Closed mbamber closed 1 month ago
@c2zwdjnlcg is this something you can look into? @mbamber if you'd like to submit a fix, feel free to do so. Thanks.
If I knew how to fix it, I would have already submitted a PR 😛
I've spent the last few hours trying to workout how all the tests etc work but I must admit I'm somewhat floundering. If you can point me in the direction of how to debug the tests, that would certainly help.
I did manage to discover the following though:
Given the following opa test which uses the same data from test/cases/testdata/providers-aws/aws-sign_req.yaml
test_headers if {
req := {"method": "get", "url": "http://example.com", "headers": {"foo": "bar"}}
expected := {
"headers": {
"Authorization": "AWS4-HMAC-SHA256 Credential=MYAWSACCESSKEYGOESHERE/20151228/us-east-1/s3/aws4_request,SignedHeaders=foo;host;x-amz-content-sha256;x-amz-date,Signature=8f1dc7c9b9978356a0d0989fd26a95307f4f8a4aa264d8220647b7097d839952",
"host": "example.com",
"x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"x-amz-date": "20151228T140825Z",
"foo": "bar"
},
"method": "get",
"url": "http://example.com"
}
aws_config := {
"aws_access_key": "MYAWSACCESSKEYGOESHERE",
"aws_secret_access_key": "MYAWSSECRETACCESSKEYGOESHERE",
"aws_service": "s3",
"aws_region": "us-east-1",
}
r := providers.aws.sign_req(req, aws_config, 1451311705000000000)
print(r)
print(expected)
r == expected
}
... I get the following output:
[redacted].test_headers: FAIL (447.645µs)
{"headers": {"Authorization": "AWS4-HMAC-SHA256 Credential=MYAWSACCESSKEYGOESHERE/20151228/us-east-1/s3/aws4_request,SignedHeaders=foo;host;x-amz-content-sha256;x-amz-date,Signature=8f1dc7c9b9978356a0d0989fd26a95307f4f8a4aa264d8220647b7097d839952", "host": "example.com", "x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "x-amz-date": "20151228T140825Z"}, "method": "get", "url": "http://example.com"}
{"headers": {"Authorization": "AWS4-HMAC-SHA256 Credential=MYAWSACCESSKEYGOESHERE/20151228/us-east-1/s3/aws4_request,SignedHeaders=foo;host;x-amz-content-sha256;x-amz-date,Signature=8f1dc7c9b9978356a0d0989fd26a95307f4f8a4aa264d8220647b7097d839952", "foo": "bar", "host": "example.com", "x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "x-amz-date": "20151228T140825Z"}, "method": "get", "url": "http://example.com"}
which I think confirms my suspicion that this is a bug (either that or I'm misunderstanding the use of this builtin)
I can't reproduce, you sure you have the right version of the binary? what's the full output of opa version
You're absolutely right, sorry for wasting your time @c2zwdjnlcg
We were using a out of date version in the tests and once upgraded we can confirm that headers are not dropped
Short description
Opa Version: 0.63 We have seen #6456 which seems to be addressing the issue, but it doesnt seem to be working for us.
Steps To Reproduce
Print statements from above
Expected behavior
We believe the signature is being calculated correctly, but we would expect
r
to show the headers that we can see inreq
.Additional context