From ae07e498e77000e55da70b20996dc8fd2f8b3051 Mon Sep 17 00:00:00 2001 From: workeitel Date: Wed, 17 Jun 2020 00:35:46 +0200 Subject: [PATCH] Specify global endpoint and signature region for other partitions (#3274) * Specify global endpoint and signature region for other partitions So far the global endpoint had `us-east-1` for normal partition hard-coded and it did not work in other partitions like China or us-gov. https://github.com/aws/aws-sdk-js/issues/3192 * Specify global endpoint and signature region for other partitions * Rename signatureRegion into signingRegion --- .../bugfix-Global Services-7a32dfd9.json | 5 ++++ lib/region_config.js | 3 ++ lib/region_config_data.json | 30 ++++++++++++++----- lib/request.js | 9 ++++-- scripts/region-checker/whitelist.js | 3 +- test/region_config.spec.js | 21 +++++++++---- 6 files changed, 54 insertions(+), 17 deletions(-) create mode 100644 .changes/next-release/bugfix-Global Services-7a32dfd9.json diff --git a/.changes/next-release/bugfix-Global Services-7a32dfd9.json b/.changes/next-release/bugfix-Global Services-7a32dfd9.json new file mode 100644 index 0000000000..0d56494bf3 --- /dev/null +++ b/.changes/next-release/bugfix-Global Services-7a32dfd9.json @@ -0,0 +1,5 @@ +{ + "type": "bugfix", + "category": "Global Services", + "description": "Add default signing region for IAM and Route53 in China and GovCloud" +} \ No newline at end of file diff --git a/lib/region_config.js b/lib/region_config.js index d6f189fc68..e8a38eddf5 100644 --- a/lib/region_config.js +++ b/lib/region_config.js @@ -58,6 +58,9 @@ function configureEndpoint(service) { // set global endpoint service.isGlobalEndpoint = !!config.globalEndpoint; + if (config.signingRegion) { + service.signingRegion = config.signingRegion; + } // signature version if (!config.signatureVersion) config.signatureVersion = 'v4'; diff --git a/lib/region_config_data.json b/lib/region_config_data.json index 657950ed3b..5a4b749fb4 100644 --- a/lib/region_config_data.json +++ b/lib/region_config_data.json @@ -14,20 +14,31 @@ }, "*/budgets": "globalSSL", "*/cloudfront": "globalSSL", - "*/iam": "globalSSL", "*/sts": "globalSSL", "*/importexport": { "endpoint": "{service}.amazonaws.com", "signatureVersion": "v2", "globalEndpoint": true }, - "*/route53": { - "endpoint": "https://{service}.amazonaws.com", - "signatureVersion": "v3https", - "globalEndpoint": true + + "*/route53": "globalSSL", + "cn-*/route53": { + "endpoint": "{service}.amazonaws.com.cn", + "globalEndpoint": true, + "signingRegion": "cn-northwest-1" }, + "us-gov-*/route53": "globalGovCloud", + "*/waf": "globalSSL", + + "*/iam": "globalSSL", + "cn-*/iam": { + "endpoint": "{service}.cn-north-1.amazonaws.com.cn", + "globalEndpoint": true, + "signingRegion": "cn-north-1" + }, "us-gov-*/iam": "globalGovCloud", + "us-gov-*/sts": { "endpoint": "{service}.{region}.amazonaws.com" }, @@ -56,14 +67,17 @@ "patterns": { "globalSSL": { "endpoint": "https://{service}.amazonaws.com", - "globalEndpoint": true + "globalEndpoint": true, + "signingRegion": "us-east-1" }, "globalGovCloud": { - "endpoint": "{service}.us-gov.amazonaws.com" + "endpoint": "{service}.us-gov.amazonaws.com", + "globalEndpoint": true, + "signingRegion": "us-gov-west-1" }, "s3signature": { "endpoint": "{service}.{region}.amazonaws.com", "signatureVersion": "s3" } } -} \ No newline at end of file +} diff --git a/lib/request.js b/lib/request.js index 9ade2614d4..8421caee65 100644 --- a/lib/request.js +++ b/lib/request.js @@ -313,8 +313,13 @@ AWS.Request = inherit({ var region = service.config.region; var customUserAgent = service.config.customUserAgent; - // global endpoints sign as us-east-1 - if (service.isGlobalEndpoint) region = 'us-east-1'; + if (service.isGlobalEndpoint) { + if (service.signingRegion) { + region = service.signingRegion; + } else { + region = 'us-east-1'; + } + } this.domain = domain && domain.active; this.service = service; diff --git a/scripts/region-checker/whitelist.js b/scripts/region-checker/whitelist.js index 8b1a05b909..283fd63872 100644 --- a/scripts/region-checker/whitelist.js +++ b/scripts/region-checker/whitelist.js @@ -25,8 +25,7 @@ var whitelist = { 112 ], '/request.js': [ - 315, - 316 + 319 ], '/services/s3.js': [ 70, diff --git a/test/region_config.spec.js b/test/region_config.spec.js index 4f934d3d18..9303ca55de 100644 --- a/test/region_config.spec.js +++ b/test/region_config.spec.js @@ -38,14 +38,24 @@ describe('region_config.js', function() { expect(service.endpoint.host).to.equal('s3.amazonaws.com'); }); - it('does not use any global endpoints in cn-*', function() { + it('uses "global" endpoint for IAM in cn-northwest-1', function() { var service = new AWS.IAM({ - region: 'cn-north-1' + region: 'cn-northwest-1' }); - expect(service.isGlobalEndpoint).to.equal(false); + expect(service.isGlobalEndpoint).to.equal(true); + expect(service.signingRegion).to.equal('cn-north-1'); expect(service.endpoint.host).to.equal('iam.cn-north-1.amazonaws.com.cn'); }); + it('uses "global" endpoint for Route53 in cn-north-1', function() { + var service = new AWS.Route53({ + region: 'cn-north-1' + }); + expect(service.isGlobalEndpoint).to.equal(true); + expect(service.signingRegion).to.equal('cn-northwest-1'); + expect(service.endpoint.host).to.equal('route53.amazonaws.com.cn'); + }); + it('enables signature version 4 signing in cn-*', function() { var service = new AWS.IAM({ region: 'cn-north-1' @@ -85,9 +95,10 @@ describe('region_config.js', function() { it('uses us-gov endpoint for IAM in GovCloud', function() { var service = new AWS.IAM({ - region: 'us-gov-west-1' + region: 'us-gov-east-1' }); - expect(service.isGlobalEndpoint).to.equal(false); + expect(service.isGlobalEndpoint).to.equal(true); + expect(service.signingRegion).to.equal('us-gov-west-1'); expect(service.endpoint.host).to.equal('iam.us-gov.amazonaws.com'); });