Skip to content

Add SigV4 request signing for AWS API authentication#3658

Merged
jhrozek merged 2 commits intomainfrom
aws_sts-pr-4--sign
Feb 6, 2026
Merged

Add SigV4 request signing for AWS API authentication#3658
jhrozek merged 2 commits intomainfrom
aws_sts-pr-4--sign

Conversation

@jhrozek
Copy link
Contributor

@jhrozek jhrozek commented Feb 6, 2026

This implements the requestSigner component that signs HTTP requests using AWS Signature Version 4. The signer hashes the request body, adds required headers (Authorization, X-Amz-Date, X-Amz-Security-Token), and ensures the request body remains readable after signing. A 10MB payload limit prevents memory exhaustion from oversized requests.

Related: #3567

@github-actions github-actions bot added the size/M Medium PR: 300-599 lines changed label Feb 6, 2026
dmjb
dmjb previously approved these changes Feb 6, 2026
View reviewed changes
@codecov
Copy link

codecov bot commented Feb 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 78.94737% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 65.98%. Comparing base (89a189d) to head (9a86774).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
pkg/auth/awssts/signer.go 78.94% 4 Missing and 4 partials ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3658   +/-   ##
=======================================
  Coverage   65.97%   65.98%           
=======================================
  Files         415      416    +1     
  Lines       41121    41159   +38     
=======================================
+ Hits        27131    27157   +26     
- Misses      11897    11904    +7     
- Partials     2093     2098    +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

JAORMX
JAORMX reviewed Feb 6, 2026
View reviewed changes
@jhrozek jhrozek force-pushed the aws_sts-pr-4--sign branch from 44f7252 to abe2f37 Compare February 6, 2026 13:33
@github-actions github-actions bot added size/M Medium PR: 300-599 lines changed and removed size/M Medium PR: 300-599 lines changed labels Feb 6, 2026
@jhrozek
Add SigV4 request signing for AWS API authentication
6129529 
This implements the requestSigner component that signs HTTP requests using
AWS Signature Version 4. The signer hashes the request body, adds required
headers (Authorization, X-Amz-Date, X-Amz-Security-Token), and ensures the
request body remains readable after signing. A 10MB payload limit prevents
memory exhaustion from oversized requests.

Related: #3567
@jhrozek
Extract empty SHA-256 hash to a tested constant
9a86774
@jhrozek jhrozek force-pushed the aws_sts-pr-4--sign branch from abe2f37 to 9a86774 Compare February 6, 2026 17:42
@github-actions github-actions bot added size/M Medium PR: 300-599 lines changed and removed size/M Medium PR: 300-599 lines changed labels Feb 6, 2026
@jhrozek jhrozek merged commit 65c7aaa into main Feb 6, 2026
35 checks passed
@jhrozek jhrozek deleted the aws_sts-pr-4--sign branch February 6, 2026 18:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAORMX JAORMX JAORMX approved these changes

@ChrisJBurns ChrisJBurns Awaiting requested review from ChrisJBurns ChrisJBurns is a code owner

@yrobla yrobla Awaiting requested review from yrobla yrobla is a code owner

+1 more reviewer

@dmjb dmjb dmjb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/M Medium PR: 300-599 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jhrozek @JAORMX @dmjb