Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix S3 Express bug where SigV4 session token was incorrectly overriden #3474

Merged
merged 6 commits into from
Mar 11, 2024
Merged

Fix S3 Express bug where SigV4 session token was incorrectly overriden #3474

merged 6 commits into from
Mar 11, 2024

Conversation

ysaito1001
Copy link
Contributor

Description

S3 express canary exposed a bug introduced in smithy-rs#3457 where the code overwrote the regular SigV4 session token name with the S3 Expression session token name when it shouldn't.

    4: Error { code: "InvalidRequest", message: "CreateSession request should not include \"x-amz-s3session-token\"", aws_request_id: "01c0c8864e00018e20558a130509f37740b906e4", s3_extended_request_id: "DGTJhRqVMbZdAHQ" }

For APIs like ListDirectoryBuckets or CreateSession, we should not overwrite x-amz-security-token with x-amz-s3session-token in the request header.

In the said PR, aws_sdk_s3::s3_express::utils::for_s3_express did not take into account auth schemes attached to a resolved endpoint, failing to detect that it should not override the session token name for the said APIs. This PR will resolve that issue.

Testing

  • Added an integration test verifying the fix (this test currently fails when run in the destination branch, ysaito/s3express)
  • Verified all canary (including wasm, s3express) passed

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

@ysaito1001 ysaito1001 marked this pull request as ready for review March 9, 2024 14:35
@ysaito1001 ysaito1001 requested review from a team as code owners March 9, 2024 14:35
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 9, 2024

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

@ysaito1001 ysaito1001 merged commit 3b8f2f4 into ysaito/s3express Mar 11, 2024
41 checks passed
@ysaito1001 ysaito1001 deleted the s3express-session-token-override-bug-fix branch March 11, 2024 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdisanti jdisanti jdisanti approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ysaito1001 @jdisanti @Velfi