mirror of
https://github.com/pgbackrest/pgbackrest.git
synced 2024-12-12 10:04:14 +02:00
Add repo-s3-token option to allow temporary credentials tokens to be configured.
pgBackRest currently has no way to request new credentials so the entire command (e.g. backup, restore) must complete before the credentials expire. Contributed by Yogesh Sharma.
This commit is contained in:
parent
5e090ba305
commit
6a40c916d4
@ -274,6 +274,8 @@ use constant CFGOPT_REPO_S3_HOST => CFGDEF_RE
|
||||
push @EXPORT, qw(CFGOPT_REPO_S3_HOST);
|
||||
use constant CFGOPT_REPO_S3_REGION => CFGDEF_REPO_S3 . '-region';
|
||||
push @EXPORT, qw(CFGOPT_REPO_S3_REGION);
|
||||
use constant CFGOPT_REPO_S3_TOKEN => CFGDEF_REPO_S3 . '-token';
|
||||
push @EXPORT, qw(CFGOPT_REPO_S3_TOKEN);
|
||||
use constant CFGOPT_REPO_S3_VERIFY_SSL => CFGDEF_REPO_S3 . '-verify-ssl';
|
||||
push @EXPORT, qw(CFGOPT_REPO_S3_VERIFY_SSL);
|
||||
|
||||
@ -1702,6 +1704,11 @@ my %hConfigDefine =
|
||||
},
|
||||
},
|
||||
|
||||
&CFGOPT_REPO_S3_TOKEN =>
|
||||
{
|
||||
&CFGDEF_INHERIT => CFGOPT_REPO_S3_KEY,
|
||||
},
|
||||
|
||||
&CFGOPT_REPO_S3_VERIFY_SSL =>
|
||||
{
|
||||
&CFGDEF_SECTION => CFGDEF_SECTION_GLOBAL,
|
||||
|
@ -363,6 +363,15 @@
|
||||
<example>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</example>
|
||||
</config-key>
|
||||
|
||||
<!-- CONFIG - REPO SECTION - REPO-S3-TOKEN KEY -->
|
||||
<config-key id="repo-s3-token" name="S3 Repository Security Token">
|
||||
<summary>S3 repository security token.</summary>
|
||||
|
||||
<text>AWS security token used with temporary credentials.</text>
|
||||
|
||||
<example>AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22 ...</example>
|
||||
</config-key>
|
||||
|
||||
<!-- CONFIG - REPO SECTION - REPO-S3-BUCKET KEY -->
|
||||
<config-key id="repo-s3-bucket" name="S3 Repository Bucket">
|
||||
<summary>S3 repository bucket.</summary>
|
||||
|
@ -65,6 +65,14 @@
|
||||
|
||||
<p>Add support for additional <backrest/> configuration files in the directory specified by the <br-option>--config-include-path</br-option> option. Add <br-option>--config-path</br-option> option for overriding the default base path of the <br-option>--config</br-option> and <br-option>--config-include-path</br-option> option.</p>
|
||||
</release-item>
|
||||
|
||||
<release-item>
|
||||
<release-item-contributor-list>
|
||||
<release-item-contributor id="sharma.yogesh"/>
|
||||
</release-item-contributor-list>
|
||||
|
||||
<p>Add <br-option>repo-s3-token</br-option> option to allow temporary credentials tokens to be configured. <backrest/> currently has no way to request new credentials so the entire command (e.g. <cmd>backup</cmd>, <cmd>restore</cmd>) must complete before the credentials expire.</p>
|
||||
</release-item>
|
||||
</release-feature-list>
|
||||
|
||||
<release-improvement-list>
|
||||
|
@ -195,7 +195,8 @@ sub storageRepo
|
||||
cfgOption(CFGOPT_REPO_S3_KEY), cfgOption(CFGOPT_REPO_S3_KEY_SECRET),
|
||||
{strHost => cfgOption(CFGOPT_REPO_S3_HOST, false), bVerifySsl => cfgOption(CFGOPT_REPO_S3_VERIFY_SSL, false),
|
||||
strCaPath => cfgOption(CFGOPT_REPO_S3_CA_PATH, false),
|
||||
strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE)});
|
||||
strCaFile => cfgOption(CFGOPT_REPO_S3_CA_FILE, false), lBufferMax => cfgOption(CFGOPT_BUFFER_SIZE),
|
||||
strSecurityToken => cfgOption(CFGOPT_REPO_S3_TOKEN, false)});
|
||||
}
|
||||
elsif (cfgOptionTest(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_CIFS))
|
||||
{
|
||||
|
@ -34,6 +34,8 @@ use constant S3_HEADER_CONTENT_SHA256 => 'x-amz-co
|
||||
push @EXPORT, qw(S3_HEADER_CONTENT_SHA256);
|
||||
use constant S3_HEADER_HOST => 'host';
|
||||
push @EXPORT, qw(S3_HEADER_HOST);
|
||||
use constant S3_HEADER_TOKEN => 'x-amz-security-token';
|
||||
push @EXPORT, qw(S3_HEADER_TOKEN);
|
||||
|
||||
use constant PAYLOAD_DEFAULT_HASH => sha256_hex('');
|
||||
push @EXPORT, qw(PAYLOAD_DEFAULT_HASH);
|
||||
@ -220,6 +222,7 @@ sub s3AuthorizationHeader
|
||||
$hHeader,
|
||||
$strAccessKeyId,
|
||||
$strSecretAccessKey,
|
||||
$strSecurityToken,
|
||||
$strPayloadHash,
|
||||
) =
|
||||
logDebugParam
|
||||
@ -234,6 +237,7 @@ sub s3AuthorizationHeader
|
||||
{name => 'hHeader', required => false, trace => true},
|
||||
{name => 'strAccessKeyId', redact => true, trace => true},
|
||||
{name => 'strSecretAccessKey', redact => true, trace => true},
|
||||
{name => 'strSecurityToken', required => false, redact => true, trace => true},
|
||||
{name => 'strPayloadHash', trace => true},
|
||||
);
|
||||
|
||||
@ -245,6 +249,12 @@ sub s3AuthorizationHeader
|
||||
$hHeader->{&S3_HEADER_CONTENT_SHA256} = $strPayloadHash;
|
||||
$hHeader->{&S3_HEADER_DATE} = $strDateTime;
|
||||
|
||||
# Add security token if defined
|
||||
if (defined($strSecurityToken))
|
||||
{
|
||||
$hHeader->{&S3_HEADER_TOKEN} = $strSecurityToken;
|
||||
}
|
||||
|
||||
# Create authorization string
|
||||
my ($strCanonicalRequest, $strSignedHeaders) = s3CanonicalRequest($strVerb, $strUri, $strQuery, $hHeader, $strPayloadHash);
|
||||
my $strStringToSign = s3StringToSign($strDateTime, $strRegion, sha256_hex($strCanonicalRequest));
|
||||
|
@ -72,6 +72,7 @@ sub new
|
||||
$self->{strRegion},
|
||||
$self->{strAccessKeyId},
|
||||
$self->{strSecretAccessKey},
|
||||
$self->{strSecurityToken},
|
||||
$self->{strHost},
|
||||
$self->{iPort},
|
||||
$self->{bVerifySsl},
|
||||
@ -87,6 +88,7 @@ sub new
|
||||
{name => 'strRegion'},
|
||||
{name => 'strAccessKeyId', redact => true},
|
||||
{name => 'strSecretAccessKey', redact => true},
|
||||
{name => 'strSecurityToken', optional => true, redact => true},
|
||||
{name => 'strHost', optional => true},
|
||||
{name => 'iPort', optional => true},
|
||||
{name => 'bVerifySsl', optional => true, default => true},
|
||||
@ -156,7 +158,8 @@ sub request
|
||||
# Generate authorization header
|
||||
($hHeader, my $strCanonicalRequest, my $strSignedHeaders, my $strStringToSign) = s3AuthorizationHeader(
|
||||
$self->{strRegion}, "$self->{strBucket}.$self->{strEndPoint}", $strVerb, $strUri, httpQuery($hQuery), s3DateTime(),
|
||||
$hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $hHeader->{&S3_HEADER_CONTENT_SHA256});
|
||||
$hHeader, $self->{strAccessKeyId}, $self->{strSecretAccessKey}, $self->{strSecurityToken},
|
||||
$hHeader->{&S3_HEADER_CONTENT_SHA256});
|
||||
|
||||
# Send the request
|
||||
my $oHttpClient = new pgBackRest::Common::Http::Client(
|
||||
|
@ -187,6 +187,7 @@ sub libcAutoExportTag
|
||||
'CFGOPT_REPO_S3_KEY',
|
||||
'CFGOPT_REPO_S3_KEY_SECRET',
|
||||
'CFGOPT_REPO_S3_REGION',
|
||||
'CFGOPT_REPO_S3_TOKEN',
|
||||
'CFGOPT_REPO_S3_VERIFY_SSL',
|
||||
'CFGOPT_REPO_TYPE',
|
||||
'CFGOPT_RESUME',
|
||||
|
@ -101,6 +101,7 @@ Option constants
|
||||
#define CFGOPT_REPO_S3_KEY cfgOptRepoS3Key
|
||||
#define CFGOPT_REPO_S3_KEY_SECRET cfgOptRepoS3KeySecret
|
||||
#define CFGOPT_REPO_S3_REGION cfgOptRepoS3Region
|
||||
#define CFGOPT_REPO_S3_TOKEN cfgOptRepoS3Token
|
||||
#define CFGOPT_REPO_S3_VERIFY_SSL cfgOptRepoS3VerifySsl
|
||||
#define CFGOPT_REPO_TYPE cfgOptRepoType
|
||||
#define CFGOPT_RESUME cfgOptResume
|
||||
|
@ -1327,6 +1327,14 @@ static ConfigOptionData configOptionData[CFG_OPTION_TOTAL] = CONFIG_OPTION_LIST
|
||||
CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Region)
|
||||
)
|
||||
|
||||
//------------------------------------------------------------------------------------------------------------------------------
|
||||
CONFIG_OPTION
|
||||
(
|
||||
CONFIG_OPTION_NAME("repo1-s3-token")
|
||||
CONFIG_OPTION_INDEX(0)
|
||||
CONFIG_OPTION_DEFINE_ID(cfgDefOptRepoS3Token)
|
||||
)
|
||||
|
||||
//------------------------------------------------------------------------------------------------------------------------------
|
||||
CONFIG_OPTION
|
||||
(
|
||||
|
@ -14,7 +14,7 @@ Command constants
|
||||
/***********************************************************************************************************************************
|
||||
Option constants
|
||||
***********************************************************************************************************************************/
|
||||
#define CFG_OPTION_TOTAL 160
|
||||
#define CFG_OPTION_TOTAL 161
|
||||
|
||||
/***********************************************************************************************************************************
|
||||
Command enum
|
||||
@ -117,6 +117,7 @@ typedef enum
|
||||
cfgOptRepoS3Key,
|
||||
cfgOptRepoS3KeySecret,
|
||||
cfgOptRepoS3Region,
|
||||
cfgOptRepoS3Token,
|
||||
cfgOptRepoS3VerifySsl,
|
||||
cfgOptRepoType,
|
||||
cfgOptResume,
|
||||
|
@ -3425,6 +3425,55 @@ static ConfigDefineOptionData configDefineOptionData[] = CFGDEFDATA_OPTION_LIST
|
||||
)
|
||||
)
|
||||
|
||||
// -----------------------------------------------------------------------------------------------------------------------------
|
||||
CFGDEFDATA_OPTION
|
||||
(
|
||||
CFGDEFDATA_OPTION_NAME("repo-s3-token")
|
||||
CFGDEFDATA_OPTION_REQUIRED(false)
|
||||
CFGDEFDATA_OPTION_SECTION(cfgDefSectionGlobal)
|
||||
CFGDEFDATA_OPTION_TYPE(cfgDefOptTypeString)
|
||||
CFGDEFDATA_OPTION_INTERNAL(false)
|
||||
|
||||
CFGDEFDATA_OPTION_INDEX_TOTAL(1)
|
||||
CFGDEFDATA_OPTION_SECURE(true)
|
||||
|
||||
CFGDEFDATA_OPTION_HELP_SECTION("repository")
|
||||
CFGDEFDATA_OPTION_HELP_SUMMARY("S3 repository security token.")
|
||||
CFGDEFDATA_OPTION_HELP_DESCRIPTION
|
||||
(
|
||||
"AWS security token used with temporary credentials."
|
||||
)
|
||||
|
||||
CFGDEFDATA_OPTION_COMMAND_LIST
|
||||
(
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchiveGet)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdArchivePush)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdBackup)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdCheck)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdExpire)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdInfo)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdLocal)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRemote)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdRestore)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaCreate)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaDelete)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStanzaUpgrade)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStart)
|
||||
CFGDEFDATA_OPTION_COMMAND(cfgDefCmdStop)
|
||||
)
|
||||
|
||||
CFGDEFDATA_OPTION_OPTIONAL_LIST
|
||||
(
|
||||
CFGDEFDATA_OPTION_OPTIONAL_DEPEND_LIST
|
||||
(
|
||||
cfgDefOptRepoType,
|
||||
"s3"
|
||||
)
|
||||
|
||||
CFGDEFDATA_OPTION_OPTIONAL_PREFIX("repo")
|
||||
)
|
||||
)
|
||||
|
||||
// -----------------------------------------------------------------------------------------------------------------------------
|
||||
CFGDEFDATA_OPTION
|
||||
(
|
||||
|
@ -120,6 +120,7 @@ typedef enum
|
||||
cfgDefOptRepoS3Key,
|
||||
cfgDefOptRepoS3KeySecret,
|
||||
cfgDefOptRepoS3Region,
|
||||
cfgDefOptRepoS3Token,
|
||||
cfgDefOptRepoS3VerifySsl,
|
||||
cfgDefOptRepoType,
|
||||
cfgDefOptResume,
|
||||
|
@ -1975,6 +1975,18 @@ static const struct option optionList[] =
|
||||
.val = PARSE_OPTION_FLAG | PARSE_DEPRECATE_FLAG | cfgOptRepoS3Region,
|
||||
},
|
||||
|
||||
// repo-s3-token option
|
||||
// -----------------------------------------------------------------------------------------------------------------------------
|
||||
{
|
||||
.name = "repo1-s3-token",
|
||||
.has_arg = required_argument,
|
||||
.val = PARSE_OPTION_FLAG | cfgOptRepoS3Token,
|
||||
},
|
||||
{
|
||||
.name = "reset-repo1-s3-token",
|
||||
.val = PARSE_OPTION_FLAG | PARSE_RESET_FLAG | cfgOptRepoS3Token,
|
||||
},
|
||||
|
||||
// repo-s3-verify-ssl option and deprecations
|
||||
// -----------------------------------------------------------------------------------------------------------------------------
|
||||
{
|
||||
|
@ -182,7 +182,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
|
||||
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
|
||||
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
|
||||
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000001, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
|
||||
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
|
||||
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000001
|
||||
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
|
||||
@ -404,7 +404,7 @@ P00 DEBUG: Archive::Push::Push->process(): strWalPathFile = [TEST_PATH]/db-
|
||||
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
|
||||
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
|
||||
P00 DEBUG: Archive::Push::File::archivePushFile(): bCompress = true, iCompressLevel = 3, strWalFile = 000000010000000100000002, strWalPath = [TEST_PATH]/db-master/db/base/pg_xlog
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
|
||||
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
|
||||
P00 DEBUG: Archive::Common::walInfo(): strWalFile = [TEST_PATH]/db-master/db/base/pg_xlog/000000010000000100000002
|
||||
P00 DEBUG: Archive::Common::walInfo=>: strDbVersion = 9.3, ullDbSysId = 1000000000000000093
|
||||
@ -495,7 +495,7 @@ P00 DEBUG: Archive::Get::Get->process(): rstryCommandArg = (000000010000000
|
||||
P00 DEBUG: Archive::Get::File::archiveGetFile(): bAtomic = false, strDestinationFile = [TEST_PATH]/db-master/db/base/pg_xlog/RECOVERYXLOG, strSourceArchive = 000000010000000100000002
|
||||
P00 DEBUG: Common::Lock::lockStopTest(): bStanzaStopRequired = <false>
|
||||
P00 DEBUG: Common::Lock::lockStopTest=>: bStopExists = false
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>
|
||||
P00 DEBUG: Storage::S3::Request->new(): bVerifySsl = false, iPort = [undef], lBufferMax = 4194304, strAccessKeyId = <redacted>, strBucket = pgbackrest-dev, strCaFile = [undef], strCaPath = [undef], strEndPoint = s3.amazonaws.com, strHost = [undef], strRegion = us-east-1, strSecretAccessKey = <redacted>, strSecurityToken = [undef]
|
||||
P00 DEBUG: Storage::Local->new(): bAllowTemp = <true>, hRule = [hash], lBufferMax = 4194304, oDriver = [object], strCipherPassUser = [undef], strCipherType = [undef], strDefaultFileMode = <0640>, strDefaultPathMode = <0750>, strPathBase = /, strTempExtension = pgbackrest.tmp
|
||||
P00 DEBUG: Archive::Get::File::archiveGetCheck(): bCheck = false, strDbVersion = [undef], strFile = 000000010000000100000002, ullDbSysId = [undef]
|
||||
P00 DEBUG: Db::dbObjectGet(): bMasterOnly = true
|
||||
|
@ -98,7 +98,7 @@ sub run
|
||||
sub {s3AuthorizationHeader(
|
||||
'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
|
||||
{'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
|
||||
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
|
||||
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY', undef,
|
||||
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
|
||||
'({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
|
||||
'SignedHeaders=host;x-amz-content-sha256;x-amz-date,' .
|
||||
@ -121,6 +121,46 @@ sub run
|
||||
"20170606/us-east-1/s3/aws4_request\n" .
|
||||
"4f2d4ee971f579e60ba6b3895e87434e17b1260f04392f02b512c1e8bada72dd)",
|
||||
'authorization header request');
|
||||
|
||||
$self->testResult(
|
||||
sub {s3AuthorizationHeader(
|
||||
'us-east-1', 'bucket.s3.amazonaws.com', 'GET', qw(/), 'list-type=2', '20170606T121212Z',
|
||||
{'authorization' => BOGUS, 'host' => 'bucket.s3.amazonaws.com', 'x-amz-date' => '20170606T121212Z'},
|
||||
'AKIAIOSFODNN7EXAMPLE', 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
|
||||
'AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW' .
|
||||
'LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd' .
|
||||
'QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU' .
|
||||
'9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz' .
|
||||
'+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==',
|
||||
'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855')},
|
||||
'({authorization => AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,' .
|
||||
'SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,' .
|
||||
'Signature=c12565bf5d7e0ef623f76d66e09e5431aebef803f6a25a01c586525f17e474a3,' .
|
||||
' host => bucket.s3.amazonaws.com,' .
|
||||
' x-amz-content-sha256 => e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855,' .
|
||||
' x-amz-date => 20170606T121212Z, x-amz-security-token => AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4H' .
|
||||
'IZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZ' .
|
||||
'ampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+sc' .
|
||||
'qKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==}, ' .
|
||||
"GET\n" .
|
||||
"/\n" .
|
||||
"list-type=2\n" .
|
||||
"host:bucket.s3.amazonaws.com\n" .
|
||||
"x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" .
|
||||
"x-amz-date:20170606T121212Z\n" .
|
||||
"x-amz-security-token:AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIe" .
|
||||
"oIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlR" .
|
||||
"d8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJab" .
|
||||
"IQwj2ICCR/oLxBA==\n" .
|
||||
"\n" .
|
||||
"host;x-amz-content-sha256;x-amz-date;x-amz-security-token\n" .
|
||||
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, " .
|
||||
"host;x-amz-content-sha256;x-amz-date;x-amz-security-token, " .
|
||||
"AWS4-HMAC-SHA256\n" .
|
||||
"20170606T121212Z\n" .
|
||||
"20170606/us-east-1/s3/aws4_request\n" .
|
||||
"c171e7a68355ef4e0e6e1003d2d4a79a7b06e7424e3000ba619f5f7882a3251e)",
|
||||
'authorization header request with token');
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -41,6 +41,7 @@ sub run
|
||||
$self->optionTestSet(CFGOPT_REPO_TYPE, CFGOPTVAL_REPO_TYPE_S3);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_KEY, BOGUS);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_KEY_SECRET, BOGUS);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_TOKEN, BOGUS);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_BUCKET, $strBucket);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_ENDPOINT, $strEndpoint);
|
||||
$self->optionTestSet(CFGOPT_REPO_S3_REGION, $strRegion);
|
||||
|
@ -187,6 +187,7 @@ testRun()
|
||||
" --repo-s3-key s3 repository access key\n"
|
||||
" --repo-s3-key-secret s3 repository secret access key\n"
|
||||
" --repo-s3-region s3 repository region\n"
|
||||
" --repo-s3-token s3 repository security token\n"
|
||||
" --repo-s3-verify-ssl verify S3 server certificate [default=y]\n"
|
||||
" --repo-type type of storage used for the repository\n"
|
||||
" [default=posix]\n"
|
||||
|
Loading…
Reference in New Issue
Block a user