Wip rgw aws4 #7720
Merged
Wip rgw aws4 #7720
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Amazon S3 supports Signature Version 4. This patch contains the minimal implementation supporting AWS4 in RGW. It implements AWS4 authentication on http methods without body content and vars not shipping in the request query string. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Crafts the canonical query string. URI-encode each parameter name and value properly. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Adds a new authorize function to identify/handle AWSv4 and AWSv2 auth properly, handling common code, etc. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
When computing V4 signature, we need to encode the query string. But it could come already encoded, at least partially. So do not encode the entities that are already encoded. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Handle AWS4 auth on requests with positive content-length. It splits the auth process along several steps to process the body content on the fly instead of reading the whole body in memory. After that, it completes the delayed AWS4 auth properly. Requests with content-length <= 0 are validated as usual. They don't require any kind of completion. Requests with content-length > 0 use a streaming approach together with a completion step. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Verify content's sha256 sum matches the expected value. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
…dheaders This patch gets the same error response in S3 and RGW when the error is related to the signedheaders processing. Fixes: #10333 Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
…auth" Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
Provides the time period, in seconds, for which the generated presigned URL is valid. For example, 86400 (24 hours). This value is an integer. The minimum value you can set is 1, and the maximum is 604800 (seven days). Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Protect against reuse of the signed portions of the request. In AWS, the signed portions (using AWS Signatures) of requests are valid within 15 minutes of the timestamp in the request. Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
The X-Amz-Credential value in the URL shows the "/" character only for readability. In practice, it should be encoded as %2F Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Fix pending conflicts after massive merging. It catches up with SLO, bucket website, bulk deletes and payment request features. Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com> Conflicts: src/rgw/rgw_auth_s3.h src/rgw/rgw_client_io.cc src/rgw/rgw_client_io.h src/rgw/rgw_common.h src/rgw/rgw_main.cc src/rgw/rgw_op.cc src/rgw/rgw_op.h src/rgw/rgw_rest.cc src/rgw/rgw_rest_metadata.cc src/rgw/rgw_rest_s3.cc
yehudasa
added a commit
that referenced
this pull request
Feb 20, 2016
rgw support for aws authentication v4 (Javier M. Mellid)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.