Script to check connectivity to azure #2734
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
giggsoff
changed the title
giggsoff
force-pushed
the
add-usefull-script
branch
2 times, most recently
from
4e02d1b to
5341977
Compare
zededa-yuri
reviewed
Jul 29, 2022
pkg/debug/scripts/azure-check.sh
Outdated
| __EOT__ | ||
| } | ||
|
|
||
| for prog in base64 openssl xxd curl |
There was a problem hiding this comment.
would be nice to wrap the code in main() function
pkg/debug/scripts/azure-check.sh
Outdated
| done | ||
|
|
||
| # the same as in zedUpload | ||
| authorization="SharedKey" |
There was a problem hiding this comment.
is there a reason why some variables are in CAPS_LOCK, and other are not? Maybe keep all of them in lower case?
pkg/debug/scripts/azure-check.sh
Outdated
| # Build the signature string | ||
|
|
||
| if [ -z "$LIMIT_IN_BYTES" ] || [ -z "$BLOB_NAME" ]; then | ||
| canonicalized_headers="${x_ms_date_h}\n${x_ms_version_h}" |
There was a problem hiding this comment.
I'd suggest to use braces everywhere for consistency
pkg/debug/scripts/azure-check.sh
Outdated
|
|
||
| # in case of port provided we cannot use subdomain | ||
| # checked with azurite | ||
| if echo "$DOMAIN_NAME" | grep -q ":"; then |
There was a problem hiding this comment.
it's generally better to avoid starting sub process (grep). Something like this reads less obvious (thanks to /bin/sh instead of /bin/bash), but better from execution point of view:
case "${DOMAIN_NAME}" in
*:*) echo "Found a colon";;
* ) echo "not found";;
esac
pkg/debug/scripts/azure-check.sh
Outdated
|
|
||
| # Create the HMAC signature for the Authorization header | ||
| # shellcheck disable=SC2059 | ||
| signature=$(printf "$string_to_sign" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$decoded_hex_key" -binary | base64) |
There was a problem hiding this comment.
might be worth to check if openssl returned an error
Azure use signature checking across provided headers. It would be nice to have a tool to debug unexpected intermediate headers modifications that may lead to errors like "The MAC signature found in the HTTP request is not the same as any computed signature". Even without access_key the script allow to show headers server use to calculate the signature. Signed-off-by: Petr Fedchenkov <giggsoff@gmail.com>
giggsoff
force-pushed
the
add-usefull-script
branch
from
5341977 to
e4f8dee
Compare
|
@zededa-yuri thanks for recommendations, modified. |
zededa-yuri
approved these changes
Aug 1, 2022
|
@giggsoff @eriknordmark Let's merge this? |
eriknordmark
approved these changes
Dec 19, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Azure use signature checking across provided headers. It would be
nice to have a tool to debug unexpected intermediate headers
modifications that may lead to errors like "The MAC signature found in
the HTTP request is not the same as any computed signature". Even
without access_key the script allow to show headers server use to
calculate the signature.
Signed-off-by: Petr Fedchenkov giggsoff@gmail.com