TLS 1.3 should be behind us now

add iam getRole test
This test triggers the scenario that a required response element exists, which forces our check for "we do not expect data for this call" to be comptime. It previously was accidentally runtime, which was solved by making expected_body_field_len a comptime var.
2024-08-23 12:56:21 -07:00 · 2024-08-23 12:53:58 -07:00 · 2024-08-23 12:16:30 -07:00
3 changed files with 63 additions and 40 deletions
--- a/build.zig
+++ b/build.zig
@ -6,42 +6,18 @@ const models_subdir = "codegen/sdk-codegen/aws-models/"; // note will probably n
 const test_targets = [_]std.Target.Query{
    .{}, // native
-    .{
+    .{ .cpu_arch = .x86_64, .os_tag = .linux },
-        .cpu_arch = .x86_64,
+    .{ .cpu_arch = .aarch64, .os_tag = .linux },
        .os_tag = .linux,
    },
    .{
        .cpu_arch = .aarch64,
        .os_tag = .linux,
    },
    // The test executable linking process just spins forever in LLVM using nominated zig 0.13 May 2024
    // This is likely a LLVM problem unlikely to be fixed in zig 0.13
    // Potentially this issue: https://github.com/llvm/llvm-project/issues/81440
    // Zig tracker: https://github.com/ziglang/zig/issues/18872
-    // .{
+    // .{ .cpu_arch = .riscv64, .os_tag = .linux },
-    //     .cpu_arch = .riscv64,
+    .{ .cpu_arch = .arm, .os_tag = .linux },
-    //     .os_tag = .linux,
+    .{ .cpu_arch = .x86_64, .os_tag = .windows },
-    // },
+    .{ .cpu_arch = .aarch64, .os_tag = .macos },
-    .{
+    .{ .cpu_arch = .x86_64, .os_tag = .macos },
-        .cpu_arch = .arm,
+    .{ .cpu_arch = .wasm32, .os_tag = .wasi },
        .os_tag = .linux,
    },
    .{
        .cpu_arch = .x86_64,
        .os_tag = .windows,
    },
    .{
        .cpu_arch = .aarch64,
        .os_tag = .macos,
    },
    .{
        .cpu_arch = .x86_64,
        .os_tag = .macos,
    },
    // .{
    //     .cpu_arch = .wasm32,
    //     .os_tag = .wasi,
    // },
 };
 pub fn build(b: *Builder) !void {
--- a/example/src/main.zig
+++ b/example/src/main.zig
@ -36,10 +36,8 @@ pub fn main() anyerror!void {
        .client = client,
    };
    // As of 2023-08-28, only ECS from this list supports TLS v1.3
    // AWS commitment is to enable all services by 2023-12-31
    const services = aws.Services(.{ .sts, .kms }){};
-    try stdout.print("Calling KMS ListKeys, a TLS 1.3 enabled service\n", .{});
+    try stdout.print("Calling KMS ListKeys\n", .{});
    try stdout.print("You likely have at least some AWS-generated keys in your account,\n", .{});
    try stdout.print("but if the account has not had many services used, this may return 0 keys\n\n", .{});
    const call_kms = try aws.Request(services.kms.list_keys).call(.{}, options);
@ -51,8 +49,7 @@ pub fn main() anyerror!void {
    }
    defer call_kms.deinit();
-    try stdout.print("\n\n\nCalling STS GetCallerIdentity. This does not have TLS 1.3 in September 2023\n", .{});
+    try stdout.print("\n\n\nCalling STS GetCallerIdentity\n", .{});
    try stdout.print("A failure may occur\n\n", .{});
    const call = try aws.Request(services.sts.get_caller_identity).call(.{}, options);
    defer call.deinit();
    try stdout.print("\tarn: {s}\n", .{call.response.arn.?});
--- a/src/aws.zig
+++ b/src/aws.zig
@ -353,7 +353,7 @@ pub fn Request(comptime request_action: anytype) type {
            // First, we need to determine if we care about a response at all
            // If the expected result has no fields, there's no sense in
            // doing any more work. Let's bail early
-            var expected_body_field_len = std.meta.fields(action.Response).len;
+            comptime var expected_body_field_len = std.meta.fields(action.Response).len;
            if (@hasDecl(action.Response, "http_header"))
                expected_body_field_len -= std.meta.fields(@TypeOf(action.Response.http_header)).len;
            if (@hasDecl(action.Response, "http_payload")) {
@ -379,8 +379,6 @@ pub fn Request(comptime request_action: anytype) type {
            // We don't care about the body if there are no fields we expect there...
            if (std.meta.fields(action.Response).len == 0 or expected_body_field_len == 0) {
                // ^^ This should be redundant, but is necessary. I suspect it's a compiler quirk
                //
                // Do we care if an unexpected body comes in?
                return FullResponseType{
                    .response = .{},
@ -1636,6 +1634,58 @@ test "query_no_input: sts getCallerIdentity comptime" {
    try std.testing.expectEqualStrings("123456789012", call.response.account.?);
    try std.testing.expectEqualStrings("8f0d54da-1230-40f7-b4ac-95015c4b84cd", call.response_metadata.request_id);
 }
 test "query_with_input: iam getRole runtime" {
    // sqs switched from query to json in aws sdk for go v2 commit f5a08768ef820ff5efd62a49ba50c61c9ca5dbcb
    const allocator = std.testing.allocator;
    var test_harness = TestSetup.init(.{
        .allocator = allocator,
        .server_response =
        \\<GetRoleResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
        \\<GetRoleResult>
        \\  <Role>
        \\    <Path>/application_abc/component_xyz/</Path>
        \\    <Arn>arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access</Arn>
        \\    <RoleName>S3Access</RoleName>
        \\    <AssumeRolePolicyDocument>
        \\      {"Version":"2012-10-17","Statement":[{"Effect":"Allow",
        \\      "Principal":{"Service":["ec2.amazonaws.com"]},"Action":["sts:AssumeRole"]}]}
        \\    </AssumeRolePolicyDocument>
        \\    <CreateDate>2012-05-08T23:34:01Z</CreateDate>
        \\    <RoleId>AROADBQP57FF2AEXAMPLE</RoleId>
        \\    <RoleLastUsed>
        \\      <LastUsedDate>2019-11-20T17:09:20Z</LastUsedDate>
        \\      <Region>us-east-1</Region>
        \\    </RoleLastUsed>
        \\  </Role>
        \\</GetRoleResult>
        \\<ResponseMetadata>
        \\  <RequestId>df37e965-9967-11e1-a4c3-270EXAMPLE04</RequestId>
        \\</ResponseMetadata>
        \\</GetRoleResponse>
        ,
        .server_response_headers = &.{
            .{ .name = "Content-Type", .value = "text/xml" },
            .{ .name = "x-amzn-RequestId", .value = "df37e965-9967-11e1-a4c3-270EXAMPLE04" },
        },
    });
    defer test_harness.deinit();
    const options = try test_harness.start();
    const iam = (Services(.{.iam}){}).iam;
    const call = try test_harness.client.call(iam.get_role.Request{
        .role_name = "S3Access",
    }, options);
    defer call.deinit();
    test_harness.stop();
    // Request expectations
    try std.testing.expectEqual(std.http.Method.POST, test_harness.request_options.request_method);
    try std.testing.expectEqualStrings("/", test_harness.request_options.request_target);
    try std.testing.expectEqualStrings(
        \\Action=GetRole&Version=2010-05-08&RoleName=S3Access
    , test_harness.request_options.request_body);
    // Response expectations
    try std.testing.expectEqualStrings("arn:aws:iam::123456789012:role/application_abc/component_xyz/S3Access", call.response.role.arn);
    try std.testing.expectEqualStrings("df37e965-9967-11e1-a4c3-270EXAMPLE04", call.response_metadata.request_id);
 }
 test "query_with_input: sts getAccessKeyInfo runtime" {
    // sqs switched from query to json in aws sdk for go v2 commit f5a08768ef820ff5efd62a49ba50c61c9ca5dbcb
    const allocator = std.testing.allocator;
Author	SHA1	Message	Date
Emil Lerch	262cdefe12	TLS 1.3 should be behind us now Some checks failed AWS-Zig Build / build-zig-amd64-host (push) Failing after 1m10s Details	2024-08-23 12:56:21 -07:00
Emil Lerch	238952d127	add iam getRole test This test triggers the scenario that a required response element exists, which forces our check for "we do not expect data for this call" to be comptime. It previously was accidentally runtime, which was solved by making expected_body_field_len a comptime var.	2024-08-23 12:53:58 -07:00
Emil Lerch	38b51c768b	reformat test targets	2024-08-23 12:16:30 -07:00