Thursday, 10 August 2023
  18 Replies
  528 Visits
  Subscribe
Hello.

We have found 3 problems when using OpenAPI libarary for AWS Secrets manager. Maybe we are using it in-correctly, but to me it seems that it does not work in some places.

This is minor problem, but TsgcOpenAPI_secretsmanager defaults to HTTP, while service itself is only available in HTTPS.

Content-Type HTTP header defaults to "application/x-www-form-urlencoded; charset=utf-8", there is no way on how to override it. Every where in AWS docs Content-Type seems to be "application/x-amz-json-1.1", without that request will be rejected.

Third problem seems to be that X-Amz-Target should be in the HTTP headers. All the AWS examples have it in the header not as endpoint. AWS seems to throw UnknownOperationException.

In order to get simple AWS Secrets Manager example working I had to switch HTTP->HTTPS, changed CS_HTTP_HEADER_AWS_CONTENT_TYPE constant to 'application/x-amz-json-1.1' and added custom header with oRequest.Parameters.Add('x-amz-target', 'secretsmanager.GetRandomPassword', oapiInHeader, True);


Here are headers generated by OpenAPI lib (does not work):

Sent 10/08/2023 16:31:40: POST /?X-Amz-Target=secretsmanager.GetRandomPassword HTTP/1.0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 22
x-amz-content-sha256:*********************************************************************
x-amz-date:20230810T133139Z
Authorization: AWS4-HMAC-SHA256 Credential=******************/20230810/us-east-1/secretsmanager/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=************************************
Host: secretsmanager.us-east-1.amazonaws.com
Accept: application/json
User-Agent: Mozilla/5.0 (sgcWebSockets 2023.2.0)


Here are headers generated by OpenAPI lib with my changes (does work):

Sent 10/08/2023 16:26:58: POST / HTTP/1.0
Connection: keep-alive
Content-Type: application/x-amz-json-1.1
Content-Length: 22
x-amz-target:secretsmanager.GetRandomPassword
x-amz-content-sha256:*******************************
x-amz-date:20230810T132657Z
Authorization: AWS4-HMAC-SHA256 Credential=************/20230810/us-east-1/secretsmanager/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date;x-amz-target, Signature=********************************************
Host: secretsmanager.us-east-1.amazonaws.com
Accept: application/json
User-Agent: Mozilla/5.0 (sgcWebSockets 2023.2.0)