New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(storage): post policy can be signed with a fn that takes raw bytes #5079
feat(storage): post policy can be signed with a fn that takes raw bytes #5079
Conversation
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the ℹ️ Googlers: Go here for more info. |
@googlebot I consent. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, in general. I'll let Chris look more closely. One minor comment.
Merge-on-green attempted to merge your PR for 6 hours, but it was not mergeable because either one of your required status checks failed, one of your required reviews was not approved, or there is a do not merge label. Learn more about your required status checks here: https://help.github.com/en/github/administering-a-repository/enabling-required-status-checks. You can remove and reapply the label to re-run the bot. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally looks good, a few comments mostly on docs.
|
||
// verifyPostPolicy uploads a file to the obj using the provided post policy and | ||
// verifies that it was uploaded correctly | ||
func verifyPostPolicy(pv4 *PostPolicyV4, obj *ObjectHandle, bytesToWrite []byte, statusCodeOnSuccess int) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't think passing StatusCodeOnSuccess
is necessary; it should always be 200 right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It can be different depending on what you specify in PostPolicyV4Options.PolicyV4Fields.StatusCodeOnSuccess
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think currently it is 200 in all these tests, so we shouldn't pass more params unnecessarily if possible.
@@ -52,22 +52,31 @@ type PostPolicyV4Options struct { | |||
// Exactly one of PrivateKey or SignBytes must be non-nil. | |||
PrivateKey []byte | |||
|
|||
// SignBytes is a function for implementing custom signing. For example, if | |||
// SignBytes is a function for implementing custom signing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe include a sentence about how it differs from SignRawBytes
even though we are deprecating it.
// bytes = shaSum[:] | ||
SignBytes func(hashBytes []byte) (signature []byte, err error) | ||
|
||
// SignRawBytes is a function for implementing custom signing. For example, if |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would note explicitly that the same function that works for SignBytes
for signed URLs will work for SignRawBytes
for post policy. Obviously it's confusing but still better to state explicitly.
storage/post_policy_v4.go
Outdated
var signature []byte | ||
var signErr error | ||
// SignBytes is used only if SignRawBytes is not defined | ||
if opts.SignRawBytes == nil && opts.SignBytes != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I worry about the fact that we are checking this condition multiple times. Maybe we just add an unexported field to the options about whether the signed bytes should be hashed or not, set that once when parsing the options, then make subsequent decisions accordingly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice improvements, looks really good!
SignRawBytes
field toPostPolicyV4Options
. This field works like theSignedURLOptions
SignBytes
field. This function expects raw bytes as opposed to theSignBytes
field which expects the bytes to be hashed before called.SignBytes
field ofPostPolicyV4Options
bucket.SignedURL
andGenerateSignedPostPolicyV4
work with the same signing function forSignBytes
andSignRawBytes
respectively.TestIntegration_SignedURL
to error on an expected failure not failing.Fixes #4752