From d253841d6f0838f4aa1313b6f4e4bbe6e5a31a1e Mon Sep 17 00:00:00 2001 From: aemous Date: Tue, 24 Sep 2024 09:19:54 -0400 Subject: [PATCH] Progress on porting the commit. --- awscli/botocore/args.py | 3 +++ awscli/botocore/auth.py | 27 ++++++++++++++++++++++++++- awscli/botocore/client.py | 12 ++++++++---- 3 files changed, 37 insertions(+), 5 deletions(-) diff --git a/awscli/botocore/args.py b/awscli/botocore/args.py index dba2dbce18af..d2ec4b63adf9 100644 --- a/awscli/botocore/args.py +++ b/awscli/botocore/args.py @@ -214,6 +214,9 @@ def compute_client_args(self, service_model, client_config, ), user_agent_extra=client_config.user_agent_extra, user_agent_appid=client_config.user_agent_appid, + sigv4a_signing_region_set=( + client_config.sigv4a_signing_region_set + ), ) self._compute_retry_config(config_kwargs) self._compute_request_compression_config(config_kwargs) diff --git a/awscli/botocore/auth.py b/awscli/botocore/auth.py index 3bc271dc2fb0..923b1ca2759e 100644 --- a/awscli/botocore/auth.py +++ b/awscli/botocore/auth.py @@ -32,7 +32,12 @@ urlsplit, urlunsplit, ) -from botocore.exceptions import NoAuthTokenError, NoCredentialsError +from botocore.exceptions import ( + NoAuthTokenError, + NoCredentialsError, + UnknownSignatureVersionError, + UnsupportedSignatureVersionError, +) from botocore.utils import ( is_valid_ipv6_endpoint_url, normalize_url_path, @@ -851,6 +856,19 @@ def add_auth(self, request): # a separate utility module to avoid any potential circular import. import botocore.crt.auth +def resolve_auth_type(auth_trait): + for auth_type in auth_trait: + if auth_type == 'smithy.api#noAuth': + return AUTH_TYPE_TO_SIGNATURE_VERSION[auth_type] + elif auth_type in AUTH_TYPE_TO_SIGNATURE_VERSION: + signature_version = AUTH_TYPE_TO_SIGNATURE_VERSION[auth_type] + if signature_version in AUTH_TYPE_MAPS: + return signature_version + else: + raise UnknownSignatureVersionError(signature_version=auth_type) + raise UnsupportedSignatureVersionError(signature_version=auth_trait) + + # Defined at the bottom instead of the top of the module because the Auth # classes weren't defined yet. AUTH_TYPE_MAPS = { @@ -870,3 +888,10 @@ def add_auth(self, request): 'v4-s3express-presign-post': S3ExpressPostAuth, 'bearer': BearerAuth, } + +AUTH_TYPE_TO_SIGNATURE_VERSION = { + 'aws.auth#sigv4': 'v4', + 'aws.auth#sigv4a': 'v4a', + 'smithy.api#httpBearerAuth': 'bearer', + 'smithy.api#noAuth': 'none', +} \ No newline at end of file diff --git a/awscli/botocore/client.py b/awscli/botocore/client.py index 0dcc3b832a50..55c5faed23eb 100644 --- a/awscli/botocore/client.py +++ b/awscli/botocore/client.py @@ -15,7 +15,7 @@ from botocore import UNSIGNED, waiter, xform_name from botocore.args import ClientArgsCreator -from botocore.auth import AUTH_TYPE_MAPS +from botocore.auth import AUTH_TYPE_MAPS, resolve_auth_type from botocore.awsrequest import prepare_request_dict from botocore.compress import maybe_compress_request from botocore.config import Config @@ -118,13 +118,17 @@ def create_client(self, service_name, region_name, is_secure=True, cls = self._create_client_class(service_name, service_model) region_name, client_config = self._normalize_fips_region( region_name, client_config) + if auth := service_model.metadata.get('auth'): + service_signature_version = resolve_auth_type(auth) + else: + service_signature_version = service_model.metadata.get( + 'signatureVersion' + ) endpoint_bridge = ClientEndpointBridge( self._endpoint_resolver, scoped_config, client_config, service_signing_name=service_model.metadata.get('signingName'), config_store=self._config_store, - service_signature_version=service_model.metadata.get( - 'signatureVersion' - ), + service_signature_version=service_signature_version, ) client_args = self._get_client_args( service_model, region_name, is_secure, endpoint_url,