forked from TrueCloudLab/distribution
Add the v4auth parameter
v4auth will default to true and if the frankfurt (eu-central-1) region is selected with v4auth set to false explicitly, the driver will error out upon initialization.
This commit is contained in:
parent
031c388543
commit
a0ef0d6aad
3 changed files with 40 additions and 11 deletions
|
@ -19,4 +19,6 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Amaz
|
||||||
|
|
||||||
`secure`: (optional) Whether you would like to transfer data over ssl or not. Defaults to true (meaning transfering over ssl) if not specified. Note that while setting this to false will improve performance, it is not recommended due to security concerns.
|
`secure`: (optional) Whether you would like to transfer data over ssl or not. Defaults to true (meaning transfering over ssl) if not specified. Note that while setting this to false will improve performance, it is not recommended due to security concerns.
|
||||||
|
|
||||||
|
`v4auth`: (optional) Whether you would like to use aws signature version 4 with your requests. This defaults to true if not specified (note that the eu-central-1 region does not work with version 2 signatures, so the driver will error out if initialized with this region and v4auth set to false)
|
||||||
|
|
||||||
`rootdirectory`: (optional) The root directory tree in which all registry files will be stored. Defaults to the empty string (bucket root).
|
`rootdirectory`: (optional) The root directory tree in which all registry files will be stored. Defaults to the empty string (bucket root).
|
|
@ -96,28 +96,35 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
secureBool := false
|
secureBool := true
|
||||||
secure, ok := parameters["secure"]
|
secure, ok := parameters["secure"]
|
||||||
if !ok {
|
if ok {
|
||||||
secureBool = true
|
|
||||||
} else {
|
|
||||||
secureBool, ok = secure.(bool)
|
secureBool, ok = secure.(bool)
|
||||||
if !ok {
|
if !ok {
|
||||||
return nil, fmt.Errorf("The secure parameter should be a boolean")
|
return nil, fmt.Errorf("The secure parameter should be a boolean")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
v4AuthBool := true
|
||||||
|
v4Auth, ok := parameters["v4auth"]
|
||||||
|
if ok {
|
||||||
|
v4AuthBool, ok = v4Auth.(bool)
|
||||||
|
if !ok {
|
||||||
|
return nil, fmt.Errorf("The v4auth parameter should be a boolean")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
rootDirectory, ok := parameters["rootdirectory"]
|
rootDirectory, ok := parameters["rootdirectory"]
|
||||||
if !ok {
|
if !ok {
|
||||||
rootDirectory = ""
|
rootDirectory = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
return New(fmt.Sprint(accessKey), fmt.Sprint(secretKey), fmt.Sprint(bucket), fmt.Sprint(rootDirectory), region, encryptBool, secureBool)
|
return New(fmt.Sprint(accessKey), fmt.Sprint(secretKey), fmt.Sprint(bucket), fmt.Sprint(rootDirectory), region, encryptBool, secureBool, v4AuthBool)
|
||||||
}
|
}
|
||||||
|
|
||||||
// New constructs a new Driver with the given AWS credentials, region, encryption flag, and
|
// New constructs a new Driver with the given AWS credentials, region, encryption flag, and
|
||||||
// bucketName
|
// bucketName
|
||||||
func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Region, encrypt, secure bool) (*Driver, error) {
|
func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Region, encrypt, secure, v4auth bool) (*Driver, error) {
|
||||||
auth, err := aws.GetAuth(accessKey, secretKey, "", time.Time{})
|
auth, err := aws.GetAuth(accessKey, secretKey, "", time.Time{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -130,6 +137,14 @@ func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Regi
|
||||||
s3obj := s3.New(auth, region)
|
s3obj := s3.New(auth, region)
|
||||||
bucket := s3obj.Bucket(bucketName)
|
bucket := s3obj.Bucket(bucketName)
|
||||||
|
|
||||||
|
if v4auth {
|
||||||
|
s3obj.Signature = aws.V4Signature
|
||||||
|
} else {
|
||||||
|
if region.Name == "eu-central-1" {
|
||||||
|
return nil, fmt.Errorf("The eu-central-1 region only works with v4 authentication")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if _, err := bucket.List("", "", "", 1); err != nil {
|
if _, err := bucket.List("", "", "", 1); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -428,7 +443,7 @@ func (d *Driver) WriteStream(path string, offset int64, reader io.Reader) (total
|
||||||
} else {
|
} else {
|
||||||
// offset > currentLength >= chunkSize
|
// offset > currentLength >= chunkSize
|
||||||
_, part, err = multi.PutPartCopy(partNumber,
|
_, part, err = multi.PutPartCopy(partNumber,
|
||||||
s3.CopyOptions{CopySourceOptions: "bytes=0-" + strconv.FormatInt(currentLength-1, 10)},
|
s3.CopyOptions{},
|
||||||
d.Bucket.Name+"/"+d.s3Path(path))
|
d.Bucket.Name+"/"+d.s3Path(path))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return 0, err
|
return 0, err
|
||||||
|
|
|
@ -22,6 +22,7 @@ func init() {
|
||||||
bucket := os.Getenv("S3_BUCKET")
|
bucket := os.Getenv("S3_BUCKET")
|
||||||
encrypt := os.Getenv("S3_ENCRYPT")
|
encrypt := os.Getenv("S3_ENCRYPT")
|
||||||
secure := os.Getenv("S3_SECURE")
|
secure := os.Getenv("S3_SECURE")
|
||||||
|
v4auth := os.Getenv("S3_USE_V4_AUTH")
|
||||||
region := os.Getenv("AWS_REGION")
|
region := os.Getenv("AWS_REGION")
|
||||||
root, err := ioutil.TempDir("", "driver-")
|
root, err := ioutil.TempDir("", "driver-")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -29,10 +30,13 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
s3DriverConstructor := func(region aws.Region) (storagedriver.StorageDriver, error) {
|
s3DriverConstructor := func(region aws.Region) (storagedriver.StorageDriver, error) {
|
||||||
encryptBool, err := strconv.ParseBool(encrypt)
|
encryptBool := true
|
||||||
|
if encrypt != "" {
|
||||||
|
encryptBool, err = strconv.ParseBool(encrypt)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
secureBool := true
|
secureBool := true
|
||||||
if secure != "" {
|
if secure != "" {
|
||||||
|
@ -41,7 +45,15 @@ func init() {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return New(accessKey, secretKey, bucket, root, region, encryptBool, secureBool)
|
|
||||||
|
v4AuthBool := true
|
||||||
|
if v4auth != "" {
|
||||||
|
v4AuthBool, err = strconv.ParseBool(v4auth)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return New(accessKey, secretKey, bucket, root, region, encryptBool, secureBool, v4AuthBool)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Skip S3 storage driver tests if environment variable parameters are not provided
|
// Skip S3 storage driver tests if environment variable parameters are not provided
|
||||||
|
|
Loading…
Reference in a new issue