Skip to content

RUST-1529 Use AWS SDK for sigv4 signing #1438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 43 commits into
base: main
Choose a base branch
from
Open

RUST-1529 Use AWS SDK for sigv4 signing #1438

wants to merge 43 commits into from

Conversation

JamieTsai1024
Copy link
Collaborator

@JamieTsai1024 JamieTsai1024 commented Jul 30, 2025
edited
Loading

Replace existing implementation for getting sigv4 signing using the AWS SDK.

Testing

Clone https://github.com/isabelatkinson/drivers-evergreen-tools/tree/local-aws and run the following commands:

./.evergreen/run-aws-auth.sh

cd .evergreen/auth_aws
# run this script to reconfigure the type of AWS authentication to use
# copy the block of unset and export commands output by the script and run them in the terminal window you're using to run the driver tests
./aws_setup.sh (regular | env-creds | assume-role | session-creds | web-identity)

cd ~/mongo-rust-driver 
# Run the unset and set export commands printed by `./aws_setup.sh` for environment variables 
cargo nextest run auth_aws --features aws-auth

Previously

  • Used AWS SDK to retrieve credentials in PR #1435

Work to be done for RUST-1529

  • Decide whether to keep AWS SDK behind feature flag or replace original implementation
JamieTsai1024 and others added 30 commits July 23, 2025 12:30
@JamieTsai1024
Wip - add path for authentication using MongoDB URI behind aws-sdk-au…
bb11533 
…th feature flag
@JamieTsai1024
Get auth credentials through env variables using AWS SDK
3d78f80
@isabelatkinson @JamieTsai1024
test URI/environment variable credentials
1f4c590
@JamieTsai1024
Add conditional imports for aws_config modules behind aws-sdk-auth fe…
6fe85bc 
…ature flag
@JamieTsai1024
Try to pin aws_sdk dependency versions to fix tests
b6e1d9a
@JamieTsai1024
Merge branch 'main' into RUST-1529-no-ff
18c3bc8
@JamieTsai1024
Remove aws-sdk-auth ff
915b087
@isabelatkinson
fix dependencies for MSRV
f5a65af
@JamieTsai1024
Merge branch 'main' into RUST-1529-no-ff
e2a5080
@JamieTsai1024
Fix lint on AwsCredential unused fields
cf3f3a5
@JamieTsai1024
Fix lint
8df943f
@JamieTsai1024
Uncomment tests
6b9d129
@JamieTsai1024
Revert comments in config.yml
e99fff2
@JamieTsai1024
Clean up comments
73d3a82
@JamieTsai1024
Remove unused imports and replace expect
dd94b48
@JamieTsai1024
Make dependencies optional and comment back patchable: false
e10a3ba
@JamieTsai1024
Move get credentials logic to a public method
f365624
@JamieTsai1024
Change return type of get_aws_credentials from AwsCredential to aws_c…
408ca2f 
…redential_types::Credential
@JamieTsai1024
Fix lint and imports
f528c00
@JamieTsai1024
Move import behind aws-auth feature flag
678cdcb
@JamieTsai1024
Add logs
90d5156
@JamieTsai1024
Add logs
eac9bcf
@JamieTsai1024
Add default-https-client and rt-tokio to aws-config dependencies
cb26899
@JamieTsai1024
Comment out tests for credential caching
725d373
@JamieTsai1024
Merge branch 'main' into RUST-1529-no-ff
b4c06e8
@JamieTsai1024
Update Cargo.lock
46e171d
@JamieTsai1024
Fix cargo.lock
0cd8dfa
@isabelatkinson
revert unneeded changes in cargo.lock
a482936
@JamieTsai1024
Uncomment and add ignore tags, remove dbg logs
2416644
@JamieTsai1024
Merge branch 'RUST-1529-no-ff' of https://github.com/JamieTsai1024/mo…
ee4f602 
…ngo-rust-driver into RUST-1529-no-ff
JamieTsai1024
JamieTsai1024 commented Aug 1, 2025
View reviewed changes
src/client/auth/aws.rs
@@ -117,27 +126,34 @@ async fn authenticate_stream_inner(
let creds = get_aws_credentials(credential).await.map_err(|e| {
Error::authentication_error(MECH_NAME, &format!("failed to get creds: {e}"))
})?;
let aws_credential = AwsCredential::from_sdk_creds(creds);
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In a previous PR, we introduced from_sdk_creds(...) to convert from aws_credential_types::Credentials to locally defined AwsCredential type. Now that we've converted the rest of the authentication to use the AWS SDK, we no longer need this conversion
@JamieTsai1024 JamieTsai1024 marked this pull request as ready for review August 1, 2025 18:06
@JamieTsai1024 JamieTsai1024 requested a review from a team as a code owner August 1, 2025 18:06
@JamieTsai1024 JamieTsai1024 requested a review from abr-egn August 1, 2025 18:06
JamieTsai1024
JamieTsai1024 commented Aug 1, 2025
View reviewed changes
.evergreen/config.yml
@@ -223,7 +223,7 @@ buildvariants:

- name: aws-auth
display_name: "AWS Authentication"
patchable: false
# patchable: false
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will uncomment once PR is approved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@JamieTsai1024 @isabelatkinson