LocalStack integration with Pro

       1 files   -     2         1 suites   - 2   1h 3m 41s ⏱️ - 9m 40s
1 323 tests  -     6  1 191 ✔️  -   17  132 💤 +  11  0 ❌ ±0 
1 323 runs   - 520  1 191 ✔️  - 385  132 💤  - 135  0 ❌ ±0 

Results for commit bdeadc8. ± Comparison against base commit dd483f2.

♻️ This comment has been updated with latest results.

Coverage decreased (-0.2%) to 79.074% when pulling bdeadc8 on s3-asf-presigned-url into dd483f2 on master.

Thanks for the review, I will work on that!

I have a fundamental question about pre-signed URL validation: is all the validation state encapsulated in the signature? is there no need to check IAM or the s3 store data? in other words: can the signature validation handler remain stateless? otherwise it could maybe be useful to move s3_presigned_url_request_handler into a a class, and insantiate the class from the provider so we have the possibility to inject dependencies or state into the validator.

To me, signature validation is only doing signature validation. It is a stateless operation validating if the signature provided matches the request received.

Then, I agree credentials should be validated in case of ENFORCE_IAM=True, so maybe we should set the Authorization headers with the data from the query parameters for the IAM engine to work, or any other solution, but it would come as another step.

I love the idea to be able to inject state from the class, but I am not sure it should be done at this step exactly. I would say the pre-signed URLs are a way to access a resource with credentials provided in another location than the headers. Should we see what should be done with @dfangl?

I added some unit tests, I could also add the actual signing, but this should be tested with integration tests, it would be a bit tedious to unit test, craft some request, get the real signature values, and you need to have the right credentials set to test/test.
It was nice as it allowed me to detect some small issues! 😄
After refactoring the notifications, this would seem like a good target for the Strategy Pattern as well. But as there are only 2 possibles solutions, I'd say we can keep it that way for now. It would be simple to refactor it with a class containing "is this request this type of signature" method, and another one to actually verify the request.
I guess we can leave it as is for now, I don't think AWS will add a new signature method pretty soon, V4 is working for now.

Thanks again for the review, and great points!