Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

iotsecuretunneling API cannot be executed because SigningName is incorrect #1686

Closed
cm-kojimat opened this issue Apr 28, 2022 · 3 comments · Fixed by #1711
Closed

iotsecuretunneling API cannot be executed because SigningName is incorrect #1686

cm-kojimat opened this issue Apr 28, 2022 · 3 comments · Fixed by #1711
Labels
bug This issue is a bug. service-api This issue is due to a problem in a service API, not the SDK implementation.

Comments

@cm-kojimat
Copy link

cm-kojimat commented Apr 28, 2022
edited

Describe the bug

AWS can't run the API because it expects the SigningName to be IoTSecuredTunneling instead of iotsecuredtunneling

Expected Behavior

Expect a list of tunnel summaries to be returned without error

Current Behavior

I used github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling v1.12.4 to run ListTunnels API, but I get the following error

operation error IoTSecureTunneling: ListTunnels, https response error StatusCode: 400, RequestID: af8aaeda-e5a4-4846-b680-0696180a3611, api error InvalidSignatureException: Credential should be scoped to correct service: 'IoTSecuredTunneling'.

Reproduction Steps

module x

go 1.18

require (
	github.com/aws/aws-sdk-go-v2 v1.16.3
	github.com/aws/aws-sdk-go-v2/config v1.15.4
	github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling v1.12.4
)

require (
	github.com/aws/aws-sdk-go-v2/credentials v1.12.0 // indirect
	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.12.4 // indirect
	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.10 // indirect
	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.4 // indirect
	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.11 // indirect
	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.4 // indirect
	github.com/aws/aws-sdk-go-v2/service/sso v1.11.4 // indirect
	github.com/aws/aws-sdk-go-v2/service/sts v1.16.4 // indirect
	github.com/aws/smithy-go v1.11.2 // indirect
)
package main

import (
	"context"
	"log"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling"
)

func main() {
	ctx := context.Background()

	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion("us-east-1"), config.WithClientLogMode(aws.LogRetries|aws.LogRequest))
	if err != nil {
		log.Fatal(err)
	}

	client := iotsecuretunneling.NewFromConfig(cfg)
	resp, err := client.ListTunnels(ctx, &iotsecuretunneling.ListTunnelsInput{})
	if err != nil {
		log.Fatal(err) // operation error IoTSecureTunneling: ListTunnels, https response error StatusCode: 400, RequestID: af8aaeda-e5a4-4846-b680-0696180a3611, api error InvalidSignatureException: Credential should be scoped to correct service: 'IoTSecuredTunneling'.
	}

	log.Printf("%+v", resp)
}
$ go mod download
$ go run .
SDK 2022/04/28 18:30:10 DEBUG Request
POST / HTTP/1.1
Host: api.tunneling.iot.us-east-1.amazonaws.com
User-Agent: aws-sdk-go-v2/1.16.3 os/macos lang/go/1.18.1 md/GOOS/darwin md/GOARCH/amd64 api/iotsecuretunneling/1.12.4
Content-Length: 2
Amz-Sdk-Invocation-Id: 1a511870-a98a-4000-9336-6838b67cf8db
Amz-Sdk-Request: attempt=1; max=3
Authorization: AWS4-HMAC-SHA256 Credential=ASIAXCCIM3NXGUOCSS6Q/20220428/us-east-1/iotsecuredtunneling/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=79b786c680c2e99f9c79c143a6f8c95075b68dab828e525edebe9cb2b16ad00d
Content-Type: application/x-amz-json-1.1
X-Amz-Date: 20220428T093010Z
X-Amz-Security-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Amz-Target: IoTSecuredTunneling.ListTunnels
Accept-Encoding: gzip

SDK 2022/04/28 18:30:11 DEBUG request failed with unretryable error https response error StatusCode: 400, RequestID: cae64a26-1357-4495-b7d3-3df601a8b0f4, api error InvalidSignatureException: Credential should be scoped to correct service: 'IoTSecuredTunneling'.
2022/04/28 18:30:11 operation error IoTSecureTunneling: ListTunnels, https response error StatusCode: 400, RequestID: cae64a26-1357-4495-b7d3-3df601a8b0f4, api error InvalidSignatureException: Credential should be scoped to correct service: 'IoTSecuredTunneling'.
exit status 1

Possible Solution

SigningName to be IoTSecuredTunneling instead of iotsecuredtunneling

Additional Information/Context

$ git clone https://github.com/aws/aws-sdk-go-v2
$ cd aws-sdk-go-v2/
$ git grep --name-only iotsecuredtunneling | xargs sed -i "" -e "s/iotsecuredtunneling/IoTSecuredTunneling/g"
$ cd -
$ echo "replace github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling => ./aws-sdk-go-v2/service/iotsecuretunneling" >> go.mod
$ go run .
SDK 2022/04/28 18:30:27 DEBUG Request
POST / HTTP/1.1
Host: api.tunneling.iot.us-east-1.amazonaws.com
User-Agent: aws-sdk-go-v2/1.16.3 os/macos lang/go/1.18.1 md/GOOS/darwin md/GOARCH/amd64 api/iotsecuretunneling/1.12.4
Content-Length: 2
Amz-Sdk-Invocation-Id: ae71a7ef-89c7-4ddf-a5ca-fcd55714877f
Amz-Sdk-Request: attempt=1; max=3
Authorization: AWS4-HMAC-SHA256 Credential=ASIAXxxxxxxxxxxxxxxx/20220428/us-east-1/IoTSecuredTunneling/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=5802b2647faa1f8e79a45ad9c4948e8cdc6069852b8e832306522546b6e8f573
Content-Type: application/x-amz-json-1.1
X-Amz-Date: 20220428T093027Z
X-Amz-Security-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Amz-Target: IoTSecuredTunneling.ListTunnels
Accept-Encoding: gzip

2022/04/28 18:30:28 &{NextToken:<nil> TunnelSummaries:[] ResultMetadata:{values:map[{}:-215701000 {}:0xc000214000 {}:0daac46a-9d6d-4403-8d28-e0f42b2524d2 {}:{wall:13876353019292636680 ext:784651823 loc:0x15fd3e0} {}:{wall:0 ext:63786735028 loc:<nil>} {}:{Results:[{Err:<nil> Retryable:false Retried:false ResponseMetadata:{values:map[{}:-215701000 {}:0xc000214000 {}:0daac46a-9d6d-4403-8d28-e0f42b2524d2 {}:{wall:13876353019292636680 ext:784651823 loc:0x15fd3e0} {}:{wall:0 ext:63786735028 loc:<nil>}]}}]}]} noSmithyDocumentSerde:{}}

AWS Go SDK V2 Module Versions Used

$ go mod graph
x github.com/aws/aws-sdk-go-v2@v1.16.3
x github.com/aws/aws-sdk-go-v2/config@v1.15.4
x github.com/aws/aws-sdk-go-v2/credentials@v1.12.0
x github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.12.4
x github.com/aws/aws-sdk-go-v2/internal/configsources@v1.1.10
x github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.4.4
x github.com/aws/aws-sdk-go-v2/internal/ini@v1.3.11
x github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.9.4
x github.com/aws/aws-sdk-go-v2/service/iotsecuretunneling@v1.12.4
x github.com/aws/aws-sdk-go-v2/service/sso@v1.11.4
x github.com/aws/aws-sdk-go-v2/service/sts@v1.16.4
x github.com/aws/smithy-go@v1.11.2

Compiler and Version used

go version go1.18.1 darwin/amd64

Operating System and version

Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64 x86_64 i386 Darwin
@cm-kojimat cm-kojimat added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Apr 28, 2022
@jasdel
Copy link
Contributor

jasdel commented Apr 29, 2022

Thanks for reporting this issue @cm-kojimat. This looks to be an issue unique to the model file the V2 SDK is using. The v1 version of the SDK is references the expected signing name. We're working with the team owning these model to update it to the correct name.

@jasdel jasdel added service-api This issue is due to a problem in a service API, not the SDK implementation. and removed needs-triage This issue or PR still needs to be triaged. labels Apr 29, 2022
jasdel added a commit to jasdel/aws-sdk-go-v2 that referenced this issue May 16, 2022
@jasdel
Update API models out of band of releases to pull in changes
073aeab 
Updates the API models the SDK uses to pull in changes that were not
included in automated releases. iotsecuretunnling and mobile model
updates fix aws#1686 where the
request was being signed with the wrong name.
@jasdel jasdel mentioned this issue May 16, 2022
Merged
jasdel added a commit that referenced this issue May 16, 2022
@jasdel
Fix iotsecuretunneling and mobile API clients to use correct signing …
b344246 
…name (#1711)

Fixes iotsecuretunneling and mobile API clients to use the correct name for signing requests. The models for these APIs contained the wrong name. This PR fixes that, and regenerates the API clients.

Fixes #1686
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@cm-kojimat
Copy link
Author

cm-kojimat commented May 16, 2022
edited

Thanks jasdel-san

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. service-api This issue is due to a problem in a service API, not the SDK implementation.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix iotsecuretunneling and mobile API clients to use correct signing name jasdel/aws-sdk-go-v2
2 participants
@jasdel @cm-kojimat