Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an RBS signature for sigv4 #3152

Open
wants to merge 11 commits into
base: version-3
Choose a base branch
from

Conversation

kazuyainoue0124
Copy link

I received some advice suggesting, "Why not start with aws-sigv4?" in this PR: #3150.

Following that advice, I have added type definition files to aws-sigv4.

@mullermp
Copy link
Contributor

mullermp commented Dec 4, 2024

Thank you, we will review this. I think you will also need: a changelog entry, add sig/ to gemspec files, and ensure rbs test passes (see tasks/rbs.rake).

@mullermp
Copy link
Contributor

mullermp commented Dec 4, 2024

@ksss may also be interested in reviewing if you'd like.

Copy link
Contributor

@alextwoods alextwoods left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, this is looking good!

gems/aws-sigv4/sig/error.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/error.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/request.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/signer.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/signer.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/signer.rbs Outdated Show resolved Hide resolved
Copy link
Contributor

@ksss ksss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Private API types should be removed.
  • The intent and syntax are different.
  • Hash arguments should be supported as well as keyword arguments.
  • What about RBS testing?

@@ -0,0 +1,30 @@
module Aws
module Sigv4
class Credentials
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a private API.

# Users that wish to configure static credentials can use the
# `:access_key_id` and `:secret_access_key` constructor options.
# @api private
class Credentials

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I deleted it.
a72b3bc

def set?: () -> bool
end

class StaticCredentialsProvider
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto.

# Users that wish to configure static credentials can use the
# `:access_key_id` and `:secret_access_key` constructor options.
# @api private
class StaticCredentialsProvider

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I deleted it.
a72b3bc

gems/aws-sigv4/sig/request.rbs Outdated Show resolved Hide resolved
gems/aws-sigv4/sig/request.rbs Show resolved Hide resolved
@@ -0,0 +1,24 @@
module AWS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
module AWS
module Aws

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed!
a522cc1

def sign_event: (
prior_signature: String,
payload: String,
encoder: Object
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use untyped when you do not know what the type is or when you want to put off a decision.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, I fixed it.
2a780e6

signing_algorithm?: Symbol,
omit_session_token?: bool,
normalize_path?: bool,
) -> void
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are writing the overload to match the YARD notation, but there is a tradeoff with maintenance costs.
Either way, we can't make a strict type determination when dealing with hash arguments.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried combining all the overloads of the initialize method into a single definition. Would you mind sharing your thoughts on this approach?
2a780e6

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hash arguments should be supported.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me confirm: Do you mean I should revise it as follows?

def initialize: (
  options: {
    service: String,
    region: String,
    access_key_id?: String,
    secret_access_key?: String,
    session_token?: String,
    credentials?: untyped,
    credentials_provider?: untyped,
    unsigned_headers?: Array[String],
    uri_escape_path?: bool,
    apply_checksum_header?: bool,
    signing_algorithm?: :sigv4 | :sigv4a | :'sigv4-s3express',
    omit_session_token?: bool,
    normalize_path?: bool,
  }
) -> void

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. "Hash arguments" is same as #3152 (comment)

How are you testing the behavior?
I don't think it will pass in steep with the proposed signature.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about that, I've updated the code.
3c34687

@kazuyainoue0124
Copy link
Author

I replaced URI::HTTP | URI::HTTPS with untyped because using URI::HTTP | URI::HTTPS caused an RBS::NoTypeFoundError.

@mullermp
Copy link
Contributor

mullermp commented Dec 9, 2024

Let me know when this is ready for re-review and I can allocate some time.

def initialize: (
service: String,
region: String,
access_key_id?: String,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as #3152 (comment)

foo?: String is not optional keyword syntax.
It support to call method like m(foo?: 'bar'). This is a very rare case.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry about that, I've updated the code.

@kazuyainoue0124
Copy link
Author

I've made changes based on your feedback. Please review the updated code at your convenience.

Copy link
Contributor

@ksss ksss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should modify tasks/rbs.rake to run the RBS test.

signing_algorithm?: Symbol,
omit_session_token?: bool,
normalize_path?: bool,
) -> void
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hash arguments should be supported.

@mullermp
Copy link
Contributor

mullermp commented Dec 17, 2024

Is this ready for re-review from our side?

Copy link
Contributor

@mullermp mullermp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good and definitely an improvement!

Comment on lines +10 to +11
?credentials: untyped,
?credentials_provider: untyped,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there are classes in this gem you could use for these, or possibly use some interface for "responds to"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed that aws-sigv4/credentials.rb is marked @api private, so I removed its RBS definitions. Do you think it’s better to restore them or just define an interface (requiring #credentials returning access keys, etc.) directly in signer.rbs? I’m unsure which approach is more suitable, given the private status. Any thoughts?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, this is true. I think sigv4/credentials.rb serves as an intermediary. Technically these would be Aws::Credentials from aws-sdk-core. We can leave these untyped for now, and if you're interested in adding rbs for credentials in aws-sdk-core, we can fill these in. I'm not sure how rbs works with across packages, since aws-sigv4 does not depend on aws-sdk-core.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So you’re suggesting that if we create RBS files corresponding to gems/aws-sdk-core/lib/aws-sdk-core/credentials.rb and gems/aws-sdk-core/lib/aws-sdk-core/credential_provider.rb, we could then make use of those type definitions, right? For now, I'll keep it untyped, but afterward I'm thinking of adding RBS definitions for aws-sdk-core credentials. How does that sound?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While in most use cases, Aws::Credentials from aws-sdk-core would be used, this library is intended as a stand alone and doesn't depend on aws-sdk-core - I think from a typing perspective maybe we should define a credentials interface (ie: any object that responds to access_key_id, secret_access_key and session_token) since thats actually what is required. And probably an interface for credentials provider as well.

@mullermp
Copy link
Contributor

I added the sigv4 gem to testing but there's a couple failures. So I think we're really close. I'm not sure how to add Tempfile to rbs - the signature doesn't exist, and then we just need credentials/credential provider interfaces.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants