Generate and use access/secret keys properly (#3498)

This commit is contained in:
Bala FA 2016-12-26 23:51:23 +05:30 committed by Harshavardhana
parent 6ee27daac1
commit e8ce3b64ed
42 changed files with 429 additions and 447 deletions

View File

@ -1,91 +0,0 @@
/*
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package cmd
import (
"crypto/rand"
"encoding/base64"
)
// credential container for access and secret keys.
type credential struct {
AccessKeyID string `json:"accessKey"`
SecretAccessKey string `json:"secretKey"`
}
const (
accessKeyMinLen = 5
accessKeyMaxLen = 20
secretKeyMinLen = 8
secretKeyMaxLen = 40
)
// isValidAccessKey - validate access key for right length.
func isValidAccessKey(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
}
// isValidSecretKey - validate secret key for right length.
func isValidSecretKey(secretKey string) bool {
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
}
// mustGenAccessKeys - must generate access credentials.
func mustGenAccessKeys() (creds credential) {
creds, err := genAccessKeys()
fatalIf(err, "Unable to generate access keys.")
return creds
}
// genAccessKeys - generate access credentials.
func genAccessKeys() (credential, error) {
accessKeyID, err := genAccessKeyID()
if err != nil {
return credential{}, err
}
secretAccessKey, err := genSecretAccessKey()
if err != nil {
return credential{}, err
}
creds := credential{
AccessKeyID: string(accessKeyID),
SecretAccessKey: string(secretAccessKey),
}
return creds, nil
}
// genAccessKeyID - generate random alpha numeric value using only uppercase characters
// takes input as size in integer
func genAccessKeyID() ([]byte, error) {
alpha := make([]byte, accessKeyMaxLen)
if _, err := rand.Read(alpha); err != nil {
return nil, err
}
for i := 0; i < accessKeyMaxLen; i++ {
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
}
return alpha, nil
}
// genSecretAccessKey - generate random base64 numeric value from a random seed.
func genSecretAccessKey() ([]byte, error) {
rb := make([]byte, secretKeyMaxLen)
if _, err := rand.Read(rb); err != nil {
return nil, err
}
return []byte(base64.StdEncoding.EncodeToString(rb))[:secretKeyMaxLen], nil
}

View File

@ -83,7 +83,7 @@ func getAdminCmdRequest(cmd cmdType, cred credential) (*http.Request, error) {
return nil, err return nil, err
} }
req.Header.Set(minioAdminOpHeader, cmd.String()) req.Header.Set(minioAdminOpHeader, cmd.String())
err = signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey) err = signRequestV4(req, cred.AccessKey, cred.SecretKey)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View File

@ -109,8 +109,8 @@ func makeAdminPeers(eps []*url.URL) adminPeers {
// Check if the remote host has been added already // Check if the remote host has been added already
if !seenAddr[ep.Host] { if !seenAddr[ep.Host] {
cfg := authConfig{ cfg := authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID, accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretAccessKey, secretKey: serverConfig.GetCredential().SecretKey,
address: ep.Host, address: ep.Host,
secureConn: isSSL(), secureConn: isSSL(),
path: path.Join(reservedBucket, servicePath), path: path.Join(reservedBucket, servicePath),

View File

@ -31,7 +31,7 @@ func testAdminCmd(cmd cmdType, t *testing.T) {
adminServer := serviceCmd{} adminServer := serviceCmd{}
creds := serverConfig.GetCredential() creds := serverConfig.GetCredential()
reply := RPCLoginReply{} reply := RPCLoginReply{}
args := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey} args := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
err = adminServer.LoginHandler(&args, &reply) err = adminServer.LoginHandler(&args, &reply)
if err != nil { if err != nil {
t.Fatalf("Failed to login to admin server - %v", err) t.Fatalf("Failed to login to admin server - %v", err)

View File

@ -25,23 +25,26 @@ import (
"strconv" "strconv"
) )
// Static alphanumeric table used for generating unique request ids const requestIDLen = 16
var alphaNumericTable = []byte("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ")
// newRequestID generates and returns request ID string. // mustGetRequestID generates and returns request ID string.
func newRequestID() string { func mustGetRequestID() string {
alpha := make([]byte, 16) reqBytes := make([]byte, requestIDLen)
rand.Read(alpha) if _, err := rand.Read(reqBytes); err != nil {
for i := 0; i < 16; i++ { panic(err)
alpha[i] = alphaNumericTable[alpha[i]%byte(len(alphaNumericTable))]
} }
return string(alpha)
for i := 0; i < requestIDLen; i++ {
reqBytes[i] = alphaNumericTable[reqBytes[i]%alphaNumericTableLen]
}
return string(reqBytes)
} }
// Write http common headers // Write http common headers
func setCommonHeaders(w http.ResponseWriter) { func setCommonHeaders(w http.ResponseWriter) {
// Set unique request ID for each reply. // Set unique request ID for each reply.
w.Header().Set("X-Amz-Request-Id", newRequestID()) w.Header().Set("X-Amz-Request-Id", mustGetRequestID())
w.Header().Set("Server", ("Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")")) w.Header().Set("Server", ("Minio/" + ReleaseTag + " (" + runtime.GOOS + "; " + runtime.GOARCH + ")"))
w.Header().Set("Accept-Ranges", "bytes") w.Header().Set("Accept-Ranges", "bytes")
} }

View File

@ -22,7 +22,7 @@ import (
func TestNewRequestID(t *testing.T) { func TestNewRequestID(t *testing.T) {
// Ensure that it returns an alphanumeric result of length 16. // Ensure that it returns an alphanumeric result of length 16.
var id = newRequestID() var id = mustGetRequestID()
if len(id) != 16 { if len(id) != 16 {
t.Fail() t.Fail()

View File

@ -301,7 +301,7 @@ func mustNewRequest(method string, urlStr string, contentLength int64, body io.R
func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request { func mustNewSignedRequest(method string, urlStr string, contentLength int64, body io.ReadSeeker, t *testing.T) *http.Request {
req := mustNewRequest(method, urlStr, contentLength, body, t) req := mustNewRequest(method, urlStr, contentLength, body, t)
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
if err := signRequestV4(req, cred.AccessKeyID, cred.SecretAccessKey); err != nil { if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
t.Fatalf("Unable to inititalized new signed http request %s", err) t.Fatalf("Unable to inititalized new signed http request %s", err)
} }
return req return req

View File

@ -74,7 +74,7 @@ func isRPCTokenValid(tokenStr string) bool {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok { if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
} }
return []byte(jwt.SecretAccessKey), nil return []byte(jwt.SecretKey), nil
}) })
if err != nil { if err != nil {
errorIf(err, "Unable to parse JWT token string") errorIf(err, "Unable to parse JWT token string")

View File

@ -103,8 +103,8 @@ func updateCredsOnPeers(creds credential) map[string]error {
// Initialize client // Initialize client
client := newAuthClient(&authConfig{ client := newAuthClient(&authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID, accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretAccessKey, secretKey: serverConfig.GetCredential().SecretKey,
address: peers[ix], address: peers[ix],
secureConn: isSSL(), secureConn: isSSL(),
path: path.Join(reservedBucket, browserPeerPath), path: path.Join(reservedBucket, browserPeerPath),

View File

@ -63,8 +63,8 @@ func TestBrowserPeerRPC(t *testing.T) {
func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) { func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
// Construct RPC call arguments. // Construct RPC call arguments.
creds := credential{ creds := credential{
AccessKeyID: "abcd1", AccessKey: "abcd1",
SecretAccessKey: "abcd1234", SecretKey: "abcd1234",
} }
// Validate for invalid token. // Validate for invalid token.
@ -105,8 +105,8 @@ func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) {
// Validate for success in loing handled with valid credetnails. // Validate for success in loing handled with valid credetnails.
rargs = &RPCLoginArgs{ rargs = &RPCLoginArgs{
Username: creds.AccessKeyID, Username: creds.AccessKey,
Password: creds.SecretAccessKey, Password: creds.SecretKey,
} }
rreply = &RPCLoginReply{} rreply = &RPCLoginReply{}
err = rclient.Call("BrowserPeer.LoginHandler", rargs, rreply) err = rclient.Call("BrowserPeer.LoginHandler", rargs, rreply)

View File

@ -50,8 +50,8 @@ func testGetBucketLocationHandler(obj ObjectLayer, instanceType, bucketName stri
// Tests for authenticated request and proper response. // Tests for authenticated request and proper response.
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
locationResponse: []byte(`<?xml version="1.0" encoding="UTF-8"?> locationResponse: []byte(`<?xml version="1.0" encoding="UTF-8"?>
<LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>`), <LocationConstraint xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></LocationConstraint>`),
@ -192,16 +192,16 @@ func testHeadBucketHandler(obj ObjectLayer, instanceType, bucketName string, api
// Bucket exists. // Bucket exists.
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
// Test case - 2. // Test case - 2.
// Non-existent bucket name. // Non-existent bucket name.
{ {
bucketName: "2333", bucketName: "2333",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 3. // Test case - 3.
@ -311,8 +311,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "", delimiter: "",
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
shouldPass: false, shouldPass: false,
}, },
@ -325,8 +325,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "", delimiter: "",
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
shouldPass: false, shouldPass: false,
}, },
@ -339,8 +339,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "-", delimiter: "-",
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented, expectedRespStatus: http.StatusNotImplemented,
shouldPass: false, shouldPass: false,
}, },
@ -353,8 +353,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "", delimiter: "",
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented, expectedRespStatus: http.StatusNotImplemented,
shouldPass: false, shouldPass: false,
}, },
@ -367,8 +367,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "abc", uploadIDMarker: "abc",
delimiter: "", delimiter: "",
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotImplemented, expectedRespStatus: http.StatusNotImplemented,
shouldPass: false, shouldPass: false,
}, },
@ -381,8 +381,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "", delimiter: "",
maxUploads: "-1", maxUploads: "-1",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
shouldPass: false, shouldPass: false,
}, },
@ -396,8 +396,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "/", delimiter: "/",
maxUploads: "100", maxUploads: "100",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
shouldPass: true, shouldPass: true,
}, },
@ -410,8 +410,8 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
uploadIDMarker: "", uploadIDMarker: "",
delimiter: "", delimiter: "",
maxUploads: "100", maxUploads: "100",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
shouldPass: true, shouldPass: true,
}, },
@ -535,8 +535,8 @@ func testListBucketsHandler(obj ObjectLayer, instanceType, bucketName string, ap
// Validate a good case request succeeds. // Validate a good case request succeeds.
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
// Test case - 2. // Test case - 2.
@ -684,7 +684,7 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
bucket: bucketName, bucket: bucketName,
objects: successRequest0, objects: successRequest0,
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: nil, expectedContent: nil,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
@ -693,8 +693,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{ {
bucket: bucketName, bucket: bucketName,
objects: successRequest0, objects: successRequest0,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse0, expectedContent: encodedSuccessResponse0,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
@ -703,8 +703,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{ {
bucket: bucketName, bucket: bucketName,
objects: successRequest1, objects: successRequest1,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse1, expectedContent: encodedSuccessResponse1,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
@ -713,8 +713,8 @@ func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketNa
{ {
bucket: bucketName, bucket: bucketName,
objects: successRequest1, objects: successRequest1,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodedErrorResponse, expectedContent: encodedErrorResponse,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },

View File

@ -209,7 +209,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
} }
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName), req, err := newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err) t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
} }
@ -222,7 +222,7 @@ func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName
} }
rec = httptest.NewRecorder() rec = httptest.NewRecorder()
req, err = newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName), req, err = newTestSignedRequestV4("GET", getGetBucketNotificationURL("", bucketName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err) t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, err)
} }
@ -268,7 +268,7 @@ func testListenBucketNotificationNilHandler(obj ObjectLayer, instanceType, bucke
[]string{"*.jpg"}, []string{ []string{"*.jpg"}, []string{
"s3:ObjectCreated:*", "s3:ObjectCreated:*",
"s3:ObjectRemoved:*", "s3:ObjectRemoved:*",
}), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) }), 0, nil, credentials.AccessKey, credentials.SecretKey)
if tErr != nil { if tErr != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, tErr) t.Fatalf("%s: Failed to create HTTP testRequest for ListenBucketNotification: <ERROR> %v", instanceType, tErr)
} }
@ -294,7 +294,7 @@ func testRemoveNotificationConfig(obj ObjectLayer, instanceType, bucketName stri
testRec := httptest.NewRecorder() testRec := httptest.NewRecorder()
testReq, tErr := newTestSignedRequestV4("PUT", getPutBucketNotificationURL("", randBucket), testReq, tErr := newTestSignedRequestV4("PUT", getPutBucketNotificationURL("", randBucket),
int64(len(sampleNotificationBytes)), bytes.NewReader(sampleNotificationBytes), int64(len(sampleNotificationBytes)), bytes.NewReader(sampleNotificationBytes),
credentials.AccessKeyID, credentials.SecretAccessKey) credentials.AccessKey, credentials.SecretKey)
if tErr != nil { if tErr != nil {
t.Fatalf("%s: Failed to create HTTP testRequest for PutBucketNotification: <ERROR> %v", instanceType, tErr) t.Fatalf("%s: Failed to create HTTP testRequest for PutBucketNotification: <ERROR> %v", instanceType, tErr)
} }

View File

@ -277,8 +277,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)), policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
// Test case - 2. // Test case - 2.
@ -289,8 +289,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: maxAccessPolicySize + 1, policyLen: maxAccessPolicySize + 1,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 3. // Test case - 3.
@ -301,8 +301,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: 0, policyLen: 0,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusLengthRequired, expectedRespStatus: http.StatusLengthRequired,
}, },
// Test case - 4. // Test case - 4.
@ -312,8 +312,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: nil, bucketPolicyReader: nil,
policyLen: 10, policyLen: 10,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 5. // Test case - 5.
@ -336,8 +336,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")), bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")),
policyLen: len([]byte("dummy-policy")), policyLen: len([]byte("dummy-policy")),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 7. // Test case - 7.
@ -348,8 +348,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)), policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 8. // Test case - 8.
@ -361,8 +361,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)), policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 9. // Test case - 9.
@ -374,8 +374,8 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))), bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)), policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
} }
@ -469,7 +469,7 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// expected Response. // expected Response.
expectedRespStatus int expectedRespStatus int
}{ }{
{bucketName, credentials.AccessKeyID, credentials.SecretAccessKey, http.StatusNoContent}, {bucketName, credentials.AccessKey, credentials.SecretKey, http.StatusNoContent},
} }
// Iterating over the cases and writing the bucket policy. // Iterating over the cases and writing the bucket policy.
@ -520,8 +520,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case which valid inputs, expected to return success status of 200OK. // Case which valid inputs, expected to return success status of 200OK.
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedBucketPolicy: bucketPolicyTemplate, expectedBucketPolicy: bucketPolicyTemplate,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
@ -529,8 +529,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case with non-existent bucket name. // Case with non-existent bucket name.
{ {
bucketName: "non-existent-bucket", bucketName: "non-existent-bucket",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedBucketPolicy: bucketPolicyTemplate, expectedBucketPolicy: bucketPolicyTemplate,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
@ -538,8 +538,8 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
// Case with invalid bucket name. // Case with invalid bucket name.
{ {
bucketName: ".invalid-bucket-name", bucketName: ".invalid-bucket-name",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedBucketPolicy: "", expectedBucketPolicy: "",
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
@ -693,8 +693,8 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
}{ }{
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
} }
@ -731,24 +731,24 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
// Test case - 1. // Test case - 1.
{ {
bucketName: bucketName, bucketName: bucketName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
// Test case - 2. // Test case - 2.
// Case with non-existent-bucket. // Case with non-existent-bucket.
{ {
bucketName: "non-existent-bucket", bucketName: "non-existent-bucket",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 3. // Test case - 3.
// Case with invalid bucket name. // Case with invalid bucket name.
{ {
bucketName: ".invalid-bucket-name", bucketName: ".invalid-bucket-name",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
} }

View File

@ -112,8 +112,8 @@ func migrateV2ToV3() error {
srvConfig.Version = "3" srvConfig.Version = "3"
srvConfig.Addr = ":9000" srvConfig.Addr = ":9000"
srvConfig.Credential = credential{ srvConfig.Credential = credential{
AccessKeyID: cv2.Credentials.AccessKeyID, AccessKey: cv2.Credentials.AccessKey,
SecretAccessKey: cv2.Credentials.SecretAccessKey, SecretKey: cv2.Credentials.SecretKey,
} }
srvConfig.Region = cv2.Credentials.Region srvConfig.Region = cv2.Credentials.Region
if srvConfig.Region == "" { if srvConfig.Region == "" {

View File

@ -148,11 +148,11 @@ func TestServerConfigMigrateV2toV11(t *testing.T) {
} }
// Check if accessKey and secretKey are not altered during migration // Check if accessKey and secretKey are not altered during migration
if serverConfig.Credential.AccessKeyID != accessKey { if serverConfig.Credential.AccessKey != accessKey {
t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKeyID) t.Fatalf("Access key lost during migration, expected: %v, found:%v", accessKey, serverConfig.Credential.AccessKey)
} }
if serverConfig.Credential.SecretAccessKey != secretKey { if serverConfig.Credential.SecretKey != secretKey {
t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretAccessKey) t.Fatalf("Secret key lost during migration, expected: %v, found: %v", secretKey, serverConfig.Credential.SecretKey)
} }
// Initialize server config and check again if everything is fine // Initialize server config and check again if everything is fine

View File

@ -10,9 +10,9 @@ import (
/////////////////// Config V1 /////////////////// /////////////////// Config V1 ///////////////////
type configV1 struct { type configV1 struct {
Version string `json:"version"` Version string `json:"version"`
AccessKeyID string `json:"accessKeyId"` AccessKey string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"` SecretKey string `json:"secretAccessKey"`
} }
// loadConfigV1 load config // loadConfigV1 load config
@ -41,9 +41,9 @@ func loadConfigV1() (*configV1, error) {
type configV2 struct { type configV2 struct {
Version string `json:"version"` Version string `json:"version"`
Credentials struct { Credentials struct {
AccessKeyID string `json:"accessKeyId"` AccessKey string `json:"accessKeyId"`
SecretAccessKey string `json:"secretAccessKey"` SecretKey string `json:"secretAccessKey"`
Region string `json:"region"` Region string `json:"region"`
} `json:"credentials"` } `json:"credentials"`
MongoLogger struct { MongoLogger struct {
Addr string `json:"addr"` Addr string `json:"addr"`

View File

@ -50,7 +50,7 @@ func initConfig() (bool, error) {
srvCfg := &serverConfigV11{} srvCfg := &serverConfigV11{}
srvCfg.Version = globalMinioConfigVersion srvCfg.Version = globalMinioConfigVersion
srvCfg.Region = "us-east-1" srvCfg.Region = "us-east-1"
srvCfg.Credential = mustGenAccessKeys() srvCfg.Credential = newCredential()
// Enable console logger by default on a fresh run. // Enable console logger by default on a fresh run.
srvCfg.Logger.Console = consoleLogger{ srvCfg.Logger.Console = consoleLogger{

74
cmd/credential.go Normal file
View File

@ -0,0 +1,74 @@
/*
* Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package cmd
import (
"crypto/rand"
"encoding/base64"
)
const (
accessKeyMinLen = 5
accessKeyMaxLen = 20
secretKeyMinLen = 8
secretKeyMaxLen = 40
alphaNumericTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
alphaNumericTableLen = byte(len(alphaNumericTable))
)
func mustGetAccessKey() string {
keyBytes := make([]byte, accessKeyMaxLen)
if _, err := rand.Read(keyBytes); err != nil {
panic(err)
}
for i := 0; i < accessKeyMaxLen; i++ {
keyBytes[i] = alphaNumericTable[keyBytes[i]%alphaNumericTableLen]
}
return string(keyBytes)
}
func mustGetSecretKey() string {
keyBytes := make([]byte, secretKeyMaxLen)
if _, err := rand.Read(keyBytes); err != nil {
panic(err)
}
return string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen])
}
// isAccessKeyValid - validate access key for right length.
func isAccessKeyValid(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen && len(accessKey) <= accessKeyMaxLen
}
// isSecretKeyValid - validate secret key for right length.
func isSecretKeyValid(secretKey string) bool {
return len(secretKey) >= secretKeyMinLen && len(secretKey) <= secretKeyMaxLen
}
// credential container for access and secret keys.
type credential struct {
AccessKey string `json:"accessKey"`
SecretKey string `json:"secretKey"`
}
func newCredential() credential {
return credential{mustGetAccessKey(), mustGetSecretKey()}
}

View File

@ -268,5 +268,5 @@ func (n *nsLockMap) deleteLockInfoEntryForOps(param nsParam, opsID string) error
// Return randomly generated string ID // Return randomly generated string ID
func getOpsID() string { func getOpsID() string {
return newRequestID() return mustGetRequestID()
} }

View File

@ -55,7 +55,7 @@ func createLockTestServer(t *testing.T) (string, *lockServer, string) {
lockMap: make(map[string][]lockRequesterInfo), lockMap: make(map[string][]lockRequesterInfo),
} }
creds := serverConfig.GetCredential() creds := serverConfig.GetCredential()
loginArgs := RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey} loginArgs := RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey}
loginReply := RPCLoginReply{} loginReply := RPCLoginReply{}
err = locker.LoginHandler(&loginArgs, &loginReply) err = locker.LoginHandler(&loginArgs, &loginReply)
if err != nil { if err != nil {

View File

@ -32,7 +32,7 @@ func TestLoginHandler(t *testing.T) {
}{ }{
// Valid username and password // Valid username and password
{ {
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: creds.SecretAccessKey}, args: RPCLoginArgs{Username: creds.AccessKey, Password: creds.SecretKey},
expectedErr: nil, expectedErr: nil,
}, },
// Invalid username length // Invalid username length
@ -47,12 +47,12 @@ func TestLoginHandler(t *testing.T) {
}, },
// Invalid username // Invalid username
{ {
args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretAccessKey}, args: RPCLoginArgs{Username: "aaaaa", Password: creds.SecretKey},
expectedErr: errInvalidAccessKeyID, expectedErr: errInvalidAccessKeyID,
}, },
// Invalid password // Invalid password
{ {
args: RPCLoginArgs{Username: creds.AccessKeyID, Password: "aaaaaaaa"}, args: RPCLoginArgs{Username: creds.AccessKey, Password: "aaaaaaaa"},
expectedErr: errAuthentication, expectedErr: errAuthentication,
}, },
} }

View File

@ -189,14 +189,14 @@ func minioInit() {
if accessKey != "" && secretKey != "" { if accessKey != "" && secretKey != "" {
// Set new credentials. // Set new credentials.
serverConfig.SetCredential(credential{ serverConfig.SetCredential(credential{
AccessKeyID: accessKey, AccessKey: accessKey,
SecretAccessKey: secretKey, SecretKey: secretKey,
}) })
} }
if !isValidAccessKey(serverConfig.GetCredential().AccessKeyID) { if !isAccessKeyValid(serverConfig.GetCredential().AccessKey) {
fatalIf(errInvalidArgument, "Invalid access key. Accept only a string starting with a alphabetic and containing from 5 to 20 characters.") fatalIf(errInvalidArgument, "Invalid access key. Accept only a string starting with a alphabetic and containing from 5 to 20 characters.")
} }
if !isValidSecretKey(serverConfig.GetCredential().SecretAccessKey) { if !isSecretKeyValid(serverConfig.GetCredential().SecretKey) {
fatalIf(errInvalidArgument, "Invalid secret key. Accept only a string containing from 8 to 40 characters.") fatalIf(errInvalidArgument, "Invalid secret key. Accept only a string containing from 8 to 40 characters.")
} }

View File

@ -40,8 +40,8 @@ func initDsyncNodes(eps []*url.URL) error {
return errInvalidArgument return errInvalidArgument
} }
clnts[index] = newAuthClient(&authConfig{ clnts[index] = newAuthClient(&authConfig{
accessKey: cred.AccessKeyID, accessKey: cred.AccessKey,
secretKey: cred.SecretAccessKey, secretKey: cred.SecretKey,
// Construct a new dsync server addr. // Construct a new dsync server addr.
secureConn: isSSL(), secureConn: isSSL(),
address: ep.Host, address: ep.Host,

View File

@ -97,8 +97,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
{ {
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
// Test case - 2. // Test case - 2.
@ -106,8 +106,8 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
{ {
bucketName: bucketName, bucketName: bucketName,
objectName: "abcd", objectName: "abcd",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 3. // Test case - 3.
@ -117,7 +117,7 @@ func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
} }
@ -248,8 +248,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
byteRange: "", byteRange: "",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData, expectedContent: bytesData[0].byteData,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
@ -260,8 +260,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName, bucketName: bucketName,
objectName: "abcd", objectName: "abcd",
byteRange: "", byteRange: "",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey), getGetObjectURL("", bucketName, "abcd"))), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey), getGetObjectURL("", bucketName, "abcd"))),
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
@ -272,8 +272,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
byteRange: "bytes=10-100", byteRange: "bytes=10-100",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData[10:101], expectedContent: bytesData[0].byteData[10:101],
expectedRespStatus: http.StatusPartialContent, expectedRespStatus: http.StatusPartialContent,
@ -284,8 +284,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
byteRange: "bytes=-0", byteRange: "bytes=-0",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidRange), getGetObjectURL("", bucketName, objectName))), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidRange), getGetObjectURL("", bucketName, objectName))),
expectedRespStatus: http.StatusRequestedRangeNotSatisfiable, expectedRespStatus: http.StatusRequestedRangeNotSatisfiable,
@ -297,8 +297,8 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
byteRange: "bytes=10-1000000000000000", byteRange: "bytes=10-1000000000000000",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: bytesData[0].byteData[10:], expectedContent: bytesData[0].byteData[10:],
expectedRespStatus: http.StatusPartialContent, expectedRespStatus: http.StatusPartialContent,
@ -311,7 +311,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName, objectName: objectName,
byteRange: "", byteRange: "",
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))),
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
@ -470,8 +470,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 64 * humanize.KiByte, chunkSize: 64 * humanize.KiByte,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: true, shouldPass: true,
}, },
// Test case - 2 // Test case - 2
@ -484,8 +484,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1 * humanize.KiByte, chunkSize: 1 * humanize.KiByte,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: true, shouldPass: true,
}, },
// Test case - 3 // Test case - 3
@ -512,8 +512,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 64 * humanize.KiByte, chunkSize: 64 * humanize.KiByte,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
removeAuthHeader: true, removeAuthHeader: true,
}, },
@ -527,8 +527,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 100 * humanize.KiByte, chunkSize: 100 * humanize.KiByte,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
}, },
// Test case - 6 // Test case - 6
@ -541,8 +541,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024, chunkSize: 1024,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusInternalServerError, expectedRespStatus: http.StatusInternalServerError,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
fault: malformedEncoding, fault: malformedEncoding,
}, },
@ -556,8 +556,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024, chunkSize: 1024,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
fault: unexpectedEOF, fault: unexpectedEOF,
}, },
@ -571,8 +571,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024, chunkSize: 1024,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
fault: signatureMismatch, fault: signatureMismatch,
}, },
@ -587,8 +587,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024, chunkSize: 1024,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
fault: chunkDateMismatch, fault: chunkDateMismatch,
}, },
@ -602,8 +602,8 @@ func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketNam
chunkSize: 1024, chunkSize: 1024,
expectedContent: []byte{}, expectedContent: []byte{},
expectedRespStatus: http.StatusInternalServerError, expectedRespStatus: http.StatusInternalServerError,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
shouldPass: false, shouldPass: false,
fault: tooBigDecodedLength, fault: tooBigDecodedLength,
}, },
@ -733,8 +733,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName, objectName: objectName,
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
@ -746,7 +746,7 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: "Wrong-AcessID", accessKey: "Wrong-AcessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
@ -758,8 +758,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
headers: copySourceHeader, headers: copySourceHeader,
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 4. // Test case - 4.
@ -770,8 +770,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
headers: invalidMD5Header, headers: invalidMD5Header,
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 5. // Test case - 5.
@ -781,8 +781,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName, objectName: objectName,
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
fault: TooBigObject, fault: TooBigObject,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
@ -793,8 +793,8 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
objectName: objectName, objectName: objectName,
data: bytesData, data: bytesData,
dataLen: len(bytesData), dataLen: len(bytesData),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
fault: MissingContentLength, fault: MissingContentLength,
expectedRespStatus: http.StatusLengthRequired, expectedRespStatus: http.StatusLengthRequired,
}, },
@ -991,8 +991,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName, bucketName: bucketName,
newObjectName: "newObject1", newObjectName: "newObject1",
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName), copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
}, },
@ -1003,8 +1003,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName, bucketName: bucketName,
newObjectName: "newObject1", newObjectName: "newObject1",
copySourceHeader: url.QueryEscape("/"), copySourceHeader: url.QueryEscape("/"),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
@ -1014,8 +1014,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName, bucketName: bucketName,
newObjectName: objectName, newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName), copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
}, },
@ -1027,8 +1027,8 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: bucketName, bucketName: bucketName,
newObjectName: objectName, newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + "non-existent-object"), copySourceHeader: url.QueryEscape("/" + bucketName + "/" + "non-existent-object"),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
@ -1040,19 +1040,19 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
bucketName: "non-existent-destination-bucket", bucketName: "non-existent-destination-bucket",
newObjectName: objectName, newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName), copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 6. // Test case - 6.
// Case with invalid AccessKeyID. // Case with invalid AccessKey.
{ {
bucketName: bucketName, bucketName: bucketName,
newObjectName: objectName, newObjectName: objectName,
copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName), copySourceHeader: url.QueryEscape("/" + bucketName + "/" + objectName),
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
@ -1175,7 +1175,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
// construct HTTP request for NewMultipart upload. // construct HTTP request for NewMultipart upload.
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err) t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1208,7 +1208,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
// construct HTTP request for NewMultipart upload. // construct HTTP request for NewMultipart upload.
// Setting an invalid accessID. // Setting an invalid accessID.
req, err = newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), req, err = newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, "Invalid-AccessID", credentials.SecretAccessKey) 0, nil, "Invalid-AccessID", credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err) t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1227,7 +1227,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
recV2 := httptest.NewRecorder() recV2 := httptest.NewRecorder()
// construct HTTP request for NewMultipartUpload endpoint. // construct HTTP request for NewMultipartUpload endpoint.
reqV2, err := newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName), reqV2, err := newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err) t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1260,7 +1260,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
// construct HTTP request for NewMultipartUpload endpoint. // construct HTTP request for NewMultipartUpload endpoint.
// Setting invalid AccessID. // Setting invalid AccessID.
reqV2, err = newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName), reqV2, err = newTestSignedRequestV2("POST", getNewMultipartURL("", bucketName, objectName),
0, nil, "Invalid-AccessID", credentials.SecretAccessKey) 0, nil, "Invalid-AccessID", credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err) t.Fatalf("Failed to create HTTP request for NewMultipart Request: <ERROR> %v", err)
@ -1331,7 +1331,7 @@ func testAPINewMultipartHandlerParallel(obj ObjectLayer, instanceType, bucketNam
defer wg.Done() defer wg.Done()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
// construct HTTP request NewMultipartUpload. // construct HTTP request NewMultipartUpload.
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, objectName), 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create HTTP request for NewMultipart request: <ERROR> %v", err) t.Fatalf("Failed to create HTTP request for NewMultipart request: <ERROR> %v", err)
@ -1527,8 +1527,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[0].parts, parts: inputParts[0].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(BadDigest{})), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(BadDigest{})),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1542,8 +1542,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: []completePart{}, parts: []completePart{},
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrMalformedXML), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrMalformedXML),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1557,8 +1557,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: "abc", uploadID: "abc",
parts: inputParts[0].parts, parts: inputParts[0].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidUploadID{UploadID: "abc"})), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidUploadID{UploadID: "abc"})),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1571,8 +1571,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[1].parts, parts: inputParts[1].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(completeMultipartAPIError{int64(4), int64(5242880), 1, "e2fc714c4727ee9395f324cd2e7f331f", expectedContent: encodeResponse(completeMultipartAPIError{int64(4), int64(5242880), 1, "e2fc714c4727ee9395f324cd2e7f331f",
getAPIErrorResponse(getAPIError(toAPIErrorCode(PartTooSmall{PartNumber: 1})), getAPIErrorResponse(getAPIError(toAPIErrorCode(PartTooSmall{PartNumber: 1})),
@ -1586,8 +1586,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[2].parts, parts: inputParts[2].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidPart{})), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(toAPIErrorCode(InvalidPart{})),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1601,8 +1601,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[3].parts, parts: inputParts[3].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidPartOrder), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidPartOrder),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1617,7 +1617,7 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[4].parts, parts: inputParts[4].parts,
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID),
getGetObjectURL("", bucketName, objectName))), getGetObjectURL("", bucketName, objectName))),
@ -1631,8 +1631,8 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
parts: inputParts[4].parts, parts: inputParts[4].parts,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedContent: encodedSuccessResponse, expectedContent: encodedSuccessResponse,
expectedRespStatus: http.StatusOK, expectedRespStatus: http.StatusOK,
@ -1813,8 +1813,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
bucket: bucketName, bucket: bucketName,
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
// Test case - 2. // Test case - 2.
@ -1823,8 +1823,8 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
bucket: bucketName, bucket: bucketName,
object: objectName, object: objectName,
uploadID: "nonexistent-upload-id", uploadID: "nonexistent-upload-id",
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusNotFound,
}, },
// Test case - 3. // Test case - 3.
@ -1834,7 +1834,7 @@ func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName stri
object: objectName, object: objectName,
uploadID: uploadIDs[0], uploadID: uploadIDs[0],
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
} }
@ -1957,8 +1957,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
{ {
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
@ -1968,8 +1968,8 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
{ {
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
}, },
@ -1980,7 +1980,7 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
bucketName: bucketName, bucketName: bucketName,
objectName: objectName, objectName: objectName,
accessKey: "Invalid-AccessKey", accessKey: "Invalid-AccessKey",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusForbidden, expectedRespStatus: http.StatusForbidden,
}, },
@ -2070,7 +2070,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
testObject := "testobject" testObject := "testobject"
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"), req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v", t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2096,7 +2096,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v", t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
} }
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60)) err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v", t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2113,7 +2113,7 @@ func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketNam
t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v", t.Fatalf("[%s] - Failed to create an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
} }
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60)) err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v", t.Fatalf("[%s] - Failed to presign an unsigned request to put object part for %s/%s <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2136,7 +2136,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
testObject := "testobject" testObject := "testobject"
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"), req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v", t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2171,7 +2171,7 @@ func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketN
rec = httptest.NewRecorder() rec = httptest.NewRecorder()
req, err = newTestStreamingSignedRequest("PUT", req, err = newTestStreamingSignedRequest("PUT",
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"), getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey) 5, 1, bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create new streaming signed HTTP request: <ERROR> %v.", err) t.Fatalf("Failed to create new streaming signed HTTP request: <ERROR> %v.", err)
@ -2273,8 +2273,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: None, fault: None,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: noAPIErr, expectedAPIError: noAPIErr,
}, },
@ -2285,8 +2285,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "9999999999999999999", partNumber: "9999999999999999999",
fault: None, fault: None,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: invalidPart, expectedAPIError: invalidPart,
}, },
@ -2297,8 +2297,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: strconv.Itoa(maxPartID + 1), partNumber: strconv.Itoa(maxPartID + 1),
fault: None, fault: None,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: invalidMaxParts, expectedAPIError: invalidMaxParts,
}, },
@ -2309,8 +2309,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: MissingContentLength, fault: MissingContentLength,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: missingContent, expectedAPIError: missingContent,
}, },
@ -2321,8 +2321,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: TooBigObject, fault: TooBigObject,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: entityTooLarge, expectedAPIError: entityTooLarge,
}, },
@ -2333,8 +2333,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: BadSignature, fault: BadSignature,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: badSigning, expectedAPIError: badSigning,
}, },
@ -2346,8 +2346,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: BadMD5, fault: BadMD5,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: badChecksum, expectedAPIError: badChecksum,
}, },
@ -2358,8 +2358,8 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
reader: bytes.NewReader([]byte("hello")), reader: bytes.NewReader([]byte("hello")),
partNumber: "1", partNumber: "1",
fault: MissingUploadID, fault: MissingUploadID,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: noSuchUploadID, expectedAPIError: noSuchUploadID,
}, },
@ -2372,7 +2372,7 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
partNumber: "1", partNumber: "1",
fault: None, fault: None,
accessKey: "Invalid-AccessID", accessKey: "Invalid-AccessID",
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
expectedAPIError: invalidAccessID, expectedAPIError: invalidAccessID,
}, },
@ -2541,7 +2541,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
testObject := "testobject" testObject := "testobject"
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject), req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v", t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2564,7 +2564,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
rec = httptest.NewRecorder() rec = httptest.NewRecorder()
req, err = newTestSignedRequestV4("PUT", req, err = newTestSignedRequestV4("PUT",
getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"), getPutObjectPartURL("", bucketName, testObject, mpartResp.UploadID, "1"),
int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKeyID, credentials.SecretAccessKey) int64(len("hello")), bytes.NewReader([]byte("hello")), credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v", t.Fatalf("[%s] - Failed to create a signed request to initiate multipart upload for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
@ -2584,7 +2584,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
instanceType, bucketName, mpartResp.UploadID) instanceType, bucketName, mpartResp.UploadID)
} }
err = preSignV2(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60)) err = preSignV2(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s", t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
instanceType, bucketName, mpartResp.UploadID) instanceType, bucketName, mpartResp.UploadID)
@ -2604,7 +2604,7 @@ func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketN
instanceType, bucketName, mpartResp.UploadID) instanceType, bucketName, mpartResp.UploadID)
} }
err = preSignV4(req, credentials.AccessKeyID, credentials.SecretAccessKey, int64(10*60*60)) err = preSignV4(req, credentials.AccessKey, credentials.SecretKey, int64(10*60*60))
if err != nil { if err != nil {
t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s", t.Fatalf("[%s] - Failed to presignV2 an unsigned request to list object parts for bucket %s, uploadId %s",
instanceType, bucketName, mpartResp.UploadID) instanceType, bucketName, mpartResp.UploadID)
@ -2724,7 +2724,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
// constructing a v4 signed HTTP request for ListMultipartUploads. // constructing a v4 signed HTTP request for ListMultipartUploads.
reqV4, err = newTestSignedRequestV4("GET", reqV4, err = newTestSignedRequestV4("GET",
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""), getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create a V4 signed request to list object parts for %s/%s: <ERROR> %v.", t.Fatalf("Failed to create a V4 signed request to list object parts for %s/%s: <ERROR> %v.",
@ -2734,7 +2734,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
// construct HTTP request for PutObject Part Object endpoint. // construct HTTP request for PutObject Part Object endpoint.
reqV2, err = newTestSignedRequestV2("GET", reqV2, err = newTestSignedRequestV2("GET",
getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""), getListMultipartURLWithParams("", bucketName, testObject, uploadID, test.maxParts, test.partNumberMarker, ""),
0, nil, credentials.AccessKeyID, credentials.SecretAccessKey) 0, nil, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatalf("Failed to create a V2 signed request to list object parts for %s/%s: <ERROR> %v.", t.Fatalf("Failed to create a V2 signed request to list object parts for %s/%s: <ERROR> %v.",

View File

@ -154,9 +154,9 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
accessKey string accessKey string
secretKey string secretKey string
}{ }{
{http.StatusForbidden, "invalidaccesskey", credentials.SecretAccessKey}, {http.StatusForbidden, "invalidaccesskey", credentials.SecretKey},
{http.StatusForbidden, credentials.AccessKeyID, "invalidsecretkey"}, {http.StatusForbidden, credentials.AccessKey, "invalidsecretkey"},
{http.StatusNoContent, credentials.AccessKeyID, credentials.SecretAccessKey}, {http.StatusNoContent, credentials.AccessKey, credentials.SecretKey},
} }
for i, test := range testCasesV2 { for i, test := range testCasesV2 {
@ -190,8 +190,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
expectedHeaders: map[string]string{"X-Amz-Meta-Uuid": "1234"}, expectedHeaders: map[string]string{"X-Amz-Meta-Uuid": "1234"},
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
malformedBody: false, malformedBody: false,
}, },
// Bad case invalid request. // Bad case invalid request.
@ -208,8 +208,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
malformedBody: true, malformedBody: true,
}, },
} }
@ -262,20 +262,20 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}, dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`, policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
}, },
// Corrupted Base 64 result // Corrupted Base 64 result
{ {
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}, dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`, policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
corruptedBase64: true, corruptedBase64: true,
}, },
// Corrupted Multipart body // Corrupted Multipart body
@ -283,10 +283,10 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}, dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`, policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
corruptedMultipart: true, corruptedMultipart: true,
}, },
@ -305,18 +305,18 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
dates: []interface{}{curTime.Add(-1 * time.Minute * 5).Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}, dates: []interface{}{curTime.Add(-1 * time.Minute * 5).Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}`, policy: `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], ["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`,
}, },
// Corrupted policy document // Corrupted policy document
{ {
objectName: "test", objectName: "test",
data: []byte("Hello, World"), data: []byte("Hello, World"),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}, dates: []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)},
policy: `{"3/aws4_request"]]}`, policy: `{"3/aws4_request"]]}`,
}, },
@ -354,8 +354,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: bytes.Repeat([]byte("a"), 1025), data: bytes.Repeat([]byte("a"), 1025),
expectedRespStatus: http.StatusNoContent, expectedRespStatus: http.StatusNoContent,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
malformedBody: false, malformedBody: false,
}, },
// Failed with entity too small. // Failed with entity too small.
@ -363,8 +363,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: bytes.Repeat([]byte("a"), 1023), data: bytes.Repeat([]byte("a"), 1023),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
malformedBody: false, malformedBody: false,
}, },
// Failed with entity too large. // Failed with entity too large.
@ -372,8 +372,8 @@ func testPostPolicyBucketHandler(obj ObjectLayer, instanceType string, t TestErr
objectName: "test", objectName: "test",
data: bytes.Repeat([]byte("a"), (1*humanize.MiByte)+1), data: bytes.Repeat([]byte("a"), (1*humanize.MiByte)+1),
expectedRespStatus: http.StatusBadRequest, expectedRespStatus: http.StatusBadRequest,
accessKey: credentials.AccessKeyID, accessKey: credentials.AccessKey,
secretKey: credentials.SecretAccessKey, secretKey: credentials.SecretKey,
malformedBody: false, malformedBody: false,
}, },
} }
@ -444,14 +444,14 @@ func testPostPolicyBucketHandlerRedirect(obj ObjectLayer, instanceType string, t
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)} dates := []interface{}{curTimePlus5Min.Format(expirationDateFormat), curTime.Format(iso8601DateFormat), curTime.Format(yyyymmdd)}
policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKeyID + `/%s/us-east-1/s3/aws4_request"]]}` policy := `{"expiration": "%s","conditions":[["eq", "$bucket", "` + bucketName + `"], {"success_action_redirect":"` + redirectURL + `"},["starts-with", "$key", "test/"], ["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"], ["eq", "$x-amz-date", "%s"], ["eq", "$x-amz-credential", "` + credentials.AccessKey + `/%s/us-east-1/s3/aws4_request"]]}`
// Generate the final policy document // Generate the final policy document
policy = fmt.Sprintf(policy, dates...) policy = fmt.Sprintf(policy, dates...)
// Create a new POST request with success_action_redirect field specified // Create a new POST request with success_action_redirect field specified
req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"), req, perr := newPostRequestV4Generic("", bucketName, keyName, []byte("objData"),
credentials.AccessKeyID, credentials.SecretAccessKey, curTime, credentials.AccessKey, credentials.SecretKey, curTime,
[]byte(policy), map[string]string{"success_action_redirect": redirectURL}, false, false) []byte(policy), map[string]string{"success_action_redirect": redirectURL}, false, false)
if perr != nil { if perr != nil {

View File

@ -103,7 +103,7 @@ func getHealMsg(endpoints []*url.URL, storageDisks []StorageAPI) string {
// msg += "MINIO_SECRET_KEY=%s " // msg += "MINIO_SECRET_KEY=%s "
// msg += "minio control heal %s" // msg += "minio control heal %s"
// creds := serverConfig.GetCredential() // creds := serverConfig.GetCredential()
// msg = fmt.Sprintf(msg, creds.AccessKeyID, creds.SecretAccessKey, getHealEndpoint(isSSL(), endpoints[0])) // msg = fmt.Sprintf(msg, creds.AccessKey, creds.SecretKey, getHealEndpoint(isSSL(), endpoints[0]))
disksInfo, _, _ := getDisksInfo(storageDisks) disksInfo, _, _ := getDisksInfo(storageDisks)
for i, info := range disksInfo { for i, info := range disksInfo {
if storageDisks[i] == nil { if storageDisks[i] == nil {

View File

@ -62,8 +62,8 @@ func makeS3Peers(eps []*url.URL) s3Peers {
// Check if the remote host has been added already // Check if the remote host has been added already
if !seenAddr[ep.Host] { if !seenAddr[ep.Host] {
cfg := authConfig{ cfg := authConfig{
accessKey: serverConfig.GetCredential().AccessKeyID, accessKey: serverConfig.GetCredential().AccessKey,
secretKey: serverConfig.GetCredential().SecretAccessKey, secretKey: serverConfig.GetCredential().SecretKey,
address: ep.Host, address: ep.Host,
secureConn: isSSL(), secureConn: isSSL(),
path: path.Join(reservedBucket, s3Path), path: path.Join(reservedBucket, s3Path),

View File

@ -75,8 +75,8 @@ func printServerCommonMsg(endPoints []string) {
endPointStr := strings.Join(endPoints, " ") endPointStr := strings.Join(endPoints, " ")
// Colorize the message and print. // Colorize the message and print.
console.Println(colorBlue("\nEndpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(endPointStr), 1), endPointStr))) console.Println(colorBlue("\nEndpoint: ") + colorBold(fmt.Sprintf(getFormatStr(len(endPointStr), 1), endPointStr)))
console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKeyID))) console.Println(colorBlue("AccessKey: ") + colorBold(fmt.Sprintf("%s ", cred.AccessKey)))
console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretAccessKey))) console.Println(colorBlue("SecretKey: ") + colorBold(fmt.Sprintf("%s ", cred.SecretKey)))
console.Println(colorBlue("Region: ") + colorBold(fmt.Sprintf(getFormatStr(len(region), 3), region))) console.Println(colorBlue("Region: ") + colorBold(fmt.Sprintf(getFormatStr(len(region), 3), region)))
printEventNotifiers() printEventNotifiers()
@ -109,10 +109,10 @@ func printCLIAccessMsg(endPoint string) {
// Configure 'mc', following block prints platform specific information for minio client. // Configure 'mc', following block prints platform specific information for minio client.
console.Println(colorBlue("\nCommand-line Access: ") + mcQuickStartGuide) console.Println(colorBlue("\nCommand-line Access: ") + mcQuickStartGuide)
if runtime.GOOS == "windows" { if runtime.GOOS == "windows" {
mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey) mcMessage := fmt.Sprintf("$ mc.exe config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage)) console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
} else { } else {
mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKeyID, cred.SecretAccessKey) mcMessage := fmt.Sprintf("$ mc config host add myminio %s %s %s", endPoint, cred.AccessKey, cred.SecretKey)
console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage)) console.Println(fmt.Sprintf(getFormatStr(len(mcMessage), 3), mcMessage))
} }
} }

View File

@ -94,14 +94,10 @@ func (s *TestSuiteCommon) TearDownSuite(c *C) {
} }
func (s *TestSuiteCommon) TestAuth(c *C) { func (s *TestSuiteCommon) TestAuth(c *C) {
secretID, err := genSecretAccessKey() cred := newCredential()
c.Assert(err, IsNil)
accessID, err := genAccessKeyID() c.Assert(len(cred.AccessKey), Equals, accessKeyMaxLen)
c.Assert(err, IsNil) c.Assert(len(cred.SecretKey), Equals, secretKeyMaxLen)
c.Assert(len(secretID), Equals, secretKeyMaxLen)
c.Assert(len(accessID), Equals, accessKeyMaxLen)
} }
func (s *TestSuiteCommon) TestBucketSQSNotification(c *C) { func (s *TestSuiteCommon) TestBucketSQSNotification(c *C) {

View File

@ -43,10 +43,10 @@ const (
// newJWT - returns new JWT object. // newJWT - returns new JWT object.
func newJWT(expiry time.Duration, cred credential) (*JWT, error) { func newJWT(expiry time.Duration, cred credential) (*JWT, error) {
if !isValidAccessKey(cred.AccessKeyID) { if !isAccessKeyValid(cred.AccessKey) {
return nil, errInvalidAccessKeyLength return nil, errInvalidAccessKeyLength
} }
if !isValidSecretKey(cred.SecretAccessKey) { if !isSecretKeyValid(cred.SecretKey) {
return nil, errInvalidSecretKeyLength return nil, errInvalidSecretKeyLength
} }
return &JWT{cred, expiry}, nil return &JWT{cred, expiry}, nil
@ -60,7 +60,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
// Trim spaces. // Trim spaces.
accessKey = strings.TrimSpace(accessKey) accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey(accessKey) { if !isAccessKeyValid(accessKey) {
return "", errInvalidAccessKeyLength return "", errInvalidAccessKeyLength
} }
@ -71,7 +71,7 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
"iat": tUTCNow.Unix(), "iat": tUTCNow.Unix(),
"sub": accessKey, "sub": accessKey,
}) })
return token.SignedString([]byte(jwt.SecretAccessKey)) return token.SignedString([]byte(jwt.SecretKey))
} }
var errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records") var errInvalidAccessKeyID = errors.New("The access key ID you provided does not exist in our records")
@ -82,18 +82,18 @@ func (jwt *JWT) Authenticate(accessKey, secretKey string) error {
// Trim spaces. // Trim spaces.
accessKey = strings.TrimSpace(accessKey) accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey(accessKey) { if !isAccessKeyValid(accessKey) {
return errInvalidAccessKeyLength return errInvalidAccessKeyLength
} }
if !isValidSecretKey(secretKey) { if !isSecretKeyValid(secretKey) {
return errInvalidSecretKeyLength return errInvalidSecretKeyLength
} }
if accessKey != jwt.AccessKeyID { if accessKey != jwt.AccessKey {
return errInvalidAccessKeyID return errInvalidAccessKeyID
} }
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretAccessKey), bcrypt.DefaultCost) hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretKey), bcrypt.DefaultCost)
if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil { if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil {
return errAuthentication return errAuthentication
} }

View File

@ -190,11 +190,11 @@ func TestAuthenticate(t *testing.T) {
// Authentication error. // Authentication error.
{"myuser", "mypassword", errInvalidAccessKeyID}, {"myuser", "mypassword", errInvalidAccessKeyID},
// Authentication error. // Authentication error.
{serverConfig.GetCredential().AccessKeyID, "mypassword", errAuthentication}, {serverConfig.GetCredential().AccessKey, "mypassword", errAuthentication},
// Success. // Success.
{serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey, nil}, {serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey, nil},
// Success when access key contains leading/trailing spaces. // Success when access key contains leading/trailing spaces.
{" " + serverConfig.GetCredential().AccessKeyID + " ", serverConfig.GetCredential().SecretAccessKey, nil}, {" " + serverConfig.GetCredential().AccessKey + " ", serverConfig.GetCredential().SecretKey, nil},
} }
// Run tests. // Run tests.

View File

@ -67,12 +67,12 @@ var resourceList = []string{
func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode { func doesPolicySignatureV2Match(formValues map[string]string) APIErrorCode {
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
accessKey := formValues["Awsaccesskeyid"] accessKey := formValues["Awsaccesskeyid"]
if accessKey != cred.AccessKeyID { if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
signature := formValues["Signature"] signature := formValues["Signature"]
policy := formValues["Policy"] policy := formValues["Policy"]
if signature != calculateSignatureV2(policy, cred.SecretAccessKey) { if signature != calculateSignatureV2(policy, cred.SecretKey) {
return ErrSignatureDoesNotMatch return ErrSignatureDoesNotMatch
} }
return ErrNone return ErrNone
@ -126,7 +126,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
} }
// Validate if access key id same. // Validate if access key id same.
if accessKey != cred.AccessKeyID { if accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
@ -150,7 +150,7 @@ func doesPresignV2SignatureMatch(r *http.Request) APIErrorCode {
} }
// Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature; // Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
// Signature = Base64( HMAC-SHA1( YourSecretAccessKeyID, UTF-8-Encoding-Of( StringToSign ) ) ); // Signature = Base64( HMAC-SHA1( YourSecretKey, UTF-8-Encoding-Of( StringToSign ) ) );
// //
// StringToSign = HTTP-Verb + "\n" + // StringToSign = HTTP-Verb + "\n" +
// Content-Md5 + "\n" + // Content-Md5 + "\n" +
@ -193,7 +193,7 @@ func validateV2AuthHeader(v2Auth string) APIErrorCode {
// Access credentials. // Access credentials.
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
if keySignFields[0] != cred.AccessKeyID { if keySignFields[0] != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
@ -239,15 +239,15 @@ func calculateSignatureV2(stringToSign string, secret string) string {
func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string { func preSignatureV2(method string, encodedResource string, encodedQuery string, headers http.Header, expires string) string {
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires) stringToSign := presignV2STS(method, encodedResource, encodedQuery, headers, expires)
return calculateSignatureV2(stringToSign, cred.SecretAccessKey) return calculateSignatureV2(stringToSign, cred.SecretKey)
} }
// Return signature-v2 authrization header. // Return signature-v2 authrization header.
func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string { func signatureV2(method string, encodedResource string, encodedQuery string, headers http.Header) string {
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
stringToSign := signV2STS(method, encodedResource, encodedQuery, headers) stringToSign := signV2STS(method, encodedResource, encodedQuery, headers)
signature := calculateSignatureV2(stringToSign, cred.SecretAccessKey) signature := calculateSignatureV2(stringToSign, cred.SecretKey)
return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKeyID, signature) return fmt.Sprintf("%s %s:%s", signV2Algorithm, cred.AccessKey, signature)
} }
// Return canonical headers. // Return canonical headers.

View File

@ -55,7 +55,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{ queryParams: map[string]string{
"Expires": "60s", "Expires": "60s",
"Signature": "badsignature", "Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID, "AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
}, },
expected: ErrMalformedExpires, expected: ErrMalformedExpires,
}, },
@ -64,7 +64,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{ queryParams: map[string]string{
"Expires": "60", "Expires": "60",
"Signature": "badsignature", "Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID, "AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
}, },
expected: ErrExpiredPresignRequest, expected: ErrExpiredPresignRequest,
}, },
@ -73,7 +73,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{ queryParams: map[string]string{
"Expires": fmt.Sprintf("%d", now.Unix()+60), "Expires": fmt.Sprintf("%d", now.Unix()+60),
"Signature": "badsignature", "Signature": "badsignature",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID, "AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
}, },
expected: ErrSignatureDoesNotMatch, expected: ErrSignatureDoesNotMatch,
}, },
@ -82,7 +82,7 @@ func TestDoesPresignedV2SignatureMatch(t *testing.T) {
queryParams: map[string]string{ queryParams: map[string]string{
"Expires": fmt.Sprintf("%d", now.Unix()), "Expires": fmt.Sprintf("%d", now.Unix()),
"Signature": "zOM2YrY/yAQe15VWmT78OlBrK6g=", "Signature": "zOM2YrY/yAQe15VWmT78OlBrK6g=",
"AWSAccessKeyId": serverConfig.GetCredential().AccessKeyID, "AWSAccessKeyId": serverConfig.GetCredential().AccessKey,
}, },
expected: ErrSignatureDoesNotMatch, expected: ErrSignatureDoesNotMatch,
}, },
@ -126,7 +126,7 @@ func TestValidateV2AuthHeader(t *testing.T) {
if err := serverConfig.Save(); err != nil { if err := serverConfig.Save(); err != nil {
t.Fatal(err) t.Fatal(err)
} }
accessID := serverConfig.GetCredential().AccessKeyID accessID := serverConfig.GetCredential().AccessKey
testCases := []struct { testCases := []struct {
authString string authString string
@ -207,9 +207,9 @@ func TestDoesPolicySignatureV2Match(t *testing.T) {
signature string signature string
errCode APIErrorCode errCode APIErrorCode
}{ }{
{"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrInvalidAccessKeyID}, {"invalidAccessKey", policy, calculateSignatureV2(policy, creds.SecretKey), ErrInvalidAccessKeyID},
{creds.AccessKeyID, policy, calculateSignatureV2("random", creds.SecretAccessKey), ErrSignatureDoesNotMatch}, {creds.AccessKey, policy, calculateSignatureV2("random", creds.SecretKey), ErrSignatureDoesNotMatch},
{creds.AccessKeyID, policy, calculateSignatureV2(policy, creds.SecretAccessKey), ErrNone}, {creds.AccessKey, policy, calculateSignatureV2(policy, creds.SecretKey), ErrNone},
} }
for i, test := range testCases { for i, test := range testCases {
formValues := make(map[string]string) formValues := make(map[string]string)

View File

@ -47,7 +47,7 @@ func parseCredentialHeader(credElement string) (credentialHeader, APIErrorCode)
if len(credElements) != 5 { if len(credElements) != 5 {
return credentialHeader{}, ErrCredMalformed return credentialHeader{}, ErrCredMalformed
} }
if !isValidAccessKey(credElements[0]) { if !isAccessKeyValid(credElements[0]) {
return credentialHeader{}, ErrInvalidAccessKeyID return credentialHeader{}, ErrInvalidAccessKeyID
} }
// Save access key id. // Save access key id.

View File

@ -171,7 +171,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
} }
// Verify if the access key id matches. // Verify if the access key id matches.
if credHeader.accessKey != cred.AccessKeyID { if credHeader.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
@ -188,7 +188,7 @@ func doesPolicySignatureV4Match(formValues map[string]string) APIErrorCode {
} }
// Get signing key. // Get signing key.
signingKey := getSigningKey(cred.SecretAccessKey, t, region) signingKey := getSigningKey(cred.SecretKey, t, region)
// Get signature. // Get signature.
newSignature := getSignature(signingKey, formValues["Policy"]) newSignature := getSignature(signingKey, formValues["Policy"])
@ -217,7 +217,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
} }
// Verify if the access key id matches. // Verify if the access key id matches.
if pSignValues.Credential.accessKey != cred.AccessKeyID { if pSignValues.Credential.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
@ -268,7 +268,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
query.Set("X-Amz-Date", t.Format(iso8601Format)) query.Set("X-Amz-Date", t.Format(iso8601Format))
query.Set("X-Amz-Expires", strconv.Itoa(expireSeconds)) query.Set("X-Amz-Expires", strconv.Itoa(expireSeconds))
query.Set("X-Amz-SignedHeaders", getSignedHeaders(extractedSignedHeaders)) query.Set("X-Amz-SignedHeaders", getSignedHeaders(extractedSignedHeaders))
query.Set("X-Amz-Credential", cred.AccessKeyID+"/"+getScope(t, sRegion)) query.Set("X-Amz-Credential", cred.AccessKey+"/"+getScope(t, sRegion))
// Save other headers available in the request parameters. // Save other headers available in the request parameters.
for k, v := range req.URL.Query() { for k, v := range req.URL.Query() {
@ -313,7 +313,7 @@ func doesPresignedSignatureMatch(hashedPayload string, r *http.Request, region s
presignedStringToSign := getStringToSign(presignedCanonicalReq, t, region) presignedStringToSign := getStringToSign(presignedCanonicalReq, t, region)
// Get hmac presigned signing key. // Get hmac presigned signing key.
presignedSigningKey := getSigningKey(cred.SecretAccessKey, t, region) presignedSigningKey := getSigningKey(cred.SecretKey, t, region)
// Get new signature. // Get new signature.
newSignature := getSignature(presignedSigningKey, presignedStringToSign) newSignature := getSignature(presignedSigningKey, presignedStringToSign)
@ -369,7 +369,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
} }
// Verify if the access key id matches. // Verify if the access key id matches.
if signV4Values.Credential.accessKey != cred.AccessKeyID { if signV4Values.Credential.accessKey != cred.AccessKey {
return ErrInvalidAccessKeyID return ErrInvalidAccessKeyID
} }
@ -410,7 +410,7 @@ func doesSignatureMatch(hashedPayload string, r *http.Request, region string) AP
stringToSign := getStringToSign(canonicalRequest, t, region) stringToSign := getStringToSign(canonicalRequest, t, region)
// Get hmac signing key. // Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, t, region) signingKey := getSigningKey(cred.SecretKey, t, region)
// Calculate signature. // Calculate signature.
newSignature := getSignature(signingKey, stringToSign) newSignature := getSignature(signingKey, stringToSign)

View File

@ -36,7 +36,7 @@ func niceError(code APIErrorCode) string {
func TestDoesPolicySignatureMatch(t *testing.T) { func TestDoesPolicySignatureMatch(t *testing.T) {
credentialTemplate := "%s/%s/%s/s3/aws4_request" credentialTemplate := "%s/%s/%s/s3/aws4_request"
now := time.Now().UTC() now := time.Now().UTC()
accessKey := serverConfig.GetCredential().AccessKeyID accessKey := serverConfig.GetCredential().AccessKey
testCases := []struct { testCases := []struct {
form map[string]string form map[string]string
@ -83,7 +83,7 @@ func TestDoesPolicySignatureMatch(t *testing.T) {
form: map[string]string{ form: map[string]string{
"X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "us-east-1"), "X-Amz-Credential": fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), "us-east-1"),
"X-Amz-Date": now.Format(iso8601Format), "X-Amz-Date": now.Format(iso8601Format),
"X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretAccessKey, now, "us-east-1"), "policy"), "X-Amz-Signature": getSignature(getSigningKey(serverConfig.GetCredential().SecretKey, now, "us-east-1"), "policy"),
"Policy": "policy", "Policy": "policy",
}, },
expected: ErrNone, expected: ErrNone,
@ -112,7 +112,7 @@ func TestDoesPresignedSignatureMatch(t *testing.T) {
credentialTemplate := "%s/%s/%s/s3/aws4_request" credentialTemplate := "%s/%s/%s/s3/aws4_request"
region := serverConfig.GetRegion() region := serverConfig.GetRegion()
accessKeyID := serverConfig.GetCredential().AccessKeyID accessKeyID := serverConfig.GetCredential().AccessKey
testCases := []struct { testCases := []struct {
queryParams map[string]string queryParams map[string]string
headers map[string]string headers map[string]string

View File

@ -104,8 +104,8 @@ func newStorageRPC(ep *url.URL) (StorageAPI, error) {
rpcAddr := ep.Host rpcAddr := ep.Host
// Initialize rpc client with network address and rpc path. // Initialize rpc client with network address and rpc path.
accessKeyID := serverConfig.GetCredential().AccessKeyID accessKeyID := serverConfig.GetCredential().AccessKey
secretAccessKey := serverConfig.GetCredential().SecretAccessKey secretAccessKey := serverConfig.GetCredential().SecretKey
if ep.User != nil { if ep.User != nil {
accessKeyID = ep.User.Username() accessKeyID = ep.User.Username()
if key, set := ep.User.Password(); set { if key, set := ep.User.Password(); set {

View File

@ -45,12 +45,12 @@ func createTestStorageServer(t *testing.T) *testStorageRPCServer {
t.Fatalf("unable to get new JWT, %s", err) t.Fatalf("unable to get new JWT, %s", err)
} }
err = jwt.Authenticate(serverConfig.GetCredential().AccessKeyID, serverConfig.GetCredential().SecretAccessKey) err = jwt.Authenticate(serverConfig.GetCredential().AccessKey, serverConfig.GetCredential().SecretKey)
if err != nil { if err != nil {
t.Fatalf("unable for JWT to authenticate, %s", err) t.Fatalf("unable for JWT to authenticate, %s", err)
} }
token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKeyID) token, err := jwt.GenerateToken(serverConfig.GetCredential().AccessKey)
if err != nil { if err != nil {
t.Fatalf("unable for JWT to generate token, %s", err) t.Fatalf("unable for JWT to generate token, %s", err)
} }

View File

@ -56,7 +56,7 @@ func getChunkSignature(seedSignature string, date time.Time, hashedChunk string)
hashedChunk hashedChunk
// Get hmac signing key. // Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, date, region) signingKey := getSigningKey(cred.SecretKey, date, region)
// Calculate signature. // Calculate signature.
newSignature := getSignature(signingKey, stringToSign) newSignature := getSignature(signingKey, stringToSign)
@ -101,7 +101,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
return "", time.Time{}, errCode return "", time.Time{}, errCode
} }
// Verify if the access key id matches. // Verify if the access key id matches.
if signV4Values.Credential.accessKey != cred.AccessKeyID { if signV4Values.Credential.accessKey != cred.AccessKey {
return "", time.Time{}, ErrInvalidAccessKeyID return "", time.Time{}, ErrInvalidAccessKeyID
} }
@ -138,7 +138,7 @@ func calculateSeedSignature(r *http.Request) (signature string, date time.Time,
stringToSign := getStringToSign(canonicalRequest, date, region) stringToSign := getStringToSign(canonicalRequest, date, region)
// Get hmac signing key. // Get hmac signing key.
signingKey := getSigningKey(cred.SecretAccessKey, date, region) signingKey := getSigningKey(cred.SecretKey, date, region)
// Calculate signature. // Calculate signature.
newSignature := getSignature(signingKey, stringToSign) newSignature := getSignature(signingKey, stringToSign)

View File

@ -199,8 +199,8 @@ func UnstartedTestServer(t TestErrHandler, instanceType string) TestServer {
if err != nil { if err != nil {
t.Fatalf("Unexpected error %s", err) t.Fatalf("Unexpected error %s", err)
} }
testServer.AccessKey = credentials.AccessKeyID testServer.AccessKey = credentials.AccessKey
testServer.SecretKey = credentials.SecretAccessKey testServer.SecretKey = credentials.SecretKey
objLayer, storageDisks, err := initObjectLayer(testServer.Disks) objLayer, storageDisks, err := initObjectLayer(testServer.Disks)
if err != nil { if err != nil {
@ -361,8 +361,8 @@ func StartTestStorageRPCServer(t TestErrHandler, instanceType string, diskN int)
testRPCServer.Root = root testRPCServer.Root = root
testRPCServer.Disks = endpoints testRPCServer.Disks = endpoints
testRPCServer.AccessKey = credentials.AccessKeyID testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretAccessKey testRPCServer.SecretKey = credentials.SecretKey
// Run TestServer. // Run TestServer.
testRPCServer.Server = httptest.NewServer(initTestStorageRPCEndPoint(serverCmdConfig{ testRPCServer.Server = httptest.NewServer(initTestStorageRPCEndPoint(serverCmdConfig{
@ -396,8 +396,8 @@ func StartTestPeersRPCServer(t TestErrHandler, instanceType string) TestServer {
testRPCServer.Root = root testRPCServer.Root = root
testRPCServer.Disks = endpoints testRPCServer.Disks = endpoints
testRPCServer.AccessKey = credentials.AccessKeyID testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretAccessKey testRPCServer.SecretKey = credentials.SecretKey
// create temporary backend for the test server. // create temporary backend for the test server.
objLayer, storageDisks, err := initObjectLayer(endpoints) objLayer, storageDisks, err := initObjectLayer(endpoints)
@ -2131,8 +2131,8 @@ func StartTestBrowserPeerRPCServer(t TestErrHandler, instanceType string) TestSe
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
testRPCServer.Root = root testRPCServer.Root = root
testRPCServer.AccessKey = credentials.AccessKeyID testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretAccessKey testRPCServer.SecretKey = credentials.SecretKey
// Initialize and run the TestServer. // Initialize and run the TestServer.
testRPCServer.Server = httptest.NewServer(initTestBrowserPeerRPCEndPoint()) testRPCServer.Server = httptest.NewServer(initTestBrowserPeerRPCEndPoint())
@ -2152,8 +2152,8 @@ func StartTestS3PeerRPCServer(t TestErrHandler) (TestServer, []string) {
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
testRPCServer.Root = root testRPCServer.Root = root
testRPCServer.AccessKey = credentials.AccessKeyID testRPCServer.AccessKey = credentials.AccessKey
testRPCServer.SecretKey = credentials.SecretAccessKey testRPCServer.SecretKey = credentials.SecretKey
// init disks // init disks
objLayer, fsDirs, err := prepareXL() objLayer, fsDirs, err := prepareXL()

View File

@ -52,7 +52,7 @@ func isJWTReqAuthenticated(req *http.Request) bool {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok { if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
} }
return []byte(jwt.SecretAccessKey), nil return []byte(jwt.SecretKey), nil
} }
token, err := jwtreq.ParseFromRequest(req, jwtreq.AuthorizationHeaderExtractor, reqCallback) token, err := jwtreq.ParseFromRequest(req, jwtreq.AuthorizationHeaderExtractor, reqCallback)
if err != nil { if err != nil {
@ -347,9 +347,9 @@ func (web webAPIHandlers) GenerateAuth(r *http.Request, args *WebGenericArgs, re
if !isJWTReqAuthenticated(r) { if !isJWTReqAuthenticated(r) {
return toJSONError(errAuthentication) return toJSONError(errAuthentication)
} }
cred := mustGenAccessKeys() cred := newCredential()
reply.AccessKey = cred.AccessKeyID reply.AccessKey = cred.AccessKey
reply.SecretKey = cred.SecretAccessKey reply.SecretKey = cred.SecretKey
reply.UIVersion = miniobrowser.UIVersion reply.UIVersion = miniobrowser.UIVersion
return nil return nil
} }
@ -375,8 +375,8 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
// Initialize jwt with the new access keys, fail if not possible. // Initialize jwt with the new access keys, fail if not possible.
jwt, err := newJWT(defaultJWTExpiry, credential{ jwt, err := newJWT(defaultJWTExpiry, credential{
AccessKeyID: args.AccessKey, AccessKey: args.AccessKey,
SecretAccessKey: args.SecretKey, SecretKey: args.SecretKey,
}) // JWT Expiry set to 24Hrs. }) // JWT Expiry set to 24Hrs.
if err != nil { if err != nil {
return toJSONError(err) return toJSONError(err)
@ -460,8 +460,8 @@ func (web *webAPIHandlers) GetAuth(r *http.Request, args *WebGenericArgs, reply
return toJSONError(errAuthentication) return toJSONError(errAuthentication)
} }
creds := serverConfig.GetCredential() creds := serverConfig.GetCredential()
reply.AccessKey = creds.AccessKeyID reply.AccessKey = creds.AccessKey
reply.SecretKey = creds.SecretAccessKey reply.SecretKey = creds.SecretKey
reply.UIVersion = miniobrowser.UIVersion reply.UIVersion = miniobrowser.UIVersion
return nil return nil
} }
@ -531,7 +531,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok { if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
} }
return []byte(jwt.SecretAccessKey), nil return []byte(jwt.SecretKey), nil
}) })
if e != nil || !token.Valid { if e != nil || !token.Valid {
writeWebErrorResponse(w, errAuthentication) writeWebErrorResponse(w, errAuthentication)
@ -760,8 +760,8 @@ func presignedGet(host, bucket, object string, expiry int64) string {
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
region := serverConfig.GetRegion() region := serverConfig.GetRegion()
accessKey := cred.AccessKeyID accessKey := cred.AccessKey
secretKey := cred.SecretAccessKey secretKey := cred.SecretKey
date := time.Now().UTC() date := time.Now().UTC()
dateStr := date.Format(iso8601Format) dateStr := date.Format(iso8601Format)

View File

@ -149,7 +149,7 @@ func testLoginWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler)
{"", "foo", false}, {"", "foo", false},
{"azerty", "", false}, {"azerty", "", false},
{"azerty", "foo", false}, {"azerty", "foo", false},
{credentials.AccessKeyID, credentials.SecretAccessKey, true}, {credentials.AccessKey, credentials.SecretKey, true},
} }
// Iterating over the test cases, calling the function under test and asserting the response. // Iterating over the test cases, calling the function under test and asserting the response.
@ -186,7 +186,7 @@ func testStorageInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -232,7 +232,7 @@ func testServerInfoWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -278,7 +278,7 @@ func testMakeBucketWebHandler(obj ObjectLayer, instanceType string, t TestErrHan
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -338,7 +338,7 @@ func testListBucketsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -397,7 +397,7 @@ func testListObjectsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -468,7 +468,7 @@ func testRemoveObjectWebHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -544,7 +544,7 @@ func testGenerateAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -590,7 +590,7 @@ func testSetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -651,7 +651,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -670,7 +670,7 @@ func testGetAuthWebHandler(obj ObjectLayer, instanceType string, t TestErrHandle
if err != nil { if err != nil {
t.Fatalf("Failed, %v", err) t.Fatalf("Failed, %v", err)
} }
if getAuthReply.AccessKey != credentials.AccessKeyID || getAuthReply.SecretKey != credentials.SecretAccessKey { if getAuthReply.AccessKey != credentials.AccessKey || getAuthReply.SecretKey != credentials.SecretKey {
t.Fatalf("Failed to get correct auth keys") t.Fatalf("Failed to get correct auth keys")
} }
} }
@ -696,7 +696,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -760,7 +760,7 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -815,7 +815,7 @@ func testWebPresignedGetHandler(obj ObjectLayer, instanceType string, t TestErrH
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -928,7 +928,7 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -1011,7 +1011,7 @@ func testWebListAllBucketPoliciesHandler(obj ObjectLayer, instanceType string, t
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -1117,7 +1117,7 @@ func testWebSetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate") t.Fatal("Cannot authenticate")
} }
@ -1278,7 +1278,7 @@ func TestWebObjectLayerNotReady(t *testing.T) {
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate", err) t.Fatal("Cannot authenticate", err)
} }
@ -1382,7 +1382,7 @@ func TestWebObjectLayerFaultyDisks(t *testing.T) {
rec := httptest.NewRecorder() rec := httptest.NewRecorder()
credentials := serverConfig.GetCredential() credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey) authorization, err := getWebRPCToken(apiRouter, credentials.AccessKey, credentials.SecretKey)
if err != nil { if err != nil {
t.Fatal("Cannot authenticate", err) t.Fatal("Cannot authenticate", err)
} }