realloc/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#339] sigv4a: Support presign

Browse source 
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-04-23 14:49:34 +03:00
parent cc9a68401f
commit 8da71c3ae0
6 changed files with 56 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

17
cmd/s3-authmate/modules/generate-presigned-url.go
View file

@ -3,11 +3,13 @@ package modules
import (
"encoding/json"
"fmt"
"net/http"
"os"
"strings"
"time"
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/auth"
credentialsv2 "github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
@ -38,6 +40,7 @@ const (
awsAccessKeyIDFlag = "aws-access-key-id"
awsSecretAccessKeyFlag = "aws-secret-access-key"
headerFlag = "header"
sigV4AFlag = "sigv4a"
)
func initGeneratePresignedURLCmd() {
@ -51,6 +54,7 @@ func initGeneratePresignedURLCmd() {
generatePresignedURLCmd.Flags().String(awsAccessKeyIDFlag, "", "AWS access key id to sign the URL (default is taken from ~/.aws/credentials)")
generatePresignedURLCmd.Flags().String(awsSecretAccessKeyFlag, "", "AWS secret access key to sign the URL (default is taken from ~/.aws/credentials)")
generatePresignedURLCmd.Flags().StringSlice(headerFlag, nil, "Header in form of 'Key: value' to use in presigned URL (use flags repeatedly for multiple headers or separate them by comma)")
generatePresignedURLCmd.Flags().Bool(sigV4AFlag, false, "Use SigV4A for signing request")
_ = generatePresignedURLCmd.MarkFlagRequired(endpointFlag)
_ = generatePresignedURLCmd.MarkFlagRequired(bucketFlag)
@ -101,7 +105,18 @@ func runGeneratePresignedURLCmd(*cobra.Command, []string) error {
}
presignData.Headers = headers
req, err := auth.PresignRequest(sess.Config.Credentials, reqData, presignData)
var req *http.Request
if viper.GetBool(sigV4AFlag) {
val, err := sess.Config.Credentials.Get()
if err != nil {
return wrapPreparationError(err)
}
awsCreds := credentialsv2.NewStaticCredentialsProvider(val.AccessKeyID, val.SecretAccessKey, "")
req, err = auth.PresignRequestV4a(awsCreds, reqData, presignData)
} else {
req, err = auth.PresignRequest(sess.Config.Credentials, reqData, presignData)
}
if err != nil {
return wrapBusinessLogicError(err)
}