Specify global endpoint and signature region for other partitions (#3274

) * Specify global endpoint and signature region for other partitions So far the global endpoint had `us-east-1` for normal partition hard-coded and it did not work in other partitions like China or us-gov. #3192 * Specify global endpoint and signature region for other partitions * Rename signatureRegion into signingRegion
aws · Jun 16, 2020 · ae07e49 · ae07e49
1 parent 3ace654
commit ae07e49
Show file tree

Hide file tree

Showing 6 changed files with 54 additions and 17 deletions.
diff --git a/.changes/next-release/bugfix-Global Services-7a32dfd9.json b/.changes/next-release/bugfix-Global Services-7a32dfd9.json
@@ -0,0 +1,5 @@
+{
+  "type": "bugfix",
+  "category": "Global Services",
+  "description": "Add default signing region for IAM and Route53 in China and GovCloud"
+}
diff --git a/lib/region_config.js b/lib/region_config.js
@@ -58,6 +58,9 @@ function configureEndpoint(service) {
 
       // set global endpoint
       service.isGlobalEndpoint = !!config.globalEndpoint;
+      if (config.signingRegion) {
+        service.signingRegion = config.signingRegion;
+      }
 
       // signature version
       if (!config.signatureVersion) config.signatureVersion = 'v4';

diff --git a/lib/region_config_data.json b/lib/region_config_data.json
@@ -14,20 +14,31 @@
     },
     "*/budgets": "globalSSL",
     "*/cloudfront": "globalSSL",
-    "*/iam": "globalSSL",
     "*/sts": "globalSSL",
     "*/importexport": {
       "endpoint": "{service}.amazonaws.com",
       "signatureVersion": "v2",
       "globalEndpoint": true
     },
-    "*/route53": {
-      "endpoint": "https://{service}.amazonaws.com",
-      "signatureVersion": "v3https",
-      "globalEndpoint": true
+
+    "*/route53": "globalSSL",
+    "cn-*/route53": {
+      "endpoint": "{service}.amazonaws.com.cn",
+      "globalEndpoint": true,
+      "signingRegion": "cn-northwest-1"
     },
+    "us-gov-*/route53": "globalGovCloud",
+
     "*/waf": "globalSSL",
+
+    "*/iam": "globalSSL",
+    "cn-*/iam": {
+      "endpoint": "{service}.cn-north-1.amazonaws.com.cn",
+      "globalEndpoint": true,
+      "signingRegion": "cn-north-1"
+    },
     "us-gov-*/iam": "globalGovCloud",
+
     "us-gov-*/sts": {
       "endpoint": "{service}.{region}.amazonaws.com"
     },
@@ -56,14 +67,17 @@
   "patterns": {
     "globalSSL": {
       "endpoint": "https://{service}.amazonaws.com",
-      "globalEndpoint": true
+      "globalEndpoint": true,
+      "signingRegion": "us-east-1"
     },
     "globalGovCloud": {
-      "endpoint": "{service}.us-gov.amazonaws.com"
+      "endpoint": "{service}.us-gov.amazonaws.com",
+      "globalEndpoint": true,
+      "signingRegion": "us-gov-west-1"
     },
     "s3signature": {
       "endpoint": "{service}.{region}.amazonaws.com",
       "signatureVersion": "s3"
     }
   }
-}
+}
diff --git a/lib/request.js b/lib/request.js
@@ -313,8 +313,13 @@ AWS.Request = inherit({
     var region = service.config.region;
     var customUserAgent = service.config.customUserAgent;
 
-    // global endpoints sign as us-east-1
-    if (service.isGlobalEndpoint) region = 'us-east-1';
+    if (service.isGlobalEndpoint) {
+      if (service.signingRegion) {
+        region = service.signingRegion;
+      } else {
+        region = 'us-east-1';
+      }
+    }
 
     this.domain = domain && domain.active;
     this.service = service;

diff --git a/scripts/region-checker/whitelist.js b/scripts/region-checker/whitelist.js
@@ -25,8 +25,7 @@ var whitelist = {
         112
     ],
     '/request.js': [
-        315,
-        316
+        319
     ],
     '/services/s3.js': [
         70,

diff --git a/test/region_config.spec.js b/test/region_config.spec.js
@@ -38,14 +38,24 @@ describe('region_config.js', function() {
     expect(service.endpoint.host).to.equal('s3.amazonaws.com');
   });
 
-  it('does not use any global endpoints in cn-*', function() {
+  it('uses "global" endpoint for IAM in cn-northwest-1', function() {
     var service = new AWS.IAM({
-      region: 'cn-north-1'
+      region: 'cn-northwest-1'
     });
-    expect(service.isGlobalEndpoint).to.equal(false);
+    expect(service.isGlobalEndpoint).to.equal(true);
+    expect(service.signingRegion).to.equal('cn-north-1');
     expect(service.endpoint.host).to.equal('iam.cn-north-1.amazonaws.com.cn');
   });
 
+  it('uses "global" endpoint for Route53 in cn-north-1', function() {
+    var service = new AWS.Route53({
+      region: 'cn-north-1'
+    });
+    expect(service.isGlobalEndpoint).to.equal(true);
+    expect(service.signingRegion).to.equal('cn-northwest-1');
+    expect(service.endpoint.host).to.equal('route53.amazonaws.com.cn');
+  });
+
   it('enables signature version 4 signing in cn-*', function() {
     var service = new AWS.IAM({
       region: 'cn-north-1'
@@ -85,9 +95,10 @@ describe('region_config.js', function() {
 
   it('uses us-gov endpoint for IAM in GovCloud', function() {
     var service = new AWS.IAM({
-      region: 'us-gov-west-1'
+      region: 'us-gov-east-1'
     });
-    expect(service.isGlobalEndpoint).to.equal(false);
+    expect(service.isGlobalEndpoint).to.equal(true);
+    expect(service.signingRegion).to.equal('us-gov-west-1');
     expect(service.endpoint.host).to.equal('iam.us-gov.amazonaws.com');
   });
-Original file line number
+Diff line change
@@ Expand Up / @@ -25,8 +25,7 @@ var whitelist = { @@
         ],
         '/request.js': [
-,
         ],
         '/services/s3.js': [
 ,
@@ Expand Down @@