Skip to content

Commit

Permalink
Consider sigv4a supported without crt check (#3089)
Browse files Browse the repository at this point in the history
  • Loading branch information
alextwoods authored Aug 15, 2024
1 parent 9a32e0c commit 9c3c784
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
3 changes: 3 additions & 0 deletions gems/aws-sdk-core/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
Unreleased Changes
------------------

* Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
* Issue - Consider sigv4a supported without crt check.

3.201.4 (2024-08-08)
------------------

Expand Down
2 changes: 1 addition & 1 deletion gems/aws-sdk-core/aws-sdk-core.gemspec
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Gem::Specification.new do |spec|

spec.add_dependency('jmespath', '~> 1', '>= 1.6.1') # necessary for secure jmespath JSON parsing
spec.add_dependency('aws-partitions', '~> 1', '>= 1.651.0') # necessary for new endpoint resolution
spec.add_dependency('aws-sigv4', '~> 1.8') # necessary for s3 express auth
spec.add_dependency('aws-sigv4', '~> 1.9') # necessary for s3 express auth/native sigv4a support
spec.add_dependency('aws-eventstream', '~> 1', '>= 1.3.0') # necessary for binary eventstream

spec.metadata = {
Expand Down
5 changes: 2 additions & 3 deletions gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ class Sign < Seahorse::Client::Plugin
option(:sigv4_region)
option(:unsigned_operations, default: [])

supported_auth_types = %w[sigv4 bearer sigv4-s3express none]
supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
SUPPORTED_AUTH_TYPES = supported_auth_types.freeze

def add_handlers(handlers, cfg)
Expand Down Expand Up @@ -107,7 +106,7 @@ def initialize(auth_scheme, config, sigv4_overrides = {})
auth_scheme['signingRegion']
end
begin
@signer = Aws::Sigv4::Signer.new(
@signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
service: config.sigv4_name || auth_scheme['signingName'],
region: sigv4_overrides[:region] || config.sigv4_region || region,
credentials_provider: sigv4_overrides[:credentials] || config.credentials,
Expand Down

0 comments on commit 9c3c784

Please sign in to comment.