From 9eee29d2e46e774eb08acb76c3317a58856f3f71 Mon Sep 17 00:00:00 2001 From: Tim Burke Date: Wed, 8 Jun 2022 09:30:17 -0700 Subject: tempurl: Support sha256 and sha512 signatures Up the default to sha256 since * the proxy has supported (and defaulted to allowing) it for four years now, and * Rackspace has supported it for even longer. Include a note in the --help about older clusters likely requiring sha1. Change-Id: Ibac2bb7e2e4c9946c7384f0aab8e43d0d79ba645 Related-Change: Ia9dd1a91cc3c9c946f5f029cdefc9e66bcf01046 Related-Bug: #1733634 Closes-Bug: #1977867 --- swiftclient/shell.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'swiftclient/shell.py') diff --git a/swiftclient/shell.py b/swiftclient/shell.py index df7c511..b4721fe 100755 --- a/swiftclient/shell.py +++ b/swiftclient/shell.py @@ -1427,6 +1427,8 @@ Optional arguments: ISO 8601 UTC timestamp instead of a Unix timestamp. --ip-range If present, the temporary URL will be restricted to the given ip or ip range. + --digest The digest algorithm to use. Defaults to sha256, but + older clusters may only support sha1. '''.strip('\n') @@ -1456,6 +1458,12 @@ def st_tempurl(parser, args, thread_manager, return_parser=False): help=("If present, the temporary URL will be restricted to the " "given ip or ip range."), ) + parser.add_argument( + '--digest', choices=('sha1', 'sha256', 'sha512'), + default='sha256', + help=("The digest algorithm to use. Defaults to sha256, but " + "older clusters may only support sha1."), + ) # We return the parser to build up the bash_completion if return_parser: @@ -1480,7 +1488,8 @@ def st_tempurl(parser, args, thread_manager, return_parser=False): absolute=options['absolute_expiry'], iso8601=options['iso8601'], prefix=options['prefix_based'], - ip_range=options['ip_range']) + ip_range=options['ip_range'], + digest=options['digest']) except ValueError as err: thread_manager.error(err) return -- cgit v1.2.1