Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add x-amz-expected-bucket-owner as a header the SDK needs to sign #5062

Merged
merged 3 commits into from
Nov 10, 2023
Merged

Add x-amz-expected-bucket-owner as a header the SDK needs to sign #5062

merged 3 commits into from
Nov 10, 2023

Conversation

RanVaknin
Copy link
Contributor

@RanVaknin RanVaknin commented Nov 9, 2023
edited
Loading

Adding the x-amz-expected-bucket-owner to the list of headers to sign.

Driver code:

package main

import (
	"fmt"
	"io"
	"net/http"
	"time"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/s3"
)

func main() {
	sess, err := session.NewSession(&aws.Config{
		Region: aws.String("us-east-1"),
	})
	if err != nil {
		panic(err)
	}

	svc := s3.New(sess)

	req, _ := svc.GetObjectRequest(&s3.GetObjectInput{
		Bucket:              aws.String("bucket"),
		Key:                 aws.String("hey.txt"),
		ExpectedBucketOwner: aws.String("123456789123"),
	})

	str, err := req.Presign(60 * time.Minute)
	if err != nil {
		fmt.Println("Failed to sign request", err)
		return
	}

	fmt.Println("The presigned URL is:", str)

	request, err := http.NewRequest("GET", str, nil)
	if err != nil {
		panic(err)
	}

	request.Header.Add("host", "https://bucket.s3.amazonaws.com")
	request.Header.Add("x-amz-expected-bucket-owner", "123456789123")

	c := &http.Client{}
	res, err := c.Do(request)
	if err != nil {
		panic(err)
	}
	defer res.Body.Close()

	bod, err := io.ReadAll(res.Body)
	if err != nil {
		panic(err)
	}

	fmt.Println(res.Status, res.StatusCode)
	fmt.Printf("%s\n", bod)
}

Result before change:

The presigned URL is: https://bucket.s3.amazonaws.com/hey.txt?
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=REDACTED%2F20231109%2Fus-east-1%2Fs3%2Faws4_request&
X-Amz-Date=20231109T192709Z&
X-Amz-Expected-Bucket-Owner=123456789123&
X-Amz-Expires=3600&X-Amz-SignedHeaders=host&
X-Amz-Signature=REDACTED

400 Bad Request 400
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidBucketOwnerAWSAccountID</Code><Message>Expected bucket owner must be provided as either a header or parameter, not both</Message><RequestId>REDACTED</RequestId><HostId>REDACTED</HostId></Error>

Result after change:

The presigned URL is: https://bucket.s3.amazonaws.com/hey.txt?
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=REDACTED%2F20231109%2Fus-east-1%2Fs3%2Faws4_request&
X-Amz-Date=20231109T192910Z&
X-Amz-Expires=3600&
X-Amz-SignedHeaders=host%3Bx-amz-expected-bucket-owner&
X-Amz-Signature=REDACTED
200 OK 200
hello

@wty-Bryant wty-Bryant merged commit d05d03f into aws:main Nov 10, 2023
9 checks passed
@isaiahvita isaiahvita mentioned this pull request Nov 10, 2023
Merged
@FlorianSW FlorianSW mentioned this pull request Feb 13, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wty-Bryant wty-Bryant wty-Bryant approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RanVaknin @wty-Bryant