summaryrefslogtreecommitdiffstats
path: root/vendor/github.com/minio/minio-go/v7/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/minio/minio-go/v7/pkg')
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go2
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/credentials/sts-tls-identity.go192
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go2
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go6
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go75
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go28
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go3
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go11
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go55
-rw-r--r--vendor/github.com/minio/minio-go/v7/pkg/signer/utils.go4
10 files changed, 318 insertions, 60 deletions
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
index bbd25ed8..485a717e 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/iam_aws.go
@@ -112,7 +112,7 @@ func (m *IAM) Retrieve() (Value, error) {
return &WebIdentityToken{Token: string(token)}, nil
},
- roleARN: os.Getenv("AWS_ROLE_ARN"),
+ RoleARN: os.Getenv("AWS_ROLE_ARN"),
roleSessionName: os.Getenv("AWS_ROLE_SESSION_NAME"),
}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts-tls-identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts-tls-identity.go
new file mode 100644
index 00000000..2e37025a
--- /dev/null
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts-tls-identity.go
@@ -0,0 +1,192 @@
+// MinIO Go Library for Amazon S3 Compatible Cloud Storage
+// Copyright 2021 MinIO, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package credentials
+
+import (
+ "crypto/tls"
+ "encoding/xml"
+ "errors"
+ "io"
+ "net"
+ "net/http"
+ "net/url"
+ "strconv"
+ "time"
+)
+
+// CertificateIdentityOption is an optional AssumeRoleWithCertificate
+// parameter - e.g. a custom HTTP transport configuration or S3 credental
+// livetime.
+type CertificateIdentityOption func(*STSCertificateIdentity)
+
+// CertificateIdentityWithTransport returns a CertificateIdentityOption that
+// customizes the STSCertificateIdentity with the given http.RoundTripper.
+func CertificateIdentityWithTransport(t http.RoundTripper) CertificateIdentityOption {
+ return CertificateIdentityOption(func(i *STSCertificateIdentity) { i.Client.Transport = t })
+}
+
+// CertificateIdentityWithExpiry returns a CertificateIdentityOption that
+// customizes the STSCertificateIdentity with the given livetime.
+//
+// Fetched S3 credentials will have the given livetime if the STS server
+// allows such credentials.
+func CertificateIdentityWithExpiry(livetime time.Duration) CertificateIdentityOption {
+ return CertificateIdentityOption(func(i *STSCertificateIdentity) { i.S3CredentialLivetime = livetime })
+}
+
+// A STSCertificateIdentity retrieves S3 credentials from the MinIO STS API and
+// rotates those credentials once they expire.
+type STSCertificateIdentity struct {
+ Expiry
+
+ // STSEndpoint is the base URL endpoint of the STS API.
+ // For example, https://minio.local:9000
+ STSEndpoint string
+
+ // S3CredentialLivetime is the duration temp. S3 access
+ // credentials should be valid.
+ //
+ // It represents the access credential livetime requested
+ // by the client. The STS server may choose to issue
+ // temp. S3 credentials that have a different - usually
+ // shorter - livetime.
+ //
+ // The default livetime is one hour.
+ S3CredentialLivetime time.Duration
+
+ // Client is the HTTP client used to authenticate and fetch
+ // S3 credentials.
+ //
+ // A custom TLS client configuration can be specified by
+ // using a custom http.Transport:
+ // Client: http.Client {
+ // Transport: &http.Transport{
+ // TLSClientConfig: &tls.Config{},
+ // },
+ // }
+ Client http.Client
+}
+
+var _ Provider = (*STSWebIdentity)(nil) // compiler check
+
+// NewSTSCertificateIdentity returns a STSCertificateIdentity that authenticates
+// to the given STS endpoint with the given TLS certificate and retrieves and
+// rotates S3 credentials.
+func NewSTSCertificateIdentity(endpoint string, certificate tls.Certificate, options ...CertificateIdentityOption) (*Credentials, error) {
+ if endpoint == "" {
+ return nil, errors.New("STS endpoint cannot be empty")
+ }
+ if _, err := url.Parse(endpoint); err != nil {
+ return nil, err
+ }
+ var identity = &STSCertificateIdentity{
+ STSEndpoint: endpoint,
+ Client: http.Client{
+ Transport: &http.Transport{
+ Proxy: http.ProxyFromEnvironment,
+ DialContext: (&net.Dialer{
+ Timeout: 30 * time.Second,
+ KeepAlive: 30 * time.Second,
+ }).DialContext,
+ ForceAttemptHTTP2: true,
+ MaxIdleConns: 100,
+ IdleConnTimeout: 90 * time.Second,
+ TLSHandshakeTimeout: 10 * time.Second,
+ ExpectContinueTimeout: 5 * time.Second,
+ TLSClientConfig: &tls.Config{
+ Certificates: []tls.Certificate{certificate},
+ },
+ },
+ },
+ }
+ for _, option := range options {
+ option(identity)
+ }
+ return New(identity), nil
+}
+
+// Retrieve fetches a new set of S3 credentials from the configured
+// STS API endpoint.
+func (i *STSCertificateIdentity) Retrieve() (Value, error) {
+ endpointURL, err := url.Parse(i.STSEndpoint)
+ if err != nil {
+ return Value{}, err
+ }
+ var livetime = i.S3CredentialLivetime
+ if livetime == 0 {
+ livetime = 1 * time.Hour
+ }
+
+ queryValues := url.Values{}
+ queryValues.Set("Action", "AssumeRoleWithCertificate")
+ queryValues.Set("Version", STSVersion)
+ endpointURL.RawQuery = queryValues.Encode()
+
+ req, err := http.NewRequest(http.MethodPost, endpointURL.String(), nil)
+ if err != nil {
+ return Value{}, err
+ }
+ req.Form.Add("DurationSeconds", strconv.FormatUint(uint64(livetime.Seconds()), 10))
+
+ resp, err := i.Client.Do(req)
+ if err != nil {
+ return Value{}, err
+ }
+ if resp.Body != nil {
+ defer resp.Body.Close()
+ }
+ if resp.StatusCode != http.StatusOK {
+ return Value{}, errors.New(resp.Status)
+ }
+
+ const MaxSize = 10 * 1 << 20
+ var body io.Reader = resp.Body
+ if resp.ContentLength > 0 && resp.ContentLength < MaxSize {
+ body = io.LimitReader(body, resp.ContentLength)
+ } else {
+ body = io.LimitReader(body, MaxSize)
+ }
+
+ var response assumeRoleWithCertificateResponse
+ if err = xml.NewDecoder(body).Decode(&response); err != nil {
+ return Value{}, err
+ }
+ i.SetExpiration(response.Result.Credentials.Expiration, DefaultExpiryWindow)
+ return Value{
+ AccessKeyID: response.Result.Credentials.AccessKey,
+ SecretAccessKey: response.Result.Credentials.SecretKey,
+ SessionToken: response.Result.Credentials.SessionToken,
+ SignerType: SignatureDefault,
+ }, nil
+}
+
+// Expiration returns the expiration time of the current S3 credentials.
+func (i *STSCertificateIdentity) Expiration() time.Time { return i.expiration }
+
+type assumeRoleWithCertificateResponse struct {
+ XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithCertificateResponse" json:"-"`
+ Result struct {
+ Credentials struct {
+ AccessKey string `xml:"AccessKeyId" json:"accessKey,omitempty"`
+ SecretKey string `xml:"SecretAccessKey" json:"secretKey,omitempty"`
+ Expiration time.Time `xml:"Expiration" json:"expiration,omitempty"`
+ SessionToken string `xml:"SessionToken" json:"sessionToken,omitempty"`
+ } `xml:"Credentials" json:"credentials,omitempty"`
+ } `xml:"AssumeRoleWithCertificateResult"`
+ ResponseMetadata struct {
+ RequestID string `xml:"RequestId,omitempty"`
+ } `xml:"ResponseMetadata,omitempty"`
+}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
index 0fa5b55f..bdde1fa3 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_ldap_identity.go
@@ -124,7 +124,7 @@ func stripPassword(err error) error {
// LDAP Identity with a specified session policy. The `policy` parameter must be
// a JSON string specifying the policy document.
//
-// DEPRECATED: Use the `LDAPIdentityPolicyOpt` with `NewLDAPIdentity` instead.
+// Deprecated: Use the `LDAPIdentityPolicyOpt` with `NewLDAPIdentity` instead.
func NewLDAPIdentityWithSessionPolicy(stsEndpoint, ldapUsername, ldapPassword, policy string) (*Credentials, error) {
return New(&LDAPIdentity{
Client: &http.Client{Transport: http.DefaultTransport},
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
index c1109140..25ca751d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/credentials/sts_web_identity.go
@@ -78,9 +78,9 @@ type STSWebIdentity struct {
// This is a customer provided function and is mandatory.
GetWebIDTokenExpiry func() (*WebIdentityToken, error)
- // roleARN is the Amazon Resource Name (ARN) of the role that the caller is
+ // RoleARN is the Amazon Resource Name (ARN) of the role that the caller is
// assuming.
- roleARN string
+ RoleARN string
// roleSessionName is the identifier for the assumed role session.
roleSessionName string
@@ -164,7 +164,7 @@ func getWebIdentityCredentials(clnt *http.Client, endpoint, roleARN, roleSession
// Retrieve retrieves credentials from the MinIO service.
// Error will be returned if the request fails.
func (m *STSWebIdentity) Retrieve() (Value, error) {
- a, err := getWebIdentityCredentials(m.Client, m.STSEndpoint, m.roleARN, m.roleSessionName, m.GetWebIDTokenExpiry)
+ a, err := getWebIdentityCredentials(m.Client, m.STSEndpoint, m.RoleARN, m.roleSessionName, m.GetWebIDTokenExpiry)
if err != nil {
return Value{}, err
}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go b/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
index 83870a36..96f1101c 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/lifecycle/lifecycle.go
@@ -21,9 +21,12 @@ package lifecycle
import (
"encoding/json"
"encoding/xml"
+ "errors"
"time"
)
+var errMissingStorageClass = errors.New("storage-class cannot be empty")
+
// AbortIncompleteMultipartUpload structure, not supported yet on MinIO
type AbortIncompleteMultipartUpload struct {
XMLName xml.Name `xml:"AbortIncompleteMultipartUpload,omitempty" json:"-"`
@@ -50,13 +53,14 @@ func (n AbortIncompleteMultipartUpload) MarshalXML(e *xml.Encoder, start xml.Sta
// (or suspended) to request server delete noncurrent object versions at a
// specific period in the object's lifetime.
type NoncurrentVersionExpiration struct {
- XMLName xml.Name `xml:"NoncurrentVersionExpiration" json:"-"`
- NoncurrentDays ExpirationDays `xml:"NoncurrentDays,omitempty"`
+ XMLName xml.Name `xml:"NoncurrentVersionExpiration" json:"-"`
+ NoncurrentDays ExpirationDays `xml:"NoncurrentDays,omitempty"`
+ MaxNoncurrentVersions int `xml:"MaxNoncurrentVersions,omitempty"`
}
// MarshalXML if non-current days not set to non zero value
func (n NoncurrentVersionExpiration) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
- if n.IsDaysNull() {
+ if n.isNull() {
return nil
}
type noncurrentVersionExpirationWrapper NoncurrentVersionExpiration
@@ -68,13 +72,17 @@ func (n NoncurrentVersionExpiration) IsDaysNull() bool {
return n.NoncurrentDays == ExpirationDays(0)
}
+func (n NoncurrentVersionExpiration) isNull() bool {
+ return n.IsDaysNull() && n.MaxNoncurrentVersions == 0
+}
+
// NoncurrentVersionTransition structure, set this action to request server to
// transition noncurrent object versions to different set storage classes
// at a specific period in the object's lifetime.
type NoncurrentVersionTransition struct {
XMLName xml.Name `xml:"NoncurrentVersionTransition,omitempty" json:"-"`
StorageClass string `xml:"StorageClass,omitempty" json:"StorageClass,omitempty"`
- NoncurrentDays ExpirationDays `xml:"NoncurrentDays,omitempty" json:"NoncurrentDays,omitempty"`
+ NoncurrentDays ExpirationDays `xml:"NoncurrentDays" json:"NoncurrentDays"`
}
// IsDaysNull returns true if days field is null
@@ -87,10 +95,30 @@ func (n NoncurrentVersionTransition) IsStorageClassEmpty() bool {
return n.StorageClass == ""
}
+func (n NoncurrentVersionTransition) isNull() bool {
+ return n.StorageClass == ""
+}
+
+// UnmarshalJSON implements NoncurrentVersionTransition JSONify
+func (n *NoncurrentVersionTransition) UnmarshalJSON(b []byte) error {
+ type noncurrentVersionTransition NoncurrentVersionTransition
+ var nt noncurrentVersionTransition
+ err := json.Unmarshal(b, &nt)
+ if err != nil {
+ return err
+ }
+
+ if nt.StorageClass == "" {
+ return errMissingStorageClass
+ }
+ *n = NoncurrentVersionTransition(nt)
+ return nil
+}
+
// MarshalXML is extended to leave out
// <NoncurrentVersionTransition></NoncurrentVersionTransition> tags
func (n NoncurrentVersionTransition) MarshalXML(e *xml.Encoder, start xml.StartElement) error {
- if n.IsDaysNull() || n.IsStorageClassEmpty() {
+ if n.isNull() {
return nil
}
type noncurrentVersionTransitionWrapper NoncurrentVersionTransition
@@ -114,25 +142,44 @@ type Transition struct {
XMLName xml.Name `xml:"Transition" json:"-"`
Date ExpirationDate `xml:"Date,omitempty" json:"Date,omitempty"`
StorageClass string `xml:"StorageClass,omitempty" json:"StorageClass,omitempty"`
- Days ExpirationDays `xml:"Days,omitempty" json:"Days,omitempty"`
+ Days ExpirationDays `xml:"Days" json:"Days"`
+}
+
+// UnmarshalJSON returns an error if storage-class is empty.
+func (t *Transition) UnmarshalJSON(b []byte) error {
+ type transition Transition
+ var tr transition
+ err := json.Unmarshal(b, &tr)
+ if err != nil {
+ return err
+ }
+
+ if tr.StorageClass == "" {
+ return errMissingStorageClass
+ }
+ *t = Transition(tr)
+ return nil
}
// MarshalJSON customizes json encoding by omitting empty values
func (t Transition) MarshalJSON() ([]byte, error) {
+ if t.IsNull() {
+ return nil, nil
+ }
type transition struct {
Date *ExpirationDate `json:"Date,omitempty"`
StorageClass string `json:"StorageClass,omitempty"`
- Days *ExpirationDays `json:"Days,omitempty"`
+ Days *ExpirationDays `json:"Days"`
}
newt := transition{
StorageClass: t.StorageClass,
}
- if !t.IsDaysNull() {
- newt.Days = &t.Days
- }
+
if !t.IsDateNull() {
newt.Date = &t.Date
+ } else {
+ newt.Days = &t.Days
}
return json.Marshal(newt)
}
@@ -147,9 +194,9 @@ func (t Transition) IsDateNull() bool {
return t.Date.Time.IsZero()
}
-// IsNull returns true if both date and days fields are null
+// IsNull returns true if no storage-class is set.
func (t Transition) IsNull() bool {
- return t.IsDaysNull() && t.IsDateNull()
+ return t.StorageClass == ""
}
// MarshalXML is transition is non null
@@ -364,10 +411,10 @@ func (r Rule) MarshalJSON() ([]byte, error) {
if !r.Transition.IsNull() {
newr.Transition = &r.Transition
}
- if !r.NoncurrentVersionExpiration.IsDaysNull() {
+ if !r.NoncurrentVersionExpiration.isNull() {
newr.NoncurrentVersionExpiration = &r.NoncurrentVersionExpiration
}
- if !r.NoncurrentVersionTransition.IsDaysNull() {
+ if !r.NoncurrentVersionTransition.isNull() {
newr.NoncurrentVersionTransition = &r.NoncurrentVersionTransition
}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go b/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
index 0211f1fb..97c1492b 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/replication/replication.go
@@ -103,15 +103,21 @@ func (c *Config) AddRule(opts Options) error {
if err != nil {
return err
}
+ var compatSw bool // true if RoleArn is used with new mc client and older minio version prior to multisite
if opts.RoleArn != "" {
tokens := strings.Split(opts.RoleArn, ":")
if len(tokens) != 6 {
return fmt.Errorf("invalid format for replication Role Arn: %v", opts.RoleArn)
}
- if !strings.HasPrefix(opts.RoleArn, "arn:aws:iam") {
+ switch {
+ case strings.HasPrefix(opts.RoleArn, "arn:minio:replication") && len(c.Rules) == 0:
+ c.Role = opts.RoleArn
+ compatSw = true
+ case strings.HasPrefix(opts.RoleArn, "arn:aws:iam"):
+ c.Role = opts.RoleArn
+ default:
return fmt.Errorf("RoleArn invalid for AWS replication configuration: %v", opts.RoleArn)
}
- c.Role = opts.RoleArn
}
var status Status
@@ -151,7 +157,11 @@ func (c *Config) AddRule(opts Options) error {
destBucket := opts.DestBucket
// ref https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html
if btokens := strings.Split(destBucket, ":"); len(btokens) != 6 {
- return fmt.Errorf("destination bucket needs to be in Arn format")
+ if len(btokens) == 1 && compatSw {
+ destBucket = fmt.Sprintf("arn:aws:s3:::%s", destBucket)
+ } else {
+ return fmt.Errorf("destination bucket needs to be in Arn format")
+ }
}
dmStatus := Disabled
if opts.ReplicateDeleteMarkers != "" {
@@ -228,7 +238,7 @@ func (c *Config) AddRule(opts Options) error {
return err
}
// if replication config uses RoleArn, migrate this to the destination element as target ARN for remote bucket for MinIO configuration
- if c.Role != "" && !strings.HasPrefix(c.Role, "arn:aws:iam") {
+ if c.Role != "" && !strings.HasPrefix(c.Role, "arn:aws:iam") && !compatSw {
for i := range c.Rules {
c.Rules[i].Destination.Bucket = c.Role
}
@@ -254,7 +264,7 @@ func (c *Config) EditRule(opts Options) error {
return fmt.Errorf("rule ID missing")
}
// if replication config uses RoleArn, migrate this to the destination element as target ARN for remote bucket for non AWS.
- if c.Role != "" && !strings.HasPrefix(c.Role, "arn:aws:iam") {
+ if c.Role != "" && !strings.HasPrefix(c.Role, "arn:aws:iam") && len(c.Rules) > 1 {
for i := range c.Rules {
c.Rules[i].Destination.Bucket = c.Role
}
@@ -484,10 +494,7 @@ func (r Rule) validateStatus() error {
}
func (r Rule) validateFilter() error {
- if err := r.Filter.Validate(); err != nil {
- return err
- }
- return nil
+ return r.Filter.Validate()
}
// Prefix - a rule can either have prefix under <filter></filter> or under
@@ -712,9 +719,12 @@ type Metrics struct {
FailedCount uint64 `json:"failedReplicationCount"`
}
+// ResyncTargetsInfo provides replication target information to resync replicated data.
type ResyncTargetsInfo struct {
Targets []ResyncTarget `json:"target,omitempty"`
}
+
+// ResyncTarget provides the replica resources and resetID to initiate resync replication.
type ResyncTarget struct {
Arn string `json:"arn"`
ResetID string `json:"resetid"`
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go b/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
index fea25d6e..44945464 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/s3utils/utils.go
@@ -171,6 +171,7 @@ func IsAmazonFIPSGovCloudEndpoint(endpointURL url.URL) bool {
return false
}
return endpointURL.Host == "s3-fips-us-gov-west-1.amazonaws.com" ||
+ endpointURL.Host == "s3-fips.us-gov-west-1.amazonaws.com" ||
endpointURL.Host == "s3-fips.dualstack.us-gov-west-1.amazonaws.com"
}
@@ -211,7 +212,7 @@ func IsGoogleEndpoint(endpointURL url.URL) bool {
// Expects ascii encoded strings - from output of urlEncodePath
func percentEncodeSlash(s string) string {
- return strings.Replace(s, "/", "%2F", -1)
+ return strings.ReplaceAll(s, "/", "%2F")
}
// QueryEncode - encodes query values in their URL encoded form. In
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
index 71821a26..b6ea78f7 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v2.go
@@ -233,16 +233,7 @@ func writeCanonicalizedHeaders(buf *bytes.Buffer, req http.Request) {
if idx > 0 {
buf.WriteByte(',')
}
- if strings.Contains(v, "\n") {
- // TODO: "Unfold" long headers that
- // span multiple lines (as allowed by
- // RFC 2616, section 4.2) by replacing
- // the folding white-space (including
- // new-line) by a single space.
- buf.WriteString(v)
- } else {
- buf.WriteString(v)
- }
+ buf.WriteString(v)
}
buf.WriteByte('\n')
}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
index 67572b20..ce64c37d 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/request-signature-v4.go
@@ -42,22 +42,22 @@ const (
ServiceTypeSTS = "sts"
)
-///
-/// Excerpts from @lsegal -
-/// https://github.com/aws/aws-sdk-js/issues/659#issuecomment-120477258.
-///
-/// User-Agent:
-///
-/// This is ignored from signing because signing this causes
-/// problems with generating pre-signed URLs (that are executed
-/// by other agents) or when customers pass requests through
-/// proxies, which may modify the user-agent.
-///
-///
-/// Authorization:
-///
-/// Is skipped for obvious reasons
-///
+//
+// Excerpts from @lsegal -
+// https:/github.com/aws/aws-sdk-js/issues/659#issuecomment-120477258.
+//
+// User-Agent:
+//
+// This is ignored from signing because signing this causes
+// problems with generating pre-signed URLs (that are executed
+// by other agents) or when customers pass requests through
+// proxies, which may modify the user-agent.
+//
+//
+// Authorization:
+//
+// Is skipped for obvious reasons
+//
var v4IgnoredHeaders = map[string]bool{
"Authorization": true,
"User-Agent": true,
@@ -118,7 +118,9 @@ func getCanonicalHeaders(req http.Request, ignoredHeaders map[string]bool) strin
headers = append(headers, strings.ToLower(k))
vals[strings.ToLower(k)] = vv
}
- headers = append(headers, "host")
+ if !headerExists("host", headers) {
+ headers = append(headers, "host")
+ }
sort.Strings(headers)
var buf bytes.Buffer
@@ -130,7 +132,7 @@ func getCanonicalHeaders(req http.Request, ignoredHeaders map[string]bool) strin
switch {
case k == "host":
buf.WriteString(getHostAddr(&req))
- fallthrough
+ buf.WriteByte('\n')
default:
for idx, v := range vals[k] {
if idx > 0 {
@@ -144,6 +146,15 @@ func getCanonicalHeaders(req http.Request, ignoredHeaders map[string]bool) strin
return buf.String()
}
+func headerExists(key string, headers []string) bool {
+ for _, k := range headers {
+ if k == key {
+ return true
+ }
+ }
+ return false
+}
+
// getSignedHeaders generate all signed request headers.
// i.e lexically sorted, semicolon-separated list of lowercase
// request header names.
@@ -155,7 +166,9 @@ func getSignedHeaders(req http.Request, ignoredHeaders map[string]bool) string {
}
headers = append(headers, strings.ToLower(k))
}
- headers = append(headers, "host")
+ if !headerExists("host", headers) {
+ headers = append(headers, "host")
+ }
sort.Strings(headers)
return strings.Join(headers, ";")
}
@@ -170,7 +183,7 @@ func getSignedHeaders(req http.Request, ignoredHeaders map[string]bool) string {
// <SignedHeaders>\n
// <HashedPayload>
func getCanonicalRequest(req http.Request, ignoredHeaders map[string]bool, hashedPayload string) string {
- req.URL.RawQuery = strings.Replace(req.URL.Query().Encode(), "+", "%20", -1)
+ req.URL.RawQuery = strings.ReplaceAll(req.URL.Query().Encode(), "+", "%20")
canonicalRequest := strings.Join([]string{
req.Method,
s3utils.EncodePath(req.URL.Path),
@@ -186,7 +199,7 @@ func getCanonicalRequest(req http.Request, ignoredHeaders map[string]bool, hashe
func getStringToSignV4(t time.Time, location, canonicalRequest, serviceType string) string {
stringToSign := signV4Algorithm + "\n" + t.Format(iso8601DateFormat) + "\n"
stringToSign = stringToSign + getScope(location, t, serviceType) + "\n"
- stringToSign = stringToSign + hex.EncodeToString(sum256([]byte(canonicalRequest)))
+ stringToSign += hex.EncodeToString(sum256([]byte(canonicalRequest)))
return stringToSign
}
diff --git a/vendor/github.com/minio/minio-go/v7/pkg/signer/utils.go b/vendor/github.com/minio/minio-go/v7/pkg/signer/utils.go
index 2192a369..b54fa4c7 100644
--- a/vendor/github.com/minio/minio-go/v7/pkg/signer/utils.go
+++ b/vendor/github.com/minio/minio-go/v7/pkg/signer/utils.go
@@ -44,6 +44,10 @@ func sumHMAC(key []byte, data []byte) []byte {
// getHostAddr returns host header if available, otherwise returns host from URL
func getHostAddr(req *http.Request) string {
+ host := req.Header.Get("host")
+ if host != "" && req.Host != host {
+ return host
+ }
if req.Host != "" {
return req.Host
}