Comments (5)
@smeijer If you aren't discarding s3rver entirely, maybe try updating the source code yourself to see if you can add this functionality based on AWS docs? If it works we'd love to have a PR implementing this.
from s3rver.
@christianbaun Sorry this issue hasn't seen a response in so long.
Were you hoping to specify a set of permitted credentials? There is currently no feature to enforce access security in this mock S3 server implementation. If you're interested in seeing such a feature, please provide more details about your use case. I'd be happy to consider implementing a feature if there is a strong case for it. I'd also review and merge a PR if you'd like to implement it!
from s3rver.
Wouldn't that be crucial to test access rights? And to test if the sign logic has been implemented correctly?
Without this, it would be possible that we can communicate with the test server, but that we will receive authentication errors as soon as we hook up to Amazon S3 in production.
from s3rver.
@smeijer You make a fair point about testing if auth logic has been implemented correctly – I can imagine writing an integration test for how an app responds to authentication errors, which is currently impossible because s3rver doesn't give authentication errors.
However even if you could specify credentials for S3rver, that doesn't prevent possible authentication issues in production afterwards – your AWS environment's credentials can vary from your test parameters. So that risk cannot be reliably mitigated this way.
If you're familiar with S3's expected behaviour for different access/auth scenarios, please post a new issue describing what you think the expected behaviour should be, referencing the relevant docs that specify expected behaviour, and write failing tests if possible. This would make it much more likely someone will implement your desired feature.
from s3rver.
your AWS environment's credentials can vary from your test parameters. So that risk cannot be reliably mitigated this way.
Not just can, they should. Never use production credentials in test / dev environments.
Still, authentication logic should be tested. There is a difference between failing a deploy because you supplied the incorrect credentials, or failing because your (signature) hashing algorithm has a bug.
Again, I like this project. But the lack of this functionality is a big loss.
from s3rver.
Related Issues (20)
- vhostBuckets Documentation Confusing HOT 2
- Close Stale Issues/PRs HOT 5
- Error = A parameter you provided functionality that in not implemented HOT 6
- Error: fopen(httpseek://): failed to open stream ... HOT 4
- Storage Class not being respected HOT 5
- Question: Is s3rver a s3 "private" / "public" or both? HOT 1
- key should be Key, capitalized, following the AWS SDK documentation HOT 4
- Content Range header not returned when requested range is 'bytes=0-' HOT 1
- Dependency Dashboard
- Failed to upload large file (53Mb)
- Apparent race condition deleting objects results in ENOENT HOT 1
- Custom Store
- attention on files contains url ecoding putcopy function need decodeURIComponent
- Security Issue in Dependency - CVE-2022-24434 HOT 4
- Feature request - storing/retrieving checksum metadata (x-amz-checksum) inside object attributes
- Simulate slow fetch
- fast-xml-parser vulnerable to prototype pollution SNYK-JS-FASTXMLPARSER-3325616 sonatype-2023-0998
- if i use aws java v2 sdk putobject fail HOT 2
- ListObjectsV2 MaxKeys parameter is broken
- Internal Server Error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3rver.