aws-signing: add es and glacier for payloads special treatment#12020
Conversation
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
dio
left a comment
dio
left a comment
There was a problem hiding this comment.
Thanks! A request for pasting the link to the doc inline. Plus, could you add test for those cases, here: test/extensions/common/aws/signer_impl_test.cc? Probably very similar with SignHeadersS3.
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
| } | ||
|
|
||
| // Verify signing headers for es | ||
| TEST_F(SignerImplTest, SignHeadersES) { |
There was a problem hiding this comment.
Do you think having a helper here will be helpful? For example: SignerImplTest::expectSignHeaders(absl::string_view service_name, absl::string_view signature) with the service name and the expected signature as params.
There was a problem hiding this comment.
added expectSignHeaders. 😄
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
dio
changed the title
| // https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html | ||
| // ES: | ||
| // https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html | ||
| // Gracier: |
| if (service_name_ == "s3") { | ||
| // S3, Gracier, ES payloads require special treatment. | ||
| // S3: | ||
| // https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html |
| headers.get(Http::CustomHeaders::get().Authorization)->value().getStringView()); | ||
| EXPECT_EQ(SignatureConstants::get().HashedEmptyString, | ||
| headers.get(SignatureHeaders::get().ContentSha256)->value().getStringView()); | ||
| // Verify signing headers for services |
There was a problem hiding this comment.
Add a period at the end of the sentence. Thanks!
| GETting | ||
| GLB | ||
| GOAWAY | ||
| Gracier |
There was a problem hiding this comment.
Not sure if we need to add "Glacier".
There was a problem hiding this comment.
Ooops...
Sorry, I fix soon.
|
/assign @marcomagdy |
| // https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html. | ||
| // Glacier: | ||
| // https://docs.aws.amazon.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html. | ||
| if (service_name_ == "s3" || service_name_ == "glacier" || service_name_ == "es") { |
There was a problem hiding this comment.
Sorry, I think we can have this decision at initialization. Let's have a const bool member variable (not sure about the name, e.g. require_special_treatment_). We can initialize that bool with require_special_treatment_(service_name_ == "s3" || service_name_ == "glacier" || service_name_ == "es") and use that here.
There was a problem hiding this comment.
Add newline here, then I think we're good.
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
Signed-off-by: azihsoyn <azihsoyn@gmail.com>
|
GitHub is experiencing problems, I think mostly on serving archives. So let's wait until it is resolved then I'll restart the build. https://www.githubstatus.com/incidents/j597fw8kv04c |
|
/azp run envoy-presubmit |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
/retest |
|
🔨 rebuilding |
| const bool require_content_hash_{service_name_ == "s3" || service_name_ == "glacier" || | ||
| service_name_ == "es"}; |
There was a problem hiding this comment.
nit: if the initialization has logic, then it's better to put it in the ctor.
|
|
||
| void expectSignHeaders(absl::string_view service_name, absl::string_view signature, | ||
| absl::string_view payload) { | ||
| auto* credentials_provider = new NiceMock<MockCredentialsProvider>(); |
There was a problem hiding this comment.
nit: why use new and then create a shared_ptr later?
This should should be:
CredentialsProviderSharedPtr credentials_provider = std::make_shared<NiceMock<MockCredentialsProvider>>();
There was a problem hiding this comment.
maybe no member named 'gmock_getCredentials' in 'Envoy::Extensions::Common::Aws::CredentialsProvider'
| GETting | ||
| GLB | ||
| GOAWAY | ||
| Glacier |
There was a problem hiding this comment.
'Glacier' shouldn't need to be in this file. You had to add it probably because it was misspelled earlier?
|
Thank you for the review! |
…proxy#12020) Signed-off-by: azihsoyn <azihsoyn@gmail.com> Signed-off-by: Kevin Baichoo <kbaichoo@google.com>
…proxy#12020) Signed-off-by: azihsoyn <azihsoyn@gmail.com> Signed-off-by: scheler <santosh.cheler@appdynamics.com>
5 participants
Commit Message: aws-signing: add elasticsearch and glacier for payloads special treatment
Additional Description:
I found aws_request_signing for elasticsearch service failed in POST.
ESS too needs x-amz-content-sha256 like s3, so I added service_name es ( and gracier too ).
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-request-signing.html
https://docs.aws.amazon.com/amazonglacier/latest/dev/amazon-glacier-signing-requests.html
Risk Level: Low
Testing: yes
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: azihsoyn azihsoyn@gmail.com