fix: correctly encode bytes for V2 signature #382
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
V2 signature was passing a string to the sign_bytes function instead of bytes. This works fine for most credentials (since their sign_bytes implementations accept strings) but not for impersonated credentials. V4 signature encodes the string before calling sign_bytes, so I do the same here. We should also look into clarifying the contract for the sign_bytes interface in the auth library. Fixes googleapis#373
product-auto-label bot added the api: storage 
google-cla bot added the cla: yes 
tritone commented Feb 17, 2021
| """ | ||
| ensure_signed_credentials(credentials) | ||
| signature_bytes = credentials.sign_bytes(string_to_sign) | ||
| signature_bytes = credentials.sign_bytes(string_to_sign.encode("ascii")) |
Contributor Author
There was a problem hiding this comment.
See https://github.com/googleapis/python-storage/blob/master/google/cloud/storage/_signing.py#L628 for what we do in V4
frankyn approved these changes Feb 17, 2021
Contributor
frankyn left a comment
frankyn left a comment There was a problem hiding this comment.
Change LGTM.
Opnion: Issue here is that we have multiple sign versions and we focused on v4 more recently.
This was referenced Mar 11, 2021
Merged
Merged
cojenco pushed a commit to cojenco/python-storage that referenced this pull request Oct 13, 2021
* fix: correctly encode bytes for V2 signature V2 signature was passing a string to the sign_bytes function instead of bytes. This works fine for most credentials (since their sign_bytes implementations accept strings) but not for impersonated credentials. V4 signature encodes the string before calling sign_bytes, so I do the same here. We should also look into clarifying the contract for the sign_bytes interface in the auth library. Fixes googleapis#373 * fix py2 failure
cojenco pushed a commit to cojenco/python-storage that referenced this pull request Oct 13, 2021
* fix: correctly encode bytes for V2 signature V2 signature was passing a string to the sign_bytes function instead of bytes. This works fine for most credentials (since their sign_bytes implementations accept strings) but not for impersonated credentials. V4 signature encodes the string before calling sign_bytes, so I do the same here. We should also look into clarifying the contract for the sign_bytes interface in the auth library. Fixes googleapis#373 * fix py2 failure
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
V2 signature was passing a string to the sign_bytes function
instead of bytes. This works fine for most credentials (since
their sign_bytes implementations accept strings) but not for
impersonated credentials. V4 signature encodes the string before
calling sign_bytes, so I do the same here.
We should also look into clarifying the contract for the
sign_bytes interface in the auth library.
Fixes #373