Ensure Host header is signed

lauzadis · lauzadis · commit 4156091fe284 · 2025-01-16T10:39:11.000-05:00
diff --git a/services/dsql/common/test/aws/sdk/kotlin/services/dsql/DsqlAuthTokenGeneratorTest.kt b/services/dsql/common/test/aws/sdk/kotlin/services/dsql/DsqlAuthTokenGeneratorTest.kt
@@ -36,6 +36,7 @@ class DsqlAuthTokenGeneratorTest {
         assertContains(token, "peccy.dsql.us-east-1.on.aws?Action=DbConnect")
         assertContains(token, "X-Amz-Credential=akid%2F20240827%2Fus-east-1%2Fdsql%2Faws4_request")
         assertContains(token, "X-Amz-Expires=450")
+        assertContains(token, "X-Amz-SignedHeaders=host")
 
         // Token should not contain a scheme
         listOf("http://", "https://").forEach {
@@ -65,6 +66,7 @@ class DsqlAuthTokenGeneratorTest {
         assertContains(token, "peccy.dsql.us-east-1.on.aws?Action=DbConnectAdmin")
         assertContains(token, "X-Amz-Credential=akid%2F20240827%2Fus-east-1%2Fdsql%2Faws4_request")
         assertContains(token, "X-Amz-Expires=450")
+        assertContains(token, "X-Amz-SignedHeaders=host")
 
         // Token should not contain a scheme
         listOf("http://", "https://").forEach {
diff --git a/services/rds/common/test/RdsAuthTokenGeneratorTest.kt b/services/rds/common/test/RdsAuthTokenGeneratorTest.kt
@@ -41,6 +41,7 @@ class RdsAuthTokenGeneratorTest {
         assertContains(token, "prod-instance.us-east-1.rds.amazonaws.com:3306?Action=connect&DBUser=peccy")
         assertContains(token, "X-Amz-Credential=akid%2F20240827%2Fus-east-1%2Frds-db%2Faws4_request")
         assertContains(token, "X-Amz-Expires=450")
+        assertContains(token, "X-Amz-SignedHeaders=host")
 
         // Token should not contain a scheme
         listOf("http://", "https://").forEach {
