Fix #15499
Fix UNSIGNED-PAYLOAD under aws4 header auth
% Done:
0%
Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
The Apache Libcloud's AWS S3 object storage provider uses unsigned payloads in PUT methods as part of the header auth. It fails when used with RGW S3 with '400 Bad Request'.
The driver.upload_object method raises the following bad request (XAmzContentSHA256Mismatch) with RGW S3:
PUT /my-container-2038u234234234/my-name-2038u234234234 HTTP/1.1 X-AMZ-Content-SHA256: UNSIGNED-PAYLOAD Content-Length: 12 Accept-Encoding: gzip,deflate X-AMZ-Date: 20160414T123159Z x-amz-storage-class: STANDARD Content-Type: text/plain Host: xxx.com Authorization: AWS4-HMAC-SHA256 Credential=ABCDEFGTAZLOBF43WNQA/20160414/eu-west-1/s3/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=576d530ac8966883beeb24ac0a0d27db236250a52fa052cc03af0b8abad30cac User-Agent: libcloud/1.0.0-rc2 Hello test! HTTP/1.1 400 Bad Request x-amz-request-id: tx000000000000000000005-00570f8dbf-1016-default Content-Length: 250 Accept-Ranges: bytes Content-Type: application/xml Date: Thu, 14 Apr 2016 12:31:59 GMT <?xml version="1.0" encoding="UTF-8"?><Error><Code>XAmzContentSHA256Mismatch</Code><BucketName>my-container-2038u234234234</BucketName><RequestId>tx000000000000000000005-00570f8dbf-1016-default</RequestId><HostId>1016-default-default</HostId></Error>
The same code works fine with Amazon S3:
PUT /my-container-2038u234234234/my-name-2038u234234234 HTTP/1.1 X-AMZ-Content-SHA256: UNSIGNED-PAYLOAD Content-Length: 12 Accept-Encoding: gzip,deflate X-AMZ-Date: 20160414T123715Z x-amz-storage-class: STANDARD Content-Type: text/plain Host: s3.eu-central-1.amazonaws.com Authorization: AWS4-HMAC-SHA256 Credential=ABCDEFGTAZLOBF43WNQA/20160414/eu-central-1/s3/aws4_request, SignedHeaders=accept-encoding;content-length;content-type;host;user-agent;x-amz-content-sha256;x-amz-date;x-amz-storage-class, Signature=20913a4eac838fe99aac04788696ab43bdc4465fd84907a09661f6c1ff0211f9 User-Agent: libcloud/1.0.0-rc2 Hello test! HTTP/1.1 200 OK x-amz-id-2: wtVQWvIm0mi5vhnlBCNv7wi6nbYjxvMQV/qvrLps3kfVPlLKlUFxiRIkofIAG8peMdLoGdG5PJk= x-amz-request-id: ED54923CE345E92A Date: Thu, 14 Apr 2016 12:37:16 GMT ETag: "8ac91dd17dd64e95271601b773859aaa" Content-Length: 0 Server: AmazonS3
Note: we should add this combo (PUT + UNSIGNED-PAYLOAD + header auth) in s3-tests.
I will ask for PR in a while.
History
#1 Updated by Javier M. Mellid almost 8 years ago
PR available at:
#2 Updated by Sage Weil almost 8 years ago
- Status changed from In Progress to Resolved