-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add operation customization for disabling payload signing #3915
Conversation
A new generated diff is ready to view.
A new doc preview is ready to view. |
A new generated diff is ready to view.
A new doc preview is ready to view. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple questions but overall looks good.
This looks congruent with the proposed rfc unless I'm mistaken. If theres no material differences we should update that and get it merged with this work.
Some(SignableBody::StreamingUnsignedPayloadTrailer); | ||
cfg.interceptor_state().store_put(signing_config); | ||
} | ||
cfg.interceptor_state() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does this not need gated anymore?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previously this info was stored within something in the config bag. Now I don't need to load anything so I therefore don't need an if let
.
assert_eq!("UNSIGNED-PAYLOAD", x_amz_content_sha256); | ||
} | ||
|
||
// This test ensures that the interceptor's payload signing setting |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which interceptor? Also maybe add context on why this is important.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll update this.
@@ -65,6 +65,7 @@ val DECORATORS: List<ClientCodegenDecorator> = | |||
TokenProvidersDecorator(), | |||
ServiceEnvConfigDecorator(), | |||
HttpRequestCompressionDecorator(), | |||
DisablePayloadSigningDecorator(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correctness: Should we only be applying this to S3 (and possibly only specific S3 operations)?
I'm guessing most operations are going to require signing and won't work if the payload is unsigned but you'd have to test it. I also can't imagine it matters much for most operations to need unsigned so I'd rather not support this for more than we need to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm going to store the allowlist in the plugin itself. Currently, it only targets two S3 operations.
A new generated diff is ready to view.
A new doc preview is ready to view. |
A new generated diff is ready to view.
A new doc preview is ready to view. |
A new generated diff is ready to view.
A new doc preview is ready to view. |
A new generated diff is ready to view.
A new doc preview is ready to view. |
@@ -0,0 +1,28 @@ | |||
--- | |||
applies_to: ["client"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: given code changes are mostly under aws
, the release note should probably show up in a aws-sdk-rust
release. This should be either ["client", "aws-sdk-rust"]
or just ["aws-sdk-rust"]
Motivation and Context
#3583
Description
This PR adds the ability for users to disable payload signing with an operation customization.
Testing
This PR includes tests.
Checklist
.changelog
directory, specifying "aws-sdk-rust" in theapplies_to
key.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.