#98 - end to end testing of AWS Signature 4 based on AWS test suite #120
Conversation
…quest validation.
|
Hi @devsprint, Thank you for your contribution! We really value the time you've taken to put this together. Before we proceed with reviewing this pull request, please sign the Lightbend Contributors License Agreement: |
|
Refs #98 |
|
CLA signed |
… Scala test suite refactoring, in prgress.
devsprint
changed the title
|
@agolubev is this something you would like to review? |
|
@patriknw thanks for the notification. I'll review this today |
| private def uriEncode(str: String) = URLEncoder.encode(str, "utf-8") | ||
| private def encodeQueryParams(name: String, value: String): String = | ||
| if (name.contains(' ')) { | ||
| s"${uriEncode(name.takeWhile(_ != ' ')).replace("%7E", "~")}=" |
There was a problem hiding this comment.
should this be changed to just string append?
|
|
||
| private def uriEncode(str: String) = if (isAlreadyURLEncoded(str)) str else URLEncoder.encode(str, "utf-8") | ||
|
|
||
| // TODO: this could be removed when the Uri class in akka-http will accept utf-8 |
There was a problem hiding this comment.
I was not able to find appropriate ticket in akka-http. Should one be created?
There was a problem hiding this comment.
akka/akka-http#86 - this is a similar issue, but for Cyrillic URIs
There was a problem hiding this comment.
could you add ticket number to comment into code?
There was a problem hiding this comment.
Sure. it will be in next push
| whenReady(stsResult) { builtSts => | ||
| withClue(s"According to the expected string to sign stored in ${sts._1}") { | ||
| if (sts._1 == "post-x-www-form-urlencoded.sts") { | ||
| // TODO: skip this test because we can't avoid adding charset into http request as the test suite require. |
There was a problem hiding this comment.
do we need to consider this as http ticket?
| probes.get.foreach { | ||
| case (fileName, expectedResult) => | ||
| testCanonicalRequest(fileName, expectedResult) | ||
| } |
There was a problem hiding this comment.
All 4 test cases are different only with testMethod and expected result - can this be a single function with results collection and test function as arguments?
| * @return the Uri | ||
| */ | ||
| private def encodeIfRequired(rawUri: String): Uri = { | ||
| val pattern = """^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$$""".r |
There was a problem hiding this comment.
need some explanation here, maybe comments
| */ | ||
| private def encodeIfRequired(rawUri: String): Uri = { | ||
| val pattern = """^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$$""".r | ||
| // TODO: this look like a bug in Uri parser in akka-http ("//" is generating empty path) |
There was a problem hiding this comment.
Another akka-http ticket?
| if (current.contains(':')) { | ||
| current :: acc | ||
| } else { | ||
| // TODO: trim and ',' has been added to pass the test, but it looks like a bug in HttpParser code from akka-http. |
|
In general - looks good |
|
@agolubev please take a look to last PR. |
| } | ||
|
|
||
| private def fixContentTypeHeaderParameter(headers: String): String = | ||
| headers.replace("charset=UTF-8", "charset=utf8") |
There was a problem hiding this comment.
This will break signing, as you sign a different request than what akka-http will send.
|
I think this approach cannot work because not all of the test cases (the If you want to use the test cases, you need to check in the first step what the actually requests are that akka-http will send out and check these against the original test case. This will probably need to use Worse, the changes to the signer might actually break signing because the canonical representation doesn't seem to be the same as what will be sent through akka-http, so that AWS will have to reject requests which were manipulated by the signer. |
| .replace(":", "%3A") | ||
| .replace("%2F", "/") | ||
| .replace("%7E", "~") | ||
| .replace("+", "%20") | ||
|
|
||
| def canonicalHeaderString(headers: Seq[HttpHeader]): String = { | ||
| val grouped = headers.groupBy(_.lowercaseName()) |
There was a problem hiding this comment.
This seems to be missing the value of req.entity.contentType which is encoded specially in the akka-http model.
|
@jrudolph hmm, I understand your reasons and thanks for clarifications. Some parts of the test data from Amazon will not work with current constrains, but this is a small part of it, the ones that are having a body, where most of them are not having any. For this I will work out how to adapt it such that we can use it with smaller changes (.req, .creq.. changes). There are 2 test data sets that are failing (POST-x-www-form-urlencoded and POST-x-www-form-urlencoded-parameters). Are you ok with this approach ? |
|
Not sure how important the comment is, do you know @ktoso ? |
|
Ok, thanks for the update, then I'll leave this open |
| /** | ||
| * Load the probes files from resource folder. | ||
| */ | ||
| object Probes { |
There was a problem hiding this comment.
Probes is a bit of a weird name, in Akka probes are TestProbes hm.
|
Agree with @jrudolph's both contents. We must use the actual APIs to verify the test actually is testing what will be put onto the wire. Now it's a weird mix of hand constructing things which may be not the way we'd render these - please make the .req files into actual Akka HTTP model types directly. Where it's not possible we need to fix something or provide workarounds. |
|
@devsprint any news here? |
|
Sorry for keeping this so long. I think the bottom line here is:
Here's a sketch how to implement signing tests:
Not sure if it makes sense to keep this PR open as the real solution might not have much in common with what we have here. WDYT? |
|
@jrudolph I have tried to find a way to still use the test cases from Amazon but as you also obeserved is it imposible to use them. I think that the right option is to close this PR. |
|
Ok. Let's close it for now. I'll add a comment in the ticket to see the comments here before tackling it again. Anyway, thanks for your work, @devsprint! |
…t validation.