Merge pull request #126 from vijayansarathy/master

Adding support to specify HTTP/HTTPS schema
awslabs · Mar 30, 2023 · a3f4ed6 · a3f4ed6
2 parents 4a207d1 + 6469f4f
commit a3f4ed6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/cmd/aws-sigv4-proxy/main.go b/cmd/aws-sigv4-proxy/main.go
@@ -47,8 +47,8 @@ var (
 	regionOverride         = kingpin.Flag("region", "AWS region to sign for").String()
 	disableSSLVerification = kingpin.Flag("no-verify-ssl", "Disable peer SSL certificate validation").Bool()
 	idleConnTimeout        = kingpin.Flag("transport.idle-conn-timeout", "Idle timeout to the upstream service").Default("40s").Duration()
+	schemeOverride         = kingpin.Flag("upstream-url-scheme", "Protocol to proxy with").String()
 	unsignedPayload        = kingpin.Flag("unsigned-payload", "Prevent signing of the payload").Default("false").Bool()
-
 )
 
 type awsLoggerAdapter struct {
@@ -132,6 +132,7 @@ func main() {
 				HostOverride:        *hostOverride,
 				RegionOverride:      *regionOverride,
 				LogFailedRequest:    *logFailedResponse,
+				SchemeOverride:      *schemeOverride,
 			},
 		}),
 	)

diff --git a/handler/proxy_client.go b/handler/proxy_client.go
@@ -43,6 +43,7 @@ type ProxyClient struct {
 	HostOverride        string
 	RegionOverride      string
 	LogFailedRequest    bool
+	SchemeOverride      string
 }
 
 func (p *ProxyClient) sign(req *http.Request, service *endpoints.ResolvedEndpoint) error {
@@ -59,7 +60,7 @@ func (p *ProxyClient) sign(req *http.Request, service *endpoints.ResolvedEndpoin
 
 	// S3 service should not have any escaping applied.
 	// https://github.com/aws/aws-sdk-go/blob/main/aws/signer/v4/v4.go#L467-L470
-        if (service.SigningName == "s3") {
+	if service.SigningName == "s3" {
 		p.Signer.DisableURIPathEscaping = true
 
 		// Enable URI escaping for subsequent calls.
@@ -107,6 +108,9 @@ func (p *ProxyClient) Do(req *http.Request) (*http.Response, error) {
 		proxyURL.Host = req.Host
 	}
 	proxyURL.Scheme = "https"
+	if p.SchemeOverride != "" {
+		proxyURL.Scheme = p.SchemeOverride
+	}
 
 	if log.GetLevel() == log.DebugLevel {
 		initialReqDump, err := httputil.DumpRequest(req, true)
@@ -126,10 +130,10 @@ func (p *ProxyClient) Do(req *http.Request) (*http.Response, error) {
 
 	var service *endpoints.ResolvedEndpoint
 	if p.SigningHostOverride != "" {
-	    proxyReq.Host = p.SigningHostOverride
+		proxyReq.Host = p.SigningHostOverride
 	}
 	if p.SigningNameOverride != "" && p.RegionOverride != "" {
-		service = &endpoints.ResolvedEndpoint{URL: fmt.Sprintf("https://%s", proxyURL.Host), SigningMethod: "v4", SigningRegion: p.RegionOverride, SigningName: p.SigningNameOverride}
+		service = &endpoints.ResolvedEndpoint{URL: fmt.Sprintf("%s://%s", proxyURL.Scheme, proxyURL.Host), SigningMethod: "v4", SigningRegion: p.RegionOverride, SigningName: p.SigningNameOverride}
 	} else {
 		service = determineAWSServiceFromHost(req.Host)
 	}