[GitHub] [arrow-rs] tustvold commented on a diff in pull request #4237: Expose AwsAuthorizer

Wed, 17 May 2023 09:46:42 -0700 


tustvold commented on code in PR #4237:
URL: https://github.com/apache/arrow-rs/pull/4237#discussion_r1196804975


##########
object_store/src/aws/credential.rs:
##########
@@ -85,47 +90,82 @@ const HASH_HEADER: &str = "x-amz-content-sha256";
 const TOKEN_HEADER: &str = "x-amz-security-token";
 const AUTH_HEADER: &str = "authorization";
 
-impl<'a> RequestSigner<'a> {
-    fn sign(&self, request: &mut Request, pre_calculated_digest: 
Option<Vec<u8>>) {
+impl<'a> AwsAuthorizer<'a> {
+    /// Create a new [`AwsAuthorizer`]
+    pub fn new(credential: &'a AwsCredential, service: &'a str, region: &'a 
str) -> Self {
+        Self {
+            credential,
+            service,
+            region,
+            date: None,
+            sign_payload: true,
+        }
+    }
+
+    /// Controls whether this [`AwsAuthorizer`] will attempt to sign the 
request payload
+    pub fn with_sign_payload(mut self, signed: bool) -> Self {
+        self.sign_payload = signed;
+        self
+    }
+
+    /// Authorize `request` with an optional pre-calculated SHA256 digest
+    ///
+    /// # Signature
+    ///
+    /// AWS SigV4 requests must contain the `x-amz-content-sha256` header, it 
is set as follows:
+    ///
+    /// If not configured to sign payloads, it is set to `UNSIGNED-PAYLOAD`
+    /// If a `pre_calculated_digest` is `Some`, it is set to the hex encoding 
of it
+    /// If it is a streaming request, it is set to 
`STREAMING-AWS4-HMAC-SHA256-PAYLOAD`
+    /// Otherwise it is set to the hex encoded SHA256 of the request body
+    pub fn authorize(&self, request: &mut Request, pre_calculated_digest: 
Option<&[u8]>) {

Review Comment:
   This does expose a `reqwest` in the public API, however, I think this usage 
is fine because it could easily be abstracted away into a trait should we 
decide to move away from `reqwest` - it is purely using `Request` as a data 
container, as opposed to relying on any specific `reqwest` functionality



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to