CodeCommit credentials-helper does not endcode url before creating canonical request #9327
Assignees
Labels
bug
This issue is a bug.
codecommit
investigating
This issue is being investigated and/or work is in progress to resolve the issue.
p2
This is a standard priority issue
Comments
vgamz
added
bug
RyanFitzSimmonsAK
added
investigating
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
CodeCommit's credential-helper is the recommended way to sign the request and pass SigV4 credentials to git protocol requests.
It seems that the cli is not encoding the URL path before creating canonical request. This causes signature mismatch on the service side when there is a special character in the path.
aws-cli/awscli/customizations/codecommit.py
Line 151 in c9deba6
Creating SigV4 signed request
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html
Regression Issue
Expected Behavior
credential-helper should encode the url path before creating canonical request. If adding encoding might be backward incompatible the cli can take in it as a parameter.
Current Behavior
As the url path is currently not encoded, the signature computed at the service does not match the signature in the request.
Reproduction Steps
git clone https://codeconnections/account/specialCharacterInPath
request fails
Possible Solution
No response
Additional Information/Context
No response
CLI version used
2
Environment details (OS name and version, etc.)
Mac OS 15
The text was updated successfully, but these errors were encountered: