Review feedback

DaveCTurner · DaveCTurner · commit 30dfaabf696c · 2025-03-25T14:50:13.000Z
diff --git a/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3BlobContainer.java b/modules/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3BlobContainer.java
@@ -469,10 +469,7 @@ void executeSingleUpload(
         S3BlobStore.configureRequestForMetrics(putRequest, blobStore, Operation.PUT_OBJECT, purpose);
 
         try (AmazonS3Reference clientReference = s3BlobStore.clientReference()) {
-            SocketAccess.doPrivilegedVoid(() -> {
-                // WIP
-                clientReference.client().putObject(putRequest);
-            });
+            SocketAccess.doPrivilegedVoid(() -> clientReference.client().putObject(putRequest));
         } catch (final AmazonClientException e) {
             throw new IOException("Unable to upload object [" + blobName + "] using a single upload", e);
         }
diff --git a/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java b/test/fixtures/aws-fixture-utils/src/main/java/fixture/aws/AwsCredentialsUtils.java
@@ -26,17 +26,19 @@ public enum AwsCredentialsUtils {
     /**
      * @return an authorization predicate that ensures the authorization header matches the given access key, region and service name.
      * @see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html">AWS v4 Signatures</a>
+     * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter
      */
-    public static BiPredicate<String, String> fixedAccessKey(String accessKey, String region, String service) {
-        return mutableAccessKey(() -> accessKey, region, service);
+    public static BiPredicate<String, String> fixedAccessKey(String accessKey, String region, String serviceName) {
+        return mutableAccessKey(() -> accessKey, region, serviceName);
     }
 
     /**
      * @return an authorization predicate that ensures the authorization header matches the access key supplied by the given supplier,
      *         and also matches the given region and service name.
      * @see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html">AWS v4 Signatures</a>
+     * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter
      */
-    public static BiPredicate<String, String> mutableAccessKey(Supplier<String> accessKeySupplier, String region, String service) {
+    public static BiPredicate<String, String> mutableAccessKey(Supplier<String> accessKeySupplier, String region, String serviceName) {
         return (authorizationHeader, sessionTokenHeader) -> {
             if (authorizationHeader == null) {
                 return false;
@@ -50,21 +52,27 @@ public static BiPredicate<String, String> mutableAccessKey(Supplier<String> acce
 
             if (region.equals("*")) {
                 // skip region validation; TODO eliminate this when region is fixed in all tests
-                return authorizationHeader.contains("/" + service + "/aws4_request, ");
+                return authorizationHeader.contains("/" + serviceName + "/aws4_request, ");
             }
 
-            final var remainder = authorizationHeader.substring(expectedPrefix.length() + 8 /* YYYYMMDD not validated */);
-            return remainder.startsWith("/" + region + "/" + service + "/aws4_request, ");
+            final var remainder = authorizationHeader.substring(expectedPrefix.length() + "YYYYMMDD".length() /* date not validated */);
+            return remainder.startsWith("/" + region + "/" + serviceName + "/aws4_request, ");
         };
     }
 
     /**
      * @return an authorization predicate that ensures the access key, session token, region and service name all match the given values.
      * @see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-auth-using-authorization-header.html">AWS v4 Signatures</a>
+     * @param region the name of the AWS region used to sign the request, or {@code *} to skip validation of the region parameter
      */
-    public static BiPredicate<String, String> fixedAccessKeyAndToken(String accessKey, String sessionToken, String region, String service) {
+    public static BiPredicate<String, String> fixedAccessKeyAndToken(
+        String accessKey,
+        String sessionToken,
+        String region,
+        String serviceName
+    ) {
         Objects.requireNonNull(sessionToken);
-        final var accessKeyPredicate = fixedAccessKey(accessKey, region, service);
+        final var accessKeyPredicate = fixedAccessKey(accessKey, region, serviceName);
         return (authorizationHeader, sessionTokenHeader) -> accessKeyPredicate.test(authorizationHeader, sessionTokenHeader)
             && sessionToken.equals(sessionTokenHeader);
     }
