felixbuenemann
commented
7 years ago I am currently using the following patch with 1.7.0 to allow generating signatures for s3 AWS4 using proxy_pass in openresty:
diff --git a/src/lua/api-gateway/aws/AwsV4Signature.lua b/src/lua/api-gateway/aws/AwsV4Signature.lua
index 3936937..8f9af85 100644
--- a/src/lua/api-gateway/aws/AwsV4Signature.lua
+++ b/src/lua/api-gateway/aws/AwsV4Signature.lua
@@ -28,6 +28,8 @@ function HmacAuthV4Handler:new(o)
-- services that want to suppress this, they should set it to false.
self.doubleUrlEncode = o.doubleUrlEncode or true
end
+ local divider = self.aws_service == "s3" and "-" or "."
+ self.aws_endpoint = self.aws_service .. divider .. self.aws_region .. ".amazonaws.com"
-- set amazon formatted dates
local utc = ngx.utctime()
self.aws_date_short = string.gsub(string.sub(utc, 1, 10),"-","")
@@ -153,12 +155,11 @@ end
function HmacAuthV4Handler:getSignature(http_method, request_uri, uri_arg_table, request_payload )
local uri_args = self:formatQueryString(uri_arg_table)
- local utc = ngx.utctime()
local date1 = self.aws_date_short
local date2 = self.aws_date
local headers = {}
- headers.host = self.aws_service .. "." .. self.aws_region .. ".amazonaws.com"
+ headers.host = self.aws_endpoint
headers["x-amz-date"] = date2
local encoded_request_uri = request_uriAs noted by @jlapier the distinction of s3-region.amazonaws.com vs. s3.region.amazonaws.com doesn't really seem to be needed and could be fixed in my case by using the dot seperator when defining the endpoint mapping in the nginx config.
For local testing though I really need to be able to pass in the endpoint, so I can use this with minio.
I'm not really familiar with lua, so not sure if my changes are the right way to do it.
These changes are essential to use S3 API.