Add support for content_type, headers + md5_digest

This commit is contained in:
Matt Morrison 2016-09-05 07:58:12 +12:00
parent 6f833cd3d7
commit e6c11a53dd
2 changed files with 242 additions and 37 deletions

View File

@ -10,16 +10,18 @@ import (
"encoding/base64"
"encoding/pem"
"fmt"
"github.com/hashicorp/terraform/helper/pathorcontents"
"github.com/hashicorp/terraform/helper/schema"
"golang.org/x/oauth2/google"
"golang.org/x/oauth2/jwt"
"log"
"net/url"
"os"
"strconv"
"strings"
"time"
"github.com/hashicorp/terraform/helper/pathorcontents"
"github.com/hashicorp/terraform/helper/schema"
"golang.org/x/oauth2/google"
"golang.org/x/oauth2/jwt"
"sort"
)
const gcsBaseUrl = "https://storage.googleapis.com"
@ -34,12 +36,11 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
Type: schema.TypeString,
Required: true,
},
//TODO: implement support
//"content_type": &schema.Schema{
// Type: schema.TypeString,
// Optional: true,
// Default: "",
//},
"content_type": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
},
"credentials": &schema.Schema{
Type: schema.TypeString,
Optional: true,
@ -54,17 +55,16 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
Optional: true,
Default: "GET",
},
//TODO: implement support
//"http_headers": &schema.Schema{
// Type: schema.TypeList,
// Optional: true,
//},
//TODO: implement support
//"md5_digest": &schema.Schema{
// Type: schema.TypeString,
// Optional: true,
// Default: "",
//},
"http_headers": &schema.Schema{
Type: schema.TypeMap,
Optional: true,
Elem: schema.TypeString,
},
"md5_digest": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
},
"path": &schema.Schema{
Type: schema.TypeString,
Required: true,
@ -80,7 +80,6 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Build UrlData object from data source attributes
urlData := &UrlData{}
@ -103,6 +102,25 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
expires := time.Now().Unix() + int64(duration.Seconds())
urlData.Expires = int(expires)
if v, ok := d.GetOk("content_type"); ok {
urlData.ContentType = v.(string)
}
if v, ok := d.GetOk("http_headers"); ok {
hdrMap := v.(map[string]interface{})
if len(hdrMap) > 0 {
urlData.HttpHeaders = make(map[string]string, len(hdrMap))
for k, v := range hdrMap {
urlData.HttpHeaders[k] = v.(string)
}
}
}
if v, ok := d.GetOk("md5_digest"); ok {
urlData.Md5Digest = v.(string)
}
// object path
path := []string{
"",
@ -112,7 +130,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
objectPath := strings.Join(path, "/")
urlData.Path = objectPath
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Load JWT Config from Google Credentials
jwtConfig, err := loadJwtConfig(d, config)
if err != nil {
@ -120,7 +137,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
}
urlData.JwtConfig = jwtConfig
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Sign url object data
signature, err := SignString(urlData.CreateSigningString(), jwtConfig)
if err != nil {
@ -128,7 +144,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
}
urlData.Signature = signature
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Construct URL
finalUrl := urlData.BuildUrl()
d.SetId(urlData.EncodedSignature())
@ -204,11 +219,14 @@ func parsePrivateKey(key []byte) (*rsa.PrivateKey, error) {
}
type UrlData struct {
JwtConfig *jwt.Config
HttpMethod string
Expires int
Path string
Signature []byte
JwtConfig *jwt.Config
ContentType string
HttpMethod string
Expires int
Md5Digest string
HttpHeaders map[string]string
Path string
Signature []byte
}
// Creates a string in the form ready for signing:
@ -229,11 +247,11 @@ func (u *UrlData) CreateSigningString() []byte {
buf.WriteString("\n")
// MD5 digest (optional)
// TODO
buf.WriteString(u.Md5Digest)
buf.WriteString("\n")
// request content-type (optional)
// TODO
buf.WriteString(u.ContentType)
buf.WriteString("\n")
// signed url expiration
@ -241,11 +259,23 @@ func (u *UrlData) CreateSigningString() []byte {
buf.WriteString("\n")
// additional request headers (optional)
// TODO
// Must be sorted in lexigraphical order
var keys []string
for k := range u.HttpHeaders {
keys = append(keys, strings.ToLower(k))
}
sort.Strings(keys)
// To perform the opertion you want
for _, k := range keys {
buf.WriteString(fmt.Sprintf("%s:%s\n", k, u.HttpHeaders[k]))
}
// object path
buf.WriteString(u.Path)
fmt.Printf("SIGNING STRING: \n%s\n", buf.String())
return buf.Bytes()
}

View File

@ -12,7 +12,9 @@ import (
"github.com/hashicorp/terraform/terraform"
"golang.org/x/oauth2/google"
"io/ioutil"
"net/http"
"net/url"
"strings"
)
const fakeCredentials = `{
@ -130,13 +132,92 @@ func TestDatasourceSignedUrl_accTest(t *testing.T) {
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl(bucketName),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url"),
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url", nil),
),
},
},
})
}
func TestDatasourceSignedUrl_wHeaders(t *testing.T) {
headers := map[string]string{
"x-goog-test": "foo",
}
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wHeader(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_headers", headers),
),
},
},
})
}
func TestDatasourceSignedUrl_wContentType(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wContentType(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_content_type", nil),
),
},
},
})
}
func TestDatasourceSignedUrl_wMD5(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wMD5(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_md5", nil),
),
},
},
})
}
// formatRequest generates ascii representation of a request
func formatRequest(r *http.Request) string {
// Create return string
var request []string
request = append(request, "--------")
// Add the request string
url := fmt.Sprintf("%v %v %v", r.Method, r.URL, r.Proto)
request = append(request, url)
// Add the host
request = append(request, fmt.Sprintf("Host: %v", r.Host))
// Loop through headers
for name, headers := range r.Header {
//name = strings.ToLower(name)
for _, h := range headers {
request = append(request, fmt.Sprintf("%v: %v", name, h))
}
}
// If this is a POST, add post data
if r.Method == "POST" {
r.ParseForm()
request = append(request, "\n")
request = append(request, r.Form.Encode())
}
request = append(request, "--------")
// Return the request as a string
return strings.Join(request, "\n")
}
func testAccGoogleSignedUrlExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error {
@ -151,9 +232,12 @@ func testAccGoogleSignedUrlExists(n string) resource.TestCheckFunc {
}
}
func testAccGoogleSignedUrlRetrieval(n string) resource.TestCheckFunc {
func testAccGoogleSignedUrlRetrieval(n string, headers map[string]string) resource.TestCheckFunc {
return func(s *terraform.State) error {
r := s.RootModule().Resources[n]
if r == nil {
return fmt.Errorf("Datasource not found")
}
a := r.Primary.Attributes
if a["signed_url"] == "" {
@ -161,10 +245,38 @@ func testAccGoogleSignedUrlRetrieval(n string) resource.TestCheckFunc {
}
url := a["signed_url"]
fmt.Printf("URL: %s\n", url)
method := a["http_method"]
req, _ := http.NewRequest(method, url, nil)
// Apply custom headers to request
for k, v := range headers {
fmt.Printf("Adding Header (%s: %s)\n", k, v)
req.Header.Set(k, v)
}
contentType := a["content_type"]
if contentType != "" {
fmt.Printf("Adding Content-Type: %s\n", contentType)
req.Header.Add("Content-Type", contentType)
}
md5Digest := a["md5_digest"]
if md5Digest != "" {
fmt.Printf("Adding Content-MD5: %s\n", md5Digest)
req.Header.Add("Content-MD5", md5Digest)
}
// send request to GET object using signed url
client := cleanhttp.DefaultClient()
response, err := client.Get(url)
// Print request
//dump, _ := httputil.DumpRequest(req, true)
//fmt.Printf("%+q\n", strings.Replace(string(dump), "\\n", "\n", 99))
fmt.Printf("%s\n", formatRequest(req))
response, err := client.Do(req)
if err != nil {
return err
}
@ -206,6 +318,69 @@ data "google_storage_object_signed_url" "story_url" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
}`, bucketName)
}
`, bucketName)
func testAccTestGoogleStorageObjectSingedUrl_wHeader() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_headers" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
http_headers {
x-goog-test = "foo"
}
}`, acctest.RandString(6))
}
func testAccTestGoogleStorageObjectSingedUrl_wContentType() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_content_type" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
content_type = "text/plain"
}`, acctest.RandString(6))
}
func testAccTestGoogleStorageObjectSingedUrl_wMD5() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_md5" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
md5_digest = "${google_storage_bucket_object.story.md5hash}"
}`, acctest.RandString(6))
}