Added support for v4 signing to S3.

[kat-co]

• S3 constructor now takes a Signer function. This indicates the preferred signing methodology.
• Users can still use the recommended type of signing by using the Signer defined on the region.

[kat-co]

Most of this PR is switching the S3 requests over to vanilla http.Request structures. This was done because the new AWS signing operates on these.

[dimitern]

path.Join here instead?

[kat-co]

path.Join scrubs the content and will remove one of the slashes in "http://" in the r.S3Endpoint.

[dimitern]

d?

[kat-co]

Present for readability.

[dimitern]

d

[kat-co]

Present for readability.

[dimitern]

d?

[kat-co]

Present for readability.

[dimitern]

I'd prefer not to use c.Assert in a loop like this, so that a single failure won't stop the test. How about:

if !c.Check(err, IsNil) {
  errs <- err
}
_, err = b.Get("non-existent")

[kat-co]

Good suggestion, I've implemented as you have it laid out.

[dimitern]

Split aws.Region fields in multiple lines, as it's getting a bit too long.

[kat-co]

Done

[dimitern]

Why not just return an error here? This is production code and I'd rather handle the error outside than to crash the whole process.

[kat-co]

This was the pattern established when I began working on the code, but you're correct. I've switched it to an error.

[dimitern]

So we're dropping URL and SignedURL methods entirely? This is not backwards-compatible and will break existing client. Is it possible to leave these two methods in place and somehow simulate what they do with the new logic?

[kat-co]

As we discussed:

• This is proposed against v3-unstable, so it will not break anyone.
• SignedURL no longer makes sense as an option since v4 utilizes headers for signing.

I have added the URL function back in.

[dimitern]

Most of this looks good, however dropping the 2 methods I can't quite get. Also, have you tried running all the s3 tests with -amazon to make sure both the s3test server still works (I'm assuming tests pass, otherwise travis CI would've reported it) and the changes work against live AWS and s3test the same way?

[dimitern]

Sorry, I've seen this is actually targeted to v3-unstable, so changes to the interface is fine at this point. However, I still think URL is worth keeping as a method. I'd like to have another look when you're done with the tests.

[dimitern]

I'd pull b, err := ioutil.ReadAll(..) before the if and drop the else clause to reduce the indentation level.

[dimitern]

Drop the else and just return hasher([]byte("")), nil

[dimitern]

How about:

hdrVals := host
if hName != "host" {
    canonHdrKey := http.CanonicalHeaderKey(hName)
    sortedHdrVals := hdr[canonHdrKey]
    sort.Strings(sortedHdrVals)
    hdrVals = strings.Join(sortedHdrVals, ",")
}

[dimitern]

How about:

// TODO(katco-): The signing methodology is a "one size fits all" approach.
// The hashes we check against against don't include headers that are added
// in as requisite parts for S3. That doesn't mean the tests are invalid, or that
// signing is broken for these examples, but as long as we're adding heads in,
// it's impossible to know what the new signature should be. We should reevaluate
// these later. See issue #XYZ.
const v4SkipReason = `Extra headers present - cannot predict generated signature (issue #XYZ)`

This will show nicely as we're running tests (i.e. not splitting the output on multiple lines), but also gives the reader of this source enough context to understand the issue. Please, file an issue for this and replace the #XYZ with the issue number.

[dimitern]

As for the impossibility of knowing what the hash could be, I guess this is because the hash changes because of the current timestamp (or reqTime). This could be faked for the test servers - setting a fixed time of a request/response. But that's a future improvement. As long as you've actually manually tested the scenarios in the skipped tests I think it's fine.

[dimitern]

It's great you took the time to actually fix the exp/ packages as well. However, they're barely working and are not maintained, so if there are test failures here I don't really care.

[dimitern]

Good catch!

[dimitern]

s/Put/PutReader/

[dimitern]

Or actually, just drop the Put doc comment and body only. rather than PutReader's doc comment as well.

[dimitern]

s/PutReader/PutReaderWithHeader/

[dimitern]

Also, restore the two lines below in the doc comment - ... The HTTP PUT request will have...

[dimitern]

Since URL() is back, should this test stay as well?

[dimitern]

All in all it looks fine, but I'm getting some s3 test failures in both local and live tests. I've sent you a mail with more details.

[dimitern]

LGTM with the patch discussed on IRC: http://pastebin.ubuntu.com/10490009/ which makes s3 live tests to pass reliably. However, a side-effect of that is leaving a bunch of buckets after each live test run - please, add an issue for this as well. When we have time, we'll fix it.

[dimitern]

Great, I'm merging this.