diff options
Diffstat (limited to 'vendor/github.com/minio/minio-go')
39 files changed, 231 insertions, 2258 deletions
diff --git a/vendor/github.com/minio/minio-go/api-presigned.go b/vendor/github.com/minio/minio-go/api-presigned.go index ece005d47..f9d05ab9b 100644 --- a/vendor/github.com/minio/minio-go/api-presigned.go +++ b/vendor/github.com/minio/minio-go/api-presigned.go @@ -122,38 +122,21 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str return nil, nil, err } - // Get credentials from the configured credentials provider. - credValues, err := c.credsProvider.Get() - if err != nil { - return nil, nil, err - } - - var ( - signerType = credValues.SignerType - sessionToken = credValues.SessionToken - accessKeyID = credValues.AccessKeyID - secretAccessKey = credValues.SecretAccessKey - ) - - if signerType.IsAnonymous() { - return nil, nil, ErrInvalidArgument("Presigned operations are not supported for anonymous credentials") - } - // Keep time. t := time.Now().UTC() // For signature version '2' handle here. - if signerType.IsV2() { + if c.signature.isV2() { policyBase64 := p.base64() p.formData["policy"] = policyBase64 // For Google endpoint set this value to be 'GoogleAccessId'. if s3utils.IsGoogleEndpoint(c.endpointURL) { - p.formData["GoogleAccessId"] = accessKeyID + p.formData["GoogleAccessId"] = c.accessKeyID } else { // For all other endpoints set this value to be 'AWSAccessKeyId'. - p.formData["AWSAccessKeyId"] = accessKeyID + p.formData["AWSAccessKeyId"] = c.accessKeyID } // Sign the policy. - p.formData["signature"] = s3signer.PostPresignSignatureV2(policyBase64, secretAccessKey) + p.formData["signature"] = s3signer.PostPresignSignatureV2(policyBase64, c.secretAccessKey) return u, p.formData, nil } @@ -176,7 +159,7 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str } // Add a credential policy. - credential := s3signer.GetCredential(accessKeyID, location, t) + credential := s3signer.GetCredential(c.accessKeyID, location, t) if err = p.addNewPolicy(policyCondition{ matchType: "eq", condition: "$x-amz-credential", @@ -185,27 +168,13 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str return nil, nil, err } - if sessionToken != "" { - if err = p.addNewPolicy(policyCondition{ - matchType: "eq", - condition: "$x-amz-security-token", - value: sessionToken, - }); err != nil { - return nil, nil, err - } - } - // Get base64 encoded policy. policyBase64 := p.base64() - // Fill in the form data. p.formData["policy"] = policyBase64 p.formData["x-amz-algorithm"] = signV4Algorithm p.formData["x-amz-credential"] = credential p.formData["x-amz-date"] = t.Format(iso8601DateFormat) - if sessionToken != "" { - p.formData["x-amz-security-token"] = sessionToken - } - p.formData["x-amz-signature"] = s3signer.PostPresignSignatureV4(policyBase64, t, secretAccessKey, location) + p.formData["x-amz-signature"] = s3signer.PostPresignSignatureV4(policyBase64, t, c.secretAccessKey, location) return u, p.formData, nil } diff --git a/vendor/github.com/minio/minio-go/api-put-bucket.go b/vendor/github.com/minio/minio-go/api-put-bucket.go index 2d91e6d16..001da6de3 100644 --- a/vendor/github.com/minio/minio-go/api-put-bucket.go +++ b/vendor/github.com/minio/minio-go/api-put-bucket.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015, 2016 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +28,6 @@ import ( "net/url" "path" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/policy" "github.com/minio/minio-go/pkg/s3signer" ) @@ -91,7 +89,7 @@ func (c Client) MakeBucket(bucketName string, location string) (err error) { if resp.StatusCode != http.StatusOK { err := httpRespToErrorResponse(resp, bucketName, "") errResp := ToErrorResponse(err) - if resp.StatusCode == http.StatusBadRequest && errResp.Region != "" { + if errResp.Code == "InvalidRegion" && errResp.Region != "" { // Fetch bucket region found in headers // of S3 error response, attempt bucket // create again. @@ -137,32 +135,9 @@ func (c Client) makeBucketRequest(bucketName string, location string) (*http.Req // set UserAgent for the request. c.setUserAgent(req) - // Get credentials from the configured credentials provider. - value, err := c.credsProvider.Get() - if err != nil { - return nil, err - } - - var ( - signerType = value.SignerType - accessKeyID = value.AccessKeyID - secretAccessKey = value.SecretAccessKey - sessionToken = value.SessionToken - ) - - // Custom signer set then override the behavior. - if c.overrideSignerType != credentials.SignatureDefault { - signerType = c.overrideSignerType - } - - // If signerType returned by credentials helper is anonymous, - // then do not sign regardless of signerType override. - if value.SignerType == credentials.SignatureAnonymous { - signerType = credentials.SignatureAnonymous - } - - // set sha256 sum for signature calculation only with signature version '4'. - if signerType.IsV4() { + // set sha256 sum for signature calculation only with + // signature version '4'. + if c.signature.isV4() { req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{}))) } @@ -180,19 +155,19 @@ func (c Client) makeBucketRequest(bucketName string, location string) (*http.Req req.ContentLength = int64(len(createBucketConfigBytes)) // Set content-md5. req.Header.Set("Content-Md5", base64.StdEncoding.EncodeToString(sumMD5(createBucketConfigBytes))) - if signerType.IsV4() { + if c.signature.isV4() { // Set sha256. req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256(createBucketConfigBytes))) } } // Sign the request. - if signerType.IsV4() { + if c.signature.isV4() { // Signature calculated for MakeBucket request should be for 'us-east-1', // regardless of the bucket's location constraint. - req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1") - } else if signerType.IsV2() { - req = s3signer.SignV2(*req, accessKeyID, secretAccessKey) + req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1") + } else if c.signature.isV2() { + req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey) } // Return signed request. diff --git a/vendor/github.com/minio/minio-go/api-put-bucket_test.go b/vendor/github.com/minio/minio-go/api-put-bucket_test.go index 4f7ddb30e..ec33c8492 100644 --- a/vendor/github.com/minio/minio-go/api-put-bucket_test.go +++ b/vendor/github.com/minio/minio-go/api-put-bucket_test.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015, 2016 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +27,6 @@ import ( "path" "testing" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/s3signer" ) @@ -50,32 +48,8 @@ func TestMakeBucketRequest(t *testing.T) { // set UserAgent for the request. c.setUserAgent(req) - // Get credentials from the configured credentials provider. - value, err := c.credsProvider.Get() - if err != nil { - return nil, err - } - - var ( - signerType = value.SignerType - accessKeyID = value.AccessKeyID - secretAccessKey = value.SecretAccessKey - sessionToken = value.SessionToken - ) - - // Custom signer set then override the behavior. - if c.overrideSignerType != credentials.SignatureDefault { - signerType = c.overrideSignerType - } - - // If signerType returned by credentials helper is anonymous, - // then do not sign regardless of signerType override. - if value.SignerType == credentials.SignatureAnonymous { - signerType = credentials.SignatureAnonymous - } - // set sha256 sum for signature calculation only with signature version '4'. - if signerType.IsV4() { + if c.signature.isV4() { req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{}))) } @@ -93,19 +67,19 @@ func TestMakeBucketRequest(t *testing.T) { req.ContentLength = int64(len(createBucketConfigBytes)) // Set content-md5. req.Header.Set("Content-Md5", base64.StdEncoding.EncodeToString(sumMD5(createBucketConfigBytes))) - if signerType.IsV4() { + if c.signature.isV4() { // Set sha256. req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256(createBucketConfigBytes))) } } // Sign the request. - if signerType.IsV4() { + if c.signature.isV4() { // Signature calculated for MakeBucket request should be for 'us-east-1', // regardless of the bucket's location constraint. - req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1") - } else if signerType.IsV2() { - req = s3signer.SignV2(*req, accessKeyID, secretAccessKey) + req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1") + } else if c.signature.isV2() { + req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey) } // Return signed request. @@ -272,7 +246,7 @@ func TestMakeBucketRequest(t *testing.T) { } if expectedReq.Header.Get("X-Amz-Content-Sha256") != actualReq.Header.Get("X-Amz-Content-Sha256") { - t.Errorf("Test %d: 'X-Amz-Content-Sha256' header of the expected request %s doesn't match with that of the actual request %s", i+1, expectedReq.Header.Get("X-Amz-Content-Sha256"), actualReq.Header.Get("X-Amz-Content-Sha256")) + t.Errorf("Test %d: 'X-Amz-Content-Sha256' header of the expected request doesn't match with that of the actual request", i+1) } if expectedReq.Header.Get("User-Agent") != actualReq.Header.Get("User-Agent") { t.Errorf("Test %d: Expected 'User-Agent' header to be \"%s\",but found \"%s\" instead", i+1, expectedReq.Header.Get("User-Agent"), actualReq.Header.Get("User-Agent")) diff --git a/vendor/github.com/minio/minio-go/api-put-object-file.go b/vendor/github.com/minio/minio-go/api-put-object-file.go index fc475c9a3..09fec769d 100644 --- a/vendor/github.com/minio/minio-go/api-put-object-file.go +++ b/vendor/github.com/minio/minio-go/api-put-object-file.go @@ -182,7 +182,7 @@ func (c Client) putObjectMultipartFromFile(bucketName, objectName string, fileRe hashAlgos := make(map[string]hash.Hash) hashSums := make(map[string][]byte) hashAlgos["md5"] = md5.New() - if c.overrideSignerType.IsV4() && !c.secure { + if c.signature.isV4() && !c.secure { hashAlgos["sha256"] = sha256.New() } diff --git a/vendor/github.com/minio/minio-go/api-put-object-multipart.go b/vendor/github.com/minio/minio-go/api-put-object-multipart.go index 5134a7fd2..3a299f65b 100644 --- a/vendor/github.com/minio/minio-go/api-put-object-multipart.go +++ b/vendor/github.com/minio/minio-go/api-put-object-multipart.go @@ -213,7 +213,7 @@ func (c Client) putObjectMultipartStream(bucketName, objectName string, reader i hashSums := make(map[string][]byte) hashAlgos := make(map[string]hash.Hash) hashAlgos["md5"] = md5.New() - if c.overrideSignerType.IsV4() && !c.secure { + if c.signature.isV4() && !c.secure { hashAlgos["sha256"] = sha256.New() } diff --git a/vendor/github.com/minio/minio-go/api-put-object-progress.go b/vendor/github.com/minio/minio-go/api-put-object-progress.go index e5b24ad2a..f3844127e 100644 --- a/vendor/github.com/minio/minio-go/api-put-object-progress.go +++ b/vendor/github.com/minio/minio-go/api-put-object-progress.go @@ -20,7 +20,6 @@ import ( "io" "strings" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/encrypt" "github.com/minio/minio-go/pkg/s3utils" ) @@ -104,7 +103,6 @@ func (c Client) PutObjectWithMetadata(bucketName, objectName string, reader io.R if size < minPartSize && size >= 0 { return c.putObjectSingle(bucketName, objectName, reader, size, metaData, progress) } - // For all sizes greater than 5MiB do multipart. n, err = c.putObjectMultipart(bucketName, objectName, reader, size, metaData, progress) if err != nil { @@ -145,8 +143,8 @@ func (c Client) PutObjectStreamingWithProgress(bucketName, objectName string, re BucketName: bucketName, } } - - if c.overrideSignerType.IsV2() { + // This method should return error with signature v2 minioClient. + if c.signature.isV2() { return 0, ErrorResponse{ Code: "NotImplemented", Message: "AWS streaming signature v4 is not supported with minio client initialized for AWS signature v2", @@ -175,8 +173,8 @@ func (c Client) PutObjectStreamingWithProgress(bucketName, objectName string, re return c.putObjectMultipartStream(bucketName, objectName, reader, size, metadata, progress) } - // Set streaming signature. - c.overrideSignerType = credentials.SignatureV4Streaming + // Set signature type to streaming signature v4. + c.signature = SignatureV4Streaming if size < minPartSize && size >= 0 { return c.putObjectNoChecksum(bucketName, objectName, reader, size, metadata, progress) diff --git a/vendor/github.com/minio/minio-go/api-put-object-readat.go b/vendor/github.com/minio/minio-go/api-put-object-readat.go index 0083d41fa..ebf422638 100644 --- a/vendor/github.com/minio/minio-go/api-put-object-readat.go +++ b/vendor/github.com/minio/minio-go/api-put-object-readat.go @@ -146,7 +146,7 @@ func (c Client) putObjectMultipartFromReadAt(bucketName, objectName string, read hashSums := make(map[string][]byte) hashAlgos := make(map[string]hash.Hash) hashAlgos["md5"] = md5.New() - if c.overrideSignerType.IsV4() && !c.secure { + if c.signature.isV4() && !c.secure { hashAlgos["sha256"] = sha256.New() } diff --git a/vendor/github.com/minio/minio-go/api-put-object.go b/vendor/github.com/minio/minio-go/api-put-object.go index 0b6848fff..e218075df 100644 --- a/vendor/github.com/minio/minio-go/api-put-object.go +++ b/vendor/github.com/minio/minio-go/api-put-object.go @@ -109,24 +109,14 @@ func getReaderSize(reader io.Reader) (size int64, err error) { case "|0", "|1": return } - var pos int64 - pos, err = v.Seek(0, 1) // SeekCurrent. - if err != nil { - return -1, err - } - size = st.Size() - pos + size = st.Size() case *Object: var st ObjectInfo st, err = v.Stat() if err != nil { return } - var pos int64 - pos, err = v.Seek(0, 1) // SeekCurrent. - if err != nil { - return -1, err - } - size = st.Size - pos + size = st.Size } } // Returns the size here. @@ -210,7 +200,7 @@ func (c Client) putObjectSingle(bucketName, objectName string, reader io.Reader, hashAlgos := make(map[string]hash.Hash) hashSums := make(map[string][]byte) hashAlgos["md5"] = md5.New() - if c.overrideSignerType.IsV4() && !c.secure { + if c.signature.isV4() && !c.secure { hashAlgos["sha256"] = sha256.New() } diff --git a/vendor/github.com/minio/minio-go/api.go b/vendor/github.com/minio/minio-go/api.go index c04034a86..a563a18d4 100644 --- a/vendor/github.com/minio/minio-go/api.go +++ b/vendor/github.com/minio/minio-go/api.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015, 2016 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +35,6 @@ import ( "sync" "time" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/s3signer" "github.com/minio/minio-go/pkg/s3utils" ) @@ -48,11 +46,14 @@ type Client struct { // Parsed endpoint url provided by the user. endpointURL url.URL - // Holds various credential providers. - credsProvider *credentials.Credentials - - // Custom signerType value overrides all credentials. - overrideSignerType credentials.SignatureType + // AccessKeyID required for authorized requests. + accessKeyID string + // SecretAccessKey required for authorized requests. + secretAccessKey string + // Choose a signature type if necessary. + signature SignatureType + // Set to 'true' if Client has no access and secret keys. + anonymous bool // User supplied. appInfo struct { @@ -99,58 +100,58 @@ const ( // NewV2 - instantiate minio client with Amazon S3 signature version // '2' compatibility. func NewV2(endpoint string, accessKeyID, secretAccessKey string, secure bool) (*Client, error) { - creds := credentials.NewStaticV2(accessKeyID, secretAccessKey, "") - clnt, err := privateNew(endpoint, creds, secure, "") + clnt, err := privateNew(endpoint, accessKeyID, secretAccessKey, secure) if err != nil { return nil, err } - clnt.overrideSignerType = credentials.SignatureV2 + + // Set to use signature version '2'. + clnt.signature = SignatureV2 return clnt, nil } // NewV4 - instantiate minio client with Amazon S3 signature version // '4' compatibility. func NewV4(endpoint string, accessKeyID, secretAccessKey string, secure bool) (*Client, error) { - creds := credentials.NewStaticV4(accessKeyID, secretAccessKey, "") - clnt, err := privateNew(endpoint, creds, secure, "") + clnt, err := privateNew(endpoint, accessKeyID, secretAccessKey, secure) if err != nil { return nil, err } - clnt.overrideSignerType = credentials.SignatureV4 + + // Set to use signature version '4'. + clnt.signature = SignatureV4 return clnt, nil } -// New - instantiate minio client, adds automatic verification of signature. +// New - instantiate minio client Client, adds automatic verification of signature. func New(endpoint, accessKeyID, secretAccessKey string, secure bool) (*Client, error) { - creds := credentials.NewStaticV4(accessKeyID, secretAccessKey, "") - clnt, err := privateNew(endpoint, creds, secure, "") + return NewWithRegion(endpoint, accessKeyID, secretAccessKey, secure, "") +} + +// NewWithRegion - instantiate minio client, with region configured. Unlike New(), +// NewWithRegion avoids bucket-location lookup operations and it is slightly faster. +// Use this function when if your application deals with single region. +func NewWithRegion(endpoint, accessKeyID, secretAccessKey string, secure bool, region string) (*Client, error) { + clnt, err := privateNew(endpoint, accessKeyID, secretAccessKey, secure) if err != nil { return nil, err } + // Google cloud storage should be set to signature V2, force it if not. if s3utils.IsGoogleEndpoint(clnt.endpointURL) { - clnt.overrideSignerType = credentials.SignatureV2 + clnt.signature = SignatureV2 } - // If Amazon S3 set to signature v4. + + // If Amazon S3 set to signature v2.n if s3utils.IsAmazonEndpoint(clnt.endpointURL) { - clnt.overrideSignerType = credentials.SignatureV4 + clnt.signature = SignatureV4 } - return clnt, nil -} -// NewWithCredentials - instantiate minio client with credentials provider -// for retrieving credentials from various credentials provider such as -// IAM, File, Env etc. -func NewWithCredentials(endpoint string, creds *credentials.Credentials, secure bool, region string) (*Client, error) { - return privateNew(endpoint, creds, secure, region) -} + // Sets custom region, if region is empty bucket location cache is used automatically. + clnt.region = region -// NewWithRegion - instantiate minio client, with region configured. Unlike New(), -// NewWithRegion avoids bucket-location lookup operations and it is slightly faster. -// Use this function when if your application deals with single region. -func NewWithRegion(endpoint, accessKeyID, secretAccessKey string, secure bool, region string) (*Client, error) { - creds := credentials.NewStaticV4(accessKeyID, secretAccessKey, "") - return privateNew(endpoint, creds, secure, region) + // Success.. + return clnt, nil } // lockedRandSource provides protected rand source, implements rand.Source interface. @@ -187,7 +188,7 @@ func redirectHeaders(req *http.Request, via []*http.Request) error { return nil } -func privateNew(endpoint string, creds *credentials.Credentials, secure bool, region string) (*Client, error) { +func privateNew(endpoint, accessKeyID, secretAccessKey string, secure bool) (*Client, error) { // construct endpoint. endpointURL, err := getEndpointURL(endpoint, secure) if err != nil { @@ -196,9 +197,8 @@ func privateNew(endpoint string, creds *credentials.Credentials, secure bool, re // instantiate new Client. clnt := new(Client) - - // Save the credentials. - clnt.credsProvider = creds + clnt.accessKeyID = accessKeyID + clnt.secretAccessKey = secretAccessKey // Remember whether we are using https or not clnt.secure = secure @@ -212,10 +212,7 @@ func privateNew(endpoint string, creds *credentials.Credentials, secure bool, re CheckRedirect: redirectHeaders, } - // Sets custom region, if region is empty bucket location cache is used automatically. - clnt.region = region - - // Instantiate bucket location cache. + // Instantiae bucket location cache. clnt.bucketLocCache = newBucketLocationCache() // Introduce a new locked random seed. @@ -317,12 +314,11 @@ var regSign = regexp.MustCompile("Signature=([[0-9a-f]+)") // Filter out signature value from Authorization header. func (c Client) filterSignature(req *http.Request) { - origAuth := req.Header.Get("Authorization") - if origAuth != "" { + if _, ok := req.Header["Authorization"]; !ok { return } - - if !strings.HasPrefix(origAuth, signV4Algorithm) { + // Handle if Signature V2. + if c.signature.isV2() { // Set a temporary redacted auth req.Header.Set("Authorization", "AWS **REDACTED**:**REDACTED**") return @@ -330,6 +326,8 @@ func (c Client) filterSignature(req *http.Request) { /// Signature V4 authorization header. + // Save the original auth. + origAuth := req.Header.Get("Authorization") // Strip out accessKeyID from: // Credential=<access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request newAuth := regCred.ReplaceAllString(origAuth, "Credential=**REDACTED**/") @@ -339,7 +337,6 @@ func (c Client) filterSignature(req *http.Request) { // Set a temporary redacted auth req.Header.Set("Authorization", newAuth) - return } @@ -556,7 +553,7 @@ func (c Client) executeMethod(method string, metadata requestMetadata) (res *htt // Bucket region if set in error response and the error // code dictates invalid region, we can retry the request // with the new region. - if res.StatusCode == http.StatusBadRequest && errResponse.Region != "" { + if errResponse.Code == "InvalidRegion" && errResponse.Region != "" { c.bucketLocCache.Set(metadata.bucketName, errResponse.Region) continue // Retry. } @@ -617,41 +614,20 @@ func (c Client) newRequest(method string, metadata requestMetadata) (req *http.R return nil, err } - // Get credentials from the configured credentials provider. - value, err := c.credsProvider.Get() - if err != nil { - return nil, err - } - - var ( - signerType = value.SignerType - accessKeyID = value.AccessKeyID - secretAccessKey = value.SecretAccessKey - sessionToken = value.SessionToken - ) - - // Custom signer set then override the behavior. - if c.overrideSignerType != credentials.SignatureDefault { - signerType = c.overrideSignerType - } - - // If signerType returned by credentials helper is anonymous, - // then do not sign regardless of signerType override. - if value.SignerType == credentials.SignatureAnonymous { - signerType = credentials.SignatureAnonymous - } + // Anonymous request. + anonymous := c.accessKeyID == "" || c.secretAccessKey == "" // Generate presign url if needed, return right here. if metadata.expires != 0 && metadata.presignURL { - if signerType.IsAnonymous() { - return nil, ErrInvalidArgument("Presigned URLs cannot be generated with anonymous credentials.") + if anonymous { + return nil, ErrInvalidArgument("Requests cannot be presigned with anonymous credentials.") } - if signerType.IsV2() { + if c.signature.isV2() { // Presign URL with signature v2. - req = s3signer.PreSignV2(*req, accessKeyID, secretAccessKey, metadata.expires) - } else if signerType.IsV4() { + req = s3signer.PreSignV2(*req, c.accessKeyID, c.secretAccessKey, metadata.expires) + } else if c.signature.isV4() { // Presign URL with signature v4. - req = s3signer.PreSignV4(*req, accessKeyID, secretAccessKey, sessionToken, location, metadata.expires) + req = s3signer.PreSignV4(*req, c.accessKeyID, c.secretAccessKey, location, metadata.expires) } return req, nil } @@ -674,18 +650,17 @@ func (c Client) newRequest(method string, metadata requestMetadata) (req *http.R req.Header.Set("Content-Md5", base64.StdEncoding.EncodeToString(metadata.contentMD5Bytes)) } - // For anonymous requests just return. - if signerType.IsAnonymous() { + if anonymous { return req, nil - } + } // Sign the request for all authenticated requests. switch { - case signerType.IsV2(): + case c.signature.isV2(): // Add signature version '2' authorization header. - req = s3signer.SignV2(*req, accessKeyID, secretAccessKey) - case signerType.IsStreamingV4() && method == "PUT": - req = s3signer.StreamingSignV4(req, accessKeyID, - secretAccessKey, sessionToken, location, metadata.contentLength, time.Now().UTC()) + req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey) + case c.signature.isStreamingV4() && method == "PUT": + req = s3signer.StreamingSignV4(req, c.accessKeyID, + c.secretAccessKey, location, metadata.contentLength, time.Now().UTC()) default: // Set sha256 sum for signature calculation only with signature version '4'. shaHeader := unsignedPayload @@ -695,7 +670,7 @@ func (c Client) newRequest(method string, metadata requestMetadata) (req *http.R req.Header.Set("X-Amz-Content-Sha256", shaHeader) // Add signature version '4' authorization header. - req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, location) + req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, location) } // Return request. @@ -757,16 +732,13 @@ func (c Client) makeTargetURL(bucketName, objectName, bucketLocation string, que } } } - // If there are any query values, add them to the end. if len(queryValues) > 0 { urlStr = urlStr + "?" + s3utils.QueryEncode(queryValues) } - u, err := url.Parse(urlStr) if err != nil { return nil, err } - return u, nil } diff --git a/vendor/github.com/minio/minio-go/api_functional_v4_test.go b/vendor/github.com/minio/minio-go/api_functional_v4_test.go index a553ea2cd..b5e6d128a 100644 --- a/vendor/github.com/minio/minio-go/api_functional_v4_test.go +++ b/vendor/github.com/minio/minio-go/api_functional_v4_test.go @@ -18,6 +18,7 @@ package minio import ( "bytes" + crand "crypto/rand" "encoding/hex" "errors" "fmt" @@ -200,10 +201,14 @@ func TestPutObjectReadAt(t *testing.T) { } // Generate data using 4 parts so that all 3 'workers' are utilized and a part is leftover. - // Use different data for each part for multipart tests to ensure part order at the end. - var buf []byte - for i := 0; i < 4; i++ { - buf = append(buf, bytes.Repeat([]byte(string('a'+i)), minPartSize)...) + buf := make([]byte, minPartSize*4) + // Use crand.Reader for multipart tests to ensure part order at the end. + size, err := io.ReadFull(crand.Reader, buf) + if err != nil { + t.Fatal("Error:", err) + } + if size != minPartSize*4 { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize*4, size) } // Save the data @@ -290,10 +295,14 @@ func TestPutObjectWithMetadata(t *testing.T) { } // Generate data using 2 parts - // Use different data in each part for multipart tests to ensure part order at the end. - var buf []byte - for i := 0; i < 2; i++ { - buf = append(buf, bytes.Repeat([]byte(string('a'+i)), minPartSize)...) + buf := make([]byte, minPartSize*2) + // Use crand.Reader for multipart tests to ensure part order at the end. + size, err := io.ReadFull(crand.Reader, buf) + if err != nil { + t.Fatal("Error:", err) + } + if size != minPartSize*2 { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize*2, size) } // Save the data @@ -847,6 +856,7 @@ func TestResumablePutObject(t *testing.T) { t.Fatal("Error:", err) } r := bytes.NewReader(bytes.Repeat([]byte("b"), minPartSize*2)) + // Copy 11MiB worth of random data. n, err := io.CopyN(file, r, minPartSize*2) if err != nil { t.Fatal("Error:", err) @@ -962,13 +972,16 @@ func TestResumableFPutObject(t *testing.T) { } // Upload 4 parts to use all 3 multipart 'workers' and have an extra part. - // Use different data in each part for multipart tests to ensure parts are uploaded in correct order. - var buffer []byte - for i := 0; i < 4; i++ { - buffer = append(buffer, bytes.Repeat([]byte(string('a'+i)), minPartSize)...) + buffer := make([]byte, minPartSize*4) + // Use crand.Reader for multipart tests to ensure parts are uploaded in correct order. + size, err := io.ReadFull(crand.Reader, buffer) + if err != nil { + t.Fatal("Error:", err) } - - size, err := file.Write(buffer) + if size != minPartSize*4 { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize*4, size) + } + size, err = file.Write(buffer) if err != nil { t.Fatal("Error:", err) } @@ -1050,12 +1063,16 @@ func TestFPutObjectMultipart(t *testing.T) { } // Upload 4 parts to utilize all 3 'workers' in multipart and still have a part to upload. - var buffer []byte - for i := 0; i < 4; i++ { - buffer = append(buffer, bytes.Repeat([]byte(string('a'+i)), minPartSize)...) - } + buffer := make([]byte, minPartSize*4) - size, err := file.Write(buffer) + size, err := io.ReadFull(crand.Reader, buffer) + if err != nil { + t.Fatal("Error:", err) + } + if size != minPartSize*4 { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize*4, size) + } + size, err = file.Write(buffer) if err != nil { t.Fatal("Error:", err) } @@ -1151,14 +1168,18 @@ func TestFPutObject(t *testing.T) { } // Upload 4 parts worth of data to use all 3 of multiparts 'workers' and have an extra part. - // Use different data in part for multipart tests to check parts are uploaded in correct order. - var buffer []byte - for i := 0; i < 4; i++ { - buffer = append(buffer, bytes.Repeat([]byte(string('a'+i)), minPartSize)...) + buffer := make([]byte, minPartSize*4) + // Use random data for multipart tests to check parts are uploaded in correct order. + size, err := io.ReadFull(crand.Reader, buffer) + if err != nil { + t.Fatal("Error:", err) + } + if size != minPartSize*4 { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize*4, size) } // Write the data to the file. - size, err := file.Write(buffer) + size, err = file.Write(buffer) if err != nil { t.Fatal("Error:", err) } @@ -2477,97 +2498,3 @@ func TestGetObjectObjectModified(t *testing.T) { t.Errorf("Expected ReadAt to fail with error %s but received %s", s3ErrorResponseMap["PreconditionFailed"], err.Error()) } } - -// Test validates putObject to upload a file seeked at a given offset. -func TestPutObjectUploadSeekedObject(t *testing.T) { - if testing.Short() { - t.Skip("skipping functional tests for the short runs") - } - - // Instantiate new minio client object. - c, err := NewV4( - os.Getenv("S3_ADDRESS"), - os.Getenv("ACCESS_KEY"), - os.Getenv("SECRET_KEY"), - mustParseBool(os.Getenv("S3_SECURE")), - ) - if err != nil { - t.Fatal("Error:", err) - } - - // Enable tracing, write to stderr. - // c.TraceOn(os.Stderr) - - // Set user agent. - c.SetAppInfo("Minio-go-FunctionalTest", "0.1.0") - - // Make a new bucket. - bucketName := randString(60, rand.NewSource(time.Now().UnixNano()), "minio-go-test") - err = c.MakeBucket(bucketName, "us-east-1") - if err != nil { - t.Fatal("Error:", err, bucketName) - } - defer c.RemoveBucket(bucketName) - - tempfile, err := ioutil.TempFile("", "minio-go-upload-test-") - if err != nil { - t.Fatal("Error:", err) - } - - var length = 120000 - data := bytes.Repeat([]byte("1"), length) - - if _, err = tempfile.Write(data); err != nil { - t.Fatal("Error:", err) - } - - objectName := fmt.Sprintf("test-file-%v", rand.Uint32()) - - offset := length / 2 - if _, err := tempfile.Seek(int64(offset), 0); err != nil { - t.Fatal("Error:", err) - } - - n, err := c.PutObject(bucketName, objectName, tempfile, "binary/octet-stream") - if err != nil { - t.Fatal("Error:", err) - } - if n != int64(length-offset) { - t.Fatalf("Invalid length returned, want %v, got %v", int64(length-offset), n) - } - tempfile.Close() - if err = os.Remove(tempfile.Name()); err != nil { - t.Fatal("Error:", err) - } - - length = int(n) - - obj, err := c.GetObject(bucketName, objectName) - if err != nil { - t.Fatal("Error:", err) - } - - n, err = obj.Seek(int64(offset), 0) - if err != nil { - t.Fatal("Error:", err) - } - if n != int64(offset) { - t.Fatalf("Invalid offset returned, want %v, got %v", int64(offset), n) - } - - n, err = c.PutObject(bucketName, objectName+"getobject", obj, "binary/octet-stream") - if err != nil { - t.Fatal("Error:", err) - } - if n != int64(length-offset) { - t.Fatalf("Invalid length returned, want %v, got %v", int64(length-offset), n) - } - - if err = c.RemoveObject(bucketName, objectName); err != nil { - t.Fatal("Error:", err) - } - - if err = c.RemoveObject(bucketName, objectName+"getobject"); err != nil { - t.Fatal("Error:", err) - } -} diff --git a/vendor/github.com/minio/minio-go/api_unit_test.go b/vendor/github.com/minio/minio-go/api_unit_test.go index 7bb5802bf..c1db0df5d 100644 --- a/vendor/github.com/minio/minio-go/api_unit_test.go +++ b/vendor/github.com/minio/minio-go/api_unit_test.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +25,6 @@ import ( "strings" "testing" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/policy" ) @@ -230,18 +228,18 @@ func TestErrorResponse(t *testing.T) { // Tests signature type. func TestSignatureType(t *testing.T) { clnt := Client{} - if !clnt.overrideSignerType.IsV4() { + if !clnt.signature.isV4() { t.Fatal("Error") } - clnt.overrideSignerType = credentials.SignatureV2 - if !clnt.overrideSignerType.IsV2() { + clnt.signature = SignatureV2 + if !clnt.signature.isV2() { t.Fatal("Error") } - if clnt.overrideSignerType.IsV4() { + if clnt.signature.isV4() { t.Fatal("Error") } - clnt.overrideSignerType = credentials.SignatureV4 - if !clnt.overrideSignerType.IsV4() { + clnt.signature = SignatureV4 + if !clnt.signature.isV4() { t.Fatal("Error") } } diff --git a/vendor/github.com/minio/minio-go/appveyor.yml b/vendor/github.com/minio/minio-go/appveyor.yml index 4f5c1b390..be746a7bf 100644 --- a/vendor/github.com/minio/minio-go/appveyor.yml +++ b/vendor/github.com/minio/minio-go/appveyor.yml @@ -17,8 +17,6 @@ install: - go version - go env - go get -u github.com/golang/lint/golint - - go get -u github.com/go-ini/ini - - go get -u github.com/minio/go-homedir - go get -u github.com/remyoudompheng/go-misc/deadcode - go get -u github.com/gordonklaus/ineffassign diff --git a/vendor/github.com/minio/minio-go/bucket-cache.go b/vendor/github.com/minio/minio-go/bucket-cache.go index 7e7cc7717..28799c69d 100644 --- a/vendor/github.com/minio/minio-go/bucket-cache.go +++ b/vendor/github.com/minio/minio-go/bucket-cache.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +23,6 @@ import ( "path" "sync" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/s3signer" "github.com/minio/minio-go/pkg/s3utils" ) @@ -183,33 +181,8 @@ func (c Client) getBucketLocationRequest(bucketName string) (*http.Request, erro // Set UserAgent for the request. c.setUserAgent(req) - // Get credentials from the configured credentials provider. - value, err := c.credsProvider.Get() - if err != nil { - return nil, err - } - - var ( - signerType = value.SignerType - accessKeyID = value.AccessKeyID - secretAccessKey = value.SecretAccessKey - sessionToken = value.SessionToken - ) - - // Custom signer set then override the behavior. - if c.overrideSignerType != credentials.SignatureDefault { - signerType = c.overrideSignerType - } - - // If signerType returned by credentials helper is anonymous, - // then do not sign regardless of signerType override. - if value.SignerType == credentials.SignatureAnonymous { - signerType = credentials.SignatureAnonymous - } - // Set sha256 sum for signature calculation only with signature version '4'. - switch { - case signerType.IsV4(): + if c.signature.isV4() { var contentSha256 string if c.secure { contentSha256 = unsignedPayload @@ -217,10 +190,13 @@ func (c Client) getBucketLocationRequest(bucketName string) (*http.Request, erro contentSha256 = hex.EncodeToString(sum256([]byte{})) } req.Header.Set("X-Amz-Content-Sha256", contentSha256) - req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1") - case signerType.IsV2(): - req = s3signer.SignV2(*req, accessKeyID, secretAccessKey) } + // Sign the request. + if c.signature.isV4() { + req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1") + } else if c.signature.isV2() { + req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey) + } return req, nil } diff --git a/vendor/github.com/minio/minio-go/bucket-cache_test.go b/vendor/github.com/minio/minio-go/bucket-cache_test.go index 6ae4e7be4..0c068c966 100644 --- a/vendor/github.com/minio/minio-go/bucket-cache_test.go +++ b/vendor/github.com/minio/minio-go/bucket-cache_test.go @@ -1,6 +1,5 @@ /* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2015, 2016, 2017 Minio, Inc. + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2016, 2016 Minio, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +27,6 @@ import ( "reflect" "testing" - "github.com/minio/minio-go/pkg/credentials" "github.com/minio/minio-go/pkg/s3signer" ) @@ -88,46 +86,17 @@ func TestGetBucketLocationRequest(t *testing.T) { // Set UserAgent for the request. c.setUserAgent(req) - // Get credentials from the configured credentials provider. - value, err := c.credsProvider.Get() - if err != nil { - return nil, err - } - - var ( - signerType = value.SignerType - accessKeyID = value.AccessKeyID - secretAccessKey = value.SecretAccessKey - sessionToken = value.SessionToken - ) - - // Custom signer set then override the behavior. - if c.overrideSignerType != credentials.SignatureDefault { - signerType = c.overrideSignerType + // Set sha256 sum for signature calculation only with signature version '4'. + if c.signature.isV4() { + req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{}))) } - // If signerType returned by credentials helper is anonymous, - // then do not sign regardless of signerType override. - if value.SignerType == credentials.SignatureAnonymous { - signerType = credentials.SignatureAnonymous + // Sign the request. + if c.signature.isV4() { + req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1") + } else if c.signature.isV2() { + req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey) } - - // Set sha256 sum for signature calculation only - // with signature version '4'. - switch { - case signerType.IsV4(): - var contentSha256 string - if c.secure { - contentSha256 = unsignedPayload - } else { - contentSha256 = hex.EncodeToString(sum256([]byte{})) - } - req.Header.Set("X-Amz-Content-Sha256", contentSha256) - req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1") - case signerType.IsV2(): - req = s3signer.SignV2(*req, accessKeyID, secretAccessKey) - } - return req, nil } diff --git a/vendor/github.com/minio/minio-go/core_test.go b/vendor/github.com/minio/minio-go/core_test.go index 657ad5260..c7c73d4c7 100644 --- a/vendor/github.com/minio/minio-go/core_test.go +++ b/vendor/github.com/minio/minio-go/core_test.go @@ -19,6 +19,7 @@ package minio import ( "bytes" "crypto/md5" + crand "crypto/rand" "io" "math/rand" @@ -300,7 +301,15 @@ func TestCorePutObject(t *testing.T) { t.Fatal("Error:", err, bucketName) } - buf := bytes.Repeat([]byte("a"), minPartSize) + buf := make([]byte, minPartSize) + + size, err := io.ReadFull(crand.Reader, buf) + if err != nil { + t.Fatal("Error:", err) + } + if size != minPartSize { + t.Fatalf("Error: number of bytes does not match, want %v, got %v\n", minPartSize, size) + } // Save the data objectName := randString(60, rand.NewSource(time.Now().UnixNano()), "") diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/chain.go b/vendor/github.com/minio/minio-go/pkg/credentials/chain.go deleted file mode 100644 index 6b0e57440..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/chain.go +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import "fmt" - -// A Chain will search for a provider which returns credentials -// and cache that provider until Retrieve is called again. -// -// The Chain provides a way of chaining multiple providers together -// which will pick the first available using priority order of the -// Providers in the list. -// -// If none of the Providers retrieve valid credentials Value, ChainProvider's -// Retrieve() will return the error, collecting all errors from all providers. -// -// If a Provider is found which returns valid credentials Value ChainProvider -// will cache that Provider for all calls to IsExpired(), until Retrieve is -// called again. -// -// creds := credentials.NewChainCredentials( -// []credentials.Provider{ -// &credentials.EnvAWSS3{}, -// &credentials.EnvMinio{}, -// }) -// -// // Usage of ChainCredentials. -// mc, err := minio.NewWithCredentials(endpoint, creds, secure, "us-east-1") -// if err != nil { -// log.Fatalln(err) -// } -// -type Chain struct { - Providers []Provider - curr Provider -} - -// NewChainCredentials returns a pointer to a new Credentials object -// wrapping a chain of providers. -func NewChainCredentials(providers []Provider) *Credentials { - return New(&Chain{ - Providers: append([]Provider{}, providers...), - }) -} - -// Retrieve returns the credentials value or error if no provider returned -// without error. -// -// If a provider is found it will be cached and any calls to IsExpired() -// will return the expired state of the cached provider. -func (c *Chain) Retrieve() (Value, error) { - var errs []error - for _, p := range c.Providers { - creds, err := p.Retrieve() - if err != nil { - errs = append(errs, err) - continue - } // Success. - c.curr = p - return creds, nil - } - c.curr = nil - return Value{}, fmt.Errorf("No valid providers found %v", errs) -} - -// IsExpired will returned the expired state of the currently cached provider -// if there is one. If there is no current provider, true will be returned. -func (c *Chain) IsExpired() bool { - if c.curr != nil { - return c.curr.IsExpired() - } - - return true -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/chain_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/chain_test.go deleted file mode 100644 index cb5a6dda5..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/chain_test.go +++ /dev/null @@ -1,137 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "errors" - "testing" -) - -type testCredProvider struct { - creds Value - expired bool - err error -} - -func (s *testCredProvider) Retrieve() (Value, error) { - s.expired = false - return s.creds, s.err -} -func (s *testCredProvider) IsExpired() bool { - return s.expired -} - -func TestChainGet(t *testing.T) { - p := &Chain{ - Providers: []Provider{ - &credProvider{err: errors.New("FirstError")}, - &credProvider{err: errors.New("SecondError")}, - &testCredProvider{ - creds: Value{ - AccessKeyID: "AKIF", - SecretAccessKey: "NOSECRET", - SessionToken: "", - }, - }, - &credProvider{ - creds: Value{ - AccessKeyID: "AKID", - SecretAccessKey: "SECRET", - SessionToken: "", - }, - }, - }, - } - - creds, err := p.Retrieve() - if err != nil { - t.Fatal(err) - } - - // Also check credentials - if creds.AccessKeyID != "AKIF" { - t.Fatalf("Expected 'AKIF', got %s", creds.AccessKeyID) - } - if creds.SecretAccessKey != "NOSECRET" { - t.Fatalf("Expected 'NOSECRET', got %s", creds.SecretAccessKey) - } - if creds.SessionToken != "" { - t.Fatalf("Expected empty token, got %s", creds.SessionToken) - } -} - -func TestChainIsExpired(t *testing.T) { - credProvider := &credProvider{expired: true} - p := &Chain{ - Providers: []Provider{ - credProvider, - }, - } - - if !p.IsExpired() { - t.Fatal("Expected expired to be true before any Retrieve") - } - - _, err := p.Retrieve() - if err != nil { - t.Fatal(err) - } - - if p.IsExpired() { - t.Fatal("Expected to be not expired after Retrieve") - } -} - -func TestChainWithNoProvider(t *testing.T) { - p := &Chain{ - Providers: []Provider{}, - } - if !p.IsExpired() { - t.Fatal("Expected to be expired with no providers") - } - _, err := p.Retrieve() - if err != nil { - if err.Error() != "No valid providers found []" { - t.Error(err) - } - } -} - -func TestChainProviderWithNoValidProvider(t *testing.T) { - errs := []error{ - errors.New("FirstError"), - errors.New("SecondError"), - } - p := &Chain{ - Providers: []Provider{ - &credProvider{err: errs[0]}, - &credProvider{err: errs[1]}, - }, - } - - if !p.IsExpired() { - t.Fatal("Expected to be expired with no providers") - } - - _, err := p.Retrieve() - if err != nil { - if err.Error() != "No valid providers found [FirstError SecondError]" { - t.Error(err) - } - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/config.json.sample b/vendor/github.com/minio/minio-go/pkg/credentials/config.json.sample deleted file mode 100644 index 130746f4b..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/config.json.sample +++ /dev/null @@ -1,17 +0,0 @@ -{ - "version": "8", - "hosts": { - "play": { - "url": "https://play.minio.io:9000", - "accessKey": "Q3AM3UQ867SPQQA43P2F", - "secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG", - "api": "S3v2" - }, - "s3": { - "url": "https://s3.amazonaws.com", - "accessKey": "accessKey", - "secretKey": "secret", - "api": "S3v4" - } - } -}
\ No newline at end of file diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/credentials.go b/vendor/github.com/minio/minio-go/pkg/credentials/credentials.go deleted file mode 100644 index cc3000532..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/credentials.go +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "sync" - "time" -) - -// A Value is the AWS credentials value for individual credential fields. -type Value struct { - // AWS Access key ID - AccessKeyID string - - // AWS Secret Access Key - SecretAccessKey string - - // AWS Session Token - SessionToken string - - // Signature Type. - SignerType SignatureType -} - -// A Provider is the interface for any component which will provide credentials -// Value. A provider is required to manage its own Expired state, and what to -// be expired means. -type Provider interface { - // Retrieve returns nil if it successfully retrieved the value. - // Error is returned if the value were not obtainable, or empty. - Retrieve() (Value, error) - - // IsExpired returns if the credentials are no longer valid, and need - // to be retrieved. - IsExpired() bool -} - -// A Expiry provides shared expiration logic to be used by credentials -// providers to implement expiry functionality. -// -// The best method to use this struct is as an anonymous field within the -// provider's struct. -// -// Example: -// type IAMCredentialProvider struct { -// Expiry -// ... -// } -type Expiry struct { - // The date/time when to expire on - expiration time.Time - - // If set will be used by IsExpired to determine the current time. - // Defaults to time.Now if CurrentTime is not set. - CurrentTime func() time.Time -} - -// SetExpiration sets the expiration IsExpired will check when called. -// -// If window is greater than 0 the expiration time will be reduced by the -// window value. -// -// Using a window is helpful to trigger credentials to expire sooner than -// the expiration time given to ensure no requests are made with expired -// tokens. -func (e *Expiry) SetExpiration(expiration time.Time, window time.Duration) { - e.expiration = expiration - if window > 0 { - e.expiration = e.expiration.Add(-window) - } -} - -// IsExpired returns if the credentials are expired. -func (e *Expiry) IsExpired() bool { - if e.CurrentTime == nil { - e.CurrentTime = time.Now - } - return e.expiration.Before(e.CurrentTime()) -} - -// Credentials - A container for synchronous safe retrieval of credentials Value. -// Credentials will cache the credentials value until they expire. Once the value -// expires the next Get will attempt to retrieve valid credentials. -// -// Credentials is safe to use across multiple goroutines and will manage the -// synchronous state so the Providers do not need to implement their own -// synchronization. -// -// The first Credentials.Get() will always call Provider.Retrieve() to get the -// first instance of the credentials Value. All calls to Get() after that -// will return the cached credentials Value until IsExpired() returns true. -type Credentials struct { - sync.Mutex - - creds Value - forceRefresh bool - provider Provider -} - -// New returns a pointer to a new Credentials with the provider set. -func New(provider Provider) *Credentials { - return &Credentials{ - provider: provider, - forceRefresh: true, - } -} - -// Get returns the credentials value, or error if the credentials Value failed -// to be retrieved. -// -// Will return the cached credentials Value if it has not expired. If the -// credentials Value has expired the Provider's Retrieve() will be called -// to refresh the credentials. -// -// If Credentials.Expire() was called the credentials Value will be force -// expired, and the next call to Get() will cause them to be refreshed. -func (c *Credentials) Get() (Value, error) { - c.Lock() - defer c.Unlock() - - if c.isExpired() { - creds, err := c.provider.Retrieve() - if err != nil { - return Value{}, err - } - c.creds = creds - c.forceRefresh = false - } - - return c.creds, nil -} - -// Expire expires the credentials and forces them to be retrieved on the -// next call to Get(). -// -// This will override the Provider's expired state, and force Credentials -// to call the Provider's Retrieve(). -func (c *Credentials) Expire() { - c.Lock() - defer c.Unlock() - - c.forceRefresh = true -} - -// IsExpired returns if the credentials are no longer valid, and need -// to be refreshed. -// -// If the Credentials were forced to be expired with Expire() this will -// reflect that override. -func (c *Credentials) IsExpired() bool { - c.Lock() - defer c.Unlock() - - return c.isExpired() -} - -// isExpired helper method wrapping the definition of expired credentials. -func (c *Credentials) isExpired() bool { - return c.forceRefresh || c.provider.IsExpired() -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/credentials.sample b/vendor/github.com/minio/minio-go/pkg/credentials/credentials.sample deleted file mode 100644 index 7fc91d9d2..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/credentials.sample +++ /dev/null @@ -1,12 +0,0 @@ -[default] -aws_access_key_id = accessKey -aws_secret_access_key = secret -aws_session_token = token - -[no_token] -aws_access_key_id = accessKey -aws_secret_access_key = secret - -[with_colon] -aws_access_key_id: accessKey -aws_secret_access_key: secret diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/credentials_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/credentials_test.go deleted file mode 100644 index cbfb673b7..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/credentials_test.go +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "errors" - "testing" -) - -type credProvider struct { - creds Value - expired bool - err error -} - -func (s *credProvider) Retrieve() (Value, error) { - s.expired = false - return s.creds, s.err -} -func (s *credProvider) IsExpired() bool { - return s.expired -} - -func TestCredentialsGet(t *testing.T) { - c := New(&credProvider{ - creds: Value{ - AccessKeyID: "UXHW", - SecretAccessKey: "MYSECRET", - SessionToken: "", - }, - expired: true, - }) - - creds, err := c.Get() - if err != nil { - t.Fatal(err) - } - if "UXHW" != creds.AccessKeyID { - t.Errorf("Expected \"UXHW\", got %s", creds.AccessKeyID) - } - if "MYSECRET" != creds.SecretAccessKey { - t.Errorf("Expected \"MYSECRET\", got %s", creds.SecretAccessKey) - } - if creds.SessionToken != "" { - t.Errorf("Expected session token to be empty, got %s", creds.SessionToken) - } -} - -func TestCredentialsGetWithError(t *testing.T) { - c := New(&credProvider{err: errors.New("Custom error")}) - - _, err := c.Get() - if err != nil { - if err.Error() != "Custom error" { - t.Errorf("Expected \"Custom error\", got %s", err.Error()) - } - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/doc.go b/vendor/github.com/minio/minio-go/pkg/credentials/doc.go deleted file mode 100644 index fa1908aeb..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/doc.go +++ /dev/null @@ -1,45 +0,0 @@ -// Package credentials provides credential retrieval and management -// for S3 compatible object storage. -// -// By default the Credentials.Get() will cache the successful result of a -// Provider's Retrieve() until Provider.IsExpired() returns true. At which -// point Credentials will call Provider's Retrieve() to get new credential Value. -// -// The Provider is responsible for determining when credentials have expired. -// It is also important to note that Credentials will always call Retrieve the -// first time Credentials.Get() is called. -// -// Example of using the environment variable credentials. -// -// creds := NewFromEnv() -// // Retrieve the credentials value -// credValue, err := creds.Get() -// if err != nil { -// // handle error -// } -// -// Example of forcing credentials to expire and be refreshed on the next Get(). -// This may be helpful to proactively expire credentials and refresh them sooner -// than they would naturally expire on their own. -// -// creds := NewFromIAM("") -// creds.Expire() -// credsValue, err := creds.Get() -// // New credentials will be retrieved instead of from cache. -// -// -// Custom Provider -// -// Each Provider built into this package also provides a helper method to generate -// a Credentials pointer setup with the provider. To use a custom Provider just -// create a type which satisfies the Provider interface and pass it to the -// NewCredentials method. -// -// type MyProvider struct{} -// func (m *MyProvider) Retrieve() (Value, error) {...} -// func (m *MyProvider) IsExpired() bool {...} -// -// creds := NewCredentials(&MyProvider{}) -// credValue, err := creds.Get() -// -package credentials diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/env_aws.go b/vendor/github.com/minio/minio-go/pkg/credentials/env_aws.go deleted file mode 100644 index 11934433c..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/env_aws.go +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import "os" - -// A EnvAWS retrieves credentials from the environment variables of the -// running process. EnvAWSironment credentials never expire. -// -// EnvAWSironment variables used: -// -// * Access Key ID: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY. -// * Secret Access Key: AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY. -// * Secret Token: AWS_SESSION_TOKEN. -type EnvAWS struct { - retrieved bool -} - -// NewEnvAWS returns a pointer to a new Credentials object -// wrapping the environment variable provider. -func NewEnvAWS() *Credentials { - return New(&EnvAWS{}) -} - -// Retrieve retrieves the keys from the environment. -func (e *EnvAWS) Retrieve() (Value, error) { - e.retrieved = false - - id := os.Getenv("AWS_ACCESS_KEY_ID") - if id == "" { - id = os.Getenv("AWS_ACCESS_KEY") - } - - secret := os.Getenv("AWS_SECRET_ACCESS_KEY") - if secret == "" { - secret = os.Getenv("AWS_SECRET_KEY") - } - - signerType := SignatureV4 - if id == "" || secret == "" { - signerType = SignatureAnonymous - } - - e.retrieved = true - return Value{ - AccessKeyID: id, - SecretAccessKey: secret, - SessionToken: os.Getenv("AWS_SESSION_TOKEN"), - SignerType: signerType, - }, nil -} - -// IsExpired returns if the credentials have been retrieved. -func (e *EnvAWS) IsExpired() bool { - return !e.retrieved -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/env_minio.go b/vendor/github.com/minio/minio-go/pkg/credentials/env_minio.go deleted file mode 100644 index 791087ef5..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/env_minio.go +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import "os" - -// A EnvMinio retrieves credentials from the environment variables of the -// running process. EnvMinioironment credentials never expire. -// -// EnvMinioironment variables used: -// -// * Access Key ID: MINIO_ACCESS_KEY. -// * Secret Access Key: MINIO_SECRET_KEY. -type EnvMinio struct { - retrieved bool -} - -// NewEnvMinio returns a pointer to a new Credentials object -// wrapping the environment variable provider. -func NewEnvMinio() *Credentials { - return New(&EnvMinio{}) -} - -// Retrieve retrieves the keys from the environment. -func (e *EnvMinio) Retrieve() (Value, error) { - e.retrieved = false - - id := os.Getenv("MINIO_ACCESS_KEY") - secret := os.Getenv("MINIO_SECRET_KEY") - - signerType := SignatureV4 - if id == "" || secret == "" { - signerType = SignatureAnonymous - } - - e.retrieved = true - return Value{ - AccessKeyID: id, - SecretAccessKey: secret, - SignerType: signerType, - }, nil -} - -// IsExpired returns if the credentials have been retrieved. -func (e *EnvMinio) IsExpired() bool { - return !e.retrieved -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/env_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/env_test.go deleted file mode 100644 index 2f72bea40..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/env_test.go +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "os" - "reflect" - "testing" -) - -func TestEnvAWSRetrieve(t *testing.T) { - os.Clearenv() - os.Setenv("AWS_ACCESS_KEY_ID", "access") - os.Setenv("AWS_SECRET_ACCESS_KEY", "secret") - os.Setenv("AWS_SESSION_TOKEN", "token") - - e := EnvAWS{} - if !e.IsExpired() { - t.Error("Expect creds to be expired before retrieve.") - } - - creds, err := e.Retrieve() - if err != nil { - t.Fatal(err) - } - - expectedCreds := Value{ - AccessKeyID: "access", - SecretAccessKey: "secret", - SessionToken: "token", - SignerType: SignatureV4, - } - if !reflect.DeepEqual(creds, expectedCreds) { - t.Errorf("Expected %v, got %v", expectedCreds, creds) - } - - if e.IsExpired() { - t.Error("Expect creds to not be expired after retrieve.") - } - - os.Clearenv() - os.Setenv("AWS_ACCESS_KEY", "access") - os.Setenv("AWS_SECRET_KEY", "secret") - - expectedCreds = Value{ - AccessKeyID: "access", - SecretAccessKey: "secret", - SignerType: SignatureV4, - } - - creds, err = e.Retrieve() - if err != nil { - t.Fatal(err) - } - - if !reflect.DeepEqual(creds, expectedCreds) { - t.Errorf("Expected %v, got %v", expectedCreds, creds) - } - -} - -func TestEnvMinioRetrieve(t *testing.T) { - os.Clearenv() - - os.Setenv("MINIO_ACCESS_KEY", "access") - os.Setenv("MINIO_SECRET_KEY", "secret") - - e := EnvMinio{} - if !e.IsExpired() { - t.Error("Expect creds to be expired before retrieve.") - } - - creds, err := e.Retrieve() - if err != nil { - t.Fatal(err) - } - - expectedCreds := Value{ - AccessKeyID: "access", - SecretAccessKey: "secret", - SignerType: SignatureV4, - } - if !reflect.DeepEqual(creds, expectedCreds) { - t.Errorf("Expected %v, got %v", expectedCreds, creds) - } - - if e.IsExpired() { - t.Error("Expect creds to not be expired after retrieve.") - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/file_aws_credentials.go b/vendor/github.com/minio/minio-go/pkg/credentials/file_aws_credentials.go deleted file mode 100644 index 1be621385..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/file_aws_credentials.go +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "os" - "path/filepath" - - "github.com/go-ini/ini" - homedir "github.com/minio/go-homedir" -) - -// A FileAWSCredentials retrieves credentials from the current user's home -// directory, and keeps track if those credentials are expired. -// -// Profile ini file example: $HOME/.aws/credentials -type FileAWSCredentials struct { - // Path to the shared credentials file. - // - // If empty will look for "AWS_SHARED_CREDENTIALS_FILE" env variable. If the - // env value is empty will default to current user's home directory. - // Linux/OSX: "$HOME/.aws/credentials" - // Windows: "%USERPROFILE%\.aws\credentials" - filename string - - // AWS Profile to extract credentials from the shared credentials file. If empty - // will default to environment variable "AWS_PROFILE" or "default" if - // environment variable is also not set. - profile string - - // retrieved states if the credentials have been successfully retrieved. - retrieved bool -} - -// NewFileAWSCredentials returns a pointer to a new Credentials object -// wrapping the Profile file provider. -func NewFileAWSCredentials(filename string, profile string) *Credentials { - return New(&FileAWSCredentials{ - filename: filename, - profile: profile, - }) -} - -// Retrieve reads and extracts the shared credentials from the current -// users home directory. -func (p *FileAWSCredentials) Retrieve() (Value, error) { - if p.filename == "" { - p.filename = os.Getenv("AWS_SHARED_CREDENTIALS_FILE") - if p.filename == "" { - homeDir, err := homedir.Dir() - if err != nil { - return Value{}, err - } - p.filename = filepath.Join(homeDir, ".aws", "credentials") - } - } - if p.profile == "" { - p.profile = os.Getenv("AWS_PROFILE") - if p.profile == "" { - p.profile = "default" - } - } - - p.retrieved = false - - iniProfile, err := loadProfile(p.filename, p.profile) - if err != nil { - return Value{}, err - } - - // Default to empty string if not found. - id := iniProfile.Key("aws_access_key_id") - // Default to empty string if not found. - secret := iniProfile.Key("aws_secret_access_key") - // Default to empty string if not found. - token := iniProfile.Key("aws_session_token") - - p.retrieved = true - return Value{ - AccessKeyID: id.String(), - SecretAccessKey: secret.String(), - SessionToken: token.String(), - SignerType: SignatureV4, - }, nil -} - -// IsExpired returns if the shared credentials have expired. -func (p *FileAWSCredentials) IsExpired() bool { - return !p.retrieved -} - -// loadProfiles loads from the file pointed to by shared credentials filename for profile. -// The credentials retrieved from the profile will be returned or error. Error will be -// returned if it fails to read from the file, or the data is invalid. -func loadProfile(filename, profile string) (*ini.Section, error) { - config, err := ini.Load(filename) - if err != nil { - return nil, err - } - iniProfile, err := config.GetSection(profile) - if err != nil { - return nil, err - } - return iniProfile, nil -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/file_minio_client.go b/vendor/github.com/minio/minio-go/pkg/credentials/file_minio_client.go deleted file mode 100644 index 9e26dd302..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/file_minio_client.go +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "encoding/json" - "io/ioutil" - "os" - "path/filepath" - "runtime" - - homedir "github.com/minio/go-homedir" -) - -// A FileMinioClient retrieves credentials from the current user's home -// directory, and keeps track if those credentials are expired. -// -// Configuration file example: $HOME/.mc/config.json -type FileMinioClient struct { - // Path to the shared credentials file. - // - // If empty will look for "MINIO_SHARED_CREDENTIALS_FILE" env variable. If the - // env value is empty will default to current user's home directory. - // Linux/OSX: "$HOME/.mc/config.json" - // Windows: "%USERALIAS%\mc\config.json" - filename string - - // Minio Alias to extract credentials from the shared credentials file. If empty - // will default to environment variable "MINIO_ALIAS" or "default" if - // environment variable is also not set. - alias string - - // retrieved states if the credentials have been successfully retrieved. - retrieved bool -} - -// NewFileMinioClient returns a pointer to a new Credentials object -// wrapping the Alias file provider. -func NewFileMinioClient(filename string, alias string) *Credentials { - return New(&FileMinioClient{ - filename: filename, - alias: alias, - }) -} - -// Retrieve reads and extracts the shared credentials from the current -// users home directory. -func (p *FileMinioClient) Retrieve() (Value, error) { - if p.filename == "" { - homeDir, err := homedir.Dir() - if err != nil { - return Value{}, err - } - p.filename = filepath.Join(homeDir, ".mc", "config.json") - if runtime.GOOS == "windows" { - p.filename = filepath.Join(homeDir, "mc", "config.json") - } - } - - if p.alias == "" { - p.alias = os.Getenv("MINIO_ALIAS") - if p.alias == "" { - p.alias = "s3" - } - } - - p.retrieved = false - - hostCfg, err := loadAlias(p.filename, p.alias) - if err != nil { - return Value{}, err - } - - p.retrieved = true - return Value{ - AccessKeyID: hostCfg.AccessKey, - SecretAccessKey: hostCfg.SecretKey, - SignerType: parseSignatureType(hostCfg.API), - }, nil -} - -// IsExpired returns if the shared credentials have expired. -func (p *FileMinioClient) IsExpired() bool { - return !p.retrieved -} - -// hostConfig configuration of a host. -type hostConfig struct { - URL string `json:"url"` - AccessKey string `json:"accessKey"` - SecretKey string `json:"secretKey"` - API string `json:"api"` -} - -// config config version. -type config struct { - Version string `json:"version"` - Hosts map[string]hostConfig `json:"hosts"` -} - -// loadAliass loads from the file pointed to by shared credentials filename for alias. -// The credentials retrieved from the alias will be returned or error. Error will be -// returned if it fails to read from the file. -func loadAlias(filename, alias string) (hostConfig, error) { - cfg := &config{} - configBytes, err := ioutil.ReadFile(filename) - if err != nil { - return hostConfig{}, err - } - if err = json.Unmarshal(configBytes, cfg); err != nil { - return hostConfig{}, err - } - return cfg.Hosts[alias], nil -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/file_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/file_test.go deleted file mode 100644 index c62c53365..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/file_test.go +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "os" - "path/filepath" - "testing" -) - -func TestFileAWS(t *testing.T) { - os.Clearenv() - - creds := NewFileAWSCredentials("credentials.sample", "") - credValues, err := creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - if credValues.SessionToken != "token" { - t.Errorf("Expected 'token', got %s'", credValues.SessionToken) - } - - os.Setenv("AWS_SHARED_CREDENTIALS_FILE", "credentials.sample") - creds = NewFileAWSCredentials("", "") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - if credValues.SessionToken != "token" { - t.Errorf("Expected 'token', got %s'", credValues.SessionToken) - } - - wd, err := os.Getwd() - if err != nil { - t.Fatal(err) - } - - os.Setenv("AWS_SHARED_CREDENTIALS_FILE", filepath.Join(wd, "credentials.sample")) - creds = NewFileAWSCredentials("", "") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - if credValues.SessionToken != "token" { - t.Errorf("Expected 'token', got %s'", credValues.SessionToken) - } - - os.Clearenv() - os.Setenv("AWS_PROFILE", "no_token") - - creds = NewFileAWSCredentials("credentials.sample", "") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - - os.Clearenv() - - creds = NewFileAWSCredentials("credentials.sample", "no_token") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - - creds = NewFileAWSCredentials("credentials-non-existent.sample", "no_token") - _, err = creds.Get() - if !os.IsNotExist(err) { - t.Errorf("Expected open non-existent.json: no such file or directory, got %s", err) - } - if !creds.IsExpired() { - t.Error("Should be expired if not loaded") - } -} - -func TestFileMinioClient(t *testing.T) { - os.Clearenv() - - creds := NewFileMinioClient("config.json.sample", "") - credValues, err := creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "accessKey" { - t.Errorf("Expected 'accessKey', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "secret" { - t.Errorf("Expected 'secret', got %s'", credValues.SecretAccessKey) - } - if credValues.SignerType != SignatureV4 { - t.Errorf("Expected 'S3v4', got %s'", credValues.SignerType) - } - - os.Clearenv() - os.Setenv("MINIO_ALIAS", "play") - - creds = NewFileMinioClient("config.json.sample", "") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "Q3AM3UQ867SPQQA43P2F" { - t.Errorf("Expected 'Q3AM3UQ867SPQQA43P2F', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG" { - t.Errorf("Expected 'zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG', got %s'", credValues.SecretAccessKey) - } - if credValues.SignerType != SignatureV2 { - t.Errorf("Expected 'S3v2', got %s'", credValues.SignerType) - } - - os.Clearenv() - - creds = NewFileMinioClient("config.json.sample", "play") - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if credValues.AccessKeyID != "Q3AM3UQ867SPQQA43P2F" { - t.Errorf("Expected 'Q3AM3UQ867SPQQA43P2F', got %s'", credValues.AccessKeyID) - } - if credValues.SecretAccessKey != "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG" { - t.Errorf("Expected 'zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG', got %s'", credValues.SecretAccessKey) - } - if credValues.SignerType != SignatureV2 { - t.Errorf("Expected 'S3v2', got %s'", credValues.SignerType) - } - - creds = NewFileMinioClient("non-existent.json", "play") - _, err = creds.Get() - if !os.IsNotExist(err) { - t.Errorf("Expected open non-existent.json: no such file or directory, got %s", err) - } - if !creds.IsExpired() { - t.Error("Should be expired if not loaded") - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws.go b/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws.go deleted file mode 100644 index ee24a213b..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws.go +++ /dev/null @@ -1,196 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import ( - "bufio" - "encoding/json" - "errors" - "net/http" - "net/url" - "path" - "time" -) - -// DefaultExpiryWindow - Default expiry window. -// ExpiryWindow will allow the credentials to trigger refreshing -// prior to the credentials actually expiring. This is beneficial -// so race conditions with expiring credentials do not cause -// request to fail unexpectedly due to ExpiredTokenException exceptions. -const DefaultExpiryWindow = time.Second * 10 // 10 secs - -// A IAM retrieves credentials from the EC2 service, and keeps track if -// those credentials are expired. -type IAM struct { - Expiry - - // Required http Client to use when connecting to IAM metadata service. - Client *http.Client - - // Custom endpoint in place of - endpoint string -} - -// redirectHeaders copies all headers when following a redirect URL. -// This won't be needed anymore from go 1.8 (https://github.com/golang/go/issues/4800) -func redirectHeaders(req *http.Request, via []*http.Request) error { - if len(via) == 0 { - return nil - } - for key, val := range via[0].Header { - req.Header[key] = val - } - return nil -} - -// NewIAM returns a pointer to a new Credentials object wrapping -// the IAM. Takes a ConfigProvider to create a EC2Metadata client. -// The ConfigProvider is satisfied by the session.Session type. -func NewIAM(endpoint string) *Credentials { - if endpoint == "" { - // IAM Roles for Amazon EC2 - // http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html - endpoint = "http://169.254.169.254" - } - p := &IAM{ - Client: &http.Client{ - Transport: http.DefaultTransport, - CheckRedirect: redirectHeaders, - }, - endpoint: endpoint, - } - return New(p) -} - -// Retrieve retrieves credentials from the EC2 service. -// Error will be returned if the request fails, or unable to extract -// the desired -func (m *IAM) Retrieve() (Value, error) { - credsList, err := requestCredList(m.Client, m.endpoint) - if err != nil { - return Value{}, err - } - - if len(credsList) == 0 { - return Value{}, errors.New("empty EC2 Role list") - } - credsName := credsList[0] - - roleCreds, err := requestCred(m.Client, m.endpoint, credsName) - if err != nil { - return Value{}, err - } - - // Expiry window is set to 10secs. - m.SetExpiration(roleCreds.Expiration, DefaultExpiryWindow) - - return Value{ - AccessKeyID: roleCreds.AccessKeyID, - SecretAccessKey: roleCreds.SecretAccessKey, - SessionToken: roleCreds.Token, - SignerType: SignatureV4, - }, nil -} - -// A ec2RoleCredRespBody provides the shape for unmarshaling credential -// request responses. -type ec2RoleCredRespBody struct { - // Success State - Expiration time.Time - AccessKeyID string - SecretAccessKey string - Token string - - // Error state - Code string - Message string -} - -const iamSecurityCredsPath = "/latest/meta-data/iam/security-credentials" - -// requestCredList requests a list of credentials from the EC2 service. -// If there are no credentials, or there is an error making or receiving the request -func requestCredList(client *http.Client, endpoint string) ([]string, error) { - u, err := url.Parse(endpoint) - if err != nil { - return nil, err - } - u.Path = iamSecurityCredsPath - req, err := http.NewRequest("GET", u.String(), nil) - if err != nil { - return nil, err - } - resp, err := client.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - return nil, errors.New(resp.Status) - } - - credsList := []string{} - s := bufio.NewScanner(resp.Body) - for s.Scan() { - credsList = append(credsList, s.Text()) - } - - if err := s.Err(); err != nil { - return nil, err - } - - return credsList, nil -} - -// requestCred requests the credentials for a specific credentials from the EC2 service. -// -// If the credentials cannot be found, or there is an error reading the response -// and error will be returned. -func requestCred(client *http.Client, endpoint string, credsName string) (ec2RoleCredRespBody, error) { - u, err := url.Parse(endpoint) - if err != nil { - return ec2RoleCredRespBody{}, err - } - - u.Path = path.Join(iamSecurityCredsPath, credsName) - req, err := http.NewRequest("GET", u.String(), nil) - if err != nil { - return ec2RoleCredRespBody{}, err - } - - resp, err := client.Do(req) - if err != nil { - return ec2RoleCredRespBody{}, err - } - defer resp.Body.Close() - if resp.StatusCode != http.StatusOK { - return ec2RoleCredRespBody{}, errors.New(resp.Status) - } - - respCreds := ec2RoleCredRespBody{} - if err := json.NewDecoder(resp.Body).Decode(&respCreds); err != nil { - return ec2RoleCredRespBody{}, err - } - - if respCreds.Code != "Success" { - // If an error code was returned something failed requesting the role. - return ec2RoleCredRespBody{}, errors.New(respCreds.Message) - } - - return respCreds, nil -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws_test.go deleted file mode 100644 index 19553945d..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/iam_aws_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package credentials - -import ( - "fmt" - "net/http" - "net/http/httptest" - "testing" - "time" -) - -const credsRespTmpl = `{ - "Code": "Success", - "Type": "AWS-HMAC", - "AccessKeyId" : "accessKey", - "SecretAccessKey" : "secret", - "Token" : "token", - "Expiration" : "%s", - "LastUpdated" : "2009-11-23T0:00:00Z" -}` - -const credsFailRespTmpl = `{ - "Code": "ErrorCode", - "Message": "ErrorMsg", - "LastUpdated": "2009-11-23T0:00:00Z" -}` - -func initTestFailServer() *httptest.Server { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - http.Error(w, "Not allowed", http.StatusBadRequest) - })) - return server -} - -func initTestServerNoRoles() *httptest.Server { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("")) - })) - return server -} - -func initTestServer(expireOn string, failAssume bool) *httptest.Server { - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/latest/meta-data/iam/security-credentials" { - fmt.Fprintln(w, "RoleName") - } else if r.URL.Path == "/latest/meta-data/iam/security-credentials/RoleName" { - if failAssume { - fmt.Fprintf(w, credsFailRespTmpl) - } else { - fmt.Fprintf(w, credsRespTmpl, expireOn) - } - } else { - http.Error(w, "bad request", http.StatusBadRequest) - } - })) - - return server -} - -func TestIAMMalformedEndpoint(t *testing.T) { - creds := NewIAM("%%%%") - _, err := creds.Get() - if err == nil { - t.Fatal("Unexpected should fail here") - } - if err.Error() != `parse %%%%: invalid URL escape "%%%"` { - t.Fatalf("Expected parse %%%%%%%%: invalid URL escape \"%%%%%%\", got %s", err) - } -} - -func TestIAMFailServer(t *testing.T) { - server := initTestFailServer() - defer server.Close() - - creds := NewIAM(server.URL) - - _, err := creds.Get() - if err == nil { - t.Fatal("Unexpected should fail here") - } - if err.Error() != "400 Bad Request" { - t.Fatalf("Expected '400 Bad Request', got %s", err) - } -} - -func TestIAMNoRoles(t *testing.T) { - server := initTestServerNoRoles() - defer server.Close() - - creds := NewIAM(server.URL) - _, err := creds.Get() - if err == nil { - t.Fatal("Unexpected should fail here") - } - if err.Error() != "empty EC2 Role list" { - t.Fatalf("Expected 'empty EC2 Role list', got %s", err) - } -} - -func TestIAM(t *testing.T) { - server := initTestServer("2014-12-16T01:51:37Z", false) - defer server.Close() - - p := &IAM{ - Client: http.DefaultClient, - endpoint: server.URL, - } - - creds, err := p.Retrieve() - if err != nil { - t.Fatal(err) - } - - if "accessKey" != creds.AccessKeyID { - t.Errorf("Expected \"accessKey\", got %s", creds.AccessKeyID) - } - - if "secret" != creds.SecretAccessKey { - t.Errorf("Expected \"secret\", got %s", creds.SecretAccessKey) - } - - if "token" != creds.SessionToken { - t.Errorf("Expected \"token\", got %s", creds.SessionToken) - } - - if !p.IsExpired() { - t.Error("Expected creds to be expired.") - } -} - -func TestIAMFailAssume(t *testing.T) { - server := initTestServer("2014-12-16T01:51:37Z", true) - defer server.Close() - - p := &IAM{ - Client: http.DefaultClient, - endpoint: server.URL, - } - - _, err := p.Retrieve() - if err == nil { - t.Fatal("Unexpected success, should fail") - } - if err.Error() != "ErrorMsg" { - t.Errorf("Expected \"ErrorMsg\", got %s", err) - } -} - -func TestIAMIsExpired(t *testing.T) { - server := initTestServer("2014-12-16T01:51:37Z", false) - defer server.Close() - - p := &IAM{ - Client: http.DefaultClient, - endpoint: server.URL, - } - p.CurrentTime = func() time.Time { - return time.Date(2014, 12, 15, 21, 26, 0, 0, time.UTC) - } - - if !p.IsExpired() { - t.Error("Expected creds to be expired before retrieve.") - } - - _, err := p.Retrieve() - if err != nil { - t.Fatal(err) - } - - if p.IsExpired() { - t.Error("Expected creds to not be expired after retrieve.") - } - - p.CurrentTime = func() time.Time { - return time.Date(3014, 12, 15, 21, 26, 0, 0, time.UTC) - } - - if !p.IsExpired() { - t.Error("Expected creds to be expired when curren time has changed") - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/signature-type.go b/vendor/github.com/minio/minio-go/pkg/credentials/signature-type.go deleted file mode 100644 index c64ad6c23..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/signature-type.go +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import "strings" - -// SignatureType is type of Authorization requested for a given HTTP request. -type SignatureType int - -// Different types of supported signatures - default is SignatureV4 or SignatureDefault. -const ( - // SignatureDefault is always set to v4. - SignatureDefault SignatureType = iota - SignatureV4 - SignatureV2 - SignatureV4Streaming - SignatureAnonymous // Anonymous signature signifies, no signature. -) - -// IsV2 - is signature SignatureV2? -func (s SignatureType) IsV2() bool { - return s == SignatureV2 -} - -// IsV4 - is signature SignatureV4? -func (s SignatureType) IsV4() bool { - return s == SignatureV4 || s == SignatureDefault -} - -// IsStreamingV4 - is signature SignatureV4Streaming? -func (s SignatureType) IsStreamingV4() bool { - return s == SignatureV4Streaming -} - -// IsAnonymous - is signature empty? -func (s SignatureType) IsAnonymous() bool { - return s == SignatureAnonymous -} - -// Stringer humanized version of signature type, -// strings returned here are case insensitive. -func (s SignatureType) String() string { - if s.IsV2() { - return "S3v2" - } else if s.IsV4() { - return "S3v4" - } else if s.IsStreamingV4() { - return "S3v4Streaming" - } - return "Anonymous" -} - -func parseSignatureType(str string) SignatureType { - if strings.EqualFold(str, "S3v4") { - return SignatureV4 - } else if strings.EqualFold(str, "S3v2") { - return SignatureV2 - } else if strings.EqualFold(str, "S3v4Streaming") { - return SignatureV4Streaming - } - return SignatureAnonymous -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/static.go b/vendor/github.com/minio/minio-go/pkg/credentials/static.go deleted file mode 100644 index 25aff5696..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/static.go +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -// A Static is a set of credentials which are set programmatically, -// and will never expire. -type Static struct { - Value -} - -// NewStaticV2 returns a pointer to a new Credentials object -// wrapping a static credentials value provider, signature is -// set to v2. If access and secret are not specified then -// regardless of signature type set it Value will return -// as anonymous. -func NewStaticV2(id, secret, token string) *Credentials { - return NewStatic(id, secret, token, SignatureV2) -} - -// NewStaticV4 is similar to NewStaticV2 with similar considerations. -func NewStaticV4(id, secret, token string) *Credentials { - return NewStatic(id, secret, token, SignatureV4) -} - -// NewStatic returns a pointer to a new Credentials object -// wrapping a static credentials value provider. -func NewStatic(id, secret, token string, signerType SignatureType) *Credentials { - return New(&Static{ - Value: Value{ - AccessKeyID: id, - SecretAccessKey: secret, - SessionToken: token, - SignerType: signerType, - }, - }) -} - -// Retrieve returns the static credentials. -func (s *Static) Retrieve() (Value, error) { - if s.AccessKeyID == "" || s.SecretAccessKey == "" { - // Anonymous is not an error - return Value{SignerType: SignatureAnonymous}, nil - } - return s.Value, nil -} - -// IsExpired returns if the credentials are expired. -// -// For Static, the credentials never expired. -func (s *Static) IsExpired() bool { - return false -} diff --git a/vendor/github.com/minio/minio-go/pkg/credentials/static_test.go b/vendor/github.com/minio/minio-go/pkg/credentials/static_test.go deleted file mode 100644 index 491b1554b..000000000 --- a/vendor/github.com/minio/minio-go/pkg/credentials/static_test.go +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Minio Go Library for Amazon S3 Compatible Cloud Storage - * (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package credentials - -import "testing" - -func TestStaticGet(t *testing.T) { - creds := NewStatic("UXHW", "SECRET", "", SignatureV4) - credValues, err := creds.Get() - if err != nil { - t.Fatal(err) - } - - if "UXHW" != credValues.AccessKeyID { - t.Errorf("Expected access key ID to match \"UXHW\", got %s", credValues.AccessKeyID) - } - if "SECRET" != credValues.SecretAccessKey { - t.Errorf("Expected secret access key to match \"SECRET\", got %s", credValues.SecretAccessKey) - } - - if credValues.SessionToken != "" { - t.Error("Expected session token to match") - } - - if credValues.SignerType != SignatureV4 { - t.Errorf("Expected 'S3v4', got %s", credValues.SignerType) - } - - if creds.IsExpired() { - t.Error("Static credentials should never expire") - } - - creds = NewStatic("", "", "", SignatureDefault) - credValues, err = creds.Get() - if err != nil { - t.Fatal(err) - } - - if "" != credValues.AccessKeyID { - t.Errorf("Expected access key ID to match empty string, got %s", credValues.AccessKeyID) - } - if "" != credValues.SecretAccessKey { - t.Errorf("Expected secret access key to match empty string, got %s", credValues.SecretAccessKey) - } - - if !credValues.SignerType.IsAnonymous() { - t.Errorf("Expected 'Anonymous', got %s", credValues.SignerType) - } - - if creds.IsExpired() { - t.Error("Static credentials should never expire") - } -} diff --git a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming.go b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming.go index c2f0baee6..755fd1ac5 100644 --- a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming.go +++ b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming.go @@ -92,12 +92,9 @@ func buildChunkStringToSign(t time.Time, region, previousSig string, chunkData [ // prepareStreamingRequest - prepares a request with appropriate // headers before computing the seed signature. -func prepareStreamingRequest(req *http.Request, sessionToken string, dataLen int64, timestamp time.Time) { +func prepareStreamingRequest(req *http.Request, dataLen int64, timestamp time.Time) { // Set x-amz-content-sha256 header. req.Header.Set("X-Amz-Content-Sha256", streamingSignAlgorithm) - if sessionToken != "" { - req.Header.Set("X-Amz-Security-Token", sessionToken) - } req.Header.Set("Content-Encoding", streamingEncoding) req.Header.Set("X-Amz-Date", timestamp.Format(iso8601DateFormat)) @@ -141,7 +138,6 @@ func (s *StreamingReader) setSeedSignature(req *http.Request) { type StreamingReader struct { accessKeyID string secretAccessKey string - sessionToken string region string prevSignature string seedSignature string @@ -199,17 +195,16 @@ func (s *StreamingReader) setStreamingAuthHeader(req *http.Request) { // StreamingSignV4 - provides chunked upload signatureV4 support by // implementing io.Reader. -func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, sessionToken, +func StreamingSignV4(req *http.Request, accessKeyID, secretAccessKey, region string, dataLen int64, reqTime time.Time) *http.Request { // Set headers needed for streaming signature. - prepareStreamingRequest(req, sessionToken, dataLen, reqTime) + prepareStreamingRequest(req, dataLen, reqTime) stReader := &StreamingReader{ baseReadCloser: req.Body, accessKeyID: accessKeyID, secretAccessKey: secretAccessKey, - sessionToken: sessionToken, region: region, reqTime: reqTime, chunkBuf: make([]byte, payloadChunkSize), diff --git a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming_test.go b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming_test.go index 1f49f2234..084a0dbab 100644 --- a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming_test.go +++ b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-streaming_test.go @@ -39,7 +39,7 @@ func TestGetSeedSignature(t *testing.T) { t.Fatalf("Failed to parse time - %v", err) } - req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, "", "us-east-1", int64(dataLen), reqTime) + req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, "us-east-1", int64(dataLen), reqTime) actualSeedSignature := req.Body.(*StreamingReader).seedSignature expectedSeedSignature := "007480502de61457e955731b0f5d191f7e6f54a8a0f6cc7974a5ebd887965686" @@ -72,7 +72,7 @@ func TestSetStreamingAuthorization(t *testing.T) { dataLen := int64(65 * 1024) reqTime, _ := time.Parse(iso8601DateFormat, "20130524T000000Z") - req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, "", location, dataLen, reqTime) + req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, location, dataLen, reqTime) expectedAuthorization := "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/us-east-1/s3/aws4_request,SignedHeaders=content-encoding;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class,Signature=007480502de61457e955731b0f5d191f7e6f54a8a0f6cc7974a5ebd887965686" @@ -96,7 +96,7 @@ func TestStreamingReader(t *testing.T) { baseReader := ioutil.NopCloser(bytes.NewReader(bytes.Repeat([]byte("a"), 65*1024))) req.Body = baseReader - req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, "", location, dataLen, reqTime) + req = StreamingSignV4(req, accessKeyID, secretAccessKeyID, location, dataLen, reqTime) b, err := ioutil.ReadAll(req.Body) if err != nil { diff --git a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-v4.go b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-v4.go index 0d75dc162..245fb08c3 100644 --- a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-v4.go +++ b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature-v4.go @@ -206,7 +206,7 @@ func getStringToSignV4(t time.Time, location, canonicalRequest string) string { // PreSignV4 presign the request, in accordance with // http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html. -func PreSignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, location string, expires int64) *http.Request { +func PreSignV4(req http.Request, accessKeyID, secretAccessKey, location string, expires int64) *http.Request { // Presign is not needed for anonymous credentials. if accessKeyID == "" || secretAccessKey == "" { return &req @@ -228,10 +228,6 @@ func PreSignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, loc query.Set("X-Amz-Expires", strconv.FormatInt(expires, 10)) query.Set("X-Amz-SignedHeaders", signedHeaders) query.Set("X-Amz-Credential", credential) - // Set session token if available. - if sessionToken != "" { - query.Set("X-Amz-Security-Token", sessionToken) - } req.URL.RawQuery = query.Encode() // Get canonical request. @@ -264,7 +260,7 @@ func PostPresignSignatureV4(policyBase64 string, t time.Time, secretAccessKey, l // SignV4 sign the request before Do(), in accordance with // http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html. -func SignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, location string) *http.Request { +func SignV4(req http.Request, accessKeyID, secretAccessKey, location string) *http.Request { // Signature calculation is not needed for anonymous credentials. if accessKeyID == "" || secretAccessKey == "" { return &req @@ -276,11 +272,6 @@ func SignV4(req http.Request, accessKeyID, secretAccessKey, sessionToken, locati // Set x-amz-date. req.Header.Set("X-Amz-Date", t.Format(iso8601DateFormat)) - // Set session token if available. - if sessionToken != "" { - req.Header.Set("X-Amz-Security-Token", sessionToken) - } - // Get canonical request. canonicalRequest := getCanonicalRequest(req, v4IgnoredHeaders) diff --git a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature_test.go b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature_test.go index 85ff063df..6f5ba1895 100644 --- a/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature_test.go +++ b/vendor/github.com/minio/minio-go/pkg/s3signer/request-signature_test.go @@ -28,12 +28,12 @@ func TestSignatureCalculation(t *testing.T) { if err != nil { t.Fatal("Error:", err) } - req = SignV4(*req, "", "", "", "us-east-1") + req = SignV4(*req, "", "", "us-east-1") if req.Header.Get("Authorization") != "" { t.Fatal("Error: anonymous credentials should not have Authorization header.") } - req = PreSignV4(*req, "", "", "", "us-east-1", 0) + req = PreSignV4(*req, "", "", "us-east-1", 0) if strings.Contains(req.URL.RawQuery, "X-Amz-Signature") { t.Fatal("Error: anonymous credentials should not have Signature query resource.") } @@ -48,12 +48,12 @@ func TestSignatureCalculation(t *testing.T) { t.Fatal("Error: anonymous credentials should not have Signature query resource.") } - req = SignV4(*req, "ACCESS-KEY", "SECRET-KEY", "", "us-east-1") + req = SignV4(*req, "ACCESS-KEY", "SECRET-KEY", "us-east-1") if req.Header.Get("Authorization") == "" { t.Fatal("Error: normal credentials should have Authorization header.") } - req = PreSignV4(*req, "ACCESS-KEY", "SECRET-KEY", "", "us-east-1", 0) + req = PreSignV4(*req, "ACCESS-KEY", "SECRET-KEY", "us-east-1", 0) if !strings.Contains(req.URL.RawQuery, "X-Amz-Signature") { t.Fatal("Error: normal credentials should have Signature query resource.") } diff --git a/vendor/github.com/minio/minio-go/signature-type.go b/vendor/github.com/minio/minio-go/signature-type.go new file mode 100644 index 000000000..f9a57c3f1 --- /dev/null +++ b/vendor/github.com/minio/minio-go/signature-type.go @@ -0,0 +1,45 @@ +/* + * Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015 Minio, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package minio + +// SignatureType is type of Authorization requested for a given HTTP request. +type SignatureType int + +// Different types of supported signatures - default is Latest i.e SignatureV4. +const ( + Latest SignatureType = iota + SignatureV4 + SignatureV2 + SignatureV4Streaming +) + +var emptySHA256 = sum256(nil) + +// isV2 - is signature SignatureV2? +func (s SignatureType) isV2() bool { + return s == SignatureV2 +} + +// isV4 - is signature SignatureV4? +func (s SignatureType) isV4() bool { + return s == SignatureV4 || s == Latest +} + +// isStreamingV4 - is signature SignatureV4Streaming? +func (s SignatureType) isStreamingV4() bool { + return s == SignatureV4Streaming +} diff --git a/vendor/github.com/minio/minio-go/utils.go b/vendor/github.com/minio/minio-go/utils.go index 4fa43b1ff..93cd1712f 100644 --- a/vendor/github.com/minio/minio-go/utils.go +++ b/vendor/github.com/minio/minio-go/utils.go @@ -110,8 +110,6 @@ func closeResponse(resp *http.Response) { } } -var emptySHA256 = sum256(nil) - // Sentinel URL is the default url value which is invalid. var sentinelURL = url.URL{} |