Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PR offer: Support for adding AWS SigV4 Authorization headers #1840

Closed
apparentorder opened this issue Aug 12, 2023 · 3 comments
Closed

PR offer: Support for adding AWS SigV4 Authorization headers #1840

apparentorder opened this issue Aug 12, 2023 · 3 comments
Labels
enhancement New feature or request
Milestone
4.1.0

Comments

@apparentorder
Copy link
Contributor

Problem to solve

I'd like to make authenticated requests to AWS API endpoins and GraphQL APIs with Hurl.

This is not possible with Hurl today, as it requires a custom Authorization request header with a cryptographic signature over several parts of the request (see AWS SigV4).

Proposal

Curl has built-in support for this, so it's basically a matter of adding an aws-sigv4 option (command line and per-request) to Hurl and passing it through to Curl.

An example Hurlfile might look like this:

POST https://sts.eu-central-1.amazonaws.com/
[Options]
aws-sigv4: aws:amz:eu-central-1:sts
[FormParams]
Action: GetCallerIdentity
Version: 2011-06-15

HTTP 200
[Asserts]
xpath "string(//_:GetCallerIdentityResponse/_:GetCallerIdentityResult/_:Account)" == "123456789012"

# ----------------------------------------------------------------------

POST https://xxx.appsync-api.eu-central-1.amazonaws.com/graphql
[Options]
aws-sigv4: aws:amz:eu-central-1:appsync
\```graphql
query {
	listBadebombeWeisheitens { items { uuid } }
}
\```

HTTP 200
[Asserts]
jsonpath "$.errors" not exists
jsonpath "$.data.listBadebombeWeisheitens.items" count > 0

The required authentication data (secret key to generate the signature with) is passed via the --user flag (same as in Curl).

Additional context and resources

In a "classic me", I have already patched Hurl to implement this – before reading CONTRIBUTING.md.

The patch is rather simple and does work as expected: it successfully makes signed requests against AWS API endpoints. Two small issues cropped up, one if which might be a bug in Curl's SigV4 implementation.

Before I take the time to dig deeper into those issues and create a PR, I'd like to await your feedback on the proposal, as suggested by CONTRIBUTING.md.
@apparentorder apparentorder added the enhancement New feature or request label Aug 12, 2023
@jcamiel
Copy link
Collaborator

jcamiel commented Aug 12, 2023

Seems very interesting to me! We're in "summer vacation mode" so don't worry if things are going a little slower.

@fabricereix
Copy link
Collaborator

I'm not familiar with this AWS signature. It would be great if you can add an integration test for it.

@apparentorder
Copy link
Contributor Author

Thanks! Opened #1844 -> closing this issue

@jcamiel jcamiel added this to the 4.1.0 milestone Sep 21, 2023
@jcamiel jcamiel linked a pull request Sep 21, 2023 that will close this issue
Add the aws-sigv4 option to generate AWS SigV4 signed requests #1844
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
4.1.0
Development

Successfully merging a pull request may close this issue.

Add the aws-sigv4 option to generate AWS SigV4 signed requests apparentorder/hurl
3 participants
@fabricereix @apparentorder @jcamiel