=AKIAIOSFODNN7EXAMPLE --secret-key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
 ```
 
 Then use the `access_key` and `secret_key` for authentication.
@@ -19,7 +19,7 @@ import (
 
 func main() {
     // Generate a connection object
-    co, err := admin.New("http://192.168.1.1", "2262XNX11FZRR44XWIRD", "rmtuS1Uj1bIC08QFYGW18GfSHAbkPqdsuYynNudw", nil)
+    co, err := admin.New("http://192.168.1.1", "AKIAIOSFODNN7EXAMPLE", "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", nil)
     if err != nil {
         panic(err)
     }
diff --git a/rgw/admin/radosgw_test.go b/rgw/admin/radosgw_test.go
index 2d3f2ec..590b941 100644
--- a/rgw/admin/radosgw_test.go
+++ b/rgw/admin/radosgw_test.go
@@ -114,8 +114,8 @@ func (s *S3Agent) createBucket(name string) error {
 }
 
 func (suite *RadosGWTestSuite) SetupConnection() {
-	suite.accessKey = "2262XNX11FZRR44XWIRD"
-	suite.secretKey = "rmtuS1Uj1bIC08QFYGW18GfSHAbkPqdsuYynNudw"
+	suite.accessKey = "AKIAIOSFODNN7EXAMPLE"
+	suite.secretKey = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
 	hostname := os.Getenv("HOSTNAME")
 	endpoint := hostname
 	if hostname != "test_ceph_aio" {
diff --git a/rgw/admin/user_test.go b/rgw/admin/user_test.go
index 4df6e33..55a7422 100644
--- a/rgw/admin/user_test.go
+++ b/rgw/admin/user_test.go
@@ -45,8 +45,8 @@ var (
   "keys": [
     {
       "user": "dashboard-admin",
-      "access_key": "4WD1FGM5PXKLC97YC0SZ",
-      "secret_key": "YSaT5bEcJTjBJCDG5yvr2NhGQ9xzoTIg8B1gQHa3"
+      "access_key": "AKIAIOSFODNN7EXAMPLE",
+      "secret_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
     }
   ],
   "swift_keys": [