forked from TrueCloudLab/frostfs-s3-gw
[#339] Don't explicitly use smithy-go
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
c5deb2e148
commit
4515a7ae88
8 changed files with 68 additions and 50 deletions
|
@ -8,7 +8,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
@ -27,7 +26,6 @@ import (
|
||||||
oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
|
oidtest "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id/test"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
"github.com/aws/aws-sdk-go-v2/credentials"
|
"github.com/aws/aws-sdk-go-v2/credentials"
|
||||||
"github.com/aws/smithy-go/logging"
|
|
||||||
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
"go.uber.org/zap/zaptest"
|
"go.uber.org/zap/zaptest"
|
||||||
|
@ -101,7 +99,7 @@ func TestSignatureV4A(t *testing.T) {
|
||||||
|
|
||||||
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
||||||
options.DisableURIPathEscaping = true
|
options.DisableURIPathEscaping = true
|
||||||
options.Logger = logging.NewStandardLogger(os.Stdout)
|
options.Logger = zaptest.NewLogger(t)
|
||||||
options.LogSigning = true
|
options.LogSigning = true
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
@ -9,12 +9,11 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/smithy/encoding/httpbinding"
|
||||||
v4a "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2"
|
v4a "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2"
|
||||||
v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/v4"
|
v4 "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/v4"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
"github.com/aws/aws-sdk-go-v2/credentials"
|
"github.com/aws/aws-sdk-go-v2/credentials"
|
||||||
"github.com/aws/smithy-go/encoding/httpbinding"
|
|
||||||
"github.com/aws/smithy-go/logging"
|
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -50,7 +49,7 @@ func PresignRequest(ctx context.Context, creds aws.Credentials, reqData RequestD
|
||||||
signer := v4.NewSigner(func(options *v4.SignerOptions) {
|
signer := v4.NewSigner(func(options *v4.SignerOptions) {
|
||||||
options.DisableURIPathEscaping = true
|
options.DisableURIPathEscaping = true
|
||||||
options.LogSigning = true
|
options.LogSigning = true
|
||||||
options.Logger = &logWrapper{log: log}
|
options.Logger = log
|
||||||
})
|
})
|
||||||
|
|
||||||
signedURI, _, err := signer.PresignHTTP(ctx, creds, req, presignData.Headers[AmzContentSHA256], presignData.Service, presignData.Region, presignData.SignTime)
|
signedURI, _, err := signer.PresignHTTP(ctx, creds, req, presignData.Headers[AmzContentSHA256], presignData.Service, presignData.Region, presignData.SignTime)
|
||||||
|
@ -83,7 +82,7 @@ func PresignRequestV4a(cred aws.Credentials, reqData RequestData, presignData Pr
|
||||||
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
||||||
options.DisableURIPathEscaping = true
|
options.DisableURIPathEscaping = true
|
||||||
options.LogSigning = true
|
options.LogSigning = true
|
||||||
options.Logger = &logWrapper{log: log}
|
options.Logger = log
|
||||||
})
|
})
|
||||||
|
|
||||||
credAdapter := v4a.SymmetricCredentialAdaptor{
|
credAdapter := v4a.SymmetricCredentialAdaptor{
|
||||||
|
@ -101,19 +100,3 @@ func PresignRequestV4a(cred aws.Credentials, reqData RequestData, presignData Pr
|
||||||
|
|
||||||
return http.NewRequest(reqData.Method, presignedURL, nil)
|
return http.NewRequest(reqData.Method, presignedURL, nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
type logWrapper struct {
|
|
||||||
log *zap.Logger
|
|
||||||
}
|
|
||||||
|
|
||||||
func (l *logWrapper) Logf(classification logging.Classification, format string, args ...interface{}) {
|
|
||||||
msg := fmt.Sprintf(format, args...)
|
|
||||||
switch classification {
|
|
||||||
case logging.Warn:
|
|
||||||
l.log.Warn(msg)
|
|
||||||
case logging.Debug:
|
|
||||||
l.log.Debug(msg)
|
|
||||||
default:
|
|
||||||
l.log.Info(msg)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
@ -18,7 +17,6 @@ import (
|
||||||
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
credentialsv2 "github.com/aws/aws-sdk-go-v2/credentials"
|
credentialsv2 "github.com/aws/aws-sdk-go-v2/credentials"
|
||||||
"github.com/aws/smithy-go/logging"
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
"go.uber.org/zap/zaptest"
|
"go.uber.org/zap/zaptest"
|
||||||
)
|
)
|
||||||
|
@ -167,7 +165,7 @@ func TestPresignRequestV4a(t *testing.T) {
|
||||||
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
signer := v4a.NewSigner(func(options *v4a.SignerOptions) {
|
||||||
options.DisableURIPathEscaping = true
|
options.DisableURIPathEscaping = true
|
||||||
options.LogSigning = true
|
options.LogSigning = true
|
||||||
options.Logger = logging.NewStandardLogger(os.Stdout)
|
options.Logger = zaptest.NewLogger(t)
|
||||||
})
|
})
|
||||||
|
|
||||||
credAdapter := v4a.SymmetricCredentialAdaptor{
|
credAdapter := v4a.SymmetricCredentialAdaptor{
|
||||||
|
|
37
api/auth/signer/smithy/encoding/httpbinding/path_replace.go
Normal file
37
api/auth/signer/smithy/encoding/httpbinding/path_replace.go
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
// This file is part of https://github.com/aws/smithy-go/blob/f0c6adfdec6e40bb8bb2920a40d016943b4ad762/encoding/httpbinding/path_replace.go
|
||||||
|
|
||||||
|
package httpbinding
|
||||||
|
|
||||||
|
import (
|
||||||
|
"bytes"
|
||||||
|
"fmt"
|
||||||
|
)
|
||||||
|
|
||||||
|
// EscapePath escapes part of a URL path in Amazon style.
|
||||||
|
func EscapePath(path string, encodeSep bool) string {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
for i := 0; i < len(path); i++ {
|
||||||
|
c := path[i]
|
||||||
|
if noEscape[c] || (c == '/' && !encodeSep) {
|
||||||
|
buf.WriteByte(c)
|
||||||
|
} else {
|
||||||
|
fmt.Fprintf(&buf, "%%%02X", c)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return buf.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
var noEscape [256]bool
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
for i := 0; i < len(noEscape); i++ {
|
||||||
|
// AWS expects every character except these to be escaped
|
||||||
|
noEscape[i] = (i >= 'A' && i <= 'Z') ||
|
||||||
|
(i >= 'a' && i <= 'z') ||
|
||||||
|
(i >= '0' && i <= '9') ||
|
||||||
|
i == '-' ||
|
||||||
|
i == '.' ||
|
||||||
|
i == '_' ||
|
||||||
|
i == '~'
|
||||||
|
}
|
||||||
|
}
|
|
@ -3,6 +3,8 @@
|
||||||
// * adding exported VerifySignature methods
|
// * adding exported VerifySignature methods
|
||||||
// * using different ignore headers for sing/presign requests
|
// * using different ignore headers for sing/presign requests
|
||||||
// * don't duplicate content-length as signed header
|
// * don't duplicate content-length as signed header
|
||||||
|
// * use copy of smithy-go encoding/httpbinding package
|
||||||
|
// * use zap.Logger instead of smithy-go/logging
|
||||||
|
|
||||||
package v4a
|
package v4a
|
||||||
|
|
||||||
|
@ -25,10 +27,10 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/smithy/encoding/httpbinding"
|
||||||
signerCrypto "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/crypto"
|
signerCrypto "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/crypto"
|
||||||
v4Internal "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/v4"
|
v4Internal "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/v4"
|
||||||
"github.com/aws/smithy-go/encoding/httpbinding"
|
"go.uber.org/zap"
|
||||||
"github.com/aws/smithy-go/logging"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -70,7 +72,7 @@ func init() {
|
||||||
|
|
||||||
// SignerOptions is the SigV4a signing options for constructing a Signer.
|
// SignerOptions is the SigV4a signing options for constructing a Signer.
|
||||||
type SignerOptions struct {
|
type SignerOptions struct {
|
||||||
Logger logging.Logger
|
Logger *zap.Logger
|
||||||
LogSigning bool
|
LogSigning bool
|
||||||
|
|
||||||
// Disables the Signer's moving HTTP header key/value pairs from the HTTP
|
// Disables the Signer's moving HTTP header key/value pairs from the HTTP
|
||||||
|
@ -164,7 +166,7 @@ type httpSigner struct {
|
||||||
Credentials Credentials
|
Credentials Credentials
|
||||||
IsPreSign bool
|
IsPreSign bool
|
||||||
|
|
||||||
Logger logging.Logger
|
Logger *zap.Logger
|
||||||
Debug bool
|
Debug bool
|
||||||
|
|
||||||
// PayloadHash is the hex encoded SHA-256 hash of the request payload
|
// PayloadHash is the hex encoded SHA-256 hash of the request payload
|
||||||
|
@ -193,6 +195,7 @@ func (s *Signer) SignHTTP(ctx context.Context, credentials Credentials, r *http.
|
||||||
Time: signingTime.UTC(),
|
Time: signingTime.UTC(),
|
||||||
DisableHeaderHoisting: options.DisableHeaderHoisting,
|
DisableHeaderHoisting: options.DisableHeaderHoisting,
|
||||||
DisableURIPathEscaping: options.DisableURIPathEscaping,
|
DisableURIPathEscaping: options.DisableURIPathEscaping,
|
||||||
|
Logger: options.Logger,
|
||||||
}
|
}
|
||||||
|
|
||||||
signedRequest, err := signer.Build()
|
signedRequest, err := signer.Build()
|
||||||
|
@ -566,7 +569,7 @@ const logSignedURLMsg = `
|
||||||
---[ SIGNED URL ]------------------------------------
|
---[ SIGNED URL ]------------------------------------
|
||||||
%s`
|
%s`
|
||||||
|
|
||||||
func logHTTPSigningInfo(ctx context.Context, options SignerOptions, r signedRequest) {
|
func logHTTPSigningInfo(_ context.Context, options SignerOptions, r signedRequest) {
|
||||||
if !options.LogSigning {
|
if !options.LogSigning {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -574,8 +577,9 @@ func logHTTPSigningInfo(ctx context.Context, options SignerOptions, r signedRequ
|
||||||
if r.PreSigned {
|
if r.PreSigned {
|
||||||
signedURLMsg = fmt.Sprintf(logSignedURLMsg, r.Request.URL.String())
|
signedURLMsg = fmt.Sprintf(logSignedURLMsg, r.Request.URL.String())
|
||||||
}
|
}
|
||||||
logger := logging.WithContext(ctx, options.Logger)
|
if options.Logger != nil {
|
||||||
logger.Logf(logging.Debug, logSignInfoMsg, r.CanonicalString, r.StringToSign, signedURLMsg)
|
options.Logger.Debug(fmt.Sprintf(logSignInfoMsg, r.CanonicalString, r.StringToSign, signedURLMsg))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type signedRequest struct {
|
type signedRequest struct {
|
||||||
|
|
|
@ -1,4 +1,6 @@
|
||||||
// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a_test.go
|
// This file is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/internal/v4a/v4a_test.go
|
||||||
|
// with changes:
|
||||||
|
// * use zap.Logger instead of smithy-go/logging
|
||||||
|
|
||||||
package v4a
|
package v4a
|
||||||
|
|
||||||
|
@ -17,7 +19,7 @@ import (
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/crypto"
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4asdk2/internal/crypto"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
"github.com/aws/smithy-go/logging"
|
"go.uber.org/zap/zaptest"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -388,9 +390,7 @@ func buildSigner(t *testing.T, withToken bool) (*Signer, CredentialsProvider) {
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewSigner(func(options *SignerOptions) {
|
return NewSigner(func(options *SignerOptions) {
|
||||||
options.Logger = loggerFunc(func(format string, v ...interface{}) {
|
options.Logger = zaptest.NewLogger(t)
|
||||||
t.Logf(format, v...)
|
|
||||||
})
|
|
||||||
}), &SymmetricCredentialAdaptor{
|
}), &SymmetricCredentialAdaptor{
|
||||||
SymmetricProvider: staticCredentialsProvider{
|
SymmetricProvider: staticCredentialsProvider{
|
||||||
Value: creds,
|
Value: creds,
|
||||||
|
@ -398,12 +398,6 @@ func buildSigner(t *testing.T, withToken bool) (*Signer, CredentialsProvider) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type loggerFunc func(format string, v ...interface{})
|
|
||||||
|
|
||||||
func (l loggerFunc) Logf(_ logging.Classification, format string, v ...interface{}) {
|
|
||||||
l(format, v...)
|
|
||||||
}
|
|
||||||
|
|
||||||
type staticCredentialsProvider struct {
|
type staticCredentialsProvider struct {
|
||||||
Value aws.Credentials
|
Value aws.Credentials
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4.go
|
// This is https://github.com/aws/aws-sdk-go-v2/blob/a2b751d1ba71f59175a41f9cae5f159f1044360f/aws/signer/v4/v4.go
|
||||||
// with changes:
|
// with changes:
|
||||||
// * using different headers for sign/presign
|
// * using different headers for sign/presign
|
||||||
|
// * use copy of smithy-go encoding/httpbinding package
|
||||||
|
// * use zap.Logger instead of smithy-go/logging
|
||||||
|
|
||||||
// Package v4 implements the AWS signature version 4 algorithm (commonly known
|
// Package v4 implements the AWS signature version 4 algorithm (commonly known
|
||||||
// as SigV4).
|
// as SigV4).
|
||||||
|
@ -56,10 +58,10 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/smithy/encoding/httpbinding"
|
||||||
v4Internal "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/internal/v4"
|
v4Internal "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth/signer/v4sdk2/signer/internal/v4"
|
||||||
"github.com/aws/aws-sdk-go-v2/aws"
|
"github.com/aws/aws-sdk-go-v2/aws"
|
||||||
"github.com/aws/smithy-go/encoding/httpbinding"
|
"go.uber.org/zap"
|
||||||
"github.com/aws/smithy-go/logging"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -97,7 +99,7 @@ type SignerOptions struct {
|
||||||
DisableURIPathEscaping bool
|
DisableURIPathEscaping bool
|
||||||
|
|
||||||
// The logger to send log messages to.
|
// The logger to send log messages to.
|
||||||
Logger logging.Logger
|
Logger *zap.Logger
|
||||||
|
|
||||||
// Enable logging of signed requests.
|
// Enable logging of signed requests.
|
||||||
// This will enable logging of the canonical request, the string to sign, and for presigning the subsequent
|
// This will enable logging of the canonical request, the string to sign, and for presigning the subsequent
|
||||||
|
@ -547,7 +549,7 @@ func (s *httpSigner) setRequiredSigningFields(headers http.Header, query url.Val
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func logSigningInfo(ctx context.Context, options SignerOptions, request *signedRequest, isPresign bool) {
|
func logSigningInfo(_ context.Context, options SignerOptions, request *signedRequest, isPresign bool) {
|
||||||
if !options.LogSigning {
|
if !options.LogSigning {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -555,8 +557,10 @@ func logSigningInfo(ctx context.Context, options SignerOptions, request *signedR
|
||||||
if isPresign {
|
if isPresign {
|
||||||
signedURLMsg = fmt.Sprintf(logSignedURLMsg, request.Request.URL.String())
|
signedURLMsg = fmt.Sprintf(logSignedURLMsg, request.Request.URL.String())
|
||||||
}
|
}
|
||||||
logger := logging.WithContext(ctx, options.Logger)
|
|
||||||
logger.Logf(logging.Debug, logSignInfoMsg, request.CanonicalString, request.StringToSign, signedURLMsg)
|
if options.Logger != nil {
|
||||||
|
options.Logger.Debug(fmt.Sprintf(logSignInfoMsg, request.CanonicalString, request.StringToSign, signedURLMsg))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type signedRequest struct {
|
type signedRequest struct {
|
||||||
|
|
2
go.mod
2
go.mod
|
@ -12,7 +12,6 @@ require (
|
||||||
github.com/aws/aws-sdk-go-v2 v1.30.5
|
github.com/aws/aws-sdk-go-v2 v1.30.5
|
||||||
github.com/aws/aws-sdk-go-v2/config v1.27.32
|
github.com/aws/aws-sdk-go-v2/config v1.27.32
|
||||||
github.com/aws/aws-sdk-go-v2/credentials v1.17.31
|
github.com/aws/aws-sdk-go-v2/credentials v1.17.31
|
||||||
github.com/aws/smithy-go v1.20.4
|
|
||||||
github.com/bluele/gcache v0.0.2
|
github.com/bluele/gcache v0.0.2
|
||||||
github.com/go-chi/chi/v5 v5.0.8
|
github.com/go-chi/chi/v5 v5.0.8
|
||||||
github.com/google/uuid v1.6.0
|
github.com/google/uuid v1.6.0
|
||||||
|
@ -58,6 +57,7 @@ require (
|
||||||
github.com/aws/aws-sdk-go-v2/service/sso v1.22.6 // indirect
|
github.com/aws/aws-sdk-go-v2/service/sso v1.22.6 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.6 // indirect
|
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.6 // indirect
|
||||||
github.com/aws/aws-sdk-go-v2/service/sts v1.30.6 // indirect
|
github.com/aws/aws-sdk-go-v2/service/sts v1.30.6 // indirect
|
||||||
|
github.com/aws/smithy-go v1.20.4 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
|
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
|
||||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||||
|
|
Loading…
Reference in a new issue