From 3e41446a8403541e9f807360975b00839f549fc1 Mon Sep 17 00:00:00 2001 From: Vijayan Sarathy Date: Tue, 28 Mar 2023 18:44:21 -0400 Subject: [PATCH 1/2] Adding support to specify HTTP/HTTPS schema --- cmd/aws-sigv4-proxy/main.go | 2 ++ handler/proxy_client.go | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/cmd/aws-sigv4-proxy/main.go b/cmd/aws-sigv4-proxy/main.go index f4e2978..0b1c881 100644 --- a/cmd/aws-sigv4-proxy/main.go +++ b/cmd/aws-sigv4-proxy/main.go @@ -47,6 +47,7 @@ var ( regionOverride = kingpin.Flag("region", "AWS region to sign for").String() disableSSLVerification = kingpin.Flag("no-verify-ssl", "Disable peer SSL certificate validation").Bool() idleConnTimeout = kingpin.Flag("transport.idle-conn-timeout", "Idle timeout to the upstream service").Default("40s").Duration() + schemeOverride = kingpin.Flag("scheme", "Protocol to proxy with").String() ) type awsLoggerAdapter struct { @@ -129,6 +130,7 @@ func main() { HostOverride: *hostOverride, RegionOverride: *regionOverride, LogFailedRequest: *logFailedResponse, + SchemeOverride: *schemeOverride, }, }), ) diff --git a/handler/proxy_client.go b/handler/proxy_client.go index 6e52853..e5682e2 100644 --- a/handler/proxy_client.go +++ b/handler/proxy_client.go @@ -43,6 +43,7 @@ type ProxyClient struct { HostOverride string RegionOverride string LogFailedRequest bool + SchemeOverride string } func (p *ProxyClient) sign(req *http.Request, service *endpoints.ResolvedEndpoint) error { @@ -59,7 +60,7 @@ func (p *ProxyClient) sign(req *http.Request, service *endpoints.ResolvedEndpoin // S3 service should not have any escaping applied. // https://github.com/aws/aws-sdk-go/blob/main/aws/signer/v4/v4.go#L467-L470 - if (service.SigningName == "s3") { + if service.SigningName == "s3" { p.Signer.DisableURIPathEscaping = true // Enable URI escaping for subsequent calls. @@ -107,6 +108,9 @@ func (p *ProxyClient) Do(req *http.Request) (*http.Response, error) { proxyURL.Host = req.Host } proxyURL.Scheme = "https" + if p.SchemeOverride != "" { + proxyURL.Scheme = p.SchemeOverride + } if log.GetLevel() == log.DebugLevel { initialReqDump, err := httputil.DumpRequest(req, true) @@ -126,10 +130,10 @@ func (p *ProxyClient) Do(req *http.Request) (*http.Response, error) { var service *endpoints.ResolvedEndpoint if p.SigningHostOverride != "" { - proxyReq.Host = p.SigningHostOverride + proxyReq.Host = p.SigningHostOverride } if p.SigningNameOverride != "" && p.RegionOverride != "" { - service = &endpoints.ResolvedEndpoint{URL: fmt.Sprintf("https://%s", proxyURL.Host), SigningMethod: "v4", SigningRegion: p.RegionOverride, SigningName: p.SigningNameOverride} + service = &endpoints.ResolvedEndpoint{URL: fmt.Sprintf("%s://%s", proxyURL.Scheme, proxyURL.Host), SigningMethod: "v4", SigningRegion: p.RegionOverride, SigningName: p.SigningNameOverride} } else { service = determineAWSServiceFromHost(req.Host) } From f82386e9388162d3412be4b3d3f0cb5918b3902c Mon Sep 17 00:00:00 2001 From: Vijayan Sarathy Date: Wed, 29 Mar 2023 18:28:00 -0400 Subject: [PATCH 2/2] changing scheme to upstream-url-scheme --- cmd/aws-sigv4-proxy/main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/aws-sigv4-proxy/main.go b/cmd/aws-sigv4-proxy/main.go index 0b1c881..ea7d38e 100644 --- a/cmd/aws-sigv4-proxy/main.go +++ b/cmd/aws-sigv4-proxy/main.go @@ -47,7 +47,7 @@ var ( regionOverride = kingpin.Flag("region", "AWS region to sign for").String() disableSSLVerification = kingpin.Flag("no-verify-ssl", "Disable peer SSL certificate validation").Bool() idleConnTimeout = kingpin.Flag("transport.idle-conn-timeout", "Idle timeout to the upstream service").Default("40s").Duration() - schemeOverride = kingpin.Flag("scheme", "Protocol to proxy with").String() + schemeOverride = kingpin.Flag("upstream-url-scheme", "Protocol to proxy with").String() ) type awsLoggerAdapter struct {