fix user agent

DJAndries · DJAndries · commit ce27fb568f81 · 2025-06-12T21:04:12.000-07:00
diff --git a/src/msk_iam.rs b/src/msk_iam.rs
@@ -1,10 +1,16 @@
 use aws_config::SdkConfig;
 use aws_credential_types::provider::ProvideCredentials;
-use aws_sigv4::{http_request::{self, SignableBody, SignableRequest, SignatureLocation, SigningSettings}, sign::v4};
+use aws_sigv4::{
+  http_request::{self, SignableBody, SignableRequest, SignatureLocation, SigningSettings},
+  sign::v4,
+};
 use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
+use std::{
+  error::Error,
+  time::{Duration as StdDuration, SystemTime},
+};
 use time::{macros::format_description, Duration, OffsetDateTime, PrimitiveDateTime};
 use tokio::runtime::Runtime;
-use std::{error::Error, time::{SystemTime, Duration as StdDuration}};
 use url::Url;
 
 const ACTION_TYPE: &str = "Action";
@@ -15,128 +21,147 @@ const DATE_QUERY_KEY: &str = "X-Amz-Date";
 const EXPIRES_QUERY_KEY: &str = "X-Amz-Expires";
 const DEFAULT_EXPIRY_SECONDS: u64 = 900;
 
-const APP_NAME: &str = "constellation-processors";
-const USER_AGENT_VERSION: &str = "1.0";
+const USER_AGENT_VALUE: &str = "aws-msk-iam-sasl-signer-rust";
 
 #[derive(Clone)]
 pub struct TokenInfo {
-    pub token: String,
-    pub expiration_time: OffsetDateTime,
+  pub token: String,
+  // TODO(djandries): change to UTCDateTime
+  pub expiration_time: OffsetDateTime,
 }
 pub struct MSKIAMAuthManager {
-    token_info: Option<TokenInfo>,
+  token_info: Option<TokenInfo>,
 }
 
 impl MSKIAMAuthManager {
-    pub fn new() -> Self {
-        Self {
-            token_info: None,
-        }
-    }
-    
-    pub fn get_auth_token(&mut self) -> Result<TokenInfo, Box<dyn Error>> {
-        if let Some(token_info) = &self.token_info {
-            if token_info.expiration_time > OffsetDateTime::now_utc() {
-                return Ok(token_info.clone());
-            }
-        }
-
-        let token_info = Runtime::new()?.block_on(generate_auth_token_async())?;
-        self.token_info = Some(token_info.clone());
-        Ok(token_info)
+  pub fn new() -> Self {
+    Self { token_info: None }
+  }
+
+  pub fn get_auth_token(&mut self) -> Result<TokenInfo, Box<dyn Error>> {
+    if let Some(token_info) = &self.token_info {
+      if token_info.expiration_time > OffsetDateTime::now_utc() {
+        return Ok(token_info.clone());
+      }
     }
+
+    let token_info = Runtime::new()?.block_on(generate_auth_token_async())?;
+    self.token_info = Some(token_info.clone());
+    Ok(token_info)
+  }
 }
 
 async fn generate_auth_token_async() -> Result<TokenInfo, Box<dyn Error>> {
-    debug!("Generating MSK IAM auth token");
-    let config = aws_config::from_env()
-        .load()
-        .await;
-    
-    let mut url = build_request_url(&config)?;
-    
-    sign_request_url(&mut url, &config).await?;
-    
-    let expiration_time = get_expiration_time(&url)?;
-    
-    add_user_agent(&mut url);
-    
-    let encoded = URL_SAFE_NO_PAD.encode(url.as_str().as_bytes());
-    
-    Ok(TokenInfo {
-        token: encoded,
-        expiration_time,
-    })
+  debug!("Generating MSK IAM auth token");
+  let config = aws_config::from_env().load().await;
+
+  let mut url = build_request_url(&config)?;
+
+  sign_request_url(&mut url, &config).await?;
+
+  let expiration_time = get_expiration_time(&url)?;
+
+  url
+    .query_pairs_mut()
+    .append_pair(USER_AGENT_KEY, USER_AGENT_VALUE);
+
+  let encoded = URL_SAFE_NO_PAD.encode(url.as_str().as_bytes());
+
+  error!("url: {}", encoded);
+
+  Ok(TokenInfo {
+    token: encoded,
+    expiration_time,
+  })
 }
 
 fn build_request_url(config: &SdkConfig) -> Result<Url, Box<dyn Error>> {
-    let endpoint_url = format!("https://kafka.{}.amazonaws.com/", config.region().ok_or_else(|| "AWS region is not set")?.to_string());
-    let mut url = Url::parse(&endpoint_url)?;
-    
-    {
-        let mut query_pairs = url.query_pairs_mut();
-        query_pairs.append_pair(ACTION_TYPE, ACTION_NAME);
-        query_pairs.append_pair(EXPIRES_QUERY_KEY, &DEFAULT_EXPIRY_SECONDS.to_string());
-    }
+  let endpoint_url = format!(
+    "https://kafka.{}.amazonaws.com/",
+    config
+      .region()
+      .ok_or_else(|| "AWS region is not set")?
+      .to_string()
+  );
+  let mut url = Url::parse(&endpoint_url)?;
+
+  {
+    let mut query_pairs = url.query_pairs_mut();
+    query_pairs.append_pair(ACTION_TYPE, ACTION_NAME);
+    query_pairs.append_pair(EXPIRES_QUERY_KEY, &DEFAULT_EXPIRY_SECONDS.to_string());
+  }
 
-    Ok(url)
+  Ok(url)
 }
 
-async fn sign_request_url(
-    url: &mut Url,
-    config: &SdkConfig,
-) -> Result<(), Box<dyn Error>> {
-    let credentials_provider = config.credentials_provider().ok_or_else(|| "AWS credentials provider is not set")?;
-    let credentials = credentials_provider.provide_credentials().await?;
-
-    let signable_request = SignableRequest::new("GET", url.as_str(), std::iter::empty(), SignableBody::Bytes(&[]))?;
-    
-    let identity = credentials.into();
-    let region = config.region().ok_or_else(|| "AWS region is not set")?.to_string();
-    let mut signing_settings = SigningSettings::default();
-    signing_settings.signature_location = SignatureLocation::QueryParams;
-    signing_settings.expires_in = Some(StdDuration::from_secs(DEFAULT_EXPIRY_SECONDS));
-    let signing_params = v4::SigningParams::builder()
-        .identity(&identity)
-        .region(&region)
-        .name(SIGNING_NAME)
-        .time(SystemTime::now())
-        .settings(signing_settings)
-        .build()?
-        .into();
-    
-    let signing_output = http_request::sign(
-        signable_request,
-        &signing_params,
-    )?;
-
-    for (key, value) in signing_output.output().params() {
-        url.query_pairs_mut().append_pair(key, value);
-    }
-    
-    Ok(())
+async fn sign_request_url(url: &mut Url, config: &SdkConfig) -> Result<(), Box<dyn Error>> {
+  let credentials_provider = config
+    .credentials_provider()
+    .ok_or_else(|| "AWS credentials provider is not set")?;
+  let credentials = credentials_provider.provide_credentials().await?;
+
+  let signable_request = SignableRequest::new(
+    "GET",
+    url.as_str(),
+    std::iter::empty(),
+    SignableBody::Bytes(&[]),
+  )?;
+
+  let identity = credentials.into();
+  let region = config
+    .region()
+    .ok_or_else(|| "AWS region is not set")?
+    .to_string();
+  let mut signing_settings = SigningSettings::default();
+  signing_settings.signature_location = SignatureLocation::QueryParams;
+  signing_settings.expires_in = Some(StdDuration::from_secs(DEFAULT_EXPIRY_SECONDS));
+  let signing_params = v4::SigningParams::builder()
+    .identity(&identity)
+    .region(&region)
+    .name(SIGNING_NAME)
+    .time(SystemTime::now())
+    .settings(signing_settings)
+    .build()?
+    .into();
+
+  let signing_output = http_request::sign(signable_request, &signing_params)?;
+
+  for (key, value) in signing_output.output().params() {
+    url.query_pairs_mut().append_pair(key, value);
+  }
+
+  Ok(())
 }
 
 fn get_expiration_time(url: &Url) -> Result<OffsetDateTime, Box<dyn Error>> {
-    let date_str = url.query_pairs()
-        .find_map(|(k, v)| if k == DATE_QUERY_KEY { Some(v.to_string()) } else { None })
-        .ok_or_else(|| "failed to find AWS signed date parameter")?;
-    
-    let date_format_description = format_description!("[year][month][day]T[hour][minute][second]Z");
-    let date = PrimitiveDateTime::parse(&date_str, date_format_description)?.assume_utc();
-    
-    let expiry_duration_seconds = url.query_pairs()
-        .find_map(|(k, v)| if k == EXPIRES_QUERY_KEY { Some(v.to_string()) } else { None })
-        .ok_or_else(|| "failed to find AWS signed expiry parameter")?
-        .parse::<i64>()?;
-    
-    let expiry_duration = Duration::seconds(expiry_duration_seconds);
-    let expiry_time = date + expiry_duration;
-    
-    Ok(expiry_time)
-}
+  let date_str = url
+    .query_pairs()
+    .find_map(|(k, v)| {
+      if k == DATE_QUERY_KEY {
+        Some(v.to_string())
+      } else {
+        None
+      }
+    })
+    .ok_or_else(|| "failed to find AWS signed date parameter")?;
+
+  let date_format_description = format_description!("[year][month][day]T[hour][minute][second]Z");
+  let date = PrimitiveDateTime::parse(&date_str, date_format_description)?.assume_utc();
+
+  let expiry_duration_seconds = url
+    .query_pairs()
+    .find_map(|(k, v)| {
+      if k == EXPIRES_QUERY_KEY {
+        Some(v.to_string())
+      } else {
+        None
+      }
+    })
+    .ok_or_else(|| "failed to find AWS signed expiry parameter")?
+    .parse::<i64>()?;
+
+  let expiry_duration = Duration::seconds(expiry_duration_seconds);
+  let expiry_time = date + expiry_duration;
 
-fn add_user_agent(url: &mut Url) {
-    let user_agent = format!("{}/{}/{}", APP_NAME, USER_AGENT_VERSION, USER_AGENT_VERSION);
-    url.query_pairs_mut().append_pair(USER_AGENT_KEY, &user_agent);
+  Ok(expiry_time)
 }
