Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Explicitly disable signing for public buckets. (#8263)

pull/8264/head
Chris Lu 2 days ago
committed by GitHub
parent
88b1768814
commit
ccf35459be
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 60 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      weed/remote_storage/s3/s3_storage_client.go
  2. 57
      weed/remote_storage/s3/s3_storage_client_test.go

3
weed/remote_storage/s3/s3_storage_client.go
View File

@ -44,6 +44,9 @@ func (s s3RemoteStorageMaker) Make(conf *remote_pb.RemoteConf) (remote_storage.R
} }
if conf.S3AccessKey != "" && conf.S3SecretKey != "" { if conf.S3AccessKey != "" && conf.S3SecretKey != "" {
config.Credentials = credentials.NewStaticCredentials(conf.S3AccessKey, conf.S3SecretKey, "") config.Credentials = credentials.NewStaticCredentials(conf.S3AccessKey, conf.S3SecretKey, "")
} else if conf.S3AccessKey == "" && conf.S3SecretKey == "" {
// Explicitly disable signing for public buckets.
config.Credentials = credentials.AnonymousCredentials
} }
sess, err := session.NewSession(config) sess, err := session.NewSession(config)

57
weed/remote_storage/s3/s3_storage_client_test.go
View File

@ -0,0 +1,57 @@
package s3
import (
"testing"
"github.com/aws/aws-sdk-go/aws/credentials"
awss3 "github.com/aws/aws-sdk-go/service/s3"
"github.com/seaweedfs/seaweedfs/weed/pb/remote_pb"
"github.com/stretchr/testify/require"
)
func TestS3MakeUsesAnonymousCredentialsWhenKeysAreEmpty(t *testing.T) {
maker := s3RemoteStorageMaker{}
conf := &remote_pb.RemoteConf{
Type: "s3",
S3Region: "us-east-1",
S3Endpoint: "http://localhost:8333",
S3ForcePathStyle: true,
}
remoteClient, err := maker.Make(conf)
require.NoError(t, err)
client, ok := remoteClient.(*s3RemoteStorageClient)
require.True(t, ok)
s3Client, ok := client.conn.(*awss3.S3)
require.True(t, ok)
require.Same(t, credentials.AnonymousCredentials, s3Client.Config.Credentials)
}
func TestS3MakeUsesStaticCredentialsWhenKeysAreProvided(t *testing.T) {
maker := s3RemoteStorageMaker{}
conf := &remote_pb.RemoteConf{
Type: "s3",
S3Region: "us-east-1",
S3Endpoint: "http://localhost:8333",
S3ForcePathStyle: true,
S3AccessKey: "test-access",
S3SecretKey: "test-secret",
}
remoteClient, err := maker.Make(conf)
require.NoError(t, err)
client, ok := remoteClient.(*s3RemoteStorageClient)
require.True(t, ok)
s3Client, ok := client.conn.(*awss3.S3)
require.True(t, ok)
require.NotSame(t, credentials.AnonymousCredentials, s3Client.Config.Credentials)
credValue, err := s3Client.Config.Credentials.Get()
require.NoError(t, err)
require.Equal(t, conf.S3AccessKey, credValue.AccessKeyID)
require.Equal(t, conf.S3SecretKey, credValue.SecretAccessKey)
}
Write Preview
Loading…
Cancel
Save