Giters

awslabs / aws-sdk-kotlin

Multiplatform AWS SDK for Kotlin

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

S3 ExecutionContext defaults not being set

aajtodd opened this issue · comments

commented

Describe the bug

#1151 broke the way we generate mergeServiceDefaults

This appears to only affect S3

Expected behavior

Versions prior to 1.0.18:

    private fun mergeServiceDefaults(ctx: ExecutionContext) {
        ctx.putIfAbsentNotNull(AwsClientOption.Region, config.region)
        ctx.putIfAbsent(SdkClientOption.ClientName, config.clientName)
        ctx.putIfAbsent(SdkClientOption.LogMode, config.logMode)
        ctx.putIfAbsent(AwsSigningAttributes.SigningService, "s3")
        ctx.putIfAbsentNotNull(AwsSigningAttributes.SigningRegion, config.region)
        ctx.putIfAbsent(AwsSigningAttributes.CredentialsProvider, config.credentialsProvider)
        ctx.putIfAbsent(AwsSigningAttributes.NormalizeUriPath, false)
        ctx.putIfAbsent(AwsSigningAttributes.UseDoubleUriEncode, false)
        ctx.putIfAbsent(AwsSigningAttributes.SignedBodyHeader, AwsSignedBodyHeader.X_AMZ_CONTENT_SHA256)
    }

Current behavior

Versions 1.0.18+

    private fun mergeServiceDefaults(ctx: ExecutionContext) {
        ctx.putIfAbsent(SdkClientOption.ClientName, config.clientName)
        ctx.putIfAbsent(SdkClientOption.LogMode, config.logMode)
        ctx.putIfAbsent(AwsSigningAttributes.NormalizeUriPath, false)
        ctx.putIfAbsent(AwsSigningAttributes.UseDoubleUriEncode, false)
        ctx.putIfAbsent(AwsSigningAttributes.SignedBodyHeader, AwsSignedBodyHeader.X_AMZ_CONTENT_SHA256)
    }

Steps to Reproduce

This came about testing MRAP buckets and getting unexpected exception:

    Exception in thread "main" java.lang.IllegalStateException: No instance for AttributeKey(aws.smithy.kotlin.signing#AwsSigningRegion)

This should never happen since SigningRegion should always be set in the default execution context if a non-null region is configured.

Possible Solution

No response

Context

No response

AWS Kotlin SDK version used

1.0.25

Platform (JVM/JS/Native)

JVM

Operating System and version

N/A

commented

The reason this doesn't affect most S3 requests is that it's auth scheme resolver relies on the endpoint resolver which sets a signing region in the auth scheme attributes which ultimately get merged into the signing request.

(endpoint parameters have access to region from both the service client config and/or bucket ARN)

return Endpoint(
    Url.parse("https://${accessPointName}-${bucketArn?.accountId}.${outpostId}.s3-outposts.${bucketArn?.region}.${bucketPartition?.dnsSuffix}"),
    attributes = attributesOf {
        SigningContextAttributeKey to listOf(
            sigV4(
                serviceName = "s3-outposts",
                disableDoubleUriEncode = true,
                signingRegion = "${bucketArn?.region}",
            ),
        )
    },
)
}

For mrap/sigv4a requests this fails because it sets signingRegionSet and not signingRegion:

return Endpoint(
      Url.parse("https://${accessPointName}.accesspoint.s3-global.${mrapPartition?.dnsSuffix}"),
      attributes = attributesOf {
          SigningContextAttributeKey to listOf(
              sigV4A(
                  serviceName = "s3",
                  disableDoubleUriEncode = true,
                  signingRegionSet = listOf(
                      "*",
                  ),
              ),
          )
      },
  )
}
commented

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.