Skip to content

Commit

Permalink
Turn SigV4SigningError into informative error
Browse files Browse the repository at this point in the history 
This commit addresses #3441 (comment)
  • Loading branch information
@ysaito1001
ysaito1001 committed Mar 1, 2024
1 parent 721fadd commit 30595dd
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 25 deletions.
24 changes: 17 additions & 7 deletions aws/rust-runtime/aws-runtime/src/auth.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,8 +129,14 @@ fn settings(operation_config: &SigV4OperationSigningConfig) -> SigningSettings {
settings
}

/// Errors that can occur while signing with SigV4.
#[derive(Debug)]
enum SigV4SigningError {
pub struct SigV4SigningError {
kind: ErrorKind,
}

#[derive(Debug)]
pub(crate) enum ErrorKind {
MissingOperationSigningConfig,
MissingSigningRegion,
#[cfg(feature = "sigv4a")]
Expand All @@ -142,9 +148,9 @@ enum SigV4SigningError {

impl fmt::Display for SigV4SigningError {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
use SigV4SigningError::*;
use ErrorKind::*;
let mut w = |s| f.write_str(s);
match self {
match &self.kind {
MissingOperationSigningConfig => w("missing operation signing config"),
MissingSigningRegion => w("missing signing region"),
#[cfg(feature = "sigv4a")]
Expand All @@ -168,24 +174,28 @@ impl StdError for SigV4SigningError {}
fn extract_endpoint_auth_scheme_signing_name(
endpoint_config: &AuthSchemeEndpointConfig<'_>,
) -> Result<Option<SigningName>, SigV4SigningError> {
use SigV4SigningError::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;
use ErrorKind::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;

match extract_field_from_endpoint_config("signingName", endpoint_config) {
Some(Document::String(s)) => Ok(Some(SigningName::from(s.to_string()))),
None => Ok(None),
_ => Err(UnexpectedType("signingName")),
_ => Err(SigV4SigningError {
kind: UnexpectedType("signingName"),
}),
}
}

fn extract_endpoint_auth_scheme_signing_region(
endpoint_config: &AuthSchemeEndpointConfig<'_>,
) -> Result<Option<SigningRegion>, SigV4SigningError> {
use SigV4SigningError::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;
use ErrorKind::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;

match extract_field_from_endpoint_config("signingRegion", endpoint_config) {
Some(Document::String(s)) => Ok(Some(SigningRegion::from(Region::new(s.clone())))),
None => Ok(None),
_ => Err(UnexpectedType("signingRegion")),
_ => Err(SigV4SigningError {
kind: UnexpectedType("signingRegion"),
}),
}
}

Expand Down
30 changes: 21 additions & 9 deletions aws/rust-runtime/aws-runtime/src/auth/sigv4.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
use crate::auth;
use crate::auth::{
extract_endpoint_auth_scheme_signing_name, extract_endpoint_auth_scheme_signing_region,
SigV4OperationSigningConfig, SigV4SigningError,
ErrorKind, SigV4OperationSigningConfig, SigV4SigningError,
};
use aws_credential_types::Credentials;
use aws_sigv4::http_request::{
Expand Down Expand Up @@ -85,7 +85,9 @@ impl SigV4Signer {
) -> Result<v4::SigningParams<'a, SigningSettings>, SigV4SigningError> {
let creds = identity
.data::<Credentials>()
.ok_or_else(|| SigV4SigningError::WrongIdentityType(identity.clone()))?;
.ok_or_else(|| SigV4SigningError {
kind: ErrorKind::WrongIdentityType(identity.clone()),
})?;

if let Some(expires_in) = settings.expires_in {
if let Some(creds_expires_time) = creds.expiry() {
Expand All @@ -102,14 +104,18 @@ impl SigV4Signer {
operation_config
.region
.as_ref()
.ok_or(SigV4SigningError::MissingSigningRegion)?
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingSigningRegion,
})?
.as_ref(),
)
.name(
operation_config
.name
.as_ref()
.ok_or(SigV4SigningError::MissingSigningName)?
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingSigningName,
})?
.as_ref(),
)
.time(request_timestamp)
Expand All @@ -122,10 +128,13 @@ impl SigV4Signer {
pub fn extract_operation_config<'a>(
auth_scheme_endpoint_config: AuthSchemeEndpointConfig<'a>,
config_bag: &'a ConfigBag,
) -> Result<Cow<'a, SigV4OperationSigningConfig>, BoxError> {
let operation_config = config_bag
.load::<SigV4OperationSigningConfig>()
.ok_or(SigV4SigningError::MissingOperationSigningConfig)?;
) -> Result<Cow<'a, SigV4OperationSigningConfig>, SigV4SigningError> {
let operation_config =
config_bag
.load::<SigV4OperationSigningConfig>()
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingOperationSigningConfig,
})?;

let name = extract_endpoint_auth_scheme_signing_name(&auth_scheme_endpoint_config)?
.or(config_bag.load::<SigningName>().cloned());
Expand Down Expand Up @@ -229,7 +238,10 @@ impl Sign for SigV4Signer {
config_bag: &ConfigBag,
) -> Result<(), BoxError> {
if identity.data::<Credentials>().is_none() {
return Err(SigV4SigningError::WrongIdentityType(identity.clone()).into());
return Err(SigV4SigningError {
kind: ErrorKind::WrongIdentityType(identity.clone()),
}
.into());
};

let operation_config =
Expand Down
30 changes: 21 additions & 9 deletions aws/rust-runtime/aws-runtime/src/auth/sigv4a.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
*/

use crate::auth::{
apply_signing_instructions, extract_endpoint_auth_scheme_signing_name,
apply_signing_instructions, extract_endpoint_auth_scheme_signing_name, ErrorKind,
SigV4OperationSigningConfig, SigV4SigningError,
};
use aws_credential_types::Credentials;
Expand Down Expand Up @@ -95,14 +95,18 @@ impl SigV4aSigner {
operation_config
.region_set
.as_ref()
.ok_or(SigV4SigningError::MissingSigningRegionSet)?
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingSigningRegionSet,
})?
.as_ref(),
)
.name(
operation_config
.name
.as_ref()
.ok_or(SigV4SigningError::MissingSigningName)?
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingSigningName,
})?
.as_ref(),
)
.time(request_timestamp)
Expand All @@ -115,9 +119,12 @@ impl SigV4aSigner {
auth_scheme_endpoint_config: AuthSchemeEndpointConfig<'a>,
config_bag: &'a ConfigBag,
) -> Result<Cow<'a, SigV4OperationSigningConfig>, SigV4SigningError> {
let operation_config = config_bag
.load::<SigV4OperationSigningConfig>()
.ok_or(SigV4SigningError::MissingOperationSigningConfig)?;
let operation_config =
config_bag
.load::<SigV4OperationSigningConfig>()
.ok_or(SigV4SigningError {
kind: ErrorKind::MissingOperationSigningConfig,
})?;

let name = extract_endpoint_auth_scheme_signing_name(&auth_scheme_endpoint_config)?
.or(config_bag.load::<SigningName>().cloned());
Expand All @@ -142,7 +149,7 @@ fn extract_endpoint_auth_scheme_signing_region_set(
endpoint_config: &AuthSchemeEndpointConfig<'_>,
) -> Result<Option<SigningRegionSet>, SigV4SigningError> {
use aws_smithy_types::Document::Array;
use SigV4SigningError::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;
use ErrorKind::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;

match super::extract_field_from_endpoint_config("signingRegionSet", endpoint_config) {
Some(Array(docs)) => {
Expand All @@ -153,7 +160,9 @@ fn extract_endpoint_auth_scheme_signing_region_set(
Ok(Some(region_set))
}
None => Ok(None),
_it => Err(UnexpectedType("signingRegionSet")),
_it => Err(SigV4SigningError {
kind: UnexpectedType("signingRegionSet"),
}),
}
}

Expand All @@ -171,7 +180,10 @@ impl Sign for SigV4aSigner {
let request_time = runtime_components.time_source().unwrap_or_default().now();

if identity.data::<Credentials>().is_none() {
return Err(SigV4SigningError::WrongIdentityType(identity.clone()).into());
return Err(SigV4SigningError {
kind: ErrorKind::WrongIdentityType(identity.clone()),
}
.into());
}

let settings = Self::settings(&operation_config);
Expand Down

0 comments on commit 30595dd

Please sign in to comment.