Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to use AWS Signature v1 for creating signed AWS urls #998

Merged
merged 1 commit into from
Dec 4, 2018
Merged

Allow to use AWS Signature v1 for creating signed AWS urls #998

merged 1 commit into from
Dec 4, 2018

Conversation

bashofmann
Copy link
Contributor

@bashofmann bashofmann commented Oct 25, 2018
edited
Loading

Some s3 implementations, for example the quobyte object storage, do not
support the v4 signing algorithm, but only v1.
This makes it possible to configure the signatureVersion.

The algorithm implementation was ported from https://github.com/oNestLab/botocore/blob/d6c1be296e8cfe0706cb0c8bbcad9c095d0f4d09/botocore/auth.py#L860-L862
which is used by the aws CLI client.

This fixes #811.

@bashofmann bashofmann force-pushed the add-aws-s3-v1-signer branch 2 times, most recently from 57426e4 to ab95b00 Compare October 25, 2018 14:25
@nrb
Copy link
Contributor

nrb commented Oct 25, 2018

Could you add documentation for how the user would provide the algorithm version?

@ncdc
Copy link
Contributor

ncdc commented Oct 25, 2018

Did you implement the v1 signing algorithm yourself or find it in another go project somewhere?

@bashofmann
Copy link
Contributor Author

@nrb I just added documentation to docs/api-types/backupstoragelocation.md. Is this enough or is there also some other place where this should be mentioned?

@ncdc I could not find any v1 implementation in go, so I ported this myself from the python implementation mentioned above.

@nrb
Copy link
Contributor

nrb commented Oct 26, 2018

Is this enough or is there also some other place where this should be mentioned?

Thanks! It may also be worth calling out on, in case a provider doesn't support v4 signing. https://github.com/heptio/ark/blob/master/docs/support-matrix.md#s3-compatible-backup-storage-providers

@bashofmann
Copy link
Contributor Author

Thanks! It may also be worth calling out on, in case a provider doesn't support v4 signing. https://github.com/heptio/ark/blob/master/docs/support-matrix.md#s3-compatible-backup-storage-providers

Done

@ncdc ncdc added this to the v0.10.1 milestone Nov 15, 2018
ncdc
ncdc suggested changes Nov 21, 2018
View reviewed changes
pkg/cloudprovider/aws/object_store.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/object_store.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated
}

func (v1 *signer) Sign() error {
credValue, err := v1.Credentials.Get()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Call this credentials?

Copy link
Contributor Author

@bashofmann bashofmann Nov 22, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about credentialsValue? credentials would clash with the imported package name.

pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/v1_sign_request_handler.go Outdated Show resolved Hide resolved
skriss
skriss suggested changes Dec 3, 2018
View reviewed changes
docs/support-matrix.md Outdated Show resolved Hide resolved
pkg/cloudprovider/aws/object_store.go Outdated Show resolved Hide resolved
@ncdc
Copy link
Contributor

ncdc commented Dec 4, 2018

@bashofmann LGTM here. You'll need to add an entry to CHANGELOG.md (new thing we're doing).

@skriss please do a final review.

Once Steve is 👍, please squash down to 1 commit and make sure it has the signoff. Thanks!

@skriss
Copy link
Contributor

skriss commented Dec 4, 2018
edited
Loading

LGTM pending CHANGELOG.md entry, signoff, and squash

@bashofmann
Allow to use AWS Signature v1 for creating signed AWS urls
e13806e 
Some aws implementations, for example the quobyte object storage, do not
support the v4 signing algorithm, but only v1.
This makes it possible to configure the signatureVersion.

The algorithm implementation was ported from https://github.com/oNestLab/botocore/blob/d6c1be296e8cfe0706cb0c8bbcad9c095d0f4d09/botocore/auth.py#L860-L862
which is used by the aws CLI client.

This fixes vmware-tanzu#811.

Signed-off-by: Bastian Hofmann <bashofmann@gmail.com>
@bashofmann bashofmann force-pushed the add-aws-s3-v1-signer branch from 1806971 to e13806e Compare December 4, 2018 17:32
@skriss skriss merged commit 8955199 into vmware-tanzu:master Dec 4, 2018
@bashofmann bashofmann deleted the add-aws-s3-v1-signer branch December 4, 2018 21:25
@skriss skriss mentioned this pull request Aug 13, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skriss skriss skriss approved these changes

@ncdc ncdc ncdc approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.10.1
Development

Successfully merging this pull request may close these issues.

Fetching logs does not work when using Quobyte s3 object storage
4 participants
@bashofmann @nrb @ncdc @skriss