The X-Amz-Credential value in the URL shows the "/" character only for
readability. In practice, it should be encoded as %2F
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Protect against reuse of the signed portions of the request. In AWS, the signed
portions (using AWS Signatures) of requests are valid within 15 minutes of the
timestamp in the request.
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Provides the time period, in seconds, for which the generated presigned URL is
valid. For example, 86400 (24 hours). This value is an integer. The minimum
value you can set is 1, and the maximum is 604800 (seven days).
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
This patch gets the same error response in S3 and RGW when the error is related
to the signedheaders processing.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Handle AWS4 auth on requests with positive content-length. It splits the
auth process along several steps to process the body content on the fly
instead of reading the whole body in memory. After that, it completes
the delayed AWS4 auth properly.
Requests with content-length <= 0 are validated as usual. They don't
require any kind of completion.
Requests with content-length > 0 use a streaming approach together with
a completion step.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
When computing V4 signature, we need to encode the query string. But it
could come already encoded, at least partially.
So do not encode the entities that are already encoded.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Adds a new authorize function to identify/handle AWSv4 and AWSv2 auth
properly, handling common code, etc.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Crafts the canonical query string. URI-encode each parameter name and
value properly.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Amazon S3 supports Signature Version 4. This patch contains the minimal
implementation supporting AWS4 in RGW. It implements AWS4 authentication
on http methods without body content and vars not shipping in the
request query string.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
python setup.py develop may try to pull dependencies from the net and
has no way to collect them from the wheelhouse that was populated by
install-deps.sh. Use pip install -e instead
Signed-off-by: Loic Dachary <loic@dachary.org>
AIO operations after a flatten operation were previously
hanging during the close of the parent image.
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
if $PATH has ".." in it, and the program happen to be located in
"..", `which program` will print `../program` instead of its fullpath,
so we should always use `readlink -f` for the fullpath.
Signed-off-by: Kefu Chai <kchai@redhat.com>
