PR to handle the AWS v4 signing by using IAM Role

[lorepas]

Fixed a bug encountered when using assume role to connect immudb to an S3 bucket. In this PR I added the manage of the SessionToken and I used the X-Amz-Security-Token header as specified here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html

[lorepas]

@jeroiraz have you take a look into this fix?

[ostafen]

Hi, @lorepas, first of all thanks for the fix. Could you please align your branch with immudb's latest master commit? Also, I've seen that your PR contains a lot of extra tabs (maybe due to your formatter config) that make difficult to isolate the exact changes of the PR. Thanks!

[lorepas]

Hi, @lorepas, first of all thanks for the fix. Could you please align your branch with immudb's latest master commit? Also, I've seen that your PR contains a lot of extra tabs (maybe due to your formatter config) that make difficult to isolate the exact changes of the PR. Thanks!

Hi @ostafen and thank you for your reply! Now I refactored the code, so the changes you can see now are the ones made for the fix. For these changes I started from the latest opensource version, the 1.9DOM.2, for this reason I would put these changes into such version. Do you think is that possible?

[ostafen]

@lorepas: latest version is now 1.9.4. Any specific reason you are using 1.9DOM.2?

[lorepas]

@lorepas: latest version is now 1.9.4. Any specific reason you are using 1.9DOM.2?

@ostafen because from the change of license made by immudb I understand that the latest opensource was 1.9DOM.2. All the ones after such version are licensed BSL. Is that right?

[ostafen]

@lorepas The license change doesn't change the fact that it's open source or the project cannot be used by anyone. The only real restriction affects the commercial usage in a very limited range. Thus, allowing PRs to outdated versions wouldn't make much sense and would confuse users and developers.

[lorepas]

@lorepas The license change doesn't change the fact that it's open source or the project cannot be used by anyone. The only real restriction affects the commercial usage in a very limited range. Thus, allowing PRs to outdated versions wouldn't make much sense and would confuse users and developers.

@ostafen yes, it's clear since the code is public all can contribute on that and for this reason it's opensource. I changed target branch to the master, however I've one last question: which are the limits on production use case about the use of immudb with BSL?

[ostafen]

@lorepas: can you solve conflicts?

[lorepas]

@ostafen conflicts solved!

[coveralls]

coverage: 89.457% (-0.01%) from 89.469% when pulling 10697671dd7e97e412972cc9f3b18de0b821bf80 on lorepas:lp-aws-signed-request-with-role into 76cd08a0ec757a3dc498d584799d15df1aa5a9ef on codenotary:master.

[ostafen]

It looks like code scanning complains about logging storage here, since it could reveal secretKey. @lorepas, would you mind changing such line to:

log.Printf("Opening remote storage at %s", remotePath)

It would be also great if you could squash your commits into one, in order to keep history clean. Thanks!

[lorepas]

@ostafen I changed the line suggested by you

[ostafen]

Some related test is failing:

[lorepas]

@ostafen added the needed flag also in related test.

[ostafen]

@lorepas: please, make sure all tests are passing: TestSignatureV4 is still failing.

[lorepas]

@ostafen Now I set the header x-amz-security-token only if role is enabled. I fixed also the test by eliminating such header since the test doesn't perform temporary authentication. I think now the test should work.

[ostafen]

@lorepas: Thanks for fixing the test. Before merging, could you please squash your commits into one so to keep history clean?

[lorepas]

@ostafen I tried to squash my commits but currently they increase in number by taking all the ones from my first and now. Can you do the squash while you're accepting the PR? Otherwise I accept hint to understand how to do such operation.

[ostafen]

@lorepas: I cannot merge the PR, because not all the commits are signed. I suggest to squash all the commits into one, signed commit. Regarding squashing your commits, read this.

[lorepas]

Close in favor of #2010