AWS Java SDK 1.12.506 and 1.12.507 endpoints.json broken for savingsplans

[bgiaccio]

Describe the bug

Using the java sdk to call describeSavingsPlans from any commercial region the signingRegion is computed as us-gov-west-1. After debugging we determined the problem is a recent commit to endpoints.json#L22715-L22726

Which is related to the comment

// Assume the same hostname will never be in two different partitions.

found in PartitionMetadataProvider.java#L65

Now endpoints JSON violates that assumption as the hostname appears in the first and 3rd partitions of endpoints.json

Expected Behavior

When asking to describe savings plans in a commercial region like us-east-1 the savings plans are returned

Current Behavior

The wire logs contain

"message":"Credential should be scoped to a valid region, not 'us-gov-west-1'. "
x-amzn-ErrorType: InvalidSignatureException

Reproduction Steps

Executing this with 1.12.504 returns results, switching to 506 produces an error

package org.example;

import java.io.IOException;
import java.util.Properties;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.savingsplans.AWSSavingsPlans;
import com.amazonaws.services.savingsplans.AWSSavingsPlansClientBuilder;
import com.amazonaws.services.savingsplans.model.DescribeSavingsPlansRequest;
import com.amazonaws.services.savingsplans.model.DescribeSavingsPlansResult;

public class DescribeSavingsPlans {
	public static void main(String[] args) throws IOException {
		Logger logger = LoggerFactory.getLogger(DescribeSavingsPlans.class);
		Properties properties = new Properties();
		properties.load(AWSSavingsPlans.class.getResourceAsStream("/META-INF/maven/com.amazonaws/aws-java-sdk/pom.properties"));
		logger.info("AWS SDK {}", properties.get("version"));

		AWSSavingsPlans client = AWSSavingsPlansClientBuilder
				.standard()
				.withRegion(Regions.US_EAST_1)
				.withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
				.build();
		DescribeSavingsPlansRequest request = new DescribeSavingsPlansRequest();
		DescribeSavingsPlansResult response = client.describeSavingsPlans(request);
		logger.info("Retrieved " + response.getSavingsPlans().size() + " savings plans");
		System.exit(0);

	}
}

Possible Solution

Either endpoints json needs to be updated with the proper endpoint for us-gov-west-1 or the code in PartitionMetadataProvider will have to be updated to keep the data separate by partition

Additional Information/Context

No response

AWS Java SDK version used

1.12.506

JDK version used

openjdk 20.0.1 2023-04-18

Operating System and version

MacOS 13.4.1 and Redhat 8.8

[debora-ito]

@bgiaccio thank you for the detailed report. Yes, SavingsPlans signature is broken, we'll work on a fix.

[joviegas]

The issue is fixed in 1.12.510

[debora-ito]

@bgiaccio please let us know if you see any issues after the fix.

[bgiaccio]

Confirmed your fix.
I think I would have updated PartionMetadataProvider to test the assumption and at least log a warning when violated to alert you. But maybe you added a unit test but the way commits are done with this repo it is difficult to track the changes.

[debora-ito]

Thank you for the follow-up. Resolving this.

[github-actions]

COMMENT VISIBILITY WARNING

Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.