AWS S3 Authentication and Fuzzing for Ceph RGW #962
Conversation
|
Suyashd999
changed the title
|
@marina-p could please have another look at the PR? |
| auth_module = Settings().authentication['module'] | ||
| signing_function = auth_module.get('function', 'sign_request') | ||
| signing_module = __import__(auth_module['name'], fromlist=[signing_function]) | ||
| sign_request = getattr(signing_module, signing_function) |
There was a problem hiding this comment.
Could you please use the helper import_attr in import_utilities.py?
restler/utils/aws_sigv4_auth.py
Outdated
| import boto3 | ||
| from botocore.auth import SigV4Auth | ||
| from botocore.awsrequest import AWSRequest | ||
| from botocore.credentials import Credentials |
There was a problem hiding this comment.
This module needs to be part of your own team's deployment - RESTler does not maintain authentication for specific services in the code base.
There was a problem hiding this comment.
maybe this could be added under an "examples" directory, to give users an idea of how to configure a signer?
There was a problem hiding this comment.
Ideally such samples would be working samples with their own set of dependencies that could be installed, tested etc. Since we don't have such samples today, could you please open an issue and attach this there to track adding such examples, but keep it separate from this PR so as not to block the PR?
|
|
||
| # Add request signing if enabled in authentication settings | ||
| if Settings().authentication and Settings().authentication.get('module', {}).get('signing'): | ||
| try: |
There was a problem hiding this comment.
Sorry to be catching this at PR time - could you please make this consistent with the other authentication dictionary structure, so "authentication": { "signing": {"module": {"file"/"function"/...}}}. See SettingsFile.md for the structure. #Resolved
| message = _append_to_header(message, f"x-restler-sequence-id: {sequence_id}") | ||
|
|
||
| # Add request signing if enabled in authentication settings | ||
| if Settings().authentication and Settings().authentication.get('module', {}).get('signing'): |
|
Ideally, some tests should be added for this using the unit test server. This can be done in a future PR if you've already validated these changes - could you please open an issue to track this? In reply to: 3395031310 |
this configuration and signing mechanism is tested against our server. if we want to add a dedicated test to restler we probably dont want to test against a full S3 gateway.
|
|
hey @marina-p, can you review the PR once again. Thanks! |
|
Done - just one remaining comment RE: restler/utls, everything else looks good! In reply to: 3408292266 |
Hi @marina-p! I have made that change as well. Please do check once ! Thankyou !! |
|
@marina-p anything else that needs to be done so before this is merged? |
|
Hi @yuvalif, the code looks good. The contributor license agreement check needs to pass for it to be merged. @Suyashd999, is it possible for you to sign per the required steps? |
|
See the 'Contributing' section in the README for instructions. |
|
@microsoft-github-policy-service agree |
…iguration structure - Import and use import_attr helper from utils.import_utilities for cleaner module loading - Update AWS SigV4 authentication module comments to reflect new config structure - Document request signing authentication in Authentication.md and SettingsFile.md
3 participants
Summary
This pull request adds support for AWS Signature Version 4 (SigV4) authentication in RESTler, enabling fuzzing of AWS S3-compatible endpoints that require AWS request signing.
Details
aws_sigv4_auth.py(originally located inrestler/utils) to demonstrate how RESTler can sign requests using AWS S3 credentials (AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY), leveragingboto3andbotocore.restler/utilsto avoid including service-specific logic in the RESTler core codebase.Usage
aws_sigv4_auth.pyexample in Issue #987.pip install boto3 botocoreRelated