Add support for content_type, headers + md5_digest

This commit is contained in:
Matt Morrison 2016-09-05 07:58:12 +12:00
parent 6f833cd3d7
commit e6c11a53dd
2 changed files with 242 additions and 37 deletions

View File

@ -10,16 +10,18 @@ import (
"encoding/base64" "encoding/base64"
"encoding/pem" "encoding/pem"
"fmt" "fmt"
"github.com/hashicorp/terraform/helper/pathorcontents"
"github.com/hashicorp/terraform/helper/schema"
"golang.org/x/oauth2/google"
"golang.org/x/oauth2/jwt"
"log" "log"
"net/url" "net/url"
"os" "os"
"strconv" "strconv"
"strings" "strings"
"time" "time"
"github.com/hashicorp/terraform/helper/pathorcontents"
"github.com/hashicorp/terraform/helper/schema"
"golang.org/x/oauth2/google"
"golang.org/x/oauth2/jwt"
"sort"
) )
const gcsBaseUrl = "https://storage.googleapis.com" const gcsBaseUrl = "https://storage.googleapis.com"
@ -34,12 +36,11 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
Type: schema.TypeString, Type: schema.TypeString,
Required: true, Required: true,
}, },
//TODO: implement support "content_type": &schema.Schema{
//"content_type": &schema.Schema{ Type: schema.TypeString,
// Type: schema.TypeString, Optional: true,
// Optional: true, Default: "",
// Default: "", },
//},
"credentials": &schema.Schema{ "credentials": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Optional: true, Optional: true,
@ -54,17 +55,16 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
Optional: true, Optional: true,
Default: "GET", Default: "GET",
}, },
//TODO: implement support "http_headers": &schema.Schema{
//"http_headers": &schema.Schema{ Type: schema.TypeMap,
// Type: schema.TypeList, Optional: true,
// Optional: true, Elem: schema.TypeString,
//}, },
//TODO: implement support "md5_digest": &schema.Schema{
//"md5_digest": &schema.Schema{ Type: schema.TypeString,
// Type: schema.TypeString, Optional: true,
// Optional: true, Default: "",
// Default: "", },
//},
"path": &schema.Schema{ "path": &schema.Schema{
Type: schema.TypeString, Type: schema.TypeString,
Required: true, Required: true,
@ -80,7 +80,6 @@ func dataSourceGoogleSignedUrl() *schema.Resource {
func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) error { func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config) config := meta.(*Config)
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Build UrlData object from data source attributes // Build UrlData object from data source attributes
urlData := &UrlData{} urlData := &UrlData{}
@ -103,6 +102,25 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
expires := time.Now().Unix() + int64(duration.Seconds()) expires := time.Now().Unix() + int64(duration.Seconds())
urlData.Expires = int(expires) urlData.Expires = int(expires)
if v, ok := d.GetOk("content_type"); ok {
urlData.ContentType = v.(string)
}
if v, ok := d.GetOk("http_headers"); ok {
hdrMap := v.(map[string]interface{})
if len(hdrMap) > 0 {
urlData.HttpHeaders = make(map[string]string, len(hdrMap))
for k, v := range hdrMap {
urlData.HttpHeaders[k] = v.(string)
}
}
}
if v, ok := d.GetOk("md5_digest"); ok {
urlData.Md5Digest = v.(string)
}
// object path // object path
path := []string{ path := []string{
"", "",
@ -112,7 +130,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
objectPath := strings.Join(path, "/") objectPath := strings.Join(path, "/")
urlData.Path = objectPath urlData.Path = objectPath
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Load JWT Config from Google Credentials // Load JWT Config from Google Credentials
jwtConfig, err := loadJwtConfig(d, config) jwtConfig, err := loadJwtConfig(d, config)
if err != nil { if err != nil {
@ -120,7 +137,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
} }
urlData.JwtConfig = jwtConfig urlData.JwtConfig = jwtConfig
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Sign url object data // Sign url object data
signature, err := SignString(urlData.CreateSigningString(), jwtConfig) signature, err := SignString(urlData.CreateSigningString(), jwtConfig)
if err != nil { if err != nil {
@ -128,7 +144,6 @@ func dataSourceGoogleSignedUrlRead(d *schema.ResourceData, meta interface{}) err
} }
urlData.Signature = signature urlData.Signature = signature
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Construct URL // Construct URL
finalUrl := urlData.BuildUrl() finalUrl := urlData.BuildUrl()
d.SetId(urlData.EncodedSignature()) d.SetId(urlData.EncodedSignature())
@ -204,11 +219,14 @@ func parsePrivateKey(key []byte) (*rsa.PrivateKey, error) {
} }
type UrlData struct { type UrlData struct {
JwtConfig *jwt.Config JwtConfig *jwt.Config
HttpMethod string ContentType string
Expires int HttpMethod string
Path string Expires int
Signature []byte Md5Digest string
HttpHeaders map[string]string
Path string
Signature []byte
} }
// Creates a string in the form ready for signing: // Creates a string in the form ready for signing:
@ -229,11 +247,11 @@ func (u *UrlData) CreateSigningString() []byte {
buf.WriteString("\n") buf.WriteString("\n")
// MD5 digest (optional) // MD5 digest (optional)
// TODO buf.WriteString(u.Md5Digest)
buf.WriteString("\n") buf.WriteString("\n")
// request content-type (optional) // request content-type (optional)
// TODO buf.WriteString(u.ContentType)
buf.WriteString("\n") buf.WriteString("\n")
// signed url expiration // signed url expiration
@ -241,11 +259,23 @@ func (u *UrlData) CreateSigningString() []byte {
buf.WriteString("\n") buf.WriteString("\n")
// additional request headers (optional) // additional request headers (optional)
// TODO // Must be sorted in lexigraphical order
var keys []string
for k := range u.HttpHeaders {
keys = append(keys, strings.ToLower(k))
}
sort.Strings(keys)
// To perform the opertion you want
for _, k := range keys {
buf.WriteString(fmt.Sprintf("%s:%s\n", k, u.HttpHeaders[k]))
}
// object path // object path
buf.WriteString(u.Path) buf.WriteString(u.Path)
fmt.Printf("SIGNING STRING: \n%s\n", buf.String())
return buf.Bytes() return buf.Bytes()
} }

View File

@ -12,7 +12,9 @@ import (
"github.com/hashicorp/terraform/terraform" "github.com/hashicorp/terraform/terraform"
"golang.org/x/oauth2/google" "golang.org/x/oauth2/google"
"io/ioutil" "io/ioutil"
"net/http"
"net/url" "net/url"
"strings"
) )
const fakeCredentials = `{ const fakeCredentials = `{
@ -130,13 +132,92 @@ func TestDatasourceSignedUrl_accTest(t *testing.T) {
resource.TestStep{ resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl(bucketName), Config: testAccTestGoogleStorageObjectSingedUrl(bucketName),
Check: resource.ComposeTestCheckFunc( Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url"), testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url", nil),
), ),
}, },
}, },
}) })
} }
func TestDatasourceSignedUrl_wHeaders(t *testing.T) {
headers := map[string]string{
"x-goog-test": "foo",
}
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wHeader(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_headers", headers),
),
},
},
})
}
func TestDatasourceSignedUrl_wContentType(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wContentType(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_content_type", nil),
),
},
},
})
}
func TestDatasourceSignedUrl_wMD5(t *testing.T) {
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccTestGoogleStorageObjectSingedUrl_wMD5(),
Check: resource.ComposeTestCheckFunc(
testAccGoogleSignedUrlRetrieval("data.google_storage_object_signed_url.story_url_w_md5", nil),
),
},
},
})
}
// formatRequest generates ascii representation of a request
func formatRequest(r *http.Request) string {
// Create return string
var request []string
request = append(request, "--------")
// Add the request string
url := fmt.Sprintf("%v %v %v", r.Method, r.URL, r.Proto)
request = append(request, url)
// Add the host
request = append(request, fmt.Sprintf("Host: %v", r.Host))
// Loop through headers
for name, headers := range r.Header {
//name = strings.ToLower(name)
for _, h := range headers {
request = append(request, fmt.Sprintf("%v: %v", name, h))
}
}
// If this is a POST, add post data
if r.Method == "POST" {
r.ParseForm()
request = append(request, "\n")
request = append(request, r.Form.Encode())
}
request = append(request, "--------")
// Return the request as a string
return strings.Join(request, "\n")
}
func testAccGoogleSignedUrlExists(n string) resource.TestCheckFunc { func testAccGoogleSignedUrlExists(n string) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
@ -151,9 +232,12 @@ func testAccGoogleSignedUrlExists(n string) resource.TestCheckFunc {
} }
} }
func testAccGoogleSignedUrlRetrieval(n string) resource.TestCheckFunc { func testAccGoogleSignedUrlRetrieval(n string, headers map[string]string) resource.TestCheckFunc {
return func(s *terraform.State) error { return func(s *terraform.State) error {
r := s.RootModule().Resources[n] r := s.RootModule().Resources[n]
if r == nil {
return fmt.Errorf("Datasource not found")
}
a := r.Primary.Attributes a := r.Primary.Attributes
if a["signed_url"] == "" { if a["signed_url"] == "" {
@ -161,10 +245,38 @@ func testAccGoogleSignedUrlRetrieval(n string) resource.TestCheckFunc {
} }
url := a["signed_url"] url := a["signed_url"]
fmt.Printf("URL: %s\n", url)
method := a["http_method"]
req, _ := http.NewRequest(method, url, nil)
// Apply custom headers to request
for k, v := range headers {
fmt.Printf("Adding Header (%s: %s)\n", k, v)
req.Header.Set(k, v)
}
contentType := a["content_type"]
if contentType != "" {
fmt.Printf("Adding Content-Type: %s\n", contentType)
req.Header.Add("Content-Type", contentType)
}
md5Digest := a["md5_digest"]
if md5Digest != "" {
fmt.Printf("Adding Content-MD5: %s\n", md5Digest)
req.Header.Add("Content-MD5", md5Digest)
}
// send request to GET object using signed url // send request to GET object using signed url
client := cleanhttp.DefaultClient() client := cleanhttp.DefaultClient()
response, err := client.Get(url)
// Print request
//dump, _ := httputil.DumpRequest(req, true)
//fmt.Printf("%+q\n", strings.Replace(string(dump), "\\n", "\n", 99))
fmt.Printf("%s\n", formatRequest(req))
response, err := client.Do(req)
if err != nil { if err != nil {
return err return err
} }
@ -206,6 +318,69 @@ data "google_storage_object_signed_url" "story_url" {
bucket = "${google_storage_bucket.bucket.name}" bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}" path = "${google_storage_bucket_object.story.name}"
}`, bucketName)
} }
`, bucketName)
func testAccTestGoogleStorageObjectSingedUrl_wHeader() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_headers" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
http_headers {
x-goog-test = "foo"
}
}`, acctest.RandString(6))
}
func testAccTestGoogleStorageObjectSingedUrl_wContentType() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_content_type" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
content_type = "text/plain"
}`, acctest.RandString(6))
}
func testAccTestGoogleStorageObjectSingedUrl_wMD5() string {
return fmt.Sprintf(`
resource "google_storage_bucket" "bucket" {
name = "tf-signurltest-%s"
}
resource "google_storage_bucket_object" "story" {
name = "path/to/file"
bucket = "${google_storage_bucket.bucket.name}"
content = "once upon a time..."
}
data "google_storage_object_signed_url" "story_url_w_md5" {
bucket = "${google_storage_bucket.bucket.name}"
path = "${google_storage_bucket_object.story.name}"
md5_digest = "${google_storage_bucket_object.story.md5hash}"
}`, acctest.RandString(6))
} }