Merge pull request #1037 from harshavardhana/add-config

serverConfig: Add a new region config entry.
This commit is contained in:
Harshavardhana 2016-01-17 01:50:30 -08:00
commit 092ed972d0
5 changed files with 76 additions and 23 deletions

View File

@ -90,9 +90,12 @@ func getSignedHeadersFromAuth(authHeaderValue string) ([]string, *probe.Error) {
return signedHeaders, nil
}
// verify if region value is valid.
func isValidRegion(region string) *probe.Error {
if region != "us-east-1" && region != "US" {
// verify if region value is valid with configured minioRegion.
func isValidRegion(region string, minioRegion string) *probe.Error {
if minioRegion == "" {
minioRegion = "us-east-1"
}
if region != minioRegion && region != "US" {
return probe.NewError(errInvalidRegion)
}
return nil
@ -105,9 +108,6 @@ func stripRegion(authHeaderValue string) (string, *probe.Error) {
return "", err.Trace(authHeaderValue)
}
region := credentialElements[2]
if err = isValidRegion(region); err != nil {
return "", err.Trace(authHeaderValue)
}
return region, nil
}
@ -129,10 +129,20 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
// strip auth from authorization header.
authHeaderValue := req.Header.Get("Authorization")
config, err := loadConfigV2()
if err != nil {
return nil, err.Trace()
}
region, err := stripRegion(authHeaderValue)
if err != nil {
return nil, err.Trace(authHeaderValue)
}
if err = isValidRegion(region, config.Credentials.Region); err != nil {
return nil, err.Trace(authHeaderValue)
}
accessKeyID, err := stripAccessKeyID(authHeaderValue)
if err != nil {
return nil, err.Trace(authHeaderValue)
@ -145,10 +155,6 @@ func initSignatureV4(req *http.Request) (*fs.Signature, *probe.Error) {
if err != nil {
return nil, err.Trace(authHeaderValue)
}
config, err := loadConfigV2()
if err != nil {
return nil, err.Trace()
}
if config.Credentials.AccessKeyID == accessKeyID {
signature := &fs.Signature{
AccessKeyID: config.Credentials.AccessKeyID,

View File

@ -217,9 +217,20 @@ func (api CloudStorageAPI) PutBucketHandler(w http.ResponseWriter, req *http.Req
var err *probe.Error
signature, err = initSignatureV4(req)
if err != nil {
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
}
}
}
}

View File

@ -159,9 +159,20 @@ func (api CloudStorageAPI) PutObjectHandler(w http.ResponseWriter, req *http.Req
var err *probe.Error
signature, err = initSignatureV4(req)
if err != nil {
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
}
}
}
}
@ -295,9 +306,20 @@ func (api CloudStorageAPI) PutObjectPartHandler(w http.ResponseWriter, req *http
var err *probe.Error
signature, err = initSignatureV4(req)
if err != nil {
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
}
}
}
}
@ -439,9 +461,20 @@ func (api CloudStorageAPI) CompleteMultipartUploadHandler(w http.ResponseWriter,
var err *probe.Error
signature, err = initSignatureV4(req)
if err != nil {
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
switch err.ToGoError() {
case errInvalidRegion:
errorIf(err.Trace(), "Unknown region in authorization header.", nil)
writeErrorResponse(w, req, AuthorizationHeaderMalformed, req.URL.Path)
return
case errAccessKeyIDInvalid:
errorIf(err.Trace(), "Invalid access key id.", nil)
writeErrorResponse(w, req, InvalidAccessKeyID, req.URL.Path)
return
default:
errorIf(err.Trace(), "Initializing signature v4 failed.", nil)
writeErrorResponse(w, req, InternalError, req.URL.Path)
return
}
}
}
}

View File

@ -42,6 +42,7 @@ type configV2 struct {
Credentials struct {
AccessKeyID string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"`
Region string `json:"region"`
} `json:"credentials"`
MongoLogger struct {
Addr string `json:"addr"`
@ -249,6 +250,7 @@ func newConfigV2() *configV2 {
config.Version = "2"
config.Credentials.AccessKeyID = ""
config.Credentials.SecretAccessKey = ""
config.Credentials.Region = "us-east-1"
config.MongoLogger.Addr = ""
config.MongoLogger.DB = ""
config.MongoLogger.Collection = ""

View File

@ -78,7 +78,7 @@ type cloudServerConfig struct {
MinFreeDisk int64 // Minimum free disk space for filesystem
Expiry time.Duration // Set auto expiry for filesystem
// TLS service
/// TLS service
TLS bool // TLS on when certs are specified
CertFile string // Domain certificate
KeyFile string // Domain key
@ -206,6 +206,7 @@ func getConfig() (*configV2, *probe.Error) {
config.Version = "2"
config.Credentials.AccessKeyID = string(mustGenerateAccessKeyID())
config.Credentials.SecretAccessKey = string(mustGenerateSecretAccessKey())
config.Credentials.Region = "us-east-1"
if err := saveConfig(config); err != nil {
return nil, err.Trace()
}