From 174d3762d192437a80cf3542bb9eb2ce253139c5 Mon Sep 17 00:00:00 2001 From: Ran Vaknin Date: Wed, 10 Jan 2024 19:56:00 +0000 Subject: [PATCH 1/4] fix(s3-request-presigner): adjust signing region based on authScheme for sigv4a --- .../src/getSignedUrl.spec.ts | 32 +++++++++++++++++++ .../s3-request-presigner/src/getSignedUrl.ts | 9 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/packages/s3-request-presigner/src/getSignedUrl.spec.ts b/packages/s3-request-presigner/src/getSignedUrl.spec.ts index d9d350abe043..2a4d2ac8243d 100644 --- a/packages/s3-request-presigner/src/getSignedUrl.spec.ts +++ b/packages/s3-request-presigner/src/getSignedUrl.spec.ts @@ -23,10 +23,25 @@ jest.mock("@aws-sdk/util-format-url", () => ({ formatUrl: (url: any) => url, })); +import { expectByte } from "@smithy/smithy-client"; import { RequestPresigningArguments } from "@smithy/types"; import { getSignedUrl } from "./getSignedUrl"; +jest.mock("@smithy/middleware-endpoint", () => { + const originalModule = jest.requireActual("@smithy/middleware-endpoint"); + return { + ...originalModule, + getEndpointFromInstructions: jest.fn(() => + Promise.resolve({ + properties: { + authSchemes: [{ name: "sigv4a", signingRegionSet: ["*"] }], + }, + }) + ), + }; +}); + describe("getSignedUrl", () => { const clientParams = { region: "us-foo-1", @@ -141,6 +156,23 @@ describe("getSignedUrl", () => { expect(mockPresign.mock.calls[0][0].headers[header]).toBeUndefined(); } ); + it("should set region to * when sigv4a is the auth scheme", async () => { + const mockPresigned = "a presigned url"; + mockPresign.mockReturnValue(mockPresigned); + + const client = new S3Client(clientParams); + const command = new GetObjectCommand({ + Bucket: "Bucket", + Key: "Key", + }); + + await getSignedUrl(client, command); + const presignerArgs = mockPresigner.mock.calls[0][0]; + const region = await presignerArgs.region(); + + expect(region).toBe("*"); + expect(mockPresign).toBeCalled(); + }); // TODO(endpointsv2) fix this test it.skip("should presign request with MRAP ARN", async () => { diff --git a/packages/s3-request-presigner/src/getSignedUrl.ts b/packages/s3-request-presigner/src/getSignedUrl.ts index 47cf8f88add5..1de07e3852bc 100644 --- a/packages/s3-request-presigner/src/getSignedUrl.ts +++ b/packages/s3-request-presigner/src/getSignedUrl.ts @@ -33,11 +33,16 @@ export const getSignedUrl = async < client.config ); const authScheme = endpointV2.properties?.authSchemes?.[0]; - + let region: string | undefined; + if (authScheme?.name === "sigv4a") { + region = authScheme?.signingRegionSet?.join(","); + } else { + region = authScheme?.signingRegion; + } s3Presigner = new S3RequestPresigner({ ...client.config, signingName: authScheme?.signingName, - region: async () => authScheme?.signingRegion, + region: async () => region, }); } else { s3Presigner = new S3RequestPresigner(client.config); From 6f7d0637c7806e32bbcbb7f538b509be2a3c3458 Mon Sep 17 00:00:00 2001 From: RanVaknin Date: Mon, 29 Jan 2024 23:46:57 +0000 Subject: [PATCH 2/4] fix(s3-request-presigner): identify correct authscheme for mrap --- packages/s3-request-presigner/src/getSignedUrl.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/s3-request-presigner/src/getSignedUrl.ts b/packages/s3-request-presigner/src/getSignedUrl.ts index 1de07e3852bc..4150da947960 100644 --- a/packages/s3-request-presigner/src/getSignedUrl.ts +++ b/packages/s3-request-presigner/src/getSignedUrl.ts @@ -26,6 +26,7 @@ export const getSignedUrl = async < ): Promise => { let s3Presigner: S3RequestPresigner; + let region: string | undefined; if (typeof client.config.endpointProvider === "function") { const endpointV2: EndpointV2 = await getEndpointFromInstructions( command.input as Record, @@ -33,7 +34,6 @@ export const getSignedUrl = async < client.config ); const authScheme = endpointV2.properties?.authSchemes?.[0]; - let region: string | undefined; if (authScheme?.name === "sigv4a") { region = authScheme?.signingRegionSet?.join(","); } else { @@ -61,9 +61,13 @@ export const getSignedUrl = async < delete request.headers["x-amz-user-agent"]; let presigned: IHttpRequest; + let effectiveSigningRegion = options.signingRegion; + if (!effectiveSigningRegion) { + effectiveSigningRegion = context["signing_region"] ?? region; + } const presignerOptions = { ...options, - signingRegion: options.signingRegion ?? context["signing_region"], + signingRegion: effectiveSigningRegion, signingService: options.signingService ?? context["signing_service"], }; From 19b5f086691970239be4c3ccf2b7bea993466aaf Mon Sep 17 00:00:00 2001 From: RanVaknin Date: Tue, 30 Jan 2024 20:40:35 +0000 Subject: [PATCH 3/4] fix(s3-request-presigner): small refactor --- packages/s3-request-presigner/src/getSignedUrl.ts | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/packages/s3-request-presigner/src/getSignedUrl.ts b/packages/s3-request-presigner/src/getSignedUrl.ts index 4150da947960..a5b2556ddc14 100644 --- a/packages/s3-request-presigner/src/getSignedUrl.ts +++ b/packages/s3-request-presigner/src/getSignedUrl.ts @@ -61,13 +61,9 @@ export const getSignedUrl = async < delete request.headers["x-amz-user-agent"]; let presigned: IHttpRequest; - let effectiveSigningRegion = options.signingRegion; - if (!effectiveSigningRegion) { - effectiveSigningRegion = context["signing_region"] ?? region; - } const presignerOptions = { ...options, - signingRegion: effectiveSigningRegion, + signingRegion: options.signingRegion ?? context["signing_region"] ?? region, signingService: options.signingService ?? context["signing_service"], }; From 76352d1ce220365e8e6f29d162186a6f9691a83c Mon Sep 17 00:00:00 2001 From: George Fu Date: Tue, 30 Jan 2024 21:45:34 -0500 Subject: [PATCH 4/4] chore: remove unused import --- packages/s3-request-presigner/src/getSignedUrl.spec.ts | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/s3-request-presigner/src/getSignedUrl.spec.ts b/packages/s3-request-presigner/src/getSignedUrl.spec.ts index 2a4d2ac8243d..49d4c6ea0210 100644 --- a/packages/s3-request-presigner/src/getSignedUrl.spec.ts +++ b/packages/s3-request-presigner/src/getSignedUrl.spec.ts @@ -23,7 +23,6 @@ jest.mock("@aws-sdk/util-format-url", () => ({ formatUrl: (url: any) => url, })); -import { expectByte } from "@smithy/smithy-client"; import { RequestPresigningArguments } from "@smithy/types"; import { getSignedUrl } from "./getSignedUrl";