Merge branch 'main' into user/ashdhin/IssueTemplateRegressionCheckbox

.gitignore

@@ -9,6 +9,7 @@ Release
 *#
 *.iml
 tags
+.vscode
 
 #vim swap file
 *.swp

CMakeLists.txt

@@ -1,11 +1,7 @@
 
-cmake_minimum_required(VERSION 3.1)
+cmake_minimum_required(VERSION 3.9)
 project(aws-c-auth C)
 
-if (POLICY CMP0069)
-    cmake_policy(SET CMP0069 NEW) # Enable LTO/IPO if available in the compiler, see AwsCFlags
-endif()
-
 if (DEFINED CMAKE_PREFIX_PATH)
     file(TO_CMAKE_PATH "${CMAKE_PREFIX_PATH}" CMAKE_PREFIX_PATH)
 endif()

README.md

@@ -13,7 +13,7 @@ This library is licensed under the Apache 2.0 License.
 
 ### Building
 
-CMake 3.1+ is required to build.
+CMake 3.9+ is required to build.
 
 `<install-path>` must be an absolute path in the following instructions.
 
@@ -62,7 +62,7 @@ cmake --build aws-c-auth/build --target install
 ### Testing
 Certain tests require a specific environment setup in order to run successfully.  This may be a specific execution
 environment (EC2, ECS, etc...) or it may require certain environment variables to be set that configure properties
-(often sensitive materials, like keys).  Whether or not these tests are enabled is controlled by certain CMAKE 
+(often sensitive materials, like keys).  Whether or not these tests are enabled is controlled by certain CMAKE
 properties:
 * AWS_BUILDING_ON_EC2 - indicates real IMDS credentials provider test(s) should run
 * AWS_BUILDING_ON_ECS - indciates real ECS credentials provider tests(s) should run

include/aws/auth/private/credentials_utils.h

@@ -144,7 +144,7 @@ void aws_credentials_provider_invoke_shutdown_callback(struct aws_credentials_pr
  * A valid credentials must have "access key" and "secrete access key".
  * For some services, token and expiration are not required.
  * So in this API, the keys are provided by callers and this API will
- * performe a case insensitive search.
+ * perform a case insensitive search.
  */
 AWS_AUTH_API
 struct aws_credentials *aws_parse_credentials_from_aws_json_object(
@@ -154,7 +154,7 @@ struct aws_credentials *aws_parse_credentials_from_aws_json_object(
 
 /**
  * This API is similar to aws_parse_credentials_from_aws_json_object,
- * except it accpets a char buffer json document as it's input.
+ * except it accepts a char buffer json document as it's input.
  */
 AWS_AUTH_API
 struct aws_credentials *aws_parse_credentials_from_json_document(

source/credentials_provider_profile.c

@@ -344,11 +344,15 @@ static struct aws_credentials_provider *s_create_sts_based_provider(
             "static: source_profile set to %s",
             aws_string_c_str(aws_profile_property_get_value(source_profile_property)));
 
-        struct aws_credentials_provider_profile_options profile_provider_options = *options;
-        profile_provider_options.profile_name_override =
-            aws_byte_cursor_from_string(aws_profile_property_get_value(source_profile_property));
-        /* reuse profile collection instead of reading it again */
-        profile_provider_options.profile_collection_cached = merged_profiles;
+        struct aws_credentials_provider_profile_options profile_provider_options = {
+            .bootstrap = options->bootstrap,
+            .profile_name_override =
+                aws_byte_cursor_from_string(aws_profile_property_get_value(source_profile_property)),
+            /* reuse profile collection instead of reading it again */
+            .profile_collection_cached = merged_profiles,
+            .tls_ctx = options->tls_ctx,
+            .function_table = options->function_table,
+        };
         sts_options.creds_provider =
             s_credentials_provider_new_profile_internal(allocator, &profile_provider_options, source_profiles_table);
 

source/credentials_utils.c

@@ -359,8 +359,29 @@ struct aws_profile_collection *aws_load_profile_collection_from_config_file(
 }
 
 static struct aws_byte_cursor s_dot_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL(".");
-static struct aws_byte_cursor s_amazonaws_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com");
-static struct aws_byte_cursor s_cn_cursor = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL(".cn");
+
+/* AWS */
+static struct aws_byte_cursor s_aws_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com");
+
+/* AWS CN */
+static struct aws_byte_cursor s_cn_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("cn-");
+static struct aws_byte_cursor s_aws_cn_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("amazonaws.com.cn");
+
+/* AWS ISO */
+static struct aws_byte_cursor s_iso_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-iso-");
+static struct aws_byte_cursor s_aws_iso_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("c2s.ic.gov");
+
+/* AWS ISO B */
+static struct aws_byte_cursor s_isob_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-isob-");
+static struct aws_byte_cursor s_aws_isob_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("sc2s.sgov.gov");
+
+/* AWS ISO E */
+static struct aws_byte_cursor s_isoe_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("eu-isoe-");
+static struct aws_byte_cursor s_aws_isoe_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("cloud.adc-e.uk");
+
+/* AWS ISO F */
+static struct aws_byte_cursor s_isof_region_prefix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("us-isof-");
+static struct aws_byte_cursor s_aws_isof_dns_suffix = AWS_BYTE_CUR_INIT_FROM_STRING_LITERAL("csp.hci.ic.gov");
 
 int aws_credentials_provider_construct_regional_endpoint(
     struct aws_allocator *allocator,
@@ -384,17 +405,38 @@ int aws_credentials_provider_construct_regional_endpoint(
     if (aws_byte_buf_append_dynamic(&endpoint, &service_cursor) ||
         aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor) ||
         aws_byte_buf_append_dynamic(&endpoint, &region_cursor) ||
-        aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor) ||
-        aws_byte_buf_append_dynamic(&endpoint, &s_amazonaws_cursor)) {
+        aws_byte_buf_append_dynamic(&endpoint, &s_dot_cursor)) {
         goto on_error;
     }
 
-    if (aws_string_eq_c_str_ignore_case(region, "cn-north-1") ||
-        aws_string_eq_c_str_ignore_case(region, "cn-northwest-1")) {
-        if (aws_byte_buf_append_dynamic(&endpoint, &s_cn_cursor)) {
+    const struct aws_byte_cursor region_cur = aws_byte_cursor_from_string(region);
+
+    if (aws_byte_cursor_starts_with(&region_cur, &s_cn_region_prefix)) { /* AWS CN partition */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_cn_dns_suffix)) {
+            goto on_error;
+        }
+    } else if (aws_byte_cursor_starts_with(&region_cur, &s_iso_region_prefix)) { /* AWS ISO partition */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_iso_dns_suffix)) {
+            goto on_error;
+        }
+    } else if (aws_byte_cursor_starts_with(&region_cur, &s_isob_region_prefix)) { /* AWS ISOB partition */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isob_dns_suffix)) {
+            goto on_error;
+        }
+    } else if (aws_byte_cursor_starts_with(&region_cur, &s_isoe_region_prefix)) { /* AWS ISOE partition */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isoe_dns_suffix)) {
+            goto on_error;
+        }
+    } else if (aws_byte_cursor_starts_with(&region_cur, &s_isof_region_prefix)) { /* AWS ISOF partition */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_isof_dns_suffix)) {
+            goto on_error;
+        }
+    } else { /* Assume AWS partition for all other regions */
+        if (aws_byte_buf_append_dynamic(&endpoint, &s_aws_dns_suffix)) {
             goto on_error;
         }
     }
+
     *out_endpoint = aws_string_new_from_buf(allocator, &endpoint);
     result = AWS_OP_SUCCESS;
 

tests/CMakeLists.txt

@@ -190,6 +190,8 @@ add_test_case(credentials_file_path_environment_test)
 add_test_case(profile_override_test)
 add_test_case(profile_environment_test)
 
+add_test_case(credentials_utils_construct_endpoint_test)
+
 add_test_case(sigv4_skip_xray_header_test)
 add_test_case(sigv4_skip_user_agent_header_test)
 add_test_case(sigv4_skip_custom_header_test)