From 5a4ab98252f92b9080f6df031ad3e50bdd063f18 Mon Sep 17 00:00:00 2001 From: Russell Cohen Date: Thu, 25 May 2023 14:00:42 -0400 Subject: [PATCH] Fix presigning --- .../aws-config/src/imds/client/token.rs | 1 - .../aws-config/src/profile/credentials/exec.rs | 13 +++++++------ aws/rust-runtime/aws-config/src/provider_config.rs | 1 - aws/rust-runtime/aws-config/src/sts.rs | 1 + .../aws-config/src/web_identity_token.rs | 1 + .../aws-credential-types/src/time_source.rs | 5 ++--- aws/rust-runtime/aws-sig-auth/src/middleware.rs | 5 +---- .../amazon/smithy/rustsdk/AwsPresigningDecorator.kt | 7 ++++--- 8 files changed, 16 insertions(+), 18 deletions(-) diff --git a/aws/rust-runtime/aws-config/src/imds/client/token.rs b/aws/rust-runtime/aws-config/src/imds/client/token.rs index df4acb057d8..213243a8cda 100644 --- a/aws/rust-runtime/aws-config/src/imds/client/token.rs +++ b/aws/rust-runtime/aws-config/src/imds/client/token.rs @@ -17,7 +17,6 @@ use crate::imds::client::error::{ImdsError, TokenError, TokenErrorKind}; use crate::imds::client::ImdsResponseRetryClassifier; use aws_credential_types::cache::ExpiringCache; -use aws_credential_types::time_source::TimeSource; use aws_http::user_agent::UserAgentStage; use aws_smithy_async::rt::sleep::AsyncSleep; use aws_smithy_async::time::SharedTimeSource; diff --git a/aws/rust-runtime/aws-config/src/profile/credentials/exec.rs b/aws/rust-runtime/aws-config/src/profile/credentials/exec.rs index 4d7b4a4e203..838007ad1e3 100644 --- a/aws/rust-runtime/aws-config/src/profile/credentials/exec.rs +++ b/aws/rust-runtime/aws-config/src/profile/credentials/exec.rs @@ -14,6 +14,7 @@ use crate::web_identity_token::{StaticConfiguration, WebIdentityTokenCredentials use aws_credential_types::provider::{self, error::CredentialsError, ProvideCredentials}; use aws_sdk_sts::config::{Builder as StsConfigBuilder, Credentials}; use aws_sdk_sts::Client as StsClient; +use aws_smithy_async::time::SharedTimeSource; use std::fmt::Debug; use std::sync::Arc; @@ -22,6 +23,7 @@ pub(super) struct AssumeRoleProvider { role_arn: String, external_id: Option, session_name: Option, + time_source: SharedTimeSource, } impl AssumeRoleProvider { @@ -35,11 +37,9 @@ impl AssumeRoleProvider { .credentials_provider(input_credentials) .build(); let client = StsClient::from_conf(config); - let session_name = &self - .session_name - .as_ref() - .cloned() - .unwrap_or_else(|| sts::util::default_session_name("assume-role-from-profile")); + let session_name = &self.session_name.as_ref().cloned().unwrap_or_else(|| { + sts::util::default_session_name("assume-role-from-profile", self.time_source.now()) + }); let assume_role_creds = client .assume_role() .role_arn(&self.role_arn) @@ -100,7 +100,7 @@ impl ProviderChain { || { sts::util::default_session_name( "web-identity-token-profile", - provider_config.time_source(), + provider_config.time_source().now(), ) }, ), @@ -145,6 +145,7 @@ impl ProviderChain { role_arn: role_arn.role_arn.into(), external_id: role_arn.external_id.map(|id| id.into()), session_name: role_arn.session_name.map(|id| id.into()), + time_source: provider_config.time_source(), } }) .collect(); diff --git a/aws/rust-runtime/aws-config/src/provider_config.rs b/aws/rust-runtime/aws-config/src/provider_config.rs index 375cbccebe4..5a7dca5c979 100644 --- a/aws/rust-runtime/aws-config/src/provider_config.rs +++ b/aws/rust-runtime/aws-config/src/provider_config.rs @@ -91,7 +91,6 @@ impl ProviderConfig { /// Unlike [`ProviderConfig::empty`] where `env` and `fs` will use their non-mocked implementations, /// this method will use an empty mock environment and an empty mock file system. pub fn no_configuration() -> Self { - use aws_credential_types::time_source::TestingTimeSource; use std::collections::HashMap; use std::time::UNIX_EPOCH; let fs = Fs::from_raw_map(HashMap::new()); diff --git a/aws/rust-runtime/aws-config/src/sts.rs b/aws/rust-runtime/aws-config/src/sts.rs index 11a6ec591d1..edaf1bfc157 100644 --- a/aws/rust-runtime/aws-config/src/sts.rs +++ b/aws/rust-runtime/aws-config/src/sts.rs @@ -22,6 +22,7 @@ impl crate::provider_config::ProviderConfig { .http_connector(expect_connector(self.connector(&Default::default()))) .retry_config(RetryConfig::standard()) .region(self.region()) + .time_source(self.time_source()) .credentials_cache(CredentialsCache::no_caching()); builder.set_sleep_impl(self.sleep()); builder diff --git a/aws/rust-runtime/aws-config/src/web_identity_token.rs b/aws/rust-runtime/aws-config/src/web_identity_token.rs index 3e76f32dafc..7ea55fdf26c 100644 --- a/aws/rust-runtime/aws-config/src/web_identity_token.rs +++ b/aws/rust-runtime/aws-config/src/web_identity_token.rs @@ -205,6 +205,7 @@ impl Builder { source, fs: conf.fs(), sts_client: StsClient::from_conf(conf.sts_client_config().build()), + time_source: conf.time_source(), } } } diff --git a/aws/rust-runtime/aws-credential-types/src/time_source.rs b/aws/rust-runtime/aws-credential-types/src/time_source.rs index 40992856b3c..212c7aa904a 100644 --- a/aws/rust-runtime/aws-credential-types/src/time_source.rs +++ b/aws/rust-runtime/aws-credential-types/src/time_source.rs @@ -17,7 +17,6 @@ impl TimeSourceTrait for TimeSource { /// Time source abstraction /// /// Simple abstraction representing time either real-time or manually-specified for testing -/// ``` #[derive(Debug, Clone)] // TODO(breakingChangeWindow): Delete this struct pub struct TimeSource(Inner); @@ -51,6 +50,8 @@ impl Default for TimeSource { } /// Time Source that can be manually moved for tests +/// > This has been superseded by [`aws_smithy_async::time::TimeSource`] and will be removed in a +/// > future release. /// /// # Examples /// @@ -110,8 +111,6 @@ impl TestingTimeSource { } } -// In the future, if needed we can add a time source trait, however, the testing time source -// should cover most test use cases. #[derive(Debug, Clone)] enum Inner { Default, diff --git a/aws/rust-runtime/aws-sig-auth/src/middleware.rs b/aws/rust-runtime/aws-sig-auth/src/middleware.rs index bdaf1e8e1f1..4dba791a7b9 100644 --- a/aws/rust-runtime/aws-sig-auth/src/middleware.rs +++ b/aws/rust-runtime/aws-sig-auth/src/middleware.rs @@ -47,11 +47,8 @@ impl AsRef for Signature { /// - [`Credentials`](Credentials): Credentials to sign with /// - [`OperationSigningConfig`](OperationSigningConfig): Operation specific signing configuration, e.g. /// changes to URL encoding behavior, or headers that must be omitted. +/// - [`SharedTimeSource`]: The time source to use when signing the request. /// If any of these fields are missing, the middleware will return an error. -/// -/// The following fields MAY be present in the property bag: -/// - [`SystemTime`](SystemTime): The timestamp to use when signing the request. If this field is not present -/// [`SystemTime::now`](SystemTime::now) will be used. #[derive(Clone, Debug)] pub struct SigV4SigningStage { signer: SigV4Signer, diff --git a/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/AwsPresigningDecorator.kt b/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/AwsPresigningDecorator.kt index ee5f82aff63..6618f5165aa 100644 --- a/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/AwsPresigningDecorator.kt +++ b/aws/sdk-codegen/src/main/kotlin/software/amazon/smithy/rustsdk/AwsPresigningDecorator.kt @@ -24,7 +24,6 @@ import software.amazon.smithy.rust.codegen.client.smithy.generators.protocol.Mak import software.amazon.smithy.rust.codegen.core.rustlang.RustWriter import software.amazon.smithy.rust.codegen.core.rustlang.Writable import software.amazon.smithy.rust.codegen.core.rustlang.docs -import software.amazon.smithy.rust.codegen.core.rustlang.rust import software.amazon.smithy.rust.codegen.core.rustlang.rustBlock import software.amazon.smithy.rust.codegen.core.rustlang.rustBlockTemplate import software.amazon.smithy.rust.codegen.core.rustlang.rustTemplate @@ -208,12 +207,14 @@ class AwsInputPresignedMethod( *codegenScope, ) rustBlock("") { - rust( + rustTemplate( """ // Change signature type to query params and wire up presigning config let mut props = request.properties_mut(); - props.insert(presigning_config.start_time()); + props.insert(#{SharedTimeSource}::new(presigning_config.start_time())); """, + "SharedTimeSource" to RuntimeType.smithyAsync(runtimeConfig) + .resolve("time::SharedTimeSource"), ) withBlock("props.insert(", ");") { rustTemplate(