adds context to the V4 signer's utilities

Author: skotambkar

CHANGELOG_PENDING.md

@@ -3,8 +3,9 @@ Breaking Change
 * `service`: Add generated service for wafregional and dynamodbstreams #463
   * Updates the wafregional and dynamodbstreams API clients to include all API operations, and types that were previously shared between waf and dynamodb API clients respectively. This update ensures that all API clients include all operations and types needed for that client, and shares no types with another client package.
   * To migrate your applications to use the updated wafregional and dynamodbstreams you'll need to update the package the impacted type is imported from to match the client the type is being used with.
-* `aws`: Context has been added to EC2Metadata operations and credential provider operations that use EC2Metadata.([#461](https://github.com/aws/aws-sdk-go-v2/pull/461))
-
+* `aws`: Context has been added to EC2Metadata operations.([#461](https://github.com/aws/aws-sdk-go-v2/pull/461))
+  * Also updates utilities that directly or indirectly depend on EC2Metadata client. Signer utilities, credential providers now take in context.
+  
 Services
 ---
 

aws/signer/v4/functional_test.go

@@ -1,6 +1,7 @@
 package v4_test
 
 import (
+	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -162,7 +163,7 @@ func TestStandaloneSign_CustomURIEscape(t *testing.T) {
 	req.URL.Path = `/log-*/_search`
 	req.URL.Opaque = "//subdomain.us-east-1.es.amazonaws.com/log-%2A/_search"
 
-	_, err = signer.Sign(req, nil, "es", "us-east-1", time.Unix(0, 0))
+	_, err = signer.Sign(context.Background(), req, nil, "es", "us-east-1", time.Unix(0, 0))
 	if err != nil {
 		t.Fatalf("expect no error, got %v", err)
 	}
@@ -191,7 +192,7 @@ func TestStandaloneSign(t *testing.T) {
 		req.URL.Path = c.OrigURI
 		req.URL.RawQuery = c.OrigQuery
 
-		_, err = signer.Sign(req, nil, c.Service, c.Region, time.Unix(0, 0))
+		_, err = signer.Sign(context.Background(), req, nil, c.Service, c.Region, time.Unix(0, 0))
 		if err != nil {
 			t.Errorf("expected no error, but received %v", err)
 		}
@@ -228,7 +229,7 @@ func TestStandaloneSign_RawPath(t *testing.T) {
 		req.URL.RawPath = c.EscapedURI
 		req.URL.RawQuery = c.OrigQuery
 
-		_, err = signer.Sign(req, nil, c.Service, c.Region, time.Unix(0, 0))
+		_, err = signer.Sign(context.Background(), req, nil, c.Service, c.Region, time.Unix(0, 0))
 		if err != nil {
 			t.Errorf("expected no error, but received %v", err)
 		}

aws/signer/v4/v4.go

@@ -263,8 +263,8 @@ type signingCtx struct {
 // generated. To bypass the signer computing the hash you can set the
 // "X-Amz-Content-Sha256" header with a precomputed value. The signer will
 // only compute the hash if the request header value is empty.
-func (v4 Signer) Sign(r *http.Request, body io.ReadSeeker, service, region string, signTime time.Time) (http.Header, error) {
-	return v4.signWithBody(r, body, service, region, 0, signTime)
+func (v4 Signer) Sign(ctx context.Context, r *http.Request, body io.ReadSeeker, service, region string, signTime time.Time) (http.Header, error) {
+	return v4.signWithBody(ctx, r, body, service, region, 0, signTime)
 }
 
 // Presign signs AWS v4 requests with the provided body, service name, region
@@ -297,12 +297,12 @@ func (v4 Signer) Sign(r *http.Request, body io.ReadSeeker, service, region strin
 // PUT/GET capabilities. If you would like to include the body's SHA256 in the
 // presigned request's signature you can set the "X-Amz-Content-Sha256"
 // HTTP header and that will be included in the request's signature.
-func (v4 Signer) Presign(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
-	return v4.signWithBody(r, body, service, region, exp, signTime)
+func (v4 Signer) Presign(ctx context.Context, r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
+	return v4.signWithBody(ctx, r, body, service, region, exp, signTime)
 }
 
-func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
-	ctx := &signingCtx{
+func (v4 Signer) signWithBody(ctx context.Context, r *http.Request, body io.ReadSeeker, service, region string, exp time.Duration, signTime time.Time) (http.Header, error) {
+	signingCtx := &signingCtx{
 		Request:                r,
 		Body:                   body,
 		Query:                  r.URL.Query(),
@@ -315,31 +315,31 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 		unsignedPayload:        v4.UnsignedPayload,
 	}
 
-	for key := range ctx.Query {
-		sort.Strings(ctx.Query[key])
+	for key := range signingCtx.Query {
+		sort.Strings(signingCtx.Query[key])
 	}
 
-	if ctx.isRequestSigned() {
-		ctx.Time = sdk.NowTime()
-		ctx.handlePresignRemoval()
+	if signingCtx.isRequestSigned() {
+		signingCtx.Time = sdk.NowTime()
+		signingCtx.handlePresignRemoval()
 	}
 
 	var err error
-	ctx.credValues, err = v4.Credentials.Retrieve(context.Background())
+	signingCtx.credValues, err = v4.Credentials.Retrieve(ctx)
 	if err != nil {
 		return http.Header{}, err
 	}
 
-	aws.SanitizeHostForHeader(ctx.Request)
-	ctx.assignAmzQueryValues()
-	if err := ctx.build(v4.DisableHeaderHoisting); err != nil {
+	aws.SanitizeHostForHeader(signingCtx.Request)
+	signingCtx.assignAmzQueryValues()
+	if err := signingCtx.build(v4.DisableHeaderHoisting); err != nil {
 		return nil, err
 	}
 
 	// If the request is not presigned the body should be attached to it. This
 	// prevents the confusion of wanting to send a signed request without
 	// the body the request was signed for attached.
-	if !(v4.DisableRequestBodyOverwrite || ctx.isPresign) {
+	if !(v4.DisableRequestBodyOverwrite || signingCtx.isPresign) {
 		var reader io.ReadCloser
 		if body != nil {
 			var ok bool
@@ -351,10 +351,10 @@ func (v4 Signer) signWithBody(r *http.Request, body io.ReadSeeker, service, regi
 	}
 
 	if v4.Debug.Matches(aws.LogDebugWithSigning) {
-		v4.logSigningInfo(ctx)
+		v4.logSigningInfo(signingCtx)
 	}
 
-	return ctx.SignedHeaderVals, nil
+	return signingCtx.SignedHeaderVals, nil
 }
 
 func (ctx *signingCtx) handlePresignRemoval() {
@@ -455,7 +455,7 @@ func SignSDKRequest(req *aws.Request, opts ...func(*Signer)) {
 		signingTime = req.LastSignedAt
 	}
 
-	signedHeaders, err := v4.signWithBody(req.HTTPRequest, req.GetBody(),
+	signedHeaders, err := v4.signWithBody(req.Context(), req.HTTPRequest, req.GetBody(),
 		name, region, req.ExpireTime, signingTime,
 	)
 	if err != nil {

aws/signer/v4/v4_test.go

@@ -125,7 +125,7 @@ func TestPresignRequest(t *testing.T) {
 	req, body := buildRequest("dynamodb", "us-east-1", "{}")
 
 	signer := buildSigner()
-	signer.Presign(req, body, "dynamodb", "us-east-1", 300*time.Second, time.Unix(0, 0))
+	signer.Presign(context.Background(), req, body, "dynamodb", "us-east-1", 300*time.Second, time.Unix(0, 0))
 
 	expectedDate := "19700101T000000Z"
 	expectedHeaders := "content-length;content-type;host;x-amz-meta-other-header;x-amz-meta-other-header_with_underscore"
@@ -159,7 +159,7 @@ func TestPresignBodyWithArrayRequest(t *testing.T) {
 	req.URL.RawQuery = "Foo=z&Foo=o&Foo=m&Foo=a"
 
 	signer := buildSigner()
-	signer.Presign(req, body, "dynamodb", "us-east-1", 300*time.Second, time.Unix(0, 0))
+	signer.Presign(context.Background(), req, body, "dynamodb", "us-east-1", 300*time.Second, time.Unix(0, 0))
 
 	expectedDate := "19700101T000000Z"
 	expectedHeaders := "content-length;content-type;host;x-amz-meta-other-header;x-amz-meta-other-header_with_underscore"
@@ -191,7 +191,7 @@ func TestPresignBodyWithArrayRequest(t *testing.T) {
 func TestSignRequest(t *testing.T) {
 	req, body := buildRequest("dynamodb", "us-east-1", "{}")
 	signer := buildSigner()
-	signer.Sign(req, body, "dynamodb", "us-east-1", time.Unix(0, 0))
+	signer.Sign(context.Background(), req, body, "dynamodb", "us-east-1", time.Unix(0, 0))
 
 	expectedDate := "19700101T000000Z"
 	expectedSig := "AWS4-HMAC-SHA256 Credential=AKID/19700101/us-east-1/dynamodb/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-meta-other-header;x-amz-meta-other-header_with_underscore;x-amz-security-token;x-amz-target, Signature=a518299330494908a70222cec6899f6f32f297f8595f6df1776d998936652ad9"
@@ -208,7 +208,7 @@ func TestSignRequest(t *testing.T) {
 func TestSignUnseekableBody(t *testing.T) {
 	req, body := buildRequestWithBodyReader("mock-service", "mock-region", bytes.NewBuffer([]byte("hello")))
 	signer := buildSigner()
-	_, err := signer.Sign(req, body, "mock-service", "mock-region", time.Now())
+	_, err := signer.Sign(context.Background(), req, body, "mock-service", "mock-region", time.Now())
 	if err == nil {
 		t.Fatalf("expect error signing request")
 	}
@@ -224,7 +224,7 @@ func TestSignUnsignedPayloadUnseekableBody(t *testing.T) {
 	signer := buildSigner()
 	signer.UnsignedPayload = true
 
-	_, err := signer.Sign(req, body, "mock-service", "mock-region", time.Now())
+	_, err := signer.Sign(context.Background(), req, body, "mock-service", "mock-region", time.Now())
 	if err != nil {
 		t.Fatalf("expect no error, got %v", err)
 	}
@@ -241,7 +241,7 @@ func TestSignPreComputedHashUnseekableBody(t *testing.T) {
 	signer := buildSigner()
 
 	req.Header.Set("X-Amz-Content-Sha256", "some-content-sha256")
-	_, err := signer.Sign(req, body, "mock-service", "mock-region", time.Now())
+	_, err := signer.Sign(context.Background(), req, body, "mock-service", "mock-region", time.Now())
 	if err != nil {
 		t.Fatalf("expect no error, got %v", err)
 	}
@@ -255,7 +255,7 @@ func TestSignPreComputedHashUnseekableBody(t *testing.T) {
 func TestSignBodyS3(t *testing.T) {
 	req, body := buildRequest("s3", "us-east-1", "hello")
 	signer := buildSigner()
-	signer.Sign(req, body, "s3", "us-east-1", time.Now())
+	signer.Sign(context.Background(), req, body, "s3", "us-east-1", time.Now())
 	hash := req.Header.Get("X-Amz-Content-Sha256")
 	if e, a := "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", hash; e != a {
 		t.Errorf("expect %v, got %v", e, a)
@@ -265,7 +265,7 @@ func TestSignBodyS3(t *testing.T) {
 func TestSignBodyGlacier(t *testing.T) {
 	req, body := buildRequest("glacier", "us-east-1", "hello")
 	signer := buildSigner()
-	signer.Sign(req, body, "glacier", "us-east-1", time.Now())
+	signer.Sign(context.Background(), req, body, "glacier", "us-east-1", time.Now())
 	hash := req.Header.Get("X-Amz-Content-Sha256")
 	if e, a := "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", hash; e != a {
 		t.Errorf("expect %v, got %v", e, a)
@@ -275,7 +275,7 @@ func TestSignBodyGlacier(t *testing.T) {
 func TestPresign_SignedPayload(t *testing.T) {
 	req, body := buildRequest("glacier", "us-east-1", "hello")
 	signer := buildSigner()
-	signer.Presign(req, body, "glacier", "us-east-1", 5*time.Minute, time.Now())
+	signer.Presign(context.Background(), req, body, "glacier", "us-east-1", 5*time.Minute, time.Now())
 	hash := req.Header.Get("X-Amz-Content-Sha256")
 	if e, a := "2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824", hash; e != a {
 		t.Errorf("expect %v, got %v", e, a)
@@ -286,7 +286,7 @@ func TestPresign_UnsignedPayload(t *testing.T) {
 	req, body := buildRequest("service-name", "us-east-1", "hello")
 	signer := buildSigner()
 	signer.UnsignedPayload = true
-	signer.Presign(req, body, "service-name", "us-east-1", 5*time.Minute, time.Now())
+	signer.Presign(context.Background(), req, body, "service-name", "us-east-1", 5*time.Minute, time.Now())
 	hash := req.Header.Get("X-Amz-Content-Sha256")
 	if e, a := "UNSIGNED-PAYLOAD", hash; e != a {
 		t.Errorf("expect %v, got %v", e, a)
@@ -296,7 +296,7 @@ func TestPresign_UnsignedPayload(t *testing.T) {
 func TestPresign_UnsignedPayload_S3(t *testing.T) {
 	req, body := buildRequest("s3", "us-east-1", "hello")
 	signer := buildSigner()
-	signer.Presign(req, body, "s3", "us-east-1", 5*time.Minute, time.Now())
+	signer.Presign(context.Background(), req, body, "s3", "us-east-1", 5*time.Minute, time.Now())
 	if a := req.Header.Get("X-Amz-Content-Sha256"); len(a) != 0 {
 		t.Errorf("expect no content sha256 got %v", a)
 	}
@@ -306,7 +306,7 @@ func TestSignPrecomputedBodyChecksum(t *testing.T) {
 	req, body := buildRequest("dynamodb", "us-east-1", "hello")
 	req.Header.Set("X-Amz-Content-Sha256", "PRECOMPUTED")
 	signer := buildSigner()
-	signer.Sign(req, body, "dynamodb", "us-east-1", time.Now())
+	signer.Sign(context.Background(), req, body, "dynamodb", "us-east-1", time.Now())
 	hash := req.Header.Get("X-Amz-Content-Sha256")
 	if e, a := "PRECOMPUTED", hash; e != a {
 		t.Errorf("expect %v, got %v", e, a)
@@ -620,7 +620,7 @@ func TestSignWithRequestBody(t *testing.T) {
 
 	req, err := http.NewRequest("POST", server.URL, nil)
 
-	_, err = signer.Sign(req, bytes.NewReader(expectBody), "service", "region", time.Now())
+	_, err = signer.Sign(context.Background(), req, bytes.NewReader(expectBody), "service", "region", time.Now())
 	if err != nil {
 		t.Errorf("expect not no error, got %v", err)
 	}
@@ -654,7 +654,7 @@ func TestSignWithRequestBody_Overwrite(t *testing.T) {
 
 	req, err := http.NewRequest("GET", server.URL, strings.NewReader("invalid body"))
 
-	_, err = signer.Sign(req, nil, "service", "region", time.Now())
+	_, err = signer.Sign(context.Background(), req, nil, "service", "region", time.Now())
 	req.ContentLength = 0
 
 	if err != nil {
@@ -698,7 +698,7 @@ func TestSignWithBody_ReplaceRequestBody(t *testing.T) {
 	s := NewSigner(creds)
 	origBody := req.Body
 
-	_, err := s.Sign(req, seekerBody, "dynamodb", "us-east-1", time.Now())
+	_, err := s.Sign(context.Background(), req, seekerBody, "dynamodb", "us-east-1", time.Now())
 	if err != nil {
 		t.Fatalf("expect no error, got %v", err)
 	}
@@ -723,7 +723,7 @@ func TestSignWithBody_NoReplaceRequestBody(t *testing.T) {
 
 	origBody := req.Body
 
-	_, err := s.Sign(req, seekerBody, "dynamodb", "us-east-1", time.Now())
+	_, err := s.Sign(context.Background(), req, seekerBody, "dynamodb", "us-east-1", time.Now())
 	if err != nil {
 		t.Fatalf("expect no error, got %v", err)
 	}
@@ -757,15 +757,15 @@ func BenchmarkPresignRequest(b *testing.B) {
 	signer := buildSigner()
 	req, body := buildRequest("dynamodb", "us-east-1", "{}")
 	for i := 0; i < b.N; i++ {
-		signer.Presign(req, body, "dynamodb", "us-east-1", 300*time.Second, time.Now())
+		signer.Presign(context.Background(), req, body, "dynamodb", "us-east-1", 300*time.Second, time.Now())
 	}
 }
 
 func BenchmarkSignRequest(b *testing.B) {
 	signer := buildSigner()
 	req, body := buildRequest("dynamodb", "us-east-1", "{}")
 	for i := 0; i < b.N; i++ {
-		signer.Sign(req, body, "dynamodb", "us-east-1", time.Now())
+		signer.Sign(context.Background(), req, body, "dynamodb", "us-east-1", time.Now())
 	}
 }
 

example/service/rds/rdsutils/authentication/iam_authentication.go

@@ -3,16 +3,17 @@
 package main
 
 import (
+	"context"
 	"database/sql"
 	"fmt"
 	"os"
 
-	"github.com/go-sql-driver/mysql"
-
 	"github.com/aws/aws-sdk-go-v2/aws/external"
+	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	"github.com/aws/aws-sdk-go-v2/aws/stscreds"
 	"github.com/aws/aws-sdk-go-v2/service/rds/rdsutils"
 	"github.com/aws/aws-sdk-go-v2/service/sts"
+	"github.com/go-sql-driver/mysql"
 )
 
 // Usage ./iam_authentication <region> <db user> <db name> <endpoint to database> <iam arn>
@@ -35,8 +36,8 @@ func main() {
 	cfg.Region = awsRegion
 
 	credProvider := stscreds.NewAssumeRoleProvider(sts.New(cfg), os.Args[5])
-
-	authToken, err := rdsutils.BuildAuthToken(dbEndpoint, awsRegion, dbUser, credProvider)
+	signer := v4.NewSigner(credProvider)
+	authToken, err := rdsutils.BuildAuthToken(context.Background(), dbEndpoint, awsRegion, dbUser, signer)
 
 	// Create the MySQL DNS string for the DB connection
 	// user:password@protocol(endpoint)/dbname?<params>