Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix handling of repeated headers in aws request canonicalization #2261

Merged
merged 7 commits into from
Feb 3, 2023

Conversation

nipunn1313
Copy link
Contributor

@nipunn1313 nipunn1313 commented Jan 28, 2023

This PR fixes it to appear once.

This should fix issues like this one
awslabs/aws-sdk-rust#720

Motivation and Context

awslabs/aws-sdk-rust#720

Previously, repeated headers would appear twice on separate lines in the CanonicalHeaders section and twice in the SignedHeaders section, resulting in invalid signatures failing requests.

See spec in
https://docs.aws.amazon.com/general/latest/gr/create-signed-request.html#create-canonical-request

Description

Per the spec, the header should appear once with a comma separated list of values.

Testing

I added a test to show the output that is appearing.
I would love to actually test end-to-end with aws to make sure the final requests in fact works, but I'm actually not sure how. Would appreciate assistance (or if someone from amazon's side wants to take over the PR, that would be fine with me as well).

Checklist

  • I have updated CHANGELOG.next.toml if I made changes to the smithy-rs codegen or runtime crates

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

See spec in
https://docs.aws.amazon.com/general/latest/gr/create-signed-request.html#create-canonical-request

Previously, repeated headers would appear twice on separate lines in the
`CanonicalHeaders` section and twice in the `SignedHeaders` section.

This PR fixes it to appear once.

This should fix issues like this one
awslabs/aws-sdk-rust#720
@nipunn1313 nipunn1313 requested a review from a team as a code owner January 28, 2023 09:31
@nipunn1313
Copy link
Contributor Author

I was actually able to test that this solves my original bug by running my company's app with this modification to Cargo.toml

-aws-config = "0.54.0"
-aws-sdk-lambda = "0.24.0"
-aws-sdk-s3 = "0.24.0"
-aws-types = "0.54.0"

+aws-config = { path = "/Users/nipunn/src/smithy-rs/aws/sdk/build/aws-sdk/sdk/aws-config" }
+aws-sdk-lambda = { path = "/Users/nipunn/src/smithy-rs/aws/sdk/build/aws-sdk/sdk/lambda" }
+aws-sdk-s3 = { path = "/Users/nipunn/src/smithy-rs/aws/sdk/build/aws-sdk/sdk/s3" }
+aws-types = { path = "/Users/nipunn/src/smithy-rs/aws/sdk/build/aws-sdk/sdk/aws-types" }

It does successfully talk to aws with the new correctly canonicalized headers.

@nipunn1313
Copy link
Contributor Author

nipunn1313 commented Jan 28, 2023

From my app:

Before the fix:

 2023-01-28T08:34:20.991Z TRACE aws_sigv4::http_request::sign > canonical_request=GET
/{redacted object key}
attributes=
host:test-convex-files.s3.us-east-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20230128T083420Z
x-amz-object-attributes:Checksum
x-amz-object-attributes:Checksum
x-amz-user-agent:aws-sdk-rust/0.54.1 api/s3/0.24.0 os/macos lang/rust/1.66.0-nightly

host;x-amz-content-sha256;x-amz-date;x-amz-object-attributes;x-amz-object-attributes;x-amz-user-agent
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

including the following failure:

Error { code: "SignatureDoesNotMatch", message: "The request signature we calculated does not match the signature you provided. Check your key and signing method.", request_id: "6271CBPD71BZ7TS8", s3_extended_request_id: "zeMM9J2/9ey9RdtXUIzerhFnA0Z3X9RcgBRv2xqMKLIJqLYp2G9Cp2tlG+Iihur4tMZcWRZFelY=" }

After

 2023-01-28T09:45:07.418Z TRACE aws_sigv4::http_request::sign   > canonical_request=GET
/{redacted object key}
attributes=
host:test-convex-modules.s3.us-east-1.amazonaws.com
x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-date:20230128T094507Z
x-amz-object-attributes:Checksum,ObjectSize
x-amz-user-agent:aws-sdk-rust/0.54.1 api/s3/0.0.0-local os/macos lang/rust/1.66.0-nightly

host;x-amz-content-sha256;x-amz-date;x-amz-object-attributes;x-amz-user-agent
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

and success!

@@ -225,7 +225,7 @@ impl<'a> CanonicalRequest<'a> {
}

let mut signed_headers = Vec::with_capacity(canonical_headers.len());
for (name, _) in &canonical_headers {
for name in canonical_headers.keys() {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change ensures that each key appears only once in the SignedHeaders section.

std::str::from_utf8(value.as_bytes())
.expect("SDK request header values are valid UTF-8")
})
.collect();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change ensures that all values of the header appear in a comma separated list in the CanonicalHeaders section on the same row - per the spec.

Copy link
Collaborator

@jdisanti jdisanti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution! These changes look good to me.

We're having some issues in CI with Error response from daemon: toomanyrequests: Data limit exceeded at the moment, so you'll see some failures from that. I'll check back and retry those in a bit so we can get a better view of CI.

"host;x-amz-content-sha256;x-amz-date;x-amz-object-attributes"
);

let expected = "GET
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding the unit test! Here is my alternative thought, and feel free to incorporate/discard it. Instead of comparing the entire canonical request in the form of a raw string, could we target our verification on x-amz-object-attributes?

To do so, we need to factor out the code from 341 to 349 into a small method, i.e.

impl<'a> CanonicalRequest<'a> {
    // I just chose some name, but feel free to pick any name that makes sense.
    fn header_values_for(&self, key: impl AsHeaderName) -> Vec<&str> {
        self.headers
            .get_all(key)
            .into_iter()
            .map(|value| {
                std::str::from_utf8(value.as_bytes())
                    .expect("SDK request header values are valid UTF-8")
            })
            .collect()
    }
}

Lines 341-349 will then look like:

let values = self.header_values_for(&header.0);

In the unit test, we can use header_values_for on creq, i.e.,

let actual = creq.header_values_for("x-amz-object-attributes");
assert_eq!(actual, vec!["Checksum", "ObjectSize"]);

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems reasonable! Will do it.

I personally also like having a test that has the entire thing as well as a bit of an integration test - it'll be really easy to notice if something regresses about how the whole thing fits together. But of course, happy to defer to whatever maintainers think.

If we wanted that, it'd probably be better as a separate test that is very plain.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I'll move the "," join into the small method so it also gets coverage in the test - similar to how we test the semicolon joining a few lines above.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I personally also like having a test that has the entire thing as well as a bit of an integration test - it'll be really easy to notice if something regresses about how the whole thing fits together.

Thanks for thinking through. If anything goes wrong out of the implementation of this PR, it'll be caught in the existing integration tests (and probably easy to notice as failures should be across the board).

If we wanted that, it'd probably be better as a separate test that is very plain.

I agree and kind of thought that was the benefit of comparing the canonical request as a raw string in your original code.

Copy link
Contributor

@ysaito1001 ysaito1001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for incorporating the feedback.

@nipunn1313
Copy link
Contributor Author

Sounds good! Let me know if there's anything further you need from me. Feel free to do any rebasing/merge conflicts/minor fixes etc on my behalf if that's what's blocking.

@jdisanti
Copy link
Collaborator

jdisanti commented Feb 1, 2023

I think we're ready to merge. Just waiting for resolution on our CI issues to avoid having to restart the tests a bunch of times 😅

@jdisanti jdisanti added the ready-to-merge This PR is ready to merge into `main` label Feb 2, 2023
@jdisanti jdisanti enabled auto-merge (squash) February 2, 2023 23:45
@jdisanti jdisanti merged commit f8a799d into smithy-lang:main Feb 3, 2023
@jdisanti jdisanti removed the ready-to-merge This PR is ready to merge into `main` label Feb 3, 2023
thomas-k-cameron added a commit to thomas-k-cameron/smithy-rs that referenced this pull request Feb 4, 2023
* formatting: run pre-commit on all files (smithy-lang#2236)

* formatting: run pre-commit on all files

* fix: test broken by string indent

* Remove old service builder machinery (smithy-lang#2161)

* Remove HandlerGenerator and RegistryGenerator

* Shrink RequestRejection

* Remove inlineable

* Remove Router and RequestParts

* Remove old service builder tests

* Add missing test dependency

* Add missing dev dependency

* Remove unused test

* Move Router types

* Switch AllowUnused to AllowUnusedVariables

* Add changelog entry for "Remove old service builder machinery" (smithy-lang#2242)

* Dense maps cannot deserialize null values (smithy-lang#2239)

* Dense maps cannot deserialize null values

Signed-off-by: Daniele Ahmed <[email protected]>

* Dense lists cannot deserialize null (smithy-lang#2240)

* Dense lists cannot deserialize null

Signed-off-by: Daniele Ahmed <[email protected]>

* Update changelog

* Add changelog entry about smithy-lang#2200 (smithy-lang#2250)

Co-authored-by: Julian Antonielli <[email protected]>

* Fix `OperationExtensionFuture` poll order (smithy-lang#2247)

* Fix `OperationExtensionFuture` poll order

* Add CHANGELOG.next.toml entry

Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Bump version to 0.54.1 in `gradle.properties` (smithy-lang#2249)

Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Update changelog

* Add CI action to test aws-sdk-services (smithy-lang#2251)

* run cargo test --all-features instead

* Add check-only option, change check to test

* Support nested APIs in operation input tests

* Newtype FromRequest::Future (smithy-lang#2244)

* Add RFC: Providing fallback credentials on timeout (smithy-lang#2218)

* Add RFC: providing fallback credentials on timeout

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: John DiSanti <[email protected]>

* Incorporate review feedback into RFC

This commit addresses the review feedback:
smithy-lang#2218 (comment)
smithy-lang#2218 (comment)
smithy-lang#2218 (comment)

In addition, we have renamed the proposed method `on_timeout` to
`fallback_on_interrupt` to make it more descriptive.

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update RFC

This commit updates RFC and leaves to discussion how `fallback_on_interrupt`
should be implemented, i.e., either as a synchronous primitive or an
asynchronous primitive.

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update rfc0031_providing_fallback_credentials_on_timeout.md

---------

Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: Zelda Hessler <[email protected]>
Co-authored-by: John DiSanti <[email protected]>
Co-authored-by: Luca Palmieri <[email protected]>

* Replace PR bot's diff tool with one that supports pagination (smithy-lang#2245)

* Implement paginated diff to html tool
* Wire up the new diff tool to PR bot

* Add fallback_on_interrupt to the ProvideCredentials trait (smithy-lang#2246)

* Implement RFC for providing fallback credentials

This commit implements the changes checklist in the RFC for providing
fallback credentials.

* Remove needless lifetime parameter

* Update CHANGELOG.next.toml

---------

Co-authored-by: Yuki Saito <[email protected]>

* Copy non-service integration tests into SDK root tests directory (smithy-lang#2255)

* Copy non-service integration tests into SDK root tests directory

For tests in `aws/sdk/integration-tests` that are not named after a
service module, copy them into the SDK's root `tests/` directory so that
they are run as part of CI on the entire SDK.

* Add missing fields to integration test manifests
* Remove tests from root workspace
* Explicitly exclude the root tests from the root workspace

* Update the event stream section in RFC30 (smithy-lang#2243)

* Python: Support `document` type (smithy-lang#2188)

* Add Python wrapper for `aws_smithy_types::Document`

* Remove unused type

* Make sure Python SSDKs uses Python specific `Document` type

* Allow Python specific `Document` type to be used in serialization and deserialization

* Make `pyo3/extension-module` a default feature

* Add `PythonServerTypesTest`

* Fix linting issues

* Add `Data limit exceeded` to build image throttle messages (smithy-lang#2260)

* Update smoketest models (smithy-lang#2252)

* Make minor fixes to the crate claim workflow (smithy-lang#2259)

* Add support for `@uniqueItems` (smithy-lang#2232)

This commit adds support for the `@uniqueItems` trait on `list` shapes
in server SDKs. Requests with duplicate values for `list` shapes
constrained with `@uniqueItems` will be rejected by servers.

* Update mentions to codegen configuration key in changelog (smithy-lang#2166)

As well as in one error message.

The key is `codegen`, not `codegenConfig`.

* Change the release flow to use release branches (smithy-lang#2253)

* What happens if we comment out the runtime crate version from gradle.properties?

* Allow running the release and the CI workflows from an arbitrary commit.

* Does a fake version work?

* Pass `git_ref` from the release workflow.

* It needs to be a valid semver version.

* Sketch new command to upgrade version in gradle.properties

* Command implementation

* Plug the new publisher command into the `release` action.

* Plumb end-to-end

* Fix copyright header.

* Fix lint.

* Temporarily comment out the sanity check.

* Ignore sanity check

* Add a command that prints out the template for CHANGELOG.next.toml

* Add branch check + empty TOML generation.

* Add copyright headers.

* Fix imports.

* Remove sanity check.

* Move script to a file.

* Add a check to validate the tag.

* Remove second build step.

* Move to .github/scripts folder.

* Make the script easier to run locally

* Fail if anything fails.

* Add comment.

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/ci.yml

Co-authored-by: david-perez <[email protected]>

* Remove touch.

* Fix indentation and branch name.

* Update .github/workflows/ci.yml

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/release.yml

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/release.yml

Co-authored-by: david-perez <[email protected]>

* Explicit flags.

* Use the path that was provided.

* Format

---------

Co-authored-by: david-perez <[email protected]>

* Reduce Docker image rebuilds (smithy-lang#2269)

* Move `acquire-build-image` into `.github`
* Move the `tools-hash` script into `.github`
* Upload to ECR from PRs as well
* Move build tools into `tools/ci-build/`
* Move CI scripts out of `ci-build`
* Split CI for forks/non-forks
* Remove `fetch-depth: 0` from PR workflows

* Remove teams from `publisher` ownership list (smithy-lang#2257)

* Add static stability support to IMDS credentials provider (smithy-lang#2258)

* Add static stability support to ImdsCredentialsProvider

This commit adds static stability support to `ImdsCredentialsProvider`.
Static stability refers to continued availability of a service in the
face of impaired dependencies. In case IMDS is not available, we still
allow requests to be dispatched with expired credentials. This, in turn,
allows the target service to makes the ultimate decision as to whether
requests sent are valid or not instead of the client SDK determining
their validity.

The way it is implemented is `ImdsCredentialsProvider` now stores a last
retrieved credentials which will later be served when IMDS is unreachable.

* Add tests to IMDS credentials provider

This commit adds tests to IMDS credentials providers for static stability
support. These tests are prescribed in smithy-lang#2117.
From an IMDS credentials provider' perspective, however, some of the tests
are considered to fall under the same equivalence class with others.
Therefore, a single test can cover multiple test cases.

* Update CHANGELOG.next.toml

* Update CHANGELOG.next.toml

Co-authored-by: John DiSanti <[email protected]>

---------

Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: John DiSanti <[email protected]>

* Increase build image backoff time and attempts (smithy-lang#2267)

* Must set a member in unions (smithy-lang#2241)

* Must set a member in unions

Signed-off-by: Daniele Ahmed <[email protected]>

* Add `runs-on` (smithy-lang#2273)

* Add `runs-on` (smithy-lang#2275)

* Fix job trigger. Clarify that short SHAs won't work. (smithy-lang#2278)

* Clarify what type of reference we are trying to push. (smithy-lang#2279)

* Update gradle properties for dry runs as well. (smithy-lang#2280)

* Get verbose logging from the branch script. (smithy-lang#2281)

* Fix trigger for following jobs. (smithy-lang#2282)

* Fix action paths. (smithy-lang#2283)

* We need to checkout in the `smithy-rs` folder because that's an assumption baked into the definition of the docker-build action. (smithy-lang#2284)

* Use action-arguments for arguments. (smithy-lang#2285)

* Fix if condition. (smithy-lang#2286)

* Persist the modified gradle.properties outside of the Docker context (smithy-lang#2287)

* Fix if condition.

* Make sure that the changes are visible to the push step after the Docker action has executed by persisting the modified repository as an artifact.

* Give a name to the argument.

* Use larger machines for the slowest CI jobs. (smithy-lang#2263)

* Use larger machines for the slowest CI jobs.

* Fix invocation.

* Fix paths. (smithy-lang#2288)

* Commit if modified (smithy-lang#2289)

* Fix paths.

* Fix commit logic - it should commit when there were changes.

* Set user name and email when committing (smithy-lang#2290)

* `git push origin` fails if there is nothing to push. (smithy-lang#2291)

* Use curly braces to group together the commit and push action (smithy-lang#2292)

* Fix syntax error when grouping commands. (smithy-lang#2293)

* [release-branches] Fix the reference that gets checked out (smithy-lang#2294)

* Fix the reference that gets checked out

* Fix

* Fix broken doc link to `tokio_stream::Stream` (smithy-lang#2271)

* Fix broken doc link to `Stream`

This commit fixes broken doc link to `Stream` in codegen clients. That
target is `tokio_stream::Stream`, which in turn is a re-export of
`futures_core::Stream`. Since we do not have a good way to link to the
re-export, we remove a hyper link and just put `Stream`.

* Update CHANGELOG.next.toml

---------

Co-authored-by: Yuki Saito <[email protected]>

* Use docker login when possible (smithy-lang#2265)

Login to ECR when credentials are available to improve CI performance

* Simplify `AdHocSection` (smithy-lang#2272)

Co-authored-by: Russell Cohen <[email protected]>

* Fix CI on main and don't acquire Docker login for forks (smithy-lang#2295)

* Fix CI on main and don't acquire Docker login for forks

* Convert empty env vars into `None`

* Optimize base image acquisition on main

* Collect more diagnostics. (smithy-lang#2297)

* [release-branches] Fix working directory (smithy-lang#2298)

* Fix working directory.

* Build the Docker image using the latest commit on the invocation branch.

* We need a Docker image with the same SHA later in the process.

* Clone does not preserve uncommitted changes. This was leading to the gradle.properties update being lost. (smithy-lang#2299)

* Make `OperationExtension` store the absolute shape ID (smithy-lang#2276)

* Do not alter Operation shape ID

* Add OperationExtensionExt test

* Add CHANGELOG.next.toml entry

* Apply suggestions from code review

Co-authored-by: Luca Palmieri <[email protected]>

---------

Co-authored-by: Luca Palmieri <[email protected]>

* Retrieve the output from outside the Docker context (smithy-lang#2300)

Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Fix image tagging in CI on main (smithy-lang#2301)

* Fix handling of repeated headers in AWS request canonicalization (smithy-lang#2261)

* Remove usage of always empty writable in `JsonParserGenerator` (smithy-lang#2192)

The writable calculates a string that it never writes.

This was added in smithy-lang#2131.

* fix

---------

Signed-off-by: Daniele Ahmed <[email protected]>
Co-authored-by: Zelda Hessler <[email protected]>
Co-authored-by: Harry Barber <[email protected]>
Co-authored-by: 82marbag <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>
Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>
Co-authored-by: Russell Cohen <[email protected]>
Co-authored-by: ysaito1001 <[email protected]>
Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: John DiSanti <[email protected]>
Co-authored-by: Luca Palmieri <[email protected]>
Co-authored-by: Burak <[email protected]>
Co-authored-by: david-perez <[email protected]>
Co-authored-by: Nipunn Koorapati <[email protected]>
thomas-k-cameron added a commit to thomas-k-cameron/smithy-rs that referenced this pull request Feb 4, 2023
* formatting: run pre-commit on all files (smithy-lang#2236)

* formatting: run pre-commit on all files

* fix: test broken by string indent

* Remove old service builder machinery (smithy-lang#2161)

* Remove HandlerGenerator and RegistryGenerator

* Shrink RequestRejection

* Remove inlineable

* Remove Router and RequestParts

* Remove old service builder tests

* Add missing test dependency

* Add missing dev dependency

* Remove unused test

* Move Router types

* Switch AllowUnused to AllowUnusedVariables

* Add changelog entry for "Remove old service builder machinery" (smithy-lang#2242)

* Dense maps cannot deserialize null values (smithy-lang#2239)

* Dense maps cannot deserialize null values

Signed-off-by: Daniele Ahmed <[email protected]>

* Dense lists cannot deserialize null (smithy-lang#2240)

* Dense lists cannot deserialize null

Signed-off-by: Daniele Ahmed <[email protected]>

* Update changelog

* Add changelog entry about smithy-lang#2200 (smithy-lang#2250)

Co-authored-by: Julian Antonielli <[email protected]>

* Fix `OperationExtensionFuture` poll order (smithy-lang#2247)

* Fix `OperationExtensionFuture` poll order

* Add CHANGELOG.next.toml entry

Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Bump version to 0.54.1 in `gradle.properties` (smithy-lang#2249)

Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Update changelog

* Add CI action to test aws-sdk-services (smithy-lang#2251)

* run cargo test --all-features instead

* Add check-only option, change check to test

* Support nested APIs in operation input tests

* Newtype FromRequest::Future (smithy-lang#2244)

* Add RFC: Providing fallback credentials on timeout (smithy-lang#2218)

* Add RFC: providing fallback credentials on timeout

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: Zelda Hessler <[email protected]>

* Update design/src/rfcs/rfc0031_providing_fallback_credentials_on_timeout.md

Co-authored-by: John DiSanti <[email protected]>

* Incorporate review feedback into RFC

This commit addresses the review feedback:
smithy-lang#2218 (comment)
smithy-lang#2218 (comment)
smithy-lang#2218 (comment)

In addition, we have renamed the proposed method `on_timeout` to
`fallback_on_interrupt` to make it more descriptive.

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update RFC

This commit updates RFC and leaves to discussion how `fallback_on_interrupt`
should be implemented, i.e., either as a synchronous primitive or an
asynchronous primitive.

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update rfc0031_providing_fallback_credentials_on_timeout.md

* Update rfc0031_providing_fallback_credentials_on_timeout.md

---------

Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: Zelda Hessler <[email protected]>
Co-authored-by: John DiSanti <[email protected]>
Co-authored-by: Luca Palmieri <[email protected]>

* Replace PR bot's diff tool with one that supports pagination (smithy-lang#2245)

* Implement paginated diff to html tool
* Wire up the new diff tool to PR bot

* Add fallback_on_interrupt to the ProvideCredentials trait (smithy-lang#2246)

* Implement RFC for providing fallback credentials

This commit implements the changes checklist in the RFC for providing
fallback credentials.

* Remove needless lifetime parameter

* Update CHANGELOG.next.toml

---------

Co-authored-by: Yuki Saito <[email protected]>

* Copy non-service integration tests into SDK root tests directory (smithy-lang#2255)

* Copy non-service integration tests into SDK root tests directory

For tests in `aws/sdk/integration-tests` that are not named after a
service module, copy them into the SDK's root `tests/` directory so that
they are run as part of CI on the entire SDK.

* Add missing fields to integration test manifests
* Remove tests from root workspace
* Explicitly exclude the root tests from the root workspace

* Update the event stream section in RFC30 (smithy-lang#2243)

* Python: Support `document` type (smithy-lang#2188)

* Add Python wrapper for `aws_smithy_types::Document`

* Remove unused type

* Make sure Python SSDKs uses Python specific `Document` type

* Allow Python specific `Document` type to be used in serialization and deserialization

* Make `pyo3/extension-module` a default feature

* Add `PythonServerTypesTest`

* Fix linting issues

* Add `Data limit exceeded` to build image throttle messages (smithy-lang#2260)

* Update smoketest models (smithy-lang#2252)

* Make minor fixes to the crate claim workflow (smithy-lang#2259)

* Add support for `@uniqueItems` (smithy-lang#2232)

This commit adds support for the `@uniqueItems` trait on `list` shapes
in server SDKs. Requests with duplicate values for `list` shapes
constrained with `@uniqueItems` will be rejected by servers.

* Update mentions to codegen configuration key in changelog (smithy-lang#2166)

As well as in one error message.

The key is `codegen`, not `codegenConfig`.

* Change the release flow to use release branches (smithy-lang#2253)

* What happens if we comment out the runtime crate version from gradle.properties?

* Allow running the release and the CI workflows from an arbitrary commit.

* Does a fake version work?

* Pass `git_ref` from the release workflow.

* It needs to be a valid semver version.

* Sketch new command to upgrade version in gradle.properties

* Command implementation

* Plug the new publisher command into the `release` action.

* Plumb end-to-end

* Fix copyright header.

* Fix lint.

* Temporarily comment out the sanity check.

* Ignore sanity check

* Add a command that prints out the template for CHANGELOG.next.toml

* Add branch check + empty TOML generation.

* Add copyright headers.

* Fix imports.

* Remove sanity check.

* Move script to a file.

* Add a check to validate the tag.

* Remove second build step.

* Move to .github/scripts folder.

* Make the script easier to run locally

* Fail if anything fails.

* Add comment.

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/scripts/get-or-create-release-branch.sh

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/ci.yml

Co-authored-by: david-perez <[email protected]>

* Remove touch.

* Fix indentation and branch name.

* Update .github/workflows/ci.yml

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/release.yml

Co-authored-by: david-perez <[email protected]>

* Update .github/workflows/release.yml

Co-authored-by: david-perez <[email protected]>

* Explicit flags.

* Use the path that was provided.

* Format

---------

Co-authored-by: david-perez <[email protected]>

* Reduce Docker image rebuilds (smithy-lang#2269)

* Move `acquire-build-image` into `.github`
* Move the `tools-hash` script into `.github`
* Upload to ECR from PRs as well
* Move build tools into `tools/ci-build/`
* Move CI scripts out of `ci-build`
* Split CI for forks/non-forks
* Remove `fetch-depth: 0` from PR workflows

* Remove teams from `publisher` ownership list (smithy-lang#2257)

* Add static stability support to IMDS credentials provider (smithy-lang#2258)

* Add static stability support to ImdsCredentialsProvider

This commit adds static stability support to `ImdsCredentialsProvider`.
Static stability refers to continued availability of a service in the
face of impaired dependencies. In case IMDS is not available, we still
allow requests to be dispatched with expired credentials. This, in turn,
allows the target service to makes the ultimate decision as to whether
requests sent are valid or not instead of the client SDK determining
their validity.

The way it is implemented is `ImdsCredentialsProvider` now stores a last
retrieved credentials which will later be served when IMDS is unreachable.

* Add tests to IMDS credentials provider

This commit adds tests to IMDS credentials providers for static stability
support. These tests are prescribed in smithy-lang#2117.
From an IMDS credentials provider' perspective, however, some of the tests
are considered to fall under the same equivalence class with others.
Therefore, a single test can cover multiple test cases.

* Update CHANGELOG.next.toml

* Update CHANGELOG.next.toml

Co-authored-by: John DiSanti <[email protected]>

---------

Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: John DiSanti <[email protected]>

* Increase build image backoff time and attempts (smithy-lang#2267)

* Must set a member in unions (smithy-lang#2241)

* Must set a member in unions

Signed-off-by: Daniele Ahmed <[email protected]>

* Add `runs-on` (smithy-lang#2273)

* Add `runs-on` (smithy-lang#2275)

* Fix job trigger. Clarify that short SHAs won't work. (smithy-lang#2278)

* Clarify what type of reference we are trying to push. (smithy-lang#2279)

* Update gradle properties for dry runs as well. (smithy-lang#2280)

* Get verbose logging from the branch script. (smithy-lang#2281)

* Fix trigger for following jobs. (smithy-lang#2282)

* Fix action paths. (smithy-lang#2283)

* We need to checkout in the `smithy-rs` folder because that's an assumption baked into the definition of the docker-build action. (smithy-lang#2284)

* Use action-arguments for arguments. (smithy-lang#2285)

* Fix if condition. (smithy-lang#2286)

* Persist the modified gradle.properties outside of the Docker context (smithy-lang#2287)

* Fix if condition.

* Make sure that the changes are visible to the push step after the Docker action has executed by persisting the modified repository as an artifact.

* Give a name to the argument.

* Use larger machines for the slowest CI jobs. (smithy-lang#2263)

* Use larger machines for the slowest CI jobs.

* Fix invocation.

* Fix paths. (smithy-lang#2288)

* Commit if modified (smithy-lang#2289)

* Fix paths.

* Fix commit logic - it should commit when there were changes.

* Set user name and email when committing (smithy-lang#2290)

* `git push origin` fails if there is nothing to push. (smithy-lang#2291)

* Use curly braces to group together the commit and push action (smithy-lang#2292)

* Fix syntax error when grouping commands. (smithy-lang#2293)

* [release-branches] Fix the reference that gets checked out (smithy-lang#2294)

* Fix the reference that gets checked out

* Fix

* Fix broken doc link to `tokio_stream::Stream` (smithy-lang#2271)

* Fix broken doc link to `Stream`

This commit fixes broken doc link to `Stream` in codegen clients. That
target is `tokio_stream::Stream`, which in turn is a re-export of
`futures_core::Stream`. Since we do not have a good way to link to the
re-export, we remove a hyper link and just put `Stream`.

* Update CHANGELOG.next.toml

---------

Co-authored-by: Yuki Saito <[email protected]>

* Use docker login when possible (smithy-lang#2265)

Login to ECR when credentials are available to improve CI performance

* Simplify `AdHocSection` (smithy-lang#2272)

Co-authored-by: Russell Cohen <[email protected]>

* Fix CI on main and don't acquire Docker login for forks (smithy-lang#2295)

* Fix CI on main and don't acquire Docker login for forks

* Convert empty env vars into `None`

* Optimize base image acquisition on main

* Collect more diagnostics. (smithy-lang#2297)

* [release-branches] Fix working directory (smithy-lang#2298)

* Fix working directory.

* Build the Docker image using the latest commit on the invocation branch.

* We need a Docker image with the same SHA later in the process.

* Clone does not preserve uncommitted changes. This was leading to the gradle.properties update being lost. (smithy-lang#2299)

* Make `OperationExtension` store the absolute shape ID (smithy-lang#2276)

* Do not alter Operation shape ID

* Add OperationExtensionExt test

* Add CHANGELOG.next.toml entry

* Apply suggestions from code review

Co-authored-by: Luca Palmieri <[email protected]>

---------

Co-authored-by: Luca Palmieri <[email protected]>

* Retrieve the output from outside the Docker context (smithy-lang#2300)

Co-authored-by: AWS SDK Rust Bot <[email protected]>

* Fix image tagging in CI on main (smithy-lang#2301)

* Fix handling of repeated headers in AWS request canonicalization (smithy-lang#2261)

* Remove usage of always empty writable in `JsonParserGenerator` (smithy-lang#2192)

The writable calculates a string that it never writes.

This was added in smithy-lang#2131.

---------

Signed-off-by: Daniele Ahmed <[email protected]>
Co-authored-by: Zelda Hessler <[email protected]>
Co-authored-by: Harry Barber <[email protected]>
Co-authored-by: 82marbag <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>
Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: Julian Antonielli <[email protected]>
Co-authored-by: AWS SDK Rust Bot <[email protected]>
Co-authored-by: Russell Cohen <[email protected]>
Co-authored-by: ysaito1001 <[email protected]>
Co-authored-by: Yuki Saito <[email protected]>
Co-authored-by: John DiSanti <[email protected]>
Co-authored-by: Luca Palmieri <[email protected]>
Co-authored-by: Burak <[email protected]>
Co-authored-by: david-perez <[email protected]>
Co-authored-by: Nipunn Koorapati <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants