Consider sigv4a supported without crt check (#3089)

Author: alextwoods

gems/aws-sdk-core/CHANGELOG.md

@@ -1,6 +1,9 @@
 Unreleased Changes
 ------------------
 
+* Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+* Issue - Consider sigv4a supported without crt check.
+
 3.201.4 (2024-08-08)
 ------------------
 

gems/aws-sdk-core/aws-sdk-core.gemspec

@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency('jmespath', '~> 1', '>= 1.6.1') # necessary for secure jmespath JSON parsing
   spec.add_dependency('aws-partitions', '~> 1', '>= 1.651.0') # necessary for new endpoint resolution
-  spec.add_dependency('aws-sigv4', '~> 1.8') # necessary for s3 express auth
+  spec.add_dependency('aws-sigv4', '~> 1.9') # necessary for s3 express auth/native sigv4a support
   spec.add_dependency('aws-eventstream', '~> 1', '>= 1.3.0') # necessary for binary eventstream
 
   spec.metadata = {

gems/aws-sdk-core/lib/aws-sdk-core/plugins/sign.rb

@@ -13,8 +13,7 @@ class Sign < Seahorse::Client::Plugin
       option(:sigv4_region)
       option(:unsigned_operations, default: [])
 
-      supported_auth_types = %w[sigv4 bearer sigv4-s3express none]
-      supported_auth_types += ['sigv4a'] if Aws::Sigv4::Signer.use_crt?
+      supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
       SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
 
       def add_handlers(handlers, cfg)
@@ -107,7 +106,7 @@ def initialize(auth_scheme, config, sigv4_overrides = {})
                      auth_scheme['signingRegion']
                    end
           begin
-            @signer = Aws::Sigv4::Signer.new(
+            @signer = config.sigv4_signer || Aws::Sigv4::Signer.new(
               service: config.sigv4_name || auth_scheme['signingName'],
               region: sigv4_overrides[:region] || config.sigv4_region || region,
               credentials_provider: sigv4_overrides[:credentials] || config.credentials,