Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add operation customization for disabling payload signing #3915

Merged
merged 9 commits into from
Dec 4, 2024

Conversation

Velfi
Copy link
Contributor

@Velfi Velfi commented Nov 19, 2024

Motivation and Context

#3583

Description

This PR adds the ability for users to disable payload signing with an operation customization.

Testing

This PR includes tests.

Checklist

  • For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the .changelog directory, specifying "aws-sdk-rust" in the applies_to key.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Sorry, something went wrong.

Verified

This commit was signed with the committer’s verified signature.
marko-bekhta Marko Bekhta
@Velfi Velfi requested review from a team as code owners November 19, 2024 16:54
Copy link

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

Copy link

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

Copy link
Contributor

@aajtodd aajtodd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple questions but overall looks good.

This looks congruent with the proposed rfc unless I'm mistaken. If theres no material differences we should update that and get it merged with this work.

Some(SignableBody::StreamingUnsignedPayloadTrailer);
cfg.interceptor_state().store_put(signing_config);
}
cfg.interceptor_state()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this not need gated anymore?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Previously this info was stored within something in the config bag. Now I don't need to load anything so I therefore don't need an if let.

assert_eq!("UNSIGNED-PAYLOAD", x_amz_content_sha256);
}

// This test ensures that the interceptor's payload signing setting
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Which interceptor? Also maybe add context on why this is important.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll update this.

@@ -65,6 +65,7 @@ val DECORATORS: List<ClientCodegenDecorator> =
TokenProvidersDecorator(),
ServiceEnvConfigDecorator(),
HttpRequestCompressionDecorator(),
DisablePayloadSigningDecorator(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

correctness: Should we only be applying this to S3 (and possibly only specific S3 operations)?

I'm guessing most operations are going to require signing and won't work if the payload is unsigned but you'd have to test it. I also can't imagine it matters much for most operations to need unsigned so I'd rather not support this for more than we need to.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm going to store the allowlist in the plugin itself. Currently, it only targets two S3 operations.

Copy link

github-actions bot commented Dec 2, 2024

A new generated diff is ready to view.

A new doc preview is ready to view.

Copy link

github-actions bot commented Dec 2, 2024

A new generated diff is ready to view.

A new doc preview is ready to view.

Copy link

github-actions bot commented Dec 3, 2024

A new generated diff is ready to view.

A new doc preview is ready to view.

@Velfi Velfi enabled auto-merge December 3, 2024 16:45
Copy link

github-actions bot commented Dec 4, 2024

A new generated diff is ready to view.

  • AWS SDK (ignoring whitespace)
  • No codegen difference in the Client Test
  • No codegen difference in the Server Test
  • No codegen difference in the Server Test Python
  • No codegen difference in the Server Test Typescript

A new doc preview is ready to view.

@Velfi Velfi added this pull request to the merge queue Dec 4, 2024
Merged via the queue into main with commit 8dbf48c Dec 4, 2024
43 of 44 checks passed
@Velfi Velfi deleted the zhessler-disable-payload-signing-customization branch December 4, 2024 15:50
@@ -0,0 +1,28 @@
---
applies_to: ["client"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: given code changes are mostly under aws, the release note should probably show up in a aws-sdk-rust release. This should be either ["client", "aws-sdk-rust"] or just ["aws-sdk-rust"]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants