Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sts PresignGetCallerIdentity - make it simpler to add custom HTTP headers #2673

Open
2 tasks
rittneje opened this issue Jun 9, 2024 · 1 comment
Open
2 tasks

sts PresignGetCallerIdentity - make it simpler to add custom HTTP headers #2673

rittneje opened this issue Jun 9, 2024 · 1 comment
Labels
feature-request A feature should be added or improved. p2 This is a standard priority issue

Comments

@rittneje
Copy link

rittneje commented Jun 9, 2024

Describe the feature

This is a followup to #1137.

It is very common to use a presigned GetCallerIdentity URL as an authentication token. And in these use cases, it is very common to add a custom HTTP header to it, to verify the URL has the right "purpose". For example, Kubernetes uses a presigned URL with the x-k8s-aws-id header set to the cluster name.

Currently, the only way to set a custom header is with a convoluted and unintuitive process shown here:
https://github.com/bluestealth/aws-iam-authenticator/blob/ff550b8c35816a14c256aa064973f6d710334692/pkg/token/token.go#L333-L348

This is in stark contrast to your v1 SDK, which was way simpler:

req, _ := p.stsClient.GetCallerIdentityRequest(&sts.GetCallerIdentityInput{})
for k, v := range header {
    req.HTTPRequest.Header[k] = v
}
presigned, _, err := req.PresignRequest(15 * time.Minute)

Please make setting custom headers a first-class feature of sts.PresignOptions so we don't have to jump through several layers of hoops. At the very least, the v2 SDK docs should explicitly explain how to set custom headers so we don't have to dig it out of closed issues or other library implementations.

Use Case

See above

Proposed Solution

see above

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

AWS Go SDK V2 Module Versions Used

n/a

Go version used

n/a
@rittneje rittneje added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jun 9, 2024
@lucix-aws
Copy link
Contributor

lucix-aws commented Jun 12, 2024
edited
Loading

I view this as more of an indictment of middleware than lack of an API for this common use case. Middleware as written is way too generic of an API to be customer-facing, it's a sentiment I've had for some time.

I don't really think a more explicit "add header" API in say the sts namespace (sts.WithHTTPHeader) is any more discoverable, I think the customer experience for request manipulation needs a complete facelift.

The smithy client reference architecture specifies a design for typed "HTTP interceptors" which gives a customer experience MUCH closer to what we had in v1. We plan to implement that on spec but haven't yet created a public issue to track, I'll do so separately in a bit.

Note that if people still think that experience ends up being too generic/obscure, we can explore commonizing some of these things for specific APIs/use cases, but I think doing that right now before fixing the experience in general is just premature.

@lucix-aws lucix-aws added p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request A feature should be added or improved. p2 This is a standard priority issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rittneje @lucix-aws