Unverified Commit 200fb619 authored by Zelda Hessler's avatar Zelda Hessler Committed by GitHub
Browse files

Rename `signing_service` to `signing_name` (#2911) 

Part of the SigV4a update. I split this out to making review simpler.

## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent 2d615022

CHANGELOG.next.toml

+7 −1
Original line number Diff line number Diff line
@@ -45,3 +45,9 @@ message = """Several breaking changes were made to the aws-sigv4 API to remove t 
references = ["smithy-rs#2921"]

meta = { "breaking" = true, "tada" = false, "bug" = false }

author = "rcoh"



[[aws-sdk-rust]]

message = "In sigV4-related code, rename 'signing service' to 'signing name'. This aligns with the terminology used by the endpoint resolver."

references = ["smithy-rs#2911"]

meta = { "breaking" = true, "tada" = false, "bug" = false }

author = "Velfi"

aws/rust-runtime/aws-endpoint/src/lib.rs

+18 −18
Original line number Diff line number Diff line
@@ -14,13 +14,13 @@ use aws_smithy_types::endpoint::Endpoint as SmithyEndpoint; 
use aws_smithy_types::Document;



use aws_types::region::{Region, SigningRegion};

use aws_types::SigningService;

use aws_types::SigningName;



/// Middleware Stage to add authentication information from a Smithy endpoint into the property bag

///

/// AwsAuthStage implements [`MapRequest`](MapRequest). It will:

/// 1. Load an endpoint from the property bag

/// 2. Set the `SigningRegion` and `SigningService` in the property bag to drive downstream

/// 2. Set the `SigningRegion` and `SigningName` in the property bag to drive downstream

/// signing middleware.

#[derive(Clone, Debug)]

pub struct AwsAuthStage;
@@ -74,21 +74,21 @@ impl MapRequest for AwsAuthStage { 
            let endpoint = props

                .get::<aws_smithy_types::endpoint::Endpoint>()

                .ok_or(AwsAuthStageErrorKind::NoEndpointResolver)?;

            let (signing_scope_override, signing_service_override) = smithy_to_aws(endpoint)

            let (signing_region_override, signing_name_override) = smithy_to_aws(endpoint)

                .map_err(|err| AwsAuthStageErrorKind::EndpointResolutionError(err))?;



            if let Some(signing_scope) = signing_scope_override {

                props.insert(signing_scope);

            if let Some(signing_region) = signing_region_override {

                props.insert(signing_region);

            }

            if let Some(signing_service) = signing_service_override {

                props.insert(signing_service);

            if let Some(signing_name) = signing_name_override {

                props.insert(signing_name);

            }

            Ok(http_req)

        })

    }

}



type EndpointMetadata = (Option<SigningRegion>, Option<SigningService>);

type EndpointMetadata = (Option<SigningRegion>, Option<SigningName>);



fn smithy_to_aws(value: &SmithyEndpoint) -> Result<EndpointMetadata, Box<dyn Error + Send + Sync>> {

    // look for v4 as an auth scheme
@@ -127,12 +127,12 @@ fn smithy_to_aws(value: &SmithyEndpoint) -> Result<EndpointMetadata, Box<dyn Err 
        None => None,

        _ => return Err("unexpected type".into()),

    };

    let signing_service = match v4.get("signingName") {

        Some(Document::String(s)) => Some(SigningService::from(s.to_string())),

    let signing_name = match v4.get("signingName") {

        Some(Document::String(s)) => Some(SigningName::from(s.to_string())),

        None => None,

        _ => return Err("unexpected type".into()),

    };

    Ok((signing_scope, signing_service))

    Ok((signing_scope, signing_name))

}



#[cfg(test)]
@@ -147,7 +147,7 @@ mod test { 
    use http::header::HOST;



    use aws_types::region::{Region, SigningRegion};

    use aws_types::SigningService;

    use aws_types::SigningName;



    use crate::AwsAuthStage;
@@ -162,14 +162,14 @@ mod test { 
        {

            let mut props = req.properties_mut();

            props.insert(SigningRegion::from(region.clone()));

            props.insert(SigningService::from_static("kinesis"));

            props.insert(SigningName::from_static("kinesis"));

            props.insert(endpoint);

        };

        let req = AwsAuthStage.apply(req).expect("should succeed");

        assert_eq!(req.properties().get(), Some(&SigningRegion::from(region)));

        assert_eq!(

            req.properties().get(),

            Some(&SigningService::from_static("kinesis"))

            Some(&SigningName::from_static("kinesis"))

        );



        assert!(req.http().headers().get(HOST).is_none());
@@ -206,7 +206,7 @@ mod test { 
        {

            let mut props = req.properties_mut();

            props.insert(region);

            props.insert(SigningService::from_static("qldb"));

            props.insert(SigningName::from_static("qldb"));

            props.insert(endpoint);

        };

        let req = AwsAuthStage.apply(req).expect("should succeed");
@@ -216,7 +216,7 @@ mod test { 
        );

        assert_eq!(

            req.properties().get(),

            Some(&SigningService::from_static("qldb-override"))

            Some(&SigningName::from_static("qldb-override"))

        );

    }
@@ -229,14 +229,14 @@ mod test { 
        {

            let mut props = req.properties_mut();

            props.insert(region.clone());

            props.insert(SigningService::from_static("qldb"));

            props.insert(SigningName::from_static("qldb"));

            props.insert(endpoint);

        };

        let req = AwsAuthStage.apply(req).expect("should succeed");

        assert_eq!(req.properties().get(), Some(&region));

        assert_eq!(

            req.properties().get(),

            Some(&SigningService::from_static("qldb"))

            Some(&SigningName::from_static("qldb"))

        );

    }

}

aws/rust-runtime/aws-inlineable/tests/middleware_e2e_test.rs

+2 −2
Original line number Diff line number Diff line
@@ -30,7 +30,7 @@ use aws_inlineable::middleware::DefaultMiddleware; 
use aws_sig_auth::signer::OperationSigningConfig;

use aws_smithy_async::time::SharedTimeSource;

use aws_types::region::SigningRegion;

use aws_types::SigningService;

use aws_types::SigningName;



type Client<C> = aws_smithy_client::Client<C, DefaultMiddleware>;
@@ -94,7 +94,7 @@ fn test_operation() -> Operation<TestOperationParser, AwsResponseRetryClassifier 
        );

        conf.insert(SigningRegion::from_static("test-region"));

        conf.insert(OperationSigningConfig::default_config());

        conf.insert(SigningService::from_static("test-service-signing"));

        conf.insert(SigningName::from_static("test-service-signing"));

        conf.insert(SharedTimeSource::new(

            UNIX_EPOCH + Duration::from_secs(1613414417),

        ));

aws/rust-runtime/aws-runtime/src/auth/sigv4.rs

+30 −30
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ use aws_smithy_runtime_api::client::runtime_components::{GetIdentityResolver, Ru 
use aws_smithy_types::config_bag::{ConfigBag, Storable, StoreReplace};

use aws_smithy_types::Document;

use aws_types::region::{Region, SigningRegion};

use aws_types::SigningService;

use aws_types::SigningName;

use std::borrow::Cow;

use std::error::Error as StdError;

use std::fmt;
@@ -32,14 +32,14 @@ pub const SCHEME_ID: AuthSchemeId = AuthSchemeId::new("sigv4"); 


struct EndpointAuthSchemeConfig {

    signing_region_override: Option<SigningRegion>,

    signing_service_override: Option<SigningService>,

    signing_name_override: Option<SigningName>,

}



#[derive(Debug)]

enum SigV4SigningError {

    MissingOperationSigningConfig,

    MissingSigningRegion,

    MissingSigningService,

    MissingSigningName,

    WrongIdentityType(Identity),

    BadTypeInEndpointAuthSchemeConfig(&'static str),

}
@@ -51,7 +51,7 @@ impl fmt::Display for SigV4SigningError { 
        match self {

            MissingOperationSigningConfig => w("missing operation signing config for SigV4"),

            MissingSigningRegion => w("missing signing region for SigV4 signing"),

            MissingSigningService => w("missing signing service for SigV4 signing"),

            MissingSigningName => w("missing signing service for SigV4 signing"),

            WrongIdentityType(identity) => {

                write!(f, "wrong identity type for SigV4: {identity:?}")

            }
@@ -70,7 +70,7 @@ impl StdError for SigV4SigningError { 
        match self {

            Self::MissingOperationSigningConfig => None,

            Self::MissingSigningRegion => None,

            Self::MissingSigningService => None,

            Self::MissingSigningName => None,

            Self::WrongIdentityType(_) => None,

            Self::BadTypeInEndpointAuthSchemeConfig(_) => None,

        }
@@ -160,12 +160,12 @@ impl Default for SigningOptions { 
///

/// Although these fields MAY be customized on a per request basis, they are generally static

/// for a given operation

#[derive(Clone, Debug, PartialEq, Eq)]

#[derive(Clone, Debug, Default, PartialEq, Eq)]

pub struct SigV4OperationSigningConfig {

    /// AWS Region to sign for.

    pub region: Option<SigningRegion>,

    /// AWS Service to sign for.

    pub service: Option<SigningService>,

    pub service: Option<SigningName>,

    /// Signing options.

    pub signing_options: SigningOptions,

}
@@ -240,11 +240,11 @@ impl SigV4Signer { 
                    .ok_or(SigV4SigningError::MissingSigningRegion)?

                    .as_ref(),

            )

            .service_name(

            .name(

                operation_config

                    .service

                    .as_ref()

                    .ok_or(SigV4SigningError::MissingSigningService)?

                    .ok_or(SigV4SigningError::MissingSigningName)?

                    .as_ref(),

            )

            .time(request_timestamp)
@@ -262,16 +262,16 @@ impl SigV4Signer { 
            .ok_or(SigV4SigningError::MissingOperationSigningConfig)?;



        let signing_region = config_bag.load::<SigningRegion>();

        let signing_service = config_bag.load::<SigningService>();

        let signing_name = config_bag.load::<SigningName>();



        let EndpointAuthSchemeConfig {

            signing_region_override,

            signing_service_override,

            signing_name_override,

        } = Self::extract_endpoint_auth_scheme_config(auth_scheme_endpoint_config)?;



        match (

            signing_region_override.or_else(|| signing_region.cloned()),

            signing_service_override.or_else(|| signing_service.cloned()),

            signing_name_override.or_else(|| signing_name.cloned()),

        ) {

            (None, None) => Ok(Cow::Borrowed(operation_config)),

            (region, service) => {
@@ -290,7 +290,7 @@ impl SigV4Signer { 
    fn extract_endpoint_auth_scheme_config(

        endpoint_config: AuthSchemeEndpointConfig<'_>,

    ) -> Result<EndpointAuthSchemeConfig, SigV4SigningError> {

        let (mut signing_region_override, mut signing_service_override) = (None, None);

        let (mut signing_region_override, mut signing_name_override) = (None, None);

        if let Some(config) = endpoint_config.as_document().and_then(Document::as_object) {

            use SigV4SigningError::BadTypeInEndpointAuthSchemeConfig as UnexpectedType;

            signing_region_override = match config.get("signingRegion") {
@@ -298,15 +298,15 @@ impl SigV4Signer { 
                None => None,

                _ => return Err(UnexpectedType("signingRegion")),

            };

            signing_service_override = match config.get("signingName") {

                Some(Document::String(s)) => Some(SigningService::from(s.to_string())),

            signing_name_override = match config.get("signingName") {

                Some(Document::String(s)) => Some(SigningName::from(s.to_string())),

                None => None,

                _ => return Err(UnexpectedType("signingName")),

            };

        }

        Ok(EndpointAuthSchemeConfig {

            signing_region_override,

            signing_service_override,

            signing_name_override,

        })

    }

}
@@ -384,7 +384,7 @@ impl Signer for SigV4Signer { 
                        _signature,

                        credentials.clone(),

                        Region::new(signing_params.region().to_string()).into(),

                        signing_params.service_name().to_string().into(),

                        signing_params.name().to_string().into(),

                        time_source,

                    )) as _)

                    .expect("failed to send deferred signer");
@@ -403,7 +403,7 @@ mod event_stream { 
    use aws_smithy_async::time::SharedTimeSource;

    use aws_smithy_eventstream::frame::{Message, SignMessage, SignMessageError};

    use aws_types::region::SigningRegion;

    use aws_types::SigningService;

    use aws_types::SigningName;



    /// Event Stream SigV4 signing implementation.

    #[derive(Debug)]
@@ -411,7 +411,7 @@ mod event_stream { 
        last_signature: String,

        credentials: Credentials,

        signing_region: SigningRegion,

        signing_service: SigningService,

        signing_name: SigningName,

        time: SharedTimeSource,

    }
@@ -420,14 +420,14 @@ mod event_stream { 
            last_signature: String,

            credentials: Credentials,

            signing_region: SigningRegion,

            signing_service: SigningService,

            signing_name: SigningName,

            time: SharedTimeSource,

        ) -> Self {

            Self {

                last_signature,

                credentials,

                signing_region,

                signing_service,

                signing_name,

                time,

            }

        }
@@ -437,7 +437,7 @@ mod event_stream { 
                .access_key(self.credentials.access_key_id())

                .secret_key(self.credentials.secret_access_key())

                .region(self.signing_region.as_ref())

                .service_name(self.signing_service.as_ref())

                .name(self.signing_name.as_ref())

                .time(self.time.now())

                .settings(());

            builder.set_security_token(self.credentials.session_token());
@@ -472,7 +472,7 @@ mod event_stream { 
        use aws_smithy_eventstream::frame::{HeaderValue, Message, SignMessage};

        use aws_types::region::Region;

        use aws_types::region::SigningRegion;

        use aws_types::SigningService;

        use aws_types::SigningName;

        use std::time::{Duration, UNIX_EPOCH};



        fn check_send_sync<T: Send + Sync>(value: T) -> T {
@@ -486,7 +486,7 @@ mod event_stream { 
                "initial-signature".into(),

                Credentials::for_tests(),

                SigningRegion::from(region),

                SigningService::from_static("transcribe"),

                SigningName::from_static("transcribe"),

                SharedTimeSource::new(UNIX_EPOCH + Duration::new(1611160427, 0)),

            ));

            let mut signatures = Vec::new();
@@ -520,7 +520,7 @@ mod tests { 
    use aws_sigv4::http_request::SigningSettings;

    use aws_smithy_types::config_bag::Layer;

    use aws_types::region::SigningRegion;

    use aws_types::SigningService;

    use aws_types::SigningName;

    use std::collections::HashMap;

    use std::time::{Duration, SystemTime};

    use tracing_test::traced_test;
@@ -543,7 +543,7 @@ mod tests { 
        );

        let operation_config = SigV4OperationSigningConfig {

            region: Some(SigningRegion::from_static("test")),

            service: Some(SigningService::from_static("test")),

            service: Some(SigningName::from_static("test")),

            signing_options: SigningOptions {

                double_uri_encode: true,

                content_sha256_header: true,
@@ -570,7 +570,7 @@ mod tests { 
        let mut layer = Layer::new("test");

        layer.store_put(SigV4OperationSigningConfig {

            region: Some(SigningRegion::from(Region::new("override-this-region"))),

            service: Some(SigningService::from_static("override-this-service")),

            service: Some(SigningName::from_static("override-this-service")),

            signing_options: Default::default(),

        });

        let config = Document::Object({
@@ -597,7 +597,7 @@ mod tests { 
        );

        assert_eq!(

            result.service,

            Some(SigningService::from_static("qldb-override"))

            Some(SigningName::from_static("qldb-override"))

        );

        assert!(matches!(result, Cow::Owned(_)));

    }
@@ -607,7 +607,7 @@ mod tests { 
        let mut layer = Layer::new("test");

        layer.store_put(SigV4OperationSigningConfig {

            region: Some(SigningRegion::from(Region::new("us-east-1"))),

            service: Some(SigningService::from_static("qldb")),

            service: Some(SigningName::from_static("qldb")),

            signing_options: Default::default(),

        });

        let cfg = ConfigBag::of_layers(vec![layer]);
@@ -619,7 +619,7 @@ mod tests { 
            result.region,

            Some(SigningRegion::from(Region::new("us-east-1")))

        );

        assert_eq!(result.service, Some(SigningService::from_static("qldb")));

        assert_eq!(result.service, Some(SigningName::from_static("qldb")));

        assert!(matches!(result, Cow::Borrowed(_)));

    }

}

aws/rust-runtime/aws-sig-auth/src/event_stream.rs

+11 −11
Original line number Diff line number Diff line
@@ -14,7 +14,7 @@ use aws_sigv4::SigningParams; 
use aws_smithy_eventstream::frame::{Message, SignMessage, SignMessageError};

use aws_smithy_http::property_bag::{PropertyBag, SharedPropertyBag};

use aws_types::region::SigningRegion;

use aws_types::SigningService;

use aws_types::SigningName;

use std::time::SystemTime;



/// Event Stream SigV4 signing implementation.
@@ -23,7 +23,7 @@ pub struct SigV4MessageSigner { 
    last_signature: String,

    credentials: Credentials,

    signing_region: SigningRegion,

    signing_service: SigningService,

    signing_name: SigningName,

    time: Option<SystemTime>,

}
@@ -32,14 +32,14 @@ impl SigV4MessageSigner { 
        last_signature: String,

        credentials: Credentials,

        signing_region: SigningRegion,

        signing_service: SigningService,

        signing_name: SigningName,

        time: Option<SystemTime>,

    ) -> Self {

        Self {

            last_signature,

            credentials,

            signing_region,

            signing_service,

            signing_name,

            time,

        }

    }
@@ -49,7 +49,7 @@ impl SigV4MessageSigner { 
            .access_key(self.credentials.access_key_id())

            .secret_key(self.credentials.secret_access_key())

            .region(self.signing_region.as_ref())

            .service_name(self.signing_service.as_ref())

            .name(self.signing_name.as_ref())

            .time(self.time.unwrap_or_else(SystemTime::now))

            .settings(());

        builder.set_security_token(self.credentials.session_token());
@@ -84,7 +84,7 @@ mod tests { 
    use aws_smithy_eventstream::frame::{HeaderValue, Message, SignMessage};

    use aws_types::region::Region;

    use aws_types::region::SigningRegion;

    use aws_types::SigningService;

    use aws_types::SigningName;

    use std::time::{Duration, UNIX_EPOCH};



    fn check_send_sync<T: Send + Sync>(value: T) -> T {
@@ -98,7 +98,7 @@ mod tests { 
            "initial-signature".into(),

            Credentials::for_tests(),

            SigningRegion::from(region),

            SigningService::from_static("transcribe"),

            SigningName::from_static("transcribe"),

            Some(UNIX_EPOCH + Duration::new(1611160427, 0)),

        ));

        let mut signatures = Vec::new();
@@ -146,7 +146,7 @@ impl SigV4Signer { 
        // so we can safely assume they all exist in the property bag at this point.

        let credentials = properties.get::<Credentials>().unwrap();

        let region = properties.get::<SigningRegion>().unwrap();

        let signing_service = properties.get::<SigningService>().unwrap();

        let name = properties.get::<SigningName>().unwrap();

        let time = properties

            .get::<SystemTime>()

            .copied()
@@ -155,7 +155,7 @@ impl SigV4Signer { 
            .access_key(credentials.access_key_id())

            .secret_key(credentials.secret_access_key())

            .region(region.as_ref())

            .service_name(signing_service.as_ref())

            .name(name.as_ref())

            .time(time)

            .settings(());

        builder.set_security_token(credentials.session_token());
@@ -210,7 +210,7 @@ mod old_tests { 
    use aws_smithy_http::property_bag::PropertyBag;

    use aws_types::region::Region;

    use aws_types::region::SigningRegion;

    use aws_types::SigningService;

    use aws_types::SigningName;

    use std::time::{Duration, UNIX_EPOCH};



    #[test]
@@ -219,7 +219,7 @@ mod old_tests { 
        let mut properties = PropertyBag::new();

        properties.insert(region.clone());

        properties.insert(UNIX_EPOCH + Duration::new(1611160427, 0));

        properties.insert(SigningService::from_static("transcribe"));

        properties.insert(SigningName::from_static("transcribe"));

        properties.insert(Credentials::for_tests());

        properties.insert(SigningRegion::from(region));

        properties.insert(Signature::new("initial-signature".into()));