[jira] [Commented] (JCLOUDS-1516) First putblob should be signed with specific region rather than with default region during createcontainer API
[ https://issues.apache.org/jira/browse/JCLOUDS-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17378380#comment-17378380 ] ASF subversion and git services commented on JCLOUDS-1516: -- Commit 779bc2db19dd36f40cb5668c2c41620f0e74b8c4 in jclouds's branch refs/heads/master from didixith [ https://gitbox.apache.org/repos/asf?p=jclouds.git;h=779bc2d ] JCLOUDS-1516: specify host name when creating bucket > First putblob should be signed with specific region rather than with default > region during createcontainer API > --- > > Key: JCLOUDS-1516 > URL: https://issues.apache.org/jira/browse/JCLOUDS-1516 > Project: jclouds > Issue Type: New Feature > Components: jclouds-blobstore >Affects Versions: 2.1.2 > Environment: Linux >Reporter: Dileep Dixith >Priority: Major > Original Estimate: 24h > Remaining Estimate: 24h > > When container in non default region exists, only first time put operation > will be applied to find out whether bucket exists and have proper access or > not. Aws sigv4 signature will be created based on the default region only as > create bucket method was not honoring the region specified. > So, Put request was first signed with default region and if the user does not > have access to default(us-east-1) region,. Then it will be re-directed to > sa-east-1 region, but the request is signed with us-east-1, the request is > rejected and throws "The authorization header is malformed". > Flow in case of user has access to default region: > 17:22:24.460 [bscThread-02] DEBUG o.j.rest.internal.InvokeHttpMethod - >> > invoking CreateBucket > 17:22:24.460 [bscThread-02] DEBUG o.j.rest.internal.InvokeHttpMethod - >> > invoking CreateBucket > 17:22:24.461 [bscThread-02] DEBUG jclouds.signature - << PUT > / > content-length:105 > content-type:text/xml > host:test3.s3.amazonaws.com > x-amz-content-sha256:f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > x-amz-date:20190818T115218Z > content-length;content-type;host;x-amz-content-sha256;x-amz-date > f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > 17:22:24.461 [bscThread-02] DEBUG jclouds.signature - << AWS4-HMAC-SHA256 > 20190818T115218Z > 20190818/us-east-1/s3/aws4_request > 089a5248f5eff6e8b6378154acdf07bff7d208029c98c67af44c99b4a8f2df39 > 17:22:24.463 [bscThread-02] DEBUG o.j.h.i.JavaUrlHttpCommandExecutorService - > Sending request -1533211628: PUT https://test3.s3.amazonaws.com/ HTTP/1.1 > 17:22:24.463 [bscThread-02] DEBUG jclouds.wire - >> > "sa-east-1" > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> PUT > https://test3.s3.amazonaws.com/ HTTP/1.1 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Type: text/xml > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Length: 105 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Host: > test3.s3.amazonaws.com > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> x-amz-content-sha256: > f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> X-Amz-Date: > 20190818T115218Z > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Authorization: > AWS4-HMAC-SHA256 > Credential=AKIAIGKQ7V52FQQJFYJQ/20190818/us-east-1/s3/aws4_request, > SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, > Signature=637d42fbf6684430ab0f08fd82cbae69f3261859e0031ad40054bccb829473da > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Type: text/xml > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Length: 105 > 17:22:25.671 [bscThread-02] DEBUG o.j.h.i.JavaUrlHttpCommandExecutorService - > Receiving response -1533211628: HTTP/1.1 409 Conflict > 17:22:25.671 [bscThread-02] DEBUG jclouds.headers - << HTTP/1.1 409 Conflict > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << Transfer-Encoding: > chunked > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << Server: AmazonS3 > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << x-amz-request-id: > 09E5163C51F25F34 > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << x-amz-id-2: > WuN84GYMs47Nn6+48XYDpLZNvp0NPszokKyhxlzZk+ub8RhjbLpkfEI8E2tKWVCFKtJiXrhdpkc= > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << Date: Sun, 18 Aug 2019 > 11:52:11 GMT > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << x-amz-bucket-region: > sa-east-1 > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << Content-Type: > application/xml > 17:22:25.673 [bscThread-02] DEBUG jclouds.wire - << " encoding="UTF-8"?>[\n]" > 17:22:25.673 [bscThread-02] DEBUG jclouds.wire - << > "BucketAlreadyOwnedByYouYour previous request to > create the named bucket succeeded and
[jira] [Commented] (JCLOUDS-1516) First putblob should be signed with specific region rather than with default region during createcontainer API
[ https://issues.apache.org/jira/browse/JCLOUDS-1516?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16947559#comment-16947559 ] Dileep Dixith commented on JCLOUDS-1516: https://github.com/apache/jclouds/pull/47/files > First putblob should be signed with specific region rather than with default > region during createcontainer API > --- > > Key: JCLOUDS-1516 > URL: https://issues.apache.org/jira/browse/JCLOUDS-1516 > Project: jclouds > Issue Type: New Feature > Components: jclouds-blobstore >Affects Versions: 2.1.2 > Environment: Linux >Reporter: Dileep Dixith >Priority: Major > Fix For: 2.2.0 > > Original Estimate: 24h > Remaining Estimate: 24h > > When container in non default region exists, only first time put operation > will be applied to find out whether bucket exists and have proper access or > not. Aws sigv4 signature will be created based on the default region only as > create bucket method was not honoring the region specified. > So, Put request was first signed with default region and if the user does not > have access to default(us-east-1) region,. Then it will be re-directed to > sa-east-1 region, but the request is signed with us-east-1, the request is > rejected and throws "The authorization header is malformed". > Flow in case of user has access to default region: > 17:22:24.460 [bscThread-02] DEBUG o.j.rest.internal.InvokeHttpMethod - >> > invoking CreateBucket > 17:22:24.460 [bscThread-02] DEBUG o.j.rest.internal.InvokeHttpMethod - >> > invoking CreateBucket > 17:22:24.461 [bscThread-02] DEBUG jclouds.signature - << PUT > / > content-length:105 > content-type:text/xml > host:test3.s3.amazonaws.com > x-amz-content-sha256:f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > x-amz-date:20190818T115218Z > content-length;content-type;host;x-amz-content-sha256;x-amz-date > f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > 17:22:24.461 [bscThread-02] DEBUG jclouds.signature - << AWS4-HMAC-SHA256 > 20190818T115218Z > 20190818/us-east-1/s3/aws4_request > 089a5248f5eff6e8b6378154acdf07bff7d208029c98c67af44c99b4a8f2df39 > 17:22:24.463 [bscThread-02] DEBUG o.j.h.i.JavaUrlHttpCommandExecutorService - > Sending request -1533211628: PUT https://test3.s3.amazonaws.com/ HTTP/1.1 > 17:22:24.463 [bscThread-02] DEBUG jclouds.wire - >> > "sa-east-1" > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> PUT > https://test3.s3.amazonaws.com/ HTTP/1.1 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Type: text/xml > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Length: 105 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Host: > test3.s3.amazonaws.com > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> x-amz-content-sha256: > f5d7dd57e1e23b516fc3543b9f24fc19a8409557905f48c6f412b3a67946ce96 > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> X-Amz-Date: > 20190818T115218Z > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Authorization: > AWS4-HMAC-SHA256 > Credential=AKIAIGKQ7V52FQQJFYJQ/20190818/us-east-1/s3/aws4_request, > SignedHeaders=content-length;content-type;host;x-amz-content-sha256;x-amz-date, > Signature=637d42fbf6684430ab0f08fd82cbae69f3261859e0031ad40054bccb829473da > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Type: text/xml > 17:22:24.464 [bscThread-02] DEBUG jclouds.headers - >> Content-Length: 105 > 17:22:25.671 [bscThread-02] DEBUG o.j.h.i.JavaUrlHttpCommandExecutorService - > Receiving response -1533211628: HTTP/1.1 409 Conflict > 17:22:25.671 [bscThread-02] DEBUG jclouds.headers - << HTTP/1.1 409 Conflict > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << Transfer-Encoding: > chunked > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << Server: AmazonS3 > 17:22:25.672 [bscThread-02] DEBUG jclouds.headers - << x-amz-request-id: > 09E5163C51F25F34 > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << x-amz-id-2: > WuN84GYMs47Nn6+48XYDpLZNvp0NPszokKyhxlzZk+ub8RhjbLpkfEI8E2tKWVCFKtJiXrhdpkc= > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << Date: Sun, 18 Aug 2019 > 11:52:11 GMT > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << x-amz-bucket-region: > sa-east-1 > 17:22:25.673 [bscThread-02] DEBUG jclouds.headers - << Content-Type: > application/xml > 17:22:25.673 [bscThread-02] DEBUG jclouds.wire - << " encoding="UTF-8"?>[\n]" > 17:22:25.673 [bscThread-02] DEBUG jclouds.wire - << > "BucketAlreadyOwnedByYouYour previous request to > create the named bucket succeeded and you already own > it.test309E5163C51F25F34WuN84GYMs47Nn6+48XYDpLZNvp0NPszokKyhxlzZk+ub8RhjbLpkfEI8E2tKWVCFKtJiXrhdpkc=" > 17:22:25.680 [bscThread-03] DEBUG