func get_svc_by_aksk(ak string, sk string, svc *s3.S3) bool { credentials := credentials.NewStaticCredentials(ak, sk, "") svc = s3.New(&aws.Config{ Region: "HANGZHOU", Credentials: credentials, Endpoint: "ks3.sdns.ksyun.com", DisableSSL: true, LogLevel: 0, S3ForcePathStyle: true, LogHTTPBody: true, }) return true }
func TestResignRequestExpiredCreds(t *testing.T) { creds := credentials.NewStaticCredentials("AKID", "SECRET", "SESSION") r := aws.NewRequest( aws.NewService(&aws.Config{Credentials: creds}), &aws.Operation{ Name: "BatchGetItem", HTTPMethod: "POST", HTTPPath: "/", }, nil, nil, ) Sign(r) querySig := r.HTTPRequest.Header.Get("Authorization") creds.Expire() Sign(r) assert.NotEqual(t, querySig, r.HTTPRequest.Header.Get("Authorization")) }
func TestIgnoreResignRequestWithValidCreds(t *testing.T) { r := aws.NewRequest( aws.NewService(&aws.Config{ Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "SESSION"), Region: "us-west-2", }), &aws.Operation{ Name: "BatchGetItem", HTTPMethod: "POST", HTTPPath: "/", }, nil, nil, ) Sign(r) sig := r.HTTPRequest.Header.Get("Authorization") Sign(r) assert.Equal(t, sig, r.HTTPRequest.Header.Get("Authorization")) }
func buildSigner(serviceName string, region string, signTime time.Time, expireTime time.Duration, body string) signer { endpoint := "https://" + serviceName + "." + region + ".amazonaws.com" reader := strings.NewReader(body) req, _ := http.NewRequest("POST", endpoint, reader) req.URL.Opaque = "//example.org/bucket/key-._~,!@#$%^&*()" req.Header.Add("X-Amz-Target", "prefix.Operation") req.Header.Add("Content-Type", "application/x-amz-json-1.0") req.Header.Add("Content-Length", string(len(body))) req.Header.Add("X-Amz-Meta-Other-Header", "some-value=!@#$%^&* (+)") return signer{ Request: req, Time: signTime, ExpireTime: expireTime, Query: req.URL.Query(), Body: reader, ServiceName: serviceName, Region: region, Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "SESSION"), } }
// test that the request is retried after the credentials are expired. func TestRequestRecoverExpiredCreds(t *testing.T) { reqNum := 0 reqs := []http.Response{ {StatusCode: 400, Body: body(`{"__type":"ExpiredTokenException","message":"expired token"}`)}, {StatusCode: 200, Body: body(`{"data":"valid"}`)}, } s := NewService(&Config{MaxRetries: 10, Credentials: credentials.NewStaticCredentials("AKID", "SECRET", "")}) s.Handlers.Validate.Clear() s.Handlers.Unmarshal.PushBack(unmarshal) s.Handlers.UnmarshalError.PushBack(unmarshalError) credExpiredBeforeRetry := false credExpiredAfterRetry := false s.Handlers.AfterRetry.PushBack(func(r *Request) { credExpiredAfterRetry = r.Config.Credentials.IsExpired() }) s.Handlers.Sign.Clear() s.Handlers.Sign.PushBack(func(r *Request) { r.Config.Credentials.Get() }) s.Handlers.Send.Clear() // mock sending s.Handlers.Send.PushBack(func(r *Request) { r.HTTPResponse = &reqs[reqNum] reqNum++ }) out := &testData{} r := NewRequest(s, &Operation{Name: "Operation"}, nil, out) err := r.Send() assert.Nil(t, err) assert.False(t, credExpiredBeforeRetry, "Expect valid creds before retry check") assert.True(t, credExpiredAfterRetry, "Expect expired creds after retry check") assert.False(t, s.Config.Credentials.IsExpired(), "Expect valid creds after cred expired recovery") assert.Equal(t, 1, int(r.RetryCount)) assert.Equal(t, "valid", out.Data) }
func start_upload_process(idx_file IndexFileT, idx_cfg IndexConfigT) bool { var ak string var sk string ak, sk, err := get_aksk_by_userid(idx_cfg.userid) if err != nil { return false } credentials := credentials.NewStaticCredentials(ak, sk, "") svc := s3.New(&aws.Config{ Region: "HANGZHOU", Credentials: credentials, Endpoint: "ks3.sdns.ksyun.com", DisableSSL: true, LogLevel: 0, S3ForcePathStyle: true, LogHTTPBody: true, }) directory := fmt.Sprintf("%s%s/%s/%s/%s/", idx_file.root, idx_file.vhost, idx_file.app, idx_file.name, idx_file.time) upload := false nupload := 0 for i := 0; i < len(idx_cfg.files); i++ { key := fmt.Sprintf("record/%s/%s/%s/%s", idx_file.app, idx_file.name, idx_file.time, idx_cfg.files[i]) file := directory + idx_cfg.files[i] _, err := os.Stat(directory + idx_cfg.files[i]) if err != nil { // delete already. nupload++ continue } if !ks3_flv_upload(svc, idx_cfg, ak, sk, key, file) { // upload failed. break } os.Remove(file) log.Info(fmt.Sprintf("remove .flv file %s", file)) nupload++ } if nupload == len(idx_cfg.files) { now := time.Now().Unix() if idx_cfg.upload || (now-idx_file.modtime) > (idx_cfg.interval+g_gout_config.timeout) { upload = true } } if upload { if ks3_mp4_merge(svc, idx_file, idx_cfg) { // we need upload file os.RemoveAll(directory) log.Info(fmt.Sprintf("remove directory %s", directory)) } } return true }
// "io" "fmt" "github.com/kingsoft-avteam/aws-sdk-go/aws" "github.com/kingsoft-avteam/aws-sdk-go/aws/credentials" "github.com/kingsoft-avteam/aws-sdk-go/internal/apierr" "github.com/kingsoft-avteam/aws-sdk-go/service/s3" "github.com/stretchr/testify/assert" "net/http" ) var bucket = string("aa-go-sdk") var key = string("中文/test.go") var key_encode = string("%E4%B8%AD%E6%96%87/test.go") var key_copy = string("中文/test.go.copy") var content = string("content") var cre = credentials.NewStaticCredentials("lMQTr0hNlMpB0iOk/i+x", "D4CsYLs75JcWEjbiI22zR3P7kJ/+5B1qdEje7A7I", "") var svc = s3.New(&aws.Config{ Region: "HANGZHOU", Credentials: cre, Endpoint: "kssws.ks-cdn.com", DisableSSL: true, LogLevel: 1, S3ForcePathStyle: false, LogHTTPBody: true, }) func TestCreateBucket(t *testing.T) { _, err := svc.CreateBucket(&s3.CreateBucketInput{ ACL: aws.String("public-read"), Bucket: aws.String(bucket), })
func init() { // mock region and credentials aws.DefaultConfig.Credentials = credentials.NewStaticCredentials("AKID", "SECRET", "SESSION") aws.DefaultConfig.Region = "mock-region" }