Kinesis Video Signaling Channels - SDK may not get the correct name with custom endpoint #3367

marcotuna · 2020-06-11T22:34:04Z

Confirm by changing [ ] to [x] below to ensure that it's a bug:

I've gone though Developer Guide and API reference
I've checked AWS Forums and StackOverflow for answers
I've searched for previous similar issues and didn't find any solution

Describe the bug
When using the AWS SDK for Kinesis Video Signaling Channels the HTTP Post request created by the SDK uses wrong values.
This is an excerpt of the HTTP request header:

Authorization: AWS4-HMAC-SHA256 Credential=**REDACTED**/20200611/eu-west-1/Kinesis Video Signaling/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=**REDACTED**

As you can see, in the excerpt there is the name Kinesis Video Signaling, however that name should be kinesisvideo only.
This ends up resulting in a 403 HTTP error with the following message:

"IncompleteSignatureException: \n\tstatus code: 403, request id: **REDACTED**"

Version of AWS SDK for Go?
v1.32.0

Version of Go (go version)?
1.14.2

To Reproduce (observed behavior)

package main

import (
	"fmt"
        "os"

	"github.com/aws/aws-sdk-go/aws"
	"github.com/aws/aws-sdk-go/aws/credentials"
	"github.com/aws/aws-sdk-go/aws/session"
	"github.com/aws/aws-sdk-go/service/kinesisvideosignalingchannels"
)

// New ...
func main() {

	awsConfig := &aws.Config{
		Region: aws.String("eu-west-1"),
		Credentials: credentials.NewStaticCredentials("**REDACTED**", "**REDACTED**", ""),
		LogLevel:    aws.LogLevel(4096), // Set Log Level to DEBUG
	}

	awsSession, err := session.NewSession(awsConfig)

	if err != nil {
		fmt.Println(err)
		os.Exit(1);
	}

	// Set Endpoint URL to Signaling Server
	awsSession.Config.Endpoint = aws.String("THIS SHOULD BE THE SIGNALING SERVER URL")  // Example: https://xx.kinesisvideo.eu-west-1.amazonaws.com

	kvsc := kinesisvideosignalingchannels.New(awsSession)

	out, err := kvsc.GetIceServerConfig(&kinesisvideosignalingchannels.GetIceServerConfigInput{
		ChannelARN: aws.String("THIS SHOULD BE THE SIGNALING CHANNEL ARN"), // Example: arn:aws:kinesisvideo:eu-west-1:00:channel/SIGNALING_NAME/ID
	})

        if err != nil {
		fmt.Println(err)
		os.Exit(1);
	}

        fmt.Printf("%#v\n", out)
}

Expected behavior
The expected behavior should be an HTTP 200 with a content similar to this:

{
  IceServerList: [{
      Password: "**REDACTED**",
      Ttl: 300,
      Uris: ["turn:3-250-15-63.t-e22a89b9.kinesisvideo.eu-west-1.amazonaws.com:443"],
      Username: "**REDACTED**"
    }]
}

Additional context
https://docs.aws.amazon.com/kinesisvideostreams/latest/dg/API_AWSAcuitySignalingService_GetIceServerConfig.html

One workaround for this problem is to add the following line after the kinesisvideosignalingchannels instantiation
kvsc.Client.ServiceName = "kinesisvideo"

Refer to the following file:
https://github.com/aws/aws-sdk-go/blob/master/service/kinesisvideosignalingchannels/service.go#L61

The text was updated successfully, but these errors were encountered:

diehlaws · 2020-06-24T00:48:00Z

Hi @marcotuna, thanks for bringing this to our attention. The SigningName for a service is typically what is used when building the Authorization header during the signing process, if that value is not present in the service's API model (as is the case here) the SDK typically falls back on the endpoint model. However, in this case since a custom endpoint is being specified the SDK is falling back on using the ServiceName which in this case is not appropriate for the signature expected by the service.

We'll look into fixing this shortly, once we have additional information we'll update the issue accordingly.

jasdel · 2021-03-26T21:49:29Z

Looks like the SDK needs to add a custom request handler for this API if possible, to detect when a custom endpoint is provided, and lookup the signing name for the API.

skmcgrail · 2021-09-24T00:15:07Z

Potential solution: Add a model customization to the code generator to inject the correct signing name into the C2J model.

github-actions · 2022-01-04T00:20:17Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

marcotuna added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jun 11, 2020

diehlaws self-assigned this Jun 24, 2020

diehlaws removed the needs-triage This issue or PR still needs to be triaged. label Jun 24, 2020

diehlaws removed their assignment Aug 26, 2020

skmcgrail mentioned this issue Mar 26, 2021

use sendalexaoffertomaster interface,get com.amazon.coral.service#UnknownOperationException. #3542

Closed

KaibaLopez added the needs-review This issue or pull request needs review from a core team member. label Aug 24, 2021

KaibaLopez changed the title ~~Kinesis Video Signaling Channels wrong ServiceName~~ Kinesis Video Signaling Channels - SDK may not get the correct name with custom endpoint Sep 10, 2021

KaibaLopez removed the needs-review This issue or pull request needs review from a core team member. label Sep 10, 2021

skmcgrail mentioned this issue Nov 8, 2021

Fix: Kinesis Video SigningName #4164

Merged

skmcgrail closed this as completed in #4164 Jan 4, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Kinesis Video Signaling Channels - SDK may not get the correct name with custom endpoint #3367

Kinesis Video Signaling Channels - SDK may not get the correct name with custom endpoint #3367

marcotuna commented Jun 11, 2020

diehlaws commented Jun 24, 2020

jasdel commented Mar 26, 2021

skmcgrail commented Sep 24, 2021

github-actions bot commented Jan 4, 2022