add AK/SK Certification for uploading snapshot to cloud #972
Conversation
Codecov Report
@@ Coverage Diff @@
## master #972 +/- ##
==========================================
+ Coverage 34.32% 34.61% +0.29%
==========================================
Files 89 92 +3
Lines 16608 16858 +250
==========================================
+ Hits 5700 5835 +135
- Misses 10096 10197 +101
- Partials 812 826 +14
|
|
Can you please attach the test report for this PR? |
|
@liuqinguestc I don't think your solution is correct when considering the identification when hotpot uploads snapshot to cloud through multi-cloud. IMO, signature should be generated in hotpot which will be passed to multi-cloud and identified in multi-cloud. |
|
@wisererik I just do as you said , I will delete some codes that do not need. |
|
Please add a release note. |
| @@ -0,0 +1,189 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
There was a problem hiding this comment.
client.go has the same feature code, please use that one.
There was a problem hiding this comment.
sorry,I can not use that, because the code is not same, and function is not the same.
| @@ -0,0 +1,37 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
There was a problem hiding this comment.
fileter is used for api-server client, please remove this code.
There was a problem hiding this comment.
sorry,this is used for keystone.go, I can not remove this code.
| @@ -101,3 +101,7 @@ | |||
| go-tests = true | |||
| non-go = true | |||
| unused-packages = true | |||
|
|
|||
| [[constraint]] | |||
| name = "github.com/emicklei/go-restful" | |||
There was a problem hiding this comment.
why do we need go-restfull lib?
There was a problem hiding this comment.
just for getting signature. the code uses go-restful lib.
| @@ -0,0 +1,61 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
There was a problem hiding this comment.
this file is used by auth.go
| "strings" | ||
|
|
||
| "github.com/opensds/opensds/contrib/backup/multicloud/auth" | ||
|
|
| @@ -56,4 +56,10 @@ const ( | |||
| Read = "Read" | |||
| Write = "Write" | |||
| Execute = "Execute" | |||
|
|
|||
| //Signature parameter name | |||
There was a problem hiding this comment.
these constants is only used for upload to snapshot to cloud, please move to contrib/backup/multi-cloud directory.
There was a problem hiding this comment.
but as erik said. we should use public lib
| @@ -66,8 +66,8 @@ | |||
| version = "2.0.0" | |||
|
|
|||
| [[constraint]] | |||
| branch = "master" | |||
There was a problem hiding this comment.
this PR is too huge for a single commit. 16K+ lines of code, please split it up.
| @@ -0,0 +1,37 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
| // | |||
There was a problem hiding this comment.
OpenSDS copyright missing
There was a problem hiding this comment.
Is these lines written newly by us?
There was a problem hiding this comment.
OpenSDS copyright missing
Its there in the line 1
| @@ -0,0 +1,189 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
| // | |||
|
|
||
| const ( | ||
| ConfFile = "/etc/opensds/driver/multi-cloud.yaml" | ||
| DefaultUploadTimeout = 30 // in Seconds |
|
|
||
| func (k *Keystone) loadConf(p string) (*MultiCloudConf, error) { | ||
| conf := &MultiCloudConf{ | ||
| Endpoint: "http://127.0.0.1:8088", |
| return nil, nil, err | ||
| } | ||
|
|
||
| requestDate := time.Now().UTC().Format("20060102") |
There was a problem hiding this comment.
why are the dates and times hard-coded ?
| // and a termination string ("sign_request") in lowercase characters. | ||
| sign.credentialString, | ||
| //Step 4: Append the hash of the canonical request created in Task 1 | ||
| hex.EncodeToString(makeSha256([]byte(sign.canonicalString))), |
There was a problem hiding this comment.
is it secure to store in String ? in JAVA it is recommended to store in char[], since due to GC not being done, the value of the String variable can be seen by a memory profiler
| func (sign *Signature) buildSignature() { | ||
| // Step 1: Create the signing key, use the secret access key to create a series of | ||
| // hash-based message authentication codes (HMACs). | ||
| kSecret := sign.credValues.SecretAccessKey |
There was a problem hiding this comment.
error handling ? in case any makeHMAC fails ?
| // hash-based message authentication codes (HMACs). | ||
| kSecret := sign.credValues.SecretAccessKey | ||
| kDate := makeHmac([]byte("OPENSDS"+kSecret), []byte(sign.requestDate)) | ||
| kRegion := makeHmac(kDate, []byte(sign.Region)) |
There was a problem hiding this comment.
key and value not matching here, please check all
| } | ||
|
|
||
| // stripExcessSpaces will trim multiple side-by-side spaces. | ||
| func stripExcessSpaces(vals []string) { |
There was a problem hiding this comment.
can we use strings.TrimSpace(s) ?
| var canonicalURI string | ||
|
|
||
| if len(url.Opaque) > 0 { | ||
| canonicalURI = "/" + strings.Join(strings.Split(url.Opaque, "/")[3:], "/") |
| @@ -66,8 +66,8 @@ | |||
| version = "2.0.0" | |||
|
|
|||
| [[constraint]] | |||
| branch = "master" | |||
| @@ -0,0 +1,37 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
| // | |||
There was a problem hiding this comment.
Is these lines written newly by us?
| @@ -0,0 +1,37 @@ | |||
| // Copyright 2019 The OpenSDS Authors. | |||
| // | |||
There was a problem hiding this comment.
OpenSDS copyright missing
Its there in the line 1
|
|
||
| func (k *Keystone) loadConf(p string) (*MultiCloudConf, error) { | ||
| conf := &MultiCloudConf{ | ||
| Endpoint: "http://127.0.0.1:8088", |
| var r tokens.GetResult | ||
| // The service token may be expired or revoked, so retry to get new token. | ||
| err := utils.Retry(2, "verify token", false, func(retryIdx int, lastErr error) error { | ||
| if retryIdx > 0 { |
There was a problem hiding this comment.
What are you trying to do here. I see some confusion here!
What this PR does / why we need it:
add AK/SK Certification for uploading snapshot to cloud
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #Special notes for your reviewer:
Release note: