Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(middleware-signing): attempt secondary authscheme selection during request signing #5895

Merged
merged 3 commits into from
Mar 14, 2024
Merged

fix(middleware-signing): attempt secondary authscheme selection during request signing #5895

merged 3 commits into from
Mar 14, 2024

Conversation

kuhe
Copy link
Contributor

@kuhe kuhe commented Mar 14, 2024
edited
Loading

Issue

S3 feature release
2ddd8ec

Description

In awsAuthMiddleware, select the second authScheme if:

  • second auth scheme exists
  • first auth scheme is sigv4a
  • sigv4a is not available

Testing

existing unit test

  • e2e
  • e2e:legacy

@kuhe kuhe requested a review from a team as a code owner March 14, 2024 16:59
syall
syall reviewed Mar 14, 2024
View reviewed changes
packages/middleware-signing/src/awsAuthConfiguration.ts Outdated Show resolved Hide resolved
packages/middleware-signing/src/awsAuthConfiguration.ts Outdated
// user supplied signingName -> endpoints.json inferred (credential scope -> model arnNamespace) -> model service id
input.signingName = input.signingName || signingService || input.serviceId;

if (overwrite) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: overwrite reads like the input.* parameters would be overwritten, but the code path here is using the original input.* parameters.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unfortunately this part of the code mutates the config during signing and not during the constructor config resolution

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed it to only mutate if authscheme is not sigv4a. Sigv4a doesn't contain a meaningful region so far, so we can skip writing that to the input and leave it to any further resolutions containing a singular region.

@kuhe kuhe merged commit 5e6af3f into aws:main Mar 14, 2024
2 of 4 checks passed
@kuhe kuhe deleted the fix/s3 branch March 14, 2024 17:38
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@syall syall syall approved these changes

@trivikr trivikr trivikr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kuhe @trivikr @syall