create signature based on different region

api/client/cli.go

@@ -174,20 +174,24 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientF
 		if cloudConfig.AccessKey == "" || cloudConfig.SecretKey == "" {
 			fmt.Fprintf(cli.err, "WARNING: null cloud config\n")
 		}
-
-		client, err := client.NewClient(host, verStr, httpClient, customHeaders, cloudConfig.AccessKey, cloudConfig.SecretKey)
-		if err != nil {
-			return err
-		}
-		cli.client = client
-		cli.host = host
 		cli.region = clientFlags.Common.Region
 		if cli.region == "" {
 			if cli.region = cc.Region; cli.region == "" {
 				cli.region = cli.getDefaultRegion()
 			}
 		}
+		if !dft {
+			if cli.region = cc.Region; cli.region == "" {
+				cli.region = cliconfig.DefaultHyperRegion
+			}
+		}
 
+		client, err := client.NewClient(host, verStr, httpClient, customHeaders, cloudConfig.AccessKey, cloudConfig.SecretKey, cli.region)
+		if err != nil {
+			return err
+		}
+		cli.client = client
+		cli.host = host
 		if cli.in != nil {
 			cli.inFd, cli.isTerminalIn = term.GetFdInfo(cli.in)
 		}

integration-cli/docker_utils.go

@@ -36,6 +36,7 @@ import (
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
 	"github.com/go-check/check"
+	"github.com/hyperhq/hypercli/cliconfig"
 )
 
 var flag_host = ""
@@ -636,8 +637,12 @@ func newRequestClient(method, endpoint string, data io.Reader, ct string) (*http
 		req.Header.Set("Content-Type", ct)
 	}
 
+	region := os.Getenv("REGION")
+	if region == "" {
+		region = cliconfig.DefaultHyperRegion
+	}
 	//calculate sign4 for apirouter
-	req = HyperCli.Sign4(os.Getenv("ACCESS_KEY"), os.Getenv("SECRET_KEY"), req)
+	req = HyperCli.Sign4(os.Getenv("ACCESS_KEY"), os.Getenv("SECRET_KEY"), req, region)
 
 	//for debug
 	if endpoint == debugEndpoint {
@@ -850,7 +855,7 @@ func deleteAllFips() error {
 		return err
 	}
 
-	for _, v := range strings.Split(fips,"\n") {
+	for _, v := range strings.Split(fips, "\n") {
 		if v == "" {
 			continue
 		}

vendor/src/github.com/docker/engine-api/client/client.go

@@ -31,6 +31,9 @@ type Client struct {
 	version string
 	// custom http headers configured by users.
 	customHTTPHeaders map[string]string
+
+	// region
+	region string
 }
 
 // NewEnvClient initializes a new API client based on environment variables.
@@ -65,14 +68,15 @@ func NewEnvClient() (*Client, error) {
 	}
 	accessKey := os.Getenv("ACCESSKEY")
 	secretKey := os.Getenv("SECRETKEY")
-	return NewClient(host, os.Getenv("DOCKER_API_VERSION"), client, nil, accessKey, secretKey)
+	region := os.Getenv("HYPER_REGION")
+	return NewClient(host, os.Getenv("DOCKER_API_VERSION"), client, nil, accessKey, secretKey, region)
 }
 
 // NewClient initializes a new API client for the given host and API version.
 // It won't send any version information if the version number is empty.
 // It uses the given http client as transport.
 // It also initializes the custom http headers to add to each request.
-func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string, ak, sk string) (*Client, error) {
+func NewClient(host string, version string, client *http.Client, httpHeaders map[string]string, ak, sk, region string) (*Client, error) {
 	proto, addr, basePath, err := ParseHost(host)
 	if err != nil {
 		return nil, err
@@ -92,6 +96,7 @@ func NewClient(host string, version string, client *http.Client, httpHeaders map
 		secretKey:         sk,
 		version:           version,
 		customHTTPHeaders: httpHeaders,
+		region:            region,
 	}, nil
 }
 

vendor/src/github.com/docker/engine-api/client/hijack.go

@@ -45,7 +45,7 @@ func (cli *Client) postHijacked(ctx context.Context, path string, query url.Valu
 	req.Header.Set("Connection", "Upgrade")
 	req.Header.Set("Upgrade", "tcp")
 
-	req = Sign4(cli.accessKey, cli.secretKey, req)
+	req = Sign4(cli.accessKey, cli.secretKey, req, cli.region)
 	conn, err := dial(cli.proto, cli.addr, cli.transport.TLSConfig())
 
 	if err != nil {

vendor/src/github.com/docker/engine-api/client/request.go

@@ -101,7 +101,7 @@ func (cli *Client) sendClientRequest(ctx context.Context, method, path string, q
 		req.Header.Set("Content-Type", "text/plain")
 	}
 
-	req = Sign4(cli.accessKey, cli.secretKey, req)
+	req = Sign4(cli.accessKey, cli.secretKey, req, cli.region)
 	resp, err := cancellable.Do(ctx, cli.transport, req)
 
 	if err != nil {

vendor/src/github.com/docker/engine-api/client/sign4.go

@@ -48,13 +48,13 @@ type AuthnHeader struct {
 	Date         string
 }
 
-func Signiture4(secretKey string, req *http.Request, header *AuthnHeader) (bool, error) {
+func Signiture4(secretKey string, req *http.Request, header *AuthnHeader, region string) (bool, error) {
 	meta := &metadata{
 		algorithm:       header.Algorithm,
 		credentialScope: header.Scope,
 		signedHeaders:   header.SignedHeader,
 		date:            header.Date,
-		region:          "us-west-1",
+		region:          region,
 		service:         "hyper",
 	}
 
@@ -70,7 +70,7 @@ func Signiture4(secretKey string, req *http.Request, header *AuthnHeader) (bool,
 	return signature == header.Signature, nil
 }
 
-func Sign4(accessKey, secretKey string, req *http.Request) *http.Request {
+func Sign4(accessKey, secretKey string, req *http.Request, region string) *http.Request {
 
 	prepareRequestV4(req)
 	meta := &metadata{}
@@ -79,7 +79,7 @@ func Sign4(accessKey, secretKey string, req *http.Request) *http.Request {
 	hashedCanonReq := hashedCanonicalRequestV4(req, meta)
 
 	// Task 2
-	stringToSign := stringToSignV4(req, hashedCanonReq, meta)
+	stringToSign := stringToSignV4(req, hashedCanonReq, meta, region)
 
 	// Task 3
 	signingKey := signingKeyV4(secretKey, meta.date, meta.region, meta.service)
@@ -179,13 +179,13 @@ func canonicalRequestV4FromMeta(request *http.Request, meta *metadata) (string,
 	return canonicalRequest, true
 }
 
-func stringToSignV4(request *http.Request, hashedCanonReq string, meta *metadata) string {
+func stringToSignV4(request *http.Request, hashedCanonReq string, meta *metadata, region string) string {
 	// TASK 2. http://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.html
 
 	requestTs := request.Header.Get(headerDate)
 
 	meta.algorithm = metaAlgorithm
-	meta.service, meta.region = serviceAndRegion(request.Host)
+	meta.service, meta.region = serviceAndRegion(request.Host, region)
 	meta.date = tsDateV4(requestTs)
 	meta.credentialScope = concat("/", meta.date, meta.region, meta.service, keyPartsRequest)
 
@@ -343,9 +343,9 @@ func normquery(v url.Values) string {
 }
 
 // serviceAndRegion parsers a hostname to find out which ones it is.
-func serviceAndRegion(host string) (service string, region string) {
+func serviceAndRegion(host, r string) (service string, region string) {
 	// These are the defaults if the hostname doesn't suggest something else
-	region = "us-west-1"
+	region = r
 	service = "hyper"
 
 	// region.hyper.sh