[CCI] aws-sdk instead of third-party aws4 for signing request?

[timursaurus]

Should I swap the third-party library aws4 for official amazon aws-sdk packages for signing requests? @aws-sdk/signature-v4 and @aws-crypto/sha256-js in the client TypeScript rewrite

The current implementation in the JS client

  function buildSignedRequestObject(request = {}) {
    request.service = opts.service;
    request.region = opts.region;
    request.headers = request.headers || {};
    request.headers['host'] = request.hostname;
    const signed = aws4.sign(request, credentialsState.credentials);
    signed.headers['x-amz-content-sha256'] = crypto
      .createHash('sha256')
      .update(request.body || '', 'utf8')
      .digest('hex');
    return signed;
  }

In the client rewrite, I propose to use official aws-sdk packages. There wouldn't be any problems, right?
Example using the SDK (more clean, IMO):

import { SignatureV4 } from '@aws-sdk/signature-v4'
import { Sha256 } from '@aws-crypto/sha256-js'

const sigv4 = new SignatureV4({
    service: init.service,
    region: init.region
    credentials: {
      ...init.credentials
    },
    sha256: Sha256,
})

const signed = await sigv4.sign({
   ...
   hostname: url.hostname
   ...
})

And since the JS client already uses aws-sdk packages for v3, it would make more sense to ditch third-party aws4?

[dblock]

+1 on switching to the official SDK

[nhtruong]

The rewrite is an opportunity to make things right. So go at it :)

A note on writing the API methods: Instead of writing those methods manually, we should generate them from API Spec. The API spec is currently being backfilled so we should wait on that.

Also I think all concerns regarding the rewrite should be put in this ticket instead of opening a new issue every time something comes up.

[timursaurus]

oh! that's interesting, got it

[nhtruong]

Closing this issue because it should be a comment in #269