Skip to content

Commit

Permalink
Update CRT submodules to latest (#997)
Browse files Browse the repository at this point in the history 
* Update mountpoint-s3-crt-sys crate excludes to reduce package size

Signed-off-by: Daniel Carl Jones <[email protected]>
Signed-off-by: Burak Varlı <[email protected]>

* Update CRT submodules to latest releases

Signed-off-by: Daniel Carl Jones <[email protected]>
Signed-off-by: Burak Varlı <[email protected]>

* WIP: Add testing for #927

Signed-off-by: Burak Varlı <[email protected]>

* Gate scoped credential test

Signed-off-by: Burak Varlı <[email protected]>

* Update `test_credential_process_behind_source_profile` to use role

Signed-off-by: Burak Varlı <[email protected]>

* Remove unused import

Signed-off-by: Burak Varlı <[email protected]>

* Remove TODOs from CHANGELOG

Signed-off-by: Burak Varlı <[email protected]>

* Update CRT submodules to latest

Signed-off-by: Burak Varlı <[email protected]>

* Remove feature gate from `test_credential_process_behind_source_profile`

Signed-off-by: Burak Varlı <[email protected]>

* Fix Clippy failures

Signed-off-by: Burak Varlı <[email protected]>

* More Clippy fixes

Signed-off-by: Burak Varlı <[email protected]>

* Fix formatting

Signed-off-by: Burak Varlı <[email protected]>

* Update test failure message

Co-authored-by: Daniel Carl Jones <[email protected]>
Signed-off-by: Burak <[email protected]>

---------

Signed-off-by: Daniel Carl Jones <[email protected]>
Signed-off-by: Burak Varlı <[email protected]>
Signed-off-by: Burak <[email protected]>
Co-authored-by: Daniel Carl Jones <[email protected]>
Co-authored-by: Daniel Carl Jones <[email protected]>
  • Loading branch information
@unexge @dannycjones
3 people authored Sep 4, 2024
1 parent ae4f909 commit 3c371f3
Show file tree
Hide file tree
Showing 12 changed files with 151 additions and 11 deletions.
133 changes: 132 additions & 1 deletion mountpoint-s3-client/tests/auth.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ pub mod common;

use std::io::Write;
use std::option::Option::None;
use std::writeln;

use aws_sdk_s3::primitives::ByteStream;
use bytes::Bytes;
Expand All @@ -13,7 +14,6 @@ use common::creds::{get_sdk_default_chain_creds, get_subsession_iam_role};
use common::*;
use futures::StreamExt;
use mountpoint_s3_client::config::{EndpointConfig, S3ClientAuthConfig, S3ClientConfig};
#[cfg(not(feature = "s3express_tests"))]
use mountpoint_s3_client::error::ObjectClientError;
#[cfg(not(feature = "s3express_tests"))]
use mountpoint_s3_client::S3RequestError;
Expand Down Expand Up @@ -240,6 +240,130 @@ async fn test_profile_provider_assume_role_async() {
check_get_result(result, None, &body[..]).await;
}

async fn test_credential_process_behind_source_profile_async() {
let (bucket, prefix) = get_test_bucket_and_prefix("test_credential_process_behind_source_profile");

// Create a test file in "{prefix}/hello"
{
let sdk_client = get_test_sdk_client().await;
let key = format!("{prefix}/hello");
let body = b"hello world!";
sdk_client
.put_object()
.bucket(&bucket)
.key(&key)
.body(ByteStream::from(Bytes::from_static(body)))
.send()
.await
.unwrap();
}

// Get some static credentials by just using the SDK's default provider, which we know works.
let credentials = get_sdk_default_chain_creds().await;

// Create two credential files to be used in `credential_process`,
// one with correct credentials and one with incorrect credentials.
let (correct_credential_file, incorrect_credential_file) = {
let mut correct = NamedTempFile::new().unwrap();
let mut incorrect = NamedTempFile::new().unwrap();
let json_response = r#"{
"Version": 1,
"AccessKeyId": "__AWS_ACCESS_KEY_ID__",
"SecretAccessKey": "__AWS_SECRET_ACCESS_KEY__",
"SessionToken": "__AWS_SESSION_TOKEN__",
"Expiration": "2099-08-20T00:05:35+00:00"
}"#;

correct
.write_all(
json_response
.replace("__AWS_ACCESS_KEY_ID__", credentials.access_key_id())
.replace("__AWS_SECRET_ACCESS_KEY__", credentials.secret_access_key())
.replace("__AWS_SESSION_TOKEN__", credentials.session_token().unwrap())
.as_bytes(),
)
.unwrap();

incorrect
.write_all(
json_response
.replace("__AWS_ACCESS_KEY_ID__", &credentials.access_key_id()[..10])
.replace("__AWS_SECRET_ACCESS_KEY__", credentials.secret_access_key())
.replace("__AWS_SESSION_TOKEN__", credentials.session_token().unwrap())
.as_bytes(),
)
.unwrap();

(correct, incorrect)
};

let mut config_file = NamedTempFile::new().unwrap();

// Create two source profiles to provide credentials from previously created files using `credential_process`.
let (correct_source_profile, incorrect_source_profile) = {
let correct = "correct-source-profile";
writeln!(config_file, "[profile {}]", correct).unwrap();
writeln!(
config_file,
"credential_process=cat {}",
correct_credential_file.path().to_string_lossy()
)
.unwrap();
let incorrect = "incorrect-source-profile";
writeln!(config_file, "[profile {}]", incorrect).unwrap();
writeln!(
config_file,
"credential_process=cat {}",
incorrect_credential_file.path().to_string_lossy()
)
.unwrap();
(correct, incorrect)
};

// Create two profiles to assume our test role with previously created source profiles.
let (correct_profile, incorrect_profile) = {
let correct = "correct-profile";
writeln!(config_file, "[profile {}]", correct).unwrap();
writeln!(config_file, "role_arn={}", get_subsession_iam_role()).unwrap();
writeln!(config_file, "source_profile={}", correct_source_profile).unwrap();
writeln!(config_file, "region={}", &get_test_region()).unwrap();
let incorrect = "incorrect-profile";
writeln!(config_file, "[profile {}]", incorrect).unwrap();
writeln!(config_file, "role_arn={}", get_subsession_iam_role()).unwrap();
writeln!(config_file, "source_profile={}", incorrect_source_profile).unwrap();
writeln!(config_file, "region={}", &get_test_region()).unwrap();
(correct, incorrect)
};

config_file.flush().unwrap();

// Set up the environment variables to use this new config file. This is only OK to do because
// this test is run in a forked process, so won't affect any other concurrently running tests.
std::env::set_var("AWS_CONFIG_FILE", config_file.path().as_os_str());

// With correct profile, things should be fine
let config = S3ClientConfig::new()
.auth_config(S3ClientAuthConfig::Profile(correct_profile.to_owned()))
.endpoint_config(EndpointConfig::new(&get_test_region()));
let client = S3CrtClient::new(config).unwrap();
let _result = client
.list_objects(&bucket, None, "/", 10, &format!("{prefix}foo/"))
.await
.expect("list_objects should succeed");

// With incorrect profile, requests should fail with a client error
let config = S3ClientConfig::new()
.auth_config(S3ClientAuthConfig::Profile(incorrect_profile.to_owned()))
.endpoint_config(EndpointConfig::new(&get_test_region()));
let client = S3CrtClient::new(config).unwrap();
let err = client
.list_objects(&bucket, None, "/", 10, &format!("{prefix}/"))
.await
.expect_err("should fail when using invalid credentials");
assert!(matches!(err, ObjectClientError::ClientError(_)));
drop(config_file);
}

rusty_fork_test! {
#[test]
fn test_profile_provider_static() {
Expand All @@ -254,6 +378,13 @@ rusty_fork_test! {
let runtime = tokio::runtime::Builder::new_current_thread().enable_all().build().unwrap();
runtime.block_on(test_profile_provider_assume_role_async());
}

#[test]
fn test_credential_process_behind_source_profile() {
// rusty_fork doesn't support async tests, so build an SDK-usable runtime manually
let runtime = tokio::runtime::Builder::new_current_thread().enable_all().build().unwrap();
runtime.block_on(test_credential_process_behind_source_profile_async());
}
}

/// Test using a client with scoped-down credentials
Expand Down
4 changes: 3 additions & 1 deletion mountpoint-s3-crt-sys/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,9 @@ exclude = [
]

[build-dependencies]
bindgen = { version = "0.66.1", default-features = false, features = ["runtime"] }
bindgen = { version = "0.66.1", default-features = false, features = [
"runtime",
] }
cc = "1.0.73"
cmake = "0.1.48"
rustflags = "0.1.1"
Expand Down
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-auth
Submodule aws-c-auth updated 6 files
+3 −1 source/credentials_provider_cached.c
+1 −16 source/credentials_provider_default_chain.c
+24 −0 source/credentials_provider_profile.c
+1 −0 tests/CMakeLists.txt
+48 −0 tests/credentials_provider_process_tests.c
+6 −7 tests/credentials_provider_sts_tests.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-cal
Submodule aws-c-cal updated 3 files
+14 −5 .github/workflows/ci.yml
+5 −1 CMakeLists.txt
+70 −26 source/unix/openssl_platform_init.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-common
Submodule aws-c-common updated 10 files
+2 −2 .github/workflows/proof_ci_resources/config.yaml
+2 −1 README.md
+19 −4 cmake/AwsCheckHeaders.cmake
+73 −0 cmake/AwsPrebuildDependency.cmake
+1 −1 include/aws/common/array_list.inl
+68 −1 include/aws/common/json.h
+8 −1 include/aws/common/math.inl
+50 −41 source/json.c
+2 −18 source/windows/device_random.c
+12 −7 tests/json_test.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-compression
Submodule aws-c-compression updated 5 files
+12 −3 .github/workflows/ci.yml
+4 −6 .github/workflows/clang-format.yml
+47 −0 format-check.py
+0 −24 format-check.sh
+1 −1 source/compression.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-http
Submodule aws-c-http updated 11 files
+14 −0 include/aws/http/connection_manager.h
+2 −0 include/aws/http/http.h
+9 −1 include/aws/http/private/h1_connection.h
+155 −47 source/connection_manager.c
+68 −9 source/h1_connection.c
+6 −0 source/http.c
+61 −64 source/websocket.c
+7 −0 tests/CMakeLists.txt
+82 −2 tests/test_connection_manager.c
+214 −0 tests/test_h1_client.c
+32 −0 tests/test_websocket_handler.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-io
Submodule aws-c-io updated 1 files
+2 −2 tests/socket_test.c
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-c-sdkutils
Submodule aws-c-sdkutils updated 15 files
+12 −3 .github/workflows/ci.yml
+4 −6 .github/workflows/clang-format.yml
+47 −0 format-check.py
+0 −24 format-check.sh
+18 −2 include/aws/sdkutils/endpoints_rule_engine.h
+30 −31 include/aws/sdkutils/private/endpoints_types_impl.h
+59 −27 source/endpoints_rule_engine.c
+67 −50 source/endpoints_ruleset.c
+2 −1 source/endpoints_standard_lib.c
+36 −4 source/endpoints_types_impl.c
+1 −0 tests/CMakeLists.txt
+28 −11 tests/endpoints_rule_engine_tests.c
+1 −1 tests/resources/test-cases/partition-fn.json
+45 −0 tests/resources/test-cases/string_array.json
+38 −0 tests/resources/valid-rules/string_array.json
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/aws-lc
Submodule aws-lc updated from 47333e to 2f1879
2 changes: 1 addition & 1 deletion mountpoint-s3-crt-sys/crt/s2n-tls
Submodule s2n-tls updated 255 files
7 changes: 7 additions & 0 deletions mountpoint-s3/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
## Unreleased

### Other changes

* Fix an issue where `credential_process` field would not be picked up correctly when using `source_profile`. ([awslabs/aws-c-auth#245](https://github.com/awslabs/aws-c-auth/pull/245))
* Fix an issue where `credential_process` field would not be picked up correctly when using `--profile <AWS_PROFILE>`. ([awslabs/aws-c-auth#245](https://github.com/awslabs/aws-c-auth/pull/245))

## v1.8.0

### New features
Expand Down

1 comment on commit 3c371f3

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: 3c371f3 Previous: ae4f909 Ratio
random_read_four_threads 13.483984375 MiB/s 27.393359375 MiB/s 2.03
random_read 2.8478515625 MiB/s 6.22490234375 MiB/s 2.19

This comment was automatically generated by workflow using github-action-benchmark.

Please sign in to comment.