Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix: S3 on Outpost requests miss x-amz-content-sha256 headers #2811

Merged
merged 4 commits into from
Nov 15, 2022
Merged

Fix: S3 on Outpost requests miss x-amz-content-sha256 headers #2811

merged 4 commits into from
Nov 15, 2022

Conversation

jonemo
Copy link
Contributor

@jonemo jonemo commented Nov 14, 2022

Addresses an issue where requests for some S3 API operations that should include the x-amz-content-sha256 header do not have this header for S3 on Outpost. This issue was introduced in version 1.28.0 of botocore.

@jonemo jonemo requested a review from nateprewitt November 14, 2022 21:40
@codecov-commenter
Copy link

codecov-commenter commented Nov 14, 2022
edited
Loading

Codecov Report

Base: 93.45% // Head: 93.47% // Increases project coverage by +0.02% 🎉

Coverage data is based on head (ec50c97) compared to base (15b62f7).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #2811      +/-   ##
===========================================
+ Coverage    93.45%   93.47%   +0.02%     
===========================================
  Files           63       63              
  Lines        13298    13298              
===========================================
+ Hits         12427    12430       +3     
+ Misses         871      868       -3
Impacted Files Coverage Δ
botocore/handlers.py 96.43% <100.00%> (ø)
botocore/credentials.py 98.96% <0.00%> (+0.31%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

nateprewitt
nateprewitt requested changes Nov 15, 2022
View reviewed changes
Copy link
Contributor

@nateprewitt nateprewitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple of comments on the tests, but otherwise looks good.

tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/functional/test_s3.py
Comment on lines +1445 to +1448
config = Config(signature_version="s3v4")
self.client = self.session.create_client(
"s3", self.region, config=config
)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we intentionally set s3v4 or was this carryover from other tests? If it's not proving something specific, maybe we want to leave this unconfigured to make sure s3 is choosing the right signer.

Copy link
Contributor Author

@jonemo jonemo Nov 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a carryover from the other tests. Note that this test is in a class named TestS3SigV4.

At a high level:

  • The only test that fails before the fix in this PR and passes afterwards is in test_basic_outpost_arn where this PR adds three lines (719-721). This is in commit 384f886.
  • All changes to the TestS3SigV4 class are tangential and improve test coverage and add inline comments because those tests misled us during the investigation of this bug. These are in commit 2f2b1ac.

tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/functional/test_s3.py

def test_content_sha256_set_s3_on_outpost(self):
# S3 on Outpost bucket names should behave the same way.
config = Config(signature_version="s3v4")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same note here, if we're setting the signature_version, I'm not sure this would have caught the original bug.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same response as above: Generally agree with you, but this is in a pre-existing test class named TestS3SigV4.

nateprewitt
nateprewitt approved these changes Nov 15, 2022
View reviewed changes
Copy link
Contributor

@nateprewitt nateprewitt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@jonemo jonemo merged commit acbe1f5 into boto:develop Nov 15, 2022
@jonemo jonemo deleted the sign-s3outpost-with-s3v4 branch November 15, 2022 18:52
aws-sdk-python-automation added a commit that referenced this pull request Nov 15, 2022
@aws-sdk-python-automation
Merge branch 'release-1.29.10'
25294c1 
* release-1.29.10:
  Bumping version to 1.29.10
  Update to latest partitions and endpoints
  Update to latest models
  Add support for loading sso-session credentials (#2812)
  fixes missing x-amz-content-sha256 header for s3 on outpost (#2811)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nateprewitt nateprewitt nateprewitt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jonemo @codecov-commenter @nateprewitt