fix: signing and partitions

XappMedia · Nov 3, 2021 · dcb8096 · dcb8096
1 parent 173f204
commit dcb8096
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 19 deletions.
diff --git a/src/Network.ts b/src/Network.ts
@@ -1,5 +1,4 @@
 import * as Request from "request-promise-native";
-const aws4  = require("aws4");
 
 export function esGet(url: string, settings: object, requestOpts: Partial<Request.Options>, credentials: NetworkCredentials) {
     return networkCall("get", url, settings, requestOpts, credentials);
@@ -22,24 +21,14 @@ export interface NetworkCredentials {
 }
 
 export function networkCall(requestFunc: "post" | "put" | "get" | "delete", url: string, settings: object, requestOpts: Partial<Request.Options> = {}, credentials: NetworkCredentials = {}) {
-    const { headers: requestHeaders, ...remainingOptions } = requestOpts;
-    const headers = {
-        ...requestHeaders,
-        "Content-Type": "application/json",
-    };
-    const urlObj = new URL(url);
-    const { region, service } = credentials;
-    const fullRequestOptions = {
-        ...remainingOptions,
-        headers,
-        region,
-        service,
-        path: urlObj.pathname,
-        host: urlObj.host,
-    };
-    const signedOptions = aws4.sign(fullRequestOptions, credentials);
     return Request[requestFunc](url, {
-        ...signedOptions,
+        ...requestOpts,
+        aws: {
+            key: credentials.accessKeyId,
+            secret: credentials.secretAccessKey,
+            sign_version: 4,
+            service: "es",
+        } as any,
         json: settings
     });
 }
diff --git a/src/SetupRepo.ts b/src/SetupRepo.ts
@@ -13,13 +13,24 @@ export async function discoverRepoArn(sts: STS, repo: S3Repository): Promise<S3R
         // We need to derive the ARN for this repo.
         const accountId = await sts.getCallerIdentity({}).promise().then((result) => result.Account);
 
+        const partition = getPartition(repo.settings.region);
         repoCopy.settings = { ...repoCopy.settings };
-        repoCopy.settings.role_arn = `arn:aws:iam::${accountId}:role/${repo.settings.role_name}`;
+        repoCopy.settings.role_arn = `arn:${partition}:iam::${accountId}:role/${repo.settings.role_name}`;
         delete repoCopy.settings.role_name;
     }
     return repoCopy;
 }
 
+function getPartition(region: string) {
+    if (region.startsWith("cn-")) {
+        return "aws-cn";
+    }
+    if (region.startsWith("us-gov")) {
+        return "aws-us-gov";
+    }
+    return "aws";
+}
+
 export interface SetupRepoProps {
     baseUrl: string;
     sts: STS;