Skip to content

Add scheme to destination region endpoint #1572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 8, 2020
Merged

Add scheme to destination region endpoint #1572

merged 1 commit into from
Jan 8, 2020

Conversation

dagnir
Copy link
Contributor

@dagnir dagnir commented Jan 3, 2020
edited
Loading

Description

Fixes #1564

Motivation and Context

Bug fix.

Testing

New unit test, integ tests.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have read the README document
  • I have added tests to cover my changes
  • All new and existing tests passed
  • A short description of the change has been added to the CHANGELOG
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@codecov-io
Copy link

codecov-io commented Jan 4, 2020
edited
Loading

Codecov Report

Merging #1572 into master will increase coverage by 0.15%.
The diff coverage is 81.81%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #1572      +/-   ##
============================================
+ Coverage     75.39%   75.55%   +0.15%     
  Complexity      638      638              
============================================
  Files           896      896              
  Lines         28049    28064      +15     
  Branches       2203     2214      +11     
============================================
+ Hits          21148    21203      +55     
+ Misses         5889     5844      -45     
- Partials       1012     1017       +5
Flag Coverage Δ Complexity Δ
#unittests 75.55% <81.81%> (+0.15%) 638 <0> (ø) ⬇️
Impacted Files Coverage Δ Complexity Δ
...nsform/internal/GeneratePreSignUrlInterceptor.java 75.38% <81.81%> (+75.38%) 0 <0> (ø) ⬇️
...db/mappingclient/extensions/WriteModification.java 52% <0%> (ø) 5% <0%> (ø) ⬇️
...tials/WebIdentityTokenFileCredentialsProvider.java 0% <0%> (ø) 0% <0%> (ø) ⬇️
...on/awssdk/services/kinesis/KinesisRetryPolicy.java 85.71% <0%> (ø) 0% <0%> (ø) ⬇️
.../dynamodb/mappingclient/operations/UpdateItem.java 84.37% <0%> (+0.12%) 33% <0%> (ø) ⬇️
.../software/amazon/awssdk/codegen/AddOperations.java 85.33% <0%> (+0.19%) 0% <0%> (ø) ⬇️
...ons/dynamodb/mappingclient/operations/PutItem.java 80.59% <0%> (+0.29%) 18% <0%> (ø) ⬇️
...ssdk/auth/credentials/HttpCredentialsProvider.java 66.66% <0%> (+0.46%) 0% <0%> (ø) ⬇️
...signer/internal/AwsChunkedEncodingInputStream.java 47.29% <0%> (+0.67%) 0% <0%> (ø) ⬇️
...mazon/awssdk/core/internal/retry/RetryHandler.java 95.45% <0%> (+2.27%) 0% <0%> (ø) ⬇️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8cbd76a...6ac80f1. Read the comment docs.

spfink
spfink reviewed Jan 6, 2020
View reviewed changes
...va/software/amazon/awssdk/services/ec2/transform/internal/GeneratePreSignUrlInterceptor.java
return Ec2Client.serviceMetadata().endpointFor(region);
URI endpoint = Ec2Client.serviceMetadata().endpointFor(region);
if (endpoint.getScheme() == null) {
return URI.create("https://" + endpoint);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we pull the client configured protocol in an interceptor?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I considered this, but given that this URL is used by EC2 and not consumed by the customer/client, it doesn't really make sense to be anything other than HTTPS. It's also the same behavior as V1 https://github.com/aws/aws-sdk-java/blob/7b1e5b87b0bf03456df9e77716b14731adf9a7a7/aws-java-sdk-ec2/src/main/java/com/amazonaws/services/ec2/model/transform/GeneratePreSignUrlRequestHandler.java#L145-L147

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on pulling client configured protocol. Customers might use this against a mock server (maybe for testing purpose) which only supports HTTP. I think we should honor the customer configuration.

Copy link
Contributor Author

@dagnir dagnir Jan 6, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I understand the use case. The presigned URL is explicitly used by the EC2 service to presumably pull the snapshot for cross region copying, it doesn't affect where or how the actual HTTP request being modified is sent.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant there might be some mockEc2 server library available for customers to test their applications. The mockEc2 server might have a similar copySnapshot function to mimic the real service's behavior. This use case might be rare or doesn't exist at all, but I still think it'd be better to honor the customer configuration.

Copy link
Contributor Author

@dagnir dagnir Jan 6, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I disagree that it's important in this case; we've had the same behavior in v1 for a long time without issue, the same with RDS. Technically the protocol configured on the client specifies the protocol it speaks to service we're calling the API on anyway, I don't think it necessarily governs things like the presigned URL(s) it generates.

IMO it's also a potential dangerous if the customer happens to being using HTTP and now their EBS snapshots are also being transferred in plaintext.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 8, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@dagnir dagnir merged commit e0490c7 into aws:master Jan 8, 2020
@dagnir dagnir deleted the gh1564 branch January 8, 2020 01:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spfink spfink spfink left review comments

@zoewangg zoewangg zoewangg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

EC2 copy EBS snapshot missing protocol.
4 participants
@dagnir @codecov-io @spfink @zoewangg