feat(storage): implement V4 Signed Policy Documents#5914
Conversation
This reverts commit eded1b1.
There was a problem hiding this comment.
Code Review
This pull request implements support for GCS V4 Signed Policy Documents (POST Object Forms) by introducing PostPolicyV4Builder and PostPolicyV4Result, along with associated examples, integration tests, and conformance tests. Key feedback includes addressing a bug where custom endpoints with ports lose their port number during URL resolution, automatically prepending $ to starts-with fields, validating expiration limits and content length ranges, avoiding an unnecessary clone of client_email, and switching from HashMap to BTreeMap for deterministic field ordering.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5914 +/- ##
==========================================
- Coverage 97.84% 97.80% -0.05%
==========================================
Files 239 240 +1
Lines 60282 60692 +410
==========================================
+ Hits 58985 59361 +376
- Misses 1297 1331 +34 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
@joshuatants I've made 9 more commits since your review, to address your concerns and also further improved the code. These are the changes after your review:
|
|
|
||
| /// The result of signing a V4 POST Policy Document. | ||
| #[derive(Debug, Clone, serde::Serialize)] | ||
| pub struct PostPolicyV4Result { |
There was a problem hiding this comment.
can you imagine this thing growing?
If so, tag the struct as #[non_exhaustive]
There was a problem hiding this comment.
Done. Tagged the struct as #[non_exhaustive]. Thanks for pointing this out.
We can't predict if there'll be product evolution in the future; for backward compatibility, tagging this public data structure to prevent user doing exhaustive pattern matching is a safer way.
Description
This PR introduces support for generating V4 Signed Policy Documents (
PostPolicyV4Builder), bringing the Rust SDK into feature parity with other official GCS SDKs for POST form object uploads.Design Doc: go/rust-sdk-feature-v4-signed-policy-document-implementation_plan
Key Additions
PostPolicyV4BuilderAPI: A fluent builder API to configure URL styles, exact-match fields,starts-withprefix conditions, andcontent-length-rangelimits.\uXXXX) to guarantee flawless Base64 JSON encoding, satisfying GCS's stringent signature validation requirements.Testing & Validation
generate_signed_post_policy_v4sample code against a real Cloud Storage bucket and verified the upload worked correctly.v4_signatures.jsontest harness, successfully passing 100% (11/11) of thepostPolicyV4Tests(covering Path Style, Virtual Hosted Style, Bucket Bound Hostnames, and Unicode conditions).$keycondition formulation and the maximum 7-day expiration bounds behave identically to the official Go and C++ SDKs.signed_post_policies_v4intests/storage/src/lib.rswhich dynamically constructs a policy and performs a live upload using areqwestmultipart form. It ran successfully against a real Cloud bucket.