Commit graph

1835 commits

Author SHA1 Message Date
a36248a169
[fix-signed-headers] aws signatures v4: don't actually check Content-Type is signed
This page of the AWS docs indicate that Content-Type should be part of
the CanonicalHeaders (and therefore SignedHeaders) strings in signature
calculation:

https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

However, testing with Minio Client revealed that it did not sign the
Content-Type header, and therefore we broke CI by expecting it to be
signed. With this commit, we don't mandate Content-Type to be signed
anymore, for better compatibility with the ecosystem. Testing against
the official behavior of S3 on AWS has not been done.
2024-03-01 13:12:18 +01:00
b8c7a560ef Merge pull request 'Fix potential timing side-channels in authentication mechanisms' (#737) from fix-auth-ct-eq into main
Reviewed-on: Deuxfleurs/garage#737
2024-02-29 14:04:38 +00:00
d3cf560e5c Merge pull request 'Docs: add default metrics_token in quick start + uniformize use of base64' (#739) from doc-default-token into main
Reviewed-on: Deuxfleurs/garage#739
2024-02-29 12:20:24 +00:00
73b11eb17c
[doc-default-token] add default metrics_token in quick start + uniformize use of base64 2024-02-29 13:17:36 +01:00
6d33e721c4
[fix-auth-ct-eq] use consant time comparison for awsv4 signature verification 2024-02-29 13:07:18 +01:00
eaac4924ef
[fix-auth-ct-eq] use argon2 hashing and verification for admin/metrics token checking 2024-02-29 13:07:15 +01:00
02005055ae Merge pull request 'Mention deduplication and compression in features page' (#736) from doc-dedup into main
Reviewed-on: Deuxfleurs/garage#736
2024-02-28 12:49:26 +00:00
a294dd9473
[doc-dedup] reorder features, move no-RAFT down 2024-02-28 13:48:45 +01:00
947973982d
[doc-dedup] fix #rpc_bind_outgoing anchor in config page 2024-02-28 13:45:30 +01:00
dc995059aa
[doc-dedup] mention deduplication and compression in features page 2024-02-28 13:43:30 +01:00
10031a3a91 Merge pull request 'Split presigned signature verification + fix conditions' (#735) from fix-presigned into main
Reviewed-on: Deuxfleurs/garage#735
2024-02-28 11:38:00 +00:00
90cab5b8f2
[fix-presigned] add comments and reorganize 2024-02-28 12:24:21 +01:00
e9f759d4cb
[fix-presigned] presigned requests: allow x-amz-* query parameters to stand in for equivalent headers 2024-02-28 12:24:21 +01:00
a5e4bfeae9
[fix-presigned] write comments 2024-02-28 12:24:21 +01:00
4c1d42cc5f
[fix-presigned] add back anonymous request code path + refactoring 2024-02-28 12:24:21 +01:00
2efa9c5a1a
[fix-presigned] PostObject: verify X-Amz-Algorithm 2024-02-28 12:24:20 +01:00
a8cb8e8a8b
[fix-presigned] split presigned/normal signature verification 2024-02-28 12:24:13 +01:00
911a83ea7d Merge pull request 'rewrite read_and_put_block as a series of steps with channels' (#734) from refactor-put into main
Reviewed-on: Deuxfleurs/garage#734
2024-02-26 17:52:45 +00:00
b76c0c102e
[refactor-put] add ordering tag to blocks being sent to storage nodes 2024-02-26 18:35:11 +01:00
babccd2ad3
[refactor-put] send several blocks in parallel to storage nodes 2024-02-26 18:22:37 +01:00
3fe94cc14f
[refactor-put] rewrite read_and_put_block as a series of steps with channels 2024-02-26 17:55:37 +01:00
ee2b0c8dda
[talk-capitoul] Add talk on 2024-02-09 at capitoul.org 2024-02-26 13:42:47 +01:00
17b55205aa Merge pull request 'doc: reverse-proxy.md: Added section on caddy-fs-s3' (#733) from jpds/garage:caddy-fileserver-browse-s3 into main
Reviewed-on: Deuxfleurs/garage#733
2024-02-26 09:56:09 +00:00
Jonathan Davies
3813e6c71d doc: reverse-proxy.md: Added section on caddy-fs-s3. 2024-02-26 00:54:33 +00:00
e399b60e25 Merge pull request 'GetObject: split out handle_get_full (small refactoring)' (#732) from split_getobject into main
Reviewed-on: Deuxfleurs/garage#732
2024-02-23 17:26:53 +00:00
d640102b76
[split_getobject] GetObject: split out handle_get_full 2024-02-23 18:14:50 +01:00
61758ce0f9 Merge pull request 'some refactoring on data read/write path' (#729) from refactor-block into main
Reviewed-on: Deuxfleurs/garage#729
2024-02-23 15:49:43 +00:00
6ee691e65f
[refactor-block] simplify some more 2024-02-23 12:50:10 +01:00
e9c42bca34
[refactor-block] add DataBlockStream type 2024-02-23 12:22:29 +01:00
cd1069c1d4
[refactor-block] refactor DataBlock and DataBlockPath 2024-02-23 12:15:52 +01:00
07c7895948
[refactor-block] simplify rpc_get_block 2024-02-23 11:54:40 +01:00
9b41f4ff20
[refactor-block] move read_stream_to_end to garage_net 2024-02-23 11:46:57 +01:00
93552b9275
[refactor-block] Remove redundant BlockStream type 2024-02-23 11:33:38 +01:00
74d0c47f21 Merge pull request 'Add node-global lock for bucket/key operations (fix #723)' (#728) from lock-createbucket into main
Reviewed-on: Deuxfleurs/garage#728
2024-02-22 12:05:19 +00:00
cff702a951
[lock-createbucket] Add node-global lock for bucket/key operations (fix #723) 2024-02-22 12:28:21 +01:00
7e212e20e0 Merge pull request 'Minor typos & grammar fixes in docs' (#727) from hartraft/garage:docs-typo-fix into main
Reviewed-on: Deuxfleurs/garage#727
2024-02-22 09:26:08 +00:00
hartraft
00a5f14a7b Align admin endpoint port 2024-02-20 21:19:00 +01:00
hartraft
1a07c8dd54 Minor typos and grammar 2024-02-20 21:03:39 +01:00
292f4ff9cb Typo
Fix small typo on the getting started guide
2024-02-20 18:35:56 +00:00
885405d944 Merge pull request 'system metrics improvements' (#726) from peer-metrics into main
Reviewed-on: Deuxfleurs/garage#726
2024-02-20 15:35:12 +00:00
bcd571ef57
[peer-metrics] add documentation for new cluster status metrics 2024-02-20 14:59:04 +01:00
b868493da9
[peer-metrics] add basic cluster node status metrics (fix #545) 2024-02-20 14:50:24 +01:00
182a23cc12
[peer-metrics] refactor SystemMetrics to hold a reference to System 2024-02-20 14:20:58 +01:00
3cdf69f079
[peer-metrics] Add metrics for cluster health, like GetClusterHealth admin API 2024-02-20 13:50:45 +01:00
00d479358d
[peer-metrics] refactor/simplify SystemMetrics 2024-02-20 13:50:45 +01:00
203bb10035 Merge pull request 'Filter nodes Garage tries to connect to' (#719) from reconnect-only-current into main
Reviewed-on: Deuxfleurs/garage#719
2024-02-20 10:37:11 +00:00
e91576677e
[reconnect-only-current] filter nodes to reconnect to
do not try reconnecting to nodes received from consul/kubernetes
discovery if they are not currently in the layout
2024-02-20 11:07:10 +01:00
0b9859befa Merge pull request 'garage_net: retry connecting when new IP is learned' (#724) from networking-fixes into main
Reviewed-on: Deuxfleurs/garage#724
2024-02-19 17:37:01 +00:00
95e3a39b4d
[networking-fixes] small refactoring in garage_net peering 2024-02-19 18:12:21 +01:00
66fe893023
[networking-fixes] garage_net: retry connecting when new IP is learned 2024-02-19 18:12:21 +01:00