Swift3

Bug #1411078
Comment #14

Comment 14 for bug 1411078

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-06-02: Fix merged to swift3 (master)

#14

Reviewed: https://review.openstack.org/301165
Committed: https://git.openstack.org/cgit/openstack/swift3/commit/?id=a1cc181bd8ef891d3e3b8ed71db9b41c179ced0e
Submitter: Jenkins
Branch: master

commit a1cc181bd8ef891d3e3b8ed71db9b41c179ced0e
Author: Kota Tsuyuzaki <email address hidden>
Date: Wed Aug 12 12:43:37 2015 +0300

Re:implement AWS signature v4

New algorithm that supports s3v4 was added.

What I did in this patch in detail:

- Implements v4 related code into mix-in class to provide some methods
for authentication algorithms (e.g. string_to_sign)

    - S3Timestamp everywhere. Old code take a lot of complicated timestamp
      translation from/to datetime, time, date header format (str). This
      patch gathers the translation into "timestamp" property method which
      should be actually handled in the validatation.

    - Run functional tests for both v2/v4 authentication in the same
      environment at the same time which shows evidence that we have complete
      backword compatibilities and we can adopt v4 w/o anything broken.

    *Bonus*
    - Fix some minger bugs for singed urls (almostly expired timestamp),
      for header/query mixture and for unit test case mistake.

    The reason I implemented this from Andrey's original patch is the
    signature v4 stuff is too complicated if we mixes the process/routine
    into same class because of a bunch of if/elif/else statements for header
    handling. (e.g. if 'X-Amz-Date' in req.headers) Note that it is not his
    issue, just AWS is getting complicated algorithms. However, for
    maintainansibility, we need more clear code to find easily which statement
    is supported on v2/v4 to prevent merge buggy code into master. That is why
    I tried to do this. Hopefully this code fits the original author's intention.

    NOTE for operators:
    - Signature V4 is supported only for keystone auth.
    - Set the same value of "region" configuration in keystone to "location" in
      swift3 conf file to enable SigV4.
    - Sigv2 and SigV4 can be used at the same cluster configuration.
    - This stuff has been supported since Keystone 9.0.0.0b1. (We probably
      need to bump the minimum version for keystone in requirements)

    Change-Id: I386abd4ead40f55855657e354fd8ef3fd0d13aa7
    Co-Authored-By: Andrey Pavlov <email address hidden>
    Closes-Bug: #1411078

Reviewed:  https://review.openstack.org/301165
Committed: https://git.openstack.org/cgit/openstack/swift3/commit/?id=a1cc181bd8ef891d3e3b8ed71db9b41c179ced0e
Submitter: Jenkins
Branch:    master

commit a1cc181bd8ef891d3e3b8ed71db9b41c179ced0e
Author: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date:   Wed Aug 12 12:43:37 2015 +0300

Re:implement AWS signature v4
    
    New algorithm that supports s3v4 was added.
    
    What I did in this patch in detail:
    
    - Implements v4 related code into mix-in class to provide some methods
      for authentication algorithms (e.g. string_to_sign)
    
    - S3Timestamp everywhere. Old code take a lot of complicated timestamp
      translation from/to datetime, time, date header format (str). This
      patch gathers the translation into "timestamp" property method which
      should be actually handled in the validatation.
    
    - Run functional tests for both v2/v4 authentication in the same
      environment at the same time which shows evidence that we have complete
      backword compatibilities and we can adopt v4 w/o anything broken.
    
    *Bonus*
    - Fix some minger bugs for singed urls (almostly expired timestamp),
      for header/query mixture and for unit test case mistake.
    
    The reason I implemented this from Andrey's original patch is the
    signature v4 stuff is too complicated if we mixes the process/routine
    into same class because of a bunch of if/elif/else statements for header
    handling. (e.g. if 'X-Amz-Date' in req.headers) Note that it is not his
    issue, just AWS is getting complicated algorithms. However, for
    maintainansibility, we need more clear code to find easily which statement
    is supported on v2/v4 to prevent merge buggy code into master. That is why
    I tried to do this. Hopefully this code fits the original author's intention.
    
    NOTE for operators:
    - Signature V4 is supported only for keystone auth.
    - Set the same value of "region" configuration in keystone to "location" in
      swift3 conf file to enable SigV4.
    - Sigv2 and SigV4 can be used at the same cluster configuration.
    - This stuff has been supported since Keystone 9.0.0.0b1. (We probably
      need to bump the minimum version for keystone in requirements)
    
    Change-Id: I386abd4ead40f55855657e354fd8ef3fd0d13aa7
    Co-Authored-By: Andrey Pavlov <andrey-mp@yandex.ru>
    Closes-Bug: #1411078