diff --git a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/plugins/S3OverrideAuthSchemePropertiesPlugin.java b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/plugins/S3OverrideAuthSchemePropertiesPlugin.java index 3f5e40d7a25e..5b5fe096eefe 100644 --- a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/plugins/S3OverrideAuthSchemePropertiesPlugin.java +++ b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/plugins/S3OverrideAuthSchemePropertiesPlugin.java @@ -121,7 +121,6 @@ private void putSingerProperty(AuthSchemeOption.Builder builder, SignerPrope builder.putSignerProperty((SignerProperty) key, (T) value); } - private boolean addConfiguredProperties(AuthSchemeOption option, S3AuthSchemeParams params) { String schemeId = option.schemeId(); // We check here that the scheme id is sigV4 or sigV4a or some other in the same family. diff --git a/services/s3control/src/it/java/software.amazon.awssdk.services.s3control/S3MrapIntegrationTest.java b/services/s3control/src/it/java/software.amazon.awssdk.services.s3control/S3MrapIntegrationTest.java index af18e2257d91..3b59ea2c593c 100644 --- a/services/s3control/src/it/java/software.amazon.awssdk.services.s3control/S3MrapIntegrationTest.java +++ b/services/s3control/src/it/java/software.amazon.awssdk.services.s3control/S3MrapIntegrationTest.java @@ -22,10 +22,8 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.time.Duration; -import java.util.Arrays; import java.util.Collections; import java.util.List; -import java.util.Optional; import java.util.stream.Stream; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -33,10 +31,9 @@ import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute; -import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute; import software.amazon.awssdk.auth.signer.internal.SignerConstant; import software.amazon.awssdk.awscore.presigner.PresignedRequest; -import software.amazon.awssdk.core.SdkRequest; +import software.amazon.awssdk.core.SdkPlugin; import software.amazon.awssdk.core.interceptor.Context; import software.amazon.awssdk.core.interceptor.ExecutionAttributes; import software.amazon.awssdk.core.interceptor.ExecutionInterceptor; @@ -46,16 +43,14 @@ import software.amazon.awssdk.core.waiters.WaiterAcceptor; import software.amazon.awssdk.http.HttpExecuteRequest; import software.amazon.awssdk.http.HttpExecuteResponse; -import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.S3Configuration; +import software.amazon.awssdk.services.s3.internal.plugins.S3OverrideAuthSchemePropertiesPlugin; import software.amazon.awssdk.services.s3.model.BucketAlreadyOwnedByYouException; import software.amazon.awssdk.services.s3.model.NoSuchKeyException; -import software.amazon.awssdk.services.s3.model.PutObjectRequest; -import software.amazon.awssdk.services.s3.model.UploadPartRequest; import software.amazon.awssdk.services.s3.presigner.S3Presigner; import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest; import software.amazon.awssdk.services.s3control.model.BucketAlreadyExistsException; @@ -99,7 +94,7 @@ public static void setupFixture() { .build(); s3Client = mrapEnabledS3Client(Collections.singletonList(captureInterceptor)); - s3ClientWithPayloadSigning = mrapEnabledS3Client(Arrays.asList(captureInterceptor, new PayloadSigningInterceptor())); + s3ClientWithPayloadSigning = mrapEnabledS3ClientWithPayloadSigning(captureInterceptor); stsClient = StsClient.builder() .credentialsProvider(CREDENTIALS_PROVIDER_CHAIN) @@ -309,6 +304,25 @@ private static S3Client mrapEnabledS3Client(List execution .build(); } + private static S3Client mrapEnabledS3ClientWithPayloadSigning(ExecutionInterceptor executionInterceptor) { + // We can't use here `S3OverrideAuthSchemePropertiesPlugin.enablePayloadSigningPlugin()` since + // it enables payload signing for *all* operations. + SdkPlugin plugin = S3OverrideAuthSchemePropertiesPlugin.builder() + .payloadSigningEnabled(true) + .addOperationConstraint("UploadPart") + .addOperationConstraint("PutObject") + .build(); + return S3Client.builder() + .region(REGION) + .credentialsProvider(CREDENTIALS_PROVIDER_CHAIN) + .serviceConfiguration(S3Configuration.builder() + .useArnRegionEnabled(true) + .build()) + .overrideConfiguration(o -> o.addExecutionInterceptor(executionInterceptor)) + .addPlugin(plugin) + .build(); + } + private void deleteObjectIfExists(S3Client s31, String bucket1, String key) { System.out.println(bucket1); try { @@ -341,21 +355,4 @@ public void beforeTransmission(Context.BeforeTransmission context, ExecutionAttr this.normalizePath = executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNER_NORMALIZE_PATH); } } - - private static class PayloadSigningInterceptor implements ExecutionInterceptor { - - public Optional modifyHttpContent(Context.ModifyHttpRequest context, - ExecutionAttributes executionAttributes) { - SdkRequest sdkRequest = context.request(); - - if (sdkRequest instanceof PutObjectRequest || sdkRequest instanceof UploadPartRequest) { - executionAttributes.putAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING, true); - } - if (!context.requestBody().isPresent() && context.httpRequest().method().equals(SdkHttpMethod.POST)) { - return Optional.of(RequestBody.fromBytes(new byte[0])); - } - - return context.requestBody(); - } - } } diff --git a/services/s3control/src/main/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptor.java b/services/s3control/src/main/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptor.java index 5b3cb9f88444..6c0f91ed9f0b 100644 --- a/services/s3control/src/main/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptor.java +++ b/services/s3control/src/main/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptor.java @@ -17,7 +17,6 @@ import java.util.Optional; import software.amazon.awssdk.annotations.SdkInternalApi; -import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute; import software.amazon.awssdk.core.interceptor.Context; import software.amazon.awssdk.core.interceptor.ExecutionAttributes; import software.amazon.awssdk.core.interceptor.ExecutionInterceptor; @@ -25,7 +24,7 @@ import software.amazon.awssdk.http.SdkHttpMethod; /** - * Turns on payload signing and prevents moving query params to body during a POST which S3 doesn't like. + * Prevents moving query params to body during a POST which S3 doesn't like. */ @SdkInternalApi public class PayloadSigningInterceptor implements ExecutionInterceptor { @@ -33,11 +32,10 @@ public class PayloadSigningInterceptor implements ExecutionInterceptor { @Override public Optional modifyHttpContent(Context.ModifyHttpRequest context, ExecutionAttributes executionAttributes) { - executionAttributes.putAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING, true); - if (!context.requestBody().isPresent() && context.httpRequest().method() == SdkHttpMethod.POST) { + Optional bodyOptional = context.requestBody(); + if (context.httpRequest().method() == SdkHttpMethod.POST && !bodyOptional.isPresent()) { return Optional.of(RequestBody.fromBytes(new byte[0])); } - - return context.requestBody(); + return bodyOptional; } } diff --git a/services/s3control/src/test/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptorTest.java b/services/s3control/src/test/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptorTest.java index a7acddb6e4ab..bc5ee8275b77 100644 --- a/services/s3control/src/test/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptorTest.java +++ b/services/s3control/src/test/java/software/amazon/awssdk/services/s3control/internal/interceptors/PayloadSigningInterceptorTest.java @@ -19,7 +19,6 @@ import java.util.Optional; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; -import software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute; import software.amazon.awssdk.core.Protocol; import software.amazon.awssdk.core.SdkRequest; import software.amazon.awssdk.core.async.AsyncRequestBody; @@ -53,7 +52,6 @@ public void modifyHttpContent_AddsExecutionAttributeAndPayload() { assertThat(modified.isPresent()).isTrue(); assertThat(modified.get().contentLength()).isEqualTo(0); - assertThat(executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING)).isTrue(); } @Test @@ -65,7 +63,6 @@ public void modifyHttpContent_DoesNotReplaceBody() { assertThat(modified.isPresent()).isTrue(); assertThat(modified.get().contentLength()).isEqualTo(5); - assertThat(executionAttributes.getAttribute(S3SignerExecutionAttribute.ENABLE_PAYLOAD_SIGNING)).isTrue(); } public final class Context implements software.amazon.awssdk.core.interceptor.Context.ModifyHttpRequest {