aws-cli icon indicating copy to clipboard operation
aws-cli copied to clipboard
verified publisher icon aws

[v2] Multi-auth trait support

Open aemous opened this issue 1 year ago • 0 comments

Issue #, if available:

  • https://github.com/boto/botocore/pull/3233
  • https://github.com/boto/botocore/pull/3279

Description of changes:

  • Ported the linked botocore PRs above to add multi-auth trait support

Description of tests:

  • Passed the unit/functional tests provided with the original commit.
  • Manually tested specifying multiple auth types in an overridden (ECS) service model. Logs are shown below to verify this:
  • Manually tested specifying the environment variable AWS_SIGV4A_SIGNING_REGION_SET and config variable sigv4a_signing_region_set and verified the X-Amz-Region-Set headers were properly updated in requests.

"auth":["aws.auth#sigv4a", "aws.auth#sigv4", "smithy.api#httpBearerAuth"]

<AWSPreparedRequest stream_output=False, method=POST, url=https://ecs.us-west-2.amazonaws.com/, headers={'X-Amz-Target': b'AmazonEC2ContainerServiceV20141113.CreateCluster', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.17.57 md/awscrt#0.21.2 ua/2.0 os/macos#23.6.0 md/arch#arm64 lang/python#3.12.4 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#ecs.create-cluster', 'host': b'ecs.us-west-2.amazonaws.com', 'X-Amz-Security-Token': b'REDACTED', 'X-Amz-Date': b'20240925T153938Z', 'X-Amz-Region-Set': b'us-west-2', 'Authorization': b'AWS4-ECDSA-P256-SHA256 Credential=REDACTED, SignedHeaders=content-type;host;x-amz-date;x-amz-region-set;x-amz-security-token;x-amz-target, Signature=3044022063bdd92d8b01f913ac2f26c1f924701a0b45067ff0a36e647d11cdd23def86b8022029c22a6b7b762d1caf095c25043c9a579322a983acc488ae04abf7fcfaa34b07', 'Content-Length': '2'}>

"auth":["aws.auth#sigv4", "smithy.api#httpBearerAuth"]

<AWSPreparedRequest stream_output=False, method=POST, url=https://ecs.us-west-2.amazonaws.com/, headers={'X-Amz-Target': b'AmazonEC2ContainerServiceV20141113.CreateCluster', 'Content-Type': b'application/x-amz-json-1.1', 'User-Agent': b'aws-cli/2.17.57 md/awscrt#0.21.2 ua/2.0 os/macos#23.6.0 md/arch#arm64 lang/python#3.12.4 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#ecs.create-cluster', 'X-Amz-Date': b'20240925T153823Z', 'X-Amz-Security-Token': b'REDACTED', 'Authorization': b'AWS4-HMAC-SHA256 Credential=REDACTED, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=3ef073a161442c4f35a6c0d952ba8f823cd5cc4dd2a3c90a1aa804a99223714e', 'Content-Length': '2'}>

"auth":["smithy.api#httpBearerAuth"]

File "/awscli/botocore/auth.py", line 845, in add_auth
    raise NoAuthTokenError()
botocore.exceptions.NoAuthTokenError: Unable to locate authorization token

(This error verifies that the port works for singleton list of bearer since it requested the token in the first place)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

aemous avatar Sep 24 '24 15:09 aemous