Accept munged ("/" => "_") tokens in S3 requests with V2 signatures.
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@tomclegg.ca>
Keep-web accepts AWS Signature Version 4 (AWS4-HMAC-SHA256) as well as the older V2 AWS signature.
* If your client uses V4 signatures exclusively, and your Arvados token was issued by the same cluster you are connecting to: use the Arvados token's UUID part as AccessKey, and its secret part as SecretKey. This is preferred, where applicable.
-* If your client uses V2 signatures, or a combination of V2 and V4, or the Arvados token UUID is unknown, or a LoginCluster is in use: use the secret part of the Arvados token for both AccessKey and SecretKey.
+* In all other cases, replace every "/" in your Arvados token with "_", and use the resulting string as both AccessKey and SecretKey.
return true
}
token = split[0]
+ if strings.HasPrefix(token, "v2_") {
+ // User provided a full Arvados token with "/"
+ // munged to "_" (see V4 signature validation)
+ // but client software used S3 V2 signature.
+ token = strings.Replace(token, "_", "/", -1)
+ }
} else if strings.HasPrefix(auth, s3SignAlgorithm+" ") {
t, err := h.checks3signature(r)
if err != nil {