search

aws / aws-sdk-go-v2

AWS SDK for the Go programming language.
https://aws.github.io/aws-sdk-go-v2/docs/
Apache License 2.0
2.66k stars 640 forks source link

Add convenience method for S3 presigned posts #1224

Closed F21 closed 2 months ago

F21 commented 3 years ago

Is your feature request related to a problem? Please describe. The presign client for S3 currently supports presigning GetObject and PutObject URLs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3#PresignClient

It would be nice if an additional method is implemented to support presigning POST object URLs documented here: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html

This feature seems to be present in SDKs for other languages.

Describe the solution you'd like Add a convenience method for S3 presigned posts to the PresignClient

Describe alternatives you've considered n/a

Additional context n/a

ArtemSBulgakov commented 3 years ago

Any update on this? I am interested in this function too

Maximilian5189 commented 2 years ago

I am interested too. It seems there were no changes requested to the PR (https://github.com/aws/aws-sdk-go/pull/3287) since 2020. Does this mean the PR could be merged? What would be still missing? I would be happy to assis somehow if needed.

soapiestwaffles commented 2 years ago

+1, I've been waiting for this for a while. I have had to make my own in the past

william20111 commented 2 years ago

+1, Would be very good to have this as part of SDK

MrGossett commented 2 years ago

Does the v4.Signer.PresignHTTP method in aws/signer/v4 get close to what you're looking for?

william20111 commented 2 years ago

@MrGossett thanks for replying, just for my understanding. If i take the example policy from the docs of s3 POSt policy.

{ "expiration": "2007-12-01T12:00:00.000Z",
  "conditions": [
    {"acl": "public-read" },
    {"bucket": "johnsmith" },
    ["starts-with", "$key", "user/eric/"],
  ]
}

If i SHA256 that payload and provide it to the below signer I can get the same behaviour? 

func main() {
    preSigner := v4.NewSigner()
    req, _ := http.NewRequest()
    preSigner.PresignHTTP(context.TODO(), creds, req, hashedPayload, s3ServiceString, regionString, time.Now())
}
MrGossett commented 2 years ago

@MrGossett thanks for replying,

Cheers :) Just for transparency: I don't work for AWS. I'm just a very active AWS SDK Go user.

just for my understanding. If i take the example policy from the docs of s3 POSt policy.


{ "expiration": "2007-12-01T12:00:00.000Z",

  "conditions": [

    {"acl": "public-read" },

    {"bucket": "johnsmith" },

    ["starts-with", "$key", "user/eric/"],

  ]

}

If i SHA256 that payload and provide it to the below signer I can get the same behaviour? 


func main() {

  preSigner := v4.NewSigner()

  req, _ := http.NewRequest()

  preSigner.PresignHTTP(context.TODO(), creds, req, hashedPayload, s3ServiceString, regionString, time.Now())

}

No, not quite. The hashedPayload argument is a SHA sum of the HTTP request's body. I guess that method won't do what you want easily.

vudh1 commented 2 years ago

Hi all, I have discussed with the team, and we are planning to implement this. However, there is no timeline for this yet, I will comment if we have any update.

QuteBits commented 2 years ago

could someone from the core team please review it (or at least assign someone to review it)? Our company is heavily using Go and unfortunately we do need presigned POST for uploads in the next 2 weeks.

If there is an implementation of that in some PR, could you perhaps point me to it?

skmcgrail commented 2 years ago

@QuteBits this GitHub issue is to just track the feature request, and is not a pull request for the implementation. This remains an item on our backlog, but we are unable to provide a timeline at this time on when we can pick up implementation of this feature.

QuteBits commented 2 years ago

@skmcgrail got it. And thank you for such a quick response.

jonbarrow commented 1 year ago

Not sure if advertising like this is allowed, but. We were also in desperate need for this functionality, and built our own presign client to add this functionality to our servers. We use this in production here

Seeing as this still has not been added officially, I decided to break this out into it's own tiny module which can be found here https://github.com/PretendoNetwork/aws-sdk-presigned-post-go

It was made to mimic the official SDK as much as possible, hence the similar naming. I tried to make the API as clean as possible, to not force developers to pass in information multiple times (once to the official SDK and once to this module), and unforntunately I was not able to find a clean way to integrate this into one client (not relying on this client+an official SDK client for other presign types)

This was really made with our use case in mind, and can only confirm it works in that use case (the client being a WiiU and using DigitalOcean Spaces as the s3 server), so any changes and suggestions are welcome to help make this more approachable to others

vassbence commented 6 months ago

+1, would need this functionality.

Here is a good post about the differences between presigned PUT and POST if anybody is wondering: https://advancedweb.hu/differences-between-put-and-post-s3-signed-urls/

sonal1999 commented 6 months ago

+1, would need this functionality.

svyatoslavmo commented 5 months ago

Any updates? @bkaws @Madrigal

We currently migrating several of our NodeJS services to Go that use this feature.

jonbarrow commented 5 months ago

Any updates? @bkaws @Madrigal

We currently migrating several of our NodeJS services to Go that use this feature.

It doesn't appear like this is going to go anywhere anytime soon

We implemented this functionality ourselves originally, manually creating the signed requests and packaging it up into a small helper library. It was only ever tested with DigitalOcean's Spaces service, but let us continue to use the official Go SDK

We've since moved on to using the MinIO SDK client. It's compatible with AWS s3 and supports presigned POST out of the box https://min.io/docs/minio/linux/developers/go/API.html#PresignedPostPolicy. I'd honestly recommend looking into using MinIO instead for Go clients, at least for now

bkaws commented 5 months ago

Hi @jonbarrow, @svyatoslavmo apologies for the delay in responding. We're planning on starting this work next week.

susyabashti commented 4 months ago

Hi @jonbarrow, @svyatoslavmo apologies for the delay in responding. We're planning on starting this work next week.

Any updates on this?

Madrigal commented 3 months ago

@susyabashti started working on this, but put this on hold to work on other things. Will take it up again soon

jonbarrow commented 3 months ago

@susyabashti started working on this, but put this on hold to work on other things. Will take it up again soon

I mean this in the most respectful way possible, and I hope it doesn't come off the wrong way, but is there any specific reason for this hold up? This issue has been open for 3 years now which seems a bit odd, considering the other official SDKs have this feature as do other 3rd party libraries. I understand that our small one-off helper library is not comparable to a fully blown SDK, but we implemented this functionality ourselves in \~130 lines (taking away the comments and extra line breaks)

Again, I hope that doesn't come off as impatient or anything. But if there's any specific roadblocks or requirements that are preventing what seems like a relatively straight forward feature from being implemented, could those roadblocks or requirements be noted here? In case someone else would like to implement and send over a PR instead?

github-actions[bot] commented 2 months ago

This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.

Madrigal commented 2 months ago

PR merged, this will be part of today's release