Merge branch 'improvement/ARSN-555/pass_limits_through_auth_handler' into q/8.2

bert-e · bert-e · commit 915163b83ced · 2026-03-09T10:13:52.000Z
diff --git a/lib/auth/AuthInfo.ts b/lib/auth/AuthInfo.ts
@@ -22,14 +22,22 @@ export type AccountQuota = {
     quota: bigint,
 };
 
+export type AccountLimits = {
+    RequestsPerSecond?: {
+        Limit: number,
+    },
+}
+
 export type AccountInfos = {
     accountQuota?: AccountQuota,
+    limits?: AccountLimits,
 };
 
 export type AuthV4Results = {
     userInfo: AuthInfoType,
     authorizationResults?: AuthorizationResults,
     accountQuota: AccountQuota,
+    limits?: AccountLimits,
 };
 
 export type AccountCanonicalInfo = {
diff --git a/lib/auth/Vault.ts b/lib/auth/Vault.ts
@@ -66,6 +66,7 @@ export function vaultSignatureCb(
     log.addDefaultFields(auditLog);
     return callback(null, userInfo, authorizationResults, streamingV4Params, {
         accountQuota: info.accountQuota || {},
+        limits: info.limits || {},
     });
 }
 export type AuthV2RequestParams = {
@@ -474,13 +475,13 @@ export default class Vault {
     /**
      * Calls Vault to retrieve the default encryption key id of the account, or creates it if it doesn't exist.
      *
-     * @param {string} canonicalID - The canonical id of the account for which 
+     * @param {string} canonicalID - The canonical id of the account for which
      * the encryption key id is being retrieved or created.
      * @param {RequestLogger} log - logger
-     * @param {(err: Error | null, data?: { 
-     *    canonicalId: string, 
-     *    encryptionKeyId: string, 
-     *    action: 'retrieved' | 'created' 
+     * @param {(err: Error | null, data?: {
+     *    canonicalId: string,
+     *    encryptionKeyId: string,
+     *    action: 'retrieved' | 'created'
      * }) => void}
      *   - canonicalId: The canonical id of the account.
      *   - encryptionKeyId: The retrieved or newly created encryption key id.
@@ -491,10 +492,10 @@ export default class Vault {
     getOrCreateEncryptionKeyId(
         canonicalID: string,
         log: RequestLogger,
-        callback: (err: Error | null, data?: { 
-            canonicalId: string, 
-            encryptionKeyId: string, 
-            action: 'retrieved' | 'created' 
+        callback: (err: Error | null, data?: {
+            canonicalId: string,
+            encryptionKeyId: string,
+            action: 'retrieved' | 'created'
         }) => void
     ) {
         log.trace('sending request context params to vault to get or create encryption key id');
diff --git a/package.json b/package.json
@@ -3,7 +3,7 @@
   "engines": {
     "node": ">=20"
   },
-  "version": "8.2.46",
+  "version": "8.2.47",
   "description": "Common utilities for the S3 project components",
   "main": "build/index.js",
   "repository": {
diff --git a/tests/unit/auth/Vault.spec.js b/tests/unit/auth/Vault.spec.js
@@ -349,6 +349,77 @@ describe('Vault class', () => {
                 done();
             });
         });
+
+        it('should handle successful authentication with account limits', done => {
+            const limitConfig = {
+                RequestsPerSecond: {
+                    Limit: 1500,
+                },
+            };
+            const mockResponse = {
+                message: {
+                    message: 'Success',
+                    body: {
+                        userInfo: mockUserInfo,
+                        authorizationResults: [{
+                            isAllowed: true,
+                            isImplicit: false,
+                            arn: mockUserInfo.arn,
+                            action: 'testAction',
+                        }],
+                        limits: limitConfig,
+                    },
+                },
+            };
+
+            mockClient.verifySignatureV4.callsFake(
+                (_stringToSign, _signature, _accessKey, _region, _scopeDate,
+                    _options, callback) => {
+                    callback(null, mockResponse);
+                },
+            );
+
+            vault.authenticateV4Request(mockParams, [], {}, (err, data, results,
+                _params, infos) => {
+                assert.strictEqual(err, null);
+                assert(data instanceof AuthInfo);
+                assert.strictEqual(data.getCanonicalID(), mockUserInfo.canonicalID);
+                assert.deepStrictEqual(infos.limits, limitConfig);
+                done();
+            });
+        });
+
+        it('should handle authentication with no account limits', done => {
+            const mockResponse = {
+                message: {
+                    message: 'Success',
+                    body: {
+                        userInfo: mockUserInfo,
+                        authorizationResults: [{
+                            isAllowed: true,
+                            isImplicit: false,
+                            arn: mockUserInfo.arn,
+                            action: 'testAction',
+                        }],
+                    },
+                },
+            };
+
+            mockClient.verifySignatureV4.callsFake(
+                (_stringToSign, _signature, _accessKey, _region, _scopeDate,
+                    _options, callback) => {
+                    callback(null, mockResponse);
+                },
+            );
+
+            vault.authenticateV4Request(mockParams, [], {}, (err, data, results,
+                _params, infos) => {
+                assert.strictEqual(err, null);
+                assert(data instanceof AuthInfo);
+                assert.deepStrictEqual(infos.limits, {});
+                done();
+            });
+        });
     });
 
     describe('getCanonicalIds', () => {
