Merge into trunk : signed-access : Code : Go Windows Azure Client Library

Status:	Merged
Approved by:	Raphaël Badin on 2013-07-26
Approved revision:	206
Merged at revision:	202
Proposed branch:	lp://staging/~rvb/gwacl/signed-access
Merge into:	lp://staging/gwacl
Diff against target:	256 lines (+201/-3) 4 files modified shared_signature.go (+74/-0) shared_signature_test.go (+70/-0) storage_base.go (+19/-3) storage_base_test.go (+38/-0)
To merge this branch:	bzr merge lp://staging/~rvb/gwacl/signed-access
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Julian Edwards (community)		2013-07-24	Approve on 2013-07-26
Review via email: mp+176732@code.staging.launchpad.net

Commit message

Add support for the Windows Azure Shared Access Signature URL mechanism.

Description of the change

This branch adds support for the Windows Azure Shared Access Signature URL mechanism. More specifically, it adds a way to get an anonymously-accessible url for a blob (even if the blob is located in a private storage).

See http://msdn.microsoft.com/en-us/library/windowsazure/dn140255.aspx for details.

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2013-07-26:

#

Download full text (5.0 KiB)

Nice branch, reasonably well tested, but I think we should improve some of that testing!

In particular, the new sign() method is not unit tested. I think you should add a test for it, and then we can use that function in other tests like TestComposeSharedSignature so that we don't have to hard-code the magic string "COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=" which makes the test difficult to verify what it's actually testing.

Ok so on to the details:

16 +func composeSharedSignature(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, accountKey string) string {

Since you documented the other internal compose* funcs, can you do the same here please.

19 + stringToSign := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
20 + permission, "", signedExpiry, canonicalizedResource, signedIdentifier, signedVersion)

Gah I *really* miss Python's format() here. The second arg of "" is a bit magic, can you initalise a variable called 'signedStart' to "" and then use it instead of the bare "", it will make that Sprintf more readable (the "" sticks out like a pimple on a supermodel).

29 +func composeAccessQueryString(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, signedRessource, accountKey string) url.Values {

Given that this shares almost all of its params with composeSharedSignature it might be worth declaring a struct type which encapsulates the data in a shared access signature. I think once functions get beyond more than three params they get very unwieldy very quickly. The new type could well be useful in the future if we do more things with SASes.

Also this function is mis-named, it is not composing a string. May I suggest composeAcessQueryValues instead.

+func composeReadBlobValues(container, filename, accountName, accountKey string, expires time.Time) url.Values {
45 + expiryDateString := expires.UTC().Format(time.RFC3339)

Christ - why did they not make the date header format and this expiry stamp consistent? :/ (The other is RFC1123)

71 +func (*sharedSignatureSuite) TestComposeSharedSignature(c *C) {
72 + permission := "r"
73 + signedExpiry := "2015-02-12"
74 + path := "/path/to/file"
75 + accountName := "name"
76 + signedIdentifier := "identifier"
77 + signedVersion := "2012-02-12"
78 + accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
79 +
80 + signature := composeSharedSignature(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, accountKey)
81 + c.Check(signature, Equals, "C/COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=")

Here, once sign() is independently tested, you can use its return value instead of hard-coding this string here. The test will improve in readability for that.

103 +func (*sharedSignatureSuite) TestComposeReadBlobValues(c *C) {
104 + container := "container"
105 + filename := "/path/to/file"
106 + accountName := "name"
107 + accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
108 + expires := time.Now()
109 + values := composeReadBlobValues(container, filename, accountName, accountKey, expires)
110 + c.Check(values.Get("sv"), Equals, "2012-02-12")
111 + ...

Nice branch, reasonably well tested, but I think we should improve some of that testing!

In particular, the new sign() method is not unit tested.  I think you should add a test for it, and then we can use that function in other tests like TestComposeSharedSignature so that we don't have to hard-code the magic string "COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=" which makes the test difficult to verify what it's actually testing.

Ok so on to the details:

16	+func composeSharedSignature(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, accountKey string) string {

Since you documented the other internal compose* funcs, can you do the same here please.

19	+    stringToSign := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
20	+        permission, "", signedExpiry, canonicalizedResource, signedIdentifier, signedVersion)

Gah I *really* miss Python's format() here.  The second arg of "" is a bit magic, can you initalise a variable called 'signedStart' to "" and then use it instead of the bare "", it will make that Sprintf more readable (the "" sticks out like a pimple on a supermodel).

29	+func composeAccessQueryString(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, signedRessource, accountKey string) url.Values {

Given that this shares almost all of its params with composeSharedSignature it might be worth declaring a struct type which encapsulates the data in a shared access signature. I think once functions get beyond more than three params they get very unwieldy very quickly.  The new type could well be useful in the future if we do more things with SASes.

Also this function is mis-named, it is not composing a string.  May I suggest composeAcessQueryValues instead.

+func composeReadBlobValues(container, filename, accountName, accountKey string, expires time.Time) url.Values {
45	+    expiryDateString := expires.UTC().Format(time.RFC3339)

Christ - why did they not make the date header format and this expiry stamp consistent? :/  (The other is RFC1123)

71	+func (*sharedSignatureSuite) TestComposeSharedSignature(c *C) {
72	+    permission := "r"
73	+    signedExpiry := "2015-02-12"
74	+    path := "/path/to/file"
75	+    accountName := "name"
76	+    signedIdentifier := "identifier"
77	+    signedVersion := "2012-02-12"
78	+    accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
79	+
80	+    signature := composeSharedSignature(permission, signedExpiry, path, accountName, signedIdentifier, signedVersion, accountKey)
81	+    c.Check(signature, Equals, "C/COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=")

Here, once sign() is independently tested, you can use its return value instead of hard-coding this string here.  The test will improve in readability for that.

103	+func (*sharedSignatureSuite) TestComposeReadBlobValues(c *C) {
104	+    container := "container"
105	+    filename := "/path/to/file"
106	+    accountName := "name"
107	+    accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
108	+    expires := time.Now()
109	+    values := composeReadBlobValues(container, filename, accountName, accountKey, expires)
110	+    c.Check(values.Get("sv"), Equals, "2012-02-12")
111	+    expiryDateString := values.Get("se")
112	+    expectedExpiryDateString := expires.UTC().Format(time.RFC3339)
113	+    c.Check(expiryDateString, Equals, expectedExpiryDateString)
114	+}

This one is missing a lot of checks, composeReadBlobValues is passing more than just date and version into composeAccessQueryString.  I'd refactor the assertions made in TestComposeAccessQueryString.

128	+func sign(accountKey, signable string) string {

As I said before, this is missing a test.

151	+// GetSignedFileURL returns an anonymously-accessible URL for a given file in
152	+// the given container.
153	+func (context *StorageContext) GetSignedFileURL(container, filename string, expires time.Time) string {

The comment doesn't explain why "expires" is required, can you add something?  Also (sorry to bikeshed again) I don't think the function name accurately represents what you're doing here, it's surreptitiously leaking internal implementation details into the function's name.  Perhaps GetAnonymousFileURL() ?  Callers won't necessarily care about internals of signing.  I am also idly wondering that since we already have a GetFileURL(), can it automatically return the URL with the signature on it if it knows the file needs it...

170	+func (suite *TestStorageContext) TestGetSignedFileURL(c *C) {

You seem to already know this but you don't need the "suite" variable here.  So much for Go's vaunted compilation errors for unused variables.

87	+    values, err := url.ParseQuery(parsed.RawQuery)
188	+    c.Assert(err, IsNil)
189	+    signature := values.Get("sig")
190	+    c.Check(signature, Not(HasLen), 0)
191	+    // The signature is base64-encoded.
192	+    _, err = base64.StdEncoding.DecodeString(signature)
193	+    c.Assert(err, IsNil)
194	+}

I reckon that with decent refactoring of assertions in the tests above, you can re-use them here to check for actual values, since this is a fragile test as it stands.

review: Needs Fixing

Revision history for this message

Julian Edwards (julian-edwards) wrote on 2013-07-26:

#

Early approval, I am sure you'll fix things :)

review: Approve

lp://staging/~rvb/gwacl/signed-access updated on 2013-07-26

206. By Raphaël Badin on 2013-07-26: Review fixes.

Revision history for this message

Raphaël Badin (rvb) wrote on 2013-07-26:

#

Download full text (6.4 KiB)

> Nice branch, reasonably well tested, but I think we should improve some of
> that testing!

Thanks for the review!

> In particular, the new sign() method is not unit tested. I think you should
> add a test for it, and then we can use that function in other tests like
> TestComposeSharedSignature so that we don't have to hard-code the magic string
> "COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=" which makes the test difficult to
> verify what it's actually testing.

Like I said on IRC, this is not a new method, it's just extracted from somewhere but it was already there (and tested by a method which calls it)… but you're right, having a unit-test of the method itself is much better; done.

> 16 +func composeSharedSignature(permission, signedExpiry, path,
> accountName, signedIdentifier, signedVersion, accountKey string) string {
>
> Since you documented the other internal compose* funcs, can you do the same
> here please.

In this case, I felt the name of the method would be as good as any comment but okay, done.

> 19 + stringToSign := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
> 20 + permission, "", signedExpiry, canonicalizedResource,
> signedIdentifier, signedVersion)
>
> Gah I *really* miss Python's format() here. The second arg of "" is a bit
> magic, can you initalise a variable called 'signedStart' to "" and then use it
> instead of the bare "", it will make that Sprintf more readable (the "" sticks
> out like a pimple on a supermodel).

Very good point, done (I've added a 'signedStart' field to the structure).

> 29 +func composeAccessQueryString(permission, signedExpiry, path,
> accountName, signedIdentifier, signedVersion, signedRessource, accountKey
> string) url.Values {
>
> Given that this shares almost all of its params with composeSharedSignature it
> might be worth declaring a struct type which encapsulates the data in a shared
> access signature. I think once functions get beyond more than three params
> they get very unwieldy very quickly. The new type could well be useful in the
> future if we do more things with SASes.

Excellent point, done.

> Also this function is mis-named, it is not composing a string. May I suggest
> composeAcessQueryValues instead.

True, I started with a method which returned a string then changed the signature but not the name, thanks for spotting that!

> 71 +func (*sharedSignatureSuite) TestComposeSharedSignature(c *C) {
> 72 + permission := "r"
> 73 + signedExpiry := "2015-02-12"
> 74 + path := "/path/to/file"
> 75 + accountName := "name"
> 76 + signedIdentifier := "identifier"
> 77 + signedVersion := "2012-02-12"
> 78 + accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
> 79 +
> 80 + signature := composeSharedSignature(permission, signedExpiry,
> path, accountName, signedIdentifier, signedVersion, accountKey)
> 81 + c.Check(signature, Equals,
> "C/COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=")
>
> Here, once sign() is independently tested, you can use its return value
> instead of hard-coding this string here. The test will improve in readability
> for that.

That wou...

> Nice branch, reasonably well tested, but I think we should improve some of
> that testing!

Thanks for the review!

> In particular, the new sign() method is not unit tested.  I think you should
> add a test for it, and then we can use that function in other tests like
> TestComposeSharedSignature so that we don't have to hard-code the magic string
> "COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=" which makes the test difficult to
> verify what it's actually testing.

Like I said on IRC, this is not a new method, it's just extracted from somewhere but it was already there (and tested by a method which calls it)… but you're right, having a unit-test of the method itself is much better; done.

> 16      +func composeSharedSignature(permission, signedExpiry, path,
> accountName, signedIdentifier, signedVersion, accountKey string) string {
> 
> Since you documented the other internal compose* funcs, can you do the same
> here please.

In this case, I felt the name of the method would be as good as any comment but okay, done.

> 19      +    stringToSign := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s",
> 20      +        permission, "", signedExpiry, canonicalizedResource,
> signedIdentifier, signedVersion)
> 
> Gah I *really* miss Python's format() here.  The second arg of "" is a bit
> magic, can you initalise a variable called 'signedStart' to "" and then use it
> instead of the bare "", it will make that Sprintf more readable (the "" sticks
> out like a pimple on a supermodel).

Very good point, done (I've added a 'signedStart' field to the structure).

> 29      +func composeAccessQueryString(permission, signedExpiry, path,
> accountName, signedIdentifier, signedVersion, signedRessource, accountKey
> string) url.Values {
> 
> Given that this shares almost all of its params with composeSharedSignature it
> might be worth declaring a struct type which encapsulates the data in a shared
> access signature. I think once functions get beyond more than three params
> they get very unwieldy very quickly.  The new type could well be useful in the
> future if we do more things with SASes.

Excellent point, done.

> Also this function is mis-named, it is not composing a string.  May I suggest
> composeAcessQueryValues instead.

True, I started with a method which returned a string then changed the signature but not the name, thanks for spotting that!

> 71      +func (*sharedSignatureSuite) TestComposeSharedSignature(c *C) {
> 72      +    permission := "r"
> 73      +    signedExpiry := "2015-02-12"
> 74      +    path := "/path/to/file"
> 75      +    accountName := "name"
> 76      +    signedIdentifier := "identifier"
> 77      +    signedVersion := "2012-02-12"
> 78      +    accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
> 79      +
> 80      +    signature := composeSharedSignature(permission, signedExpiry,
> path, accountName, signedIdentifier, signedVersion, accountKey)
> 81      +    c.Check(signature, Equals,
> "C/COJt8UagHJR2LBT1129bhDChtgfLGFqfZ0YQpBdF0=")
> 
> Here, once sign() is independently tested, you can use its return value
> instead of hard-coding this string here.  The test will improve in readability
> for that.

That would mean composing the string to sign manually in the test and thus basically just duplicating the implementation of the method in a test… which is something I don't think we should do.

> 
> 103     +func (*sharedSignatureSuite) TestComposeReadBlobValues(c *C) {
> 104     +    container := "container"
> 105     +    filename := "/path/to/file"
> 106     +    accountName := "name"
> 107     +    accountKey := base64.StdEncoding.EncodeToString([]byte("key"))
> 108     +    expires := time.Now()
> 109     +    values := composeReadBlobValues(container, filename, accountName,
> accountKey, expires)
> 110     +    c.Check(values.Get("sv"), Equals, "2012-02-12")
> 111     +    expiryDateString := values.Get("se")
> 112     +    expectedExpiryDateString := expires.UTC().Format(time.RFC3339)
> 113     +    c.Check(expiryDateString, Equals, expectedExpiryDateString)
> 114     +}
> 
> This one is missing a lot of checks, composeReadBlobValues is passing more
> than just date and version into composeAccessQueryString.  I'd refactor the
> assertions made in TestComposeAccessQueryString.

You're right, 3 checks are missing.  I don't think it's worth refactoring what TestComposeAccessQueryString does, it will be more explicit if I just add the checks.

> 128     +func sign(accountKey, signable string) string {
> 
> As I said before, this is missing a test.

Done.

> 
> 151     +// GetSignedFileURL returns an anonymously-accessible URL for a given
> file in
> 152     +// the given container.
> 153     +func (context *StorageContext) GetSignedFileURL(container, filename
> string, expires time.Time) string {
> 
> The comment doesn't explain why "expires" is required, can you add something?
> Also (sorry to bikeshed again) I don't think the function name accurately
> represents what you're doing here, it's surreptitiously leaking internal
> implementation details into the function's name.  Perhaps
> GetAnonymousFileURL() ?  Callers won't necessarily care about internals of
> signing.  I am also idly wondering that since we already have a GetFileURL(),
> can it automatically return the URL with the signature on it if it knows the
> file needs it...

That's funny because that method used to be called exactly that.  But then I changed it because I wanted a name that would make it easy to find the relevant documentation in Azure and thus I thought using the word "Signed" would be better than using the word "Anonymous".  But on second thought you're right, GetAnonymousFileURL more accurately describes what the method does.

> 170     +func (suite *TestStorageContext) TestGetSignedFileURL(c *C) {
> 
> You seem to already know this but you don't need the "suite" variable here.
> So much for Go's vaunted compilation errors for unused variables.

Well, I don't really care to be honest.

> 
> 87      +    values, err := url.ParseQuery(parsed.RawQuery)
> 188     +    c.Assert(err, IsNil)
> 189     +    signature := values.Get("sig")
> 190     +    c.Check(signature, Not(HasLen), 0)
> 191     +    // The signature is base64-encoded.
> 192     +    _, err = base64.StdEncoding.DecodeString(signature)
> 193     +    c.Assert(err, IsNil)
> 194     +}
> 
> I reckon that with decent refactoring of assertions in the tests above, you
> can re-use them here to check for actual values, since this is a fragile test
> as it stands.

Right, done.

Revision history for this message

Raphaël Badin (rvb) wrote on 2013-07-26:

#

> Early approval, I am sure you'll fix things :)

I did, thanks for the review :)

Go Windows Azure Client Library

Merge lp://staging/~rvb/gwacl/signed-access into lp://staging/gwacl

Commit message

Description of the change

Preview Diff

Subscribers