Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(rds-signer): add RDS Signer (#1823) #3084

Merged
merged 10 commits into from
May 23, 2022
Merged

feat(rds-signer): add RDS Signer (#1823) #3084

merged 10 commits into from
May 23, 2022

Conversation

jgoeglein
Copy link
Contributor

Issue

#1823

Description

Adds RDS Signer for generating a password that can be used for IAM authentication. Previously, this functionality existed in v2.

Testing

  1. Unit tests
  2. Built and published tgz locally and deployed project using new module via CDK to verify functionality. Example manual implementation that was tested is located in this branch

Additional context

n/a

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@jgoeglein jgoeglein requested a review from a team as a code owner December 6, 2021 17:19
AllanZhengYP
AllanZhengYP reviewed Dec 6, 2021
View reviewed changes
Copy link
Contributor

@AllanZhengYP AllanZhengYP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This very solid start! The interface is mostly complatible with the v2 SDK, which is good. I only have a few suggestions/questions.

lib/lib-rds/src/Signer.ts Outdated Show resolved Hide resolved
lib/lib-rds/src/Signer.ts Outdated Show resolved Hide resolved
lib/lib-rds/README.md Outdated Show resolved Hide resolved
AllanZhengYP
AllanZhengYP reviewed Dec 8, 2021
View reviewed changes
lib/lib-rds/package.json Outdated
"license": "Apache-2.0",
"dependencies": {
"@aws-sdk/signature-v4": "3.40.0",
"@aws-sdk/protocol-http": "3.40.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some dependencies gone missing here: like @aws-sdk/credential-provider-node, @aws-crypto/sha256-js. This is causing the CI build to fail.

@AllanZhengYP
Copy link
Contributor

@jgoeglein Can you move this package to the packages folder? The libs folder are supposed for abstructions beyond the 1:1 mapping of service APIs. The package doesn't qualify it.

@codecov-commenter
Copy link

codecov-commenter commented Dec 8, 2021
edited
Loading

Codecov Report

Merging #3084 (83ec3ce) into main (f6a3ef5) will decrease coverage by 16.46%.
The diff coverage is n/a.

❗ Current head 83ec3ce differs from pull request most recent head e2ed026. Consider uploading reports for the commit e2ed026 to get more accurate results

@@             Coverage Diff             @@
##             main    #3084       +/-   ##
===========================================
- Coverage   75.19%   58.72%   -16.47%     
===========================================
  Files         474      571       +97     
  Lines       20721    30622     +9901     
  Branches     4755     7541     +2786     
===========================================
+ Hits        15581    17984     +2403     
- Misses       5140    12638     +7498
Impacted Files Coverage Δ
...ages/middleware-sdk-s3/src/throw-200-exceptions.ts 90.00% <0.00%> (-3.34%) ⬇️
private/aws-protocoltests-ec2/src/endpoints.ts 100.00% <0.00%> (ø)
private/aws-protocoltests-json/src/endpoints.ts 100.00% <0.00%> (ø)
private/aws-protocoltests-query/src/endpoints.ts 100.00% <0.00%> (ø)
private/aws-protocoltests-ec2/src/runtimeConfig.ts 100.00% <0.00%> (ø)
private/aws-protocoltests-json-10/src/endpoints.ts 100.00% <0.00%> (ø)
private/aws-protocoltests-restxml/src/endpoints.ts 100.00% <0.00%> (ø)
...rivate/aws-protocoltests-json/src/runtimeConfig.ts 100.00% <0.00%> (ø)
...rivate/aws-protocoltests-restjson/src/endpoints.ts 100.00% <0.00%> (ø)
...ivate/aws-protocoltests-query/src/runtimeConfig.ts 100.00% <0.00%> (ø)
... and 108 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 51aaffc...e2ed026. Read the comment docs.

@jgoeglein jgoeglein force-pushed the add-rds-signer branch 2 times, most recently from 922f88d to 2e11419 Compare December 8, 2021 20:24
@jgoeglein jgoeglein changed the title feat(lib-rds): add RDS Signer (#1823) feat(rds-signer): add RDS Signer (#1823) Dec 8, 2021
@benasher44 benasher44 mentioned this pull request Feb 15, 2022
Closed
@benasher44
Copy link

We're now using this implementation in our project. It'd be great to see this finally merged and rolled into the main SDK, so that we can re-shuffle our explicit dependencies 🙏

AllanZhengYP
AllanZhengYP reviewed May 2, 2022
View reviewed changes
Copy link
Contributor

@AllanZhengYP AllanZhengYP left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for waiting so long before I reviewing it again! The PR is in a good shape now. I only have 2 very minor comments. Do you plan to take them? or I can push some commits to this branch.

/cc @jgoeglein

packages/rds-signer/.gitignore Outdated Show resolved Hide resolved
packages/rds-signer/README.md Show resolved Hide resolved
@jgoeglein
Copy link
Contributor Author

Sorry for waiting so long before I reviewing it again! The PR is in a good shape now. I only have 2 very minor comments. Do you plan to take them? or I can push some commits to this branch.

/cc @jgoeglein

@AllanZhengYP Added you as a collaborator so you can push those changes - it might take me a few days to get back around to this, but happy to do so if needed.

@AllanZhengYP
Copy link
Contributor

Okay, I will take it up. For easier interface, I plan to make this signer populating the default credential and region automatically. I post a separate PR #3588 to add an easier interface of Node.js default credential provider. I will update thie PR after that one merged.

@trivikr trivikr mentioned this pull request May 4, 2022
Merged
@AllanZhengYP AllanZhengYP requested review from kuhe and trivikr May 9, 2022 16:42
@AllanZhengYP AllanZhengYP added the pr/needs-review This PR needs a review from a Member. label May 9, 2022
@AllanZhengYP
Copy link
Contributor

According to the latest offline discussion, we decided to standardize all the naming scheme to the signers packages like s3-request-presigner, polly-request-presigner, and cloudfront-request-presigner, because some of them doesn't actually presign a request.

For this package, we decided to keep the name as rds-signer, and keep the operation name as getAuthToken().

@bfaulk96
Copy link

Really looking forward to this addition – Not a fan of importing the entire aws-sdk simply to grab an IAM RDS password 😅

Thanks for all your hard work!

@AllanZhengYP AllanZhengYP merged commit bec7eee into aws:main May 23, 2022
@trivikr trivikr mentioned this pull request May 24, 2022
Merged
@github-actions
Copy link

github-actions bot commented Jun 7, 2022

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AllanZhengYP AllanZhengYP AllanZhengYP left review comments

@kuhe kuhe kuhe approved these changes

@trivikr trivikr Awaiting requested review from trivikr

Assignees
No one assigned
Labels
pr/needs-review This PR needs a review from a Member.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jgoeglein @AllanZhengYP @codecov-commenter @benasher44 @bfaulk96 @kuhe