Skip to content

Adding functionality to config preferred authschemeProvider #6083

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Jun 4, 2025
Merged

Adding functionality to config preferred authschemeProvider #6083

merged 26 commits into from
Jun 4, 2025

Conversation

RanVaknin
Copy link
Contributor

@RanVaknin RanVaknin commented May 2, 2025
edited
Loading

Motivation and Context

Previously, when multiple auth schemes were available for an operation, the SDK would choose the first one defined in the service model. This PR implements the auth scheme preference configuration that allows users to specify their preferred authentication schemes in order of preference when multiple auth schemes are supported.

Example usage:

// Via client configuration in code
MyServiceClient client = MyServiceClient.builder()
    .authSchemeProvider(MyServiceAuthSchemeProvider.defaultProvider(Arrays.asList("sigv4", "sigv4a")))
    .build();


// Via JVM properties:
// in code
System.setProperty("aws.authSchemePreference", "sigv4,sigv4a");
// or as a cmd line argument
java -Daws.authSchemePreference=sigv4,sigv4a -jar your-application.jar

// Via Environment variable:
export AWS_AUTH_SCHEME_PREFERENCE=sigv4,sigv4a

// Via AWS config file (~/.aws/config):
[default]
auth_scheme_preference = sigv4,sigv4a

Modifications

  • [Modified] client builders to read and apply auth scheme preferences

  • [Modified] the auth scheme resolution logic to respect user preferences while maintaining backward compatibility

  • [Added] AuthSchemePreferenceProvider class to resolve auth scheme preferences from various sources:

    • Client configuration
    • JVM system properties (aws.authSchemePreference)
    • Environment variables (AWS_AUTH_SCHEME_PREFERENCE)
    • AWS config file (auth_scheme_preference)

  • [Added] code generation support through PreferredAuthSchemeProviderSpec to generate service-specific auth scheme providers

Testing

  • AuthSchemePreferenceProviderTest verifies proper parsing of auth scheme preferences from different formats (spaces, tabs, etc.)

  • PreferredAuthSchemeProviderTest to test the reordering of auth schemes according to preferences
    comprehensive test cases for preference resolution from multiple sources, verifying proper precedence:

  • Stubbed functional test with mock services to verify the selected auth scheme matches the expected preference in actual requests

@RanVaknin RanVaknin force-pushed the rvaknin/auth-schem-preference-config branch from 362e5f3 to f18fcc2 Compare May 5, 2025 02:22
@alextwoods alextwoods mentioned this pull request May 23, 2025
Open
12 tasks
@RanVaknin RanVaknin marked this pull request as ready for review May 26, 2025 04:51
@RanVaknin RanVaknin requested a review from a team as a code owner May 26, 2025 04:51
zoewangg
zoewangg previously requested changes May 28, 2025
View reviewed changes
L-Applin
L-Applin requested changes May 28, 2025
View reviewed changes
@zoewangg zoewangg dismissed their stale review May 30, 2025 00:43

Dismissing to unblock the change since I'm OOTO.

@alextwoods alextwoods added the api-surface-area-approved-by-team Indicate API surface area introduced by this PR has been approved by team label Jun 2, 2025
alextwoods and others added 3 commits June 3, 2025 08:34
@alextwoods @L-Applin
Update core/aws-core/src/main/java/software/amazon/awssdk/awscore/aut…
1dc5f58 
…h/AuthSchemePreferenceResolver.java

Co-authored-by: Olivier L Applin <olapplin@amazon.com>
@alextwoods @L-Applin
Update core/aws-core/src/main/java/software/amazon/awssdk/awscore/aut…
22dbae7 
…h/AuthSchemePreferenceResolver.java

Co-authored-by: Olivier L Applin <olapplin@amazon.com>
@alextwoods
Fix import from suggested changes
584c77c
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 4, 2025

Quality Gate Passed Quality Gate passed

Issues
18 New issues
0 Accepted issues

Measures
0 Security Hotspots
95.7% Coverage on New Code
0.1% Duplication on New Code

See analysis details on SonarQube Cloud

@RanVaknin RanVaknin added this pull request to the merge queue Jun 4, 2025
Merged via the queue into master with commit 11aa9e9 Jun 4, 2025
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alextwoods alextwoods alextwoods left review comments

@L-Applin L-Applin L-Applin approved these changes

@zoewangg zoewangg zoewangg approved these changes

Assignees
No one assigned
Labels
api-surface-area-approved-by-team Indicate API surface area introduced by this PR has been approved by team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@RanVaknin @L-Applin @zoewangg @alextwoods