Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail to disable key rotation for using speke v2 encryption on CMAF/ DASH endpoint #260

Closed
3 tasks done
ymyuen opened this issue Mar 25, 2022 · 4 comments
Closed
3 tasks done

Fail to disable key rotation for using speke v2 encryption on CMAF/ DASH endpoint #260

ymyuen opened this issue Mar 25, 2022 · 4 comments
Assignees
@RanVaknin
Labels
bug Something isn't working mediapackage service-api This issue pertains to the AWS API

Comments

@ymyuen
Copy link

ymyuen commented Mar 25, 2022

Documentation

Describe the bug

Unable to disable key rotation on media package channel endpoint even though the KeyRotationIntervalSeconds is set to zero on types.CmafEncryption. Therefore , the speke 2 is unable to config also .

Expected behavior

Expected that the mediapackage channel endpoint with disabled key rotation and speke 2 enable

Current behavior

Without the speke 2 enable setting , the Key rotation interval seconds is the default value (60 sec) even though the KeyRotationIntervalSeconds be set to zero.
With the speke 2 setting , CreateOriginEndpoint method would response the following error

operation error MediaPackage: CreateOriginEndpoint, https response error StatusCode: 422, RequestID: xxxxxxxxxxxx, UnprocessableEntityException: cmafPackage.encryption.keyRotationIntervalSeconds must be 0 to support speke v2 encryption contracts

Steps to Reproduce

1 . call CreateOriginEndpoint method from mediapackage client
2. set the CmafPackageCreateOrUpdateParameters with zero KeyRotationIntervalSeconds and speke 2 enable

cmafPackage := types.CmafPackageCreateOrUpdateParameters{
		HlsManifests: []types.HlsManifestCreateOrUpdateParameters{
			{Id: &hlsManifest},
		},
		Encryption: &types.CmafEncryption{
			KeyRotationIntervalSeconds: 0,
			SpekeKeyProvider: &types.SpekeKeyProvider{
				RoleArn:    &roleArn,
				Url:        &url,
				ResourceId: &resourceId,
				SystemIds:  []string{"edef8ba9-79d6-4ace-a3c8-27dcd51d21ed", "9a04f079-9840-4286-ab92-e65be0885f95"},

				EncryptionContractConfiguration: &types.EncryptionContractConfiguration{
					PresetSpeke20Audio: types.PresetSpeke20AudioPresetAudio1,
					PresetSpeke20Video: types.PresetSpeke20VideoPresetVideo1,
				},
			},
		},
	}

3 . CreateOriginEndpoint method would response the following error

operation error MediaPackage: CreateOriginEndpoint, https response error StatusCode: 422, RequestID: xxxxxxxxxxxx, UnprocessableEntityException: cmafPackage.encryption.keyRotationIntervalSeconds must be 0 to support speke v2 encryption contracts

Possible Solution

No response

AWS Go SDK version used

v1.16.1

Compiler and Version used

go version go1.17.2 darwin/arm64

Operating System and version

mac os monterey 12.0
@ymyuen ymyuen added bug Something isn't working needs-triage labels Mar 25, 2022
@jasdel jasdel added the service-api This issue pertains to the AWS API label Mar 28, 2022
@jasdel
Copy link

jasdel commented Mar 28, 2022

Thanks for reaching out @ymyuen I think this issue is similar to reported service/mediaconvert, service/batch, and service/ec2 issues with regard to API members being modeled as unboxed (aka value) instead of boxed (aka pointer) types.

We'll need to reach out to the service team to get clarity on the behavior/modeling of this member.

@vudh1 vudh1 transferred this issue from aws/aws-sdk-go-v2 May 23, 2022
@vudh1 vudh1 self-assigned this May 23, 2022
@vudh1
Copy link

vudh1 commented Sep 2, 2022

P71068126

@vudh1 vudh1 removed the needs-ticket label Sep 2, 2022
@vudh1 vudh1 assigned RanVaknin and unassigned vudh1 Sep 9, 2022
@RanVaknin
Copy link

Hi @ymyuen ,

This is now solved. Like @jasdel mentioned this was an issue with nullability where the SDK did not know how to serialize 0 values without proper modeling.

Examining the raw request shows that the KeyRotationIntervalSeconds is getting serialized with 0:

POST /origin_endpoints HTTP/1.1
Host: mediapackage.us-east-1.amazonaws.com
User-Agent: aws-sdk-go-v2/1.24.1 os/macos lang/go#1.19.1 md/GOOS#darwin md/GOARCH#arm64 api/mediapackage#1.28.7
Content-Length: 466
Amz-Sdk-Invocation-Id: 5585fe70-a225-498a-a46b-f4b1eb41d575
Amz-Sdk-Request: attempt=1; max=3
Authorization: AWS4-HMAC-SHA256 Credential=REDACTED/20240327/us-east-1/mediapackage/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date, Signature=REDACTED
Content-Type: application/json
X-Amz-Date: 20240327T200420Z
Accept-Encoding: gzip

{"channelId":"your-channel-id","cmafPackage":{"encryption":{"keyRotationIntervalSeconds":0,"spekeKeyProvider":{"encryptionContractConfiguration":{"presetSpeke20Audio":"PRESET-AUDIO-1","presetSpeke20Video":"PRESET-VIDEO-1"},"resourceId":"your-resource-id","roleArn":"your-role-arn","systemIds":["edef8ba9-79d6-4ace-a3c8-27dcd51d21ed","9a04f079-9840-4286-ab92-e65be0885f95"],"url":"your-speke-url"}},"hlsManifests":[{"id":"your-manifest-id"}]},"id":"your-endpoint-id"}

@github-actions GitHub Actions
Copy link

This issue is now closed.

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RanVaknin RanVaknin

Labels
bug Something isn't working mediapackage service-api This issue pertains to the AWS API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jasdel @ymyuen @vudh1 @RanVaknin @tim-finnigan