From 55d7bb328e76203756e6e333ac58ab3fa07306fd Mon Sep 17 00:00:00 2001 From: Yaron Schneider Date: Tue, 4 Oct 2022 13:56:44 -0700 Subject: [PATCH] Add AWS S3 presign url (#2832) * add aws s3 presign url Signed-off-by: yaron2 * fix broken link Signed-off-by: yaron2 * fix broken link 2 Signed-off-by: yaron2 * Update daprdocs/content/en/reference/components-reference/supported-bindings/s3.md Co-authored-by: Mark Fussell Signed-off-by: Yaron Schneider * remove filePath Signed-off-by: yaron2 * add upload description Signed-off-by: yaron2 * fix broken link Signed-off-by: yaron2 * fix broken link Signed-off-by: yaron2 * add presign existing object content Signed-off-by: yaron2 Signed-off-by: yaron2 Signed-off-by: Yaron Schneider Co-authored-by: Mark Fussell --- .../supported-bindings/s3.md | 72 ++++++++++++++++++- 1 file changed, 69 insertions(+), 3 deletions(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md index 507530538..bb5e1f619 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/s3.md @@ -44,8 +44,6 @@ spec: value: - name: insecureSSL value: - - name: filePath - value: ``` {{% alert title="Warning" color="warning" %}} @@ -67,7 +65,6 @@ The above example uses secrets as plain strings. It is recommended to use a secr | encodeBase64 | N | Output | Configuration to encode base64 file content before return the content. (In case of opening a file with binary content). `true` is the only allowed positive value. Other positive variations like `"True", "1"` are not acceptable. Defaults to `false` | `true`, `false` | | disableSSL | N | Output | Allows to connect to non `https://` endpoints. Defaults to `false` | `true`, `false` | | insecureSSL | N | Output | When connecting to `https://` endpoints, accepts invalid or self-signed certificates. Defaults to `false` | `true`, `false` | -| filePath | N | Output | If set, create operations that contain empty `data` fields will attempt to upload a file from the supplied path | `"/var/path/myFile.txt"` | {{% alert title="Important" color="warning" %}} When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you're using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you **must not** provide AWS access-key, secret-key, and tokens in the definition of the component spec you're using. @@ -103,6 +100,41 @@ To perform a create operation, invoke the AWS S3 binding with a `POST` method an } ``` +#### Share object with a presigned URL + +To presign an object with a specified time-to-live, use the `presignTTL` metadata key on a `create` request. +Valid values for `presignTTL` are [Go duration strings](https://pkg.go.dev/maze.io/x/duration#:~:text=A%20duration%20string%20is%20a,w%22%2C%20%22y%22). + +{{< tabs Windows Linux >}} + + {{% codetab %}} + ```bash + curl -d "{ \"operation\": \"create\", \"data\": \"Hello World\", \"metadata\": { \"presignTTL\": \"15m\" } }" \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "create", "data": "Hello World", "metadata": { "presignTTL": "15m" } }' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} + +##### Response + +The response body contains the following example JSON: + +```json +{ + "location":"https://.s3..amazonaws.com/", + "versionID":"", + "presignURL": "https://.s3..amazonaws.com/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJJWZ7B6WCRGMKFGQ%2F20180210%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180210T171315Z&X-Amz-Expires=1800&X-Amz-Signature=12b74b0788aa036bc7c3d03b3f20c61f1f91cc9ad8873e3314255dc479a25351&X-Amz-SignedHeaders=host" +} +``` + #### Examples ##### Save text to a random generated UUID file @@ -194,6 +226,7 @@ Then you can upload it as you would normally: {{< /tabs >}} ##### Upload from file path +To upload a file from a supplied path (relative or absolute), use the `filepath` metadata key on a `create` request that contains empty `data` fields. {{< tabs Windows Linux >}} @@ -223,6 +256,39 @@ The response body will contain the following JSON: } ``` +#### Presign an existing object + +To presign an existing S3 object with a specified time-to-live, use the `presignTTL` and `key` metadata keys on a `presign` request. +Valid values for `presignTTL` are [Go duration strings](https://pkg.go.dev/maze.io/x/duration#:~:text=A%20duration%20string%20is%20a,w%22%2C%20%22y%22). + +{{< tabs Windows Linux >}} + + {{% codetab %}} + ```bash + curl -d "{ \"operation\": \"presign\", \"metadata\": { \"presignTTL\": \"15m\", \"key\": \"my-test-file.txt\" } }" \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + + {{% codetab %}} + ```bash + curl -d '{ "operation": "presign", "metadata": { "presignTTL": "15m", "key": "my-test-file.txt" } }' \ + http://localhost:/v1.0/bindings/ + ``` + {{% /codetab %}} + +{{< /tabs >}} + +##### Response + +The response body contains the following example JSON: + +```json +{ + "presignURL": "https://.s3..amazonaws.com/image.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAJJWZ7B6WCRGMKFGQ%2F20180210%2Feu-west-2%2Fs3%2Faws4_request&X-Amz-Date=20180210T171315Z&X-Amz-Expires=1800&X-Amz-Signature=12b74b0788aa036bc7c3d03b3f20c61f1f91cc9ad8873e3314255dc479a25351&X-Amz-SignedHeaders=host" +} +``` + ### Get object To perform a get file operation, invoke the AWS S3 binding with a `POST` method and the following JSON body: