Adds "x-amz-usr-agent" and "x-id" params to be used in authentication of presignedURL (#10792)

master
ebozduman 4 years ago committed by GitHub
parent a6113b2315
commit 303be1866d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 32
      cmd/signature-v4.go
  2. 73
      mint/run/core/aws-sdk-ruby/aws-stub-tests.rb

@ -36,6 +36,7 @@ import (
"time" "time"
"github.com/minio/minio-go/v7/pkg/s3utils" "github.com/minio/minio-go/v7/pkg/s3utils"
"github.com/minio/minio-go/v7/pkg/set"
xhttp "github.com/minio/minio/cmd/http" xhttp "github.com/minio/minio/cmd/http"
sha256 "github.com/minio/sha256-simd" sha256 "github.com/minio/sha256-simd"
) )
@ -256,26 +257,23 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
query.Set(xhttp.AmzSignedHeaders, getSignedHeaders(extractedSignedHeaders)) query.Set(xhttp.AmzSignedHeaders, getSignedHeaders(extractedSignedHeaders))
query.Set(xhttp.AmzCredential, cred.AccessKey+SlashSeparator+pSignValues.Credential.getScope()) query.Set(xhttp.AmzCredential, cred.AccessKey+SlashSeparator+pSignValues.Credential.getScope())
// Save other headers available in the request parameters. defaultSigParams := set.CreateStringSet(
for k, v := range req.URL.Query() { xhttp.AmzContentSha256,
key := strings.ToLower(k) xhttp.AmzSecurityToken,
xhttp.AmzAlgorithm,
// Handle the metadata in presigned put query string xhttp.AmzDate,
if strings.Contains(key, "x-amz-meta-") { xhttp.AmzExpires,
query.Set(k, v[0]) xhttp.AmzSignedHeaders,
continue xhttp.AmzCredential,
} xhttp.AmzSignature,
)
if strings.Contains(key, "x-amz-server-side-") {
query.Set(k, v[0])
continue
}
if strings.HasPrefix(key, "x-amz") { // Add missing query parameters if any provided in the request URL
continue for k, v := range req.URL.Query() {
} if !defaultSigParams.Contains(k) {
query[k] = v query[k] = v
} }
}
// Get the encoded query. // Get the encoded query.
encodedQuery := query.Encode() encodedQuery := query.Encode()

@ -20,6 +20,16 @@ require 'securerandom'
require 'net/http' require 'net/http'
require 'multipart_body' require 'multipart_body'
# For aws-sdk ruby tests to run, setting the following
# environment variables is mandatory.
# SERVER_ENDPOINT: <ip:port> address of the minio server tests will run against
# ACCESS_KEY: access key for the minio server
# SECRET_KEY: secreet key for the minio server
# SERVER_REGION: region minio server is setup to run
# ENABLE_HTTPS: (1|0) turn on/off to specify https or
# http services minio server is running on
# MINT_DATA_DIR: Data directory where test data files are stored
class AwsSdkRubyTest class AwsSdkRubyTest
# Set variables necessary to create an s3 client instance. # Set variables necessary to create an s3 client instance.
# Get them from the environment variables # Get them from the environment variables
@ -27,13 +37,15 @@ class AwsSdkRubyTest
# Region information, eg. "us-east-1" # Region information, eg. "us-east-1"
region = ENV['SERVER_REGION'] ||= 'SERVER_REGION is not set' region = ENV['SERVER_REGION'] ||= 'SERVER_REGION is not set'
# Minio server, eg. "play.minio.io:9000" # Minio server, eg. "play.minio.io:9000"
endpoint = ENV['SERVER_ENDPOINT'] ||= 'SERVER_ENDPOINT is not set'
access_key_id = ENV['ACCESS_KEY'] ||= 'ACCESS_KEY is not set' access_key_id = ENV['ACCESS_KEY'] ||= 'ACCESS_KEY is not set'
secret_access_key = ENV['SECRET_KEY'] ||= 'SECRET_KEY is not set' secret_access_key = ENV['SECRET_KEY'] ||= 'SECRET_KEY is not set'
enable_https = ENV['ENABLE_HTTPS'] enable_https = ENV['ENABLE_HTTPS']
endpoint = enable_https == '1' ? 'https://' + endpoint : 'http://' + endpoint end_point = ENV['SERVER_ENDPOINT'] ||= 'SERVER_ENDPOINT is not set'
# Create s3 client instances, "s3Resource" and "s3Client" endpoint = enable_https == '1' ? 'https://' + end_point : 'http://' + end_point
@@s3 = Aws::S3::Resource.new(region: region,
# Create s3 resource instance,"s3"
@@s3 = Aws::S3::Resource.new(
region: region,
endpoint: endpoint, endpoint: endpoint,
access_key_id: access_key_id, access_key_id: access_key_id,
secret_access_key: secret_access_key, secret_access_key: secret_access_key,
@ -56,9 +68,8 @@ class AwsSdkRubyTest
error: nil } error: nil }
end end
def get_random_bucket_name() def random_bucket_name
bucket_name = "aws-sdk-ruby-bucket-"+SecureRandom.hex(6) 'aws-sdk-ruby-bucket-' + SecureRandom.hex(6)
return bucket_name
end end
def calculate_duration(t2, t1) def calculate_duration(t2, t1)
@ -361,14 +372,12 @@ class AwsSdkRubyTest
# #
# Test case methods # Test case methods
# #
def listBucketsTest() def listBucketsTest
# Tests listBuckets api command by creating # Tests listBuckets api command by creating
# new buckets from bucket_name_list # new buckets from bucket_name_list
# get random bucket names and create list # get 2 different random bucket names and create a list
bucket_name1 = get_random_bucket_name() bucket_name_list = [random_bucket_name, random_bucket_name]
bucket_name2 = get_random_bucket_name()
bucket_name_list = [bucket_name1, bucket_name2]
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('listBuckets') log_output = initialize_log_output('listBuckets')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -398,11 +407,11 @@ class AwsSdkRubyTest
print_log(log_output, start_time) print_log(log_output, start_time)
end end
def makeBucketTest() def makeBucketTest
# Tests makeBucket api command. # Tests makeBucket api command.
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('makeBucket') log_output = initialize_log_output('makeBucket')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -428,11 +437,11 @@ class AwsSdkRubyTest
print_log(log_output, start_time) print_log(log_output, start_time)
end end
def bucketExistsNegativeTest() def bucketExistsNegativeTest
# Tests bucketExists api command. # Tests bucketExists api command.
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('bucketExists?') log_output = initialize_log_output('bucketExists?')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -456,11 +465,11 @@ class AwsSdkRubyTest
print_log(log_output, start_time) print_log(log_output, start_time)
end end
def removeBucketTest() def removeBucketTest
# Tests removeBucket api command. # Tests removeBucket api command.
# get a random bucket name # get a random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('removeBucket') log_output = initialize_log_output('removeBucket')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -490,7 +499,7 @@ class AwsSdkRubyTest
# Tests putObject api command by uploading a file # Tests putObject api command by uploading a file
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('putObject') log_output = initialize_log_output('putObject')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -520,7 +529,7 @@ class AwsSdkRubyTest
# Tests removeObject api command by uploading and removing a file # Tests removeObject api command by uploading and removing a file
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('removeObject') log_output = initialize_log_output('removeObject')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -551,7 +560,7 @@ class AwsSdkRubyTest
# Tests getObject api command # Tests getObject api command
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('getObject') log_output = initialize_log_output('getObject')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -582,7 +591,7 @@ class AwsSdkRubyTest
# Tests listObjects api command # Tests listObjects api command
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('listObjects') log_output = initialize_log_output('listObjects')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -620,8 +629,8 @@ class AwsSdkRubyTest
# Tests copyObject api command # Tests copyObject api command
# get random bucket names # get random bucket names
source_bucket_name = get_random_bucket_name() source_bucket_name = random_bucket_name
target_bucket_name = get_random_bucket_name() target_bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('copyObject') log_output = initialize_log_output('copyObject')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -657,7 +666,7 @@ class AwsSdkRubyTest
# Tests presignedGetObject api command # Tests presignedGetObject api command
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('presignedGet') log_output = initialize_log_output('presignedGet')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -675,7 +684,7 @@ class AwsSdkRubyTest
get_url = presignedGetWrapper(bucket_name, file_name, log_output) get_url = presignedGetWrapper(bucket_name, file_name, log_output)
# Download the file using the URL # Download the file using the URL
# generated by presignedGet api command # generated by presignedGet api command
`wget -O /tmp/#{file_name}, '#{get_url}' > /dev/null 2>&1` `wget -O /tmp/#{file_name} '#{get_url}' > /dev/null 2>&1`
# Get check sum value for the downloaded file # Get check sum value for the downloaded file
# Split to get rid of the file name # Split to get rid of the file name
cksum_new = `cksum /tmp/#{file_name}`.split[0..1] cksum_new = `cksum /tmp/#{file_name}`.split[0..1]
@ -700,7 +709,7 @@ class AwsSdkRubyTest
# Tests presignedPutObject api command # Tests presignedPutObject api command
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('presignedPut') log_output = initialize_log_output('presignedPut')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -755,7 +764,7 @@ class AwsSdkRubyTest
# Tests presignedPostObject api command # Tests presignedPostObject api command
# get random bucket name # get random bucket name
bucket_name = get_random_bucket_name() bucket_name = random_bucket_name
# Initialize hash table, 'log_output' # Initialize hash table, 'log_output'
log_output = initialize_log_output('presignedPost') log_output = initialize_log_output('presignedPost')
# Prepare arg/value hash table and set it in log_output # Prepare arg/value hash table and set it in log_output
@ -840,11 +849,11 @@ data_dir = ENV['MINT_DATA_DIR'] ||= 'MINT_DATA_DIR is not set'
file_list = file_name_list.map { |f| File.join(data_dir, f) } file_list = file_name_list.map { |f| File.join(data_dir, f) }
destination = '/tmp' destination = '/tmp'
aws.listBucketsTest() aws.listBucketsTest
aws.listObjectsTest(file_list) aws.listObjectsTest(file_list)
aws.makeBucketTest() aws.makeBucketTest
aws.bucketExistsNegativeTest() aws.bucketExistsNegativeTest
aws.removeBucketTest() aws.removeBucketTest
aws.putObjectTest(File.join(data_dir, file_name1)) aws.putObjectTest(File.join(data_dir, file_name1))
aws.removeObjectTest(File.join(data_dir, file_name1)) aws.removeObjectTest(File.join(data_dir, file_name1))
aws.getObjectTest(File.join(data_dir, file_name1), destination) aws.getObjectTest(File.join(data_dir, file_name1), destination)

Loading…
Cancel
Save