Skip to content

Block NSS creation when SignatureVersion v4 and endpoint non-secure#1580

Merged
naveenpaul1 merged 1 commit intonoobaa:masterfrom
naveenpaul1:s3compat_nss_sigVer
Apr 21, 2025
Merged

Block NSS creation when SignatureVersion v4 and endpoint non-secure#1580
naveenpaul1 merged 1 commit intonoobaa:masterfrom
naveenpaul1:s3compat_nss_sigVer

Conversation

@naveenpaul1
Copy link
Contributor

@naveenpaul1 naveenpaul1 commented Apr 7, 2025
edited
Loading

Explain the changes

  1. Block NSS creation when SignatureVersion v4 and endpoint non-secure and return with error.
  2. Setting signature version v2 for non-secure endpoint to avoid body content sign in. With secure request body sigin is disabled by default.

No change for Backingstore since uploadPart upload(Non-file stream) is not supported by backingstore.

Issues: Fixed #xxx / Gap #xxx

  1. https://issues.redhat.com/browse/DFBUGS-1035
    NSS is in rejected state because the endpoint provided is non-secure and CLI is adding signature version to the endpoint request when try to access data this is creating issue in aws-sdk

related Github issue: aws/aws-sdk-js#965

Testing Instructions:

  1. go test ./pkg/cli/
  • Doc added/updated
  • Tests added

@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from fe44d40 to 180b606 Compare April 7, 2025 09:57
liranmauda
liranmauda reviewed Apr 7, 2025
View reviewed changes
@naveenpaul1 naveenpaul1 marked this pull request as ready for review April 7, 2025 11:58
@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from 180b606 to bfc2d55 Compare April 11, 2025 05:37
@naveenpaul1 naveenpaul1 changed the title Set empty string to SignatureVersion if endpoint is HTTP Block NSS creation when SignatureVersion v4 and endpoint non-secure Apr 11, 2025
jackyalbo
jackyalbo reviewed Apr 16, 2025
View reviewed changes
@shirady
Copy link
Contributor

shirady commented Apr 20, 2025

@naveenpaul1 - I think the same code change can also be added in the backingstore CLI (it has similar options like namespacestore CLI in some of the cases), WDYT?

@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from bfc2d55 to b1c62e8 Compare April 21, 2025 09:31
@pull-request-size pull-request-size bot added size/L and removed size/S labels Apr 21, 2025
@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from b1c62e8 to 744cfba Compare April 21, 2025 09:53
@naveenpaul1 naveenpaul1 requested a review from jackyalbo April 21, 2025 10:08
@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from 744cfba to c9fccf8 Compare April 21, 2025 11:04
jackyalbo
jackyalbo reviewed Apr 21, 2025
View reviewed changes
@naveenpaul1
Set empty string to SignatureVersion if enpoint is HTTP
eb4362b 
Signed-off-by: naveenpaul1 <napaul@redhat.com>
@naveenpaul1 naveenpaul1 force-pushed the s3compat_nss_sigVer branch from c9fccf8 to eb4362b Compare April 21, 2025 12:21
@naveenpaul1 naveenpaul1 requested a review from jackyalbo April 21, 2025 13:34
@naveenpaul1 naveenpaul1 merged commit 28ca6b5 into noobaa:master Apr 21, 2025
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackyalbo jackyalbo jackyalbo approved these changes

@tangledbytes tangledbytes Awaiting requested review from tangledbytes

@romayalon romayalon Awaiting requested review from romayalon

@liranmauda liranmauda Awaiting requested review from liranmauda

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@naveenpaul1 @shirady @jackyalbo @liranmauda