Add the v4auth parameter

v4auth will default to true and if the frankfurt (eu-central-1) region
is selected with v4auth set to false explicitly, the driver will error
out upon initialization.
This commit is contained in:
Andrey Kostov 2015-01-07 11:45:31 +02:00
parent 031c388543
commit a0ef0d6aad
3 changed files with 40 additions and 11 deletions

View file

@ -19,4 +19,6 @@ An implementation of the `storagedriver.StorageDriver` interface which uses Amaz
`secure`: (optional) Whether you would like to transfer data over ssl or not. Defaults to true (meaning transfering over ssl) if not specified. Note that while setting this to false will improve performance, it is not recommended due to security concerns. `secure`: (optional) Whether you would like to transfer data over ssl or not. Defaults to true (meaning transfering over ssl) if not specified. Note that while setting this to false will improve performance, it is not recommended due to security concerns.
`v4auth`: (optional) Whether you would like to use aws signature version 4 with your requests. This defaults to true if not specified (note that the eu-central-1 region does not work with version 2 signatures, so the driver will error out if initialized with this region and v4auth set to false)
`rootdirectory`: (optional) The root directory tree in which all registry files will be stored. Defaults to the empty string (bucket root). `rootdirectory`: (optional) The root directory tree in which all registry files will be stored. Defaults to the empty string (bucket root).

View file

@ -96,28 +96,35 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
} }
} }
secureBool := false secureBool := true
secure, ok := parameters["secure"] secure, ok := parameters["secure"]
if !ok { if ok {
secureBool = true
} else {
secureBool, ok = secure.(bool) secureBool, ok = secure.(bool)
if !ok { if !ok {
return nil, fmt.Errorf("The secure parameter should be a boolean") return nil, fmt.Errorf("The secure parameter should be a boolean")
} }
} }
v4AuthBool := true
v4Auth, ok := parameters["v4auth"]
if ok {
v4AuthBool, ok = v4Auth.(bool)
if !ok {
return nil, fmt.Errorf("The v4auth parameter should be a boolean")
}
}
rootDirectory, ok := parameters["rootdirectory"] rootDirectory, ok := parameters["rootdirectory"]
if !ok { if !ok {
rootDirectory = "" rootDirectory = ""
} }
return New(fmt.Sprint(accessKey), fmt.Sprint(secretKey), fmt.Sprint(bucket), fmt.Sprint(rootDirectory), region, encryptBool, secureBool) return New(fmt.Sprint(accessKey), fmt.Sprint(secretKey), fmt.Sprint(bucket), fmt.Sprint(rootDirectory), region, encryptBool, secureBool, v4AuthBool)
} }
// New constructs a new Driver with the given AWS credentials, region, encryption flag, and // New constructs a new Driver with the given AWS credentials, region, encryption flag, and
// bucketName // bucketName
func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Region, encrypt, secure bool) (*Driver, error) { func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Region, encrypt, secure, v4auth bool) (*Driver, error) {
auth, err := aws.GetAuth(accessKey, secretKey, "", time.Time{}) auth, err := aws.GetAuth(accessKey, secretKey, "", time.Time{})
if err != nil { if err != nil {
return nil, err return nil, err
@ -130,6 +137,14 @@ func New(accessKey, secretKey, bucketName, rootDirectory string, region aws.Regi
s3obj := s3.New(auth, region) s3obj := s3.New(auth, region)
bucket := s3obj.Bucket(bucketName) bucket := s3obj.Bucket(bucketName)
if v4auth {
s3obj.Signature = aws.V4Signature
} else {
if region.Name == "eu-central-1" {
return nil, fmt.Errorf("The eu-central-1 region only works with v4 authentication")
}
}
if _, err := bucket.List("", "", "", 1); err != nil { if _, err := bucket.List("", "", "", 1); err != nil {
return nil, err return nil, err
} }
@ -428,7 +443,7 @@ func (d *Driver) WriteStream(path string, offset int64, reader io.Reader) (total
} else { } else {
// offset > currentLength >= chunkSize // offset > currentLength >= chunkSize
_, part, err = multi.PutPartCopy(partNumber, _, part, err = multi.PutPartCopy(partNumber,
s3.CopyOptions{CopySourceOptions: "bytes=0-" + strconv.FormatInt(currentLength-1, 10)}, s3.CopyOptions{},
d.Bucket.Name+"/"+d.s3Path(path)) d.Bucket.Name+"/"+d.s3Path(path))
if err != nil { if err != nil {
return 0, err return 0, err

View file

@ -22,6 +22,7 @@ func init() {
bucket := os.Getenv("S3_BUCKET") bucket := os.Getenv("S3_BUCKET")
encrypt := os.Getenv("S3_ENCRYPT") encrypt := os.Getenv("S3_ENCRYPT")
secure := os.Getenv("S3_SECURE") secure := os.Getenv("S3_SECURE")
v4auth := os.Getenv("S3_USE_V4_AUTH")
region := os.Getenv("AWS_REGION") region := os.Getenv("AWS_REGION")
root, err := ioutil.TempDir("", "driver-") root, err := ioutil.TempDir("", "driver-")
if err != nil { if err != nil {
@ -29,9 +30,12 @@ func init() {
} }
s3DriverConstructor := func(region aws.Region) (storagedriver.StorageDriver, error) { s3DriverConstructor := func(region aws.Region) (storagedriver.StorageDriver, error) {
encryptBool, err := strconv.ParseBool(encrypt) encryptBool := true
if err != nil { if encrypt != "" {
return nil, err encryptBool, err = strconv.ParseBool(encrypt)
if err != nil {
return nil, err
}
} }
secureBool := true secureBool := true
@ -41,7 +45,15 @@ func init() {
return nil, err return nil, err
} }
} }
return New(accessKey, secretKey, bucket, root, region, encryptBool, secureBool)
v4AuthBool := true
if v4auth != "" {
v4AuthBool, err = strconv.ParseBool(v4auth)
if err != nil {
return nil, err
}
}
return New(accessKey, secretKey, bucket, root, region, encryptBool, secureBool, v4AuthBool)
} }
// Skip S3 storage driver tests if environment variable parameters are not provided // Skip S3 storage driver tests if environment variable parameters are not provided