Skip to content

Commit

Permalink
Fix docs and comments regarding aws auth version
Browse files Browse the repository at this point in the history
  • Loading branch information
ralphbean committed Jul 29, 2024
1 parent 36de6e1 commit e3b8dd4
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 8 deletions.
2 changes: 1 addition & 1 deletion task/oci-copy-oci-ta/0.1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ Given a file in the user's source directory, copy content from arbitrary urls in
## Parameters
|name|description|default value|required|
|---|---|---|---|
|AWS_SECRET_NAME|Name of a secret which will be made available to the build to construct Authorization headers for requests to Amazon S3 using https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html. If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME. The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`.|does-not-exist|false|
|AWS_SECRET_NAME|Name of a secret which will be made available to the build to construct Authorization headers for requests to Amazon S3 using v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html. If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME. The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`. In the future, this will be reimplemented to use v4 auth: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.|does-not-exist|false|
|BEARER_TOKEN_SECRET_NAME|Name of a secret which will be made available to the build as an Authorization header. Note, the token will be sent to all servers found in the oci-copy.yaml file. If you do not wish to send the token to all servers, different taskruns and therefore different oci artifacts must be used.|does-not-exist|false|
|IMAGE|Reference of the image we will push||true|
|OCI_COPY_FILE|Path to the oci copy file.|./oci-copy.yaml|false|
Expand Down
8 changes: 5 additions & 3 deletions task/oci-copy-oci-ta/0.1/oci-copy-oci-ta.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,10 @@ spec:
- name: AWS_SECRET_NAME
description: 'Name of a secret which will be made available to the build
to construct Authorization headers for requests to Amazon S3 using
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.
v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html.
If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME.
The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`.'
The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`.
In the future, this will be reimplemented to use v4 auth: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.'
type: string
default: does-not-exist
- name: BEARER_TOKEN_SECRET_NAME
Expand Down Expand Up @@ -138,7 +139,8 @@ spec:
curl_args=(--fail --silent --show-error)
if [ -n "${AWS_ACCESS_KEY_ID}" ] && [ -n "${AWS_SECRET_ACCESS_KEY}" ]; then
echo "Found both aws credentials secret with both aws_access_key_id and aws_secret_access_key. Assuming S3 bucket"
# This implements https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
# This implements v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html.
# TODO - port to v4 auth https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
path=$(echo "$url" | cut -d/ -f4-)
echo "Bucket path is $path"
date="$(date -u '+%a, %e %b %Y %H:%M:%S +0000')"
Expand Down
2 changes: 1 addition & 1 deletion task/oci-copy/0.1/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Note: the bearer token secret, if specified, will be sent to **all servers liste
|IMAGE|Reference of the image we will push||true|
|OCI_COPY_FILE|Path to the oci copy file.|./oci-copy.yaml|false|
|BEARER_TOKEN_SECRET_NAME|Name of a secret which will be made available to the build as an Authorization header. Note, the token will be sent to all servers found in the oci-copy.yaml file. If you do not wish to send the token to all servers, different taskruns and therefore different oci artifacts must be used.|does-not-exist|false|
|AWS_SECRET_NAME|Name of a secret which will be made available to the build to construct Authorization headers for requests to Amazon S3 using https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html. If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME. The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`.|does-not-exist|false|
|AWS_SECRET_NAME|Name of a secret which will be made available to the build to construct Authorization headers for requests to Amazon S3 using v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html. If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME. The secret must contain two keys: `aws_access_key_id` and `aws_secret_access_key`. In the future, this will be reimplemented to use v4 auth: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.|does-not-exist|false|

## Results
|name|description|
Expand Down
8 changes: 5 additions & 3 deletions task/oci-copy/0.1/oci-copy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,10 @@ spec:
- name: AWS_SECRET_NAME
description: >-
Name of a secret which will be made available to the build to construct Authorization headers for requests to
Amazon S3 using https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.
Amazon S3 using v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html.
If specified, this will take precedence over BEARER_TOKEN_SECRET_NAME. The secret must contain two keys:
`aws_access_key_id` and `aws_secret_access_key`.
`aws_access_key_id` and `aws_secret_access_key`. In the future, this will be reimplemented to use v4 auth:
https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html.
type: string
default: "does-not-exist"
results:
Expand Down Expand Up @@ -123,7 +124,8 @@ spec:
curl_args=(--fail --silent --show-error)
if [ -n "${AWS_ACCESS_KEY_ID}" ] && [ -n "${AWS_SECRET_ACCESS_KEY}" ]; then
echo "Found both aws credentials secret with both aws_access_key_id and aws_secret_access_key. Assuming S3 bucket"
# This implements https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
# This implements v2 auth https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html.
# TODO - port to v4 auth https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html
path=$(echo "$url" | cut -d/ -f4-)
echo "Bucket path is $path"
date="$(date -u '+%a, %e %b %Y %H:%M:%S +0000')"
Expand Down

0 comments on commit e3b8dd4

Please sign in to comment.