From 72bdf0e320fb9af437a361c75e5b24acd233cd1b Mon Sep 17 00:00:00 2001 From: sakeven Date: Tue, 7 Feb 2017 17:16:16 +0800 Subject: [PATCH] check whether must use v4 auth in specific aws region Signed-off-by: sakeven --- registry/storage/driver/s3-goamz/s3.go | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/registry/storage/driver/s3-goamz/s3.go b/registry/storage/driver/s3-goamz/s3.go index 33751c16..4cfe0192 100644 --- a/registry/storage/driver/s3-goamz/s3.go +++ b/registry/storage/driver/s3-goamz/s3.go @@ -266,10 +266,8 @@ func New(params DriverParameters) (*Driver, error) { if params.V4Auth { s3obj.Signature = aws.V4Signature - } else { - if params.Region.Name == "eu-central-1" { - return nil, fmt.Errorf("The eu-central-1 region only works with v4 authentication") - } + } else if mustV4Auth(params.Region.Name) { + return nil, fmt.Errorf("The %s region only works with v4 authentication", params.Region.Name) } bucket := s3obj.Bucket(params.Bucket) @@ -573,6 +571,17 @@ func getPermissions() s3.ACL { return s3.Private } +// mustV4Auth checks whether must use v4 auth in specific region. +// Please see documentation at http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html +func mustV4Auth(region string) bool { + switch region { + case "eu-central-1", "cn-north-1", "us-east-2", + "ca-central-1", "ap-south-1", "ap-northeast-2", "eu-west-2": + return true + } + return false +} + func (d *driver) getContentType() string { return "application/octet-stream" }