Add test to exercise excluded headers in aws-sigv4 (#1890)

* Add test for excluded headers list This commit adds a test for the functionality added in #1381. Technically, there was an existing test `presigning_header_exclusion` that exercised the said functionality but it only covered the behavior partially, i.e. only a case where the `excluded_headers` field in `SigningSettings` contained just `user-agent`. The new test will randomly add headers to `excluded_headers` and verify the functionality works as expected. * Update CHANGELOG.next.toml * Update CHANGELOG.next.toml Co-authored-by: John DiSanti <jdisanti@amazon.com> Co-authored-by: Saito <awsaito@c889f3b5ddc4.ant.amazon.com> Co-authored-by: John DiSanti <jdisanti@amazon.com>
smithy-lang · Oct 21, 2022 · ca2c788 · ca2c788
1 parent aaf75fb
commit ca2c788
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/CHANGELOG.next.toml b/CHANGELOG.next.toml
@@ -192,3 +192,9 @@ message = "Fix aws-sigv4 canonical request formatting fallibility."
 references = ["smithy-rs#1656"]
 meta = { "breaking" = false, "tada" = false, "bug" = true }
 author = "ysaito1001"
+
+[[aws-sdk-rust]]
+message = "Add test to exercise excluded headers in aws-sigv4."
+references = ["smithy-rs#1890"]
+meta = { "breaking" = false, "tada" = false, "bug" = false }
+author = "ysaito1001"
diff --git a/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs b/aws/rust-runtime/aws-sigv4/src/http_request/canonical_request.rs
@@ -507,10 +507,10 @@ mod tests {
     };
     use crate::http_request::{SignatureLocation, SigningParams};
     use crate::sign::sha256_hex_string;
-    use http::HeaderValue;
     use http::Uri;
+    use http::{header::HeaderName, HeaderValue};
     use pretty_assertions::assert_eq;
-    use proptest::proptest;
+    use proptest::{prelude::*, proptest};
     use std::time::Duration;
 
     fn signing_params(settings: SigningSettings) -> SigningParams<'static> {
@@ -707,6 +707,47 @@ mod tests {
         );
     }
 
+    proptest! {
+       #[test]
+       fn presigning_header_exclusion_with_explicit_exclusion_list_specified(
+           excluded_headers in prop::collection::vec("[a-z]{1,20}", 1..10),
+       ) {
+            let mut request_builder = http::Request::builder()
+                .uri("https://some-endpoint.some-region.amazonaws.com")
+                .header("content-type", "application/xml")
+                .header("content-length", "0");
+            for key in &excluded_headers {
+                request_builder = request_builder.header(key, "value");
+            }
+            let request = request_builder.body("").unwrap();
+
+            let request = SignableRequest::from(&request);
+
+            let settings = SigningSettings {
+                signature_location: SignatureLocation::QueryParams,
+                expires_in: Some(Duration::from_secs(30)),
+                excluded_headers: Some(
+                    excluded_headers
+                        .into_iter()
+                        .map(|header_string| {
+                            HeaderName::from_static(Box::leak(header_string.into_boxed_str()))
+                        })
+                        .collect(),
+                ),
+                ..Default::default()
+            };
+
+            let signing_params = signing_params(settings);
+            let canonical = CanonicalRequest::from(&request, &signing_params).unwrap();
+
+            let values = canonical.values.into_query_params().unwrap();
+            assert_eq!(
+                "content-length;content-type;host",
+                values.signed_headers.as_str()
+            );
+        }
+    }
+
     #[test]
     fn test_trim_all_handles_spaces_correctly() {
         // Can't compare a byte array to a Cow so we convert both to slices before comparing