feat(storage): post policy can be signed with a fn that takes raw bytes #5079
Conversation
product-auto-label
bot
added
the
api: storage
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
google-cla
bot
added
the
cla: no
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
|
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
|
@googlebot I consent. |
google-cla
bot
added
cla: yes
BrennaEpp
added
the
automerge
|
Merge-on-green attempted to merge your PR for 6 hours, but it was not mergeable because either one of your required status checks failed, one of your required reviews was not approved, or there is a do not merge label. Learn more about your required status checks here: https://help.github.com/en/github/administering-a-repository/enabling-required-status-checks. You can remove and reapply the label to re-run the bot. |
gcf-merge-on-green
bot
removed
the
automerge
|
|
||
| // verifyPostPolicy uploads a file to the obj using the provided post policy and | ||
| // verifies that it was uploaded correctly | ||
| func verifyPostPolicy(pv4 *PostPolicyV4, obj *ObjectHandle, bytesToWrite []byte, statusCodeOnSuccess int) error { |
There was a problem hiding this comment.
Don't think passing StatusCodeOnSuccess is necessary; it should always be 200 right?
There was a problem hiding this comment.
It can be different depending on what you specify in PostPolicyV4Options.PolicyV4Fields.StatusCodeOnSuccess
There was a problem hiding this comment.
I think currently it is 200 in all these tests, so we shouldn't pass more params unnecessarily if possible.
| @@ -52,22 +52,31 @@ type PostPolicyV4Options struct { | |||
| // Exactly one of PrivateKey or SignBytes must be non-nil. | |||
| PrivateKey []byte | |||
|
|
|||
| // SignBytes is a function for implementing custom signing. For example, if | |||
| // SignBytes is a function for implementing custom signing. | |||
There was a problem hiding this comment.
Maybe include a sentence about how it differs from SignRawBytes even though we are deprecating it.
| // bytes = shaSum[:] | ||
| SignBytes func(hashBytes []byte) (signature []byte, err error) | ||
|
|
||
| // SignRawBytes is a function for implementing custom signing. For example, if |
There was a problem hiding this comment.
I would note explicitly that the same function that works for SignBytes for signed URLs will work for SignRawBytes for post policy. Obviously it's confusing but still better to state explicitly.
storage/post_policy_v4.go
Outdated
| var signature []byte | ||
| var signErr error | ||
| // SignBytes is used only if SignRawBytes is not defined | ||
| if opts.SignRawBytes == nil && opts.SignBytes != nil { |
There was a problem hiding this comment.
I worry about the fact that we are checking this condition multiple times. Maybe we just add an unexported field to the options about whether the signed bytes should be hashed or not, set that once when parsing the options, then make subsequent decisions accordingly?
SignRawBytesfield toPostPolicyV4Options. This field works like theSignedURLOptionsSignBytesfield. This function expects raw bytes as opposed to theSignBytesfield which expects the bytes to be hashed before called.SignBytesfield ofPostPolicyV4Optionsbucket.SignedURLandGenerateSignedPostPolicyV4work with the same signing function forSignBytesandSignRawBytesrespectively.TestIntegration_SignedURLto error on an expected failure not failing.Fixes #4752