New algorithm that supports s3v4 was added.
What I did in this patch in detail:
- Implements v4 related code into mix-in class to provide some methods
for authentication algorithms (e.g. string_to_sign)
- S3Timestamp everywhere. Old code take a lot of complicated timestamp
translation from/to datetime, time, date header format (str). This
patch gathers the translation into "timestamp" property method which
should be actually handled in the validatation.
- Run functional tests for both v2/v4 authentication in the same
environment at the same time which shows evidence that we have complete
backword compatibilities and we can adopt v4 w/o anything broken.
*Bonus*
- Fix some minger bugs for singed urls (almostly expired timestamp),
for header/query mixture and for unit test case mistake.
The reason I implemented this from Andrey's original patch is the
signature v4 stuff is too complicated if we mixes the process/routine
into same class because of a bunch of if/elif/else statements for header
handling. (e.g. if 'X-Amz-Date' in req.headers) Note that it is not his
issue, just AWS is getting complicated algorithms. However, for
maintainansibility, we need more clear code to find easily which statement
is supported on v2/v4 to prevent merge buggy code into master. That is why
I tried to do this. Hopefully this code fits the original author's intention.
NOTE for operators:
- Signature V4 is supported only for keystone auth.
- Set the same value of "region" configuration in keystone to "location" in
swift3 conf file to enable SigV4.
- Sigv2 and SigV4 can be used at the same cluster configuration.
- This stuff has been supported since Keystone 9.0.0.0b1. (We probably
need to bump the minimum version for keystone in requirements)
Change-Id: I386abd4ead40f55855657e354fd8ef3fd0d13aa7
Co-Authored-By: Andrey Pavlov <andrey-mp@yandex.ru>
Closes-Bug: #1411078
a1cc181bd8