This patch gets the same error response in S3 and RGW when the error is related
to the signedheaders processing.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Handle AWS4 auth on requests with positive content-length. It splits the
auth process along several steps to process the body content on the fly
instead of reading the whole body in memory. After that, it completes
the delayed AWS4 auth properly.
Requests with content-length <= 0 are validated as usual. They don't
require any kind of completion.
Requests with content-length > 0 use a streaming approach together with
a completion step.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
When computing V4 signature, we need to encode the query string. But it
could come already encoded, at least partially.
So do not encode the entities that are already encoded.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Adds a new authorize function to identify/handle AWSv4 and AWSv2 auth
properly, handling common code, etc.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Crafts the canonical query string. URI-encode each parameter name and
value properly.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
Amazon S3 supports Signature Version 4. This patch contains the minimal
implementation supporting AWS4 in RGW. It implements AWS4 authentication
on http methods without body content and vars not shipping in the
request query string.
Fixes: #10333
Signed-off-by: Javier M. Mellid <jmunhoz@igalia.com>
python setup.py develop may try to pull dependencies from the net and
has no way to collect them from the wheelhouse that was populated by
install-deps.sh. Use pip install -e instead
Signed-off-by: Loic Dachary <loic@dachary.org>
AIO operations after a flatten operation were previously
hanging during the close of the parent image.
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
if $PATH has ".." in it, and the program happen to be located in
"..", `which program` will print `../program` instead of its fullpath,
so we should always use `readlink -f` for the fullpath.
Signed-off-by: Kefu Chai <kchai@redhat.com>
We do suggest users to put their logs in /var/log/radosgw in the
documentation at times. We should also label that directory with
ceph_var_log_t so that ceph daemons can also write there.
The commit also updates the man page for this policy. This man page is
automatically generated by
* sepolicy manpage -p . -d ceph_t
and have not been reloaded in a while. Hence, it contains few more
changes than the new radosgw directory.
Signed-off-by: Boris Ranto <branto@redhat.com>
SPDK block path with bluestore is something like spdk:55cd2e404bd73932.
The size of the prefix to compare should be 5.
sizeof(SPDK_PREFIX)-1 returns 5, while sizeof(SPDK_PREFIX-1) returns 8.
Signed-off-by: Jianjian Huo <samuel.huo@gmail.com>
If fsx issues a back-to-back synchronous write, these will be
replayed as AIO writes. If object map is enabled, it's possible
for the two writes to commit to disk out-of-order if the first
write required an object map update.
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
