mirror of
https://github.com/minio/minio.git
synced 2025-01-25 13:43:17 -05:00
Generate and use access/secret keys properly (#3498)
This commit is contained in:
parent
6ee27daac1
commit
e8ce3b64ed
@ -1,91 +0,0 @@
|
|||||||
/*
|
|
||||||
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package cmd
|
|
||||||
|
|
||||||
import (
|
|
||||||
"crypto/rand"
|
|
||||||
"encoding/base64"
|
|
||||||
)
|
|
||||||
|
|
||||||
// credential container for access and secret keys.
|
|
||||||
type credential struct {
|
|
||||||
AccessKeyID string `json:"accessKey"`
|
|
||||||
SecretAccessKey string `json:"secretKey"`
|
|
||||||
}
|
|
||||||
|
|
||||||
const (
|
|
||||||
accessKeyMinLen = 5
|
|
||||||
accessKeyMaxLen = 20
|
|
||||||
secretKeyMinLen = 8
|
|
||||||
secretKeyMaxLen = 40
|
|
||||||
)
|
|
||||||
|
|
||||||
// isValidAccessKey - validate access key for right length.
|
|
||||||
func isValidAccessKey(accessKey string) bool {
|
|
||||||
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
|
|
||||||
}
|
|
||||||
|
|
||||||
// isValidSecretKey - validate secret key for right length.
|
|
||||||
func isValidSecretKey(secretKey string) bool {
|
|
||||||
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
|
|
||||||
}
|
|
||||||
|
|
||||||
// mustGenAccessKeys - must generate access credentials.
|
|
||||||
func mustGenAccessKeys() (creds credential) {
|
|
||||||
creds, err := genAccessKeys()
|
|
||||||
fatalIf(err, "Unable to generate access keys.")
|
|
||||||
return creds
|
|
||||||
}
|
|
||||||
|
|
||||||
// genAccessKeys - generate access credentials.
|
|
||||||
func genAccessKeys() (credential, error) {
|
|
||||||
accessKeyID, err := genAccessKeyID()
|
|
||||||
if err != nil {
|
|
||||||
return credential{}, err
|
|
||||||
}
|
|
||||||
secretAccessKey, err := genSecretAccessKey()
|
|
||||||
if err != nil {
|
|
||||||
return credential{}, err
|
|
||||||
}
|
|
||||||
creds := credential{
|
|
||||||
AccessKeyID: string(accessKeyID),
|
|
||||||
SecretAccessKey: string(secretAccessKey),
|
|
||||||
}
|
|
||||||
return creds, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// genAccessKeyID - generate random alpha numeric value using only uppercase characters
|
|
||||||
// takes input as size in integer
|
|
||||||
func genAccessKeyID() ([]byte, error) {
|
|
||||||
alpha := make([]byte, accessKeyMaxLen)
|
|
||||||
if _, err := rand.Read(alpha); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
for i := 0; i < accessKeyMaxLen; i++ {
|
|
||||||
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
|
|
||||||
}
|
|
||||||
return alpha, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// genSecretAccessKey - generate random base64 numeric value from a random seed.
|
|
||||||
func genSecretAccessKey() ([]byte, error) {
|
|
||||||
rb := make([]byte, secretKeyMaxLen)
|
|
||||||
if _, err := rand.Read(rb); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
return []byte(base64.StdEncoding.EncodeToString(rb))[:secretKeyMaxLen], nil
|
|
||||||
}
|
|
@ -83,7 +83,7 @@ func getAdminCmdRequest(cmd cmdType, cred credential) (*http.Request, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
req.Header.Set(minioAdminOpHeader, cmd.String())
|
req.Header.Set(minioAdminOpHeader, cmd.String())
|
||||||
err = signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey)
|
err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -109,8 +109,8 @@ func makeAdminPeers(eps []*url.URL) adminPeers {
|
|||||||
// Check if the remote host has been added already
|
// Check if the remote host has been added already
|
||||||
if !seenAddr[ep.Host] {
|
if !seenAddr[ep.Host] {
|
||||||
cfg := authConfig{
|
cfg := authConfig{
|
||||||
accessKey: serverConfig.GetCredential().AccessKeyID,
|
accessKey: serverConfig.GetCredential().AccessKey,
|
||||||
secretKey: serverConfig.GetCredential().SecretAccessKey,
|
secretKey: serverConfig.GetCredential().SecretKey,
|
||||||
address: ep.Host,
|
address: ep.Host,
|
||||||
secureConn: isSSL(),
|
secureConn: isSSL(),
|
||||||
path: path.Join(reservedBucket, servicePath),
|
path: path.Join(reservedBucket, servicePath),
|
||||||
|
@ -31,7 +31,7 @@ func testAdminCmd(cmd cmdType, t *testing.T) {
|
|||||||
adminServer := serviceCmd{}
|
adminServer := serviceCmd{}
|
||||||
creds := serverConfig.GetCredential()
|
creds := serverConfig.GetCredential()
|
||||||
reply := RPCLoginReply{}
|
reply := RPCLoginReply{}
|
||||||
args := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}
|
args := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
|
||||||
err = adminServer.LoginHandler(&args, &reply)
|
err = adminServer.LoginHandler(&args, &reply)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to login to admin server - %v", err)
|
t.Fatalf("Failed to login to admin server - %v", err)
|
||||||
|
@ -25,23 +25,26 @@ import (
|
|||||||
"strconv"
|
"strconv"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Static alphanumeric table used for generating unique request ids
|
const requestIDLen = 16
|
||||||
var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
|
|
||||||
|
|
||||||
// newRequestID generates and returns request ID string.
|
// mustGetRequestID generates and returns request ID string.
|
||||||
func newRequestID() string {
|
func mustGetRequestID() string {
|
||||||
alpha := make([]byte, 16)
|
reqBytes := make([]byte, requestIDLen)
|
||||||
rand.Read(alpha)
|
if _, err := rand.Read(reqBytes); err != nil {
|
||||||
for i := 0; i < 16; i++ {
|
panic(err)
|
||||||
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
|
|
||||||
}
|
}
|
||||||
return string(alpha)
|
|
||||||
|
for i := 0; i < requestIDLen; i++ {
|
||||||
|
reqBytes[i] = alphaNumericTable[reqBytes[i]%alphaNumericTableLen]
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(reqBytes)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write http common headers
|
// Write http common headers
|
||||||
func setCommonHeaders(w http.ResponseWriter) {
|
func setCommonHeaders(w http.ResponseWriter) {
|
||||||
// Set unique request ID for each reply.
|
// Set unique request ID for each reply.
|
||||||
w.Header().Set("X-Amz-Request-Id", newRequestID())
|
w.Header().Set("X-Amz-Request-Id", mustGetRequestID())
|
||||||
w.Header().Set("Server", ("Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"))
|
w.Header().Set("Server", ("Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"))
|
||||||
w.Header().Set("Accept-Ranges", "bytes")
|
w.Header().Set("Accept-Ranges", "bytes")
|
||||||
}
|
}
|
||||||
|
@ -22,7 +22,7 @@ import (
|
|||||||
|
|
||||||
func TestNewRequestID(t *testing.T) {
|
func TestNewRequestID(t *testing.T) {
|
||||||
// Ensure that it returns an alphanumeric result of length 16.
|
// Ensure that it returns an alphanumeric result of length 16.
|
||||||
var id = newRequestID()
|
var id = mustGetRequestID()
|
||||||
|
|
||||||
if len(id) != 16 {
|
if len(id) != 16 {
|
||||||
t.Fail()
|
t.Fail()
|
||||||
|
@ -301,7 +301,7 @@ func mustNewRequest(method string, urlStr string, contentLength int64, body io.R
|
|||||||
func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request {
|
func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request {
|
||||||
req := mustNewRequest(method, urlStr, contentLength, body, t)
|
req := mustNewRequest(method, urlStr, contentLength, body, t)
|
||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
if err := signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey); err != nil {
|
if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
|
||||||
t.Fatalf("Unable to inititalized new signed http request %s", err)
|
t.Fatalf("Unable to inititalized new signed http request %s", err)
|
||||||
}
|
}
|
||||||
return req
|
return req
|
||||||
|
@ -74,7 +74,7 @@ func isRPCTokenValid(tokenStr string) bool {
|
|||||||
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
return []byte(jwt.SecretAccessKey), nil
|
return []byte(jwt.SecretKey), nil
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
errorIf(err, "Unable to parse JWT token string")
|
errorIf(err, "Unable to parse JWT token string")
|
||||||
|
@ -103,8 +103,8 @@ func updateCredsOnPeers(creds credential) map[string]error {
|
|||||||
|
|
||||||
// Initialize client
|
// Initialize client
|
||||||
client := newAuthClient(&authConfig{
|
client := newAuthClient(&authConfig{
|
||||||
accessKey: serverConfig.GetCredential().AccessKeyID,
|
accessKey: serverConfig.GetCredential().AccessKey,
|
||||||
secretKey: serverConfig.GetCredential().SecretAccessKey,
|
secretKey: serverConfig.GetCredential().SecretKey,
|
||||||
address: peers[ix],
|
address: peers[ix],
|
||||||
secureConn: isSSL(),
|
secureConn: isSSL(),
|
||||||
path: path.Join(reservedBucket, browserPeerPath),
|
path: path.Join(reservedBucket, browserPeerPath),
|
||||||
|
@ -63,8 +63,8 @@ func TestBrowserPeerRPC(t *testing.T) {
|
|||||||
func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
|
func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
|
||||||
// Construct RPC call arguments.
|
// Construct RPC call arguments.
|
||||||
creds := credential{
|
creds := credential{
|
||||||
AccessKeyID: "abcd1",
|
AccessKey: "abcd1",
|
||||||
SecretAccessKey: "abcd1234",
|
SecretKey: "abcd1234",
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate for invalid token.
|
// Validate for invalid token.
|
||||||
@ -105,8 +105,8 @@ func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
|
|||||||
|
|
||||||
// Validate for success in loing handled with valid credetnails.
|
// Validate for success in loing handled with valid credetnails.
|
||||||
rargs = &RPCLoginArgs{
|
rargs = &RPCLoginArgs{
|
||||||
Username: creds.AccessKeyID,
|
Username: creds.AccessKey,
|
||||||
Password: creds.SecretAccessKey,
|
Password: creds.SecretKey,
|
||||||
}
|
}
|
||||||
rreply = &RPCLoginReply{}
|
rreply = &RPCLoginReply{}
|
||||||
err = rclient.Call("BrowserPeer.LoginHandler", rargs, rreply)
|
err = rclient.Call("BrowserPeer.LoginHandler", rargs, rreply)
|
||||||
|
@ -50,8 +50,8 @@ func testGetBucketLocationHandler(obj ObjectLayer, instanceType, bucketName stri
|
|||||||
// Tests for authenticated request and proper response.
|
// Tests for authenticated request and proper response.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
locationResponse: []byte(`<?xml version="1.0" encoding="UTF-8"?>
|
locationResponse: []byte(`<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>`),
|
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>`),
|
||||||
@ -192,16 +192,16 @@ func testHeadBucketHandler(obj ObjectLayer, instanceType, bucketName string, api
|
|||||||
// Bucket exists.
|
// Bucket exists.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
// Non-existent bucket name.
|
// Non-existent bucket name.
|
||||||
{
|
{
|
||||||
bucketName: "2333",
|
bucketName: "2333",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 3.
|
// Test case - 3.
|
||||||
@ -311,8 +311,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "0",
|
maxUploads: "0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -325,8 +325,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "0",
|
maxUploads: "0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -339,8 +339,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "-",
|
delimiter: "-",
|
||||||
maxUploads: "0",
|
maxUploads: "0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotImplemented,
|
expectedRespStatus: http.StatusNotImplemented,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -353,8 +353,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "0",
|
maxUploads: "0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotImplemented,
|
expectedRespStatus: http.StatusNotImplemented,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -367,8 +367,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "abc",
|
uploadIDMarker: "abc",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "0",
|
maxUploads: "0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotImplemented,
|
expectedRespStatus: http.StatusNotImplemented,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -381,8 +381,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "-1",
|
maxUploads: "-1",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
@ -396,8 +396,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "/",
|
delimiter: "/",
|
||||||
maxUploads: "100",
|
maxUploads: "100",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
shouldPass: true,
|
shouldPass: true,
|
||||||
},
|
},
|
||||||
@ -410,8 +410,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadIDMarker: "",
|
uploadIDMarker: "",
|
||||||
delimiter: "",
|
delimiter: "",
|
||||||
maxUploads: "100",
|
maxUploads: "100",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
shouldPass: true,
|
shouldPass: true,
|
||||||
},
|
},
|
||||||
@ -535,8 +535,8 @@ func testListBucketsHandler(obj ObjectLayer, instanceType, bucketName string, ap
|
|||||||
// Validate a good case request succeeds.
|
// Validate a good case request succeeds.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
@ -684,7 +684,7 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
|
|||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
objects: successRequest0,
|
objects: successRequest0,
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedContent: nil,
|
expectedContent: nil,
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
@ -693,8 +693,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
|
|||||||
{
|
{
|
||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
objects: successRequest0,
|
objects: successRequest0,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedContent: encodedSuccessResponse0,
|
expectedContent: encodedSuccessResponse0,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
@ -703,8 +703,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
|
|||||||
{
|
{
|
||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
objects: successRequest1,
|
objects: successRequest1,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedContent: encodedSuccessResponse1,
|
expectedContent: encodedSuccessResponse1,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
@ -713,8 +713,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
|
|||||||
{
|
{
|
||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
objects: successRequest1,
|
objects: successRequest1,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedContent: encodedErrorResponse,
|
expectedContent: encodedErrorResponse,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
|
@ -209,7 +209,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
|
|||||||
}
|
}
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
req, err := newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
|
req, err := newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
|
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
|
||||||
}
|
}
|
||||||
@ -222,7 +222,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
|
|||||||
}
|
}
|
||||||
rec = httptest.NewRecorder()
|
rec = httptest.NewRecorder()
|
||||||
req, err = newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
|
req, err = newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
|
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
|
||||||
}
|
}
|
||||||
@ -268,7 +268,7 @@ func testListenBucketNotificationNilHandler(obj ObjectLayer, instanceType, bucke
|
|||||||
[]string{"*.jpg"}, []string{
|
[]string{"*.jpg"}, []string{
|
||||||
"s3:ObjectCreated:*",
|
"s3:ObjectCreated:*",
|
||||||
"s3:ObjectRemoved:*",
|
"s3:ObjectRemoved:*",
|
||||||
}), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
}), 0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if tErr != nil {
|
if tErr != nil {
|
||||||
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, tErr)
|
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, tErr)
|
||||||
}
|
}
|
||||||
@ -294,7 +294,7 @@ func testRemoveNotificationConfig(obj ObjectLayer, instanceType, bucketName stri
|
|||||||
testRec := httptest.NewRecorder()
|
testRec := httptest.NewRecorder()
|
||||||
testReq, tErr := newTestSignedRequestV4("PUT", getPutBucketNotificationURL("", randBucket),
|
testReq, tErr := newTestSignedRequestV4("PUT", getPutBucketNotificationURL("", randBucket),
|
||||||
int64(len(sampleNotificationBytes)), bytes.NewReader(sampleNotificationBytes),
|
int64(len(sampleNotificationBytes)), bytes.NewReader(sampleNotificationBytes),
|
||||||
credentials.AccessKeyID, credentials.SecretAccessKey)
|
credentials.AccessKey, credentials.SecretKey)
|
||||||
if tErr != nil {
|
if tErr != nil {
|
||||||
t.Fatalf("%s: Failed to create HTTP testRequest for PutBucketNotification: <ERROR> %v", instanceType, tErr)
|
t.Fatalf("%s: Failed to create HTTP testRequest for PutBucketNotification: <ERROR> %v", instanceType, tErr)
|
||||||
}
|
}
|
||||||
|
@ -277,8 +277,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
||||||
|
|
||||||
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
@ -289,8 +289,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
||||||
|
|
||||||
policyLen: maxAccessPolicySize + 1,
|
policyLen: maxAccessPolicySize + 1,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 3.
|
// Test case - 3.
|
||||||
@ -301,8 +301,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
||||||
|
|
||||||
policyLen: 0,
|
policyLen: 0,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusLengthRequired,
|
expectedRespStatus: http.StatusLengthRequired,
|
||||||
},
|
},
|
||||||
// Test case - 4.
|
// Test case - 4.
|
||||||
@ -312,8 +312,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: nil,
|
bucketPolicyReader: nil,
|
||||||
|
|
||||||
policyLen: 10,
|
policyLen: 10,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 5.
|
// Test case - 5.
|
||||||
@ -336,8 +336,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")),
|
bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")),
|
||||||
|
|
||||||
policyLen: len([]byte("dummy-policy")),
|
policyLen: len([]byte("dummy-policy")),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 7.
|
// Test case - 7.
|
||||||
@ -348,8 +348,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
|
||||||
|
|
||||||
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 8.
|
// Test case - 8.
|
||||||
@ -361,8 +361,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))),
|
||||||
|
|
||||||
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 9.
|
// Test case - 9.
|
||||||
@ -374,8 +374,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))),
|
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))),
|
||||||
|
|
||||||
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -469,7 +469,7 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// expected Response.
|
// expected Response.
|
||||||
expectedRespStatus int
|
expectedRespStatus int
|
||||||
}{
|
}{
|
||||||
{bucketName, credentials.AccessKeyID, credentials.SecretAccessKey, http.StatusNoContent},
|
{bucketName, credentials.AccessKey, credentials.SecretKey, http.StatusNoContent},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Iterating over the cases and writing the bucket policy.
|
// Iterating over the cases and writing the bucket policy.
|
||||||
@ -520,8 +520,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// Case which valid inputs, expected to return success status of 200OK.
|
// Case which valid inputs, expected to return success status of 200OK.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedBucketPolicy: bucketPolicyTemplate,
|
expectedBucketPolicy: bucketPolicyTemplate,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
@ -529,8 +529,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// Case with non-existent bucket name.
|
// Case with non-existent bucket name.
|
||||||
{
|
{
|
||||||
bucketName: "non-existent-bucket",
|
bucketName: "non-existent-bucket",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedBucketPolicy: bucketPolicyTemplate,
|
expectedBucketPolicy: bucketPolicyTemplate,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
@ -538,8 +538,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// Case with invalid bucket name.
|
// Case with invalid bucket name.
|
||||||
{
|
{
|
||||||
bucketName: ".invalid-bucket-name",
|
bucketName: ".invalid-bucket-name",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedBucketPolicy: "",
|
expectedBucketPolicy: "",
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
@ -693,8 +693,8 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
|
|||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -731,24 +731,24 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
|
|||||||
// Test case - 1.
|
// Test case - 1.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
// Case with non-existent-bucket.
|
// Case with non-existent-bucket.
|
||||||
{
|
{
|
||||||
bucketName: "non-existent-bucket",
|
bucketName: "non-existent-bucket",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 3.
|
// Test case - 3.
|
||||||
// Case with invalid bucket name.
|
// Case with invalid bucket name.
|
||||||
{
|
{
|
||||||
bucketName: ".invalid-bucket-name",
|
bucketName: ".invalid-bucket-name",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -112,8 +112,8 @@ func migrateV2ToV3() error {
|
|||||||
srvConfig.Version = "3"
|
srvConfig.Version = "3"
|
||||||
srvConfig.Addr = ":9000"
|
srvConfig.Addr = ":9000"
|
||||||
srvConfig.Credential = credential{
|
srvConfig.Credential = credential{
|
||||||
AccessKeyID: cv2.Credentials.AccessKeyID,
|
AccessKey: cv2.Credentials.AccessKey,
|
||||||
SecretAccessKey: cv2.Credentials.SecretAccessKey,
|
SecretKey: cv2.Credentials.SecretKey,
|
||||||
}
|
}
|
||||||
srvConfig.Region = cv2.Credentials.Region
|
srvConfig.Region = cv2.Credentials.Region
|
||||||
if srvConfig.Region == "" {
|
if srvConfig.Region == "" {
|
||||||
|
@ -148,11 +148,11 @@ func TestServerConfigMigrateV2toV11(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check if accessKey and secretKey are not altered during migration
|
// Check if accessKey and secretKey are not altered during migration
|
||||||
if serverConfig.Credential.AccessKeyID != accessKey {
|
if serverConfig.Credential.AccessKey != accessKey {
|
||||||
t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKeyID)
|
t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKey)
|
||||||
}
|
}
|
||||||
if serverConfig.Credential.SecretAccessKey != secretKey {
|
if serverConfig.Credential.SecretKey != secretKey {
|
||||||
t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretAccessKey)
|
t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize server config and check again if everything is fine
|
// Initialize server config and check again if everything is fine
|
||||||
|
@ -11,8 +11,8 @@ import (
|
|||||||
/////////////////// Config V1 ///////////////////
|
/////////////////// Config V1 ///////////////////
|
||||||
type configV1 struct {
|
type configV1 struct {
|
||||||
Version string `json:"version"`
|
Version string `json:"version"`
|
||||||
AccessKeyID string `json:"accessKeyId"`
|
AccessKey string `json:"accessKeyId"`
|
||||||
SecretAccessKey string `json:"secretAccessKey"`
|
SecretKey string `json:"secretAccessKey"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// loadConfigV1 load config
|
// loadConfigV1 load config
|
||||||
@ -41,8 +41,8 @@ func loadConfigV1() (*configV1, error) {
|
|||||||
type configV2 struct {
|
type configV2 struct {
|
||||||
Version string `json:"version"`
|
Version string `json:"version"`
|
||||||
Credentials struct {
|
Credentials struct {
|
||||||
AccessKeyID string `json:"accessKeyId"`
|
AccessKey string `json:"accessKeyId"`
|
||||||
SecretAccessKey string `json:"secretAccessKey"`
|
SecretKey string `json:"secretAccessKey"`
|
||||||
Region string `json:"region"`
|
Region string `json:"region"`
|
||||||
} `json:"credentials"`
|
} `json:"credentials"`
|
||||||
MongoLogger struct {
|
MongoLogger struct {
|
||||||
|
@ -50,7 +50,7 @@ func initConfig() (bool, error) {
|
|||||||
srvCfg := &serverConfigV11{}
|
srvCfg := &serverConfigV11{}
|
||||||
srvCfg.Version = globalMinioConfigVersion
|
srvCfg.Version = globalMinioConfigVersion
|
||||||
srvCfg.Region = "us-east-1"
|
srvCfg.Region = "us-east-1"
|
||||||
srvCfg.Credential = mustGenAccessKeys()
|
srvCfg.Credential = newCredential()
|
||||||
|
|
||||||
// Enable console logger by default on a fresh run.
|
// Enable console logger by default on a fresh run.
|
||||||
srvCfg.Logger.Console = consoleLogger{
|
srvCfg.Logger.Console = consoleLogger{
|
||||||
|
74
cmd/credential.go
Normal file
74
cmd/credential.go
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
/*
|
||||||
|
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package cmd
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"encoding/base64"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
accessKeyMinLen = 5
|
||||||
|
accessKeyMaxLen = 20
|
||||||
|
secretKeyMinLen = 8
|
||||||
|
secretKeyMaxLen = 40
|
||||||
|
|
||||||
|
alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||||
|
alphaNumericTableLen = byte(len(alphaNumericTable))
|
||||||
|
)
|
||||||
|
|
||||||
|
func mustGetAccessKey() string {
|
||||||
|
keyBytes := make([]byte, accessKeyMaxLen)
|
||||||
|
if _, err := rand.Read(keyBytes); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for i := 0; i < accessKeyMaxLen; i++ {
|
||||||
|
keyBytes[i] = alphaNumericTable[keyBytes[i]%alphaNumericTableLen]
|
||||||
|
}
|
||||||
|
|
||||||
|
return string(keyBytes)
|
||||||
|
}
|
||||||
|
|
||||||
|
func mustGetSecretKey() string {
|
||||||
|
keyBytes := make([]byte, secretKeyMaxLen)
|
||||||
|
if _, err := rand.Read(keyBytes); err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
return string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen])
|
||||||
|
}
|
||||||
|
|
||||||
|
// isAccessKeyValid - validate access key for right length.
|
||||||
|
func isAccessKeyValid(accessKey string) bool {
|
||||||
|
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
|
||||||
|
}
|
||||||
|
|
||||||
|
// isSecretKeyValid - validate secret key for right length.
|
||||||
|
func isSecretKeyValid(secretKey string) bool {
|
||||||
|
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
|
||||||
|
}
|
||||||
|
|
||||||
|
// credential container for access and secret keys.
|
||||||
|
type credential struct {
|
||||||
|
AccessKey string `json:"accessKey"`
|
||||||
|
SecretKey string `json:"secretKey"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func newCredential() credential {
|
||||||
|
return credential{mustGetAccessKey(), mustGetSecretKey()}
|
||||||
|
}
|
@ -268,5 +268,5 @@ func (n *nsLockMap) deleteLockInfoEntryForOps(param nsParam, opsID string) error
|
|||||||
|
|
||||||
// Return randomly generated string ID
|
// Return randomly generated string ID
|
||||||
func getOpsID() string {
|
func getOpsID() string {
|
||||||
return newRequestID()
|
return mustGetRequestID()
|
||||||
}
|
}
|
||||||
|
@ -55,7 +55,7 @@ func createLockTestServer(t *testing.T) (string, *lockServer, string) {
|
|||||||
lockMap: make(map[string][]lockRequesterInfo),
|
lockMap: make(map[string][]lockRequesterInfo),
|
||||||
}
|
}
|
||||||
creds := serverConfig.GetCredential()
|
creds := serverConfig.GetCredential()
|
||||||
loginArgs := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}
|
loginArgs := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
|
||||||
loginReply := RPCLoginReply{}
|
loginReply := RPCLoginReply{}
|
||||||
err = locker.LoginHandler(&loginArgs, &loginReply)
|
err = locker.LoginHandler(&loginArgs, &loginReply)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -32,7 +32,7 @@ func TestLoginHandler(t *testing.T) {
|
|||||||
}{
|
}{
|
||||||
// Valid username and password
|
// Valid username and password
|
||||||
{
|
{
|
||||||
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey},
|
args: RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey},
|
||||||
expectedErr: nil,
|
expectedErr: nil,
|
||||||
},
|
},
|
||||||
// Invalid username length
|
// Invalid username length
|
||||||
@ -47,12 +47,12 @@ func TestLoginHandler(t *testing.T) {
|
|||||||
},
|
},
|
||||||
// Invalid username
|
// Invalid username
|
||||||
{
|
{
|
||||||
args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretAccessKey},
|
args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretKey},
|
||||||
expectedErr: errInvalidAccessKeyID,
|
expectedErr: errInvalidAccessKeyID,
|
||||||
},
|
},
|
||||||
// Invalid password
|
// Invalid password
|
||||||
{
|
{
|
||||||
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: "aaaaaaaa"},
|
args: RPCLoginArgs{Username: creds.AccessKey, Password: "aaaaaaaa"},
|
||||||
expectedErr: errAuthentication,
|
expectedErr: errAuthentication,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -189,14 +189,14 @@ func minioInit() {
|
|||||||
if accessKey != "" && secretKey != "" {
|
if accessKey != "" && secretKey != "" {
|
||||||
// Set new credentials.
|
// Set new credentials.
|
||||||
serverConfig.SetCredential(credential{
|
serverConfig.SetCredential(credential{
|
||||||
AccessKeyID: accessKey,
|
AccessKey: accessKey,
|
||||||
SecretAccessKey: secretKey,
|
SecretKey: secretKey,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
if !isValidAccessKey(serverConfig.GetCredential().AccessKeyID) {
|
if !isAccessKeyValid(serverConfig.GetCredential().AccessKey) {
|
||||||
fatalIf(errInvalidArgument, "Invalid access key. Accept only a string starting with a alphabetic and containing from 5 to 20 characters.")
|
fatalIf(errInvalidArgument, "Invalid access key. Accept only a string starting with a alphabetic and containing from 5 to 20 characters.")
|
||||||
}
|
}
|
||||||
if !isValidSecretKey(serverConfig.GetCredential().SecretAccessKey) {
|
if !isSecretKeyValid(serverConfig.GetCredential().SecretKey) {
|
||||||
fatalIf(errInvalidArgument, "Invalid secret key. Accept only a string containing from 8 to 40 characters.")
|
fatalIf(errInvalidArgument, "Invalid secret key. Accept only a string containing from 8 to 40 characters.")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -40,8 +40,8 @@ func initDsyncNodes(eps []*url.URL) error {
|
|||||||
return errInvalidArgument
|
return errInvalidArgument
|
||||||
}
|
}
|
||||||
clnts[index] = newAuthClient(&authConfig{
|
clnts[index] = newAuthClient(&authConfig{
|
||||||
accessKey: cred.AccessKeyID,
|
accessKey: cred.AccessKey,
|
||||||
secretKey: cred.SecretAccessKey,
|
secretKey: cred.SecretKey,
|
||||||
// Construct a new dsync server addr.
|
// Construct a new dsync server addr.
|
||||||
secureConn: isSSL(),
|
secureConn: isSSL(),
|
||||||
address: ep.Host,
|
address: ep.Host,
|
||||||
|
@ -97,8 +97,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
@ -106,8 +106,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: "abcd",
|
objectName: "abcd",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 3.
|
// Test case - 3.
|
||||||
@ -117,7 +117,7 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -248,8 +248,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
byteRange: "",
|
byteRange: "",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: bytesData[0].byteData,
|
expectedContent: bytesData[0].byteData,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
@ -260,8 +260,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: "abcd",
|
objectName: "abcd",
|
||||||
byteRange: "",
|
byteRange: "",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey), getGetObjectURL("", bucketName, "abcd"))),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey), getGetObjectURL("", bucketName, "abcd"))),
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
@ -272,8 +272,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
byteRange: "bytes=10-100",
|
byteRange: "bytes=10-100",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: bytesData[0].byteData[10:101],
|
expectedContent: bytesData[0].byteData[10:101],
|
||||||
expectedRespStatus: http.StatusPartialContent,
|
expectedRespStatus: http.StatusPartialContent,
|
||||||
@ -284,8 +284,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
byteRange: "bytes=-0",
|
byteRange: "bytes=-0",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidRange), getGetObjectURL("", bucketName, objectName))),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidRange), getGetObjectURL("", bucketName, objectName))),
|
||||||
expectedRespStatus: http.StatusRequestedRangeNotSatisfiable,
|
expectedRespStatus: http.StatusRequestedRangeNotSatisfiable,
|
||||||
@ -297,8 +297,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
byteRange: "bytes=10-1000000000000000",
|
byteRange: "bytes=10-1000000000000000",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: bytesData[0].byteData[10:],
|
expectedContent: bytesData[0].byteData[10:],
|
||||||
expectedRespStatus: http.StatusPartialContent,
|
expectedRespStatus: http.StatusPartialContent,
|
||||||
@ -311,7 +311,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
byteRange: "",
|
byteRange: "",
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))),
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
@ -470,8 +470,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 64 * humanize.KiByte,
|
chunkSize: 64 * humanize.KiByte,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: true,
|
shouldPass: true,
|
||||||
},
|
},
|
||||||
// Test case - 2
|
// Test case - 2
|
||||||
@ -484,8 +484,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1 * humanize.KiByte,
|
chunkSize: 1 * humanize.KiByte,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: true,
|
shouldPass: true,
|
||||||
},
|
},
|
||||||
// Test case - 3
|
// Test case - 3
|
||||||
@ -512,8 +512,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 64 * humanize.KiByte,
|
chunkSize: 64 * humanize.KiByte,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
removeAuthHeader: true,
|
removeAuthHeader: true,
|
||||||
},
|
},
|
||||||
@ -527,8 +527,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 100 * humanize.KiByte,
|
chunkSize: 100 * humanize.KiByte,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
},
|
},
|
||||||
// Test case - 6
|
// Test case - 6
|
||||||
@ -541,8 +541,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1024,
|
chunkSize: 1024,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusInternalServerError,
|
expectedRespStatus: http.StatusInternalServerError,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
fault: malformedEncoding,
|
fault: malformedEncoding,
|
||||||
},
|
},
|
||||||
@ -556,8 +556,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1024,
|
chunkSize: 1024,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
fault: unexpectedEOF,
|
fault: unexpectedEOF,
|
||||||
},
|
},
|
||||||
@ -571,8 +571,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1024,
|
chunkSize: 1024,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
fault: signatureMismatch,
|
fault: signatureMismatch,
|
||||||
},
|
},
|
||||||
@ -587,8 +587,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1024,
|
chunkSize: 1024,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
fault: chunkDateMismatch,
|
fault: chunkDateMismatch,
|
||||||
},
|
},
|
||||||
@ -602,8 +602,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
|
|||||||
chunkSize: 1024,
|
chunkSize: 1024,
|
||||||
expectedContent: []byte{},
|
expectedContent: []byte{},
|
||||||
expectedRespStatus: http.StatusInternalServerError,
|
expectedRespStatus: http.StatusInternalServerError,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
shouldPass: false,
|
shouldPass: false,
|
||||||
fault: tooBigDecodedLength,
|
fault: tooBigDecodedLength,
|
||||||
},
|
},
|
||||||
@ -733,8 +733,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
@ -746,7 +746,7 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: "Wrong-AcessID",
|
accessKey: "Wrong-AcessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
@ -758,8 +758,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
headers: copySourceHeader,
|
headers: copySourceHeader,
|
||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 4.
|
// Test case - 4.
|
||||||
@ -770,8 +770,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
headers: invalidMD5Header,
|
headers: invalidMD5Header,
|
||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
// Test case - 5.
|
// Test case - 5.
|
||||||
@ -781,8 +781,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
fault: TooBigObject,
|
fault: TooBigObject,
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
@ -793,8 +793,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
|
|||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
data: bytesData,
|
data: bytesData,
|
||||||
dataLen: len(bytesData),
|
dataLen: len(bytesData),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
fault: MissingContentLength,
|
fault: MissingContentLength,
|
||||||
expectedRespStatus: http.StatusLengthRequired,
|
expectedRespStatus: http.StatusLengthRequired,
|
||||||
},
|
},
|
||||||
@ -991,8 +991,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
newObjectName: "newObject1",
|
newObjectName: "newObject1",
|
||||||
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
},
|
},
|
||||||
@ -1003,8 +1003,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
newObjectName: "newObject1",
|
newObjectName: "newObject1",
|
||||||
copySourceHeader: url.QueryEscape("/"),
|
copySourceHeader: url.QueryEscape("/"),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
@ -1014,8 +1014,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
newObjectName: objectName,
|
newObjectName: objectName,
|
||||||
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
},
|
},
|
||||||
@ -1027,8 +1027,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
newObjectName: objectName,
|
newObjectName: objectName,
|
||||||
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + "non-existent-object"),
|
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + "non-existent-object"),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
@ -1040,19 +1040,19 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
|
|||||||
bucketName: "non-existent-destination-bucket",
|
bucketName: "non-existent-destination-bucket",
|
||||||
newObjectName: objectName,
|
newObjectName: objectName,
|
||||||
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 6.
|
// Test case - 6.
|
||||||
// Case with invalid AccessKeyID.
|
// Case with invalid AccessKey.
|
||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
newObjectName: objectName,
|
newObjectName: objectName,
|
||||||
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
@ -1175,7 +1175,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
// construct HTTP request for NewMultipart upload.
|
// construct HTTP request for NewMultipart upload.
|
||||||
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
|
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
||||||
@ -1208,7 +1208,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// construct HTTP request for NewMultipart upload.
|
// construct HTTP request for NewMultipart upload.
|
||||||
// Setting an invalid accessID.
|
// Setting an invalid accessID.
|
||||||
req, err = newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
|
req, err = newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
|
||||||
0, nil, "Invalid-AccessID", credentials.SecretAccessKey)
|
0, nil, "Invalid-AccessID", credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
||||||
@ -1227,7 +1227,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
recV2 := httptest.NewRecorder()
|
recV2 := httptest.NewRecorder()
|
||||||
// construct HTTP request for NewMultipartUpload endpoint.
|
// construct HTTP request for NewMultipartUpload endpoint.
|
||||||
reqV2, err := newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
|
reqV2, err := newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
||||||
@ -1260,7 +1260,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
// construct HTTP request for NewMultipartUpload endpoint.
|
// construct HTTP request for NewMultipartUpload endpoint.
|
||||||
// Setting invalid AccessID.
|
// Setting invalid AccessID.
|
||||||
reqV2, err = newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
|
reqV2, err = newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
|
||||||
0, nil, "Invalid-AccessID", credentials.SecretAccessKey)
|
0, nil, "Invalid-AccessID", credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
|
||||||
@ -1331,7 +1331,7 @@ func testAPINewMultipartHandlerParallel(obj ObjectLayer, instanceType, bucketNam
|
|||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
// construct HTTP request NewMultipartUpload.
|
// construct HTTP request NewMultipartUpload.
|
||||||
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create HTTP request for NewMultipart request: <ERROR> %v", err)
|
t.Fatalf("Failed to create HTTP request for NewMultipart request: <ERROR> %v", err)
|
||||||
@ -1527,8 +1527,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[0].parts,
|
parts: inputParts[0].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(BadDigest{})),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(BadDigest{})),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1542,8 +1542,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: []completePart{},
|
parts: []completePart{},
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrMalformedXML),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrMalformedXML),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1557,8 +1557,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: "abc",
|
uploadID: "abc",
|
||||||
parts: inputParts[0].parts,
|
parts: inputParts[0].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidUploadID{UploadID: "abc"})),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidUploadID{UploadID: "abc"})),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1571,8 +1571,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[1].parts,
|
parts: inputParts[1].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(completeMultipartAPIError{int64(4), int64(5242880), 1, "e2fc714c4727ee9395f324cd2e7f331f",
|
expectedContent: encodeResponse(completeMultipartAPIError{int64(4), int64(5242880), 1, "e2fc714c4727ee9395f324cd2e7f331f",
|
||||||
getAPIErrorResponse(getAPIError(toAPIErrorCode(PartTooSmall{PartNumber: 1})),
|
getAPIErrorResponse(getAPIError(toAPIErrorCode(PartTooSmall{PartNumber: 1})),
|
||||||
@ -1586,8 +1586,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[2].parts,
|
parts: inputParts[2].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidPart{})),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidPart{})),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1601,8 +1601,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[3].parts,
|
parts: inputParts[3].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidPartOrder),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidPartOrder),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1617,7 +1617,7 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[4].parts,
|
parts: inputParts[4].parts,
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID),
|
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID),
|
||||||
getGetObjectURL("", bucketName, objectName))),
|
getGetObjectURL("", bucketName, objectName))),
|
||||||
@ -1631,8 +1631,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
parts: inputParts[4].parts,
|
parts: inputParts[4].parts,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedContent: encodedSuccessResponse,
|
expectedContent: encodedSuccessResponse,
|
||||||
expectedRespStatus: http.StatusOK,
|
expectedRespStatus: http.StatusOK,
|
||||||
@ -1813,8 +1813,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
|
|||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
// Test case - 2.
|
// Test case - 2.
|
||||||
@ -1823,8 +1823,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
|
|||||||
bucket: bucketName,
|
bucket: bucketName,
|
||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: "nonexistent-upload-id",
|
uploadID: "nonexistent-upload-id",
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusNotFound,
|
expectedRespStatus: http.StatusNotFound,
|
||||||
},
|
},
|
||||||
// Test case - 3.
|
// Test case - 3.
|
||||||
@ -1834,7 +1834,7 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
|
|||||||
object: objectName,
|
object: objectName,
|
||||||
uploadID: uploadIDs[0],
|
uploadID: uploadIDs[0],
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -1957,8 +1957,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
@ -1968,8 +1968,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
{
|
{
|
||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
},
|
},
|
||||||
@ -1980,7 +1980,7 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
|
|||||||
bucketName: bucketName,
|
bucketName: bucketName,
|
||||||
objectName: objectName,
|
objectName: objectName,
|
||||||
accessKey: "Invalid-AccessKey",
|
accessKey: "Invalid-AccessKey",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedRespStatus: http.StatusForbidden,
|
expectedRespStatus: http.StatusForbidden,
|
||||||
},
|
},
|
||||||
@ -2070,7 +2070,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
|
|||||||
testObject := "testobject"
|
testObject := "testobject"
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
|
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2096,7 +2096,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
|
|||||||
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
}
|
}
|
||||||
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
|
err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
|
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2113,7 +2113,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
|
|||||||
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
}
|
}
|
||||||
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
|
err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
|
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2136,7 +2136,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
|
|||||||
testObject := "testobject"
|
testObject := "testobject"
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
|
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2171,7 +2171,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
|
|||||||
rec = httptest.NewRecorder()
|
rec = httptest.NewRecorder()
|
||||||
req, err = newTestStreamingSignedRequest("PUT",
|
req, err = newTestStreamingSignedRequest("PUT",
|
||||||
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
|
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
|
||||||
5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey)
|
5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create new streaming signed HTTP request: <ERROR> %v.", err)
|
t.Fatalf("Failed to create new streaming signed HTTP request: <ERROR> %v.", err)
|
||||||
@ -2273,8 +2273,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: None,
|
fault: None,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: noAPIErr,
|
expectedAPIError: noAPIErr,
|
||||||
},
|
},
|
||||||
@ -2285,8 +2285,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "9999999999999999999",
|
partNumber: "9999999999999999999",
|
||||||
fault: None,
|
fault: None,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: invalidPart,
|
expectedAPIError: invalidPart,
|
||||||
},
|
},
|
||||||
@ -2297,8 +2297,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: strconv.Itoa(maxPartID + 1),
|
partNumber: strconv.Itoa(maxPartID + 1),
|
||||||
fault: None,
|
fault: None,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: invalidMaxParts,
|
expectedAPIError: invalidMaxParts,
|
||||||
},
|
},
|
||||||
@ -2309,8 +2309,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: MissingContentLength,
|
fault: MissingContentLength,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: missingContent,
|
expectedAPIError: missingContent,
|
||||||
},
|
},
|
||||||
@ -2321,8 +2321,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: TooBigObject,
|
fault: TooBigObject,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: entityTooLarge,
|
expectedAPIError: entityTooLarge,
|
||||||
},
|
},
|
||||||
@ -2333,8 +2333,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: BadSignature,
|
fault: BadSignature,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: badSigning,
|
expectedAPIError: badSigning,
|
||||||
},
|
},
|
||||||
@ -2346,8 +2346,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: BadMD5,
|
fault: BadMD5,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: badChecksum,
|
expectedAPIError: badChecksum,
|
||||||
},
|
},
|
||||||
@ -2358,8 +2358,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
reader: bytes.NewReader([]byte("hello")),
|
reader: bytes.NewReader([]byte("hello")),
|
||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: MissingUploadID,
|
fault: MissingUploadID,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: noSuchUploadID,
|
expectedAPIError: noSuchUploadID,
|
||||||
},
|
},
|
||||||
@ -2372,7 +2372,7 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
|
|||||||
partNumber: "1",
|
partNumber: "1",
|
||||||
fault: None,
|
fault: None,
|
||||||
accessKey: "Invalid-AccessID",
|
accessKey: "Invalid-AccessID",
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
|
|
||||||
expectedAPIError: invalidAccessID,
|
expectedAPIError: invalidAccessID,
|
||||||
},
|
},
|
||||||
@ -2541,7 +2541,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
|
|||||||
testObject := "testobject"
|
testObject := "testobject"
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject),
|
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2564,7 +2564,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
|
|||||||
rec = httptest.NewRecorder()
|
rec = httptest.NewRecorder()
|
||||||
req, err = newTestSignedRequestV4("PUT",
|
req, err = newTestSignedRequestV4("PUT",
|
||||||
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
|
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
|
||||||
int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey)
|
int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
|
||||||
instanceType, bucketName, testObject, err)
|
instanceType, bucketName, testObject, err)
|
||||||
@ -2584,7 +2584,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
|
|||||||
instanceType, bucketName, mpartResp.UploadID)
|
instanceType, bucketName, mpartResp.UploadID)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
|
err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
|
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
|
||||||
instanceType, bucketName, mpartResp.UploadID)
|
instanceType, bucketName, mpartResp.UploadID)
|
||||||
@ -2604,7 +2604,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
|
|||||||
instanceType, bucketName, mpartResp.UploadID)
|
instanceType, bucketName, mpartResp.UploadID)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60))
|
err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
|
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
|
||||||
instanceType, bucketName, mpartResp.UploadID)
|
instanceType, bucketName, mpartResp.UploadID)
|
||||||
@ -2724,7 +2724,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
|
|||||||
// constructing a v4 signed HTTP request for ListMultipartUploads.
|
// constructing a v4 signed HTTP request for ListMultipartUploads.
|
||||||
reqV4, err = newTestSignedRequestV4("GET",
|
reqV4, err = newTestSignedRequestV4("GET",
|
||||||
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
|
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create a V4 signed request to list object parts for %s/%s: <ERROR> %v.",
|
t.Fatalf("Failed to create a V4 signed request to list object parts for %s/%s: <ERROR> %v.",
|
||||||
@ -2734,7 +2734,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
|
|||||||
// construct HTTP request for PutObject Part Object endpoint.
|
// construct HTTP request for PutObject Part Object endpoint.
|
||||||
reqV2, err = newTestSignedRequestV2("GET",
|
reqV2, err = newTestSignedRequestV2("GET",
|
||||||
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
|
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
|
||||||
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey)
|
0, nil, credentials.AccessKey, credentials.SecretKey)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed to create a V2 signed request to list object parts for %s/%s: <ERROR> %v.",
|
t.Fatalf("Failed to create a V2 signed request to list object parts for %s/%s: <ERROR> %v.",
|
||||||
|
@ -154,9 +154,9 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
accessKey string
|
accessKey string
|
||||||
secretKey string
|
secretKey string
|
||||||
}{
|
}{
|
||||||
{http.StatusForbidden, "invalidaccesskey", credentials.SecretAccessKey},
|
{http.StatusForbidden, "invalidaccesskey", credentials.SecretKey},
|
||||||
{http.StatusForbidden, credentials.AccessKeyID, "invalidsecretkey"},
|
{http.StatusForbidden, credentials.AccessKey, "invalidsecretkey"},
|
||||||
{http.StatusNoContent, credentials.AccessKeyID, credentials.SecretAccessKey},
|
{http.StatusNoContent, credentials.AccessKey, credentials.SecretKey},
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, test := range testCasesV2 {
|
for i, test := range testCasesV2 {
|
||||||
@ -190,8 +190,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
expectedHeaders: map[string]string{"X-Amz-Meta-Uuid": "1234"},
|
expectedHeaders: map[string]string{"X-Amz-Meta-Uuid": "1234"},
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
malformedBody: false,
|
malformedBody: false,
|
||||||
},
|
},
|
||||||
// Bad case invalid request.
|
// Bad case invalid request.
|
||||||
@ -208,8 +208,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
malformedBody: true,
|
malformedBody: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -262,20 +262,20 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
|
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
|
||||||
},
|
},
|
||||||
// Corrupted Base 64 result
|
// Corrupted Base 64 result
|
||||||
{
|
{
|
||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
|
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
|
||||||
corruptedBase64: true,
|
corruptedBase64: true,
|
||||||
},
|
},
|
||||||
// Corrupted Multipart body
|
// Corrupted Multipart body
|
||||||
@ -283,10 +283,10 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
|
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
|
||||||
corruptedMultipart: true,
|
corruptedMultipart: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -305,18 +305,18 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTime.Add(-1 * time.Minute * 5).Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTime.Add(-1 * time.Minute * 5).Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`,
|
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
|
||||||
},
|
},
|
||||||
// Corrupted policy document
|
// Corrupted policy document
|
||||||
{
|
{
|
||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: []byte("Hello, World"),
|
data: []byte("Hello, World"),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
|
||||||
policy: `{"3/aws4_request"]]}`,
|
policy: `{"3/aws4_request"]]}`,
|
||||||
},
|
},
|
||||||
@ -354,8 +354,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: bytes.Repeat([]byte("a"), 1025),
|
data: bytes.Repeat([]byte("a"), 1025),
|
||||||
expectedRespStatus: http.StatusNoContent,
|
expectedRespStatus: http.StatusNoContent,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
malformedBody: false,
|
malformedBody: false,
|
||||||
},
|
},
|
||||||
// Failed with entity too small.
|
// Failed with entity too small.
|
||||||
@ -363,8 +363,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: bytes.Repeat([]byte("a"), 1023),
|
data: bytes.Repeat([]byte("a"), 1023),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
malformedBody: false,
|
malformedBody: false,
|
||||||
},
|
},
|
||||||
// Failed with entity too large.
|
// Failed with entity too large.
|
||||||
@ -372,8 +372,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
|
|||||||
objectName: "test",
|
objectName: "test",
|
||||||
data: bytes.Repeat([]byte("a"), (1*humanize.MiByte)+1),
|
data: bytes.Repeat([]byte("a"), (1*humanize.MiByte)+1),
|
||||||
expectedRespStatus: http.StatusBadRequest,
|
expectedRespStatus: http.StatusBadRequest,
|
||||||
accessKey: credentials.AccessKeyID,
|
accessKey: credentials.AccessKey,
|
||||||
secretKey: credentials.SecretAccessKey,
|
secretKey: credentials.SecretKey,
|
||||||
malformedBody: false,
|
malformedBody: false,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -444,14 +444,14 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
|
|||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
|
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
|
||||||
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`
|
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`
|
||||||
|
|
||||||
// Generate the final policy document
|
// Generate the final policy document
|
||||||
policy = fmt.Sprintf(policy, dates...)
|
policy = fmt.Sprintf(policy, dates...)
|
||||||
|
|
||||||
// Create a new POST request with success_action_redirect field specified
|
// Create a new POST request with success_action_redirect field specified
|
||||||
req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"),
|
req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"),
|
||||||
credentials.AccessKeyID, credentials.SecretAccessKey, curTime,
|
credentials.AccessKey, credentials.SecretKey, curTime,
|
||||||
[]byte(policy), map[string]string{"success_action_redirect": redirectURL}, false, false)
|
[]byte(policy), map[string]string{"success_action_redirect": redirectURL}, false, false)
|
||||||
|
|
||||||
if perr != nil {
|
if perr != nil {
|
||||||
|
@ -103,7 +103,7 @@ func getHealMsg(endpoints []*url.URL, storageDisks []StorageAPI) string {
|
|||||||
// msg += "MINIO_SECRET_KEY=%s "
|
// msg += "MINIO_SECRET_KEY=%s "
|
||||||
// msg += "minio control heal %s"
|
// msg += "minio control heal %s"
|
||||||
// creds := serverConfig.GetCredential()
|
// creds := serverConfig.GetCredential()
|
||||||
// msg = fmt.Sprintf(msg, creds.AccessKeyID, creds.SecretAccessKey, getHealEndpoint(isSSL(), endpoints[0]))
|
// msg = fmt.Sprintf(msg, creds.AccessKey, creds.SecretKey, getHealEndpoint(isSSL(), endpoints[0]))
|
||||||
disksInfo, _, _ := getDisksInfo(storageDisks)
|
disksInfo, _, _ := getDisksInfo(storageDisks)
|
||||||
for i, info := range disksInfo {
|
for i, info := range disksInfo {
|
||||||
if storageDisks[i] == nil {
|
if storageDisks[i] == nil {
|
||||||
|
@ -62,8 +62,8 @@ func makeS3Peers(eps []*url.URL) s3Peers {
|
|||||||
// Check if the remote host has been added already
|
// Check if the remote host has been added already
|
||||||
if !seenAddr[ep.Host] {
|
if !seenAddr[ep.Host] {
|
||||||
cfg := authConfig{
|
cfg := authConfig{
|
||||||
accessKey: serverConfig.GetCredential().AccessKeyID,
|
accessKey: serverConfig.GetCredential().AccessKey,
|
||||||
secretKey: serverConfig.GetCredential().SecretAccessKey,
|
secretKey: serverConfig.GetCredential().SecretKey,
|
||||||
address: ep.Host,
|
address: ep.Host,
|
||||||
secureConn: isSSL(),
|
secureConn: isSSL(),
|
||||||
path: path.Join(reservedBucket, s3Path),
|
path: path.Join(reservedBucket, s3Path),
|
||||||
|
@ -75,8 +75,8 @@ func printServerCommonMsg(endPoints []string) {
|
|||||||
endPointStr := strings.Join(endPoints, " ")
|
endPointStr := strings.Join(endPoints, " ")
|
||||||
// Colorize the message and print.
|
// Colorize the message and print.
|
||||||
console.Println(colorBlue("\nEndpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(endPointStr), 1), endPointStr)))
|
console.Println(colorBlue("\nEndpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(endPointStr), 1), endPointStr)))
|
||||||
console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKeyID)))
|
console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey)))
|
||||||
console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretAccessKey)))
|
console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey)))
|
||||||
console.Println(colorBlue("Region: ") + colorBold(fmt.Sprintf(getFormatStr(len(region), 3), region)))
|
console.Println(colorBlue("Region: ") + colorBold(fmt.Sprintf(getFormatStr(len(region), 3), region)))
|
||||||
printEventNotifiers()
|
printEventNotifiers()
|
||||||
|
|
||||||
@ -109,10 +109,10 @@ func printCLIAccessMsg(endPoint string) {
|
|||||||
// Configure 'mc', following block prints platform specific information for minio client.
|
// Configure 'mc', following block prints platform specific information for minio client.
|
||||||
console.Println(colorBlue("\nCommand-line Access: ") + mcQuickStartGuide)
|
console.Println(colorBlue("\nCommand-line Access: ") + mcQuickStartGuide)
|
||||||
if runtime.GOOS == "windows" {
|
if runtime.GOOS == "windows" {
|
||||||
mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey)
|
mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
|
||||||
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
|
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
|
||||||
} else {
|
} else {
|
||||||
mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey)
|
mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
|
||||||
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
|
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -94,14 +94,10 @@ func (s *TestSuiteCommon) TearDownSuite(c *C) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *TestSuiteCommon) TestAuth(c *C) {
|
func (s *TestSuiteCommon) TestAuth(c *C) {
|
||||||
secretID, err := genSecretAccessKey()
|
cred := newCredential()
|
||||||
c.Assert(err, IsNil)
|
|
||||||
|
|
||||||
accessID, err := genAccessKeyID()
|
c.Assert(len(cred.AccessKey), Equals, accessKeyMaxLen)
|
||||||
c.Assert(err, IsNil)
|
c.Assert(len(cred.SecretKey), Equals, secretKeyMaxLen)
|
||||||
|
|
||||||
c.Assert(len(secretID), Equals, secretKeyMaxLen)
|
|
||||||
c.Assert(len(accessID), Equals, accessKeyMaxLen)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *TestSuiteCommon) TestBucketSQSNotification(c *C) {
|
func (s *TestSuiteCommon) TestBucketSQSNotification(c *C) {
|
||||||
|
@ -43,10 +43,10 @@ const (
|
|||||||
|
|
||||||
// newJWT - returns new JWT object.
|
// newJWT - returns new JWT object.
|
||||||
func newJWT(expiry time.Duration, cred credential) (*JWT, error) {
|
func newJWT(expiry time.Duration, cred credential) (*JWT, error) {
|
||||||
if !isValidAccessKey(cred.AccessKeyID) {
|
if !isAccessKeyValid(cred.AccessKey) {
|
||||||
return nil, errInvalidAccessKeyLength
|
return nil, errInvalidAccessKeyLength
|
||||||
}
|
}
|
||||||
if !isValidSecretKey(cred.SecretAccessKey) {
|
if !isSecretKeyValid(cred.SecretKey) {
|
||||||
return nil, errInvalidSecretKeyLength
|
return nil, errInvalidSecretKeyLength
|
||||||
}
|
}
|
||||||
return &JWT{cred, expiry}, nil
|
return &JWT{cred, expiry}, nil
|
||||||
@ -60,7 +60,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
|
|||||||
// Trim spaces.
|
// Trim spaces.
|
||||||
accessKey = strings.TrimSpace(accessKey)
|
accessKey = strings.TrimSpace(accessKey)
|
||||||
|
|
||||||
if !isValidAccessKey(accessKey) {
|
if !isAccessKeyValid(accessKey) {
|
||||||
return "", errInvalidAccessKeyLength
|
return "", errInvalidAccessKeyLength
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -71,7 +71,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
|
|||||||
"iat": tUTCNow.Unix(),
|
"iat": tUTCNow.Unix(),
|
||||||
"sub": accessKey,
|
"sub": accessKey,
|
||||||
})
|
})
|
||||||
return token.SignedString([]byte(jwt.SecretAccessKey))
|
return token.SignedString([]byte(jwt.SecretKey))
|
||||||
}
|
}
|
||||||
|
|
||||||
var errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records")
|
var errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records")
|
||||||
@ -82,18 +82,18 @@ func (jwt *JWT) Authenticate(accessKey, secretKey string) error {
|
|||||||
// Trim spaces.
|
// Trim spaces.
|
||||||
accessKey = strings.TrimSpace(accessKey)
|
accessKey = strings.TrimSpace(accessKey)
|
||||||
|
|
||||||
if !isValidAccessKey(accessKey) {
|
if !isAccessKeyValid(accessKey) {
|
||||||
return errInvalidAccessKeyLength
|
return errInvalidAccessKeyLength
|
||||||
}
|
}
|
||||||
if !isValidSecretKey(secretKey) {
|
if !isSecretKeyValid(secretKey) {
|
||||||
return errInvalidSecretKeyLength
|
return errInvalidSecretKeyLength
|
||||||
}
|
}
|
||||||
|
|
||||||
if accessKey != jwt.AccessKeyID {
|
if accessKey != jwt.AccessKey {
|
||||||
return errInvalidAccessKeyID
|
return errInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretAccessKey), bcrypt.DefaultCost)
|
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretKey), bcrypt.DefaultCost)
|
||||||
if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil {
|
if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil {
|
||||||
return errAuthentication
|
return errAuthentication
|
||||||
}
|
}
|
||||||
|
@ -190,11 +190,11 @@ func TestAuthenticate(t *testing.T) {
|
|||||||
// Authentication error.
|
// Authentication error.
|
||||||
{"myuser", "mypassword", errInvalidAccessKeyID},
|
{"myuser", "mypassword", errInvalidAccessKeyID},
|
||||||
// Authentication error.
|
// Authentication error.
|
||||||
{serverConfig.GetCredential().AccessKeyID, "mypassword", errAuthentication},
|
{serverConfig.GetCredential().AccessKey, "mypassword", errAuthentication},
|
||||||
// Success.
|
// Success.
|
||||||
{serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey, nil},
|
{serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey, nil},
|
||||||
// Success when access key contains leading/trailing spaces.
|
// Success when access key contains leading/trailing spaces.
|
||||||
{" " + serverConfig.GetCredential().AccessKeyID + " ", serverConfig.GetCredential().SecretAccessKey, nil},
|
{" " + serverConfig.GetCredential().AccessKey + " ", serverConfig.GetCredential().SecretKey, nil},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run tests.
|
// Run tests.
|
||||||
|
@ -67,12 +67,12 @@ var resourceList = []string{
|
|||||||
func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode {
|
func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode {
|
||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
accessKey := formValues["Awsaccesskeyid"]
|
accessKey := formValues["Awsaccesskeyid"]
|
||||||
if accessKey != cred.AccessKeyID {
|
if accessKey != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
signature := formValues["Signature"]
|
signature := formValues["Signature"]
|
||||||
policy := formValues["Policy"]
|
policy := formValues["Policy"]
|
||||||
if signature != calculateSignatureV2(policy, cred.SecretAccessKey) {
|
if signature != calculateSignatureV2(policy, cred.SecretKey) {
|
||||||
return ErrSignatureDoesNotMatch
|
return ErrSignatureDoesNotMatch
|
||||||
}
|
}
|
||||||
return ErrNone
|
return ErrNone
|
||||||
@ -126,7 +126,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Validate if access key id same.
|
// Validate if access key id same.
|
||||||
if accessKey != cred.AccessKeyID {
|
if accessKey != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -150,7 +150,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
|
// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
|
||||||
// Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) );
|
// Signature = Base64( HMAC-SHA1( YourSecretKey, UTF-8-Encoding-Of( StringToSign ) ) );
|
||||||
//
|
//
|
||||||
// StringToSign = HTTP-Verb + "\n" +
|
// StringToSign = HTTP-Verb + "\n" +
|
||||||
// Content-Md5 + "\n" +
|
// Content-Md5 + "\n" +
|
||||||
@ -193,7 +193,7 @@ func validateV2AuthHeader(v2Auth string) APIErrorCode {
|
|||||||
|
|
||||||
// Access credentials.
|
// Access credentials.
|
||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
if keySignFields[0] != cred.AccessKeyID {
|
if keySignFields[0] != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -239,15 +239,15 @@ func calculateSignatureV2(stringToSign string, secret string) string {
|
|||||||
func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string {
|
func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string {
|
||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires)
|
stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires)
|
||||||
return calculateSignatureV2(stringToSign, cred.SecretAccessKey)
|
return calculateSignatureV2(stringToSign, cred.SecretKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return signature-v2 authrization header.
|
// Return signature-v2 authrization header.
|
||||||
func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string {
|
func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string {
|
||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
stringToSign := signV2STS(method, encodedResource, encodedQuery, headers)
|
stringToSign := signV2STS(method, encodedResource, encodedQuery, headers)
|
||||||
signature := calculateSignatureV2(stringToSign, cred.SecretAccessKey)
|
signature := calculateSignatureV2(stringToSign, cred.SecretKey)
|
||||||
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKeyID, signature)
|
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKey, signature)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return canonical headers.
|
// Return canonical headers.
|
||||||
|
@ -55,7 +55,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
|
|||||||
queryParams: map[string]string{
|
queryParams: map[string]string{
|
||||||
"Expires": "60s",
|
"Expires": "60s",
|
||||||
"Signature": "badsignature",
|
"Signature": "badsignature",
|
||||||
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
|
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
|
||||||
},
|
},
|
||||||
expected: ErrMalformedExpires,
|
expected: ErrMalformedExpires,
|
||||||
},
|
},
|
||||||
@ -64,7 +64,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
|
|||||||
queryParams: map[string]string{
|
queryParams: map[string]string{
|
||||||
"Expires": "60",
|
"Expires": "60",
|
||||||
"Signature": "badsignature",
|
"Signature": "badsignature",
|
||||||
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
|
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
|
||||||
},
|
},
|
||||||
expected: ErrExpiredPresignRequest,
|
expected: ErrExpiredPresignRequest,
|
||||||
},
|
},
|
||||||
@ -73,7 +73,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
|
|||||||
queryParams: map[string]string{
|
queryParams: map[string]string{
|
||||||
"Expires": fmt.Sprintf("%d", now.Unix()+60),
|
"Expires": fmt.Sprintf("%d", now.Unix()+60),
|
||||||
"Signature": "badsignature",
|
"Signature": "badsignature",
|
||||||
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
|
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
|
||||||
},
|
},
|
||||||
expected: ErrSignatureDoesNotMatch,
|
expected: ErrSignatureDoesNotMatch,
|
||||||
},
|
},
|
||||||
@ -82,7 +82,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
|
|||||||
queryParams: map[string]string{
|
queryParams: map[string]string{
|
||||||
"Expires": fmt.Sprintf("%d", now.Unix()),
|
"Expires": fmt.Sprintf("%d", now.Unix()),
|
||||||
"Signature": "zOM2YrY/yAQe15VWmT78OlBrK6g=",
|
"Signature": "zOM2YrY/yAQe15VWmT78OlBrK6g=",
|
||||||
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID,
|
"AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
|
||||||
},
|
},
|
||||||
expected: ErrSignatureDoesNotMatch,
|
expected: ErrSignatureDoesNotMatch,
|
||||||
},
|
},
|
||||||
@ -126,7 +126,7 @@ func TestValidateV2AuthHeader(t *testing.T) {
|
|||||||
if err := serverConfig.Save(); err != nil {
|
if err := serverConfig.Save(); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
accessID := serverConfig.GetCredential().AccessKeyID
|
accessID := serverConfig.GetCredential().AccessKey
|
||||||
|
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
authString string
|
authString string
|
||||||
@ -207,9 +207,9 @@ func TestDoesPolicySignatureV2Match(t *testing.T) {
|
|||||||
signature string
|
signature string
|
||||||
errCode APIErrorCode
|
errCode APIErrorCode
|
||||||
}{
|
}{
|
||||||
{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrInvalidAccessKeyID},
|
{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID},
|
||||||
{creds.AccessKeyID, policy, calculateSignatureV2("random", creds.SecretAccessKey), ErrSignatureDoesNotMatch},
|
{creds.AccessKey, policy, calculateSignatureV2("random", creds.SecretKey), ErrSignatureDoesNotMatch},
|
||||||
{creds.AccessKeyID, policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrNone},
|
{creds.AccessKey, policy, calculateSignatureV2(policy, creds.SecretKey), ErrNone},
|
||||||
}
|
}
|
||||||
for i, test := range testCases {
|
for i, test := range testCases {
|
||||||
formValues := make(map[string]string)
|
formValues := make(map[string]string)
|
||||||
|
@ -47,7 +47,7 @@ func parseCredentialHeader(credElement string) (credentialHeader, APIErrorCode)
|
|||||||
if len(credElements) != 5 {
|
if len(credElements) != 5 {
|
||||||
return credentialHeader{}, ErrCredMalformed
|
return credentialHeader{}, ErrCredMalformed
|
||||||
}
|
}
|
||||||
if !isValidAccessKey(credElements[0]) {
|
if !isAccessKeyValid(credElements[0]) {
|
||||||
return credentialHeader{}, ErrInvalidAccessKeyID
|
return credentialHeader{}, ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
// Save access key id.
|
// Save access key id.
|
||||||
|
@ -171,7 +171,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify if the access key id matches.
|
// Verify if the access key id matches.
|
||||||
if credHeader.accessKey != cred.AccessKeyID {
|
if credHeader.accessKey != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -188,7 +188,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Get signing key.
|
// Get signing key.
|
||||||
signingKey := getSigningKey(cred.SecretAccessKey, t, region)
|
signingKey := getSigningKey(cred.SecretKey, t, region)
|
||||||
|
|
||||||
// Get signature.
|
// Get signature.
|
||||||
newSignature := getSignature(signingKey, formValues["Policy"])
|
newSignature := getSignature(signingKey, formValues["Policy"])
|
||||||
@ -217,7 +217,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify if the access key id matches.
|
// Verify if the access key id matches.
|
||||||
if pSignValues.Credential.accessKey != cred.AccessKeyID {
|
if pSignValues.Credential.accessKey != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -268,7 +268,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
|
|||||||
query.Set("X-Amz-Date", t.Format(iso8601Format))
|
query.Set("X-Amz-Date", t.Format(iso8601Format))
|
||||||
query.Set("X-Amz-Expires", strconv.Itoa(expireSeconds))
|
query.Set("X-Amz-Expires", strconv.Itoa(expireSeconds))
|
||||||
query.Set("X-Amz-SignedHeaders", getSignedHeaders(extractedSignedHeaders))
|
query.Set("X-Amz-SignedHeaders", getSignedHeaders(extractedSignedHeaders))
|
||||||
query.Set("X-Amz-Credential", cred.AccessKeyID+"/"+getScope(t, sRegion))
|
query.Set("X-Amz-Credential", cred.AccessKey+"/"+getScope(t, sRegion))
|
||||||
|
|
||||||
// Save other headers available in the request parameters.
|
// Save other headers available in the request parameters.
|
||||||
for k, v := range req.URL.Query() {
|
for k, v := range req.URL.Query() {
|
||||||
@ -313,7 +313,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
|
|||||||
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, region)
|
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, region)
|
||||||
|
|
||||||
// Get hmac presigned signing key.
|
// Get hmac presigned signing key.
|
||||||
presignedSigningKey := getSigningKey(cred.SecretAccessKey, t, region)
|
presignedSigningKey := getSigningKey(cred.SecretKey, t, region)
|
||||||
|
|
||||||
// Get new signature.
|
// Get new signature.
|
||||||
newSignature := getSignature(presignedSigningKey, presignedStringToSign)
|
newSignature := getSignature(presignedSigningKey, presignedStringToSign)
|
||||||
@ -369,7 +369,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Verify if the access key id matches.
|
// Verify if the access key id matches.
|
||||||
if signV4Values.Credential.accessKey != cred.AccessKeyID {
|
if signV4Values.Credential.accessKey != cred.AccessKey {
|
||||||
return ErrInvalidAccessKeyID
|
return ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -410,7 +410,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
|
|||||||
stringToSign := getStringToSign(canonicalRequest, t, region)
|
stringToSign := getStringToSign(canonicalRequest, t, region)
|
||||||
|
|
||||||
// Get hmac signing key.
|
// Get hmac signing key.
|
||||||
signingKey := getSigningKey(cred.SecretAccessKey, t, region)
|
signingKey := getSigningKey(cred.SecretKey, t, region)
|
||||||
|
|
||||||
// Calculate signature.
|
// Calculate signature.
|
||||||
newSignature := getSignature(signingKey, stringToSign)
|
newSignature := getSignature(signingKey, stringToSign)
|
||||||
|
@ -36,7 +36,7 @@ func niceError(code APIErrorCode) string {
|
|||||||
func TestDoesPolicySignatureMatch(t *testing.T) {
|
func TestDoesPolicySignatureMatch(t *testing.T) {
|
||||||
credentialTemplate := "%s/%s/%s/s3/aws4_request"
|
credentialTemplate := "%s/%s/%s/s3/aws4_request"
|
||||||
now := time.Now().UTC()
|
now := time.Now().UTC()
|
||||||
accessKey := serverConfig.GetCredential().AccessKeyID
|
accessKey := serverConfig.GetCredential().AccessKey
|
||||||
|
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
form map[string]string
|
form map[string]string
|
||||||
@ -83,7 +83,7 @@ func TestDoesPolicySignatureMatch(t *testing.T) {
|
|||||||
form: map[string]string{
|
form: map[string]string{
|
||||||
"X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "us-east-1"),
|
"X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "us-east-1"),
|
||||||
"X-Amz-Date": now.Format(iso8601Format),
|
"X-Amz-Date": now.Format(iso8601Format),
|
||||||
"X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretAccessKey, now, "us-east-1"), "policy"),
|
"X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretKey, now, "us-east-1"), "policy"),
|
||||||
"Policy": "policy",
|
"Policy": "policy",
|
||||||
},
|
},
|
||||||
expected: ErrNone,
|
expected: ErrNone,
|
||||||
@ -112,7 +112,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
|
|||||||
credentialTemplate := "%s/%s/%s/s3/aws4_request"
|
credentialTemplate := "%s/%s/%s/s3/aws4_request"
|
||||||
|
|
||||||
region := serverConfig.GetRegion()
|
region := serverConfig.GetRegion()
|
||||||
accessKeyID := serverConfig.GetCredential().AccessKeyID
|
accessKeyID := serverConfig.GetCredential().AccessKey
|
||||||
testCases := []struct {
|
testCases := []struct {
|
||||||
queryParams map[string]string
|
queryParams map[string]string
|
||||||
headers map[string]string
|
headers map[string]string
|
||||||
|
@ -104,8 +104,8 @@ func newStorageRPC(ep *url.URL) (StorageAPI, error) {
|
|||||||
rpcAddr := ep.Host
|
rpcAddr := ep.Host
|
||||||
|
|
||||||
// Initialize rpc client with network address and rpc path.
|
// Initialize rpc client with network address and rpc path.
|
||||||
accessKeyID := serverConfig.GetCredential().AccessKeyID
|
accessKeyID := serverConfig.GetCredential().AccessKey
|
||||||
secretAccessKey := serverConfig.GetCredential().SecretAccessKey
|
secretAccessKey := serverConfig.GetCredential().SecretKey
|
||||||
if ep.User != nil {
|
if ep.User != nil {
|
||||||
accessKeyID = ep.User.Username()
|
accessKeyID = ep.User.Username()
|
||||||
if key, set := ep.User.Password(); set {
|
if key, set := ep.User.Password(); set {
|
||||||
|
@ -45,12 +45,12 @@ func createTestStorageServer(t *testing.T) *testStorageRPCServer {
|
|||||||
t.Fatalf("unable to get new JWT, %s", err)
|
t.Fatalf("unable to get new JWT, %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
err = jwt.Authenticate(serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey)
|
err = jwt.Authenticate(serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unable for JWT to authenticate, %s", err)
|
t.Fatalf("unable for JWT to authenticate, %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKeyID)
|
token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("unable for JWT to generate token, %s", err)
|
t.Fatalf("unable for JWT to generate token, %s", err)
|
||||||
}
|
}
|
||||||
|
@ -56,7 +56,7 @@ func getChunkSignature(seedSignature string, date time.Time, hashedChunk string)
|
|||||||
hashedChunk
|
hashedChunk
|
||||||
|
|
||||||
// Get hmac signing key.
|
// Get hmac signing key.
|
||||||
signingKey := getSigningKey(cred.SecretAccessKey, date, region)
|
signingKey := getSigningKey(cred.SecretKey, date, region)
|
||||||
|
|
||||||
// Calculate signature.
|
// Calculate signature.
|
||||||
newSignature := getSignature(signingKey, stringToSign)
|
newSignature := getSignature(signingKey, stringToSign)
|
||||||
@ -101,7 +101,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
|
|||||||
return "", time.Time{}, errCode
|
return "", time.Time{}, errCode
|
||||||
}
|
}
|
||||||
// Verify if the access key id matches.
|
// Verify if the access key id matches.
|
||||||
if signV4Values.Credential.accessKey != cred.AccessKeyID {
|
if signV4Values.Credential.accessKey != cred.AccessKey {
|
||||||
return "", time.Time{}, ErrInvalidAccessKeyID
|
return "", time.Time{}, ErrInvalidAccessKeyID
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
|
|||||||
stringToSign := getStringToSign(canonicalRequest, date, region)
|
stringToSign := getStringToSign(canonicalRequest, date, region)
|
||||||
|
|
||||||
// Get hmac signing key.
|
// Get hmac signing key.
|
||||||
signingKey := getSigningKey(cred.SecretAccessKey, date, region)
|
signingKey := getSigningKey(cred.SecretKey, date, region)
|
||||||
|
|
||||||
// Calculate signature.
|
// Calculate signature.
|
||||||
newSignature := getSignature(signingKey, stringToSign)
|
newSignature := getSignature(signingKey, stringToSign)
|
||||||
|
@ -199,8 +199,8 @@ func UnstartedTestServer(t TestErrHandler, instanceType string) TestServer {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Unexpected error %s", err)
|
t.Fatalf("Unexpected error %s", err)
|
||||||
}
|
}
|
||||||
testServer.AccessKey = credentials.AccessKeyID
|
testServer.AccessKey = credentials.AccessKey
|
||||||
testServer.SecretKey = credentials.SecretAccessKey
|
testServer.SecretKey = credentials.SecretKey
|
||||||
|
|
||||||
objLayer, storageDisks, err := initObjectLayer(testServer.Disks)
|
objLayer, storageDisks, err := initObjectLayer(testServer.Disks)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -361,8 +361,8 @@ func StartTestStorageRPCServer(t TestErrHandler, instanceType string, diskN int)
|
|||||||
|
|
||||||
testRPCServer.Root = root
|
testRPCServer.Root = root
|
||||||
testRPCServer.Disks = endpoints
|
testRPCServer.Disks = endpoints
|
||||||
testRPCServer.AccessKey = credentials.AccessKeyID
|
testRPCServer.AccessKey = credentials.AccessKey
|
||||||
testRPCServer.SecretKey = credentials.SecretAccessKey
|
testRPCServer.SecretKey = credentials.SecretKey
|
||||||
|
|
||||||
// Run TestServer.
|
// Run TestServer.
|
||||||
testRPCServer.Server = httptest.NewServer(initTestStorageRPCEndPoint(serverCmdConfig{
|
testRPCServer.Server = httptest.NewServer(initTestStorageRPCEndPoint(serverCmdConfig{
|
||||||
@ -396,8 +396,8 @@ func StartTestPeersRPCServer(t TestErrHandler, instanceType string) TestServer {
|
|||||||
|
|
||||||
testRPCServer.Root = root
|
testRPCServer.Root = root
|
||||||
testRPCServer.Disks = endpoints
|
testRPCServer.Disks = endpoints
|
||||||
testRPCServer.AccessKey = credentials.AccessKeyID
|
testRPCServer.AccessKey = credentials.AccessKey
|
||||||
testRPCServer.SecretKey = credentials.SecretAccessKey
|
testRPCServer.SecretKey = credentials.SecretKey
|
||||||
|
|
||||||
// create temporary backend for the test server.
|
// create temporary backend for the test server.
|
||||||
objLayer, storageDisks, err := initObjectLayer(endpoints)
|
objLayer, storageDisks, err := initObjectLayer(endpoints)
|
||||||
@ -2131,8 +2131,8 @@ func StartTestBrowserPeerRPCServer(t TestErrHandler, instanceType string) TestSe
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
testRPCServer.Root = root
|
testRPCServer.Root = root
|
||||||
testRPCServer.AccessKey = credentials.AccessKeyID
|
testRPCServer.AccessKey = credentials.AccessKey
|
||||||
testRPCServer.SecretKey = credentials.SecretAccessKey
|
testRPCServer.SecretKey = credentials.SecretKey
|
||||||
|
|
||||||
// Initialize and run the TestServer.
|
// Initialize and run the TestServer.
|
||||||
testRPCServer.Server = httptest.NewServer(initTestBrowserPeerRPCEndPoint())
|
testRPCServer.Server = httptest.NewServer(initTestBrowserPeerRPCEndPoint())
|
||||||
@ -2152,8 +2152,8 @@ func StartTestS3PeerRPCServer(t TestErrHandler) (TestServer, []string) {
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
testRPCServer.Root = root
|
testRPCServer.Root = root
|
||||||
testRPCServer.AccessKey = credentials.AccessKeyID
|
testRPCServer.AccessKey = credentials.AccessKey
|
||||||
testRPCServer.SecretKey = credentials.SecretAccessKey
|
testRPCServer.SecretKey = credentials.SecretKey
|
||||||
|
|
||||||
// init disks
|
// init disks
|
||||||
objLayer, fsDirs, err := prepareXL()
|
objLayer, fsDirs, err := prepareXL()
|
||||||
|
@ -52,7 +52,7 @@ func isJWTReqAuthenticated(req *http.Request) bool {
|
|||||||
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
return []byte(jwt.SecretAccessKey), nil
|
return []byte(jwt.SecretKey), nil
|
||||||
}
|
}
|
||||||
token, err := jwtreq.ParseFromRequest(req, jwtreq.AuthorizationHeaderExtractor, reqCallback)
|
token, err := jwtreq.ParseFromRequest(req, jwtreq.AuthorizationHeaderExtractor, reqCallback)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -347,9 +347,9 @@ func (web webAPIHandlers) GenerateAuth(r *http.Request, args *WebGenericArgs, re
|
|||||||
if !isJWTReqAuthenticated(r) {
|
if !isJWTReqAuthenticated(r) {
|
||||||
return toJSONError(errAuthentication)
|
return toJSONError(errAuthentication)
|
||||||
}
|
}
|
||||||
cred := mustGenAccessKeys()
|
cred := newCredential()
|
||||||
reply.AccessKey = cred.AccessKeyID
|
reply.AccessKey = cred.AccessKey
|
||||||
reply.SecretKey = cred.SecretAccessKey
|
reply.SecretKey = cred.SecretKey
|
||||||
reply.UIVersion = miniobrowser.UIVersion
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -375,8 +375,8 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
|
|||||||
|
|
||||||
// Initialize jwt with the new access keys, fail if not possible.
|
// Initialize jwt with the new access keys, fail if not possible.
|
||||||
jwt, err := newJWT(defaultJWTExpiry, credential{
|
jwt, err := newJWT(defaultJWTExpiry, credential{
|
||||||
AccessKeyID: args.AccessKey,
|
AccessKey: args.AccessKey,
|
||||||
SecretAccessKey: args.SecretKey,
|
SecretKey: args.SecretKey,
|
||||||
}) // JWT Expiry set to 24Hrs.
|
}) // JWT Expiry set to 24Hrs.
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return toJSONError(err)
|
return toJSONError(err)
|
||||||
@ -460,8 +460,8 @@ func (web *webAPIHandlers) GetAuth(r *http.Request, args *WebGenericArgs, reply
|
|||||||
return toJSONError(errAuthentication)
|
return toJSONError(errAuthentication)
|
||||||
}
|
}
|
||||||
creds := serverConfig.GetCredential()
|
creds := serverConfig.GetCredential()
|
||||||
reply.AccessKey = creds.AccessKeyID
|
reply.AccessKey = creds.AccessKey
|
||||||
reply.SecretKey = creds.SecretAccessKey
|
reply.SecretKey = creds.SecretKey
|
||||||
reply.UIVersion = miniobrowser.UIVersion
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@ -531,7 +531,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) {
|
|||||||
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
|
||||||
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
||||||
}
|
}
|
||||||
return []byte(jwt.SecretAccessKey), nil
|
return []byte(jwt.SecretKey), nil
|
||||||
})
|
})
|
||||||
if e != nil || !token.Valid {
|
if e != nil || !token.Valid {
|
||||||
writeWebErrorResponse(w, errAuthentication)
|
writeWebErrorResponse(w, errAuthentication)
|
||||||
@ -760,8 +760,8 @@ func presignedGet(host, bucket, object string, expiry int64) string {
|
|||||||
cred := serverConfig.GetCredential()
|
cred := serverConfig.GetCredential()
|
||||||
region := serverConfig.GetRegion()
|
region := serverConfig.GetRegion()
|
||||||
|
|
||||||
accessKey := cred.AccessKeyID
|
accessKey := cred.AccessKey
|
||||||
secretKey := cred.SecretAccessKey
|
secretKey := cred.SecretKey
|
||||||
|
|
||||||
date := time.Now().UTC()
|
date := time.Now().UTC()
|
||||||
dateStr := date.Format(iso8601Format)
|
dateStr := date.Format(iso8601Format)
|
||||||
|
@ -149,7 +149,7 @@ func testLoginWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler)
|
|||||||
{"", "foo", false},
|
{"", "foo", false},
|
||||||
{"azerty", "", false},
|
{"azerty", "", false},
|
||||||
{"azerty", "foo", false},
|
{"azerty", "foo", false},
|
||||||
{credentials.AccessKeyID, credentials.SecretAccessKey, true},
|
{credentials.AccessKey, credentials.SecretKey, true},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Iterating over the test cases, calling the function under test and asserting the response.
|
// Iterating over the test cases, calling the function under test and asserting the response.
|
||||||
@ -186,7 +186,7 @@ func testStorageInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -232,7 +232,7 @@ func testServerInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -278,7 +278,7 @@ func testMakeBucketWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -338,7 +338,7 @@ func testListBucketsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -397,7 +397,7 @@ func testListObjectsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
|
|||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -468,7 +468,7 @@ func testRemoveObjectWebHandler(obj ObjectLayer, instanceType string, t TestErrH
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -544,7 +544,7 @@ func testGenerateAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrH
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -590,7 +590,7 @@ func testSetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -651,7 +651,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -670,7 +670,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Failed, %v", err)
|
t.Fatalf("Failed, %v", err)
|
||||||
}
|
}
|
||||||
if getAuthReply.AccessKey != credentials.AccessKeyID || getAuthReply.SecretKey != credentials.SecretAccessKey {
|
if getAuthReply.AccessKey != credentials.AccessKey || getAuthReply.SecretKey != credentials.SecretKey {
|
||||||
t.Fatalf("Failed to get correct auth keys")
|
t.Fatalf("Failed to get correct auth keys")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -696,7 +696,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -760,7 +760,7 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
|
|||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -815,7 +815,7 @@ func testWebPresignedGetHandler(obj ObjectLayer, instanceType string, t TestErrH
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -928,7 +928,7 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -1011,7 +1011,7 @@ func testWebListAllBucketPoliciesHandler(obj ObjectLayer, instanceType string, t
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -1117,7 +1117,7 @@ func testWebSetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
|
|||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate")
|
t.Fatal("Cannot authenticate")
|
||||||
}
|
}
|
||||||
@ -1278,7 +1278,7 @@ func TestWebObjectLayerNotReady(t *testing.T) {
|
|||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate", err)
|
t.Fatal("Cannot authenticate", err)
|
||||||
}
|
}
|
||||||
@ -1382,7 +1382,7 @@ func TestWebObjectLayerFaultyDisks(t *testing.T) {
|
|||||||
rec := httptest.NewRecorder()
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
credentials := serverConfig.GetCredential()
|
credentials := serverConfig.GetCredential()
|
||||||
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal("Cannot authenticate", err)
|
t.Fatal("Cannot authenticate", err)
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user