AWS v4 authorization [JIRA: RCS-144] #897
Comments
|
For further reference: aws4 implementation in rinamo: |
|
Thanks @randysecrist! |
|
So you think about to port it in riakCS ? |
|
@waxzce We'll consider this for Riak CS. |
|
s3cmd also implemented v4 auth and use it by default [1]. |
|
TODO list after some reading of AWS docs and a little trial to execute v4 to AWS S3 _[posted via JIRA by Shunichi Shinohara]_ |
|
temporary patch for boto Will be PRed or filed as issues to upstream repository. |
|
Currently, riak-cs returns a 500 error when v4 signature is used. Shouldn't it return a HTTP/400 instead? |
|
I'm running version 1.5.4, so I guess I need to wait for the next release. Returning a 500 in case of error is really disturbing, as it makes think to the client that riak-cs has some problems. A bad request should never raise HTTP/500. Thanks for the response, |
I tested Riak CS (almost) 1.5.4 with |
|
This would be great to have. I use golang. Amazon has an official s3 client for golang out now, but it only contains v4 auth. Which means it doesn't work with Riak CS. |
|
Although it is not generally available and is partial implementation, in 2.0.1 v4 authentication is included. Try adding |
|
Ah, I tried their client with Riak CS 2.0.1 but didn't know about the config option. I'll try it again. Thanks. |
|
Unfortunately this didn't work either. I'm not having much luck finding a workable solution for Riak CS and golang, together. I've tried various client libraries, and combinations of v2 and v4 signing. I even patched them for #1166 But i just get crashes in the riak cs auth code. And my erlang isn't good enough to debug it. No problems with using s3cmd to test these configurations and users. |
|
@dragonfax Thanks for information and effort! Agree with the subtleness of debugging auth phase 😓 Current implementation is tested against boto [1] as automated testing and against s3cmd by some manual testing. If you kindly try more, a hint for debugging, which you may know already :) , is turning debug log on in riak cs, then it prints out [1] https://github.com/basho/riak_cs/tree/develop/client_tests/python/boto_tests |
|
Hey, Thanks for the interest guys. Its always heartwarming to be heard. I did actually get this to work with a bit more effort. Adding a patch to aws-sdk-go (for issue #1166) that you can see in this commit. dragonfax/aws-sdk-go@cd6e377 I was able to get an example s3 client to work. https://gist.github.com/dragonfax/58d40bf9469cd06b6dc2 And it works quite well, too. Kudos. If Riak CS could be patched up to accept that whitespace more flexibly. Then that might all you need for good golang support. |
|
@dragonfax Congrats! Also thanks a lot for sharing more information and suggestions! |
|
Cross note: the spaces after commas will be trimmed by the fix #1235. |
|
I see this bug is still open 2.5 years later in 2017. As far as I can tell, the riaks project is not compatible with AWS S3 due to this bug. I cannot set a current aws sdk release to use signers older than v4. |
|
[~pbrewer] - This comment came in today. I wonder if this is something you or your team may be able to address? [posted via JIRA by Derek Somogyi] |
2 similar comments
|
[~pbrewer] - This comment came in today. I wonder if this is something you or your team may be able to address? [posted via JIRA by Derek Somogyi] |
|
[~pbrewer] - This comment came in today. I wonder if this is something you or your team may be able to address? [posted via JIRA by Derek Somogyi] |
|
Hi, Best Regards, |
|
My company dropped Riak CS for reasons such as this, and is moving away from Riak because of other various issues. |
AWS S3 have a new protocol to sign request, called aws4
seems not supported on riak-cs
The text was updated successfully, but these errors were encountered: