-
-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Basic s3 signed URL implementation #620
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot @Belair34! I left few comments. Make sure to add integration tests for that. I think Localstack supports signed urls with S3.
...cloud-aws-s3-parent/spring-cloud-aws-s3/src/main/java/io/awspring/cloud/s3/S3Operations.java
Outdated
Show resolved
Hide resolved
...cloud-aws-s3-parent/spring-cloud-aws-s3/src/main/java/io/awspring/cloud/s3/S3Operations.java
Outdated
Show resolved
Hide resolved
...g-cloud-aws-s3-parent/spring-cloud-aws-s3/src/main/java/io/awspring/cloud/s3/S3Template.java
Outdated
Show resolved
Hide resolved
@maciejwalkowiak I updated everything based on your comments! I do have one concern: I can't get all of the tests to pass even when I'm on the up-to-date main branch. It always fails at |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for an update. I fixed the compilation issue. There are few more things needed - if you find it unclear please let me know!
...-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/s3/S3AutoConfiguration.java
Outdated
Show resolved
Hide resolved
...cloud-aws-s3-parent/spring-cloud-aws-s3/src/main/java/io/awspring/cloud/s3/S3Operations.java
Show resolved
Hide resolved
...g-cloud-aws-s3-parent/spring-cloud-aws-s3/src/main/java/io/awspring/cloud/s3/S3Template.java
Outdated
Show resolved
Hide resolved
HttpResponse response = httpClient.execute(httpPut); | ||
httpClient.close(); | ||
|
||
HeadObjectResponse headObjectResponse = client.headObject(HeadObjectRequest.builder() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Genuine question - shouldn't we upload something in this test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess it technically isn't uploading a local file, but it is adding a new file "file.txt" to the bucket with the request body as its contents and then checking to make sure it is there at the end. Personally, I think knowing this works is enough to be confident that the signed URL itself works. The difference is just about how you use it. That's just my interpretation, though. I'm open to other opinions!
Regarding |
Everything should be ready for review again! By the way, I found out the tests were failing for me because of lines like this: Lines 118 to 120 in 4d9da9a
Since I'm on Windows all my new lines were '\r\n' instead of '\n' so the assertions were failing. I temporarily replaced these '\n' with System.lineSeparator() and all of my tests passed.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for an update @Belair34. I left few comments we also need to update the reference docs (look s3.adoc
). If you have any questions let me know!
...-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/s3/S3AutoConfiguration.java
Outdated
Show resolved
Hide resolved
...-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/s3/S3AutoConfiguration.java
Show resolved
Hide resolved
@maciejwalkowiak I tried to make ConfiguredS3Presigner, and based on my evaluation of their internals it seemed like I didn't really need to change anything besides names. It worked perfectly for the first test I added regarding endpoints, but my second test gets null for the common aws properties. I'm really not sure why this is. Any ideas? I could also use some recommendations on which properties to test if this seems like the path forward. |
@Belair34 I fixed the test and did some final polishing. |
@MatejNedic if you have time please review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a few questions regarding what should be returned but otherwise looks good!
* @param duration - duration that the URL will work | ||
* @return a {@link URL} representing the signed URL | ||
*/ | ||
URL createSignedGetURL(String bucketName, String key, Duration duration); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we return signedHeaders, SignedPayload, and isBrowserExecutable as well here?
Since in AWS docs for signedHeaders -> Returns the subset of headers that were signed, and MUST be included in the presigned request to prevent the request from failing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I am quite confident we need an end to end test for that. createsWorkingSignedPutURL
tests the whole flow.
* @param duration - duration that the URL will work | ||
* @return a {@link URL} representing the signed URL | ||
*/ | ||
URL createSignedPutURL(String bucketName, String key, Duration duration, @Nullable ObjectMetadata metadata, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we return signedHeaders, SignedPayload, and isBrowserExecutable as well here?
馃摙 Type of change
馃摐 Description
Added two methods to S3Operations and thus S3Template that simplify creating signed urls for getting/putting objects in S3.
馃挕 Motivation and Context
It simplifies the creation of signed URLs for S3 into one function call each.
#318
馃挌 How did you test it?
So far I've manually tested it by doing ./mvnw install and then importing 3.0.0-SNAPSHOT from my local repository in a fresh spring project.
馃摑 Checklist
馃敭 Next steps
I'm not 100% sure this is what the issue was requesting, so please let me know! I also don't think the way I have the S3 presigner is ideal, but I'm unsure how I should set it up. I imagine it should be configured like the S3Client, but I was unable to figure out how that works exactly and could use some advice. If any of this seems promising, I will go ahead and add tests and what not.