db/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2024-12-12 10:04:14 +02:00
Code Issues Releases Activity

Add repo-s3-token option to allow temporary credentials tokens to be configured.

Browse Source 
pgBackRest currently has no way to request new credentials so the entire command (e.g. backup, restore) must complete before the credentials expire.

Contributed by Yogesh Sharma.
This commit is contained in:
Yogesh Sharma 2018-05-02 14:06:40 -04:00 committed by David Steele
parent 5e090ba305
commit 6a40c916d4
17 changed files with 160 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
build/lib/pgBackRestBuild/Config/Data.pm
View File

@ -274,6 +274,8 @@ use constant CFGOPT_REPO_S3_HOST => CFGDEF_RE
push @EXPORT, qw(CFGOPT_REPO_S3_HOST);
use constant CFGOPT_REPO_S3_REGION => CFGDEF_REPO_S3 . '-region';
push @EXPORT, qw(CFGOPT_REPO_S3_REGION);
use constant CFGOPT_REPO_S3_TOKEN => CFGDEF_REPO_S3 . '-token';
push @EXPORT, qw(CFGOPT_REPO_S3_TOKEN);
use constant CFGOPT_REPO_S3_VERIFY_SSL => CFGDEF_REPO_S3 . '-verify-ssl';
push @EXPORT, qw(CFGOPT_REPO_S3_VERIFY_SSL);
@ -1702,6 +1704,11 @@ my %hConfigDefine =
},
},
&CFGOPT_REPO_S3_TOKEN =>
{
&CFGDEF_INHERIT => CFGOPT_REPO_S3_KEY,
},
&CFGOPT_REPO_S3_VERIFY_SSL =>
{
&CFGDEF_SECTION => CFGDEF_SECTION_GLOBAL,

9
doc/xml/reference.xml
View File

@ -363,6 +363,15 @@
<example>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</example>
</config-key>
<!-- CONFIG - REPO SECTION - REPO-S3-TOKEN KEY -->
<config-key id="repo-s3-token" name="S3 Repository Security Token">
<summary>S3 repository security token.</summary>
<text>AWS security token used with temporary credentials.</text>
<example>AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22 ...</example>
</config-key>
<!-- CONFIG - REPO SECTION - REPO-S3-BUCKET KEY -->
<config-key id="repo-s3-bucket" name="S3 Repository Bucket">
<summary>S3 repository bucket.</summary>

8
doc/xml/release.xml
View File

@ -65,6 +65,14 @@
<p>Add support for additional <backrest/> configuration files in the directory specified by the <br-option>--config-include-path</br-option> option. Add <br-option>--config-path</br-option> option for overriding the default base path of the <br-option>--config</br-option> and <br-option>--config-include-path</br-option> option.</p>
</release-item>
<release-item>
<release-item-contributor-list>
<release-item-contributor id="sharma.yogesh"/>
</release-item-contributor-list>
<p>Add <br-option>repo-s3-token</br-option> option to allow temporary credentials tokens to be configured. <backrest/> currently has no way to request new credentials so the entire command (e.g. <cmd>backup</cmd>, <cmd>restore</cmd>) must complete before the credentials expire.</p>
</release-item>
</release-feature-list>
<release-improvement-list>

3
lib/pgBackRest/Protocol/Storage/Helper.pm
View File

@ -195,7 +195,8 @@ sub storageRepo
cfgOption(CFGOPT_REPO_S3_KEY), cfgOption(CFGOPT_REPO_S3_KEY_SECRET),
{strHost => cfgOption(CFGOPT_REPO_S3_HOST, false), bVerifySsl => cfgOption(CFGOPT_REPO_S3_VERIFY_SSL, false),
strCaPath => cfgOption(CFGOPT_REPO_S3_CA_PATH, false),
strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE)});
strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE),
strSecurityToken => cfgOption(CFGOPT_REPO_S3_TOKEN, false)});
}
elsif (cfgOptionTest(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_CIFS))
{

10
lib/pgBackRest/Storage/S3/Auth.pm
View File

@ -34,6 +34,8 @@ use constant S3_HEADER_CONTENT_SHA256 => 'x-amz-co
push @EXPORT, qw(S3_HEADER_CONTENT_SHA256);
use constant S3_HEADER_HOST => 'host';
push @EXPORT, qw(S3_HEADER_HOST);
use constant S3_HEADER_TOKEN => 'x-amz-security-token';
push @EXPORT, qw(S3_HEADER_TOKEN);
use constant PAYLOAD_DEFAULT_HASH => sha256_hex('');
push @EXPORT, qw(PAYLOAD_DEFAULT_HASH);
@ -220,6 +222,7 @@ sub s3AuthorizationHeader
$hHeader,
$strAccessKeyId,
$strSecretAccessKey,
$strSecurityToken,
$strPayloadHash,
) =
logDebugParam
@ -234,6 +237,7 @@ sub s3AuthorizationHeader
{name => 'hHeader', required => false, trace => true},
{name => 'strAccessKeyId', redact => true, trace => true},
{name => 'strSecretAccessKey', redact => true, trace => true},
{name => 'strSecurityToken', required => false, redact => true, trace => true},
{name => 'strPayloadHash', trace => true},
);
@ -245,6 +249,12 @@ sub s3AuthorizationHeader
$hHeader->{&S3_HEADER_CONTENT_SHA256} = $strPayloadHash;
$hHeader->{&S3_HEADER_DATE} = $strDateTime;
# Add security token if defined
if (defined($strSecurityToken))
{
$hHeader->{&S3_HEADER_TOKEN} = $strSecurityToken;
}
# Create authorization string
my ($strCanonicalRequest, $strSignedHeaders) = s3CanonicalRequest($strVerb, $strUri, $strQuery, $hHeader, $strPayloadHash);
my $strStringToSign = s3StringToSign($strDateTime, $strRegion, sha256_hex($strCanonicalRequest));

5
lib/pgBackRest/Storage/S3/Request.pm
View File

@ -72,6 +72,7 @@ sub new
$self->{strRegion},
$self->{strAccessKeyId},
$self->{strSecretAccessKey},
$self->{strSecurityToken},
$self->{strHost},
$self->{iPort},
$self->{bVerifySsl},
@ -87,6 +88,7 @@ sub new
{name => 'strRegion'},
{name => 'strAccessKeyId', redact => true},
{name => 'strSecretAccessKey', redact => true},
{name => 'strSecurityToken', optional => true, redact => true},
{name => 'strHost', optional => true},
{name => 'iPort', optional => true},
{name => 'bVerifySsl', optional => true, default => true},
@ -156,7 +158,8 @@ sub request
# Generate authorization header
($hHeader, my $strCanonicalRequest, my $strSignedHeaders, my $strStringToSign) = s3AuthorizationHeader(
$self->{strRegion}, "$self->{strBucket}.$self->{strEndPoint}", $strVerb, $strUri, httpQuery($hQuery), s3DateTime(),
$hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $hHeader->{&S3_HEADER_CONTENT_SHA256});
$hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $self->{strSecurityToken},
$hHeader->{&S3_HEADER_CONTENT_SHA256});
# Send the request
my $oHttpClient = new pgBackRest::Common::Http::Client(

1
libc/lib/pgBackRest/LibCAuto.pm
View File

@ -187,6 +187,7 @@ sub libcAutoExportTag
'CFGOPT_REPO_S3_KEY',
'CFGOPT_REPO_S3_KEY_SECRET',
'CFGOPT_REPO_S3_REGION',
'CFGOPT_REPO_S3_TOKEN',
'CFGOPT_REPO_S3_VERIFY_SSL',
'CFGOPT_REPO_TYPE',
'CFGOPT_RESUME',

1
libc/xs/config/config.auto.xsh
View File

@ -101,6 +101,7 @@ Option constants
#define CFGOPT_REPO_S3_KEY cfgOptRepoS3Key
#define CFGOPT_REPO_S3_KEY_SECRET cfgOptRepoS3KeySecret
#define CFGOPT_REPO_S3_REGION cfgOptRepoS3Region
#define CFGOPT_REPO_S3_TOKEN cfgOptRepoS3Token
#define CFGOPT_REPO_S3_VERIFY_SSL cfgOptRepoS3VerifySsl
#define CFGOPT_REPO_TYPE cfgOptRepoType
#define CFGOPT_RESUME cfgOptResume

8
src/config/config.auto.c
View File

@ -1327,6 +1327,14 @@ static ConfigOptionData configOptionData[CFG_OPTION_TOTAL] = CONFIG_OPTION_LIST
CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Region)
)
//------------------------------------------------------------------------------------------------------------------------------
CONFIG_OPTION
(
CONFIG_OPTION_NAME("repo1-s3-token")
CONFIG_OPTION_INDEX(0)
CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Token)
)
//------------------------------------------------------------------------------------------------------------------------------
CONFIG_OPTION
(

3
src/config/config.auto.h
View File

@ -14,7 +14,7 @@ Command constants
/***********************************************************************************************************************************
Option constants
***********************************************************************************************************************************/
#define CFG_OPTION_TOTAL 160
#define CFG_OPTION_TOTAL 161
/***********************************************************************************************************************************
Command enum
@ -117,6 +117,7 @@ typedef enum
cfgOptRepoS3Key,
cfgOptRepoS3KeySecret,
cfgOptRepoS3Region,
cfgOptRepoS3Token,
cfgOptRepoS3VerifySsl,
cfgOptRepoType,
cfgOptResume,

49
src/config/define.auto.c
View File

@ -3425,6 +3425,55 @@ static ConfigDefineOptionData configDefineOptionData[] = CFGDEFDATA_OPTION_LIST
)
)
// -----------------------------------------------------------------------------------------------------------------------------
CFGDEFDATA_OPTION
(
CFGDEFDATA_OPTION_NAME("repo-s3-token")
CFGDEFDATA_OPTION_REQUIRED(false)
CFGDEFDATA_OPTION_SECTION(cfgDefSectionGlobal)
CFGDEFDATA_OPTION_TYPE(cfgDefOptTypeString)
CFGDEFDATA_OPTION_INTERNAL(false)
CFGDEFDATA_OPTION_INDEX_TOTAL(1)
CFGDEFDATA_OPTION_SECURE(true)
CFGDEFDATA_OPTION_HELP_SECTION("repository")
CFGDEFDATA_OPTION_HELP_SUMMARY("S3 repository security token.")
CFGDEFDATA_OPTION_HELP_DESCRIPTION
(
"AWS security token used with temporary credentials."
)
CFGDEFDATA_OPTION_COMMAND_LIST
(
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchiveGet)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchivePush)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdBackup)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdCheck)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdExpire)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdInfo)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdLocal)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRemote)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRestore)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaCreate)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaDelete)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaUpgrade)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStart)
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStop)
)
CFGDEFDATA_OPTION_OPTIONAL_LIST
(
CFGDEFDATA_OPTION_OPTIONAL_DEPEND_LIST
(
cfgDefOptRepoType,
"s3"
)
CFGDEFDATA_OPTION_OPTIONAL_PREFIX("repo")
)
)
// -----------------------------------------------------------------------------------------------------------------------------
CFGDEFDATA_OPTION
(

1
src/config/define.auto.h
View File

@ -120,6 +120,7 @@ typedef enum
cfgDefOptRepoS3Key,
cfgDefOptRepoS3KeySecret,
cfgDefOptRepoS3Region,
cfgDefOptRepoS3Token,
cfgDefOptRepoS3VerifySsl,
cfgDefOptRepoType,
cfgDefOptResume,

12
src/config/parse.auto.c
View File

@ -1975,6 +1975,18 @@ static const struct option optionList[] =
.val = PARSE_OPTION_FLAG | PARSE_DEPRECATE_FLAG | cfgOptRepoS3Region,
},
// repo-s3-token option
// -----------------------------------------------------------------------------------------------------------------------------
{
.name = "repo1-s3-token",
.has_arg = required_argument,
.val = PARSE_OPTION_FLAG | cfgOptRepoS3Token,
},
{
.name = "reset-repo1-s3-token",
.val = PARSE_OPTION_FLAG | PARSE_RESET_FLAG | cfgOptRepoS3Token,
},
// repo-s3-verify-ssl option and deprecations
// -----------------------------------------------------------------------------------------------------------------------------
{

6
test/expect/mock-stanza-003.log
View File

@ -182,7 +182,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000001, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000001
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
@ -404,7 +404,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000002, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000002
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
@ -495,7 +495,7 @@ P00 DEBUG: Archive::Get::Get->process(): rstryCommandArg = (000000010000000
P00 DEBUG: Archive::Get::File::archiveGetFile(): bAtomic = false, strDestinationFile = [TEST_PATH]/db-master/db/base/pg_xlog/RECOVERYXLOG, strSourceArchive = 000000010000000100000002
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Get::File::archiveGetCheck(): bCheck = false, strDbVersion = [undef], strFile = 000000010000000100000002, ullDbSysId = [undef]
P00 DEBUG: Db::dbObjectGet(): bMasterOnly = true

42
test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm
View File

@ -98,7 +98,7 @@ sub run
sub {s3AuthorizationHeader(
'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
{'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', undef,
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
'({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
'SignedHeaders=host;x-amz-content-sha256;x-amz-date,' .
@ -121,6 +121,46 @@ sub run
"20170606/us-east-1/s3/aws4_request\n" .
"4f2d4ee971f579e60ba6b3895e87434e17b1260f04392f02b512c1e8bada72dd)",
'authorization header request');
$self->testResult(
sub {s3AuthorizationHeader(
'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
{'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
'AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW' .
'LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd' .
'QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU' .
'9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz' .
'+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==',
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
'({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
'SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,' .
'Signature=c12565bf5d7e0ef623f76d66e09e5431aebef803f6a25a01c586525f17e474a3,' .
' host => bucket.s3.amazonaws.com,' .
' x-amz-content-sha256 => e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,' .
' x-amz-date => 20170606T121212Z, x-amz-security-token => AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4H' .
'IZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZ' .
'ampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+sc' .
'qKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==}, ' .
"GET\n" .
"/\n" .
"list-type=2\n" .
"host:bucket.s3.amazonaws.com\n" .
"x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" .
"x-amz-date:20170606T121212Z\n" .
"x-amz-security-token:AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIe" .
"oIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlR" .
"d8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJab" .
"IQwj2ICCR/oLxBA==\n" .
"\n" .
"host;x-amz-content-sha256;x-amz-date;x-amz-security-token\n" .
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, " .
"host;x-amz-content-sha256;x-amz-date;x-amz-security-token, " .
"AWS4-HMAC-SHA256\n" .
"20170606T121212Z\n" .
"20170606/us-east-1/s3/aws4_request\n" .
"c171e7a68355ef4e0e6e1003d2d4a79a7b06e7424e3000ba619f5f7882a3251e)",
'authorization header request with token');
}
}

1
test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm
View File

@ -41,6 +41,7 @@ sub run
$self->optionTestSet(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_S3);
$self->optionTestSet(CFGOPT_REPO_S3_KEY, BOGUS);
$self->optionTestSet(CFGOPT_REPO_S3_KEY_SECRET, BOGUS);
$self->optionTestSet(CFGOPT_REPO_S3_TOKEN, BOGUS);
$self->optionTestSet(CFGOPT_REPO_S3_BUCKET, $strBucket);
$self->optionTestSet(CFGOPT_REPO_S3_ENDPOINT, $strEndpoint);
$self->optionTestSet(CFGOPT_REPO_S3_REGION, $strRegion);

1
test/src/module/help/helpTest.c
View File

@ -187,6 +187,7 @@ testRun()
" --repo-s3-key s3 repository access key\n"
" --repo-s3-key-secret s3 repository secret access key\n"
" --repo-s3-region s3 repository region\n"
" --repo-s3-token s3 repository security token\n"
" --repo-s3-verify-ssl verify S3 server certificate [default=y]\n"
" --repo-type type of storage used for the repository\n"
" [default=posix]\n"