-
Notifications
You must be signed in to change notification settings - Fork 646
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#98 - end to end testing of AWS Signature 4 based on AWS test suite #120
Conversation
…quest validation.
Hi @devsprint, Thank you for your contribution! We really value the time you've taken to put this together. Before we proceed with reviewing this pull request, please sign the Lightbend Contributors License Agreement: |
Refs #98 |
CLA signed |
… Scala test suite refactoring, in prgress.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@agolubev is this something you would like to review? |
@patriknw thanks for the notification. I'll review this today |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR has a lot of header manipulation and seems like 3 or 4 akka-http problems were identified. Would be good to have them as tickets with ticket number in code at least
private def uriEncode(str: String) = URLEncoder.encode(str, "utf-8") | ||
private def encodeQueryParams(name: String, value: String): String = | ||
if (name.contains(' ')) { | ||
s"${uriEncode(name.takeWhile(_ != ' ')).replace("%7E", "~")}=" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should this be changed to just string append?
|
||
private def uriEncode(str: String) = if (isAlreadyURLEncoded(str)) str else URLEncoder.encode(str, "utf-8") | ||
|
||
// TODO: this could be removed when the Uri class in akka-http will accept utf-8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was not able to find appropriate ticket in akka-http. Should one be created?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
akka/akka-http#86 - this is a similar issue, but for Cyrillic URIs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you add ticket number to comment into code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. it will be in next push
whenReady(stsResult) { builtSts => | ||
withClue(s"According to the expected string to sign stored in ${sts._1}") { | ||
if (sts._1 == "post-x-www-form-urlencoded.sts") { | ||
// TODO: skip this test because we can't avoid adding charset into http request as the test suite require. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need to consider this as http ticket?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probes.get.foreach { | ||
case (fileName, expectedResult) => | ||
testCanonicalRequest(fileName, expectedResult) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All 4 test cases are different only with testMethod and expected result - can this be a single function with results collection and test function as arguments?
* @return the Uri | ||
*/ | ||
private def encodeIfRequired(rawUri: String): Uri = { | ||
val pattern = """^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$$""".r |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
need some explanation here, maybe comments
*/ | ||
private def encodeIfRequired(rawUri: String): Uri = { | ||
val pattern = """^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$$""".r | ||
// TODO: this look like a bug in Uri parser in akka-http ("//" is generating empty path) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Another akka-http ticket?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (current.contains(':')) { | ||
current :: acc | ||
} else { | ||
// TODO: trim and ',' has been added to pass the test, but it looks like a bug in HttpParser code from akka-http. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as above
In general - looks good |
@agolubev please take a look to last PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Thanks!
} | ||
|
||
private def fixContentTypeHeaderParameter(headers: String): String = | ||
headers.replace("charset=UTF-8", "charset=utf8") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will break signing, as you sign a different request than what akka-http will send.
I think this approach cannot work because not all of the test cases (the If you want to use the test cases, you need to check in the first step what the actually requests are that akka-http will send out and check these against the original test case. This will probably need to use Worse, the changes to the signer might actually break signing because the canonical representation doesn't seem to be the same as what will be sent through akka-http, so that AWS will have to reject requests which were manipulated by the signer. |
.replace(":", "%3A") | ||
.replace("%2F", "/") | ||
.replace("%7E", "~") | ||
.replace("+", "%20") | ||
|
||
def canonicalHeaderString(headers: Seq[HttpHeader]): String = { | ||
val grouped = headers.groupBy(_.lowercaseName()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be missing the value of req.entity.contentType
which is encoded specially in the akka-http model.
@jrudolph hmm, I understand your reasons and thanks for clarifications. Some parts of the test data from Amazon will not work with current constrains, but this is a small part of it, the ones that are having a body, where most of them are not having any. For this I will work out how to adapt it such that we can use it with smaller changes (.req, .creq.. changes). There are 2 test data sets that are failing (POST-x-www-form-urlencoded and POST-x-www-form-urlencoded-parameters). Are you ok with this approach ? |
Not sure how important the comment is, do you know @ktoso ? |
Ok, thanks for the update, then I'll leave this open |
/** | ||
* Load the probes files from resource folder. | ||
*/ | ||
object Probes { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probes is a bit of a weird name, in Akka probes are TestProbes hm.
Agree with @jrudolph's both contents. We must use the actual APIs to verify the test actually is testing what will be put onto the wire. Now it's a weird mix of hand constructing things which may be not the way we'd render these - please make the .req files into actual Akka HTTP model types directly. Where it's not possible we need to fix something or provide workarounds. |
@devsprint any news here? |
Sorry for keeping this so long. I think the bottom line here is:
Here's a sketch how to implement signing tests:
Not sure if it makes sense to keep this PR open as the real solution might not have much in common with what we have here. WDYT? |
@jrudolph I have tried to find a way to still use the test cases from Amazon but as you also obeserved is it imposible to use them. I think that the right option is to close this PR. |
Ok. Let's close it for now. I'll add a comment in the ticket to see the comments here before tackling it again. Anyway, thanks for your work, @devsprint! |
…t validation.