api: Add NewWithCredentials()

Fixes #643

Author: harshavardhana

api-presigned.go

@@ -122,21 +122,40 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str
 		return nil, nil, err
 	}
 
+	// Get credentials from the configured credentials provider.
+	credValues, err := c.credsProvider.Get()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	signerType := c.signature
+	// Check if the signature type is default, it means caller didn't
+	// ask for anything specific signature style.. Check if the
+	// credentials set returned the type of signature that should
+	// be used, if not proceed to use default.
+	if signerType == SignatureDefault && credValues.SignatureType != "" {
+		signerType = parseSignatureType(credValues.SignatureType)
+	}
+
+	sessionToken := credValues.SessionToken
+	accessKeyID := credValues.AccessKeyID
+	secretAccessKey := credValues.SecretAccessKey
+
 	// Keep time.
 	t := time.Now().UTC()
 	// For signature version '2' handle here.
-	if c.signature.isV2() {
+	if signerType.isV2() {
 		policyBase64 := p.base64()
 		p.formData["policy"] = policyBase64
 		// For Google endpoint set this value to be 'GoogleAccessId'.
 		if s3utils.IsGoogleEndpoint(c.endpointURL) {
-			p.formData["GoogleAccessId"] = c.accessKeyID
+			p.formData["GoogleAccessId"] = accessKeyID
 		} else {
 			// For all other endpoints set this value to be 'AWSAccessKeyId'.
-			p.formData["AWSAccessKeyId"] = c.accessKeyID
+			p.formData["AWSAccessKeyId"] = accessKeyID
 		}
 		// Sign the policy.
-		p.formData["signature"] = s3signer.PostPresignSignatureV2(policyBase64, c.secretAccessKey)
+		p.formData["signature"] = s3signer.PostPresignSignatureV2(policyBase64, secretAccessKey)
 		return u, p.formData, nil
 	}
 
@@ -159,7 +178,7 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str
 	}
 
 	// Add a credential policy.
-	credential := s3signer.GetCredential(c.accessKeyID, location, t)
+	credential := s3signer.GetCredential(accessKeyID, location, t)
 	if err = p.addNewPolicy(policyCondition{
 		matchType: "eq",
 		condition: "$x-amz-credential",
@@ -168,13 +187,27 @@ func (c Client) PresignedPostPolicy(p *PostPolicy) (u *url.URL, formData map[str
 		return nil, nil, err
 	}
 
+	if sessionToken != "" {
+		if err = p.addNewPolicy(policyCondition{
+			matchType: "eq",
+			condition: "$x-amz-security-token",
+			value:     sessionToken,
+		}); err != nil {
+			return nil, nil, err
+		}
+	}
+
 	// Get base64 encoded policy.
 	policyBase64 := p.base64()
+
 	// Fill in the form data.
 	p.formData["policy"] = policyBase64
 	p.formData["x-amz-algorithm"] = signV4Algorithm
 	p.formData["x-amz-credential"] = credential
 	p.formData["x-amz-date"] = t.Format(iso8601DateFormat)
-	p.formData["x-amz-signature"] = s3signer.PostPresignSignatureV4(policyBase64, t, c.secretAccessKey, location)
+	if sessionToken != "" {
+		p.formData["x-amz-security-token"] = sessionToken
+	}
+	p.formData["x-amz-signature"] = s3signer.PostPresignSignatureV4(policyBase64, t, secretAccessKey, location)
 	return u, p.formData, nil
 }

api-put-bucket.go

@@ -28,6 +28,7 @@ import (
 	"net/url"
 	"path"
 
+	"github.com/minio/minio-go/pkg/credentials"
 	"github.com/minio/minio-go/pkg/policy"
 	"github.com/minio/minio-go/pkg/s3signer"
 )
@@ -135,9 +136,39 @@ func (c Client) makeBucketRequest(bucketName string, location string) (*http.Req
 	// set UserAgent for the request.
 	c.setUserAgent(req)
 
-	// set sha256 sum for signature calculation only with
-	// signature version '4'.
-	if c.signature.isV4() {
+	var (
+		signerType      = c.signature
+		accessKeyID     string
+		secretAccessKey string
+		sessionToken    string
+	)
+
+	var value credentials.Value
+	if c.credsProvider != nil {
+		// Get credentials from the configured credentials provider.
+		value, err = c.credsProvider.Get()
+		if err != nil {
+			return nil, err
+		}
+
+		// Check if the signature type is default, it means caller didn't
+		// ask for anything specific signature style.. Check if the
+		// credentials set returned the type of signature that should
+		// be used, if not proceed to use default.
+		if signerType == SignatureDefault && value.SignatureType != "" {
+			signerType = parseSignatureType(value.SignatureType)
+		}
+
+		accessKeyID = value.AccessKeyID
+		secretAccessKey = value.SecretAccessKey
+		sessionToken = value.SessionToken
+	} else {
+		// No credentials provider set, will be treated as anonymous request.
+		signerType = SignatureAnonymous
+	}
+
+	// set sha256 sum for signature calculation only with signature version '4'.
+	if signerType.isV4() {
 		req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{})))
 	}
 
@@ -155,19 +186,19 @@ func (c Client) makeBucketRequest(bucketName string, location string) (*http.Req
 		req.ContentLength = int64(len(createBucketConfigBytes))
 		// Set content-md5.
 		req.Header.Set("Content-Md5", base64.StdEncoding.EncodeToString(sumMD5(createBucketConfigBytes)))
-		if c.signature.isV4() {
+		if signerType.isV4() {
 			// Set sha256.
 			req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256(createBucketConfigBytes)))
 		}
 	}
 
 	// Sign the request.
-	if c.signature.isV4() {
+	if signerType.isV4() {
 		// Signature calculated for MakeBucket request should be for 'us-east-1',
 		// regardless of the bucket's location constraint.
-		req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1")
-	} else if c.signature.isV2() {
-		req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey)
+		req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1")
+	} else if signerType.isV2() {
+		req = s3signer.SignV2(*req, accessKeyID, secretAccessKey)
 	}
 
 	// Return signed request.

api-put-bucket_test.go

@@ -27,6 +27,7 @@ import (
 	"path"
 	"testing"
 
+	"github.com/minio/minio-go/pkg/credentials"
 	"github.com/minio/minio-go/pkg/s3signer"
 )
 
@@ -48,8 +49,39 @@ func TestMakeBucketRequest(t *testing.T) {
 		// set UserAgent for the request.
 		c.setUserAgent(req)
 
+		var (
+			signerType      = c.signature
+			accessKeyID     string
+			secretAccessKey string
+			sessionToken    string
+		)
+
+		var value credentials.Value
+		if c.credsProvider != nil {
+			// Get credentials from the configured credentials provider.
+			value, err = c.credsProvider.Get()
+			if err != nil {
+				return nil, err
+			}
+
+			// Check if the signature type is default, it means caller didn't
+			// ask for anything specific signature style.. Check if the
+			// credentials set returned the type of signature that should
+			// be used, if not proceed to use default.
+			if signerType == SignatureDefault && value.SignatureType != "" {
+				signerType = parseSignatureType(value.SignatureType)
+			}
+
+			accessKeyID = value.AccessKeyID
+			secretAccessKey = value.SecretAccessKey
+			sessionToken = value.SessionToken
+		} else {
+			// No credentials provider set, will be treated as anonymous request.
+			signerType = SignatureAnonymous
+		}
+
 		// set sha256 sum for signature calculation only with signature version '4'.
-		if c.signature.isV4() {
+		if signerType.isV4() {
 			req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256([]byte{})))
 		}
 
@@ -67,19 +99,19 @@ func TestMakeBucketRequest(t *testing.T) {
 			req.ContentLength = int64(len(createBucketConfigBytes))
 			// Set content-md5.
 			req.Header.Set("Content-Md5", base64.StdEncoding.EncodeToString(sumMD5(createBucketConfigBytes)))
-			if c.signature.isV4() {
+			if signerType.isV4() {
 				// Set sha256.
 				req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum256(createBucketConfigBytes)))
 			}
 		}
 
 		// Sign the request.
-		if c.signature.isV4() {
+		if signerType.isV4() {
 			// Signature calculated for MakeBucket request should be for 'us-east-1',
 			// regardless of the bucket's location constraint.
-			req = s3signer.SignV4(*req, c.accessKeyID, c.secretAccessKey, "us-east-1")
+			req = s3signer.SignV4(*req, accessKeyID, secretAccessKey, sessionToken, "us-east-1")
 		} else if c.signature.isV2() {
-			req = s3signer.SignV2(*req, c.accessKeyID, c.secretAccessKey)
+			req = s3signer.SignV2(*req, accessKeyID, secretAccessKey)
 		}
 
 		// Return signed request.
@@ -246,7 +278,7 @@ func TestMakeBucketRequest(t *testing.T) {
 			}
 
 			if expectedReq.Header.Get("X-Amz-Content-Sha256") != actualReq.Header.Get("X-Amz-Content-Sha256") {
-				t.Errorf("Test %d: 'X-Amz-Content-Sha256' header of the expected request doesn't match with that of the actual request", i+1)
+				t.Errorf("Test %d: 'X-Amz-Content-Sha256' header of the expected request %s doesn't match with that of the actual request %s", i+1, expectedReq.Header.Get("X-Amz-Content-Sha256"), actualReq.Header.Get("X-Amz-Content-Sha256"))
 			}
 			if expectedReq.Header.Get("User-Agent") != actualReq.Header.Get("User-Agent") {
 				t.Errorf("Test %d: Expected 'User-Agent' header to be \"%s\",but found \"%s\" instead", i+1, expectedReq.Header.Get("User-Agent"), actualReq.Header.Get("User-Agent"))

api-put-object-progress.go

@@ -103,6 +103,7 @@ func (c Client) PutObjectWithMetadata(bucketName, objectName string, reader io.R
 	if size < minPartSize && size >= 0 {
 		return c.putObjectSingle(bucketName, objectName, reader, size, metaData, progress)
 	}
+
 	// For all sizes greater than 5MiB do multipart.
 	n, err = c.putObjectMultipart(bucketName, objectName, reader, size, metaData, progress)
 	if err != nil {