From c75ed47f5db2ebd635d39e606f29cac7c6b84a13 Mon Sep 17 00:00:00 2001 From: Thijs Schreijer Date: Mon, 13 Feb 2023 23:36:26 +0100 Subject: [PATCH] fix(STS) fix duplicate regions casusing bad hostnames fixes #45 --- README.md | 6 ++++++ src/resty/aws/init.lua | 10 +++++++--- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 58d7bf1..a725f0c 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,12 @@ Release process: 1. upload using: `VERSION=x.y.z APIKEY=abc... make upload` 1. test installing the rock from LuaRocks +### unreleased + +- fix: STS regional endpoints woudl re-inject the region on every authentication + (after a token expired), causing bad hostnames to be used + [#45](https://github.com/Kong/lua-resty-aws/issues/45) + ### 1.1.2 (7-Dec-2022) - fix: auto detection scheme and default to tls [#42](https://github.com/Kong/lua-resty-aws/pull/42) diff --git a/src/resty/aws/init.lua b/src/resty/aws/init.lua index 9e7ff3e..47dba0d 100644 --- a/src/resty/aws/init.lua +++ b/src/resty/aws/init.lua @@ -322,9 +322,13 @@ local function generate_service_methods(service) -- we use regional endpoints, see -- https://github.com/aws/aws-sdk-js/blob/307e82673b48577fce4389e4ce03f95064e8fe0d/lib/services/sts.js#L78-L82 assert(service.config.region, "region is required when using STS regional endpoints") - local pre, post = service.config.endpoint:match("^(.+)(%.amazonaws%.com)$") - service.config.endpoint = pre .. "." .. service.config.region .. post - service.config.signingRegion = service.config.region + + if not service.config._regionalEndpointInjected then + local pre, post = service.config.endpoint:match("^(.+)(%.amazonaws%.com)$") + service.config.endpoint = pre .. "." .. service.config.region .. post + service.config.signingRegion = service.config.region + service.config._regionalEndpointInjected = true + end end local old_sig