Implement V2 signing and add simpledb. #316
Conversation
jjeffery
changed the title
|
When I authored this PR i thought it made sense to add a new package for the version 2 signer ( I know that SimpleDB is not a big priority for AWS, and although to my knowledge it is not officially deprecated, Amazon are not encouraging people to use SimpleDB. For this reason, would it be better to:
The advantages of this approach would be that:
I'm only too happy to make these changes there is a view that this would be a better implementation. |
|
@jjeffery aws-sdk-go should include an optional v2 signer. Some third-party S3 implementations like Ceph and S3Proxy only support v2 signing. |
Conflicts: internal/model/api/api.go internal/model/cli/gen-api/main.go
|
@andrewgaul: So does this mean you think I should leave the code as is, and not move the v2 signer into the simpledb package as per my previous comment? |
|
@jjeffery I think you should leave the code as-is. Once upstream merges this I will submit a PR for configurable S3 v2 signing. |
|
I hanks for the update! I'll get a chance to finish review the PR tonight. Overall it looks good. I agree for now keeping the v2 signer in the internal/signer package is best. In the future a nice improvement would be to refactor some of the internal packages out of internal to be exposed, signers would be refactored out also so that they could be used standalone and swapping signers. |
When temporary credentials are used, the V2 signer should include a "SecurityToken" parameter with the session token.
| if req.HTTPRequest.Method != "POST" { | ||
| // The V2 signer is legacy and only used for SimpleDB. | ||
| // Given that SimpleDB only uses POST, this signer is the same. | ||
| req.Error = errInvalidMethod |
There was a problem hiding this comment.
We can probably remove this if check since it's not apart of the v2 signing.
While true we only plan to use the signer internally for SimpleDB support. If in the future someone wrote their code to connect to an s3 compatible service with the v2 signer they would only be able to make POST requests.
There was a problem hiding this comment.
Fixed -- good point. I have implemented GET signatures. My reading of the V2 signature spec is that only GET and POST methods are supported, so I've changed the test to check for those methods. I have also modified the signature code to support GET, which was pretty straightforward.
|
Hi @jjeffery thanks for taking the time, and working with us to get this PR built and submitted. It looks pretty solid, and the way the code generation is done works great. Overall it looks good. I only had a few minor comments mentioned above. I'll also be able to add smoke integration test for SimpleDB once the PR is merged in. |
As per PR revue by Jason Del Ponte.
As per PR review by Jason Del Ponte.
In particular, test for additional query parameter (SecurityToken) for temporary credentials with a session.
|
Hi @jasdel thanks for reviewing the PR. All good comments. I have actioned your comments and responded to them above. I have also put a little bit more work into testing the V2 signer. I wouldn't mind putting a bit more work into the V2 tests. I'd like to find a test suite for version 2 similar to the V4 test suite (http://docs.aws.amazon.com/general/latest/gr/signature-v4-test-suite.html), but I have not been successful so far. If I do get my hands on some good test suite data I can upgrade the tests and include in a separate PR. |
|
@jjeffery Thanks a lot for your hard work getting writing the v2 signer so that we can adds the SimpleDB service to the Go SDK. |
Implement V2 signing and add simpledb.
|
Such a good news! |
Fixes incorrectly thrown EOF error by s3manager, when upload is performed. Fixes aws#316
Services --- * Synced the V2 SDK with latest AWS service API definitions. SDK Enhancements --- * `aws/endpoints`: Expose DNSSuffix for partitions ([aws#369](aws/aws-sdk-go-v2#369)) * Exposes the underlying partition metadata's DNSSuffix value via the `DNSSuffix` method on the endpoint's `Partition` type. This allows access to the partition's DNS suffix, e.g. "amazon.com". * Fixes [aws#347](aws/aws-sdk-go-v2#347) * `private/protocol`: Add support for parsing fractional timestamp ([aws#367](aws/aws-sdk-go-v2#367)) * Fixes the SDK's ability to parse fractional unix timestamp values and adds tests. * Fixes [aws#365](aws/aws-sdk-go-v2#365) * `aws/ec2metadata`: Add marketplaceProductCodes to EC2 Instance Identity Document ([aws#374](aws/aws-sdk-go-v2#374)) * Adds `MarketplaceProductCodes` to the EC2 Instance Metadata's Identity Document. The ec2metadata client will now retrieve these values if they are available. * Related to: [aws#2781](aws#2781) * `aws`: Adds configurations to the default retryer ([aws#375](aws/aws-sdk-go-v2#375)) * Provides more customization options for retryer by adding a constructor for default Retryer which accepts functional options. Adds NoOpRetryer to support no retry behavior. Exposes members of default retryer. * Updates the underlying logic used by the default retryer to calculate jittered delay for retry. Handles int overflow for retry delay. * Fixes [aws#370](aws/aws-sdk-go-v2#370) * `aws` : Refactors request retry behavior path logic ([aws#384](aws/aws-sdk-go-v2#384)) * Retry utilities now follow a consistent code path. aws.IsErrorRetryable is the primary entry point to determine if a request is retryable. * Corrects sdk's behavior by not retrying errors with status code 501. Adds support for retrying the Kinesis API error, LimitExceededException. * Fixes [aws#372](aws/aws-sdk-go-v2#372), [aws#145](aws/aws-sdk-go-v2#145) SDK Bugs --- * `aws`: Fixes bug in calculating throttled retry delay ([aws#373](aws/aws-sdk-go-v2#373)) * The `Retry-After` duration specified in the request is now added to the Retry delay for throttled exception. Adds test for retry delays for throttled exceptions. Fixes bug where the throttled retry's math was off. * Fixes [aws#45](aws/aws-sdk-go-v2#45) * `aws` : Adds missing sdk error checking when seeking readers ([aws#379](aws/aws-sdk-go-v2#379)) * Adds support for nonseekable io.Reader. Adds support for streamed payloads for unsigned body request. * Fixes [aws#371](aws/aws-sdk-go-v2#371) * `service/s3` : Fixes unexpected EOF error by s3manager ([aws#386](aws/aws-sdk-go-v2#386)) * Fixes bug which threw unexpected EOF error when s3 upload is performed for a file of maximum allowed size * Fixes [aws#316](aws/aws-sdk-go-v2#316) * `private/model` : Fixes generated API Reference docs links being invalid ([387](aws/aws-sdk-go-v2#387)) * Fixes [aws#327](aws/aws-sdk-go-v2#327)
This pull request adds an implementation of V2 signing and includes the simpledb service.
Resolves #70.