[OBS] Fix incorrect signature calculation (#79)

outcatcher · web-flow · commit 841d4a7b3bd2 · 2021-01-26T14:20:16.000Z
[OBS] Fix incorrect signature calculation Partly revert #70: headers have to be stored lower case. Fix #78 Reviewed-by: Anton Sidelnikov <None> Reviewed-by: None <None> Reviewed-by: Rodion Gyrbu <fpsoff@outlook.com>
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -0,0 +1,6 @@
+issues:
+  exclude-rules:
+    # Exclude some staticcheck messages
+    - linters:
+        - staticcheck
+      text: "SA1008:"
diff --git a/acceptance/clients/clients.go b/acceptance/clients/clients.go
@@ -9,6 +9,8 @@ import (
 
 	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/identity/v3/credentials"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/obs"
 )
 
 const envPrefix = "OS_"
@@ -221,6 +223,26 @@ func NewObjectStorageV1Client() (*golangsdk.ServiceClient, error) {
 	})
 }
 
+func NewOBSClient() (*obs.ObsClient, error) {
+	cc, err := CloudAndClient()
+	if err != nil {
+		return nil, err
+	}
+
+	if err := setupTemporaryAKSK(cc); err != nil {
+		return nil, fmt.Errorf("failed to construct OBS client without AK/SK: %s", err)
+	}
+
+	client, err := openstack.NewOBSService(cc.ProviderClient, golangsdk.EndpointOpts{
+		Region: cc.RegionName,
+	})
+	if err != nil {
+		return nil, err
+	}
+	opts := cc.AKSKAuthOptions
+	return obs.New(opts.AccessKey, opts.SecretKey, client.Endpoint, obs.WithSecurityToken(opts.SecurityToken))
+}
+
 // NewSharedFileSystemV2Client returns a *ServiceClient for making calls
 // to the OpenStack Shared File System v2 API. An error will be returned
 // if authentication or client creation was not possible.
@@ -357,3 +379,26 @@ func CloudAndClient() (*cc, error) {
 	}
 	return &cc{cloud, client}, nil
 }
+
+func setupTemporaryAKSK(config *cc) error {
+	if config.AKSKAuthOptions.AccessKey != "" {
+		return nil
+	}
+
+	client, err := NewIdentityV3Client()
+	if err != nil {
+		return fmt.Errorf("error creating identity v3 domain client: %s", err)
+	}
+	credential, err := credentials.CreateTemporary(client, credentials.CreateTemporaryOpts{
+		Methods: []string{"token"},
+		Token:   client.Token(),
+	}).Extract()
+	if err != nil {
+		return fmt.Errorf("error creating temporary AK/SK: %s", err)
+	}
+
+	config.AKSKAuthOptions.AccessKey = credential.AccessKey
+	config.AKSKAuthOptions.SecretKey = credential.SecretKey
+	config.AKSKAuthOptions.SecurityToken = credential.SecurityToken
+	return nil
+}
diff --git a/acceptance/openstack/obs/v1/obs_test.go b/acceptance/openstack/obs/v1/obs_test.go
@@ -0,0 +1,65 @@
+package v1
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/obs"
+	th "github.com/opentelekomcloud/gophertelekomcloud/testhelper"
+)
+
+func TestObsBucketLifecycle(t *testing.T) {
+	client, err := clients.NewOBSClient()
+	th.AssertNoErr(t, err)
+
+	bucketName := strings.ToLower(tools.RandomString("obs-sdk-test", 5))
+
+	createOpts := &obs.CreateBucketInput{
+		Bucket: bucketName,
+	}
+
+	_, err = client.CreateBucket(createOpts)
+	th.AssertNoErr(t, err)
+
+	_, err = client.DeleteBucket(bucketName)
+	th.AssertNoErr(t, err)
+}
+
+func TestObsObjectLifecycle(t *testing.T) {
+	client, err := clients.NewOBSClient()
+	th.AssertNoErr(t, err)
+
+	bucketName := strings.ToLower(tools.RandomString("obs-sdk-test", 5))
+
+	createOpts := &obs.CreateBucketInput{
+		Bucket: bucketName,
+	}
+
+	_, err = client.CreateBucket(createOpts)
+	th.AssertNoErr(t, err)
+
+	defer func() {
+		_, err = client.DeleteBucket(bucketName)
+		th.AssertNoErr(t, err)
+	}()
+
+	objectName := tools.RandomString("test-obs-", 5)
+
+	objectOpts := &obs.PutObjectInput{
+		PutObjectBasicInput: obs.PutObjectBasicInput{
+			ObjectOperationInput: obs.ObjectOperationInput{
+				Bucket: bucketName,
+				Key:    objectName,
+			},
+		},
+	}
+	_, err = client.PutObject(objectOpts)
+	th.AssertNoErr(t, err)
+
+	_, err = client.DeleteObject(&obs.DeleteObjectInput{
+		Bucket: bucketName,
+		Key:    objectName,
+	})
+}
diff --git a/auth_aksk_options.go b/auth_aksk_options.go
@@ -27,8 +27,9 @@ type AKSKAuthOptions struct {
 	BssDomain   string
 	BssDomainID string
 
-	AccessKey string // Access Key
-	SecretKey string // Secret key
+	AccessKey     string // Access Key
+	SecretKey     string // Secret key
+	SecurityToken string // Security token (part of temporary AK/SK)
 
 	// AgencyName is the name of agency
 	AgencyName string
diff --git a/openstack/obs/const.go b/openstack/obs/const.go
