As described in
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
this adds support for reading from a chunked upload encoded request
body. The chunked reader modifies the data stream to remove the
chunk encoding while validating the chunk signatures in line. This
allows the upper layers to get just the object data stream.
This change removes all spaces after the algorithm to have
standard parsing for the following key/value pairs. This fixes
some clients that were using a slightly different format than
the example AWS request strings.
This adds the default ACL to the CreateBucket backend method so
that the backend doesn't need to know how to construct and ACL.
This also moves the s3proxy ACLs to a tag key/value because the
gateway ACLs are not the same accounts as the backend s3 server.
TODO: we may need to mask this tag key/value if we add support
for the Get/PutBucketTagging API.
This builds on the previous work that sets up the body streaming
for the put object and put part requests. This adds the auth and
checksum readers to postpone the v4auth checks and the content
checksum until the end of the body stream.
This means that the backend with start reading the data from the
body stream before the request is fully validated and signatures
checked. So the backend must check the error returned from the
body reader for the final auth and content checks. The backend
is expected to discard the data upon error.
This should increase performance and reduce memory utilization
to no longer require caching the entire request body in memory
for put object and put part.
The local IAM accounts were being cached in memory for improved
performance, but this can be moved up a layer so that the cache
can benefit any configured IAM service.
This adds options to disable and tune TTL for cache. The balance
for the TTL is that a longer life will send requests to the IAM
service less frequently, but could be out of date with the service
accounts for that duration.
This moves the internal iam service from the posix backend so
that we can start implementing new iam services right in the auth
module.
The internal iam service has same behavior as before, but now
must be enabled with the --iam-dir cli option.
New single user service is the default when no other iam service
is selected. This just runs the gateway in single user mode with
just the root account.
* fix: Object tag actions cleanup
* fix: Fixes#249, Changed ListObjects default max-keys from -1 to 1000
* fix: Fixes#250, Added support to provide a marker not from the objects list and list the objects after the provided marker in ListObjects(V2) actions
* feat: Closes#256, Addded a check step, to compare object metadatas and allow the copying to itself, if the metadata has been changed
* fix: Simplified range assignment in CopyObject posix function
