Add new fields added by signed_fields to the request

Author: SamRemis

packages/aws-sdk-signers/src/aws_sdk_signers/signers.py

@@ -99,6 +99,10 @@ def sign(
         )
 
         signing_fields = self._normalize_signing_fields(request=new_request)
+        #If any headers have been added, make sure those are reflected in the new request
+        for field_name, field_value in signing_fields.items():
+            if field_name not in request.fields:
+                new_request.fields.set_field(Field(name=field_name, values=[field_value]))
         credential_scope = self._scope(signing_properties=new_signing_properties)
         credential = f"{identity.access_key_id}/{credential_scope}"
         authorization = self.generate_authorization_field(
@@ -476,6 +480,10 @@ async def sign(
         )
 
         signing_fields = await self._normalize_signing_fields(request=new_request)
+        #If any headers have been added, make sure those are reflected in the new request
+        for field_name, field_value in signing_fields.items():
+            if field_name not in request.fields:
+                new_request.fields.set_field(Field(name=field_name, values=[field_value]))
         credential_scope = await self._scope(signing_properties=new_signing_properties)
         credential = f"{identity.access_key_id}/{credential_scope}"
         authorization = await self.generate_authorization_field(

packages/aws-sdk-signers/tests/unit/test_signers.py

@@ -94,6 +94,8 @@ def test_sign_doesnt_modify_original_request(
         assert signed_request is not aws_request
         assert aws_request.fields == original_request.fields
         assert signed_request.fields != aws_request.fields
+        assert 'host' in signed_request.fields
+        assert 'authorization' in signed_request.fields
 
     @typing.no_type_check
     def test_sign_with_invalid_identity(