search

aws / aws-sdk-go-v2

AWS SDK for the Go programming language.
https://aws.github.io/aws-sdk-go-v2/docs/
Apache License 2.0
2.68k stars 651 forks source link

refactoring of buildQuery to accept a list of maintained headers to l… #2773

Closed RanVaknin closed 2 months ago

RanVaknin commented 2 months ago

This PR supplements https://github.com/aws/aws-sdk-go-v2/pull/2768 Following https://github.com/aws/aws-sdk-go-v2/issues/2764 In order to correctly test this changes pertaining to this header, one must use 2 separate accounts.

Account A - where the bucket lives Account B - that makes and signs the request going to that bucket in account A.

In order for this to be enforced, the bucket on account A must be configured to be a request payer bucket, meaning that whoever is making the request to the bucket is going to be billed for it.

Manual "live" testing before change:

https://testbucket-foo-REDACTED.s3.us-east-1.amazonaws.com/my-file.txt?
X-Amz-Credential=REDACTED/20240903/us-east-1/s3/aws4_request&
X-Amz-Date=20240903T164027Z&
X-Amz-Expires=2100&
X-Amz-Request-Payer=requester&
X-Amz-SignedHeaders=host&
x-id=GetObject&
X-Amz-Signature=REDACTED&
X-Amz-Algorithm=AWS4-HMAC-SHA256
403 Forbidden 403
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>REDACTED</RequestId><HostId>REDACTED</HostId></Error>

After change:

https://testbucket-foo-REDACTED.s3.us-east-1.amazonaws.com/my-file.txt?
X-Amz-Expires=2100&
X-Amz-SignedHeaders=host&
x-amz-request-payer=requester&
x-id=GetObject&
X-Amz-Signature=REDACTED&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=REDACTED/20240903/us-east-1/s3/aws4_request&
X-Amz-Date=20240903T163943Z 
200 OK 200