Merge pull request #48 from alextwoods/sigv4_gem_updates

alextwoods · May 8, 2024 · 768f137 · 768f137
2 parents 33c98d3 + 3165f81
commit 768f137
Show file tree

Hide file tree

Showing 5 changed files with 431 additions and 360 deletions.
diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/signers/sigv4.rb b/gems/aws-sdk-core/lib/aws-sdk-core/signers/sigv4.rb
@@ -4,19 +4,41 @@ module AWS::SDK::Core
   module Signers
     # A signer that signs requests using the SigV4 Auth scheme.
     class SigV4 < Hearth::Signers::Base
-      def sign(request:, identity:, properties:)
-        signer = AWS::SigV4::Signer.new
+      # @param signer [AWS::SigV4::Signer] (AWS::SigV4::Signer.new) An
+      #   initialized signer, allowing override of default signing parameters.
+      #   To override default signing behavior, configure an
+      #   auth_scheme on the client:
+      #
+      #     custom_signer = AWS::SDK::Core::Signers::SigV4.new(
+      #       signer: AWS::SigV4::Signer.new(**my_signing_properties)
+      #     )
+      #     custom_sigv4_auth_scheme = AWS::SDK::Core::AuthSchemes::SigV4.new(
+      #       signer: custom_signer
+      #     )
+      #     client = AWS::SDK::S3::Client.new(
+      #       auth_schemes: [custom_sigv4_auth_scheme]
+      #     )
+      #
+      #    Note: If you need to override resolved signing properties, you must
+      #    wrap the AWS::SDK::<Service>::Auth::Resolver and modify the
+      #    returned properties rather than initializing a signer with those
+      #    properties - providing an initialized signer here is only for
+      #    overriding signing defaults.
+      def initialize(signer: AWS::SigV4::Signer.new)
+        @signer = signer
+        super()
+      end
 
+      attr_reader :signer
+
+      def sign(request:, identity:, properties:)
         apply_unsigned_body(request, properties)
 
-        signature = signer.sign_request(request: {
-                                          http_method: request.http_method,
-                                          url: request.uri,
-                                          headers: request.headers.to_h,
-                                          body: request.body
-                                        },
-                                        credentials: identity,
-                                        **properties)
+        signature = @signer.sign_request(
+          request: request,
+          credentials: identity,
+          **properties
+        )
         apply_signature(request, signature)
       end
 

diff --git a/gems/aws-sigv4/lib/aws-sigv4/credentials.rb b/gems/aws-sigv4/lib/aws-sigv4/credentials.rb
@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 module AWS::SigV4
-  # A Credentials data object that stores AWS credentials. This object may be
-  # populated from various different Credential Providers.
+  # An AWS Credentials identity data object that stores AWS credentials
+  # used for Sigv4 and Sigv4a.
   class Credentials
     # @param [String] access_key_id
     # @param [String] secret_access_key