[GitHub] [arrow-rs] roeap commented on a diff in pull request #3741: Add support for unsigned payloads in aws

Thu, 23 Feb 2023 14:29:13 -0800 


roeap commented on code in PR #3741:
URL: https://github.com/apache/arrow-rs/pull/3741#discussion_r1116314033


##########
object_store/src/aws/mod.rs:
##########
@@ -822,6 +837,13 @@ impl AmazonS3Builder {
         self
     }
 
+    /// Sets the client to not include payload checksum in signature 
calculation.
+    /// See [unsigned payload 
option](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html)
+    pub fn with_unsigned_payload(mut self) -> Self {

Review Comment:
   in other cases for boolean options, we pass in the actual parameter, so that 
true and false can explicitly be set. While not overly critical, I think its 
better to be consistent,.



##########
object_store/src/aws/credential.rs:
##########
@@ -621,12 +630,51 @@ mod tests {
             credential: &credential,
             service: "ec2",
             region: "us-east-1",
+            sign_payload: true,
         };
 
         signer.sign(&mut request);
         assert_eq!(request.headers().get(AUTH_HEADER).unwrap(), 
"AWS4-HMAC-SHA256 
Credential=AKIAIOSFODNN7EXAMPLE/20220806/us-east-1/ec2/aws4_request, 
SignedHeaders=host;x-amz-content-sha256;x-amz-date, 
Signature=a3c787a7ed37f7fdfbfd2d7056a3d7c9d85e6d52a2bfbec73793c0be6e7862d4")
     }
 
+    #[test]
+    fn test_sign_with_unsigned_payload() {
+        let client = Client::new();
+
+        // Test credentials from 
https://docs.aws.amazon.com/AmazonS3/latest/userguide/RESTAuthentication.html
+        let credential = AwsCredential {
+            key_id: "AKIAIOSFODNN7EXAMPLE".to_string(),
+            secret_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".to_string(),
+            token: None,
+        };
+
+        // method = 'GET'
+        // service = 'ec2'
+        // host = 'ec2.amazonaws.com'
+        // region = 'us-east-1'
+        // endpoint = 'https://ec2.amazonaws.com'
+        // request_parameters = ''
+        let date = DateTime::parse_from_rfc3339("2022-08-06T18:01:34Z")
+            .unwrap()
+            .with_timezone(&Utc);
+
+        let mut request = client
+            .request(Method::GET, "https://ec2.amazon.com/";)
+            .build()
+            .unwrap();

Review Comment:
   In both the signed and unsiged test, we test with a GET request without a 
body. would it make sense to do a request that has a body, so we see the 
signing in action? 



##########
object_store/src/aws/mod.rs:
##########
@@ -1222,6 +1250,14 @@ mod tests {
         stream_get(&integration).await;
     }
 
+    #[tokio::test]
+    async fn s3_test_unsigned_payload() {
+        let config = maybe_skip_integration!().with_unsigned_payload();
+        let is_local = matches!(&config.endpoint, Some(e) if 
e.starts_with("http://";));
+        let integration = config.build().unwrap();
+        put_get_delete_list_opts(&integration, is_local).await;

Review Comment:
   i guess er are testing with bodies here :). 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to