Add operation customization for disabling payload signing #3915
Conversation
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
| Some(SignableBody::StreamingUnsignedPayloadTrailer); | ||
| cfg.interceptor_state().store_put(signing_config); | ||
| } | ||
| cfg.interceptor_state() |
There was a problem hiding this comment.
Why does this not need gated anymore?
There was a problem hiding this comment.
Previously this info was stored within something in the config bag. Now I don't need to load anything so I therefore don't need an if let.
| assert_eq!("UNSIGNED-PAYLOAD", x_amz_content_sha256); | ||
| } | ||
|
|
||
| // This test ensures that the interceptor's payload signing setting |
There was a problem hiding this comment.
Which interceptor? Also maybe add context on why this is important.
| @@ -65,6 +65,7 @@ val DECORATORS: List<ClientCodegenDecorator> = | |||
| TokenProvidersDecorator(), | |||
| ServiceEnvConfigDecorator(), | |||
| HttpRequestCompressionDecorator(), | |||
| DisablePayloadSigningDecorator(), | |||
There was a problem hiding this comment.
correctness: Should we only be applying this to S3 (and possibly only specific S3 operations)?
I'm guessing most operations are going to require signing and won't work if the payload is unsigned but you'd have to test it. I also can't imagine it matters much for most operations to need unsigned so I'd rather not support this for more than we need to.
There was a problem hiding this comment.
I'm going to store the allowlist in the plugin itself. Currently, it only targets two S3 operations.
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
| @@ -0,0 +1,28 @@ | |||
| --- | |||
| applies_to: ["client"] | |||
There was a problem hiding this comment.
nit: given code changes are mostly under aws, the release note should probably show up in a aws-sdk-rust release. This should be either ["client", "aws-sdk-rust"] or just ["aws-sdk-rust"]
Motivation and Context
#3583
Description
This PR adds the ability for users to disable payload signing with an operation customization.
Testing
This PR includes tests.
Checklist
.changelogdirectory, specifying "aws-sdk-rust" in theapplies_tokey.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.