Merge pull request #2655 from elliot-nelson/fix-s3-credentials

[rush-lib] Fix a regression in the S3 cloud build cache provider

apps/rush-lib/src/logic/buildCache/AmazonS3/AmazonS3Client.ts

@@ -116,6 +116,8 @@ export class AmazonS3Client {
         canonicalHeaders.push(`${SECURITY_TOKEN_HEADER_NAME}:${this._credentials.sessionToken}`);
       }
 
+      const signedHeaderNamesString: string = signedHeaderNames.join(';');
+
       // The canonical request looks like this:
       //  GET
       // /test.txt
@@ -133,7 +135,7 @@ export class AmazonS3Client {
         '', // we don't use query strings for these requests
         ...canonicalHeaders,
         '',
-        signedHeaderNames.join(';'),
+        signedHeaderNamesString,
         bodyHash
       ].join('\n');
       const canonicalRequestHash: string = this._getSha256(canonicalRequest);
@@ -160,7 +162,7 @@ export class AmazonS3Client {
       const signingKey: Buffer = this._getSha256Hmac(dateRegionServiceKey, 'aws4_request');
       const signature: string = this._getSha256Hmac(signingKey, stringToSign, 'hex');
 
-      const authorizationHeader: string = `AWS4-HMAC-SHA256 Credential=${this._credentials.accessKeyId}/${scope},SignedHeaders=${signedHeaderNames},Signature=${signature}`;
+      const authorizationHeader: string = `AWS4-HMAC-SHA256 Credential=${this._credentials.accessKeyId}/${scope},SignedHeaders=${signedHeaderNamesString},Signature=${signature}`;
 
       headers.set('Authorization', authorizationHeader);
       if (this._credentials.sessionToken) {

apps/rush-lib/src/logic/buildCache/AmazonS3/test/__snapshots__/AmazonS3Client.test.ts.snap

@@ -9,7 +9,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
         ],
         "x-amz-content-sha256": Array [
           "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
@@ -31,7 +31,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=19d94ed314002214315e8e9816ca31c97e7c834f7494c3c61046550f12358c21",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=19d94ed314002214315e8e9816ca31c97e7c834f7494c3c61046550f12358c21",
         ],
         "x-amz-content-sha256": Array [
           "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
@@ -53,7 +53,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
         ],
         "x-amz-content-sha256": Array [
           "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
@@ -77,7 +77,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
         ],
         "x-amz-content-sha256": Array [
           "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
@@ -99,7 +99,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=11441edef046611ecf352daa2bcae55584d302a31b3390ee865781671caf791a",
         ],
         "x-amz-content-sha256": Array [
           "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
@@ -123,7 +123,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -148,7 +148,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=b3f43b86838b915e38f9900e5049870ca53db5792b578403f2d46185cc6bb3f1",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=b3f43b86838b915e38f9900e5049870ca53db5792b578403f2d46185cc6bb3f1",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -173,7 +173,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -200,7 +200,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -225,7 +225,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=242129cdc7470382920680b887e5899a56eb94103e11ef9b96a45ee0d2bff5c7",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -371,7 +371,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=1db5024ed7d91ac512762a2c70490754def64dc5ed61e3e98d090233ebe0f79c",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=1db5024ed7d91ac512762a2c70490754def64dc5ed61e3e98d090233ebe0f79c",
         ],
         "x-amz-content-sha256": Array [
           "f8e4bdb2ca9c0f90b0fe56e32bf509ba44b73e2f52af123832f9ddbfe7e8fafa",
@@ -415,7 +415,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=1db5024ed7d91ac512762a2c70490754def64dc5ed61e3e98d090233ebe0f79c",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=1db5024ed7d91ac512762a2c70490754def64dc5ed61e3e98d090233ebe0f79c",
         ],
         "x-amz-content-sha256": Array [
           "f8e4bdb2ca9c0f90b0fe56e32bf509ba44b73e2f52af123832f9ddbfe7e8fafa",
@@ -457,7 +457,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,Signature=35a4edef214657ec5799666681f637951d01b3cbf9ec3754f858ce8b722c026c",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=35a4edef214657ec5799666681f637951d01b3cbf9ec3754f858ce8b722c026c",
         ],
         "x-amz-content-sha256": Array [
           "f8e4bdb2ca9c0f90b0fe56e32bf509ba44b73e2f52af123832f9ddbfe7e8fafa",
@@ -499,7 +499,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=f50f9b3a7b33b58809a8da7216b68ca8730fd157cc7aef4c945fa5df1a22cd03",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=f50f9b3a7b33b58809a8da7216b68ca8730fd157cc7aef4c945fa5df1a22cd03",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -546,7 +546,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=f50f9b3a7b33b58809a8da7216b68ca8730fd157cc7aef4c945fa5df1a22cd03",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=f50f9b3a7b33b58809a8da7216b68ca8730fd157cc7aef4c945fa5df1a22cd03",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",
@@ -591,7 +591,7 @@ Array [
     "headers": Headers {
       Symbol(map): Object {
         "Authorization": Array [
-          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host,x-amz-content-sha256,x-amz-date,x-amz-security-token,Signature=e846064053af5730311f5a8dd565139c9fdc9de4f9d1c12b8f2f77f619b7d2e1",
+          "AWS4-HMAC-SHA256 Credential=accessKeyId/20200418/us-west-1/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,Signature=e846064053af5730311f5a8dd565139c9fdc9de4f9d1c12b8f2f77f619b7d2e1",
         ],
         "X-Amz-Security-Token": Array [
           "sessionToken",

common/changes/@microsoft/rush/fix-s3-credentials_2021-04-29-05-23.json

@@ -0,0 +1,11 @@
+{
+  "changes": [
+    {
+      "packageName": "@microsoft/rush",
+      "comment": "Fix a regression in the S3 cloud build cache provider",
+      "type": "none"
+    }
+  ],
+  "packageName": "@microsoft/rush",
+  "email": "[email protected]"
+}