S3 repository bucket.
diff --git a/doc/xml/release.xml b/doc/xml/release.xml
index f01310826..57cfea996 100644
--- a/doc/xml/release.xml
+++ b/doc/xml/release.xml
@@ -65,6 +65,14 @@
Add support for additional configuration files in the directory specified by the --config-include-path option. Add --config-path option for overriding the default base path of the --config and --config-include-path option.
+
+
+
+
+
+
+ Add repo-s3-token option to allow temporary credentials tokens to be configured. currently has no way to request new credentials so the entire command (e.g. backup, restore) must complete before the credentials expire.
+
diff --git a/lib/pgBackRest/Protocol/Storage/Helper.pm b/lib/pgBackRest/Protocol/Storage/Helper.pm
index 7e03319da..57ca70870 100644
--- a/lib/pgBackRest/Protocol/Storage/Helper.pm
+++ b/lib/pgBackRest/Protocol/Storage/Helper.pm
@@ -195,7 +195,8 @@ sub storageRepo
cfgOption(CFGOPT_REPO_S3_KEY), cfgOption(CFGOPT_REPO_S3_KEY_SECRET),
{strHost => cfgOption(CFGOPT_REPO_S3_HOST, false), bVerifySsl => cfgOption(CFGOPT_REPO_S3_VERIFY_SSL, false),
strCaPath => cfgOption(CFGOPT_REPO_S3_CA_PATH, false),
- strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE)});
+ strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE),
+ strSecurityToken => cfgOption(CFGOPT_REPO_S3_TOKEN, false)});
}
elsif (cfgOptionTest(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_CIFS))
{
diff --git a/lib/pgBackRest/Storage/S3/Auth.pm b/lib/pgBackRest/Storage/S3/Auth.pm
index b855a9afd..ca08f9205 100644
--- a/lib/pgBackRest/Storage/S3/Auth.pm
+++ b/lib/pgBackRest/Storage/S3/Auth.pm
@@ -34,6 +34,8 @@ use constant S3_HEADER_CONTENT_SHA256 => 'x-amz-co
push @EXPORT, qw(S3_HEADER_CONTENT_SHA256);
use constant S3_HEADER_HOST => 'host';
push @EXPORT, qw(S3_HEADER_HOST);
+use constant S3_HEADER_TOKEN => 'x-amz-security-token';
+ push @EXPORT, qw(S3_HEADER_TOKEN);
use constant PAYLOAD_DEFAULT_HASH => sha256_hex('');
push @EXPORT, qw(PAYLOAD_DEFAULT_HASH);
@@ -220,6 +222,7 @@ sub s3AuthorizationHeader
$hHeader,
$strAccessKeyId,
$strSecretAccessKey,
+ $strSecurityToken,
$strPayloadHash,
) =
logDebugParam
@@ -234,6 +237,7 @@ sub s3AuthorizationHeader
{name => 'hHeader', required => false, trace => true},
{name => 'strAccessKeyId', redact => true, trace => true},
{name => 'strSecretAccessKey', redact => true, trace => true},
+ {name => 'strSecurityToken', required => false, redact => true, trace => true},
{name => 'strPayloadHash', trace => true},
);
@@ -245,6 +249,12 @@ sub s3AuthorizationHeader
$hHeader->{&S3_HEADER_CONTENT_SHA256} = $strPayloadHash;
$hHeader->{&S3_HEADER_DATE} = $strDateTime;
+ # Add security token if defined
+ if (defined($strSecurityToken))
+ {
+ $hHeader->{&S3_HEADER_TOKEN} = $strSecurityToken;
+ }
+
# Create authorization string
my ($strCanonicalRequest, $strSignedHeaders) = s3CanonicalRequest($strVerb, $strUri, $strQuery, $hHeader, $strPayloadHash);
my $strStringToSign = s3StringToSign($strDateTime, $strRegion, sha256_hex($strCanonicalRequest));
diff --git a/lib/pgBackRest/Storage/S3/Request.pm b/lib/pgBackRest/Storage/S3/Request.pm
index af5971e3e..759e98526 100644
--- a/lib/pgBackRest/Storage/S3/Request.pm
+++ b/lib/pgBackRest/Storage/S3/Request.pm
@@ -72,6 +72,7 @@ sub new
$self->{strRegion},
$self->{strAccessKeyId},
$self->{strSecretAccessKey},
+ $self->{strSecurityToken},
$self->{strHost},
$self->{iPort},
$self->{bVerifySsl},
@@ -87,6 +88,7 @@ sub new
{name => 'strRegion'},
{name => 'strAccessKeyId', redact => true},
{name => 'strSecretAccessKey', redact => true},
+ {name => 'strSecurityToken', optional => true, redact => true},
{name => 'strHost', optional => true},
{name => 'iPort', optional => true},
{name => 'bVerifySsl', optional => true, default => true},
@@ -156,7 +158,8 @@ sub request
# Generate authorization header
($hHeader, my $strCanonicalRequest, my $strSignedHeaders, my $strStringToSign) = s3AuthorizationHeader(
$self->{strRegion}, "$self->{strBucket}.$self->{strEndPoint}", $strVerb, $strUri, httpQuery($hQuery), s3DateTime(),
- $hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $hHeader->{&S3_HEADER_CONTENT_SHA256});
+ $hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $self->{strSecurityToken},
+ $hHeader->{&S3_HEADER_CONTENT_SHA256});
# Send the request
my $oHttpClient = new pgBackRest::Common::Http::Client(
diff --git a/libc/lib/pgBackRest/LibCAuto.pm b/libc/lib/pgBackRest/LibCAuto.pm
index 13353a85f..55579a779 100644
--- a/libc/lib/pgBackRest/LibCAuto.pm
+++ b/libc/lib/pgBackRest/LibCAuto.pm
@@ -187,6 +187,7 @@ sub libcAutoExportTag
'CFGOPT_REPO_S3_KEY',
'CFGOPT_REPO_S3_KEY_SECRET',
'CFGOPT_REPO_S3_REGION',
+ 'CFGOPT_REPO_S3_TOKEN',
'CFGOPT_REPO_S3_VERIFY_SSL',
'CFGOPT_REPO_TYPE',
'CFGOPT_RESUME',
diff --git a/libc/xs/config/config.auto.xsh b/libc/xs/config/config.auto.xsh
index 6fb85cb03..79be698fa 100644
--- a/libc/xs/config/config.auto.xsh
+++ b/libc/xs/config/config.auto.xsh
@@ -101,6 +101,7 @@ Option constants
#define CFGOPT_REPO_S3_KEY cfgOptRepoS3Key
#define CFGOPT_REPO_S3_KEY_SECRET cfgOptRepoS3KeySecret
#define CFGOPT_REPO_S3_REGION cfgOptRepoS3Region
+#define CFGOPT_REPO_S3_TOKEN cfgOptRepoS3Token
#define CFGOPT_REPO_S3_VERIFY_SSL cfgOptRepoS3VerifySsl
#define CFGOPT_REPO_TYPE cfgOptRepoType
#define CFGOPT_RESUME cfgOptResume
diff --git a/src/config/config.auto.c b/src/config/config.auto.c
index bc0800ef0..dc38ff8c5 100644
--- a/src/config/config.auto.c
+++ b/src/config/config.auto.c
@@ -1327,6 +1327,14 @@ static ConfigOptionData configOptionData[CFG_OPTION_TOTAL] = CONFIG_OPTION_LIST
CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Region)
)
+ //------------------------------------------------------------------------------------------------------------------------------
+ CONFIG_OPTION
+ (
+ CONFIG_OPTION_NAME("repo1-s3-token")
+ CONFIG_OPTION_INDEX(0)
+ CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Token)
+ )
+
//------------------------------------------------------------------------------------------------------------------------------
CONFIG_OPTION
(
diff --git a/src/config/config.auto.h b/src/config/config.auto.h
index 71d32165f..f4a0ddc22 100644
--- a/src/config/config.auto.h
+++ b/src/config/config.auto.h
@@ -14,7 +14,7 @@ Command constants
/***********************************************************************************************************************************
Option constants
***********************************************************************************************************************************/
-#define CFG_OPTION_TOTAL 160
+#define CFG_OPTION_TOTAL 161
/***********************************************************************************************************************************
Command enum
@@ -117,6 +117,7 @@ typedef enum
cfgOptRepoS3Key,
cfgOptRepoS3KeySecret,
cfgOptRepoS3Region,
+ cfgOptRepoS3Token,
cfgOptRepoS3VerifySsl,
cfgOptRepoType,
cfgOptResume,
diff --git a/src/config/define.auto.c b/src/config/define.auto.c
index edca2f911..7496751a0 100644
--- a/src/config/define.auto.c
+++ b/src/config/define.auto.c
@@ -3425,6 +3425,55 @@ static ConfigDefineOptionData configDefineOptionData[] = CFGDEFDATA_OPTION_LIST
)
)
+ // -----------------------------------------------------------------------------------------------------------------------------
+ CFGDEFDATA_OPTION
+ (
+ CFGDEFDATA_OPTION_NAME("repo-s3-token")
+ CFGDEFDATA_OPTION_REQUIRED(false)
+ CFGDEFDATA_OPTION_SECTION(cfgDefSectionGlobal)
+ CFGDEFDATA_OPTION_TYPE(cfgDefOptTypeString)
+ CFGDEFDATA_OPTION_INTERNAL(false)
+
+ CFGDEFDATA_OPTION_INDEX_TOTAL(1)
+ CFGDEFDATA_OPTION_SECURE(true)
+
+ CFGDEFDATA_OPTION_HELP_SECTION("repository")
+ CFGDEFDATA_OPTION_HELP_SUMMARY("S3 repository security token.")
+ CFGDEFDATA_OPTION_HELP_DESCRIPTION
+ (
+ "AWS security token used with temporary credentials."
+ )
+
+ CFGDEFDATA_OPTION_COMMAND_LIST
+ (
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchiveGet)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchivePush)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdBackup)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdCheck)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdExpire)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdInfo)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdLocal)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRemote)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRestore)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaCreate)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaDelete)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaUpgrade)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStart)
+ CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStop)
+ )
+
+ CFGDEFDATA_OPTION_OPTIONAL_LIST
+ (
+ CFGDEFDATA_OPTION_OPTIONAL_DEPEND_LIST
+ (
+ cfgDefOptRepoType,
+ "s3"
+ )
+
+ CFGDEFDATA_OPTION_OPTIONAL_PREFIX("repo")
+ )
+ )
+
// -----------------------------------------------------------------------------------------------------------------------------
CFGDEFDATA_OPTION
(
diff --git a/src/config/define.auto.h b/src/config/define.auto.h
index f179f2501..b7ebb95d8 100644
--- a/src/config/define.auto.h
+++ b/src/config/define.auto.h
@@ -120,6 +120,7 @@ typedef enum
cfgDefOptRepoS3Key,
cfgDefOptRepoS3KeySecret,
cfgDefOptRepoS3Region,
+ cfgDefOptRepoS3Token,
cfgDefOptRepoS3VerifySsl,
cfgDefOptRepoType,
cfgDefOptResume,
diff --git a/src/config/parse.auto.c b/src/config/parse.auto.c
index 4aed5f78b..aa8b2c6b9 100644
--- a/src/config/parse.auto.c
+++ b/src/config/parse.auto.c
@@ -1975,6 +1975,18 @@ static const struct option optionList[] =
.val = PARSE_OPTION_FLAG | PARSE_DEPRECATE_FLAG | cfgOptRepoS3Region,
},
+ // repo-s3-token option
+ // -----------------------------------------------------------------------------------------------------------------------------
+ {
+ .name = "repo1-s3-token",
+ .has_arg = required_argument,
+ .val = PARSE_OPTION_FLAG | cfgOptRepoS3Token,
+ },
+ {
+ .name = "reset-repo1-s3-token",
+ .val = PARSE_OPTION_FLAG | PARSE_RESET_FLAG | cfgOptRepoS3Token,
+ },
+
// repo-s3-verify-ssl option and deprecations
// -----------------------------------------------------------------------------------------------------------------------------
{
diff --git a/test/expect/mock-stanza-003.log b/test/expect/mock-stanza-003.log
index 2bacf8c53..ec98f578a 100644
--- a/test/expect/mock-stanza-003.log
+++ b/test/expect/mock-stanza-003.log
@@ -182,7 +182,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired =
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000001, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
-P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey =
+P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000001
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
@@ -404,7 +404,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired =
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000002, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
-P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey =
+P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000002
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
@@ -495,7 +495,7 @@ P00 DEBUG: Archive::Get::Get->process(): rstryCommandArg = (000000010000000
P00 DEBUG: Archive::Get::File::archiveGetFile(): bAtomic = false, strDestinationFile = [TEST_PATH]/db-master/db/base/pg_xlog/RECOVERYXLOG, strSourceArchive = 000000010000000100000002
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired =
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
-P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey =
+P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = , strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = , strSecurityToken = [undef]
P00 DEBUG: Storage::Local->new(): bAllowTemp = , hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
P00 DEBUG: Archive::Get::File::archiveGetCheck(): bCheck = false, strDbVersion = [undef], strFile = 000000010000000100000002, ullDbSysId = [undef]
P00 DEBUG: Db::dbObjectGet(): bMasterOnly = true
diff --git a/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm b/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm
index 50bfcd36b..48f2bb857 100644
--- a/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm
+++ b/test/lib/pgBackRestTest/Module/Storage/StorageS3AuthPerlTest.pm
@@ -98,7 +98,7 @@ sub run
sub {s3AuthorizationHeader(
'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
{'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
- 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+ 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', undef,
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
'({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
'SignedHeaders=host;x-amz-content-sha256;x-amz-date,' .
@@ -121,6 +121,46 @@ sub run
"20170606/us-east-1/s3/aws4_request\n" .
"4f2d4ee971f579e60ba6b3895e87434e17b1260f04392f02b512c1e8bada72dd)",
'authorization header request');
+
+ $self->testResult(
+ sub {s3AuthorizationHeader(
+ 'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
+ {'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
+ 'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
+ 'AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW' .
+ 'LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd' .
+ 'QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU' .
+ '9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz' .
+ '+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==',
+ 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
+ '({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
+ 'SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,' .
+ 'Signature=c12565bf5d7e0ef623f76d66e09e5431aebef803f6a25a01c586525f17e474a3,' .
+ ' host => bucket.s3.amazonaws.com,' .
+ ' x-amz-content-sha256 => e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,' .
+ ' x-amz-date => 20170606T121212Z, x-amz-security-token => AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4H' .
+ 'IZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZ' .
+ 'ampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+sc' .
+ 'qKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==}, ' .
+ "GET\n" .
+ "/\n" .
+ "list-type=2\n" .
+ "host:bucket.s3.amazonaws.com\n" .
+ "x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" .
+ "x-amz-date:20170606T121212Z\n" .
+ "x-amz-security-token:AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIe" .
+ "oIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlR" .
+ "d8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJab" .
+ "IQwj2ICCR/oLxBA==\n" .
+ "\n" .
+ "host;x-amz-content-sha256;x-amz-date;x-amz-security-token\n" .
+ "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, " .
+ "host;x-amz-content-sha256;x-amz-date;x-amz-security-token, " .
+ "AWS4-HMAC-SHA256\n" .
+ "20170606T121212Z\n" .
+ "20170606/us-east-1/s3/aws4_request\n" .
+ "c171e7a68355ef4e0e6e1003d2d4a79a7b06e7424e3000ba619f5f7882a3251e)",
+ 'authorization header request with token');
}
}
diff --git a/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm b/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm
index bcd437f3c..328c609de 100644
--- a/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm
+++ b/test/lib/pgBackRestTest/Module/Storage/StorageS3CertPerlTest.pm
@@ -41,6 +41,7 @@ sub run
$self->optionTestSet(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_S3);
$self->optionTestSet(CFGOPT_REPO_S3_KEY, BOGUS);
$self->optionTestSet(CFGOPT_REPO_S3_KEY_SECRET, BOGUS);
+ $self->optionTestSet(CFGOPT_REPO_S3_TOKEN, BOGUS);
$self->optionTestSet(CFGOPT_REPO_S3_BUCKET, $strBucket);
$self->optionTestSet(CFGOPT_REPO_S3_ENDPOINT, $strEndpoint);
$self->optionTestSet(CFGOPT_REPO_S3_REGION, $strRegion);
diff --git a/test/src/module/help/helpTest.c b/test/src/module/help/helpTest.c
index e5844f88b..284e33b49 100644
--- a/test/src/module/help/helpTest.c
+++ b/test/src/module/help/helpTest.c
@@ -187,6 +187,7 @@ testRun()
" --repo-s3-key s3 repository access key\n"
" --repo-s3-key-secret s3 repository secret access key\n"
" --repo-s3-region s3 repository region\n"
+ " --repo-s3-token s3 repository security token\n"
" --repo-s3-verify-ssl verify S3 server certificate [default=y]\n"
" --repo-type type of storage used for the repository\n"
" [default=posix]\n"