added modifier hook to StacApiIO to enable AWS SigV4 signing

[greyskyy]

Related Issue(s):

• Support AWS SigV4 #371

Description:

A modifier provides the ability to modify the request immediately before sending, a requirement for AWS SigV4. This allows users to plug in their signing method.

Also, added the stac_io parameter to Client.open() allowing for easy usage of a custom StacApiIO instance.

Using this PR, an application could access a private stac-server protected behind AWS IAM authentication as follows:

import boto3
import botocore.auth
import botocore.awsrequest
import pystac_client
import requests

region = "us-east-1"
service_name = "execute-api"
endpoint_id = "xxxxxxxx"
deployment_stage = "dev"

# load AWS credentials
credentials = boto3.Session(region_name=region).get_credentials()
signer = botocore.auth.SigV4Auth(credentials, service_name, region)

def sign_request(request: requests.Request) -> requests.Request:
    aws_request = botocore.awsrequest.AWSRequest(
        method=request.method,
        url=request.url,
        params=request.params,
        data=request.data,
        headers=request.headers
    )
    signer.add_auth(aws_request)
    request.headers = aws_request.headers
    return request

client = pystac_client.Client.open(
    url=f"https://{endpoint_id}.{service_name}.{region}.amazonaws.com/{deployment_stage}",
    request_modifier=sign_request
)

for collection in client.get_all_collections():
    print(collection.id)

PR Checklist:

• Code is formatted
• Tests pass
• Changes are added to the CHANGELOG

[codecov-commenter]

Codecov Report

Base: 85.30% // Head: 85.35% // Increases project coverage by +0.05% 🎉

Coverage data is based on head (708fd85) compared to base (a7fdec1).
Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #372      +/-   ##
==========================================
+ Coverage   85.30%   85.35%   +0.05%     
==========================================
  Files          11       11              
  Lines         796      799       +3     
==========================================
+ Hits          679      682       +3     
  Misses        117      117              

Impacted Files	Coverage Δ
pystac_client/client.py	85.00% <100.00%> (+0.15%)	⬆️
pystac_client/stac_api_io.py	86.48% <100.00%> (+0.24%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[gadomski]

In general, looks good. One question inline, and one top-level ask: could you include your example usage from #372 (comment) in the documentation? Even if we don't add software support for AWS SigV4, having a documentation example might save us some questions down the road.

[greyskyy]

In general, looks good. One question inline, and one top-level ask: could you include your example usage from #372 (comment) in the documentation? Even if we don't add software support for AWS SigV4, having a documentation example might save us some questions down the road.

@gadomski I added a tutorial for using pystac-client with authentication. I included basic auth too, since it shows how you can just update the HTTP headers and seemed a decent second example. Let me know if you have any other suggestions.

[gadomski]

Looks good, thanks for including the documentation. The only issue is that, when I build the docs locally, the tutorial ends up with a bunch of errors due to the dummy endpoint in the docs:

Can we either:

• Use a real endpoint, or
• Do some sort of no_run configuration to prevent the errors from appearing when building the docs?

[greyskyy]

Looks good, thanks for including the documentation. The only issue is that, when I build the docs locally, the tutorial ends up with a bunch of errors due to the dummy endpoint in the docs:

Can we either:

• Use a real endpoint, or
• Do some sort of no_run configuration to prevent the errors from appearing when building the docs?

@gadomski I changed the authentication tutorial form a jupyter notebook to markdown. It looks like Sphinx won't execute the python in this case. That should remove the errors in the doc generation, while still keeping decent-looking formatting.