8000 Remove HEADER_LOCALSTACK_ACCOUNT_ID (#9724) · localstack/localstack@731873d · GitHub
[go: up one dir, main page]
Skip to content

Commit 731873d

Browse files
viren-nadkarniviren-nadkarni
authored
Remove HEADER_LOCALSTACK_ACCOUNT_ID (#9724)
1 parent 94fba53 commit 731873d

File tree

18 files changed

+92
-86
lines changed

18 files changed

+92
-86
lines changed

localstack/aws/handlers/auth.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
)
1212
from localstack.http import Response
1313
from localstack.utils.aws.aws_stack import extract_access_key_id_from_auth_header
14+
from localstack.utils.aws.request_context import mock_aws_request_headers
1415

1516
from ..api import RequestContext
1617
from ..chain import Handler, HandlerChain
@@ -25,13 +26,12 @@ def __call__(self, chain: HandlerChain, context: RequestContext, response: Respo
2526
# (that allows access to restricted resources by default)
2627
if not context.service:
2728
return
28-
from localstack.utils.aws import aws_stack
2929

3030
api = context.service.service_name
3131
headers = context.request.headers
3232

3333
if not headers.get("Authorization"):
34-
headers["Authorization"] = aws_stack.mock_aws_request_headers(
34+
headers["Authorization"] = mock_aws_request_headers(
3535
api, aws_access_key_id="injectedaccesskey", region_name=AWS_REGION_US_EAST_1
3636
)["Authorization"]
3737

localstack/constants.py

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -165,11 +165,6 @@
165165
INTERNAL_AWS_ACCESS_KEY_ID = "__internal_call__"
166166
INTERNAL_AWS_SECRET_ACCESS_KEY = "__internal_call__"
167167

168-
# This header must be set to the AWS Account ID
169-
# Presence of this header in an incoming request typically means that the request originated within localstack,
170-
# i.e. it is an internal cross-service call.
171-
HEADER_LOCALSTACK_ACCOUNT_ID = "x-localstack-account-id"
172-
173168
# trace log levels (excluding/including internal API calls), configurable via $LS_LOG
174169
LS_LOG_TRACE = "trace"
175170
LS_LOG_TRACE_INTERNAL = "trace-internal"

localstack/services/apigateway/integration.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,14 +42,14 @@
4242
)
4343
from localstack.services.stepfunctions.stepfunctions_utils import await_sfn_execution_result
4444
from localstack.utils import common
45-
from localstack.utils.aws import aws_stack
4645
from localstack.utils.aws.arns import extract_region_from_arn
4746
from localstack.utils.aws.aws_responses import (
4847
LambdaResponse,
4948
request_response_stream,
5049
requests_response,
5150
)
5251
from localstack.utils.aws.client_types import ServicePrincipal
52+
from localstack.utils.aws.request_context import mock_aws_request_headers
5353
from localstack.utils.aws.templating import VtlTemplate
5454
from localstack.utils.collections import dict_multi_values, remove_attributes
5555
from localstack.utils.common import make_http_request, to_str
@@ -151,7 +151,7 @@ def get_internal_mocked_headers(
151151
)
152152
else:
153153
access_key_id = None
154-
headers = aws_stack.mock_aws_request_headers(
154+
headers = mock_aws_request_headers(
155155
service=service_name, aws_access_key_id=access_key_id, region_name=region_name
156156
)
157157

@@ -589,7 +589,7 @@ def invoke(self, invocation_context: ApiInvocationContext):
589589
LOG.debug(msg)
590590
return make_error_response(msg, 404)
591591

592-
headers = aws_stack.mock_aws_request_headers(
592+
headers = mock_aws_request_headers(
593593
service="s3",
594594
aws_access_key_id=invocation_context.account_id,
595595
region_name=invocation_context.region_name,
@@ -715,7 +715,7 @@ def invoke(self, invocation_context: ApiInvocationContext) -> Response:
715715
LOG.warning("Failed to apply template for SNS integration", e)
716716
raise
717717
region_name = uri.split(":")[3]
718-
headers = aws_stack.mock_aws_request_headers(
718+
headers = mock_aws_request_headers(
719719
service="sns", aws_access_key_id=invocation_context.account_id, region_name=region_name
720720
)
721721
result = make_http_request(
@@ -780,7 +780,7 @@ def invoke(self, invocation_context: ApiInvocationContext):
780780
result = json_safe(remove_attributes(result, ["ResponseMetadata"]))
781781
response = StepFunctionIntegration._create_response(
782782
HTTPStatus.OK.value,
783-
aws_stack.mock_aws_request_headers(
783+
mock_aws_request_headers(
784784
"stepfunctions",
785785
aws_access_key_id=invocation_context.account_id,
786786
region_name=invocation_context.region_name,

localstack/utils/aws/aws_stack.py

Lines changed: 0 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,7 @@
1010
from localstack.aws.accounts import get_aws_account_id
1111
from localstack.config import S3_VIRTUAL_HOSTNAME
1212
from localstack.constants import (
13-
APPLICATION_AMZ_JSON_1_0,
14-
APPLICATION_AMZ_JSON_1_1,
15-
APPLICATION_X_WWW_FORM_URLENCODED,
1613
AWS_REGION_US_EAST_1,
17-
HEADER_LOCALSTACK_ACCOUNT_ID,
1814
LOCALHOST,
1915
)
2016
from localstack.utils.strings import is_string_or_bytes, to_str
@@ -155,36 +151,3 @@ def extract_access_key_id_from_auth_header(headers: Dict[str, str]) -> Optional[
155151
access_id = auth.removeprefix("AWS ").split(":")
156152
if len(access_id):
157153
return access_id[0]
158-
159-
160-
# TODO remove the `internal` arg
161-
def mock_aws_request_headers(
162-
service: str, aws_access_key_id: str, region_name: str, internal: bool = False
163-
) -> Dict[str, str]:
164-
"""
165-
Returns a mock set of headers that resemble SigV4 signing method.
166-
"""
167-
ctype = APPLICATION_AMZ_JSON_1_0
168-
if service == "kinesis":
169-
ctype = APPLICATION_AMZ_JSON_1_1
170-
elif service in ["sns", "sqs", "sts", "cloudformation"]:
171-
ctype = APPLICATION_X_WWW_FORM_URLENCODED
172-
173-
# For S3 presigned URLs, we require that the client and server use the same
174-
# access key ID to sign requests. So try to use the access key ID for the
175-
# current request if available
176-
headers = {
177-
"Content-Type": ctype,
178-
"Accept-Encoding": "identity",
179-
"X-Amz-Date": "20160623T103251Z", # TODO: Use current date
180-
"Authorization": (
181-
"AWS4-HMAC-SHA256 "
182-
+ f"Credential={aws_access_key_id}/20160623/{region_name}/{service}/aws4_request, "
183-
+ "SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=1234"
184-
),
185-
}
186-
if internal:
187-
# TODO: This method of detecting internal calls is no longer valid
188-
# We now use the `INTERNAL_REQUEST_PARAMS_HEADER` header which is set to the DTO
189-
headers[HEADER_LOCALSTACK_ACCOUNT_ID] = get_aws_account_id()
190-
return headers

localstack/utils/aws/request_context.py

Lines changed: 48 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
"""
2+
This module has utilities relating to creating/parsing AWS requests.
3+
"""
4+
15
import logging
26
import re
37
import threading
@@ -10,10 +14,12 @@
1014

1115
from localstack.aws.accounts import get_account_id_from_access_key_id
1216
from localstack.constants import (
17+
APPLICATION_AMZ_JSON_1_0,
18+
APPLICATION_AMZ_JSON_1_1,
19+
APPLICATION_X_WWW_FORM_URLENCODED,
1320
AWS_REGION_US_EAST_1,
1421
DEFAULT_AWS_ACCOUNT_ID,
1522
)
16-
from localstack.utils.aws import aws_stack
1723
from localstack.utils.aws.aws_responses import (
1824
requests_error_response,
1925
requests_to_flask_response,
@@ -141,7 +147,7 @@ def configure_region_for_current_request(region_name: str, service_name: str):
141147
auth_header = headers.get("Authorization")
142148
auth_header = (
143149
auth_header
144-
or aws_stack.mock_aws_request_headers(
150+
or mock_aws_request_headers(
145151
service_name, aws_access_key_id=DEFAULT_AWS_ACCOUNT_ID, region_name=AWS_REGION_US_EAST_1
146152
)["Authorization"]
147153
)
@@ -157,7 +163,7 @@ def configure_region_for_current_request(region_name: str, service_name: str):
157163

158164
def mock_request_for_region(service_name: str, account_id: str, region_name: str) -> Request:
159165
result = Request()
160-
result.headers["Authorization"] = aws_stack.mock_aws_request_headers(
166+
result.headers["Authorization"] = mock_aws_request_headers(
161167
service_name, aws_access_key_id=account_id, region_name=region_name
162168
)["Authorization"]
163169
return result
@@ -213,3 +219,42 @@ def thread_run(fn, self, *args, **kwargs):
213219
# sometimes there is a race condition where the previous patch has not been applied yet
214220
pass
215221
return fn(self, *args, **kwargs)
222+
223+
224+
def mock_aws_request_headers(
225+
service: str, aws_access_key_id: str, region_name: str, internal: bool = False
226+
) -> Dict[str, str]:
227+
"""
228+
Returns a mock set of headers that resemble SigV4 signing method.
229+
"""
230+
from localstack.aws.connect import (
231+
INTERNAL_REQUEST_PARAMS_HEADER,
232+
InternalRequestParameters,
233+
dump_dto,
234+
)
235+
236+
ctype = APPLICATION_AMZ_JSON_1_0
237+
if service == "kinesis":
238+
ctype = APPLICATION_AMZ_JSON_1_1
239+
elif service in ["sns", "sqs", "sts", "cloudformation"]:
240+
ctype = APPLICATION_X_WWW_FORM_URLENCODED
241+
242+
# For S3 presigned URLs, we require that the client and server use the same
243+
# access key ID to sign requests. So try to use the access key ID for the
244+
# current request if available
245+
headers = {
246+
"Content-Type": ctype,
247+
"Accept-Encoding": "identity",
248+
"X-Amz-Date": "20160623T103251Z", # TODO: Use current date
249+
"Authorization": (
250+
"AWS4-HMAC-SHA256 "
251+
+ f"Credential={aws_access_key_id}/20160623/{region_name}/{service}/aws4_request, "
252+
+ "SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=1234"
253+
),
254+
}
255+
256+
if internal:
257+
dto = InternalRequestParameters()
258+
headers[INTERNAL_REQUEST_PARAMS_HEADER] = dump_dto(dto)
259+
260+
return headers

localstack/utils/testutil.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
from localstack.testing.aws.util import is_aws_cloud
1616
from localstack.utils.aws import arns
1717
from localstack.utils.aws import resources as resource_utils
18+
from localstack.utils.aws.request_context import mock_aws_request_headers
1819
from localstack.utils.urls import localstack_host
1920

2021
try:
@@ -37,7 +38,6 @@
3738
get_handler_file_from_name,
3839
)
3940
from localstack.utils.archives import create_zip_file_cli, create_zip_file_python
40-
from localstack.utils.aws import aws_stack
4141
from localstack.utils.collections import ensure_list
4242
from localstack.utils.files import (
4343
TMP_FILES,
@@ -496,7 +496,7 @@ def send_dynamodb_request(path, action, request_body):
496496
headers = {
497497
"Host": "dynamodb.amazonaws.com",
498498
"x-amz-target": "DynamoDB_20120810.{}".format(action),
499-
"Authorization": aws_stack.mock_aws_request_headers(
499+
"Authorization": mock_aws_request_headers(
500500
"dynamodb", aws_access_key_id=TEST_AWS_ACCESS_KEY_ID, region_name=TEST_AWS_REGION_NAME
501501
)["Authorization"],
502502
}

tests/aws/services/apigateway/test_apigateway_basic.py

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,9 @@
3131
)
3232
from localstack.testing.pytest import markers
3333
from localstack.utils import testutil
34-
from localstack.utils.aws import arns, aws_stack
34+
from localstack.utils.aws import arns
3535
from localstack.utils.aws import resources as resource_util
36+
from localstack.utils.aws.request_context import mock_aws_request_headers
3637
from localstack.utils.collections import select_attributes
3738
from localstack.utils.files import load_file
3839
from localstack.utils.http import safe_requests as requests
@@ -1659,9 +1660,7 @@ def test_apigateway_rust_lambda(
16591660

16601661
@markers.aws.unknown
16611662
def test_apigw_call_api_with_aws_endpoint_url(aws_client):
1662-
headers = aws_stack.mock_aws_request_headers(
1663-
"apigateway", TEST_AWS_ACCESS_KEY_ID, TEST_AWS_REGION_NAME
1664-
)
1663+
headers = mock_aws_request_headers("apigateway", TEST_AWS_ACCESS_KEY_ID, TEST_AWS_REGION_NAME)
16651664
headers["Host"] = "apigateway.us-east-2.amazonaws.com:4566"
< 10000 /code>
16661665
url = f"{config.internal_service_url()}/apikeys?includeValues=true&name=test%40example.org"
16671666
response = requests.get(url, headers=headers)

tests/aws/services/cloudformation/resources/test_cdk.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
from localstack.constants import TEST_AWS_ACCESS_KEY_ID, TEST_AWS_REGION_NAME
99
from localstack.testing.pytest import markers
1010
from localstack.testing.snapshots.transformer import SortingTransformer
11-
from localstack.utils.aws import aws_stack
11+
from localstack.utils.aws.request_context import mock_aws_request_headers
1212
from localstack.utils.files import load_file
1313
from localstack.utils.strings import short_uid
1414
from localstack.utils.sync import wait_until
@@ -50,7 +50,7 @@ def test_cdk_bootstrap_redeploy(
5050
change_set_name = "cdk-deploy-change-set-a4b98b18"
5151
stack_name = "CDKToolkit-a4b98b18"
5252
try:
53-
headers = aws_stack.mock_aws_request_headers(
53+
headers = mock_aws_request_headers(
5454
"cloudformation", TEST_AWS_ACCESS_KEY_ID, TEST_AWS_REGION_NAME
5555
)
5656
base_url = config.internal_service_url()

tests/aws/services/cloudwatch/test_cloudwatch.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@
1313
from localstack.services.cloudwatch.provider import PATH_GET_RAW_METRICS
1414
from localstack.testing.aws.util import is_aws_cloud
1515
from localstack.testing.pytest import markers
16-
from localstack.utils.aws import arns, aws_stack
16+
from localstack.utils.aws import arns
17+
from localstack.utils.aws.request_context import mock_aws_request_headers
1718
from localstack.utils.common import retry, short_uid, to_str
1819
from localstack.utils.sync import poll_condition
1920

@@ -71,13 +72,13 @@ def test_put_metric_data_gzip(self, aws_client):
7172
bytes_data = bytes(data, encoding="utf-8")
7273
encoded_data = gzip.compress(bytes_data)
7374

74-
headers = aws_stack.mock_aws_request_headers(
75+
headers = mock_aws_request_headers(
7576
"cloudwatch",
7677
aws_access_key_id=TEST_AWS_ACCESS_KEY_ID,
7778
region_name=TEST_AWS_REGION_NAME,
7879
internal=True,
7980
)
80-
authorization = aws_stack.mock_aws_request_headers(
81+
authorization = mock_aws_request_headers(
8182
"monitoring", aws_access_key_id=TEST_AWS_ACCESS_KEY_ID, region_name=TEST_AWS_REGION_NAME
8283
)["Authorization"]
8384

@@ -201,7 +202,7 @@ def test_raw_metric_data(self, aws_client):
201202
aws_client.cloudwatch.put_metric_data(
202203
Namespace=namespace1, MetricData=[dict(MetricName="someMetric", Value=23)]
203204
)
204-
headers = aws_stack.mock_aws_request_headers(
205+
headers = mock_aws_request_headers(
205206
"cloudwatch", aws_access_key_id=TEST_AWS_ACCESS_KEY_ID, region_name=TEST_AWS_REGION_NAME
206207
)
207208
url = f"{config.external_service_url()}{PATH_GET_RAW_METRICS}"

tests/aws/services/kinesis/test_kinesis.py

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@
1111
from localstack.constants import TEST_AWS_ACCESS_KEY_ID, TEST_AWS_REGION_NAME
1212
from localstack.services.kinesis import provider as kinesis_provider
1313
from localstack.testing.pytest import markers
14-
from localstack.utils.aws import aws_stack, resources
14+
from localstack.utils.aws import resources
15+
from localstack.utils.aws.request_context import mock_aws_request_headers
1516
from localstack.utils.common import poll_condition, retry, select_attributes, short_uid
1617
from localstack.utils.kinesis import kinesis_connector
1718

@@ -250,7 +251,7 @@ def test_get_records(self, kinesis_create_stream, wait_for_stream_ready, aws_cli
250251
# get records with CBOR encoding
251252
iterator = get_shard_iterator(stream_name, aws_client.kinesis)
252253
url = config.internal_service_url()
253-
headers = aws_stack.mock_aws_request_headers(
254+
headers = mock_aws_request_headers(
254255
"kinesis", aws_access_key_id=TEST_AWS_ACCESS_KEY_ID, region_name=TEST_AWS_REGION_NAME
255256
)
256257
headers["Content-Type"] = constants.APPLICATION_AMZ_CBOR_1_1
@@ -284,7 +285,7 @@ def test_get_records_empty_stream(
284285

285286
# empty get records with CBOR encoding
286287
url = config.internal_service_url()
287-
headers = aws_stack.mock_aws_request_headers(
288+
headers = mock_aws_request_headers(
288289
"kinesis", aws_access_key_id=TEST_AWS_ACCESS_KEY_ID, region_name=TEST_AWS_REGION_NAME
289290
)
290291
headers["Content-Type"] = constants.APPLICATION_AMZ_CBOR_1_1

0 commit comments

Comments
 (0)
0