-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option for :whitelist_headers in V4 signer #1228
Conversation
@service_name = service_name | ||
@credentials = credentials.credentials | ||
@region = EndpointProvider.signing_region(region, service_name) | ||
if whitelist_headers.any? && (BLACKLIST_HEADERS & whitelist_headers).any? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be missing something, but why not just remove this whole block and use:
@blacklist = BLACKLIST_HEADERS - whitelist_headers
You already set whitelist headers to be an array by default, so once we get to this point, I'm not sure the if-else block is doing anything.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's true, I was thinking checking the intersection of the 2 arrays before getting the result. It seems redundant, I'll remove that.
The inner implementation appears to be reasonable, but how would an end user use this? I don't believe we have users creating signer classes directly, so we would need to wire this up to configuration in some way. |
…signer-whitelist-header
Some other notes after a deeper dive:
|
This PR is updated and ready for another review. |
I've done a quick review of this. I think we should discuss the method in which white-listed headers are provided. I'm of the opinion that this should not be done as client configuration options. Given the client will never consume these options, they increase the surface area of a client just to act as a convenient bag for grouping options. I suspect this was suggested because a |
6777835
to
3ce89ff
Compare
This PR is updated and ready for another review @awood45 @trevorrowe |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good. We should consider adding an integration test for this to ensure it works the way we intend, for example, a test where we presign a URL, call it with the header we whitelisted set, and see that it responds successfully.
@awood45 Sounds good, make sense. I'll add that : ) |
PR #1477 just opened includes this feature, we'll focus on that one : ) |
Feature request
Issue related: #1051
cc:\ @awood45 @trevorrowe