Skip to content

Commit

Permalink
Fix presigning
Browse files Browse the repository at this point in the history
  • Loading branch information
rcoh committed May 25, 2023
1 parent af9c2b9 commit 5a4ab98
Show file tree
Hide file tree
Showing 8 changed files with 16 additions and 18 deletions.
1 change: 0 additions & 1 deletion aws/rust-runtime/aws-config/src/imds/client/token.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
use crate::imds::client::error::{ImdsError, TokenError, TokenErrorKind};
use crate::imds::client::ImdsResponseRetryClassifier;
use aws_credential_types::cache::ExpiringCache;
use aws_credential_types::time_source::TimeSource;
use aws_http::user_agent::UserAgentStage;
use aws_smithy_async::rt::sleep::AsyncSleep;
use aws_smithy_async::time::SharedTimeSource;
Expand Down
13 changes: 7 additions & 6 deletions aws/rust-runtime/aws-config/src/profile/credentials/exec.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ use crate::web_identity_token::{StaticConfiguration, WebIdentityTokenCredentials
use aws_credential_types::provider::{self, error::CredentialsError, ProvideCredentials};
use aws_sdk_sts::config::{Builder as StsConfigBuilder, Credentials};
use aws_sdk_sts::Client as StsClient;
use aws_smithy_async::time::SharedTimeSource;
use std::fmt::Debug;
use std::sync::Arc;

Expand All @@ -22,6 +23,7 @@ pub(super) struct AssumeRoleProvider {
role_arn: String,
external_id: Option<String>,
session_name: Option<String>,
time_source: SharedTimeSource,
}

impl AssumeRoleProvider {
Expand All @@ -35,11 +37,9 @@ impl AssumeRoleProvider {
.credentials_provider(input_credentials)
.build();
let client = StsClient::from_conf(config);
let session_name = &self
.session_name
.as_ref()
.cloned()
.unwrap_or_else(|| sts::util::default_session_name("assume-role-from-profile"));
let session_name = &self.session_name.as_ref().cloned().unwrap_or_else(|| {
sts::util::default_session_name("assume-role-from-profile", self.time_source.now())
});
let assume_role_creds = client
.assume_role()
.role_arn(&self.role_arn)
Expand Down Expand Up @@ -100,7 +100,7 @@ impl ProviderChain {
|| {
sts::util::default_session_name(
"web-identity-token-profile",
provider_config.time_source(),
provider_config.time_source().now(),
)
},
),
Expand Down Expand Up @@ -145,6 +145,7 @@ impl ProviderChain {
role_arn: role_arn.role_arn.into(),
external_id: role_arn.external_id.map(|id| id.into()),
session_name: role_arn.session_name.map(|id| id.into()),
time_source: provider_config.time_source(),
}
})
.collect();
Expand Down
1 change: 0 additions & 1 deletion aws/rust-runtime/aws-config/src/provider_config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,6 @@ impl ProviderConfig {
/// Unlike [`ProviderConfig::empty`] where `env` and `fs` will use their non-mocked implementations,
/// this method will use an empty mock environment and an empty mock file system.
pub fn no_configuration() -> Self {
use aws_credential_types::time_source::TestingTimeSource;
use std::collections::HashMap;
use std::time::UNIX_EPOCH;
let fs = Fs::from_raw_map(HashMap::new());
Expand Down
1 change: 1 addition & 0 deletions aws/rust-runtime/aws-config/src/sts.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ impl crate::provider_config::ProviderConfig {
.http_connector(expect_connector(self.connector(&Default::default())))
.retry_config(RetryConfig::standard())
.region(self.region())
.time_source(self.time_source())
.credentials_cache(CredentialsCache::no_caching());
builder.set_sleep_impl(self.sleep());
builder
Expand Down
1 change: 1 addition & 0 deletions aws/rust-runtime/aws-config/src/web_identity_token.rs
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,7 @@ impl Builder {
source,
fs: conf.fs(),
sts_client: StsClient::from_conf(conf.sts_client_config().build()),
time_source: conf.time_source(),
}
}
}
Expand Down
5 changes: 2 additions & 3 deletions aws/rust-runtime/aws-credential-types/src/time_source.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ impl TimeSourceTrait for TimeSource {
/// Time source abstraction
///
/// Simple abstraction representing time either real-time or manually-specified for testing
/// ```
#[derive(Debug, Clone)]
// TODO(breakingChangeWindow): Delete this struct
pub struct TimeSource(Inner);
Expand Down Expand Up @@ -51,6 +50,8 @@ impl Default for TimeSource {
}

/// Time Source that can be manually moved for tests
/// > This has been superseded by [`aws_smithy_async::time::TimeSource`] and will be removed in a
/// > future release.
///
/// # Examples
///
Expand Down Expand Up @@ -110,8 +111,6 @@ impl TestingTimeSource {
}
}

// In the future, if needed we can add a time source trait, however, the testing time source
// should cover most test use cases.
#[derive(Debug, Clone)]
enum Inner {
Default,
Expand Down
5 changes: 1 addition & 4 deletions aws/rust-runtime/aws-sig-auth/src/middleware.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,8 @@ impl AsRef<str> for Signature {
/// - [`Credentials`](Credentials): Credentials to sign with
/// - [`OperationSigningConfig`](OperationSigningConfig): Operation specific signing configuration, e.g.
/// changes to URL encoding behavior, or headers that must be omitted.
/// - [`SharedTimeSource`]: The time source to use when signing the request.
/// If any of these fields are missing, the middleware will return an error.
///
/// The following fields MAY be present in the property bag:
/// - [`SystemTime`](SystemTime): The timestamp to use when signing the request. If this field is not present
/// [`SystemTime::now`](SystemTime::now) will be used.
#[derive(Clone, Debug)]
pub struct SigV4SigningStage {
signer: SigV4Signer,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ import software.amazon.smithy.rust.codegen.client.smithy.generators.protocol.Mak
import software.amazon.smithy.rust.codegen.core.rustlang.RustWriter
import software.amazon.smithy.rust.codegen.core.rustlang.Writable
import software.amazon.smithy.rust.codegen.core.rustlang.docs
import software.amazon.smithy.rust.codegen.core.rustlang.rust
import software.amazon.smithy.rust.codegen.core.rustlang.rustBlock
import software.amazon.smithy.rust.codegen.core.rustlang.rustBlockTemplate
import software.amazon.smithy.rust.codegen.core.rustlang.rustTemplate
Expand Down Expand Up @@ -208,12 +207,14 @@ class AwsInputPresignedMethod(
*codegenScope,
)
rustBlock("") {
rust(
rustTemplate(
"""
// Change signature type to query params and wire up presigning config
let mut props = request.properties_mut();
props.insert(presigning_config.start_time());
props.insert(#{SharedTimeSource}::new(presigning_config.start_time()));
""",
"SharedTimeSource" to RuntimeType.smithyAsync(runtimeConfig)
.resolve("time::SharedTimeSource"),
)
withBlock("props.insert(", ");") {
rustTemplate(
Expand Down

0 comments on commit 5a4ab98

Please sign in to comment.