[ARVADOS] updated: 2.1.0-114-gc36bac7d8

Git user git at public.arvados.org
Tue Nov 24 15:27:31 UTC 2020 

Summary of changes:
 doc/api/keep-s3.html.textile.liquid | 15 +++++++++++++--
 services/keep-web/s3.go             |  2 +-
 2 files changed, 14 insertions(+), 3 deletions(-)

       via  c36bac7d8ec9f7f579ddfdc06a328fa3668e80a3 (commit)
       via  6ee51615491f0d00e76389b40119fed2329eda7c (commit)
      from  0cfb2b0646ad8129c82883717af7a51d28e6876a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit c36bac7d8ec9f7f579ddfdc06a328fa3668e80a3
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Tue Nov 24 10:26:36 2020 -0500

    17106: Add examples to S3 auth instructions.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/doc/api/keep-s3.html.textile.liquid b/doc/api/keep-s3.html.textile.liquid
index 664dcd317..ad27b221f 100644
--- a/doc/api/keep-s3.html.textile.liquid
+++ b/doc/api/keep-s3.html.textile.liquid
@@ -70,5 +70,16 @@ h3. Authorization mechanisms
 
 Keep-web accepts AWS Signature Version 4 (AWS4-HMAC-SHA256) as well as the older V2 AWS signature.
 
-* If your client uses V4 signatures exclusively, and your Arvados token was issued by the same cluster you are connecting to: use the Arvados token's UUID part as AccessKey, and its secret part as SecretKey. This is preferred, where applicable.
-* In all other cases, replace every "/" in your Arvados token with "_", and use the resulting string as both AccessKey and SecretKey.
+If your client uses V4 signatures exclusively _and_ your Arvados token was issued by the same cluster you are connecting to, you can use the Arvados token's UUID part as your S3 Access Key, and its secret part as your S3 Secret Key. This is preferred, where applicable.
+
+Example using cluster @zzzzz@:
+* Arvados token: @v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@
+* Access Key: @zzzzz-gj3su-yyyyyyyyyyyyyyy@
+* Secret Key: @xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@
+
+In all other cases, replace every @/@ character in your Arvados token with @_@, and use the resulting string as both Access Key and Secret Key.
+
+Example using a cluster other than @zzzzz@ _or_ an S3 client that uses V2 signatures:
+* Arvados token: @v2/zzzzz-gj3su-yyyyyyyyyyyyyyy/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@
+* Access Key: @v2_zzzzz-gj3su-yyyyyyyyyyyyyyy_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@
+* Secret Key: @v2_zzzzz-gj3su-yyyyyyyyyyyyyyy_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@

commit 6ee51615491f0d00e76389b40119fed2329eda7c
Author: Tom Clegg <tom at tomclegg.ca>
Date:   Mon Nov 23 23:45:47 2020 -0500

    17106: Fix key unescape: don't convert + to space.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at tomclegg.ca>

diff --git a/services/keep-web/s3.go b/services/keep-web/s3.go
index 379afe37e..c6bdabf75 100644
--- a/services/keep-web/s3.go
+++ b/services/keep-web/s3.go
@@ -120,7 +120,7 @@ func unescapeKey(key string) string {
 		// avoid colliding with the Authorization header
 		// format.
 		return strings.Replace(key, "_", "/", -1)
-	} else if s, err := url.QueryUnescape(key); err == nil {
+	} else if s, err := url.PathUnescape(key); err == nil {
 		return s
 	} else {
 		return key

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list