diff --git a/build/lib/pgBackRestBuild/Config/Data.pm b/build/lib/pgBackRestBuild/Config/Data.pm index 3568d6195..6e661f51a 100644 --- a/build/lib/pgBackRestBuild/Config/Data.pm +++ b/build/lib/pgBackRestBuild/Config/Data.pm @@ -274,6 +274,8 @@ use constant CFGOPT_REPO_S3_HOST => CFGDEF_RE push @EXPORT, qw(CFGOPT_REPO_S3_HOST); use constant CFGOPT_REPO_S3_REGION => CFGDEF_REPO_S3 . '-region'; push @EXPORT, qw(CFGOPT_REPO_S3_REGION); +use constant CFGOPT_REPO_S3_TOKEN => CFGDEF_REPO_S3 . '-token'; + push @EXPORT, qw(CFGOPT_REPO_S3_TOKEN); use constant CFGOPT_REPO_S3_VERIFY_SSL => CFGDEF_REPO_S3 . '-verify-ssl'; push @EXPORT, qw(CFGOPT_REPO_S3_VERIFY_SSL); @@ -1702,6 +1704,11 @@ my %hConfigDefine = }, }, + &CFGOPT_REPO_S3_TOKEN => + { + &CFGDEF_INHERIT => CFGOPT_REPO_S3_KEY, + }, + &CFGOPT_REPO_S3_VERIFY_SSL => { &CFGDEF_SECTION => CFGDEF_SECTION_GLOBAL, diff --git a/doc/xml/reference.xml b/doc/xml/reference.xml index 93677b94f..69fff4199 100644 --- a/doc/xml/reference.xml +++ b/doc/xml/reference.xml @@ -363,6 +363,15 @@ wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY + + + S3 repository security token. + + AWS security token used with temporary credentials. + + AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22 ... + + S3 repository bucket. diff --git a/doc/xml/release.xml b/doc/xml/release.xml index f01310826..57cfea996 100644 --- a/doc/xml/release.xml +++ b/doc/xml/release.xml @@ -65,6 +65,14 @@

Add support for additional configuration files in the directory specified by the --config-include-path option. Add --config-path option for overriding the default base path of the --config and --config-include-path option.

+ + + + + + +

Add repo-s3-token option to allow temporary credentials tokens to be configured. currently has no way to request new credentials so the entire command (e.g. backup, restore) must complete before the credentials expire.

+
diff --git a/lib/pgBackRest/Protocol/Storage/Helper.pm b/lib/pgBackRest/Protocol/Storage/Helper.pm index 7e03319da..57ca70870 100644 --- a/lib/pgBackRest/Protocol/Storage/Helper.pm +++ b/lib/pgBackRest/Protocol/Storage/Helper.pm @@ -195,7 +195,8 @@ sub storageRepo cfgOption(CFGOPT_REPO_S3_KEY), cfgOption(CFGOPT_REPO_S3_KEY_SECRET), {strHost => cfgOption(CFGOPT_REPO_S3_HOST, false), bVerifySsl => cfgOption(CFGOPT_REPO_S3_VERIFY_SSL, false), strCaPath => cfgOption(CFGOPT_REPO_S3_CA_PATH, false), - strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE)}); + strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE), + strSecurityToken => cfgOption(CFGOPT_REPO_S3_TOKEN, false)}); } elsif (cfgOptionTest(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_CIFS)) { diff --git a/lib/pgBackRest/Storage/S3/Auth.pm b/lib/pgBackRest/Storage/S3/Auth.pm index b855a9afd..ca08f9205 100644 --- a/lib/pgBackRest/Storage/S3/Auth.pm +++ b/lib/pgBackRest/Storage/S3/Auth.pm @@ -34,6 +34,8 @@ use constant S3_HEADER_CONTENT_SHA256 => 'x-amz-co push @EXPORT, qw(S3_HEADER_CONTENT_SHA256); use constant S3_HEADER_HOST => 'host'; push @EXPORT, qw(S3_HEADER_HOST); +use constant S3_HEADER_TOKEN => 'x-amz-security-token'; + push @EXPORT, qw(S3_HEADER_TOKEN); use constant PAYLOAD_DEFAULT_HASH => sha256_hex(''); push @EXPORT, qw(PAYLOAD_DEFAULT_HASH); @@ -220,6 +222,7 @@ sub s3AuthorizationHeader $hHeader, $strAccessKeyId, $strSecretAccessKey, + $strSecurityToken, $strPayloadHash, ) = logDebugParam @@ -234,6 +237,7 @@ sub s3AuthorizationHeader {name => 'hHeader', required => false, trace => true}, {name => 'strAccessKeyId', redact => true, trace => true}, {name => 'strSecretAccessKey', redact => true, trace => true}, + {name => 'strSecurityToken', required => false, redact => true, trace => true}, {name => 'strPayloadHash', trace => true}, ); @@ -245,6 +249,12 @@ sub s3AuthorizationHeader $hHeader->{&S3_HEADER_CONTENT_SHA256} = $strPayloadHash; $hHeader->{&S3_HEADER_DATE} = $strDateTime; + # Add security token if defined + if (defined($strSecurityToken)) + { + $hHeader->{&S3_HEADER_TOKEN} = $strSecurityToken; + } + # Create authorization string my ($strCanonicalRequest, $strSignedHeaders) = s3CanonicalRequest($strVerb, $strUri, $strQuery, $hHeader, $strPayloadHash); my $strStringToSign = s3StringToSign($strDateTime, $strRegion, sha256_hex($strCanonicalRequest)); diff --git a/lib/pgBackRest/Storage/S3/Request.pm b/lib/pgBackRest/Storage/S3/Request.pm index af5971e3e..759e98526 100644 --- a/lib/pgBackRest/Storage/S3/Request.pm +++ b/lib/pgBackRest/Storage/S3/Request.pm @@ -72,6 +72,7 @@ sub new $self->{strRegion}, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, + $self->{strSecurityToken}, $self->{strHost}, $self->{iPort}, $self->{bVerifySsl}, @@ -87,6 +88,7 @@ sub new {name => 'strRegion'}, {name => 'strAccessKeyId', redact => true}, {name => 'strSecretAccessKey', redact => true}, + {name => 'strSecurityToken', optional => true, redact => true}, {name => 'strHost', optional => true}, {name => 'iPort', optional => true}, {name => 'bVerifySsl', optional => true, default => true}, @@ -156,7 +158,8 @@ sub request # Generate authorization header ($hHeader, my $strCanonicalRequest, my $strSignedHeaders, my $strStringToSign) = s3AuthorizationHeader( $self->{strRegion}, "$self->{strBucket}.$self->{strEndPoint}", $strVerb, $strUri, httpQuery($hQuery), s3DateTime(), - $hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $hHeader->{&S3_HEADER_CONTENT_SHA256}); + $hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $self->{strSecurityToken}, + $hHeader->{&S3_HEADER_CONTENT_SHA256}); # Send the request my $oHttpClient = new pgBackRest::Common::Http::Client( diff --git a/libc/lib/pgBackRest/LibCAuto.pm b/libc/lib/pgBackRest/LibCAuto.pm index 13353a85f..55579a779 100644 --- a/libc/lib/pgBackRest/LibCAuto.pm +++ b/libc/lib/pgBackRest/LibCAuto.pm @@ -187,6 +187,7 @@ sub libcAutoExportTag 'CFGOPT_REPO_S3_KEY', 'CFGOPT_REPO_S3_KEY_SECRET', 'CFGOPT_REPO_S3_REGION', + 'CFGOPT_REPO_S3_TOKEN', 'CFGOPT_REPO_S3_VERIFY_SSL', 'CFGOPT_REPO_TYPE', 'CFGOPT_RESUME', diff --git a/libc/xs/config/config.auto.xsh b/libc/xs/config/config.auto.xsh index 6fb85cb03..79be698fa 100644 --- a/libc/xs/config/config.auto.xsh +++ b/libc/xs/config/config.auto.xsh @@ -101,6 +101,7 @@ Option constants #define CFGOPT_REPO_S3_KEY cfgOptRepoS3Key #define CFGOPT_REPO_S3_KEY_SECRET cfgOptRepoS3KeySecret #define CFGOPT_REPO_S3_REGION cfgOptRepoS3Region +#define CFGOPT_REPO_S3_TOKEN cfgOptRepoS3Token #define CFGOPT_REPO_S3_VERIFY_SSL cfgOptRepoS3VerifySsl #define CFGOPT_REPO_TYPE cfgOptRepoType #define CFGOPT_RESUME cfgOptResume diff --git a/src/config/config.auto.c b/src/config/config.auto.c index bc0800ef0..dc38ff8c5 100644 --- a/src/config/config.auto.c +++ b/src/config/config.auto.c @@ -1327,6 +1327,14 @@ static ConfigOptionData configOptionData[CFG_OPTION_TOTAL] = CONFIG_OPTION_LIST CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Region) ) + //------------------------------------------------------------------------------------------------------------------------------ + CONFIG_OPTION + ( + CONFIG_OPTION_NAME("repo1-s3-token") + CONFIG_OPTION_INDEX(0) + CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Token) + ) + //------------------------------------------------------------------------------------------------------------------------------ CONFIG_OPTION ( diff --git a/src/config/config.auto.h b/src/config/config.auto.h index 71d32165f..f4a0ddc22 100644 --- a/src/config/config.auto.h +++ b/src/config/config.auto.h @@ -14,7 +14,7 @@ Command constants /*********************************************************************************************************************************** Option constants ***********************************************************************************************************************************/ -#define CFG_OPTION_TOTAL 160 +#define CFG_OPTION_TOTAL 161 /*********************************************************************************************************************************** Command enum @@ -117,6 +117,7 @@ typedef enum cfgOptRepoS3Key, cfgOptRepoS3KeySecret, cfgOptRepoS3Region, + cfgOptRepoS3Token, cfgOptRepoS3VerifySsl, cfgOptRepoType, cfgOptResume, diff --git a/src/config/define.auto.c b/src/config/define.auto.c index edca2f911..7496751a0 100644 --- a/src/config/define.auto.c +++ b/src/config/define.auto.c @@ -3425,6 +3425,55 @@ static ConfigDefineOptionData configDefineOptionData[] = CFGDEFDATA_OPTION_LIST ) ) + // ----------------------------------------------------------------------------------------------------------------------------- + CFGDEFDATA_OPTION + ( + CFGDEFDATA_OPTION_NAME("repo-s3-token") + CFGDEFDATA_OPTION_REQUIRED(false) + CFGDEFDATA_OPTION_SECTION(cfgDefSectionGlobal) + CFGDEFDATA_OPTION_TYPE(cfgDefOptTypeString) + CFGDEFDATA_OPTION_INTERNAL(false) + + CFGDEFDATA_OPTION_INDEX_TOTAL(1) + CFGDEFDATA_OPTION_SECURE(true) + + CFGDEFDATA_OPTION_HELP_SECTION("repository") + CFGDEFDATA_OPTION_HELP_SUMMARY("S3 repository security token.") + CFGDEFDATA_OPTION_HELP_DESCRIPTION + ( + "AWS security token used with temporary credentials." + ) + + CFGDEFDATA_OPTION_COMMAND_LIST + ( + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchiveGet) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchivePush) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdBackup) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdCheck) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdExpire) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdInfo) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdLocal) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRemote) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRestore) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaCreate) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaDelete) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaUpgrade) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStart) + CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStop) + ) + + CFGDEFDATA_OPTION_OPTIONAL_LIST + ( + CFGDEFDATA_OPTION_OPTIONAL_DEPEND_LIST + ( + cfgDefOptRepoType, + "s3" + ) + + CFGDEFDATA_OPTION_OPTIONAL_PREFIX("repo") + ) + ) + // ----------------------------------------------------------------------------------------------------------------------------- CFGDEFDATA_OPTION ( diff --git a/src/config/define.auto.h b/src/config/define.auto.h index f179f2501..b7ebb95d8 100644 --- a/src/config/define.auto.h +++ b/src/config/define.auto.h @@ -120,6 +120,7 @@ typedef enum cfgDefOptRepoS3Key, cfgDefOptRepoS3KeySecret, cfgDefOptRepoS3Region, + cfgDefOptRepoS3Token, cfgDefOptRepoS3VerifySsl, cfgDefOptRepoType, cfgDefOptResume, diff --git a/src/config/parse.auto.c b/src/config/parse.auto.c index 4aed5f78b..aa8b2c6b9 100644 --- a/src/config/parse.auto.c +++ b/src/config/parse.auto.c @@ -1975,6 +1975,18 @@ static const struct option optionList[] = .val = PARSE_OPTION_FLAG | PARSE_DEPRECATE_FLAG | cfgOptRepoS3Region, }, + // repo-s3-token option + // ----------------------------------------------------------------------------------------------------------------------------- + { + .name = "repo1-s3-token", + .has_arg = required_argument, + .val = PARSE_OPTION_FLAG | cfgOptRepoS3Token, + }, + { + .name = "reset-repo1-s3-token", + .val = PARSE_OPTION_FLAG | PARSE_RESET_FLAG | cfgOptRepoS3Token, + }, + // repo-s3-verify-ssl option and deprecations // ----------------------------------------------------------------------------------------------------------------------------- { diff --git a/test/expect/mock-stanza-003.log b/test/expect/mock-stanza-003.log index 2bacf8c53..ec98f578a 100644 --- a/test/expect/mock-stanza-003.log +++ b/test/expect/mock-stanza-003.log @@ -182,7 +182,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db- P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000001, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog -P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = +P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef] P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000001 P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093 @@ -404,7 +404,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db- P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000002, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog -P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = +P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef] P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000002 P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093 @@ -495,7 +495,7 @@ P00 DEBUG: Archive::Get::Get->process(): rstryCommandArg = (000000010000000 P00 DEBUG: Archive::Get::File::archiveGetFile(): bAtomic = false, strDestinationFile = [TEST_PATH]/db-master/db/base/pg_xlog/RECOVERYXLOG, strSourceArchive = 000000010000000100000002 P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false -P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = +P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef] P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp P00 DEBUG: Archive::Get::File::archiveGetCheck(): bCheck = false, strDbVersion = [undef], strFile = 000000010000000100000002, ullDbSysId = [undef] P00 DEBUG: Db::dbObjectGet(): bMasterOnly = true diff --git a/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm b/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm index 50bfcd36b..48f2bb857 100644 --- a/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm +++ b/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm @@ -98,7 +98,7 @@ sub run sub {s3AuthorizationHeader( 'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z', {'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'}, - 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', + 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', undef, 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')}, '({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' . 'SignedHeaders=host;x-amz-content-sha256;x-amz-date,' . @@ -121,6 +121,46 @@ sub run "20170606/us-east-1/s3/aws4_request\n" . "4f2d4ee971f579e60ba6b3895e87434e17b1260f04392f02b512c1e8bada72dd)", 'authorization header request'); + + $self->testResult( + sub {s3AuthorizationHeader( + 'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z', + {'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'}, + 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', + 'AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW' . + 'LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd' . + 'QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU' . + '9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz' . + '+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==', + 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')}, + '({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' . + 'SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,' . + 'Signature=c12565bf5d7e0ef623f76d66e09e5431aebef803f6a25a01c586525f17e474a3,' . + ' host => bucket.s3.amazonaws.com,' . + ' x-amz-content-sha256 => e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,' . + ' x-amz-date => 20170606T121212Z, x-amz-security-token => AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4H' . + 'IZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZ' . + 'ampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+sc' . + 'qKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==}, ' . + "GET\n" . + "/\n" . + "list-type=2\n" . + "host:bucket.s3.amazonaws.com\n" . + "x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" . + "x-amz-date:20170606T121212Z\n" . + "x-amz-security-token:AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIe" . + "oIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlR" . + "d8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJab" . + "IQwj2ICCR/oLxBA==\n" . + "\n" . + "host;x-amz-content-sha256;x-amz-date;x-amz-security-token\n" . + "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, " . + "host;x-amz-content-sha256;x-amz-date;x-amz-security-token, " . + "AWS4-HMAC-SHA256\n" . + "20170606T121212Z\n" . + "20170606/us-east-1/s3/aws4_request\n" . + "c171e7a68355ef4e0e6e1003d2d4a79a7b06e7424e3000ba619f5f7882a3251e)", + 'authorization header request with token'); } } diff --git a/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm b/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm index bcd437f3c..328c609de 100644 --- a/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm +++ b/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm @@ -41,6 +41,7 @@ sub run $self->optionTestSet(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_S3); $self->optionTestSet(CFGOPT_REPO_S3_KEY, BOGUS); $self->optionTestSet(CFGOPT_REPO_S3_KEY_SECRET, BOGUS); + $self->optionTestSet(CFGOPT_REPO_S3_TOKEN, BOGUS); $self->optionTestSet(CFGOPT_REPO_S3_BUCKET, $strBucket); $self->optionTestSet(CFGOPT_REPO_S3_ENDPOINT, $strEndpoint); $self->optionTestSet(CFGOPT_REPO_S3_REGION, $strRegion); diff --git a/test/src/module/help/helpTest.c b/test/src/module/help/helpTest.c index e5844f88b..284e33b49 100644 --- a/test/src/module/help/helpTest.c +++ b/test/src/module/help/helpTest.c @@ -187,6 +187,7 @@ testRun() " --repo-s3-key s3 repository access key\n" " --repo-s3-key-secret s3 repository secret access key\n" " --repo-s3-region s3 repository region\n" + " --repo-s3-token s3 repository security token\n" " --repo-s3-verify-ssl verify S3 server certificate [default=y]\n" " --repo-type type of storage used for the repository\n" " [default=posix]\n"