Disallow aws-chunked uploads

We don't support it yet, so return 501 Not Implemented. Previously, we'd store the aws-chunked content (!) and most clients would see it as data corruption. See https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html for more information. Change-Id: I697962039667980ef89212bc480f8b1d3fbd718c
2018-08-03 19:27:57 +00:00 · 2018-08-03 19:27:57 +00:00 · 79539eabf7
commit 79539eabf7
parent 86d78f6667
2 changed files with 25 additions and 5 deletions
--- a/swift/common/middleware/s3api/s3request.py
+++ b/swift/common/middleware/s3api/s3request.py
@ -694,6 +694,12 @@ class S3Request(swob.Request):
        if 'x-amz-website-redirect-location' in self.headers:
            raise S3NotImplemented('Website redirection is not supported.')

+        # https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
+        # describes some of what would be required to support this
+        if 'aws-chunked' in self.headers.get('content-encoding', ''):
+            raise S3NotImplemented('Transfering payloads in multiple chunks '
+                                   'using aws-chunked is not supported.')
+
    @property
    def body(self):
        """
--- a/test/unit/common/middleware/s3api/test_s3api.py
+++ b/test/unit/common/middleware/s3api/test_s3api.py
@ -455,23 +455,37 @@ class TestS3ApiMiddleware(S3ApiTestCase):
        status, headers, body = self.call_s3api(req)
        self.assertEqual(self._get_error_code(body), 'InvalidStorageClass')

-    def _test_unsupported_header(self, header):
+    def _test_unsupported_header(self, header, value=None):
+        if value is None:
+            value = 'value'
        req = Request.blank('/error',
                            environ={'REQUEST_METHOD': 'GET',
                                     'HTTP_AUTHORIZATION': 'AWS X:Y:Z'},
-                            headers={'x-amz-' + header: 'value',
+                            headers={header: value,
                                     'Date': self.get_date_header()})
        status, headers, body = self.call_s3api(req)
        self.assertEqual(self._get_error_code(body), 'NotImplemented')

    def test_mfa(self):
-        self._test_unsupported_header('mfa')
+        self._test_unsupported_header('x-amz-mfa')

    def test_server_side_encryption(self):
-        self._test_unsupported_header('server-side-encryption')
+        self._test_unsupported_header('x-amz-server-side-encryption')

    def test_website_redirect_location(self):
-        self._test_unsupported_header('website-redirect-location')
+        self._test_unsupported_header('x-amz-website-redirect-location')
+
+    def test_aws_chunked(self):
+        self._test_unsupported_header('content-encoding', 'aws-chunked')
+        # https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
+        # has a multi-encoding example:
+        #
+        # > Amazon S3 supports multiple content encodings. For example:
+        # >
+        # >     Content-Encoding : aws-chunked,gzip
+        # > That is, you can specify your custom content-encoding when using
+        # > Signature Version 4 streaming API.
+        self._test_unsupported_header('Content-Encoding', 'aws-chunked,gzip')

    def _test_unsupported_resource(self, resource):
        req = Request.blank('/error?' + resource,